Bug 7482 - [UPDATE REQUEST] p7zip 15.14.1 -> 16.02
: [UPDATE REQUEST] p7zip 15.14.1 -> 16.02
Status: CONFIRMED
Product: Desktop Bugs
Classification: ROSA Desktop
Component: Main Packages
: Fresh
: All Linux
: Normal normal
: ---
Assigned To: ROSA Linux Bugs
: ROSA Linux Bugs
http://www.linuxsecurity.com/content/...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2016-11-03 14:07 MSK by Nemial
Modified: 2016-12-01 03:54 MSK (History)
3 users (show)

See Also:
RPM Package: p7zip
ISO-related:
Bad POT generating:
Upstream:
vladimir.potapov: qa_verified-


Attachments
test archive (12.77 KB, application/zip)
2016-11-03 15:20 MSK, Vladimir Potapov
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Nemial 2016-11-03 14:07:37 MSK
Update to version 16.02. It fixes CVE-2016-2334 and CVE-2016-2335
Comment 1 Nemial 2016-11-03 14:10:29 MSK
Advisory: "Update p7zip to new version 16.02"
https://abf.rosalinux.ru/build_lists/2746890
https://abf.rosalinux.ru/build_lists/2746889
Comment 2 Vladimir Potapov 2016-11-03 15:20:24 MSK
Created attachment 4559 [details]
test archive

The update break filelist encoding
************************************
QA Denied
Comment 3 Vladimir Potapov 2016-11-03 15:21:09 MSK
(In reply to comment #2)
> Created attachment 4559 [details]
> test archive
> 
> The update break filelist encoding
> ************************************
> QA Denied

P.S. Open by PeaZip
Comment 4 Zombie Ryushu 2016-12-01 03:54:27 MSK
There exists additional CVEs for this.

Bug #1394790 - CVE-2016-9296 p7zip: Null pointer dereference in 7zIn.cpp
        https://bugzilla.redhat.com/show_bug.cgi?id=1394790