<div dir="ltr"><div class="gmail_default" style="font-family:arial,helvetica,sans-serif"><font size="2">Hello,<br><br>p7zip 9.20.1 has two security issues :<br><br>CVE-2015-1038: <br></font><div style="margin-left:40px"><font size="2">p7zip 9.20.1 allows remote attackers to write to arbitrary files via a symlink attack in an archive.</font><br></div><font size="2"><br></font><div style="margin-left:40px"><font size="2"><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1038">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1038</a></font><br><a href="https://sourceforge.net/p/p7zip/bugs/147/#2f9c">https://sourceforge.net/p/p7zip/bugs/147/#2f9c</a><br><br></div>CVE-2016-2335:<br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif"><div style="margin-left:40px"><font size="2">7zip UDF CInArchive::ReadFileItem Code Execution Vulnerability</font><br><br><a href="http://www.talosintel.com/reports/TALOS-2016-0094/">http://www.talosintel.com/reports/TALOS-2016-0094/</a><br></div><div style="margin-left:40px"><a href="https://sourceforge.net/p/p7zip/discussion/383043/thread/9d0fb86b/#1dba">https://sourceforge.net/p/p7zip/discussion/383043/thread/9d0fb86b/#1dba</a><br><br></div></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif"><font size="2">The latest p7zip, ie. 15.14.1, is not affected by </font><font size="2"><font size="2">CVE-2015-1038</font>, but affected by </font><font size="2">CVE-2016-2335 and also by </font><font size="2">CVE-2016-2334.<br><br></font><font size="2"><font size="2">In attachment, the patches for these issues, and for the slackbuild.<br><br></font></font></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif"><font size="2"><font size="2">Notes:<br><br></font></font></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif"><font size="2"><font size="2">p7zip.SlackBuild.patch <br></font></font></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif"><div style="margin-left:40px">Applies the patches to fix vulnerabilities in p7zip 9.20.1 <br></div><font size="2"><font size="2"><br></font></font></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif"><font size="2"><font size="2">p7zip.15.14.1.SlackBuild.patch <br></font></font></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;margin-left:40px"><font size="2"><font size="2">Bumps VERSION to 15.14.1 and applies the patches to fix vulnerabilities in this version.<br><br></font></font></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif"><font size="2">Hope this help.</font><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:large"></div><br><div class="gmail_default" style="font-family:arial,helvetica,sans-serif"><font size="2"><font size="2"></font></font></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif"><font size="2">-- <br></font></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif"><font size="2">SeB<br></font></div></div>