David Walser <luigiwalser@...> writes: > New vulnerabilities CVE-2012-1162 (heap overflow) and CVE-2012-1163 (integer > overflow) in libzip were recently announced. > > libzip 0.10.1 has been released to fix these. I have updated it in SVN and > confirmed it builds on current Cauldron. I mentioned this earlier and Anne > submitted it to the build system, and it built, but one of the make check > tests failed. I can't reproduce this, even on a stripped-down VM with no > extra -devel packages installed, so I'm thinking it was a transient issue on > the build system (as I've seen this happen before). Can we please try > submitting it again? > > References: > https://bugs.mageia.org/show_bug.cgi?id=5063 > http://seclists.org/oss-sec/2012/q1/710 > https://bugzilla.redhat.com/show_bug.cgi?id=802564 > https://bugzilla.redhat.com/show_bug.cgi?id=803028
boklm tried submitting this again (thanks for trying), and it failed on "fread.test" again. As I said, I can't reproduce the problem, and I welcome any help in solving it.
