Hi, On Wed, Sep 14, 2016 at 06:43:41AM +0200, Salvatore Bonaccorso wrote: > On Tue, Sep 13, 2016 at 09:41:49PM +0200, Salvatore Bonaccorso wrote: > > [0] https://security-tracker.debian.org/tracker/CVE-2016-5418 > > [1] > > https://git.centos.org/blob/rpms!libarchive.git/9952851f8b327a8c93d26a5873c190c1fb09ae6c/SOURCES!libarchive-3.1.2-CVE-2016-5418.patch;jsessionid=1dexz8h9qdewibih5aonbu3 > > [2] > > https://git.centos.org/blob/rpms!libarchive.git/9952851f8b327a8c93d26a5873c190c1fb09ae6c/SOURCES!libarchive-3.1.2-CVE-2016-5418-variation.patch;jsessionid=1dexz8h9qdewibih5aonbu3 > > [3] > > https://github.com/libarchive/libarchive/commit/dfd6b54ce33960e420fb206d8872fb759b577ad9 > > Please note, not (yet) clear if [3] ist the only one. The CVE relates > to https://bugzilla.redhat.com/show_bug.cgi?id=1362601 and to > http://seclists.org/oss-sec/2016/q3/255 .
I have added more information to the security-tracker page. Basically two commits for #744, #745 and #746 plus two more for the testsuite. Regards, Salvatore
