libzip/pecl-zip [sthen@cvs.openbsd.org: CVS: cvs.openbsd.org: ports]

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

libzip/pecl-zip [sthen@cvs.openbsd.org: CVS: cvs.openbsd.org: ports]

Stuart Henderson-10
note there's also an embedded copy of thise in pecl-zip (and PHP but
we don't build that), but they haven't been tracking libzip upstream,
they are stuck with a several-year-old version at present. I don't have
time to look into that now.


----- Forwarded message from Stuart Henderson <[hidden email]> -----

From: Stuart Henderson <[hidden email]>
Date: Wed, 21 Mar 2012 04:30:22 -0600 (MDT)
To: [hidden email]
Subject: CVS: cvs.openbsd.org: ports

CVSROOT: /cvs
Module name: ports
Changes by: [hidden email] 2012/03/21 04:30:22

Modified files:
        archivers/libzip: Makefile distinfo

Log message:
SECURITY update to libzip 0.10.1
CVE-2012-1162 heap overflow on corrupted zip files
CVE-2012-1163 integer overflow

more info at http://www.openwall.com/lists/oss-security/2012/03/21/2


----- End forwarded message -----