This bug was fixed in the package libarchive - 3.6.0-1ubuntu1
---------------
libarchive (3.6.0-1ubuntu1) jammy; urgency=medium
* Sync with Debian. (LP: #1967127)
- Includes upstream fixes for CVE-2021-36976
* debian/rules: fix broken check for nocheck DEB_BUILD_OPTION
* SECURITY UPDATE: possible out-of-bounds read
- Cherry-pick CVE-2022-26280.patch to fix zipx_lzma_alone_init()
- CVE-2022-26280
libarchive (3.6.0-1) unstable; urgency=medium
* New upstream version (Closes: #1007120):
- update the upstream copyright information
- drop some patches that were taken from the upstream source:
- lzip-large-dict
- upstream-fix-32bit-size-cast
- upstream-fixup-file-flags
- upstream-fixup-symlinks
- add another spelling correction to the typos patch
- update the line numbers in the typos patch
* Add the year 2022 to my debian/* copyright notice.
* Reorder the copyright file so that it makes sense.
-- Jeremy Bicha <[email protected]> Wed, 06 Apr 2022 16:33:16 -0400
** Changed in: libarchive (Ubuntu)
Status: Fix Committed => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-36976
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-26280
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1967127
Title:
[FFe] update libarchive to 3.6.0
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/evince/+bug/1967127/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
