all messages for Guix-related lists mirrored at yhetil.org
 help / color / mirror / code / Atom feed
* [PATCH 0/1] libarchive: Fix CVE-2016-1541
@ 2016-05-10 20:29 Leo Famulari
  2016-05-10 20:29 ` [PATCH 1/1] gnu: " Leo Famulari
                   ` (2 more replies)
  0 siblings, 3 replies; 10+ messages in thread
From: Leo Famulari @ 2016-05-10 20:29 UTC (permalink / raw)
  To: guix-devel

There is a buffer overflow in libarchive, CVE-2016-1541 [0]. According
to MITRE description, it "allows remote attackers to execute arbitrary
code via crafted entry-size values in a ZIP archive."

Yikes!

This patch applies the upstream patch [1].

Requesting your review, since soooo many packages depend on libarchive.

I will follow this commit with an "ungrafting" commit on core-updates.

[0]
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1541

[1]
https://github.com/libarchive/libarchive/commit/d0331e8e5b05b475f20b1f3101fe1ad772d7e7e7

Leo Famulari (1):
  gnu: libarchive: Fix CVE-2016-1541.

 gnu/local.mk                                       |  1 +
 gnu/packages/backup.scm                            |  9 +++
 .../patches/libarchive-CVE-2016-1541.patch         | 67 ++++++++++++++++++++++
 3 files changed, 77 insertions(+)
 create mode 100644 gnu/packages/patches/libarchive-CVE-2016-1541.patch

-- 
2.8.2

^ permalink raw reply	[flat|nested] 10+ messages in thread

end of thread, other threads:[~2016-05-15  6:45 UTC | newest]

Thread overview: 10+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-05-10 20:29 [PATCH 0/1] libarchive: Fix CVE-2016-1541 Leo Famulari
2016-05-10 20:29 ` [PATCH 1/1] gnu: " Leo Famulari
2016-05-11 13:44 ` [PATCH 0/1] " Ludovic Courtès
2016-05-12  1:55   ` Leo Famulari
2016-05-12  5:22     ` Jan Nieuwenhuizen
2016-05-13  6:45       ` Leo Famulari
2016-05-13 18:16         ` Jan Nieuwenhuizen
2016-05-14 17:26         ` Manolis Ragkousis
2016-05-12  7:24     ` Manolis Ragkousis
2016-05-15  6:45 ` Leo Famulari

Code repositories for project(s) associated with this external index

	https://git.savannah.gnu.org/cgit/guix.git

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.