Date: Wed, 27 Sep 2017 10:07:06 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-ports-bugs@FreeBSD.org Subject: [Bug 222638] [PATCH] archivers/libzip: Update to 1.3.0, fixes security vulnerability Message-ID: <bug-222638-13@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D222638 Bug ID: 222638 Summary: [PATCH] archivers/libzip: Update to 1.3.0, fixes security vulnerability Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Keywords: patch Severity: Affects Some People Priority: --- Component: Individual Port(s) Assignee: rakuco@FreeBSD.org Reporter: i.dani@outlook.com Keywords: patch Flags: maintainer-feedback?(rakuco@FreeBSD.org) Assignee: rakuco@FreeBSD.org Created attachment 186756 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D186756&action= =3Dedit Update to 1.3.0 The current version avilable for FreeBSD is vulnerable since 02.09.2017 and= has already been patched upstream. See here: https://nih.at/libzip/NEWS.html Vulnerabilities: >> CVE-2017-12858: Fix double free(). >> CVE-2017-14107: Improve EOCD64 parsing. Patch to update is attached. Thanks for a fast fix. Update to 1.3.0. Release notes: http://www.nih.at/libzip/NEWS.html - Update & Fix broken patch - Update & Fix pkg-plist - Fixes CVE-2017-12858 & CVE-2017-14107 --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-222638-13>