tags 572556 + patch
thanks
Hello,
I backported patch in attached file from xar svn revision 225 to
1.5.2 branch.
Thank you
Chatchai Jantaraprim
Index: xar/lib/archive.c
===
--- xar/lib/archive.c (revision 224)
+++ xar/lib/arch
Package: xar
Severity: grave
Tags: security
The following was reported to us by Braden Thomas of the Apple Security Team:
>> Description:
>> We've discovered a signature verification bypass issue in xar. The
>> issue is that xar_open assumes that the checksum is stored at offset
>> 0, but xar_si
2 matches
Mail list logo
