Date: Thu, 29 Sep 2016 13:23:15 +0200 From: Oliver Pinter <oliver.pinter@hardenedbsd.org> To: Shawn Webb <shawn.webb@hardenedbsd.org> Cc: Martin Matuska <mm@freebsd.org>, "svn-src-head@freebsd.org" <svn-src-head@freebsd.org>, "svn-src-all@freebsd.org" <svn-src-all@freebsd.org>, "src-committers@freebsd.org" <src-committers@freebsd.org> Subject: Re: svn commit: r305819 - in head: contrib/libarchive/libarchive contrib/libarchive/libarchive/test lib/libarchive/tests Message-ID: <CAPQ4ffvkOp8ES39qhB3vjiBOvBh7%2BH5mcAT2Y1xaTSxE81-GYw@mail.gmail.com> In-Reply-To: <20160929083232.GB45358@mutt-hardenedbsd> References: <201609142115.u8ELF1t1019804@repo.freebsd.org> <20160929083232.GB45358@mutt-hardenedbsd>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thursday, September 29, 2016, Shawn Webb <shawn.webb@hardenedbsd.org> wrote: > On Wed, Sep 14, 2016 at 09:15:01PM +0000, Martin Matuska wrote: > > Author: mm > > Date: Wed Sep 14 21:15:01 2016 > > New Revision: 305819 > > URL: https://svnweb.freebsd.org/changeset/base/305819 > > > > Log: > > MFV r305816: > > Sync libarchive with vendor including important security fixes. > > > > Issues fixed (FreeBSD): > > PR #778: ACL error handling > > Issue #745: Symlink check prefix optimization is too aggressive > > Issue #746: Hard links with data can evade sandboxing restrictions > > > > This update fixes the vulnerability #3 and vulnerability #4 as > reported in > > "non-cryptanalytic attacks against FreeBSD update components". > > https://gist.github.com/anonymous/e48209b03f1dd9625a992717e7b89c4f > > > > Fix for vulnerability #2 has already been merged in r304989. > > > > MFC after: 1 week > > Security: http://gist.github.com/anonymous/ > e48209b03f1dd9625a992717e7b89c4f > > Hey Martin, > > Any plans to release a security announcement? > > I expect that at the same time, as 11.0-RELEASE is announced. It would be logical. > Thanks, > > -- > Shawn Webb > Cofounder and Security Engineer > HardenedBSD > > GPG Key ID: 0x6A84658F52456EEE > GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAPQ4ffvkOp8ES39qhB3vjiBOvBh7%2BH5mcAT2Y1xaTSxE81-GYw>