Date: Mon, 27 Sep 2021 18:29:22 +0000 From: Alexey Dokuchaev <danfe@freebsd.org> To: Alex Kozlov <ak@freebsd.org> Cc: Bernhard Fr?hlich <decke@freebsd.org>, ports-committers@freebsd.org, dev-commits-ports-all@freebsd.org, dev-commits-ports-main@freebsd.org Subject: Re: git: 8e36aa89c535 - main - archivers/ha: Add CPE information Message-ID: <YVINgiIasij%2BYidx@FreeBSD.org> In-Reply-To: <20210927182255.GA37696@ravenloft.kiev.ua> References: <202109201433.18KEXHRJ053338@gitrepo.freebsd.org> <20210927091710.GA21625@ravenloft.kiev.ua> <CAE-m3X35RCcFrK80voiAcr=hE9Jam8o%2B7UkFGhM6dmE38rhKeA@mail.gmail.com> <20210927182255.GA37696@ravenloft.kiev.ua>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Sep 27, 2021 at 08:22:55PM +0200, Alex Kozlov wrote: > ... > > Please also have a look at CVE-2015-1198 and take some actions because > > our port is very likely also vulnerable. > > There was incomplete attempt to fix this/similar vulnerability, but > the path part of attack still worked. So I cooked up some quick fix > by analogy with resemblant vulnerability in archivers/unarj. > Reviews are welcome. Thanks for taking care of `archivers/ha' Alex, I remember using it back in MSDOS times as it offered better compression ratios than other archivers available back in those times. Fond memories! :-) ./danfe
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?YVINgiIasij%2BYidx>