Format: 1.8 Date: Thu, 09 Mar 2017 11:01:45 -0500 Source: libarchive Binary: libarchive-dev libarchive13 bsdtar bsdcpio Architecture: powerpc Version: 3.1.2-11ubuntu0.16.04.3 Distribution: xenial Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: bsdcpio - Implementation of the 'cpio' program from FreeBSD bsdtar - Implementation of the 'tar' program from FreeBSD libarchive-dev - Multi-format archive and compression library (development files) libarchive13 - Multi-format archive and compression library (shared library) Changes: libarchive (3.1.2-11ubuntu0.16.04.3) xenial-security; urgency=medium . * SECURITY UPDATE: arbitrary file write via hardlink entries - debian/patches/CVE-2016-5418-1.patch: enforce sandbox with very long pathnames in libarchive/archive_write_disk_posix.c. - debian/patches/CVE-2016-5418-2.patch: fix path handling in libarchive/archive_write_disk_posix.c. - debian/patches/CVE-2016-5418-3.patch: add test cases to Makefile.am, libarchive/test/CMakeLists.txt, libarchive/test/main.c, libarchive/test/test.h, libarchive/test/test_write_disk_secure744.c, libarchive/test/test_write_disk_secure745.c, libarchive/test/test_write_disk_secure746.c. - debian/patches/CVE-2016-5418-4.patch: fix testcases in libarchive/test/test_write_disk_secure745.c, libarchive/test/test_write_disk_secure746.c. - debian/patches/CVE-2016-5418-5.patch: correct PATH_MAX usage in libarchive/archive_write_disk_posix.c. - CVE-2016-5418 * SECURITY UPDATE: denial of service and possible code execution when writing an ISO9660 archive - debian/patches/CVE-2016-6250.patch: check for overflow in libarchive/archive_write_set_format_iso9660.c. - CVE-2016-6250 * SECURITY UPDATE: denial of service via recursive decompression - debian/patches/CVE-2016-7166.patch: limit number of filters in libarchive/archive_read.c, added test to Makefile.am, libarchive/test/CMakeLists.txt, libarchive/test/test_read_too_many_filters.c, libarchive/test/test_read_too_many_filters.gz.uu. - CVE-2016-7166 * SECURITY UPDATE: denial of service via non-printable multibyte character in a filename - debian/patches/CVE-2016-8687.patch: expand buffer size in tar/util.c. - CVE-2016-8687 * SECURITY UPDATE: denial of service via multiple long lines - debian/patches/CVE-2016-8688.patch: fix bounds in libarchive/archive_read_support_format_mtree.c, added test to Makefile.am, libarchive/test/CMakeLists.txt, libarchive/test/test_read_format_mtree_crash747.c, libarchive/test/test_read_format_mtree_crash747.mtree.bz2.uu. - CVE-2016-8688 * SECURITY UPDATE: denial of service via multiple EmptyStream attributes - debian/patches/CVE-2016-8689.patch: reject files with multiple markers in libarchive/archive_read_support_format_7zip.c. - CVE-2016-8689 * SECURITY UPDATE: denial of service via invalid compressed file size - debian/patches/CVE-2017-5601.patch: add check to libarchive/archive_read_support_format_lha.c. - CVE-2017-5601 Checksums-Sha1: c90ed2bee3450677c2e1897a6c44b14910c39a2c 22130 bsdcpio-dbgsym_3.1.2-11ubuntu0.16.04.3_powerpc.ddeb d3dd43ac6216bfa924a777cfcef936a307a38d41 33886 bsdcpio_3.1.2-11ubuntu0.16.04.3_powerpc.deb 1ec35d614355f178799831c73487833743c31d5d 38104 bsdtar-dbgsym_3.1.2-11ubuntu0.16.04.3_powerpc.ddeb 10c2ef1fce6be107be8f4c1c264b9713ee81a894 47304 bsdtar_3.1.2-11ubuntu0.16.04.3_powerpc.deb d98ef9f4643041b3b6a6f096f9cb64634aca7164 406300 libarchive-dev_3.1.2-11ubuntu0.16.04.3_powerpc.deb 97432e2fe69fb12302a124b058717761d827ceac 532218 libarchive13-dbgsym_3.1.2-11ubuntu0.16.04.3_powerpc.ddeb 9d1454416cd0502adc271461bfab39faaaa91c31 246796 libarchive13_3.1.2-11ubuntu0.16.04.3_powerpc.deb Checksums-Sha256: 11edbce02c2d17ac1d4ee941f8043ff40708e2e3be193d8ed560190c9f751d02 22130 bsdcpio-dbgsym_3.1.2-11ubuntu0.16.04.3_powerpc.ddeb c7738b2eaec8d681fcb55bdd729e94ed01b8c3a75b9bbc44e5c1caeec8b59b11 33886 bsdcpio_3.1.2-11ubuntu0.16.04.3_powerpc.deb c805cddf7e815c34777a8a5d66aa5ef42770bab80ec9c6e807b38c1a39339979 38104 bsdtar-dbgsym_3.1.2-11ubuntu0.16.04.3_powerpc.ddeb b4ef8f12d7f62cd4a92352e87f2e3e4d4d6944e426aa4468b5095b51d84ab547 47304 bsdtar_3.1.2-11ubuntu0.16.04.3_powerpc.deb fa33f4031e44fdea4de72698a2420cd1ec6047ad4f0cea809054a11b8601c45f 406300 libarchive-dev_3.1.2-11ubuntu0.16.04.3_powerpc.deb a8fb7ca4b8286c94efd7f2b36bceab7197d18f215589790f3002944bd40f37e4 532218 libarchive13-dbgsym_3.1.2-11ubuntu0.16.04.3_powerpc.ddeb 6bf1751d237d04547884f889d9a1e797e7354800acf33ef1e5cf86c150111a42 246796 libarchive13_3.1.2-11ubuntu0.16.04.3_powerpc.deb Files: 5868acc71d787cb37284c4f4eecf5518 22130 utils extra bsdcpio-dbgsym_3.1.2-11ubuntu0.16.04.3_powerpc.ddeb f651cd8cd0a2daef3f23e4224474352c 33886 utils optional bsdcpio_3.1.2-11ubuntu0.16.04.3_powerpc.deb 3534e5149c6c12e803a741b99ed602c7 38104 utils extra bsdtar-dbgsym_3.1.2-11ubuntu0.16.04.3_powerpc.ddeb 276a45370b84355f54c5c0c308e90d6c 47304 utils optional bsdtar_3.1.2-11ubuntu0.16.04.3_powerpc.deb 3d5f46729fa985106cb8f4cc9ed098a3 406300 libdevel optional libarchive-dev_3.1.2-11ubuntu0.16.04.3_powerpc.deb a685ff8d43829f4f6f0c66774086fde3 532218 libs extra libarchive13-dbgsym_3.1.2-11ubuntu0.16.04.3_powerpc.ddeb b74df097c8bc924b5933d93d8c5d8e5b 246796 libs optional libarchive13_3.1.2-11ubuntu0.16.04.3_powerpc.deb Original-Maintainer: Debian Libarchive Maintainers