GNU bug report logs - #70114
[PATCH 0/1] Xz backdoor / JiaT75 cleanup for libarchive

Previous Next

Package: guix-patches;

Reported by: Leo Famulari <leo <at> famulari.name>

Date: Sun, 31 Mar 2024 20:50:02 UTC

Severity: normal

Tags: patch, security

Merged with 70113

Done: Leo Famulari <leo <at> famulari.name>

Bug is archived. No further changes may be made.

Full log

Message #19 received at 70114 <at> debbugs.gnu.org (full text, mbox):

From: Leo Famulari <leo <at> famulari.name>
To: John Kehayias <john.kehayias <at> protonmail.com>
Cc: 70114 <at> debbugs.gnu.org, 70113-done <at> debbugs.gnu.org
Subject: Re: [bug#70113] [PATCH 1/1] gnu: libarchive: Fix a potential
 security issue.
Date: Wed, 3 Apr 2024 18:08:12 -0400

[Message part 1 (text/plain, inline)]

On Tue, Apr 02, 2024 at 03:23:44AM +0000, John Kehayias wrote:
> Overall changes look good, but I have not had a chance to try it locally
> (building or dependents).

I successfully tested with the file-roller package, which depends
directly on libarchive and no other related packages. I think it's a
reasonable basic test case.

I agree it's a good idea to look into a more comprehensive update to
libarchive, but I just wanted to get this patch in ASAP.

Pushed as 629614c7a3f9283306939402f1ff46914f327c21

[signature.asc (application/pgp-signature, inline)]

This bug report was last modified 1 year and 41 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #70114 [PATCH 0/1] Xz backdoor / JiaT75 cleanup for libarchive

GNU bug report logs - #70114
[PATCH 0/1] Xz backdoor / JiaT75 cleanup for libarchive