Re: CVE request: libarchive, multiple overflows

[Josh Bressers <bressers () redhat com>]

----- Original Message -----
> Hello,
> our maintainer found the following patches:
> -----------
> I was doing some maintainance on bsdtar package and noticed that there
> was a buffer overflow fix upstream, see
> http://code.google.com/p/libarchive/source/detail?r=3158&path=/trunk/libarchive/archive_read_support_format_iso9660.c

Use CVE-2011-1777

> Also SUSE package does not include the
> http://pkgs.fedoraproject.org/gitweb/?p=libarchive.git;a=blob_plain;f=libarchive-2.8.4-iso9660-data-types.patch;hb=HEAD
> patch which seems to be security sensitive also.

I'm not sure I'd call this one security. It's a crash only from what I can
see:

https://code.google.com/p/libarchive/source/detail?r=1984&path=/trunk/libarchive/archive_read_support_format_iso9660.c

It's just silly input to a format string. If you want one I'll assign it
though.

> More overflow fixes:
>
> http://code.google.com/p/libarchive/source/detail?r=2842

This one needs a 2010 ID.
Use CVE-2010-4666

> http://code.google.com/p/libarchive/source/detail?r=3160

Use CVE-2011-1778

> Use-after-free fix (not sure if exploitable):
>
> http://code.google.com/p/libarchive/source/detail?r=3038

I'm going to give this an ID, I'd rather have it revoked than not assigned.

Use CVE-2011-1779

Thanks.

-- 
    JB