I could say something rhetorical and in bad taste here. This speaks for itself.
-- Cheers, Cy Schubert <cy.schub...@cschubert.com> FreeBSD UNIX: <c...@freebsd.org> Web: http://www.FreeBSD.org The need of the many outweighs the greed of the few. In message <e29de4d9-5c15-778c-f953-2799e9ae9...@freebsd.org>, Martin Matuska w rites: > Due to lack of resources we (libarchive) are currently not publishing > CVE information. > Most of our security fixes are patches for issues discovered by Google's > OSS-Fuzz project. > These issues are made public 30 days after they have been detected as > fixed or 90 days after being discovered. > > I can provide links to published issues at OSS-Fuzz. > > Am 17.06.19 um 14:17 schrieb Cy Schubert: > > In message <201906171146.x5hbkbcc019...@repo.freebsd.org>, Martin > > Matuska write > > s: > >> Author: mm > >> Date: Mon Jun 17 11:46:37 2019 > >> New Revision: 349135 > >> URL: https://svnweb.freebsd.org/changeset/base/349135 > >> > >> Log: > >> MFV r349134: > >> Sync libarchive with vendor. > >> > >> Relevant vendor changes: > >> PR #1212: RAR5 reader - window_mask was not updated correctly > >> (OSS-Fuzz 15278) > >> OSS-Fuzz 15120: RAR reader - extend use after free bugfix > > Did our upline document a CVE for this? > > > >> > >> MFC after: 1 week (together with r348993) > >> > >> Added: > >> head/contrib/libarchive/libarchive/test/test_read_format_rar5_different > _win > >> dow_size.rar.uu > >> - copied unchanged from r349134, vendor/libarchive/dist/libarchive/t > est/ > >> test_read_format_rar5_different_window_size.rar.uu > >> head/contrib/libarchive/libarchive/test/test_read_format_rar_ppmd_use_a > fter > >> _free2.rar.uu > >> - copied unchanged from r349134, vendor/libarchive/dist/libarchive/t > est/ > >> test_read_format_rar_ppmd_use_after_free2.rar.uu > >> Modified: > >> head/contrib/libarchive/libarchive/archive_read_support_format_rar.c > >> head/contrib/libarchive/libarchive/archive_read_support_format_rar5.c > >> head/contrib/libarchive/libarchive/test/test_read_format_rar.c > >> head/contrib/libarchive/libarchive/test/test_read_format_rar5.c > >> head/lib/libarchive/tests/Makefile > >> Directory Properties: > >> head/contrib/libarchive/ (props changed) > >> > > [...] > > > > _______________________________________________ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
