HomeFreeBSD
Diffusion FreeBSD src repository 5ed7eb0d97ba

libarchive: merge security fix from vendor branch
5ed7eb0d97ba
Actions

Description

libarchive: merge security fix from vendor branch

This commit fixes a couple of security vulnerabilities in the PAX writer:

  1. Heap overflow in url_encode() in archive_write_set_format_pax.c
  2. NULL dereference in archive_write_pax_header_xattrs()
  3. Another NULL dereference in archive_write_pax_header_xattrs()
  4. NULL dereference in archive_write_pax_header_xattr()

Security: No known reference yet
Obtained from: https://github.com/libarchive/libarchive/commit/1b4e0d0f9
MFC after: 3 days

(cherry picked from commit f10f65999fe56e92f00b5bc5d27ac342cfea5364)

Details

Provenance
mmAuthored on Sep 7 2023, 3:18 PM
Parents
rGe59d10aff6ed: zlib: Fix a bug when getting a gzip header extra field with inflate().
Branches
Unknown
Tags
Unknown
References
stable/11

Changes (1)

PathSize
contrib/
libarchive/
libarchive/

rG5ed7eb0d97ba

View Options

contrib/libarchive/libarchive/archive_write_set_format_pax.c

Loading...