svn commit: r305819 - in head: contrib/libarchive/libarchive contrib/libarchive/libarchive/test lib/libarchive/tests
Shawn Webb
shawn.webb at hardenedbsd.org
Thu Sep 29 08:32:36 UTC 2016
On Wed, Sep 14, 2016 at 09:15:01PM +0000, Martin Matuska wrote:
> Author: mm
> Date: Wed Sep 14 21:15:01 2016
> New Revision: 305819
> URL: https://svnweb.freebsd.org/changeset/base/305819
>
> Log:
> MFV r305816:
> Sync libarchive with vendor including important security fixes.
>
> Issues fixed (FreeBSD):
> PR #778: ACL error handling
> Issue #745: Symlink check prefix optimization is too aggressive
> Issue #746: Hard links with data can evade sandboxing restrictions
>
> This update fixes the vulnerability #3 and vulnerability #4 as reported in
> "non-cryptanalytic attacks against FreeBSD update components".
> https://gist.github.com/anonymous/e48209b03f1dd9625a992717e7b89c4f
>
> Fix for vulnerability #2 has already been merged in r304989.
>
> MFC after: 1 week
> Security: http://gist.github.com/anonymous/e48209b03f1dd9625a992717e7b89c4f
Hey Martin,
Any plans to release a security announcement?
Thanks,
--
Shawn Webb
Cofounder and Security Engineer
HardenedBSD
GPG Key ID: 0x6A84658F52456EEE
GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/svn-src-head/attachments/20160929/1a331b00/attachment.sig>
More information about the svn-src-head
mailing list