[Mageia-dev] New security issues affect libzip and php (freeze push will be needed)

David Walser luigiwalser at yahoo.com
Tue Mar 27 17:53:59 CEST 2012


Anne Nicolas <ennael1 at ...> writes:
> Le 23/03/2012 01:31, David Walser a écrit :
> > New vulnerabilities CVE-2012-1162 (heap overflow) and CVE-2012-1163 (integer
> > overflow) in libzip, which also affect PHP (probably the php-zip subpackage)
> > were recently announced.
> > 
> > libzip 0.10.1 has been released to fix these.  I have updated it in SVN and
> > confirmed it builds, but I have not tested it yet.
> > 
> > References:
> > https://bugs.mageia.org/show_bug.cgi?id=5063
> > http://seclists.org/oss-sec/2012/q1/710
> > https://bugzilla.redhat.com/show_bug.cgi?id=802564
> > https://bugzilla.redhat.com/show_bug.cgi?id=803028
> 
>
http://pkgsubmit.mageia.org/uploads/failure/cauldron/core/release/20120323073855.ennael.valstar.7406/log

I just tried building it on Cauldron again, and it builds fine.

Can you try resubmitting?  Maybe it was a transient issue on the build system.



More information about the Mageia-dev mailing list