Christian Weisgerber <[email protected]> writes: > Update archivers/cabextract to 1.6. > > The significant change from 1.5 is that it fixes the extraction to > absolute file names with invalid UTF-8 characters (CVE-2015-2060). > This was already fixed in the port with patch-src_cabextract_c. > > Also, the other security patch in the port, patch-mspack_qtmd_c > (CVE-2014-9556), was already obsoleted by extended input validation > in 1.5. > > OK?
Same diff, works fine with a few .cabs, some of them containing funky characters. ok jca@ FWIW -- jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE
