FreshPorts -- archivers/libzip/files/patch-CVE-2017-14107

non port: archivers/libzip/files/patch-CVE-2017-14107

Number of commits found: 2

Wednesday, 27 Sep 2017

18:06 rakuco

Update libzip to 1.3.0.

It includes the fix for CVE-2017-14107 (landed separately in r450768) as well
as a fix for CVE-2017-12858, which did not affect us due to the fact that the
vulnerability was introduced in 1.2.0.

libzip.so's SOVERSION got bumped after the removal of the undocumented function
zip_archive_set_tempdir(). All ports depending on libzip continue to build fine
after that.

PR:		222638
Submitted by:	Dani <i.dani@outlook.com>

16:52 rakuco

Add a patch for CVE-2017-14107.

This is a minor security vulnerability that can lead to a denial of service
issue in libzip when a specially crafted archive is used.

PR:		222638
Security:	b2952517-07e5-4d19-8850-21c5b7e0623f
Security:	CVE-2017-14107

Number of commits found: 2

Login
User Login Create account

Servers and bandwidth provided by
New York Internet, iXsystems, and RootBSD

This site
What is FreshPorts? About the authors Issues FAQ How big is it? Security Policy Privacy Blog Contact

Search
Enter Keywords: more...

Latest Vulnerabilities

chromium	Nov 29
ungoogled-chromium	Nov 29
mariadb1011-server	Nov 26
mariadb105-server	Nov 26
mariadb106-server	Nov 26
strongswan	Nov 24
electron25	Nov 22
electron26	Nov 22
chromium	Nov 16
electron25	Nov 16
electron26	Nov 16
qt5-webengine	Nov 16
ungoogled-chromium	Nov 16
openvpn	Nov 15
electron25	Nov 09

7 vulnerabilities affecting 83 ports have been reported in the past 14 days

^* - modified, not new

All vulnerabilities

Last processed:
2023-11-29 13:37:06 UTC

Ports
Home Categories Deleted ports Sanity Test Failures Newsfeeds

Statistics

Graphs
NEW Graphs (Javascript)

Calculated hourly:

Port count	31917
Broken	68
Deprecated	299
Ignore	234
Forbidden	1
Restricted	2
No CDROM	1
Vulnerable	51
Expired	25
Set to expire	273
Interactive	0
new 24 hours	2
new 48 hours	2
new 7 days	21
new fortnight	47
new month	170