Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 17 Jun 2019 15:36:08 +0200
From:      Martin Matuska <mm@FreeBSD.org>
To:        Cy Schubert <Cy.Schubert@cschubert.com>
Cc:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   Re: svn commit: r349135 - in head: contrib/libarchive/libarchive contrib/libarchive/libarchive/test lib/libarchive/tests
Message-ID:  <e29de4d9-5c15-778c-f953-2799e9ae9b14@FreeBSD.org>
In-Reply-To: <201906171217.x5HCH3ik057008@slippy.cwsent.com>
References:  <201906171217.x5HCH3ik057008@slippy.cwsent.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
Due to lack of resources we (libarchive) are currently not publishing 
CVE information.
Most of our security fixes are patches for issues discovered by Google's 
OSS-Fuzz project.
These issues are made public 30 days after they have been detected as 
fixed or 90 days after being discovered.

I can provide links to published issues at OSS-Fuzz.

Am 17.06.19 um 14:17 schrieb Cy Schubert:
> In message <201906171146.x5HBkbCC019178@repo.freebsd.org>, Martin
> Matuska write
> s:
>> Author: mm
>> Date: Mon Jun 17 11:46:37 2019
>> New Revision: 349135
>> URL: https://svnweb.freebsd.org/changeset/base/349135
>>
>> Log:
>>    MFV r349134:
>>    Sync libarchive with vendor.
>>    
>>    Relevant vendor changes:
>>      PR #1212: RAR5 reader - window_mask was not updated correctly
>>                (OSS-Fuzz 15278)
>>      OSS-Fuzz 15120: RAR reader - extend use after free bugfix
> Did our upline document a CVE for this?
>
>>    
>>    MFC after:	1 week (together with r348993)
>>
>> Added:
>>    head/contrib/libarchive/libarchive/test/test_read_format_rar5_different_win
>> dow_size.rar.uu
>>       - copied unchanged from r349134, vendor/libarchive/dist/libarchive/test/
>> test_read_format_rar5_different_window_size.rar.uu
>>    head/contrib/libarchive/libarchive/test/test_read_format_rar_ppmd_use_after
>> _free2.rar.uu
>>       - copied unchanged from r349134, vendor/libarchive/dist/libarchive/test/
>> test_read_format_rar_ppmd_use_after_free2.rar.uu
>> Modified:
>>    head/contrib/libarchive/libarchive/archive_read_support_format_rar.c
>>    head/contrib/libarchive/libarchive/archive_read_support_format_rar5.c
>>    head/contrib/libarchive/libarchive/test/test_read_format_rar.c
>>    head/contrib/libarchive/libarchive/test/test_read_format_rar5.c
>>    head/lib/libarchive/tests/Makefile
>> Directory Properties:
>>    head/contrib/libarchive/   (props changed)
>>
> [...]
>
>

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?e29de4d9-5c15-778c-f953-2799e9ae9b14>