[Bug 222638] [PATCH] archivers/libzip: Update to 1.3.0, fixes security vulnerability
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Wed Sep 27 10:07:07 UTC 2017
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=222638
Bug ID: 222638
Summary: [PATCH] archivers/libzip: Update to 1.3.0, fixes
security vulnerability
Product: Ports & Packages
Version: Latest
Hardware: Any
OS: Any
Status: New
Keywords: patch
Severity: Affects Some People
Priority: ---
Component: Individual Port(s)
Assignee: rakuco at FreeBSD.org
Reporter: i.dani at outlook.com
Keywords: patch
Flags: maintainer-feedback?(rakuco at FreeBSD.org)
Assignee: rakuco at FreeBSD.org
Created attachment 186756
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=186756&action=edit
Update to 1.3.0
The current version avilable for FreeBSD is vulnerable since 02.09.2017 and has
already been patched upstream.
See here: https://nih.at/libzip/NEWS.html
Vulnerabilities:
>> CVE-2017-12858: Fix double free().
>> CVE-2017-14107: Improve EOCD64 parsing.
Patch to update is attached. Thanks for a fast fix.
Update to 1.3.0.
Release notes: http://www.nih.at/libzip/NEWS.html
- Update & Fix broken patch
- Update & Fix pkg-plist
- Fixes CVE-2017-12858 & CVE-2017-14107
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-ports-bugs
mailing list