Format: 1.8 Date: Thu, 09 Mar 2017 11:01:45 -0500 Source: libarchive Binary: libarchive-dev libarchive13 bsdtar bsdcpio Architecture: arm64 Version: 3.1.2-11ubuntu0.16.04.3 Distribution: xenial Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: bsdcpio - Implementation of the 'cpio' program from FreeBSD bsdtar - Implementation of the 'tar' program from FreeBSD libarchive-dev - Multi-format archive and compression library (development files) libarchive13 - Multi-format archive and compression library (shared library) Changes: libarchive (3.1.2-11ubuntu0.16.04.3) xenial-security; urgency=medium . * SECURITY UPDATE: arbitrary file write via hardlink entries - debian/patches/CVE-2016-5418-1.patch: enforce sandbox with very long pathnames in libarchive/archive_write_disk_posix.c. - debian/patches/CVE-2016-5418-2.patch: fix path handling in libarchive/archive_write_disk_posix.c. - debian/patches/CVE-2016-5418-3.patch: add test cases to Makefile.am, libarchive/test/CMakeLists.txt, libarchive/test/main.c, libarchive/test/test.h, libarchive/test/test_write_disk_secure744.c, libarchive/test/test_write_disk_secure745.c, libarchive/test/test_write_disk_secure746.c. - debian/patches/CVE-2016-5418-4.patch: fix testcases in libarchive/test/test_write_disk_secure745.c, libarchive/test/test_write_disk_secure746.c. - debian/patches/CVE-2016-5418-5.patch: correct PATH_MAX usage in libarchive/archive_write_disk_posix.c. - CVE-2016-5418 * SECURITY UPDATE: denial of service and possible code execution when writing an ISO9660 archive - debian/patches/CVE-2016-6250.patch: check for overflow in libarchive/archive_write_set_format_iso9660.c. - CVE-2016-6250 * SECURITY UPDATE: denial of service via recursive decompression - debian/patches/CVE-2016-7166.patch: limit number of filters in libarchive/archive_read.c, added test to Makefile.am, libarchive/test/CMakeLists.txt, libarchive/test/test_read_too_many_filters.c, libarchive/test/test_read_too_many_filters.gz.uu. - CVE-2016-7166 * SECURITY UPDATE: denial of service via non-printable multibyte character in a filename - debian/patches/CVE-2016-8687.patch: expand buffer size in tar/util.c. - CVE-2016-8687 * SECURITY UPDATE: denial of service via multiple long lines - debian/patches/CVE-2016-8688.patch: fix bounds in libarchive/archive_read_support_format_mtree.c, added test to Makefile.am, libarchive/test/CMakeLists.txt, libarchive/test/test_read_format_mtree_crash747.c, libarchive/test/test_read_format_mtree_crash747.mtree.bz2.uu. - CVE-2016-8688 * SECURITY UPDATE: denial of service via multiple EmptyStream attributes - debian/patches/CVE-2016-8689.patch: reject files with multiple markers in libarchive/archive_read_support_format_7zip.c. - CVE-2016-8689 * SECURITY UPDATE: denial of service via invalid compressed file size - debian/patches/CVE-2017-5601.patch: add check to libarchive/archive_read_support_format_lha.c. - CVE-2017-5601 Checksums-Sha1: bd2dc67eb319b6b11a99821ee7555f920a44fa69 23062 bsdcpio-dbgsym_3.1.2-11ubuntu0.16.04.3_arm64.ddeb 158fe51f346c181fdb5ba34ac90937ff0a54a429 32894 bsdcpio_3.1.2-11ubuntu0.16.04.3_arm64.deb 1d1901e2fa64450fdf7c6cce3b48f833a2228ec5 40044 bsdtar-dbgsym_3.1.2-11ubuntu0.16.04.3_arm64.ddeb 58a561ec9e7183e8522dd1f1791139ce40b80c2a 46230 bsdtar_3.1.2-11ubuntu0.16.04.3_arm64.deb fa0e269c7e6d5d75c9608a211425ab23223948ea 392952 libarchive-dev_3.1.2-11ubuntu0.16.04.3_arm64.deb c6e8085c9786cf0f4608080a0378d947a005bc7c 547900 libarchive13-dbgsym_3.1.2-11ubuntu0.16.04.3_arm64.ddeb 39064ab8ecd92123c566313fd2c8f9e1146791eb 217294 libarchive13_3.1.2-11ubuntu0.16.04.3_arm64.deb Checksums-Sha256: 83b23308da64b5e1ac75cbec867fc3eac03bf3f28ba3660abeaa984162f2c1c8 23062 bsdcpio-dbgsym_3.1.2-11ubuntu0.16.04.3_arm64.ddeb e15725538c34f012c5d47faf012bc090f25039797d3d1aaad4db34cf7178e91e 32894 bsdcpio_3.1.2-11ubuntu0.16.04.3_arm64.deb 2af9ca41406818482b7c2c25974f50fcd068c401f286795442cb628b63333dbf 40044 bsdtar-dbgsym_3.1.2-11ubuntu0.16.04.3_arm64.ddeb 681be431ee6b2763d5bd3eaeb19c20526daf10f9e186e4c1acd3fbf4915e18f3 46230 bsdtar_3.1.2-11ubuntu0.16.04.3_arm64.deb 32a15f0b87f21d2537ebce5347eeff9b43425dcfe2ed363c8b7f61e65a88a9bf 392952 libarchive-dev_3.1.2-11ubuntu0.16.04.3_arm64.deb ac4e8620f986633b38be9d251daf5e31ed8f681fb0701947c67a71076a15dad5 547900 libarchive13-dbgsym_3.1.2-11ubuntu0.16.04.3_arm64.ddeb 494573513039b057f469d61fd8763450a5c96f7d2ec9e946c6115988714e3c06 217294 libarchive13_3.1.2-11ubuntu0.16.04.3_arm64.deb Files: 4491c0c7a375cca5fd45f770ed7f9ff4 23062 utils extra bsdcpio-dbgsym_3.1.2-11ubuntu0.16.04.3_arm64.ddeb 9dd55f2661989a287f9f87d9bbcdf76b 32894 utils optional bsdcpio_3.1.2-11ubuntu0.16.04.3_arm64.deb 67f3b13006fb9eac8942508722dadc45 40044 utils extra bsdtar-dbgsym_3.1.2-11ubuntu0.16.04.3_arm64.ddeb d177351e34c9f178c4498c9c1537e2c6 46230 utils optional bsdtar_3.1.2-11ubuntu0.16.04.3_arm64.deb 162d0233f5e0292a5f16a7ca4b226f00 392952 libdevel optional libarchive-dev_3.1.2-11ubuntu0.16.04.3_arm64.deb 69f9292e09cbb206963c96d9d93492d7 547900 libs extra libarchive13-dbgsym_3.1.2-11ubuntu0.16.04.3_arm64.ddeb 2d9d5f938a167957855a5947c1a89177 217294 libs optional libarchive13_3.1.2-11ubuntu0.16.04.3_arm64.deb Original-Maintainer: Debian Libarchive Maintainers