tags 572556 + patch
thanks
Hello,
I backported patch in attached file from xar svn revision 225 to
1.5.2 branch.
Thank you
Chatchai Jantaraprim
Index: xar/lib/archive.c
===
--- xar/lib/archive.c (revision 224)
+++
Package: xar
Severity: grave
Tags: security
The following was reported to us by Braden Thomas of the Apple Security Team:
Description:
We've discovered a signature verification bypass issue in xar. The
issue is that xar_open assumes that the checksum is stored at offset
0, but
2 matches
Mail list logo
