Bug 198913 - [archivers/libzip][security] CVE-2015-2331
Summary: [archivers/libzip][security] CVE-2015-2331
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Many People
Assignee: Max Brazhnikov
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2015-03-26 00:02 UTC by Sevan Janiyan
Modified: 2015-03-28 16:51 UTC (History)
0 users

See Also:
bugzilla: maintainer-feedback? (makc)


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sevan Janiyan 2015-03-26 00:02:03 UTC
Patch
http://hg.nih.at/libzip/rev/9f11d54f692e
Comment 1 commit-hook freebsd_committer 2015-03-28 16:48:48 UTC
A commit references this bug:

Author: makc
Date: Sat Mar 28 16:48:16 UTC 2015
New revision: 382523
URL: https://svnweb.freebsd.org/changeset/ports/382523

Log:
  archivers/libzip:
  - Add patch to fix CVE-2015-2331: ZIP Integer Overflow [1]
  - Add CPE

  PR:		198913 [1]
  Reported by:	Sevan Janiyan

Changes:
  head/archivers/libzip/Makefile
  head/archivers/libzip/files/patch-lib_zip__dirent.c
Comment 2 Max Brazhnikov freebsd_committer 2015-03-28 16:51:15 UTC
Fixed, thanks for report!