libarchive (3.1.2-11ubuntu1) yakkety; urgency=medium
* SECURITY UPDATE: code execution via incorrect compressed size
- debian/patches/CVE-2016-1541.patch: check sizes in
libarchive/archive_read_support_format_zip.c.
- CVE-2016-1541
* SECURITY UPDATE: denial of service via malformed cpio archive
- debian/patches/issue502.patch: fix implicit cast in
libarchive/archive_read_support_format_cpio.c, reject attempts to
move the file pointer by a negative amount in
libarchive/archive_read.c.
- CVE number pending.
Date: Fri, 13 May 2016 09:24:48 -0400
Changed-By: Marc Deslauriers <[email protected]>
Maintainer: Ubuntu Developers <[email protected]>
https://launchpad.net/ubuntu/+source/libarchive/3.1.2-11ubuntu1
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 13 May 2016 09:24:48 -0400
Source: libarchive
Binary: libarchive-dev libarchive13 bsdtar bsdcpio
Architecture: source
Version: 3.1.2-11ubuntu1
Distribution: yakkety
Urgency: medium
Maintainer: Ubuntu Developers <[email protected]>
Changed-By: Marc Deslauriers <[email protected]>
Description:
bsdcpio - Implementation of the 'cpio' program from FreeBSD
bsdtar - Implementation of the 'tar' program from FreeBSD
libarchive-dev - Multi-format archive and compression library (development
files)
libarchive13 - Multi-format archive and compression library (shared library)
Changes:
libarchive (3.1.2-11ubuntu1) yakkety; urgency=medium
.
* SECURITY UPDATE: code execution via incorrect compressed size
- debian/patches/CVE-2016-1541.patch: check sizes in
libarchive/archive_read_support_format_zip.c.
- CVE-2016-1541
* SECURITY UPDATE: denial of service via malformed cpio archive
- debian/patches/issue502.patch: fix implicit cast in
libarchive/archive_read_support_format_cpio.c, reject attempts to
move the file pointer by a negative amount in
libarchive/archive_read.c.
- CVE number pending.
Checksums-Sha1:
132b74a88a33d3a1e90c9c201de54c61f11efbcd 2392 libarchive_3.1.2-11ubuntu1.dsc
0e7718923c9333362b4627d45e9c8193d66341a4 16092
libarchive_3.1.2-11ubuntu1.debian.tar.xz
Checksums-Sha256:
3142b39b23a41dc48cf6326f92b114e473faf98089f4db4528e8022e0fd145a9 2392
libarchive_3.1.2-11ubuntu1.dsc
16014b001ca710fc05eb71f4ec66e88fdf1c6ce172567790997318fee7f2d987 16092
libarchive_3.1.2-11ubuntu1.debian.tar.xz
Files:
e24defddce8eccfe3bc889bece3af1bc 2392 libs optional
libarchive_3.1.2-11ubuntu1.dsc
abc06a2ac78602002ab724b2f62eb45b 16092 libs optional
libarchive_3.1.2-11ubuntu1.debian.tar.xz
Original-Maintainer: Debian Libarchive Maintainers <[email protected]>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJXNd9JAAoJEGVp2FWnRL6TaFQP/1NO3icuSseOLlgNHiyjPRq8
A9cd4sxRII3lp5O9723VyJGHwqYb7Dg0D2w4/Zwmmaq5t9bRG/n32sISlwHXGnPU
0wYbASgouUJzsXfsxxVTwLOJfohC74FbW5a88P7EBdc6P7r+kuumDtNuibyGs2c8
R+rPYh7c0JPfZnvRWwyFDG2bQoubrUjkhDeAnTX2UOMIzCpLevSHoFdVqdJ2pdRF
l4QI9j4qDA7H5Em2i/46kLAPz/T4YNIdJ7vO63AWvCTFm8AfyBuy8JgW77FK0ktZ
birySo9PkEoD2cgh668xhVTd/L3covaL8JDcH/tP+McglVgPlW8+fVGIeiAsT+AB
b1hA8ms10LwsHeowlG7Znq8zdNhgRxLE5+L1pHV7QV13uCp8prD+OTpKBenqogMD
AkNoKoRacMs3hZD7QeWqX84Hr2TgoVMaq4tNFeIXXnGdo/76pNqrCBdLdf9AaJRy
RUwlrMhFde1XEYOa23AXegjmCR5i3A1zTd9azZ7XFldVsw6iUlmXMD4aCbO1JAx8
kaTr1NZ71lcMLAzF+CTyOlI6kSe7IZcnmqrhBBBuBo/LAlln4Bwj8vJ+AtkPRykZ
4200DsSEdEP0EGuzDgZYcfbalrxZUXLsbr2lDePeMQzT54hXhn8DnofdPuls1iUY
fLfSuGwxvMkJAs7DlEzh
=iq1k
-----END PGP SIGNATURE-----
--
Yakkety-changes mailing list
[email protected]
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/yakkety-changes
