| 1.1.1.1 |
| 03-May-2026 |
christos | Import libarchive-3.8.7 (previous was 3.8.5)
Libarchive 3.8.7 is a security and bugfix release.
Notable fixes:
CAB: fix NULL pointer dereference during skip (#2900)
CAB: Fix Heap OOB Write in CAB LZX decoder (#2919)
cpio: various fixes and improvements (#2899, #2908, #2910, #2939)
contrib/untar: fix out-of-bounds read (#2903)
iso9660: fix undefined behavior (#2897)
iso9660: fix posibble heap buffer overflow on 32-bit systems (#2934)
libarchive: fix handling of option failures (#2871)
libarchive: do not continue with truncated numbers (#2911)
libarchive: lzop and grzip filter support (#2947)
RAR: fix LZSS window size mismatch after PPMd block (#2898)
Libarchive 3.8.6 is a security and bugfix release.
Notable fixes:
libarchive: fix incompatibility with Nettle 4.x (#2858)
libarchive: fix NULL pointer dereference in archive_acl_from_text_w() (#2859)
bsdunzip: fix ISO week year and Gregorian year confusion (#2860)
7zip: ix SEGV in check_7zip_header_in_sfx via ELF offset validation (#2864)
7zip: fix out-of-bounds access on ELF 64-bit header (#2875)
RAR5 reader: fix infinite loop in rar5 decompression (#2877)
RAR5 reader: fix potential memory leak (#2892)
RAR5: fix SIGSEGV when archive_read_support_format_rar5 is called twice (#2893)
CAB reader: fix memory leak on repeated calls to
archive_read_support_format_cab (#2895)
mtree reader: Fix file descriptor leak in mtree parser cleanup (CWE-775, #2878)
various small bugfixes in code and documentation
|
