libarchive 3.4.3-2ubuntu0.1 source package in Ubuntu
Changelog
libarchive (3.4.3-2ubuntu0.1) impish-security; urgency=medium
* SECURITY UPDATE: extracting a symlink with ACLs modifies ACLs of target
- debian/patches/CVE-2021-23177.patch: fix handling of symbolic link
ACLs in libarchive/archive_disk_acl_freebsd.c,
libarchive/archive_disk_acl_linux.c,
libarchive/archive_disk_acl_sunos.c.
- CVE-2021-23177
* SECURITY UPDATE: symbolic links incorrectly followed
- debian/patches/CVE-2021-31566-1.patch: do not follow symlinks when
processing the fixup list in Makefile.am,
libarchive/archive_write_disk_posix.c,
libarchive/test/CMakeLists.txt,
libarchive/test/test_write_disk_fixup.c.
- debian/patches/CVE-2021-31566-2.patch: never follow symlinks when
setting file flags on Linux in libarchive/archive_write_disk_posix.c.
- debian/patches/CVE-2021-31566-3.patch: fix following symlinks when
processing the fixup list in libarchive/archive_write_disk_posix.c,
libarchive/test/test_write_disk_fixup.c.
- debian/patches/CVE-2021-31566-4.patch: fix writing fflags broken in
8a1bd5c in libarchive/archive_write_disk_posix.c.
- CVE-2021-31566
* SECURITY UPDATE: use-after-free in copy_string
- debian/patches/CVE-2021-36976-1.patch: fixed out of bounds read in
some files in Makefile.am,
libarchive/archive_read_support_format_rar5.c,
libarchive/test/*.
- debian/patches/CVE-2021-36976-2.patch: fix invalid memory access in
some files in Makefile.am,
libarchive/archive_read_support_format_rar5.c,
libarchive/test/test_read_format_rar5.c, libarchive/test/*.
- CVE-2021-36976
-- Marc Deslauriers <email address hidden> Wed, 16 Feb 2022 08:27:55 -0500
Upload details
- Uploaded by:
- Marc Deslauriers
- Uploaded to:
- Impish
- Original maintainer:
- Ubuntu Developers
- Architectures:
- any
- Section:
- libs
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| libarchive_3.4.3.orig.tar.xz | 4.6 MiB | 0bfc3fd40491768a88af8d9b86bf04a9e95b6d41a94f9292dbc0ec342288c05f |
| libarchive_3.4.3.orig.tar.xz.asc | 833 bytes | e43bdc701140383c9e4d90070a684026c05407c95b8fa26a71b20f19a704df89 |
| libarchive_3.4.3-2ubuntu0.1.debian.tar.xz | 34.2 KiB | 9a4d4bb157d698a8ea22f0eacd45a7d7cc58741dd4ebb418a447927e64310e03 |
| libarchive_3.4.3-2ubuntu0.1.dsc | 2.6 KiB | 40aa95e0ae4cc81321c93c028ed1c72e34fa27ccd633337df6e03c396f326957 |
Available diffs
Binary packages built by this source
- libarchive-dev: No summary available for libarchive-dev in ubuntu impish.
No description available for libarchive-dev in ubuntu impish.
- libarchive-tools: No summary available for libarchive-tools in ubuntu impish.
No description available for libarchive-tools in ubuntu impish.
- libarchive-tools-dbgsym: No summary available for libarchive-tools-dbgsym in ubuntu impish.
No description available for libarchive-
tools-dbgsym in ubuntu impish.
- libarchive13: No summary available for libarchive13 in ubuntu impish.
No description available for libarchive13 in ubuntu impish.
- libarchive13-dbgsym: No summary available for libarchive13-dbgsym in ubuntu impish.
No description available for libarchive13-dbgsym in ubuntu impish.
