Format: 1.8 Date: Wed, 16 Feb 2022 09:59:13 -0500 Source: libarchive Binary: libarchive-dev libarchive-tools libarchive13 Architecture: armhf Version: 3.4.0-2ubuntu1.1 Distribution: focal Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: libarchive-dev - Multi-format archive and compression library (development files) libarchive-tools - FreeBSD implementations of 'tar' and 'cpio' and other archive too libarchive13 - Multi-format archive and compression library (shared library) Changes: libarchive (3.4.0-2ubuntu1.1) focal-security; urgency=medium . * SECURITY UPDATE: extracting a symlink with ACLs modifies ACLs of target - debian/patches/CVE-2021-23177.patch: fix handling of symbolic link ACLs in libarchive/archive_disk_acl_freebsd.c, libarchive/archive_disk_acl_linux.c, libarchive/archive_disk_acl_sunos.c. - CVE-2021-23177 * SECURITY UPDATE: symbolic links incorrectly followed - debian/patches/CVE-2021-31566-1.patch: do not follow symlinks when processing the fixup list in Makefile.am, libarchive/archive_write_disk_posix.c, libarchive/test/CMakeLists.txt, libarchive/test/test_write_disk_fixup.c. - debian/patches/CVE-2021-31566-2.patch: never follow symlinks when setting file flags on Linux in libarchive/archive_write_disk_posix.c. - debian/patches/CVE-2021-31566-3.patch: fix following symlinks when processing the fixup list in libarchive/archive_write_disk_posix.c, libarchive/test/test_write_disk_fixup.c. - debian/patches/CVE-2021-31566-4.patch: fix writing fflags broken in 8a1bd5c in libarchive/archive_write_disk_posix.c. - CVE-2021-31566 * SECURITY UPDATE: use-after-free in copy_string - debian/patches/CVE-2021-36976-pre1.patch: verify window size for solid files in Makefile.am, libarchive/archive_read_support_format_rar5.c, libarchive/test/test_read_format_rar5*. - debian/patches/CVE-2021-36976-pre2.patch: verify window size for multivolume archives in Makefile.am, libarchive/archive_read_support_format_rar5.c, libarchive/test/test_read_format_rar5*. - debian/patches/CVE-2021-36976-1.patch: fixed out of bounds read in some files in Makefile.am, libarchive/archive_read_support_format_rar5.c, libarchive/test/*. - debian/patches/CVE-2021-36976-2.patch: fix invalid memory access in some files in Makefile.am, libarchive/archive_read_support_format_rar5.c, libarchive/test/test_read_format_rar5.c, libarchive/test/*. - CVE-2021-36976 Checksums-Sha1: 4488c3486225389d1d02197221db42e75499abac 460248 libarchive-dev_3.4.0-2ubuntu1.1_armhf.deb 69f579e1d975e49d67abb6b486cfb5bef7e740a2 90388 libarchive-tools-dbgsym_3.4.0-2ubuntu1.1_armhf.ddeb df73dc905f345f4f46b925fc37b89c39a34ab1ba 52580 libarchive-tools_3.4.0-2ubuntu1.1_armhf.deb e96921f1fe60ca26286ca66e4064a74398537318 959264 libarchive13-dbgsym_3.4.0-2ubuntu1.1_armhf.ddeb ddaffc0b41a09534a5b9caef8da584d67ffcb79a 290524 libarchive13_3.4.0-2ubuntu1.1_armhf.deb 2a90d148d7321f37b52c3a280acacdbac470cc39 7090 libarchive_3.4.0-2ubuntu1.1_armhf.buildinfo Checksums-Sha256: de3298da11b98ee2aaaf2718409d3b4515747edfcae11b4124a0dca0e797e985 460248 libarchive-dev_3.4.0-2ubuntu1.1_armhf.deb 216cc40cf8567d0966c677ea10ebd95dbfe42f8ffa7f98971c160c4d0181f656 90388 libarchive-tools-dbgsym_3.4.0-2ubuntu1.1_armhf.ddeb 7b15addc55b68aa0a158c4aafde0cc6be74d9558fdf9ea715c40048804062929 52580 libarchive-tools_3.4.0-2ubuntu1.1_armhf.deb 4b6f74287c8ac238e3077b5026944c27aa265520c2f151ab8cc351cef4d96c1c 959264 libarchive13-dbgsym_3.4.0-2ubuntu1.1_armhf.ddeb d69a1be67913983c3ed82fb2390759521acdd2395394529c321a4394641bed80 290524 libarchive13_3.4.0-2ubuntu1.1_armhf.deb c60047b6b2a44cd6a376004543a6513ddcaa38e77cd168ff111bafebc66c85ee 7090 libarchive_3.4.0-2ubuntu1.1_armhf.buildinfo Files: 952b047ab49fc6e49269e3fe09c77c73 460248 libdevel optional libarchive-dev_3.4.0-2ubuntu1.1_armhf.deb 0a7d68b941550676acee084a8b1a4b55 90388 debug optional libarchive-tools-dbgsym_3.4.0-2ubuntu1.1_armhf.ddeb b76aa7400092055563b752e6d682125d 52580 utils optional libarchive-tools_3.4.0-2ubuntu1.1_armhf.deb aedc35b7fad390a961807fe28b62f707 959264 debug optional libarchive13-dbgsym_3.4.0-2ubuntu1.1_armhf.ddeb 41e44fac9a7a261cfda0d4234716e5c1 290524 libs optional libarchive13_3.4.0-2ubuntu1.1_armhf.deb 9eac8068bdc156e87ceb909b3bb291d1 7090 libs optional libarchive_3.4.0-2ubuntu1.1_armhf.buildinfo Original-Maintainer: Peter Pentchev