From owner-freebsd-security@FreeBSD.ORG  Wed Nov  8 16:17:42 2006
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
X-Original-To: freebsd-security@freebsd.org
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 33EEA16A4EA
	for <freebsd-security@freebsd.org>;
	Wed,  8 Nov 2006 16:17:42 +0000 (UTC)
	(envelope-from simon@zaphod.nitro.dk)
Received: from mx.nitro.dk (zarniwoop.nitro.dk [83.92.207.38])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 9A59243D5F
	for <freebsd-security@freebsd.org>;
	Wed,  8 Nov 2006 16:17:27 +0000 (GMT)
	(envelope-from simon@zaphod.nitro.dk)
Received: from zaphod.nitro.dk (unknown [192.168.3.39])
	by mx.nitro.dk (Postfix) with ESMTP id 4E3B778C7B;
	Wed,  8 Nov 2006 16:16:42 +0000 (UTC)
Received: by zaphod.nitro.dk (Postfix, from userid 3000)
	id 2DA9411434; Wed,  8 Nov 2006 17:17:10 +0100 (CET)
Date: Wed, 8 Nov 2006 17:17:10 +0100
From: "Simon L. Nielsen" <simon@FreeBSD.org>
To: Josh Paetzel <josh@tcbug.org>
Message-ID: <20061108161709.GG1303@zaphod.nitro.dk>
References: <200611081413.kA8EDtA7011912@freefall.freebsd.org>
	<200611080936.03101.josh@tcbug.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <200611080936.03101.josh@tcbug.org>
User-Agent: Mutt/1.5.11
Cc: freebsd-security@freebsd.org
Subject: Re: FreeBSD Security Advisory FreeBSD-SA-06:24.libarchive
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Nov 2006 16:17:42 -0000

On 2006.11.08 10:36:02 -0500, Josh Paetzel wrote:
> On Wednesday 08 November 2006 08:13, FreeBSD Security Advisories 
> wrote:
> > ===================================================================
> >========== FreeBSD-SA-06:24.libarchive                              
> >   Security Advisory The FreeBSD Project
> >
> > Topic:          Infinite loop in corrupt archives handling in
> > libarchive(3)
> >
> > Category:       core
> > Module:         libarchive
> > Announced:      2006-11-08
> > Credits:        Rink Springer
> > Affects:        FreeBSD 6-STABLE after 2006-09-05 05:23:51 UTC
> > Corrected:      2006-11-08 14:05:40 UTC (RELENG_6, 6.2-RC1)
> > CVE Name:       CVE-2006-5680
> >
> > For general information regarding FreeBSD Security Advisories,
> 
> Maybe this is an obvious question, but libarchive has been in the 
> system since 5.3, but this issue only affects RELENG_6?  So anyone 
> tracking RELENG_6_1 isn't affected?

Correct, the bug was introduced after 6.1 was branched.

-- 
Simon L. Nielsen