-
-
Notifications
You must be signed in to change notification settings - Fork 14.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
libarchive: 3.6.2 -> 3.7.2 #244713
libarchive: 3.6.2 -> 3.7.2 #244713
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This version bump fixes https://nvd.nist.gov/vuln/detail/CVE-2023-30571
It does not. The metadata associated with the CVE entry are not correct. Upstream issue is still open and AFAIK there is no available fix. |
d061cb5
to
b1e1a81
Compare
b1e1a81
to
be257d5
Compare
Rebased on top of staging and updated to 3.7.2 (sorry for the noise, I first rebased it on top of master by mistake). Flagging this as security related even if CVE-2023-30571 is not fixed. |
Description of changes
https://github.com/libarchive/libarchive/releases/tag/v3.7.0
Things done
sandbox = true
set innix.conf
? (See Nix manual)nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD"
. Note: all changes have to be committed, also see nixpkgs-review usage./result/bin/
)