svn commit: r349135 - in head: contrib/libarchive/libarchive contrib/libarchive/libarchive/test lib/libarchive/tests
Martin Matuska
mm at FreeBSD.org
Mon Jun 17 13:36:12 UTC 2019
Due to lack of resources we (libarchive) are currently not publishing
CVE information.
Most of our security fixes are patches for issues discovered by Google's
OSS-Fuzz project.
These issues are made public 30 days after they have been detected as
fixed or 90 days after being discovered.
I can provide links to published issues at OSS-Fuzz.
Am 17.06.19 um 14:17 schrieb Cy Schubert:
> In message <201906171146.x5HBkbCC019178 at repo.freebsd.org>, Martin
> Matuska write
> s:
>> Author: mm
>> Date: Mon Jun 17 11:46:37 2019
>> New Revision: 349135
>> URL: https://svnweb.freebsd.org/changeset/base/349135
>>
>> Log:
>> MFV r349134:
>> Sync libarchive with vendor.
>>
>> Relevant vendor changes:
>> PR #1212: RAR5 reader - window_mask was not updated correctly
>> (OSS-Fuzz 15278)
>> OSS-Fuzz 15120: RAR reader - extend use after free bugfix
> Did our upline document a CVE for this?
>
>>
>> MFC after: 1 week (together with r348993)
>>
>> Added:
>> head/contrib/libarchive/libarchive/test/test_read_format_rar5_different_win
>> dow_size.rar.uu
>> - copied unchanged from r349134, vendor/libarchive/dist/libarchive/test/
>> test_read_format_rar5_different_window_size.rar.uu
>> head/contrib/libarchive/libarchive/test/test_read_format_rar_ppmd_use_after
>> _free2.rar.uu
>> - copied unchanged from r349134, vendor/libarchive/dist/libarchive/test/
>> test_read_format_rar_ppmd_use_after_free2.rar.uu
>> Modified:
>> head/contrib/libarchive/libarchive/archive_read_support_format_rar.c
>> head/contrib/libarchive/libarchive/archive_read_support_format_rar5.c
>> head/contrib/libarchive/libarchive/test/test_read_format_rar.c
>> head/contrib/libarchive/libarchive/test/test_read_format_rar5.c
>> head/lib/libarchive/tests/Makefile
>> Directory Properties:
>> head/contrib/libarchive/ (props changed)
>>
> [...]
>
>
More information about the svn-src-all
mailing list