FS#52840 - [libarchive] Unresolved CVE-2017-5601
Attached to Project:
Arch Linux
Opened by Adam Lau (adamlau) - Saturday, 04 February 2017, 08:51 GMT
Last edited by Christian Hesse (eworm) - Saturday, 04 February 2017, 17:46 GMT
Opened by Adam Lau (adamlau) - Saturday, 04 February 2017, 08:51 GMT
Last edited by Christian Hesse (eworm) - Saturday, 04 February 2017, 17:46 GMT
|
Details
Description:
libarchive 3.2.2-3 does not include a patch for CVE-2017-5601 which has been made available. I have not noted any regressions with the commit patch at https://github.com/libarchive/libarchive/commit/98dcbbf0bf4854bf987557e55e55fff7abbf3ea9. Severity flagged as High (Moderately Critical) based on information provided by Secunia Research. Additional info: libarchive 3.2.2. Other versions may also be affected. |
This task depends upon
Closed by Christian Hesse (eworm)
Saturday, 04 February 2017, 17:46 GMT
Reason for closing: Fixed
Additional comments about closing: libarchive 3.2.2-4 in [testing]
Saturday, 04 February 2017, 17:46 GMT
Reason for closing: Fixed
Additional comments about closing: libarchive 3.2.2-4 in [testing]