Date: Thu, 7 Sep 2023 15:24:15 GMT From: Martin Matuska <mm@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: git: f10f65999fe5 - main - libarchive: merge security fix from vendor branch Message-ID: <202309071524.387FOFTN066258@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by mm: URL: https://cgit.FreeBSD.org/src/commit/?id=f10f65999fe56e92f00b5bc5d27ac342cfea5364 commit f10f65999fe56e92f00b5bc5d27ac342cfea5364 Merge: 2afef29b2c0b a5913a473bb0 Author: Martin Matuska <mm@FreeBSD.org> AuthorDate: 2023-09-07 15:18:12 +0000 Commit: Martin Matuska <mm@FreeBSD.org> CommitDate: 2023-09-07 15:22:34 +0000 libarchive: merge security fix from vendor branch This commit fixes a couple of security vulnerabilities in the PAX writer: 1. Heap overflow in url_encode() in archive_write_set_format_pax.c 2. NULL dereference in archive_write_pax_header_xattrs() 3. Another NULL dereference in archive_write_pax_header_xattrs() 4. NULL dereference in archive_write_pax_header_xattr() Security: No known reference yet Obtained from: https://github.com/libarchive/libarchive/commit/1b4e0d0f9 MFC after: 3 days .../libarchive/archive_write_set_format_pax.c | 35 +++++++++++++++------- 1 file changed, 25 insertions(+), 10 deletions(-)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202309071524.387FOFTN066258>