svn commit: r305819 - in head: contrib/libarchive/libarchive contrib/libarchive/libarchive/test lib/libarchive/tests
Oliver Pinter
oliver.pinter at hardenedbsd.org
Thu Sep 29 11:23:17 UTC 2016
On Thursday, September 29, 2016, Shawn Webb <shawn.webb at hardenedbsd.org>
wrote:
> On Wed, Sep 14, 2016 at 09:15:01PM +0000, Martin Matuska wrote:
> > Author: mm
> > Date: Wed Sep 14 21:15:01 2016
> > New Revision: 305819
> > URL: https://svnweb.freebsd.org/changeset/base/305819
> >
> > Log:
> > MFV r305816:
> > Sync libarchive with vendor including important security fixes.
> >
> > Issues fixed (FreeBSD):
> > PR #778: ACL error handling
> > Issue #745: Symlink check prefix optimization is too aggressive
> > Issue #746: Hard links with data can evade sandboxing restrictions
> >
> > This update fixes the vulnerability #3 and vulnerability #4 as
> reported in
> > "non-cryptanalytic attacks against FreeBSD update components".
> > https://gist.github.com/anonymous/e48209b03f1dd9625a992717e7b89c4f
> >
> > Fix for vulnerability #2 has already been merged in r304989.
> >
> > MFC after: 1 week
> > Security: http://gist.github.com/anonymous/
> e48209b03f1dd9625a992717e7b89c4f
>
> Hey Martin,
>
> Any plans to release a security announcement?
>
>
I expect that at the same time, as 11.0-RELEASE is announced. It would be
logical.
> Thanks,
>
> --
> Shawn Webb
> Cofounder and Security Engineer
> HardenedBSD
>
> GPG Key ID: 0x6A84658F52456EEE
> GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE
>
More information about the svn-src-all
mailing list