libzip/pecl-zip [ CVS: ports]

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

libzip/pecl-zip [ CVS: ports]

Stuart Henderson-10
note there's also an embedded copy of thise in pecl-zip (and PHP but
we don't build that), but they haven't been tracking libzip upstream,
they are stuck with a several-year-old version at present. I don't have
time to look into that now.

----- Forwarded message from Stuart Henderson <[hidden email]> -----

From: Stuart Henderson <[hidden email]>
Date: Wed, 21 Mar 2012 04:30:22 -0600 (MDT)
To: [hidden email]
Subject: CVS: ports

Module name: ports
Changes by: [hidden email] 2012/03/21 04:30:22

Modified files:
        archivers/libzip: Makefile distinfo

Log message:
SECURITY update to libzip 0.10.1
CVE-2012-1162 heap overflow on corrupted zip files
CVE-2012-1163 integer overflow

more info at

----- End forwarded message -----