Date: Mon, 17 Jun 2019 07:17:04 -0700 From: Cy Schubert <Cy.Schubert@cschubert.com> To: Cy Schubert <Cy.Schubert@cschubert.com> Cc: Martin Matuska <mm@FreeBSD.org>, src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r349135 - in head: contrib/libarchive/libarchive contrib/libarchive/libarchive/test lib/libarchive/tests Message-ID: <201906171417.x5HEH4Z0071450@slippy.cwsent.com> In-Reply-To: Message from Cy Schubert <Cy.Schubert@cschubert.com> of "Mon, 17 Jun 2019 07:07:14 -0700." <201906171407.x5HE7EN5036160@slippy.cwsent.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Even this was inappropriate. My apologies. -- Cheers, Cy Schubert <Cy.Schubert@cschubert.com> FreeBSD UNIX: <cy@FreeBSD.org> Web: http://www.FreeBSD.org The need of the many outweighs the greed of the few. In message <201906171407.x5HE7EN5036160@slippy.cwsent.com>, Cy Schubert writes: > I could say something rhetorical and in bad taste here. This speaks for > itself. > > > -- > Cheers, > Cy Schubert <Cy.Schubert@cschubert.com> > FreeBSD UNIX: <cy@FreeBSD.org> Web: http://www.FreeBSD.org > > The need of the many outweighs the greed of the few. > > > In message <e29de4d9-5c15-778c-f953-2799e9ae9b14@FreeBSD.org>, Martin > Matuska w > rites: > > Due to lack of resources we (libarchive) are currently not publishing > > CVE information. > > Most of our security fixes are patches for issues discovered by Google's > > OSS-Fuzz project. > > These issues are made public 30 days after they have been detected as > > fixed or 90 days after being discovered. > > > > I can provide links to published issues at OSS-Fuzz. > > > > Am 17.06.19 um 14:17 schrieb Cy Schubert: > > > In message <201906171146.x5HBkbCC019178@repo.freebsd.org>, Martin > > > Matuska write > > > s: > > >> Author: mm > > >> Date: Mon Jun 17 11:46:37 2019 > > >> New Revision: 349135 > > >> URL: https://svnweb.freebsd.org/changeset/base/349135 > > >> > > >> Log: > > >> MFV r349134: > > >> Sync libarchive with vendor. > > >> > > >> Relevant vendor changes: > > >> PR #1212: RAR5 reader - window_mask was not updated correctly > > >> (OSS-Fuzz 15278) > > >> OSS-Fuzz 15120: RAR reader - extend use after free bugfix > > > Did our upline document a CVE for this? > > > > > >> > > >> MFC after: 1 week (together with r348993) > > >> > > >> Added: > > >> head/contrib/libarchive/libarchive/test/test_read_format_rar5_differe > nt > > _win > > >> dow_size.rar.uu > > >> - copied unchanged from r349134, vendor/libarchive/dist/libarchive > /t > > est/ > > >> test_read_format_rar5_different_window_size.rar.uu > > >> head/contrib/libarchive/libarchive/test/test_read_format_rar_ppmd_use > _a > > fter > > >> _free2.rar.uu > > >> - copied unchanged from r349134, vendor/libarchive/dist/libarchive > /t > > est/ > > >> test_read_format_rar_ppmd_use_after_free2.rar.uu > > >> Modified: > > >> head/contrib/libarchive/libarchive/archive_read_support_format_rar.c > > >> head/contrib/libarchive/libarchive/archive_read_support_format_rar5.c > > >> head/contrib/libarchive/libarchive/test/test_read_format_rar.c > > >> head/contrib/libarchive/libarchive/test/test_read_format_rar5.c > > >> head/lib/libarchive/tests/Makefile > > >> Directory Properties: > > >> head/contrib/libarchive/ (props changed) > > >> > > > [...] > > > > > > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201906171417.x5HEH4Z0071450>