[Mageia-dev] Freeze push: libzip (security update)
David Walser
luigiwalser at yahoo.com
Wed Mar 28 18:10:43 CEST 2012
New vulnerabilities CVE-2012-1162 (heap overflow) and CVE-2012-1163 (integer
overflow) in libzip were recently announced.
libzip 0.10.1 has been released to fix these. I have updated it in SVN and
confirmed it builds on current Cauldron. I mentioned this earlier and Anne
submitted it to the build system, and it built, but one of the make check
tests failed. I can't reproduce this, even on a stripped-down VM with no
extra -devel packages installed, so I'm thinking it was a transient issue on
the build system (as I've seen this happen before). Can we please try
submitting it again?
References:
https://bugs.mageia.org/show_bug.cgi?id=5063
http://seclists.org/oss-sec/2012/q1/710
https://bugzilla.redhat.com/show_bug.cgi?id=802564
https://bugzilla.redhat.com/show_bug.cgi?id=803028
More information about the Mageia-dev
mailing list