Diffusion FreeBSD src repository 0c9b0086715b

libarchive: merge security fix from vendor branch
0c9b0086715b
Actions

Tags

None

Referenced Files

None

Subscribers

None

Description

libarchive: merge security fix from vendor branch

This commit fixes a couple of security vulnerabilities in the PAX writer:

Heap overflow in url_encode() in archive_write_set_format_pax.c
NULL dereference in archive_write_pax_header_xattrs()
Another NULL dereference in archive_write_pax_header_xattrs()
NULL dereference in archive_write_pax_header_xattr()

Security: No known reference yet
Obtained from: https://github.com/libarchive/libarchive/commit/1b4e0d0f9

(cherry picked from commit f10f65999fe56e92f00b5bc5d27ac342cfea5364)

Details

Provenance

mm	Authored on Sep 7 2023, 3:18 PM

Parents

rG402d5960cb82: MFC jail.conf(5): Fix and expand description of ".include".

Branches

Unknown

Tags

Unknown

Event Timeline

mm committed rG0c9b0086715b: libarchive: merge security fix from vendor branch (authored by mm).Sep 11 2023, 7:02 AM

mm mentioned this in rGf0ed478f0596: libarchive: merge security fix from vendor branch.Sep 11 2023, 7:45 PM

Changes (1)

Path

Size

contrib/

libarchive/

libarchive/

archive_write_set_format_pax.c

rG0c9b0086715b

contrib/libarchive/libarchive/archive_write_set_format_pax.c

Loading...