Format: 1.8 Date: Thu, 09 Mar 2017 11:23:19 -0500 Source: libarchive Binary: libarchive-dev libarchive13 bsdtar bsdcpio Architecture: amd64 Version: 3.1.2-7ubuntu2.4 Distribution: trusty Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: bsdcpio - Implementation of the 'cpio' program from FreeBSD bsdtar - Implementation of the 'tar' program from FreeBSD libarchive-dev - Multi-format archive and compression library (development files) libarchive13 - Multi-format archive and compression library (shared library) Changes: libarchive (3.1.2-7ubuntu2.4) trusty-security; urgency=medium . * SECURITY UPDATE: arbitrary file write via hardlink entries - debian/patches/CVE-2016-5418-1.patch: enforce sandbox with very long pathnames in libarchive/archive_write_disk_posix.c. - debian/patches/CVE-2016-5418-2.patch: fix path handling in libarchive/archive_write_disk_posix.c. - debian/patches/CVE-2016-5418-3.patch: add test cases to Makefile.am, libarchive/test/CMakeLists.txt, libarchive/test/main.c, libarchive/test/test.h, libarchive/test/test_write_disk_secure744.c, libarchive/test/test_write_disk_secure745.c, libarchive/test/test_write_disk_secure746.c. - debian/patches/CVE-2016-5418-4.patch: fix testcases in libarchive/test/test_write_disk_secure745.c, libarchive/test/test_write_disk_secure746.c. - debian/patches/CVE-2016-5418-5.patch: correct PATH_MAX usage in libarchive/archive_write_disk_posix.c. - CVE-2016-5418 * SECURITY UPDATE: denial of service and possible code execution when writing an ISO9660 archive - debian/patches/CVE-2016-6250.patch: check for overflow in libarchive/archive_write_set_format_iso9660.c. - CVE-2016-6250 * SECURITY UPDATE: denial of service via recursive decompression - debian/patches/CVE-2016-7166.patch: limit number of filters in libarchive/archive_read.c, added test to Makefile.am, libarchive/test/CMakeLists.txt, libarchive/test/test_read_too_many_filters.c, libarchive/test/test_read_too_many_filters.gz.uu. - CVE-2016-7166 * SECURITY UPDATE: denial of service via non-printable multibyte character in a filename - debian/patches/CVE-2016-8687.patch: expand buffer size in tar/util.c. - CVE-2016-8687 * SECURITY UPDATE: denial of service via multiple long lines - debian/patches/CVE-2016-8688.patch: fix bounds in libarchive/archive_read_support_format_mtree.c, added test to Makefile.am, libarchive/test/CMakeLists.txt, libarchive/test/test_read_format_mtree_crash747.c, libarchive/test/test_read_format_mtree_crash747.mtree.bz2.uu. - CVE-2016-8688 * SECURITY UPDATE: denial of service via multiple EmptyStream attributes - debian/patches/CVE-2016-8689.patch: reject files with multiple markers in libarchive/archive_read_support_format_7zip.c. - CVE-2016-8689 * SECURITY UPDATE: denial of service via invalid compressed file size - debian/patches/CVE-2017-5601.patch: add check to libarchive/archive_read_support_format_lha.c. - CVE-2017-5601 Checksums-Sha1: e170cceb6947fd0bc2eabd5d7b46d68b04f6f9cd 424798 libarchive-dev_3.1.2-7ubuntu2.4_amd64.deb b251242069746a0f0aef2f81a946cefb95f42800 261810 libarchive13_3.1.2-7ubuntu2.4_amd64.deb 3fdd6c15ffe45f48ad691c5358346ab37ce34bcc 47720 bsdtar_3.1.2-7ubuntu2.4_amd64.deb a9013a2d50c853090782c427c4376514c7feac60 33160 bsdcpio_3.1.2-7ubuntu2.4_amd64.deb 194af85bc8c32b8ee3088653fda53e81c58a1eef 565816 libarchive13-dbgsym_3.1.2-7ubuntu2.4_amd64.ddeb 9a8116204859a7894c022bd2f7ecda25cc154c7f 40024 bsdtar-dbgsym_3.1.2-7ubuntu2.4_amd64.ddeb 8607288463ebe681a12884524140d0507dcaacc2 23440 bsdcpio-dbgsym_3.1.2-7ubuntu2.4_amd64.ddeb Checksums-Sha256: 29d59da3ec89edc591b5d7012575b8eb99a33b710368d63fe5edd0b9dfd667a6 424798 libarchive-dev_3.1.2-7ubuntu2.4_amd64.deb f9756dc2820fc53f6c1edf7fc587eb55559d412f7aa033ce0a5b0544045ccec5 261810 libarchive13_3.1.2-7ubuntu2.4_amd64.deb 0f77837a0e040c7bca0e77a2a3944bc17d5a906b9dd1fe6c906675345a10a404 47720 bsdtar_3.1.2-7ubuntu2.4_amd64.deb 9150208612976b2681249fa3168531b339938910883564afdb4af0d80704bace 33160 bsdcpio_3.1.2-7ubuntu2.4_amd64.deb 112795fe84c4866b178055deeacd4adb10d17447e189a25e38543f46ee8aeb2e 565816 libarchive13-dbgsym_3.1.2-7ubuntu2.4_amd64.ddeb 55ef979535acad4cc41e94ef0f14c856e9eaf37ecad635700ca7ae17635cae24 40024 bsdtar-dbgsym_3.1.2-7ubuntu2.4_amd64.ddeb 2ee6be779086438be110332df0429d3d6bd12b2e074d75c19e895eb5bc857796 23440 bsdcpio-dbgsym_3.1.2-7ubuntu2.4_amd64.ddeb Files: cb10a590aa147e18cca0baa39df6a01d 424798 libdevel optional libarchive-dev_3.1.2-7ubuntu2.4_amd64.deb 7db1fca293205d48ffe7bc34c943b918 261810 libs optional libarchive13_3.1.2-7ubuntu2.4_amd64.deb 2c7cff71ffc1c773420e23771565e67b 47720 utils optional bsdtar_3.1.2-7ubuntu2.4_amd64.deb 740c997a9d3f15ddd9ab47fe02096bdd 33160 utils optional bsdcpio_3.1.2-7ubuntu2.4_amd64.deb 29481c2caa9ccf3ce0787196dc8e7759 565816 libs extra libarchive13-dbgsym_3.1.2-7ubuntu2.4_amd64.ddeb e0eacb3e20328304243c3d114455d352 40024 utils extra bsdtar-dbgsym_3.1.2-7ubuntu2.4_amd64.ddeb fa5e1381683ba2c734ed02512acde900 23440 utils extra bsdcpio-dbgsym_3.1.2-7ubuntu2.4_amd64.ddeb Original-Maintainer: Debian Libarchive Maintainers