Bug 1439703 (CVE-2016-10209)
| Summary: | CVE-2016-10209 libarchive: NULL pointer dereference in archive_wstring_append_from_mbs function | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Andrej Nemec <anemec> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED WONTFIX | QA Contact: | |
| Severity: | low | Docs Contact: | |
| Priority: | low | ||
| Version: | unspecified | CC: | anto.trande, besser82, databases-maint, praiskup, trepik |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | libarchive 3.3.0 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2017-04-06 12:16:14 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1439704, 1439705 | ||
| Bug Blocks: | |||
|
Description
Andrej Nemec
2017-04-06 12:15:12 UTC
Created libarchive tracking bugs for this issue: Affects: fedora-all [bug 1439705] Created libarchive3 tracking bugs for this issue: Affects: epel-6 [bug 1439704] In reply to comment #0: > Upstream patch: > > https://github.com/libarchive/libarchive/commit/e8a9de5eaf3b79fc3d990d056343bb52c51c5ba4 This is not a patch fixing this problem, this was only indicated in the upstream bug as version that is no longer affected. This has been fixed in an earlier commit, the following is indicated in the upstream bug: https://github.com/libarchive/libarchive/commit/42a3408ac7df1e69bea9ea12b72e14f59f7400c0 |