libarchive 3.2.1-2ubuntu0.1 source package in Ubuntu
Changelog
libarchive (3.2.1-2ubuntu0.1) yakkety-security; urgency=medium
* SECURITY UPDATE: arbitrary file write via hardlink entries
- debian/patches/CVE-2016-5418-1.patch: enforce sandbox with very long
pathnames in libarchive/archive_write_disk_posix.c.
- debian/patches/CVE-2016-5418-2.patch: fix path handling in
libarchive/archive_write_disk_posix.c.
- debian/patches/CVE-2016-5418-3.patch: add test cases to Makefile.am,
libarchive/test/CMakeLists.txt, libarchive/test/main.c,
libarchive/test/test.h, libarchive/test/test_write_disk_secure744.c,
libarchive/test/test_write_disk_secure745.c,
libarchive/test/test_write_disk_secure746.c.
- debian/patches/CVE-2016-5418-4.patch: fix testcases in
libarchive/test/test_write_disk_secure745.c,
libarchive/test/test_write_disk_secure746.c.
- debian/patches/CVE-2016-5418-5.patch: correct PATH_MAX usage in
libarchive/archive_write_disk_posix.c.
- CVE-2016-5418
* SECURITY UPDATE: denial of service via non-printable multibyte
character in a filename
- debian/patches/CVE-2016-8687.patch: expand buffer size in tar/util.c.
- CVE-2016-8687
* SECURITY UPDATE: denial of service via multiple long lines
- debian/patches/CVE-2016-8688.patch: fix bounds in
libarchive/archive_read_support_format_mtree.c, added test to
Makefile.am, libarchive/test/CMakeLists.txt,
libarchive/test/test_read_format_mtree_crash747.c,
libarchive/test/test_read_format_mtree_crash747.mtree.bz2.uu.
- CVE-2016-8688
* SECURITY UPDATE: denial of service via multiple EmptyStream attributes
- debian/patches/CVE-2016-8689.patch: reject files with multiple
markers in libarchive/archive_read_support_format_7zip.c.
- CVE-2016-8689
* SECURITY UPDATE: denial of service via invalid compressed file size
- debian/patches/CVE-2017-5601.patch: add check to
libarchive/archive_read_support_format_lha.c.
- CVE-2017-5601
-- Marc Deslauriers <email address hidden> Thu, 09 Mar 2017 10:35:20 -0500
Upload details
- Uploaded by:
- Marc Deslauriers
- Uploaded to:
- Yakkety
- Original maintainer:
- Ubuntu Developers
- Architectures:
- any all
- Section:
- libs
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| libarchive_3.2.1.orig.tar.gz | 5.2 MiB | 72ee1a4e3fd534525f13a0ba1aa7b05b203d186e0c6072a8a4738649d0b3cfd2 |
| libarchive_3.2.1-2ubuntu0.1.debian.tar.xz | 24.6 KiB | d45eb072dbe42f9342e225e125b8dee9571e92a2c6b641f06d4b03b0c0071faa |
| libarchive_3.2.1-2ubuntu0.1.dsc | 2.5 KiB | 9a135efa1b810ebce1ae5a2ba5f27a9b7147ac1be7df8d41b1b04899cdde4a3f |
Available diffs
Binary packages built by this source
- bsdcpio: No summary available for bsdcpio in ubuntu yakkety.
No description available for bsdcpio in ubuntu yakkety.
- bsdtar: No summary available for bsdtar in ubuntu yakkety.
No description available for bsdtar in ubuntu yakkety.
- libarchive-dev: No summary available for libarchive-dev in ubuntu yakkety.
No description available for libarchive-dev in ubuntu yakkety.
- libarchive-tools: No summary available for libarchive-tools in ubuntu yakkety.
No description available for libarchive-tools in ubuntu yakkety.
- libarchive-tools-dbgsym: No summary available for libarchive-tools-dbgsym in ubuntu yakkety.
No description available for libarchive-
tools-dbgsym in ubuntu yakkety.
- libarchive13: No summary available for libarchive13 in ubuntu yakkety.
No description available for libarchive13 in ubuntu yakkety.
- libarchive13-dbgsym: No summary available for libarchive13-dbgsym in ubuntu yakkety.
No description available for libarchive13-dbgsym in ubuntu yakkety.
