-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : libarchive Version : 3.0.4-3+wheezy4 CVE ID : CVE-2016-5418 Debian Bug : 837714
It was found that libarchive mishandled hardlink archive entries of non-zero data size, possibly allowing remote attackers to to write to arbitrary files via especially crafted archives. For Debian 7 "Wheezy", these problems have been fixed in version 3.0.4-3+wheezy4. We recommend that you upgrade your libarchive packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIcBAEBCAAGBQJYA1d3AAoJEJ1GxIjkNoMCDS0P/iOz0wc16JBLE5ZRAwpn8EI/ cDvL7/wRpTieCK9deA7hBVMOxqb2dlOuofk+SPu9dtFtPiT/XTD52DE/sEkHIl76 vA1mPzWix5rOAJlxw/FO1s0cYI9FeiTOf/h7HriUmhxUuI+32QkswCHkLwMl4MFo nEKXEKLCPhdahb8ptX54pMkoE7SkOHj5tOiy8rsZ8O6tfomoMbVOMOYgPuLcKF2D ujgXfmnGmuuJkgkUvFR+Nn9dMVPm4R3o41zrxpsUZtdoP/puMObeqgrEH+3jbMqQ CcPaMJRg5x410xJjSNmulga1O+0Yxrnh0um+pHHK0vbu/NPznIMXk1jxzc4pee+a Tbo5bkLLkVxVfLCzUa7VYyACUY9IUQ+VP9+KVzawyx7HlxE/LUOCmt7lHMgmIX08 xCr0Pm+fMM18VJ+wzHR0P8SjHJMN28fhvRzUhNd++jo0JgoHgGh/5toNR5v+f08v dj6JAJf6+aArM4lclxjARzQ7pWokm22tzCVg+sQN8mAfvCQsZLIQi5IBBKePCK40 cAXt3J5kDaNcoUihj5fipepRuRLlT6fSUtNf53V4zLdjytFnb9RWsSSNGZum+FpJ 8BYWXQBGw2/4B+/Kir11PdLnVqY+FtSuhCwghvX3zsef1aoBsr++c7LFYVevekuA HnBIy/oG/TTzqdsyhybF =BBkY -----END PGP SIGNATURE-----