Summary: | archivers/arc: Vulnerable to CVE-2015-9275 | ||
---|---|---|---|
Product: | Ports & Packages | Reporter: | Bernhard Froehlich <decke> |
Component: | Individual Port(s) | Assignee: | Xin LI <delphij> |
Status: | New --- | ||
Severity: | Affects Only Me | CC: | decke |
Priority: | --- | Flags: | bugzilla:
maintainer-feedback?
(delphij) |
Version: | Latest | ||
Hardware: | Any | ||
OS: | Any | ||
URL: | https://nvd.nist.gov/vuln/detail/CVE-2015-9275 |
Description
Bernhard Froehlich
2021-08-15 13:30:01 UTC
Thanks for the report. Unfortunately I am too busy to work on this right now and the situation would persist for about 2 weeks or so. In case someone would want to work on this, please feel free to commit a fix as long as you are confident with it. My discoveries so far, in case people want to work on it: 1) Debian patch: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774527 Note that they need to be adapted to FreeBSD port; 2) Debian have migrated to a different upstream, https://github.com/ani6al/arc which appears to be unmaintained. The Debian version (5.21q) have some license cleanups, which seems to be authorized by original owner (see https://lists.debian.org/debian-legal/2011/09/msg00018.html ) but I haven't dig into this further. We probably want to move to this upstream too. 3) There are other unresolved bugs with Debian port: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774439 |