[Bug 273417] archivers/7-zip: Update to 23.00 or 23.01 (Security)

Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Tue, 29 Aug 2023 09:07:37 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=273417

            Bug ID: 273417
           Summary: archivers/7-zip: Update to 23.00 or 23.01 (Security)
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Many People
          Priority: ---
         Component: Individual Port(s)
          Assignee: makc@FreeBSD.org
          Reporter: fabian@wenks.ch
             Flags: maintainer-feedback?(makc@FreeBSD.org)
          Assignee: makc@FreeBSD.org

According to the German news Heise.de [1] versions below 23.00 contain a very
critical vulnerability. Unfortunately in the release notes for 7-zip 23.00 it
was not mention. Heise does refer to "7-Zip SquashFS File Parsing Out-Of-Bounds
Write Remote Code Execution Vulnerability" [2].

 [1]
https://www.heise.de/news/Jetzt-updaten-Hochriskante-Sicherheitsluecken-in-7-Zip-ermoeglichen-Codeschmuggel-9287669.html
 [2] https://www.zerodayinitiative.com/advisories/ZDI-23-1164/

-- 
You are receiving this mail because:
You are the assignee for the bug.