Format: 1.8
Date: Wed, 16 Feb 2022 09:59:13 -0500
Source: libarchive
Binary: libarchive-dev libarchive-tools libarchive13
Architecture: i386
Version: 3.4.0-2ubuntu1.1
Distribution: focal
Urgency: medium
Maintainer: Launchpad Build Daemon <buildd@lcy02-amd64-055.buildd>
Changed-By: Marc Deslauriers <marc.deslauriers@ubuntu.com>
Description:
 libarchive-dev - Multi-format archive and compression library (development files)
 libarchive-tools - FreeBSD implementations of 'tar' and 'cpio' and other archive too
 libarchive13 - Multi-format archive and compression library (shared library)
Changes:
 libarchive (3.4.0-2ubuntu1.1) focal-security; urgency=medium
 .
   * SECURITY UPDATE: extracting a symlink with ACLs modifies ACLs of target
     - debian/patches/CVE-2021-23177.patch: fix handling of symbolic link
       ACLs in libarchive/archive_disk_acl_freebsd.c,
       libarchive/archive_disk_acl_linux.c,
       libarchive/archive_disk_acl_sunos.c.
     - CVE-2021-23177
   * SECURITY UPDATE: symbolic links incorrectly followed
     - debian/patches/CVE-2021-31566-1.patch: do not follow symlinks when
       processing the fixup list in Makefile.am,
       libarchive/archive_write_disk_posix.c,
       libarchive/test/CMakeLists.txt,
       libarchive/test/test_write_disk_fixup.c.
     - debian/patches/CVE-2021-31566-2.patch: never follow symlinks when
       setting file flags on Linux in libarchive/archive_write_disk_posix.c.
     - debian/patches/CVE-2021-31566-3.patch: fix following symlinks when
       processing the fixup list in libarchive/archive_write_disk_posix.c,
       libarchive/test/test_write_disk_fixup.c.
     - debian/patches/CVE-2021-31566-4.patch: fix writing fflags broken in
       8a1bd5c in libarchive/archive_write_disk_posix.c.
     - CVE-2021-31566
   * SECURITY UPDATE: use-after-free in copy_string
     - debian/patches/CVE-2021-36976-pre1.patch: verify window size for
       solid files in Makefile.am,
       libarchive/archive_read_support_format_rar5.c,
       libarchive/test/test_read_format_rar5*.
     - debian/patches/CVE-2021-36976-pre2.patch: verify window size for
       multivolume archives in Makefile.am,
       libarchive/archive_read_support_format_rar5.c,
       libarchive/test/test_read_format_rar5*.
     - debian/patches/CVE-2021-36976-1.patch: fixed out of bounds read in
       some files in Makefile.am,
       libarchive/archive_read_support_format_rar5.c,
       libarchive/test/*.
     - debian/patches/CVE-2021-36976-2.patch: fix invalid memory access in
       some files in Makefile.am,
       libarchive/archive_read_support_format_rar5.c,
       libarchive/test/test_read_format_rar5.c, libarchive/test/*.
     - CVE-2021-36976
Checksums-Sha1:
 2804e9118a02d8946e78e3e6e249c76b01d13bd3 539420 libarchive-dev_3.4.0-2ubuntu1.1_i386.deb
 1560bf36a9a18e1d601aded57f9f9833e133a73a 82968 libarchive-tools-dbgsym_3.4.0-2ubuntu1.1_i386.ddeb
 2b0cd225783c97014a26588bde954e068e5b3ff3 60428 libarchive-tools_3.4.0-2ubuntu1.1_i386.deb
 d9c802090d7352b9cc06ab8c00536145965484b8 887076 libarchive13-dbgsym_3.4.0-2ubuntu1.1_i386.ddeb
 d655afb6974c2f6864e5f4dc96b77ffde0b1cfe8 368048 libarchive13_3.4.0-2ubuntu1.1_i386.deb
 e92ae2497e0ca2c389508bba1f8a4c6453f82205 7145 libarchive_3.4.0-2ubuntu1.1_i386.buildinfo
Checksums-Sha256:
 d085446301fb1ff28be432d0b453148f87d4d3128a37c75e47289e234ce517ae 539420 libarchive-dev_3.4.0-2ubuntu1.1_i386.deb
 30c81c4d261c4f7bae328505744d56912e625b7442cff728e88b5023fa758023 82968 libarchive-tools-dbgsym_3.4.0-2ubuntu1.1_i386.ddeb
 d1d78bad2363bac152ca652e68e8b4434585a2bdd4f76b4e9d4b26041c81f9f1 60428 libarchive-tools_3.4.0-2ubuntu1.1_i386.deb
 c1e087ab7ee461d0c1c1ee4ab21e6d67bd8d9fa7078983fbc4e160ef904c35fa 887076 libarchive13-dbgsym_3.4.0-2ubuntu1.1_i386.ddeb
 ad2a1f177f8c3c7cc88b05f4b633b40be0a8790c76b0ec87e4be05acddfd5d25 368048 libarchive13_3.4.0-2ubuntu1.1_i386.deb
 7622c9426fc60bc25d9c3d88ed07557685afa0ed16264a2ac5e4b9a118996bc9 7145 libarchive_3.4.0-2ubuntu1.1_i386.buildinfo
Files:
 b7129b956c1e08bcc20028a9ef612104 539420 libdevel optional libarchive-dev_3.4.0-2ubuntu1.1_i386.deb
 d21d7fc327680af1a1f7f33562061bea 82968 debug optional libarchive-tools-dbgsym_3.4.0-2ubuntu1.1_i386.ddeb
 8f8a2eecaf71dd1f4ae0e15eb51200b9 60428 utils optional libarchive-tools_3.4.0-2ubuntu1.1_i386.deb
 14ac7d10f973094cdd374a3a43e5bac6 887076 debug optional libarchive13-dbgsym_3.4.0-2ubuntu1.1_i386.ddeb
 01b93a06c731d1096bb2887578dffaef 368048 libs optional libarchive13_3.4.0-2ubuntu1.1_i386.deb
 c9ee1e6fc28570e7752a5bc6d0209415 7145 libs optional libarchive_3.4.0-2ubuntu1.1_i386.buildinfo
Original-Maintainer: Peter Pentchev <roam@debian.org>