svn commit: r349135 - in head: contrib/libarchive/libarchive contrib/libarchive/libarchive/test lib/libarchive/tests
Cy Schubert
Cy.Schubert at cschubert.com
Mon Jun 17 14:07:22 UTC 2019
I could say something rhetorical and in bad taste here. This speaks for
itself.
--
Cheers,
Cy Schubert <Cy.Schubert at cschubert.com>
FreeBSD UNIX: <cy at FreeBSD.org> Web: http://www.FreeBSD.org
The need of the many outweighs the greed of the few.
In message <e29de4d9-5c15-778c-f953-2799e9ae9b14 at FreeBSD.org>, Martin
Matuska w
rites:
> Due to lack of resources we (libarchive) are currently not publishing
> CVE information.
> Most of our security fixes are patches for issues discovered by Google's
> OSS-Fuzz project.
> These issues are made public 30 days after they have been detected as
> fixed or 90 days after being discovered.
>
> I can provide links to published issues at OSS-Fuzz.
>
> Am 17.06.19 um 14:17 schrieb Cy Schubert:
> > In message <201906171146.x5HBkbCC019178 at repo.freebsd.org>, Martin
> > Matuska write
> > s:
> >> Author: mm
> >> Date: Mon Jun 17 11:46:37 2019
> >> New Revision: 349135
> >> URL: https://svnweb.freebsd.org/changeset/base/349135
> >>
> >> Log:
> >> MFV r349134:
> >> Sync libarchive with vendor.
> >>
> >> Relevant vendor changes:
> >> PR #1212: RAR5 reader - window_mask was not updated correctly
> >> (OSS-Fuzz 15278)
> >> OSS-Fuzz 15120: RAR reader - extend use after free bugfix
> > Did our upline document a CVE for this?
> >
> >>
> >> MFC after: 1 week (together with r348993)
> >>
> >> Added:
> >> head/contrib/libarchive/libarchive/test/test_read_format_rar5_different
> _win
> >> dow_size.rar.uu
> >> - copied unchanged from r349134, vendor/libarchive/dist/libarchive/t
> est/
> >> test_read_format_rar5_different_window_size.rar.uu
> >> head/contrib/libarchive/libarchive/test/test_read_format_rar_ppmd_use_a
> fter
> >> _free2.rar.uu
> >> - copied unchanged from r349134, vendor/libarchive/dist/libarchive/t
> est/
> >> test_read_format_rar_ppmd_use_after_free2.rar.uu
> >> Modified:
> >> head/contrib/libarchive/libarchive/archive_read_support_format_rar.c
> >> head/contrib/libarchive/libarchive/archive_read_support_format_rar5.c
> >> head/contrib/libarchive/libarchive/test/test_read_format_rar.c
> >> head/contrib/libarchive/libarchive/test/test_read_format_rar5.c
> >> head/lib/libarchive/tests/Makefile
> >> Directory Properties:
> >> head/contrib/libarchive/ (props changed)
> >>
> > [...]
> >
> >
More information about the svn-src-all
mailing list