``` Security fixes: - 7zip reader: fix PPMD read beyond boundary (#1671) - ZIP reader: fix possible out of bounds read ([OSS-Fuzz 38766](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=38766&q=libarchive) #1672) - ISO reader: fix possible heap buffer overflow in ```read_children()``` ([OSS-Fuzz 38764](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=38764&q=libarchive), #1685) - RARv4 redaer: fix multiple issues in RARv4 filter code (introduced in libarchive 3.6.0) - fix heap use after free in ```archive_read_format_rar_read_data()``` ([OSS-Fuzz 44547](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=44547&q=libarchive), 52efa50c69653029687bfc545703b7340b7a51e2) - fix null dereference in ```read_data_compressed()``` ([OSS-Fuzz 44843](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=44843&q=libarchive), 1271f775dc917798ad7d03c3b3bd66bacad03603) - fix heap user after free in ```run_filters()``` ([OSS-Fuzz 46279](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=46279&q=libarchive), #1715) ```
cleanup done
Thanks!
CVE-2022-28066 (https://github.com/libarchive/libarchive/issues/1672): Libarchive v3.6.0 was discovered to contain a read memory access vulnerability via the function lzma_decode.
GLSA request filed
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=876025c7afca0f5ee13ac2b34bc49c9928ab4128 commit 876025c7afca0f5ee13ac2b34bc49c9928ab4128 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2022-08-14 16:08:34 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-08-14 16:09:43 +0000 [ GLSA 202208-26 ] libarchive: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/803128 Bug: https://bugs.gentoo.org/836352 Bug: https://bugs.gentoo.org/837266 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Sam James <sam@gentoo.org> glsa-202208-26.xml | 47 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 47 insertions(+)
GLSA done, all done.