[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH 0/1] libarchive: Fix CVE-2016-1541
From: |
Leo Famulari |
Subject: |
[PATCH 0/1] libarchive: Fix CVE-2016-1541 |
Date: |
Tue, 10 May 2016 16:29:08 -0400 |
There is a buffer overflow in libarchive, CVE-2016-1541 [0]. According
to MITRE description, it "allows remote attackers to execute arbitrary
code via crafted entry-size values in a ZIP archive."
Yikes!
This patch applies the upstream patch [1].
Requesting your review, since soooo many packages depend on libarchive.
I will follow this commit with an "ungrafting" commit on core-updates.
[0]
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1541
[1]
https://github.com/libarchive/libarchive/commit/d0331e8e5b05b475f20b1f3101fe1ad772d7e7e7
Leo Famulari (1):
gnu: libarchive: Fix CVE-2016-1541.
gnu/local.mk | 1 +
gnu/packages/backup.scm | 9 +++
.../patches/libarchive-CVE-2016-1541.patch | 67 ++++++++++++++++++++++
3 files changed, 77 insertions(+)
create mode 100644 gnu/packages/patches/libarchive-CVE-2016-1541.patch
--
2.8.2
- [PATCH 0/1] libarchive: Fix CVE-2016-1541,
Leo Famulari <=
- [PATCH 1/1] gnu: libarchive: Fix CVE-2016-1541., Leo Famulari, 2016/05/10
- Re: [PATCH 0/1] libarchive: Fix CVE-2016-1541, Ludovic Courtès, 2016/05/11
- Re: [PATCH 0/1] libarchive: Fix CVE-2016-1541, Leo Famulari, 2016/05/11
- Re: [PATCH 0/1] libarchive: Fix CVE-2016-1541, Manolis Ragkousis, 2016/05/12
- Re: [PATCH 0/1] libarchive: Fix CVE-2016-1541, Jan Nieuwenhuizen, 2016/05/12
- Re: [PATCH 0/1] libarchive: Fix CVE-2016-1541, Leo Famulari, 2016/05/13
- Re: [PATCH 0/1] libarchive: Fix CVE-2016-1541, Jan Nieuwenhuizen, 2016/05/13
- Re: [PATCH 0/1] libarchive: Fix CVE-2016-1541, Manolis Ragkousis, 2016/05/14
Re: [PATCH 0/1] libarchive: Fix CVE-2016-1541, Leo Famulari, 2016/05/15