On Sat, Sep 24, 2016 at 01:27:52PM +0200, Salvatore Bonaccorso wrote: > Hi, > > On Wed, Sep 14, 2016 at 06:43:41AM +0200, Salvatore Bonaccorso wrote: > > On Tue, Sep 13, 2016 at 09:41:49PM +0200, Salvatore Bonaccorso wrote: > > > [0] https://security-tracker.debian.org/tracker/CVE-2016-5418 > > > [1] > > > https://git.centos.org/blob/rpms!libarchive.git/9952851f8b327a8c93d26a5873c190c1fb09ae6c/SOURCES!libarchive-3.1.2-CVE-2016-5418.patch;jsessionid=1dexz8h9qdewibih5aonbu3 > > > [2] > > > https://git.centos.org/blob/rpms!libarchive.git/9952851f8b327a8c93d26a5873c190c1fb09ae6c/SOURCES!libarchive-3.1.2-CVE-2016-5418-variation.patch;jsessionid=1dexz8h9qdewibih5aonbu3 > > > [3] > > > https://github.com/libarchive/libarchive/commit/dfd6b54ce33960e420fb206d8872fb759b577ad9 > > > > Please note, not (yet) clear if [3] ist the only one. The CVE relates > > to https://bugzilla.redhat.com/show_bug.cgi?id=1362601 and to > > http://seclists.org/oss-sec/2016/q3/255 . > > I have added more information to the security-tracker page. Basically > two commits for #744, #745 and #746 plus two more for the testsuite.
I'm looking into it. Thanks for doing the work so far, and sorry for not reacting sooner! G'luck, Peter -- Peter Pentchev r...@ringlet.net r...@freebsd.org p...@storpool.com PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint 2EE7 A7A5 17FC 124C F115 C354 651E EFB0 2527 DF13
signature.asc
Description: PGP signature
