Salut, Alistair,
On Sun, 22 Jun 2008 08:13:19 +0100, Alistair Crooks wrote:
> http://www.novell.com/linux/security/advisories/2007_15_sr.html
>
> has an interesting section about security problems in libarchive.
>
> - libarchive security problems
>
> Several problems in libarchive were fixed.
>
> Specially crafted tar-archives could cause programs based on
> libarchive to crash, to run into an endless loop or potentially
> to even execute arbitrary code (CVE-2007-3641, CVE-2007-3644,
> CVE-2007-3645).
>
> Is this the same libarchive that you want to see us move towards?
Most likely, but if you have a look at these CVEs, you will realize
that they have all been fixed upstream.
It is not a flaw of an application to have security problems as long as
it is not a systematic problem (like with PHP, for example).
Tonnerre
Attachment:
signature.asc
Description: PGP signature