Overview

File _patchinfo of Package patchinfo.21727

<patchinfo incident="21727">
  <issue tracker="bnc" id="1192425">VUL-0: libarchive: extracting a symlink with ACLs modifies ACLs of target</issue>
  <issue tracker="bnc" id="1157569">VUL-1: CVE-2019-19221: libarchive: out-of-bounds read caused by incorrect mbrtowc or mbtowc call</issue>
  <issue tracker="bnc" id="1192427">VUL-0: libarchive: Processing fixup entries may follow symbolic links</issue>
  <issue tracker="bnc" id="1192426">VUL-0: libarchive: modifies file flags of symlink target</issue>
  <issue tracker="cve" id="2019-19221"/>
  <packager>adrianSuSE</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for libarchive</summary>
  <description>This update for libarchive fixes the following issues:

- CVE-2019-19221: Fixed out-of-bounds read caused by incorrect mbrtowc or mbtowc call (bsc#1157569)

- backporting symlink security fixes from 3.5.2:
  - extracting with ACLs modifies ACLs of target (bsc#1192425)
  - modifies file flags of target (bsc#1192426)
  - avoid follow on fixup entries (bsc#1192427)
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places