1. 16
  1.  

  2. 1
    1. The patch included in SA-16:25 is incomplete, and may still permit heap corruption.

    Wow, and they decided this was OK.

    1. 3

      Unusual situation. The libarchive patches are understandably difficult because it’s a semantic fix. Is this hard link a good one or a bad one? Easy to accidentally break something. But memory corruption is typically easier. Did I allocate enough memory? That should have a concrete answer.