[Mageia-dev] Freeze push: libzip (security update)
nicolas vigier
boklm at mars-attacks.org
Wed Mar 28 18:47:38 CEST 2012
On Wed, 28 Mar 2012, David Walser wrote:
> New vulnerabilities CVE-2012-1162 (heap overflow) and CVE-2012-1163 (integer
> overflow) in libzip were recently announced.
>
> libzip 0.10.1 has been released to fix these. I have updated it in SVN and
> confirmed it builds on current Cauldron. I mentioned this earlier and Anne
> submitted it to the build system, and it built, but one of the make check
> tests failed. I can't reproduce this, even on a stripped-down VM with no
> extra -devel packages installed, so I'm thinking it was a transient issue on
> the build system (as I've seen this happen before). Can we please try
> submitting it again?
It still fails :
http://pkgsubmit.mageia.org/uploads/failure/cauldron/core/release/20120328164050.boklm.valstar.7233/log/libzip-0.10.1-1.mga2/build.0.20120328164051.log
More information about the Mageia-dev
mailing list