Re: libarchive-2.8.4nb3 has a multiple-vulnerabilities vulnerability

To: "J. Lewis Muir" <jlmuir%imca-cat.org@localhost>
Subject: Re: libarchive-2.8.4nb3 has a multiple-vulnerabilities vulnerability
From: Thomas Klausner <wiz%NetBSD.org@localhost>
Date: Wed, 23 Apr 2014 21:08:39 +0200

On Wed, Apr 23, 2014 at 01:51:26PM -0500, J. Lewis Muir wrote:
> I'm probably not the best person to fix this, but if it's a problem of
> finding someone to do the work, would developers be open to a patch (or
> tarball) from me to upgrade to libarchive 2.8.5?
> 
> Or maybe this has a history that I don't know about, and there's a
> reason why it hasn't been upgraded.  It seems like libarchive has been
> vulnerable in pkgsrc for a while now.  Is everyone else fine with this
> vulnerability continuing to exist?  Or perhaps everyone understands it
> and knows it's not a real problem?

I know nothing about the vulnerability in particular.

My guess is that packages like this one, with sources inside pkgsrc,
are harder to upgrade and noone tackled it yet for that reason.
 Thomas

References:
- libarchive-2.8.4nb3 has a multiple-vulnerabilities vulnerability
  - From: J. Lewis Muir
- Re: libarchive-2.8.4nb3 has a multiple-vulnerabilities vulnerability
  - From: J. Lewis Muir

Prev by Date: Re: libarchive-2.8.4nb3 has a multiple-vulnerabilities vulnerability
Next by Date: Re: libarchive-2.8.4nb3 has a multiple-vulnerabilities vulnerability
Previous by Thread: Re: libarchive-2.8.4nb3 has a multiple-vulnerabilities vulnerability
Next by Thread: Re: libarchive-2.8.4nb3 has a multiple-vulnerabilities vulnerability
Indexes:

Home | Main Index | Thread Index | Old Index