Overview
Request 1135471 revoked
- update to 3.7.2:
* Multiple vulnerabilities have been fixed in the PAX writer
* bsdunzip(1) now correctly handles arguments following an
-x after the zipfile
* zstd filter now supports the "long" write option
* SEGV and stack buffer overflow in verbose mode of cpio
* bsdunzip updated to match latest upstream code
* miscellaneous functional bugfixes
* NULL pointer dereference vulnerability in archive_write.c
- Drop upstream merged CVE-2022-36227.patch
- Fix CVE-2022-36227, Handle a calloc returning NULL
(CVE-2022-36227, bsc#1205629)
* CVE-2022-36227.patch
* fix heap user after free in run_filters() (OSS-Fuzz 46279, #1715)
- Drop upstream merged fix-CVE-2022-26280.patch
- Fix CVE-2022-26280 out-of-bounds read via the component zipx_lzma_alone_init
(CVE-2022-26280, bsc#1197634)
* fix-CVE-2022-26280.patch
- Drop upstream merged:
* fix-following-symlinks.patch
* fix-CVE-2021-36976.patch
- Fix CVE-2021-36976 use-after-free in copy_string
(CVE-2021-36976, bsc#1188572)
* fix-CVE-2021-36976.patch
- The following issues have already been fixed in this package but
weren't previously mentioned in the changes file:
- Created by dirkmueller
- In state revoked
- Open review for opensuse-review-team
Request History
dirkmueller created request
- update to 3.7.2:
* Multiple vulnerabilities have been fixed in the PAX writer
* bsdunzip(1) now correctly handles arguments following an
-x after the zipfile
* zstd filter now supports the "long" write option
* SEGV and stack buffer overflow in verbose mode of cpio
* bsdunzip updated to match latest upstream code
* miscellaneous functional bugfixes
* NULL pointer dereference vulnerability in archive_write.c
- Drop upstream merged CVE-2022-36227.patch
- Fix CVE-2022-36227, Handle a calloc returning NULL
(CVE-2022-36227, bsc#1205629)
* CVE-2022-36227.patch
* fix heap user after free in run_filters() (OSS-Fuzz 46279, #1715)
- Drop upstream merged fix-CVE-2022-26280.patch
- Fix CVE-2022-26280 out-of-bounds read via the component zipx_lzma_alone_init
(CVE-2022-26280, bsc#1197634)
* fix-CVE-2022-26280.patch
- Drop upstream merged:
* fix-following-symlinks.patch
* fix-CVE-2021-36976.patch
- Fix CVE-2021-36976 use-after-free in copy_string
(CVE-2021-36976, bsc#1188572)
* fix-CVE-2021-36976.patch
- The following issues have already been fixed in this package but
weren't previously mentioned in the changes file:
licensedigger accepted review
ok
factory-auto added opensuse-review-team as a reviewer
Please review sources
factory-auto accepted review
Check script succeeded
anag+factory set openSUSE:Factory:Staging:K as a staging project
Being evaluated by staging project "openSUSE:Factory:Staging:K"
anag+factory accepted review
Picked "openSUSE:Factory:Staging:K"
pluskalm accepted review
staging-bot added factory-staging as a reviewer
Being evaluated by group "factory-staging"
staging-bot accepted review
Unstaged from project "openSUSE:Factory:Staging:K"
staging-bot declined review
sr#1135735 has newer source and is from the same project
staging-bot declined request
sr#1135735 has newer source and is from the same project
dirkmueller revoked request