From ${URL} : Double free vulnerability in the _zip_dirent_read function in zip_dirent.c in libzip allows attackers to have unspecified impact via unknown vectors. Upstream patch: https://github.com/nih-at/libzip/commit/2217022b7d1142738656d891e00b3d2d9179b796 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
1.2.0-r1 security revbump added in git commit 8ae28c0fa697b98cc15aace97cf1668df29b5fd7
(In reply to Andreas Sturmlechner from comment #1) > 1.2.0-r1 security revbump added in git commit > 8ae28c0fa697b98cc15aace97cf1668df29b5fd7 Thank you, please feel free to call for stabilization when needed or let us know. Gentoo Security Padawan ChrisADR
I found another issue in libzip, let's wait a bit to avoid multiple stabilizations.
See also bug 629574, cleanup done in git commit b4a9cb3e5493b414c2d671e6e5c1e8bcf084915c.
No PoC for ACE/RCE. GLSA Vote: No