-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 21 Dec 2018 22:24:50 +0100 Source: libarchive Binary: libarchive-dev libarchive13 bsdtar bsdcpio Architecture: source amd64 Version: 3.1.2-11+deb8u6 Distribution: jessie-security Urgency: high Maintainer: Debian Libarchive Maintainers <ah-libarchive@debian.org> Changed-By: Markus Koschany <apo@debian.org> Description: bsdcpio - Implementation of the 'cpio' program from FreeBSD bsdtar - Implementation of the 'tar' program from FreeBSD libarchive-dev - Multi-format archive and compression library (development files) libarchive13 - Multi-format archive and compression library (shared library) Changes: libarchive (3.1.2-11+deb8u6) jessie-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix CVE-2018-1000877 and CVE-2018-1000878: Daniel Axtens discovered a double-free and use-after-free vulnerability in libarchive's RAR decoder that can result in a denial-of-service (application crash) or may have other unspecified impact when a malformed RAR archive is processed. Checksums-Sha1: 589f03cfd9fa1530fc06f1d535149f61c318712a 2478 libarchive_3.1.2-11+deb8u6.dsc 20ef768dfe86bdce78b05aaac2588cf39049e23f 41104 libarchive_3.1.2-11+deb8u6.debian.tar.xz d4e25525725fa27260b0c8e1639751931d431ddd 435030 libarchive-dev_3.1.2-11+deb8u6_amd64.deb b8437bb8efa1e54ad9f2b7ae22c913f36cafa6d9 271164 libarchive13_3.1.2-11+deb8u6_amd64.deb fed4361be1e157926451e844aba060d6740909d6 54458 bsdtar_3.1.2-11+deb8u6_amd64.deb 3156f4d83548f70713d411e8389d4f90ec9f7a84 40024 bsdcpio_3.1.2-11+deb8u6_amd64.deb Checksums-Sha256: 38deb2c4c25602111e9f8906860d557855c2eaa0c732f765cf9390709e1c84ca 2478 libarchive_3.1.2-11+deb8u6.dsc 308e29d84eb5f140c4a6aa9942f4c48c4d8a4f3b5cd6fc2780f6b5e13f65032f 41104 libarchive_3.1.2-11+deb8u6.debian.tar.xz 07e353f785dfb3b23d6bcd1aa017d8c0b50f2db318e7dd7ed84eef05f501606a 435030 libarchive-dev_3.1.2-11+deb8u6_amd64.deb 5577570095336e291e8b194af38a25d77fc68ed1730f00d0f14f7726013a7a2e 271164 libarchive13_3.1.2-11+deb8u6_amd64.deb d3168b4b3e6f77cf211c0914badd90b4b9ebe7dc42506b3e88ffdbb8f04138c9 54458 bsdtar_3.1.2-11+deb8u6_amd64.deb f0d5611e1c30532ac33784d2df769bf07a3cf13f346fce6e252e575970ceeff8 40024 bsdcpio_3.1.2-11+deb8u6_amd64.deb Files: ecacea1ddc66cbbe9b37fb43923123be 2478 libs optional libarchive_3.1.2-11+deb8u6.dsc f7e5d1ffa6b524f6f81e13723dd4044b 41104 libs optional libarchive_3.1.2-11+deb8u6.debian.tar.xz cf3b723da513c4bd2720e8d6d3abede5 435030 libdevel optional libarchive-dev_3.1.2-11+deb8u6_amd64.deb e931a857aeb4d94239cd261d5a0179bb 271164 libs optional libarchive13_3.1.2-11+deb8u6_amd64.deb 164763a33b641093fdbd78e5f122aa21 54458 utils optional bsdtar_3.1.2-11+deb8u6_amd64.deb df741a3798bb2256f793f5e0cbf03289 40024 utils optional bsdcpio_3.1.2-11+deb8u6_amd64.deb -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlwdYQ9fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1Hkv9AP/juo5Q/YRWtj9s6GnVkD0XrlQ0ocJuwO22DT fLBDnlr/tbx0Ot/gzVFERbX1/RU1V+dyKsgqMkJ9myQ9KNLTX2ZUWITKq5fI4B7l v4h+2oGAtuG64WQ7ra6NaB1xqIykaTnJzDnHR8Vu99eeiMKth73eavI4PmBVShFs tm+v7BpwVZ7yrnxqAkRoMI7VHvuDd/ID5Hh38OfOXnfSeVHTpT8eM+R0Ch9UcyTf ZjB8GD1/Rc9xarN3TifdlMU5ALarpOQ3yjRLLL+eh9rvvD/Mdp/+cc60kLCKVsS+ u1MmDU0YcE1cTqgDVGlBi7cPcEjotqd6/O98eHXMQ/Lgb4RDHDM/enjlqndDx396 AlQzwsNHrcbqUg8YCzkX97dauhpqVp1XUnDi1ekWI7lfM4DMhZ1Y8KgABMxKbVh4 vWYB2L9pDlhiYHlYHkY0GwivuYizvNJs4FP+pspQ2OImNhpUBKe4D2u1s7EnRVgb XjPRDl2MXlSExPxB1DSeBtWZjKYkLAj3zyvNu8psgDmKDc0JXtI5iNfMmCL0+Naf CeZ1QKlNm0Pqs6kUrsXubc8xw2+6uNz9RUoO+u1boo3EtCdUmd7gAOBcU11aHiPr 0oJYIlv+WWtHYx7kyle0Mh0xgplNxWZVKdBfp1gkdeVpZ96163z+kaaFCDV3Wskz ITsQBlTC =6dyQ -----END PGP SIGNATURE-----
