Bug 7154 - [UPDATE REQUEST] xz 5.1.3alpha -> 5.2.2, libarchive 3.2.0 -> 3.2.1
: [UPDATE REQUEST] xz 5.1.3alpha -> 5.2.2, libarchive 3.2.0 -> 3.2.1
Status: VERIFIED FIXED
Product: Desktop Bugs
Classification: ROSA Desktop
Component: Main Packages
: Fresh
: All Linux
: Normal normal
: ---
Assigned To: ROSA Linux Bugs
: ROSA Linux Bugs
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2016-06-23 14:58 MSD by Andrey Bondrov
Modified: 2016-06-27 21:21 MSD (History)
1 user (show)

See Also:
RPM Package: xz
ISO-related:
Bad POT generating:
Upstream:
vladimir.potapov: qa_verified+
andrey.bondrov: published+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Andrey Bondrov 2016-06-23 14:58:55 MSD
We need to update xz from alpha to stable release and then update libarchive to 3.2.1 to fix CVE-2016-4300, CVE-2016-4301, CVE-2016-4302.
Comment 1 Andrey Bondrov 2016-06-23 14:59:52 MSD
Advisory: "Update xz to new version 5.2.2"

https://abf.rosalinux.ru/build_lists/2683710
https://abf.rosalinux.ru/build_lists/2683711

Advisory: "Update libarchive to new version 3.2.1 to fix CVE-2016-4300, CVE-2016-4301, CVE-2016-4302"

https://abf.rosalinux.ru/build_lists/2683712
https://abf.rosalinux.ru/build_lists/2683713
Comment 2 Vladimir Potapov 2016-06-24 20:49:34 MSD
The update is sent to expanded testing
**************************************
Comment 3 Vladimir Potapov 2016-06-27 20:10:07 MSD
xz-5.2.2-1
https://abf.rosalinux.ru/build_lists/2683710
https://abf.rosalinux.ru/build_lists/2683711

libarchive-3.2.1-1
https://abf.rosalinux.ru/build_lists/2683712
https://abf.rosalinux.ru/build_lists/2683713
****************************** Advisory ****************************
Update xz to new version 5.2.2
Update libarchive to new version 3.2.1 to fix CVE-2016-4300, CVE-2016-4301, CVE-2016-4302
********************************************************************
QA Verified