+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">

+<HTML>

+ <HEAD>

+ <TITLE> [Mageia-dev] New security issues affect libzip and php (freeze push will be needed)

+ </TITLE>

+ <LINK REL="Index" HREF="index.html" >

+ <LINK REL="made" HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20New%20security%20issues%20affect%20libzip%20and%20php%20%28freeze%20push%0A%09will%20be%20needed%29&In-Reply-To=%3C1332462692.41117.YahooMailClassic%40web160501.mail.bf1.yahoo.com%3E">

+ <META NAME="robots" CONTENT="index,nofollow">

+ <META http-equiv="Content-Type" content="text/html; charset=us-ascii">

+ <LINK REL="Previous" HREF="013438.html">

+ <LINK REL="Next" HREF="013432.html">

+ </HEAD>

+ <BODY BGCOLOR="#ffffff">

+ <H1>[Mageia-dev] New security issues affect libzip and php (freeze push will be needed)</H1>

+ <B>David Walser</B>

+ <A HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20New%20security%20issues%20affect%20libzip%20and%20php%20%28freeze%20push%0A%09will%20be%20needed%29&In-Reply-To=%3C1332462692.41117.YahooMailClassic%40web160501.mail.bf1.yahoo.com%3E"

+ TITLE="[Mageia-dev] New security issues affect libzip and php (freeze push will be needed)">luigiwalser at yahoo.com

+ </A><BR>

+ <I>Fri Mar 23 01:31:32 CET 2012</I>

+ <P><UL>

+ <LI>Previous message: <A HREF="013438.html">[Mageia-dev] [push] gstreamer0.10-plugins-ugly

+</A></li>

+ <LI>Next message: <A HREF="013432.html">[Mageia-dev] New security issues affect libzip and php (freeze push will be needed)

+</A></li>

+ <LI> <B>Messages sorted by:</B>

+ <a href="date.html#13421">[ date ]</a>

+ <a href="thread.html#13421">[ thread ]</a>

+ <a href="subject.html#13421">[ subject ]</a>

+ <a href="author.html#13421">[ author ]</a>

+ </LI>

+ </UL>

+ <HR>

+<!--beginarticle-->

+<PRE>New vulnerabilities CVE-2012-1162 (heap overflow) and CVE-2012-1163 (integer overflow) in libzip, which also affect PHP (probably the php-zip subpackage) were recently announced.

+

+libzip 0.10.1 has been released to fix these. I have updated it in SVN and confirmed it builds, but I have not tested it yet.

+

+PHP has not yet issued an update for this.

+

+References:

+<A HREF="https://bugs.mageia.org/show_bug.cgi?id=5063">https://bugs.mageia.org/show_bug.cgi?id=5063</A>

+<A HREF="http://seclists.org/oss-sec/2012/q1/710">http://seclists.org/oss-sec/2012/q1/710</A>

+<A HREF="https://bugzilla.redhat.com/show_bug.cgi?id=802564">https://bugzilla.redhat.com/show_bug.cgi?id=802564</A>

+<A HREF="https://bugzilla.redhat.com/show_bug.cgi?id=803028">https://bugzilla.redhat.com/show_bug.cgi?id=803028</A>

+</PRE>

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+<!--endarticle-->

+ <HR>

+ <P><UL>

+ <!--threads-->

+ <LI>Previous message: <A HREF="013438.html">[Mageia-dev] [push] gstreamer0.10-plugins-ugly

+</A></li>

+ <LI>Next message: <A HREF="013432.html">[Mageia-dev] New security issues affect libzip and php (freeze push will be needed)

+</A></li>

+ <LI> <B>Messages sorted by:</B>

+ <a href="date.html#13421">[ date ]</a>

+ <a href="thread.html#13421">[ thread ]</a>

+ <a href="subject.html#13421">[ subject ]</a>

+ <a href="author.html#13421">[ author ]</a>

+ </LI>

+ </UL>

+

+<hr>

+<a href="https://www.mageia.org/mailman/listinfo/mageia-dev">More information about the Mageia-dev

+mailing list</a><br>

+</body></html>