OSS-Fuzz is a Continuous Fuzzing for Open Source Software. When a bug is found, it is filed on bugs.chromium.org instead of the upstream's bugzilla. If the bug at $URL is public, that means that the issue has been fixed in the upstream git repository, so when upstream does not add anything useful in that place, you can: 1) Check the range date when ClusterFuzz has detected that the issue has been fixed and dig into upstream git repository; 2) Check if upstream made a new release after the issue has been fixed; 3) Get in touch with upstream. See $URL for more details about the issue. @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
• Tar format can now archive and restore NFSv4 ACLs on FreeBSD, Linux, and macOS thanks to Martin Matuška. This is fully interoperable with star. • Tar format can read and write SCHILY.xattr extended file attributes in addition to the LIBARCHIVE.xattr format, thanks to Stefan Berger. This provides compatibility with archives created by star and GNU tar. • Jan Osusky contributed several improvements to libarchive's file detection logic. • Many security bugs reported by the OSS-Fuzz project have been fixed • Ngie Cooper fixed a number of issues reported by the Coverity source scanner. Note: Asked upstream if CVE's have been filed for the OSS-Fuzz project.
I missed the copy paste of the title: Libarchive 3.3.1 is now available at https://libarchive.org/downloads/libarchive-3.3.1.tar.gz https://libarchive.org/downloads/libarchive-3.3.1.zip Libarchive 3.3.1 is a feature and security release. Over 20 people contributed fixes and improvements since 3.2.2; only a few of whom are mentioned below. Thanks to everyone who has invested their time and effort to make libarchive such a great piece of software.
Sorry for the inconvenience, this bug looks to be invalid.