-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 29 Nov 2018 18:31:17 +0100
Source: libarchive
Binary: libarchive-dev libarchive13 bsdtar bsdcpio
Architecture: source amd64
Version: 3.1.2-11+deb8u4
Distribution: jessie-security
Urgency: high
Maintainer: Debian Libarchive Maintainers <ah-libarchive@debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
bsdcpio - Implementation of the 'cpio' program from FreeBSD
bsdtar - Implementation of the 'tar' program from FreeBSD
libarchive-dev - Multi-format archive and compression library (development files)
libarchive13 - Multi-format archive and compression library (shared library)
Changes:
libarchive (3.1.2-11+deb8u4) jessie-security; urgency=high
.
* Non-maintainer upload by the LTS team.
* Fix the following security vulnerabilities:
CVE-2015-8915, CVE-2016-10209, CVE-2016-10349, CVE-2016-10350,
CVE-2016-8687, CVE-2016-8688, CVE-2016-8689, CVE-2017-14166,
CVE-2017-14501, CVE-2017-14502, CVE-2017-14503, CVE-2017-5601.
Multiple security vulnerabilities were found in libarchive, a
multi-format archive and compression library. Heap-based buffer over-reads,
NULL pointer dereferences and out-of-bounds reads allow remote attackers to
cause a denial-of-service (application crash) via specially crafted
archive files.
Checksums-Sha1:
9e35b9207eb792ab402208719fe5d5524ac53e37 2478 libarchive_3.1.2-11+deb8u4.dsc
c050fcc6e4a13334eaaee4c49c7fba3904d816ff 40212 libarchive_3.1.2-11+deb8u4.debian.tar.xz
283da740f7df538b7dd7700a1f1b3b32c6fb6b4e 434688 libarchive-dev_3.1.2-11+deb8u4_amd64.deb
9ea59ad8de3a1511210ee29758ac33cbe5abb0f1 270546 libarchive13_3.1.2-11+deb8u4_amd64.deb
2df1c818593d5e4ee1009dd67bf7e798d2e9a48a 54246 bsdtar_3.1.2-11+deb8u4_amd64.deb
4c8fa8c96d127ae4abb8fd0505f801f076f99e26 39760 bsdcpio_3.1.2-11+deb8u4_amd64.deb
Checksums-Sha256:
9d6b58a15aa47b31430e5ab66e7109930ea76f575fcfbcedde7f94ff6cae3589 2478 libarchive_3.1.2-11+deb8u4.dsc
cf947d4709166bd243e141990b080548f2bf6fe26d37ebc5d488e6a32a54d685 40212 libarchive_3.1.2-11+deb8u4.debian.tar.xz
e456ead09382464b54e26f53ab1e81147c3feca9711f3d88b122394d3cd534a5 434688 libarchive-dev_3.1.2-11+deb8u4_amd64.deb
bb897dfb0b8be0f82345000e575290e649e78a5f2cfa64d8e40615e3df4fcfa5 270546 libarchive13_3.1.2-11+deb8u4_amd64.deb
acf28552c58c02885b3d03d1586c2e6316b354e4a5c4a0e3be123f0f24e9f19c 54246 bsdtar_3.1.2-11+deb8u4_amd64.deb
e31ffde43e9ff0a79a2ac4c3b02f818c20fbfa92fafd65b551824eac825e14ec 39760 bsdcpio_3.1.2-11+deb8u4_amd64.deb
Files:
693cc47d76aff5c7bda4c278d7a5609c 2478 libs optional libarchive_3.1.2-11+deb8u4.dsc
1f66a19b77019148a88c524b47ec5b95 40212 libs optional libarchive_3.1.2-11+deb8u4.debian.tar.xz
e8db8a602f32cc51060506872d8c77ec 434688 libdevel optional libarchive-dev_3.1.2-11+deb8u4_amd64.deb
ce3a8f029779b5bf2fd58a2f59b80fc6 270546 libs optional libarchive13_3.1.2-11+deb8u4_amd64.deb
8c898dbf2775ea9c27bd0fcd2de3b0c5 54246 utils optional bsdtar_3.1.2-11+deb8u4_amd64.deb
ff983dd1efdb810738167a704e306e71 39760 utils optional bsdcpio_3.1.2-11+deb8u4_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlwAI5lfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkPbkQALILthocWTa0zwkaXH4ywzRShF8YOUvjISPq
Yn3hQiV7M68Fqk1ni41wubD8oWGL2edvPQu020H7QwjV8QTR4caimZgiSDtM7waW
YW0WOafe05vkR1KtJGiu6GObLveojjEQBbD0+bDxmi9c8WF8BBbsByo1rOomf+Rp
39gSnxKd6yzzLuhzw/fyBaGJIG1acvWXaS/cybEP8Zz87LoF9acQedAwAfwVRQiM
6i4H+9+bPoUlS7n19TiYRawUzcUxRtkwUJZKkrRKrY6ULh51/7ayyzclCiWyIioa
NtANCnVpS9kNEG8jheBNtXivboeojJXrET4q1tbOR815mN+y3DphjR9h4JBeoop0
Ke0yb0zzhEoniZJVJaM3uRLtDgVCIwUnPDjcXG9lKFHAF8QOIQ1LwOAWeWbM0oC0
Q6gvxqN165M3/av33OuGnMwvrc8WsdAF/Os/aRPWPCVJUsEdff0gSTwF6FkvFhM9
LS7rraJGfASQ8QmlSSN1nDlwc7cYVCD1tfzJq6nnRWxaGRxkwnALEAw08ignwryL
OITns56pyxLel9kNMMXyTX6t7+p4o55VLuZedWxNZwbrkQ75UPb9sSmFdWUCj2uL
UJwXE4Y6k8ZW/333AdgWUHbtCUMLXYV1MPCEOggX6dvxvM2eVBGjGoQ8v8sBxWO6
cp1R4yIe
=ArsF
-----END PGP SIGNATURE-----
