evv/uc2
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: evv:v3.0.0-alpha.3
Branches Tags
evv:main
evv:v3.0.0-alpha.3 evv:v3.0.0-alpha.2 evv:v3.0.0-alpha.1
..
compare: evv:main
Branches Tags
evv:main
evv:v3.0.0-alpha.3 evv:v3.0.0-alpha.2 evv:v3.0.0-alpha.1

1 Commits
v3.0.0-alp ... main

Author SHA1 Message Date
Eremey Valetov
3dc9f9684c docs: roadmap maintenance log for the 2026-06-13 security pass
Some checks failed
Build / Linux (push) Has been cancelled
Details
Build / Windows (MSVC) (push) Has been cancelled
Details
Build / macOS (push) Has been cancelled
Details
Build / libarchive plugin (push) Has been cancelled
Details
Build / DOS (DJGPP) (push) Has been cancelled
Details
Docs / build (push) Has been cancelled
Details
Docs / deploy (push) Has been cancelled
Details
2026-06-13 10:56:48 -04:00
1 changed files with 6 additions and 0 deletions
Expand all files Collapse all files

6
ROADMAP.md
View File

@@ -306,3 +306,9 @@ Bobrowski already shipped prototypes; update for UC2 v3.
fuzzer drove the fixes; a residual rare cdir-parser OOB it surfaces
is tracked for a systematic hardening + fuzzing pass (git-bug
69e8e52).
- 2026-06-13: Security task-qa + fixes. A libFuzzer harness (tests/fuzz/)
found a heap overflow in the damaged-cdir parse path (fixed, 69e8e52);
also fixed Zip-Slip extraction, decoder bounds (tree/LZ/delta), and
allocation-overflow guards. v3.0.0-alpha.3 tagged. Residual
decompression-bomb DoS tracked (b8f933c).