git: 9f690fcfdc05 - main - libarchive: merge vendor bugfixes

Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Martin Matuska <mm_at_FreeBSD.org>
Date: Sun, 03 Apr 2022 12:21:53 UTC

The branch main has been updated by mm:

URL: https://cgit.FreeBSD.org/src/commit/?id=9f690fcfdc050f566466ac10cca29ff43bf4fe92

commit 9f690fcfdc050f566466ac10cca29ff43bf4fe92
Merge: 1a0bd2665a4b d0dbd88ba985
Author:     Martin Matuska <mm@FreeBSD.org>
AuthorDate: 2022-04-03 12:21:28 +0000
Commit:     Martin Matuska <mm@FreeBSD.org>
CommitDate: 2022-04-03 12:21:28 +0000

    libarchive: merge vendor bugfixes
    
    Bugfixes:
      IS #1685 and OSS-Fuzz #38764 (security):
        (ISO reader) fix possible heap buffer overflow in read_children()
      IS #1715 and OSS-Fuzz #46279 (security):
        (RARv4 reader) fix heap-use-after-free in run_filters()
    
    MFC after:      3 days

 .../libarchive/archive_read_support_format_iso9660.c    |  3 ++-
 .../libarchive/archive_read_support_format_rar.c        | 17 +++++++++++++++++
 2 files changed, 19 insertions(+), 1 deletion(-)