pkgsrc-Users archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
libarchive-2.8.4nb3 has a multiple-vulnerabilities vulnerability
Hello.
I'm tracking pkgsrc-2014Q1, and "pkg_admin audit" reports the following:
Package libarchive-2.8.4nb3 has a multiple-vulnerabilities vulnerability, see
http://secunia.com/advisories/47049/
I briefly looked in archivers/libarchive to see about submitting a
patch, but it seems it's not a standard package. It seems to contain
the entire source distribution in archivers/libarchive/files rather than
downloading a source distribution file and possibly patching it. I'm
not a pkgsrc expert, but my guess is that this is done because it's
needed for bootstrapping (?).
Also strange is that what's under archivers/libarchive/files is not
exactly the same as what I get if I download libarchive-2.8.4.tar.gz
from www.libarchive.org. I would have thought that such changes would
be encapsulated in commented patch files.
Is there a plan to upgrade libarchive to 2.8.5 or to patch it so that
it's no longer vulnerable?
Thanks!
Lewis
Home |
Main Index |
Thread Index |
Old Index