Bug 617400

Summary:	app-arch/libarchive: Heap-buffer-overflow in lzx_make_huffman_table
Product:	Gentoo Security	Reporter:	Agostino Sarubbo <ago>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED INVALID
Severity:	normal	CC:	bsd+disabled
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=497
Whiteboard:
Package list:		Runtime testing required:	---

Description Agostino Sarubbo gentoo-dev

2017-05-03 14:43:46 UTC

OSS-Fuzz is a Continuous Fuzzing for Open Source Software.

When a bug is found, it is filed on bugs.chromium.org instead of the upstream's bugzilla.
If the bug at $URL is public, that means that the issue has been fixed in the upstream git repository, so when upstream does not add anything useful in that place, you can:
1) Check the range date when ClusterFuzz has detected that the issue has been fixed and dig into upstream git repository;
2) Check if upstream made a new release after the issue has been fixed;
3) Get in touch with upstream.

See $URL for more details about the issue.

@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.

Comment 1 Agostino Sarubbo gentoo-dev

2017-05-10 13:35:40 UTC

Sorry for the inconvenience, this bug looks to be invalid.