Format: 1.8 Date: Thu, 09 Mar 2017 11:01:45 -0500 Source: libarchive Binary: libarchive-dev libarchive13 bsdtar bsdcpio Architecture: s390x Version: 3.1.2-11ubuntu0.16.04.3 Distribution: xenial Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: bsdcpio - Implementation of the 'cpio' program from FreeBSD bsdtar - Implementation of the 'tar' program from FreeBSD libarchive-dev - Multi-format archive and compression library (development files) libarchive13 - Multi-format archive and compression library (shared library) Changes: libarchive (3.1.2-11ubuntu0.16.04.3) xenial-security; urgency=medium . * SECURITY UPDATE: arbitrary file write via hardlink entries - debian/patches/CVE-2016-5418-1.patch: enforce sandbox with very long pathnames in libarchive/archive_write_disk_posix.c. - debian/patches/CVE-2016-5418-2.patch: fix path handling in libarchive/archive_write_disk_posix.c. - debian/patches/CVE-2016-5418-3.patch: add test cases to Makefile.am, libarchive/test/CMakeLists.txt, libarchive/test/main.c, libarchive/test/test.h, libarchive/test/test_write_disk_secure744.c, libarchive/test/test_write_disk_secure745.c, libarchive/test/test_write_disk_secure746.c. - debian/patches/CVE-2016-5418-4.patch: fix testcases in libarchive/test/test_write_disk_secure745.c, libarchive/test/test_write_disk_secure746.c. - debian/patches/CVE-2016-5418-5.patch: correct PATH_MAX usage in libarchive/archive_write_disk_posix.c. - CVE-2016-5418 * SECURITY UPDATE: denial of service and possible code execution when writing an ISO9660 archive - debian/patches/CVE-2016-6250.patch: check for overflow in libarchive/archive_write_set_format_iso9660.c. - CVE-2016-6250 * SECURITY UPDATE: denial of service via recursive decompression - debian/patches/CVE-2016-7166.patch: limit number of filters in libarchive/archive_read.c, added test to Makefile.am, libarchive/test/CMakeLists.txt, libarchive/test/test_read_too_many_filters.c, libarchive/test/test_read_too_many_filters.gz.uu. - CVE-2016-7166 * SECURITY UPDATE: denial of service via non-printable multibyte character in a filename - debian/patches/CVE-2016-8687.patch: expand buffer size in tar/util.c. - CVE-2016-8687 * SECURITY UPDATE: denial of service via multiple long lines - debian/patches/CVE-2016-8688.patch: fix bounds in libarchive/archive_read_support_format_mtree.c, added test to Makefile.am, libarchive/test/CMakeLists.txt, libarchive/test/test_read_format_mtree_crash747.c, libarchive/test/test_read_format_mtree_crash747.mtree.bz2.uu. - CVE-2016-8688 * SECURITY UPDATE: denial of service via multiple EmptyStream attributes - debian/patches/CVE-2016-8689.patch: reject files with multiple markers in libarchive/archive_read_support_format_7zip.c. - CVE-2016-8689 * SECURITY UPDATE: denial of service via invalid compressed file size - debian/patches/CVE-2017-5601.patch: add check to libarchive/archive_read_support_format_lha.c. - CVE-2017-5601 Checksums-Sha1: 15a15ecbfe35cd1518ff4e2d3521b5dc8dfd3b82 19698 bsdcpio-dbgsym_3.1.2-11ubuntu0.16.04.3_s390x.ddeb 140d7b41e82a6aef2d8faae7f191f6b73b0a12b6 33324 bsdcpio_3.1.2-11ubuntu0.16.04.3_s390x.deb 56172a79de94892ae84dac5cfaa618d290386f9a 34274 bsdtar-dbgsym_3.1.2-11ubuntu0.16.04.3_s390x.ddeb 13cf9608b1c537aafe379032def99c30a31344a2 47632 bsdtar_3.1.2-11ubuntu0.16.04.3_s390x.deb 5021cbd2e806ca162ecc4f3bae4626f9ab0d2a89 423034 libarchive-dev_3.1.2-11ubuntu0.16.04.3_s390x.deb e1500579aef559a058dfaa88f548234672bf87eb 511410 libarchive13-dbgsym_3.1.2-11ubuntu0.16.04.3_s390x.ddeb c33e5fbd686b5d6acdd8d3e5d255db9f9d7c5f21 248318 libarchive13_3.1.2-11ubuntu0.16.04.3_s390x.deb Checksums-Sha256: 2390aebbe07f48f423d4f9c27a03af6a78f2dcaf167b770d82a7412c4876e513 19698 bsdcpio-dbgsym_3.1.2-11ubuntu0.16.04.3_s390x.ddeb 6869bc378deb1010edcf947f971792f97e954f0943d22fdc33278f32a56f82d5 33324 bsdcpio_3.1.2-11ubuntu0.16.04.3_s390x.deb 1f1e95f8936906fd5ebe447edc02cfabb3ad9c835924a3e451537c49b6001b95 34274 bsdtar-dbgsym_3.1.2-11ubuntu0.16.04.3_s390x.ddeb 3afc4cc419d45ecd0ee936ebb5f7fab0445bbf11d7b152a65cf346b5a76de3a6 47632 bsdtar_3.1.2-11ubuntu0.16.04.3_s390x.deb 079eb99c8722b8e861d9d8c12e1fc2ffdfdc42c0d4ef36c8517af7b585c8912c 423034 libarchive-dev_3.1.2-11ubuntu0.16.04.3_s390x.deb 7c2aa79063f368b784ba927deea5b5209abf2450f1f17e830d0d752014cbbac3 511410 libarchive13-dbgsym_3.1.2-11ubuntu0.16.04.3_s390x.ddeb 5b00fbd14525256f09b5ffa9193acf4c9277dbd67a926e65848cca30945d8379 248318 libarchive13_3.1.2-11ubuntu0.16.04.3_s390x.deb Files: fa15f9cc796186287a41411576b9746f 19698 utils extra bsdcpio-dbgsym_3.1.2-11ubuntu0.16.04.3_s390x.ddeb fe794c249c0e8f05ab8f09c49fa7dc91 33324 utils optional bsdcpio_3.1.2-11ubuntu0.16.04.3_s390x.deb 47a8d74adbaefd7027b0350cd7704b9b 34274 utils extra bsdtar-dbgsym_3.1.2-11ubuntu0.16.04.3_s390x.ddeb 822454f59e837779f5119df2949803ec 47632 utils optional bsdtar_3.1.2-11ubuntu0.16.04.3_s390x.deb 32686a6f3e196d6ff9c666a697c15dac 423034 libdevel optional libarchive-dev_3.1.2-11ubuntu0.16.04.3_s390x.deb 6a2c2c6e39aa23e990a132f045ec3210 511410 libs extra libarchive13-dbgsym_3.1.2-11ubuntu0.16.04.3_s390x.ddeb 43d400c064eaa78c520c5cf6315c2bc9 248318 libs optional libarchive13_3.1.2-11ubuntu0.16.04.3_s390x.deb Original-Maintainer: Debian Libarchive Maintainers