Date: Tue, 29 Aug 2023 09:07:37 +0000 From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 273417] archivers/7-zip: Update to 23.00 or 23.01 (Security) Message-ID: <bug-273417-7788@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D273417 Bug ID: 273417 Summary: archivers/7-zip: Update to 23.00 or 23.01 (Security) Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Many People Priority: --- Component: Individual Port(s) Assignee: makc@FreeBSD.org Reporter: fabian@wenks.ch Flags: maintainer-feedback?(makc@FreeBSD.org) Assignee: makc@FreeBSD.org According to the German news Heise.de [1] versions below 23.00 contain a ve= ry critical vulnerability. Unfortunately in the release notes for 7-zip 23.00 = it was not mention. Heise does refer to "7-Zip SquashFS File Parsing Out-Of-Bo= unds Write Remote Code Execution Vulnerability" [2]. [1] https://www.heise.de/news/Jetzt-updaten-Hochriskante-Sicherheitsluecken-in-= 7-Zip-ermoeglichen-Codeschmuggel-9287669.html [2] https://www.zerodayinitiative.com/advisories/ZDI-23-1164/ --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-273417-7788>