pkgsrc-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: libarchive-2.8.4nb3 has a multiple-vulnerabilities vulnerability



On Wed, Apr 23, 2014 at 01:51:26PM -0500, J. Lewis Muir wrote:
> I'm probably not the best person to fix this, but if it's a problem of
> finding someone to do the work, would developers be open to a patch (or
> tarball) from me to upgrade to libarchive 2.8.5?
> 
> Or maybe this has a history that I don't know about, and there's a
> reason why it hasn't been upgraded.  It seems like libarchive has been
> vulnerable in pkgsrc for a while now.  Is everyone else fine with this
> vulnerability continuing to exist?  Or perhaps everyone understands it
> and knows it's not a real problem?

I know nothing about the vulnerability in particular.

My guess is that packages like this one, with sources inside pkgsrc,
are harder to upgrade and noone tackled it yet for that reason.
 Thomas


Home | Main Index | Thread Index | Old Index