Actions
Bug #6473
closedOpenVPN Client Export package - depends on vulnerable p7zip version (CVE-2016-2334, CVE-2016-2335)
Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
OpenVPN Client Export
Target version:
-
Start date:
06/09/2016
Due date:
% Done:
0%
Estimated time:
Plus Target Version:
Affected Version:
All
Affected Plus Version:
Affected Architecture:
All
Description
This depends on p7zip version vulnerable to heap-buffer-overflow (CVE-2016-2334) and out-of-bounds read (CVE-2016-2335) vulnerabilities; see http://blog.talosintel.com/2016/05/multiple-7-zip-vulnerabilities.html
OpenBSD patches for 15.14: http://marc.info/?l=openbsd-ports&m=146405545908474&w=2 (and this needs to go to FreeBSD p7zip port as well, cannot even see a bug open there.)
Actions