Summary: | <app-arch/libarchive-3.6.1: multiple vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Michał Górny <mgorny> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | mgorny |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B2 [glsa+] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 837293 | ||
Bug Blocks: |
Description
Michał Górny
2022-04-08 14:03:05 UTC
cleanup done Thanks! CVE-2022-28066 (https://github.com/libarchive/libarchive/issues/1672): Libarchive v3.6.0 was discovered to contain a read memory access vulnerability via the function lzma_decode. GLSA request filed The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=876025c7afca0f5ee13ac2b34bc49c9928ab4128 commit 876025c7afca0f5ee13ac2b34bc49c9928ab4128 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2022-08-14 16:08:34 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-08-14 16:09:43 +0000 [ GLSA 202208-26 ] libarchive: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/803128 Bug: https://bugs.gentoo.org/836352 Bug: https://bugs.gentoo.org/837266 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Sam James <sam@gentoo.org> glsa-202208-26.xml | 47 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 47 insertions(+) GLSA done, all done. |