[Buildroot] [PATCH] package/libarchive: security bump to version 3.4.1
Peter Korsgaard
peter at korsgaard.com
Fri Jan 10 20:01:57 UTC 2020
>>>>> "Pierre-Jean" == Pierre-Jean Texier <pjtexier at koncepto.io> writes:
> Fixes the following security vulnerabilities:
> - CVE-2019-19221: In Libarchive 3.4.0, archive_wstring_append_from_mbs in archive_string.c
> has an out-of-bounds read because of an incorrect mbrtowc or mbtowc call. For example,
> bsdtar crashes via a crafted archive.
> And adds various security fixes. For details, see :
> https://github.com/libarchive/libarchive/releases/tag/v3.4.1
> Also remove upstreamed patch.
> Signed-off-by: Pierre-Jean Texier <pjtexier at koncepto.io>
> ---
> v1 -> v2 :
> - update commit title "libarchive to package/libarchive"
Committed to 2019.11.x, thanks.
For 2019.02.x I will instead cherry-pick the upstream fix and apply to
our 3.3.x version.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list