Site Navigation

Date:      Thu, 29 Sep 2016 04:32:32 -0400
From:      Shawn Webb <shawn.webb@hardenedbsd.org>
To:        Martin Matuska <mm@FreeBSD.org>
Cc:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   Re: svn commit: r305819 - in head: contrib/libarchive/libarchive contrib/libarchive/libarchive/test lib/libarchive/tests
Message-ID:  <20160929083232.GB45358@mutt-hardenedbsd>
In-Reply-To: <201609142115.u8ELF1t1019804@repo.freebsd.org>
References:  <201609142115.u8ELF1t1019804@repo.freebsd.org>

---

next in thread | previous in thread | raw e-mail | index | archive | help

---

--yNb1oOkm5a9FJOVX
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, Sep 14, 2016 at 09:15:01PM +0000, Martin Matuska wrote:
> Author: mm
> Date: Wed Sep 14 21:15:01 2016
> New Revision: 305819
> URL: https://svnweb.freebsd.org/changeset/base/305819
>=20
> Log:
>   MFV r305816:
>   Sync libarchive with vendor including important security fixes.
>  =20
>   Issues fixed (FreeBSD):
>   PR #778: ACL error handling
>   Issue #745: Symlink check prefix optimization is too aggressive
>   Issue #746: Hard links with data can evade sandboxing restrictions
>  =20
>   This update fixes the vulnerability #3 and vulnerability #4 as reported=
 in
>   "non-cryptanalytic attacks against FreeBSD update components".
>   https://gist.github.com/anonymous/e48209b03f1dd9625a992717e7b89c4f
>  =20
>   Fix for vulnerability #2 has already been merged in r304989.
>  =20
>   MFC after:	1 week
>   Security: http://gist.github.com/anonymous/e48209b03f1dd9625a992717e7b8=
9c4f

Hey Martin,

Any plans to release a security announcement?

Thanks,

--=20
Shawn Webb
Cofounder and Security Engineer
HardenedBSD

GPG Key ID:          0x6A84658F52456EEE
GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89  3D9E 6A84 658F 5245 6EEE

--yNb1oOkm5a9FJOVX
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJX7NGfAAoJEGqEZY9SRW7uvuAP/1JlVp6UoUVvPeU06HAxL9rp
lLPj7jrPAzM7huGv9DIipzQYeZ9RXZFRdaIPfPQE5DHxUWUsDyBaKcHQExlNfqwC
mS4K68mt3uRFKRFLAF5kSigqhEnU2M3ZJ1bUFEhs4RSGvZDsbx3swbFLecIBd37r
CJsDmRykqJrbFYvXSJUHqx9F9suslvv3awgcO7t5bUGNk4dL6NUuqcWMR09Kq5di
4FjMNzhXdUh+3uohY0rW45qbGfDJXZWwkFZShTTZYUgT4LlMFms8MaakcEMUC0AD
va4nTcrr0qWd+9bmlGHb7JXflevzHQQHV35aFEqrfG7fNeluZ5LUOh5RpzradXT8
t+kS9pD58DuHzjA30Fn8wqKw1/iJf3AKrVZ2VICe47vDGSpS+GZfjbuVPK8nhCEb
d09/AI+DULC+aDtYLJ9oWajg+CO1lwlKUROw15tLIiVcTjRG8IA2fLWN3jm9imGW
9bKqXlIUKOmOtWGTxcGak/0NkGAH/XWVBMH0Zkz44L8qw7dVunyL6CdMV5LGGoOg
dZXMiP7+9iqy3zm7XtHoJqvH0ie92HKrbGfguAcApZFofemR7P0oL9U00shMUEUk
F71s15BepQvqUcSOtpxuY2iib4mQPhL79GAFdilQwiHg1fU5gLhZyILkPdSPxsnj
/8I5Q5CKBGzRy+dQsxht
=XJbn
-----END PGP SIGNATURE-----

--yNb1oOkm5a9FJOVX--

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20160929083232.GB45358>

Legal Notices | © 1995-2024 The FreeBSD Project. All rights reserved.

Contact