Hi
If the transition to 1.3.x based version to unstable is unlikely to be
in time for buster, can you fix the issue with an isolated fix for
unstable/buster based on 1.1.2-1.1?
Regards,
Salvatore
libzip-1.3.0 fixing this and another CVE is now available.
Thomas
On Fri, Sep 01, 2017 at 11:14:02PM +0200, Salvatore Bonaccorso wrote:
> Source: libzip
> Version: 0.11.2-1.2
> Severity: important
> Tags: security upstream patch fixed-upstream
>
> Hi,
>
> the following vulnerability was publish
Source: libzip
Version: 0.11.2-1.2
Severity: important
Tags: security upstream patch fixed-upstream
Hi,
the following vulnerability was published for libzip.
CVE-2017-14107[0]:
| The _zip_read_eocd64 function in zip_open.c in libzip before 1.3.0
| mishandles EOCD records, which allows remote att
3 matches
Mail list logo