Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#49750 - [libarchive] Many invalid memory access issues in libarchive
Attached to Project:
Arch Linux
Opened by Pascal Ernster (hardfalcon) - Friday, 17 June 2016, 13:06 GMT
Last edited by Dave Reisner (falconindy) - Saturday, 18 June 2016, 12:25 GMT
Opened by Pascal Ernster (hardfalcon) - Friday, 17 June 2016, 13:06 GMT
Last edited by Dave Reisner (falconindy) - Saturday, 18 June 2016, 12:25 GMT
|
Detailslibarchive 3.2.0 fixes many invalid memory access issues, which are almost guaranteed to be security relevant:
http://www.libarchive.org/ https://blog.fuzzing-project.org/47-Many-invalid-memory-access-issues-in-libarchive.html There's still only the vulnerable package version 3.1.8-2 in the repositories, although the package was flagged as out of date by somebody (not me) 2 weeks ago: https://www.archlinux.org/packages/core/x86_64/libarchive/ |
This task depends upon
Closed by Dave Reisner (falconindy)
Saturday, 18 June 2016, 12:25 GMT
Reason for closing: Fixed
Additional comments about closing: libarchive-3.2.0
Saturday, 18 June 2016, 12:25 GMT
Reason for closing: Fixed
Additional comments about closing: libarchive-3.2.0