-
libarchive (3.2.2-3.1ubuntu0.7) bionic-security; urgency=medium
* Add metadata support to fix issues with gnome-autoar security update
(LP: #1929304)
- debian/patches/metadata_support.patch: support reading metadata from
compressed files.
-- Marc Deslauriers <email address hidden> Fri, 04 Jun 2021 10:37:49 -0400
-
libarchive (3.2.2-3.1ubuntu0.6) bionic-security; urgency=medium
* SECURITY UPDATE: Out-of-read and Denial of service
- debian/patches/CVE-2019-19221.patch: Bugfix and optimize
archive_wstring_append_from_mbs() in libarchive/archive_string.c.
- CVE-2019-19221
-- <email address hidden> (Leonidas S. Barbosa) Thu, 20 Feb 2020 14:46:13 -0300
-
libarchive (3.2.2-3.1ubuntu0.5) bionic-security; urgency=medium
* SECURITY UPDATE: Use-after-free
- debian/patches/CVE-2019-18408.patch: RAR reader: fix use after free
in libarchive/archive_read_support_format_rar.c.
- CVE-2019-18408
-- <email address hidden> (Leonidas S. Barbosa) Mon, 28 Oct 2019 10:50:50 -0300
-
libarchive (3.2.2-3.1ubuntu0.4) bionic; urgency=medium
* debian/patches/git_zip_directories.patch:
- backport a fix for an issue where files are created instead of
directories (lp: #1830629)
-- Sebastien Bacher <email address hidden> Fri, 28 Jun 2019 21:20:28 +0200
-
libarchive (3.2.2-3.1ubuntu0.3) bionic-security; urgency=medium
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2019-1000019.patch: fix in
libarchive/archive_read_support_format_7zip.c.
- CVE-2019-1000019
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2019-1000020.patch: fix in
libarchive/archive_read_support_format_iso9660.c.
- CVE-2019-1000020
-- <email address hidden> (Leonidas S. Barbosa) Wed, 06 Feb 2019 08:54:50 -0300
-
libarchive (3.2.2-3.1ubuntu0.2) bionic-security; urgency=medium
* SECURITY UPDATE: Out-of-bounds read
- debian/patches/CVE-2017-14502.patch: fix in
libarchive/archive_read_support_format_rar.c.
- CVE-2017-14502
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2018-1000877.patch: fix in
libarchive/archive_read_support_format_rar.c.
- CVE-2018-1000877
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2018-1000878.patch: fix in
libarchive/archive_read_support_format_rar.c.
- CVE-2018-1000878
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2018-1000880.patch: fix in
libarchive/archive_read_support_format_warc.c.
- CVE-2018-1000880
-- <email address hidden> (Leonidas S. Barbosa) Mon, 14 Jan 2019 09:53:14 -0300
-
libarchive (3.2.2-3.1ubuntu0.1) bionic-security; urgency=medium
* SECURITY UPDATE: Out-of-bounds read
- debian/patches/CVE-2017-14501.patch: fix in
libarchive/archive_read_support_format_iso9660.c.
- CVE-2017-14501
* SECURITY UPDATE: Out-of-bounds read
- debian/patches/CVE-2017-14503.patch: fix in
libarchive/archive_read_support_format_lha.c.
- CVE-2017-14503
-- <email address hidden> (Leonidas S. Barbosa) Tue, 07 Aug 2018 15:23:21 -0300
-
libarchive (3.2.2-3.1) unstable; urgency=high
* Non-maintainer upload.
* Reupload 3.2.2-2.1 on top of 3.2.2-3
* archive_strncat_l(): allocate and do not convert if length == 0
(CVE-2016-10209) (Closes: #859456)
* Reread the CAB header skipping the self-extracting binary code
(CVE-2016-10349, CVE-2016-10350) (Closes: #861609)
* Do something sensible for empty strings to make fuzzers happy
(CVE-2017-14166)
Fixes heap-based buffer over-read in the atol8 function. (Closes: #874539)
-- Salvatore Bonaccorso <email address hidden> Thu, 14 Sep 2017 16:02:10 +0200