libarchive 3.0.3-6ubuntu1.3 source package in Ubuntu

Changelog

libarchive (3.0.3-6ubuntu1.3) precise-security; urgency=medium

  * SECURITY UPDATE: denial of service via malformed rar or cab files
    - debian/patches/CVE-2015-8916.patch: ignore entries with empty
      filenames in tar/read.c.
    - CVE-2015-8916
    - CVE-2015-8917
  * SECURITY UPDATE: denial of service via malformed lzh file
    - debian/patches/CVE-2015-8919.patch: recognize empty dir name in
      libarchive/archive_read_support_format_lha.c.
    - CVE-2015-8919
  * SECURITY UPDATE: buffer underflow parsing ar header
    - debian/patches/CVE-2015-8920.patch: check for empty filenames in
      libarchive/archive_read_support_format_ar.c.
    - CVE-2015-8920
  * SECURITY UPDATE: read past end of string parsing
    - debian/patches/CVE-2015-8921.patch: properly calculate string length
      in libarchive/archive_entry.c.
    - CVE-2015-8921
  * SECURITY UPDATE: segfault on malformed 7z archive
    - debian/patches/CVE-2015-8922.patch: reject some malformed files in
      libarchive/archive_read_support_format_7zip.c, added tests to
      Makefile.am, libarchive/test/test_read_format_7zip_malformed.7z.uu,
      libarchive/test/test_read_format_7zip_malformed.c,
      libarchive/test/test_read_format_7zip_malformed2.7z.uu,
      libarchive/test/CMakeLists.txt.
    - CVE-2015-8922
  * SECURITY UPDATE: segfault on malformed Zip archive
    - debian/patches/CVE-2015-8923.patch: properly handle sizes in
      libarchive/archive_read_support_format_zip.c, added tests to
      Makefile.am, libarchive/test/CMakeLists.txt,
      libarchive/test/test_read_format_zip_malformed.c,
      libarchive/test/test_read_format_zip_malformed1.zip.uu.
    - CVE-2015-8923
  * SECURITY UPDATE: buffer overflow when processing tar files
    - debian/patches/CVE-2015-8924.patch: properly handle empty filenames
      in libarchive/archive_read_support_format_tar.c.
    - CVE-2015-8924
  * SECURITY UPDATE: improper newline parsing
    - debian/patches/CVE-2015-8925.patch: fix escaped newline parsing in
      libarchive/archive_read_support_format_mtree.c, added tests to
      libarchive/test/test_read_format_mtree.c,
      libarchive/test/test_read_format_mtree.mtree.uu.
    - CVE-2015-8925
  * SECURITY UPDATE: segfault on invalid rar archive
    - debian/patches/CVE-2015-8926.patch: properly handle return code in
      libarchive/archive_read_support_format_rar.c.
    - CVE-2015-8926
  * SECURITY UPDATE: segfault via dir loop in malformed ISO
    - debian/patches/CVE-2015-8930.patch: limit recursion in
      libarchive/archive_read_support_format_iso9660.c.
    - CVE-2015-8930
  * SECURITY UPDATE: integer overflow parsing time values
    - debian/patches/CVE-2015-8931.patch: fix time handling in
      libarchive/archive_read_support_format_mtree.c.
    - CVE-2015-8931
  * SECURITY UPDATE: crash via invalid compressed data
    - debian/patches/CVE-2015-8932.patch: add more checks to
      libarchive/archive_read_support_filter_compress.c, added tests to
      Makefile.am, libarchive/test/CMakeLists.txt,
      libarchive/test/test_read_filter_compress.c.
    - CVE-2015-8932
  * SECURITY UPDATE: integer overflow via negative-sized sparse blocks
    - debian/patches/CVE-2015-8933.patch: add check to
      libarchive/archive_read_support_format_tar.c.
    - CVE-2015-8933
  * SECURITY UPDATE: heap overflow parsing malformed tar archives
    - debian/patches/CVE-2015-8934.patch: properly check reading from lzss
      decompression buffer in libarchive/archive_read_support_format_rar.c,
      added tests to Makefile.am, libarchive/test/CMakeLists.txt,
      libarchive/test/test_read_format_rar_invalid1.c,
      libarchive/test/test_read_format_rar_invalid1.rar.uu.
    - CVE-2015-8934
  * SECURITY UPDATE: overflow reading 7-Zip with large number of substreams
    - debian/patches/CVE-2016-4300.patch: add another limit to
      libarchive/archive_read_support_format_7zip.c.
    - CVE-2016-4300
  * SECURITY UPDATE: crash via rar files with zero dictionary size
    - debian/patches/CVE-2016-4302.patch: handle zero-sized disctionary in
      libarchive/archive_ppmd7.c,
      libarchive/archive_read_support_format_rar.c.
    - CVE-2016-4302
  * SECURITY UPDATE: memory allocation issues with large cpio symlinks
    - debian/patches/CVE-2016-4809.patch: reject large symlinks in
      libarchive/archive_read_support_format_cpio.c.
    - CVE-2016-4809
  * SECURITY UPDATE: integer overflow when computing volume descriptor
    - debian/patches/CVE-2016-5844.patch: fix multiplications in
      libarchive/archive_read_support_format_iso9660.c.
    - CVE-2016-5844
  * debian/control: add dh-autoreconf to Build-Depends.
  * debian/rules: add autoreconf.

