List Archive

Thread

Thread Index

Message

From: Thomas Klausner <tk%giga.or.at@localhost>
To: libzip mailing list <libzip-discuss%nih.at@localhost>
Subject: libzip-1.3.0 released
Date: Sat, 2 Sep 2017 18:22:52 +0200

Hi!

We've just released libzip 1.3.0.

It contains fixes for two possible security problems. The problems
were identified by Brian 'geeknik' Carpenter and Agostino Sarubbo
using AFL.

The changes are:

* Support bzip2 compressed zip archives
* Improve file progress callback code
* Fix zip_fdopen()
* CVE-2017-12858: Fix double free().
* CVE-2017-14107: Improve EOCD64 parsing.

Let us know if you have any problems.

Thanks,
 Thomas

Made by MHonArc.