 -- Marc Deslauriers <email address hidden>  Wed, 13 Jul 2016 11:52:16 -0400

Upload details

Uploaded by:
Marc Deslauriers on 2016-07-13
Uploaded to:
Precise
Original maintainer:
Ubuntu Developers
Architectures:
any
Section:
libs
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
libarchive_3.0.3.orig.tar.gz 3.3 MiB c5fc7620f74a54b1717e4aed38aee85dc27a988ad1db7640f28eb63a82ea62d7
libarchive_3.0.3-6ubuntu1.3.debian.tar.gz 45.3 KiB a75ca64a16b383a4ef551dbfd738e9d132a1c5716e4ece71b7d9e8b7988eea69
libarchive_3.0.3-6ubuntu1.3.dsc 2.3 KiB 4c5d368b7e2526e35a77aa0618aad81dadbd7ae556602860f2a1f6ed2aff469f

View changes file

Binary packages built by this source

bsdcpio: Implementation of the 'cpio' program from FreeBSD

 The bsdcpio program is the default system 'cpio' program used on FreeBSD.
 bsdcpio uses the libarchive library as a backend which does all of the work for
 reading and writing archives in various formats.

bsdcpio-dbgsym: debug symbols for package bsdcpio

 The bsdcpio program is the default system 'cpio' program used on FreeBSD.
 bsdcpio uses the libarchive library as a backend which does all of the work for
 reading and writing archives in various formats.

bsdtar: Implementation of the 'tar' program from FreeBSD

 The bsdtar program is the default system 'tar' program used on FreeBSD. bsdtar
 uses the libarchive library as a backend which does all of the work for reading
 and writing archives in various formats.

bsdtar-dbgsym: debug symbols for package bsdtar

 The bsdtar program is the default system 'tar' program used on FreeBSD. bsdtar
 uses the libarchive library as a backend which does all of the work for reading
 and writing archives in various formats.

libarchive-dev: Multi-format archive and compression library (development files)

 The libarchive library provides a flexible interface for reading and writing
 archives in various formats such as tar and cpio. libarchive also supports
 reading and writing archives compressed using various compression filters such
 as gzip and bzip2. The library is inherently stream-oriented; readers serially
 iterate through the archive, writers serially add things to the archive.
 .
 Archive formats supported are:
 .
    * tar (read and write, including GNU extensions)
    * pax (read and write, including GNU and star extensions)
    * cpio (read and write, including odc and newc variants)
    * iso9660 (read only, including Joliet and Rockridge extensions, with some
      limitations)
    * zip (read only, with some limitations, uses zlib)
    * mtree (read and write)
    * shar (write only)
    * ar (read and write, including BSD and GNU/SysV variants)
    * empty (read only; in particular, note that no other format will accept an
      empty file)
    * raw (read only)
    * xar (read only)
    * rar (read only, with some limitations)
    * 7zip (read and write, with some limitations)
 .
 Filters supported are:
 .
    * gzip (read and write, uses zlib)
    * bzip2 (read and write, uses bzlib)
    * compress (read and write, uses an internal implementation)
    * uudecode (read only)
    * separate command-line compressors with fixed-signature auto-detection
    * xz and lzma (read and write using liblzma)
 .
 This package provides the files necessary for development with libarchive.

libarchive12: Multi-format archive and compression library (shared library)

 The libarchive library provides a flexible interface for reading and writing
 archives in various formats such as tar and cpio. libarchive also supports
 reading and writing archives compressed using various compression filters such
 as gzip and bzip2. The library is inherently stream-oriented; readers serially
 iterate through the archive, writers serially add things to the archive.
 .
 Archive formats supported are:
 .
    * tar (read and write, including GNU extensions)
    * pax (read and write, including GNU and star extensions)
    * cpio (read and write, including odc and newc variants)
    * iso9660 (read only, including Joliet and Rockridge extensions, with some
      limitations)
    * zip (read only, with some limitations, uses zlib)
    * mtree (read and write)
    * shar (write only)
    * ar (read and write, including BSD and GNU/SysV variants)
    * empty (read only; in particular, note that no other format will accept an
      empty file)
    * raw (read only)
    * xar (read only)
    * rar (read only, with some limitations)
    * 7zip (read and write, with some limitations)
 .
 Filters supported are:
 .
    * gzip (read and write, uses zlib)
    * bzip2 (read and write, uses bzlib)
    * compress (read and write, uses an internal implementation)
    * uudecode (read only)
    * separate command-line compressors with fixed-signature auto-detection
    * xz and lzma (read and write using liblzma)
 .
 This package provides the libarchive shared library.

libarchive12-dbgsym: debug symbols for package libarchive12

 The libarchive library provides a flexible interface for reading and writing
 archives in various formats such as tar and cpio. libarchive also supports
 reading and writing archives compressed using various compression filters such
 as gzip and bzip2. The library is inherently stream-oriented; readers serially
 iterate through the archive, writers serially add things to the archive.
 .
 Archive formats supported are:
 .
    * tar (read and write, including GNU extensions)
    * pax (read and write, including GNU and star extensions)
    * cpio (read and write, including odc and newc variants)
    * iso9660 (read only, including Joliet and Rockridge extensions, with some
      limitations)
    * zip (read only, with some limitations, uses zlib)
    * mtree (read and write)
    * shar (write only)
    * ar (read and write, including BSD and GNU/SysV variants)
    * empty (read only; in particular, note that no other format will accept an
      empty file)
    * raw (read only)
    * xar (read only)
    * rar (read only, with some limitations)
    * 7zip (read and write, with some limitations)
 .
 Filters supported are:
 .
    * gzip (read and write, uses zlib)
    * bzip2 (read and write, uses bzlib)
    * compress (read and write, uses an internal implementation)
    * uudecode (read only)
    * separate command-line compressors with fixed-signature auto-detection
    * xz and lzma (read and write using liblzma)
 .
 This package provides the libarchive shared library.