Debian Package Tracker

From: Markus Koschany <apo@debian.org>
To:
Subject: Accepted libarchive 3.2.2-2+deb9u1 (source all amd64) into stable->embargoed, stable
Date: Thu, 27 Dec 2018 16:38:27 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 21 Dec 2018 21:11:50 +0100
Source: libarchive
Binary: libarchive-dev libarchive13 libarchive-tools bsdtar bsdcpio
Architecture: source all amd64
Version: 3.2.2-2+deb9u1
Distribution: stretch-security
Urgency: high
Maintainer: Debian Libarchive Maintainers <ah-libarchive@debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
 bsdcpio    - transitional dummy package for moving bsdcpio to libarchive-tools
 bsdtar     - transitional dummy package for moving bsdtar to libarchive-tools
 libarchive-dev - Multi-format archive and compression library (development files)
 libarchive-tools - FreeBSD implementations of 'tar' and 'cpio' and other archive too
 libarchive13 - Multi-format archive and compression library (shared library)
Closes: 859456 861609 874539 875960 875966 875974 916960 916963 916964
Changes:
 libarchive (3.2.2-2+deb9u1) stretch-security; urgency=high
 .
   * Non-maintainer upload.
   * Fix the following security vulnerabilities:
     CVE-2016-10209, CVE-2016-10349, CVE-2016-10350, CVE-2017-14166,
     CVE-2017-14501, CVE-2017-14502, CVE-2017-14503, CVE-2018-1000877,
     CVE-2018-1000878, CVE-2018-1000879 and CVE-2018-1000880.
     Multiple security vulnerabilities were found in libarchive, a multi-format
     archive and compression library. Heap-based buffer over-reads, NULL pointer
     dereferences, use-after-frees and out-of-bounds reads allow remote
     attackers to cause a denial-of-service (application crash) via specially
     crafted archive files.
     (Closes: #859456, #861609, #874539, #875966, #875974, #875960, #916964,
     #916963, #916960)
Checksums-Sha1:
 b2997ca00c9ac54446c64d8d3b0062556bd24af8 2636 libarchive_3.2.2-2+deb9u1.dsc
 ccf14e3b4ec7c6b242cf07062dd40e82a17485a5 5458241 libarchive_3.2.2.orig.tar.gz
 a08f6e142f958d188cc140540bf90cd837d9ead9 18624 libarchive_3.2.2-2+deb9u1.debian.tar.xz
 d01c5408989704feae3236e002645663ff3a4eb7 11856 bsdcpio_3.2.2-2+deb9u1_all.deb
 5bd4b176f6101446d8c50e9e4bba479794aa0ddb 11846 bsdtar_3.2.2-2+deb9u1_all.deb
 f60cb977dc380f58f1014634e1fb6689cf6acfa5 478360 libarchive-dev_3.2.2-2+deb9u1_amd64.deb
 f32ed132da17aafe7d0c9b0e71cfb7b5d8116331 90702 libarchive-tools-dbgsym_3.2.2-2+deb9u1_amd64.deb
 56610b7b8e57224e58896c0576f04fd1da531002 73202 libarchive-tools_3.2.2-2+deb9u1_amd64.deb
 73abbeb274e54800fdd689395d18410801658af0 840928 libarchive13-dbgsym_3.2.2-2+deb9u1_amd64.deb
 f6758c213a8b65327e793f82f8e932f042b31cb0 294378 libarchive13_3.2.2-2+deb9u1_amd64.deb
 a77af031249098e8b05511a9a089e0f378e31db9 8340 libarchive_3.2.2-2+deb9u1_amd64.buildinfo
Checksums-Sha256:
 aca78d3d03fd5ef9ab4ec3e42a701ec8f767ab7757c459c168c56229165bb5a5 2636 libarchive_3.2.2-2+deb9u1.dsc
 691c194ee132d1f0f7a42541f091db811bc2e56f7107e9121be2bc8c04f1060f 5458241 libarchive_3.2.2.orig.tar.gz
 0e22308dbacd841ab4c2a0f04ad343afa24d398e69c31064df84c70f4589307c 18624 libarchive_3.2.2-2+deb9u1.debian.tar.xz
 de19e6e99cc6c3af48d411f43ad075d891aad168b4844095fe13db992f39a532 11856 bsdcpio_3.2.2-2+deb9u1_all.deb
 9b8e55fff603c47f5fd0e552428c2dd74abf37eb50448d1ef7457072c88d2fb9 11846 bsdtar_3.2.2-2+deb9u1_all.deb
 a704963e911b7a5fd18ad53c03c7d9083e852cb94ccfb49cbf6094e93ced4795 478360 libarchive-dev_3.2.2-2+deb9u1_amd64.deb
 470bc59216e160af679759dc4636ae961470a0519aaa6d2d5a1aa065cbb0a651 90702 libarchive-tools-dbgsym_3.2.2-2+deb9u1_amd64.deb
 4c757277b08061eb04da5c9ddd2df0372c44a4ddfa33d9f4a006f1ecd2175783 73202 libarchive-tools_3.2.2-2+deb9u1_amd64.deb
 06a2ef3f8cc2bc62d0c1901b1e8ed2895ab9e966dcffbdcb58be160960b6edec 840928 libarchive13-dbgsym_3.2.2-2+deb9u1_amd64.deb
 2c960654e25a43880bf59cb3d2a097daef7ba2a3a7e79e6d60120ae1dc88ff43 294378 libarchive13_3.2.2-2+deb9u1_amd64.deb
 69a89f2f79cfd13d79399aae9c7d35d19c6517a00e88b98b3b8282c724739db3 8340 libarchive_3.2.2-2+deb9u1_amd64.buildinfo
Files:
 369a5ea65168e5da18426f2b4ba3cc8b 2636 libs optional libarchive_3.2.2-2+deb9u1.dsc
 1ec00b7dcaf969dd2a5712f85f23c764 5458241 libs optional libarchive_3.2.2.orig.tar.gz
 0863fb3ba054276e72cd887c6e4fae69 18624 libs optional libarchive_3.2.2-2+deb9u1.debian.tar.xz
 704a13c2380aba6872afc5aad98d3234 11856 oldlibs extra bsdcpio_3.2.2-2+deb9u1_all.deb
 02ae3ac57a49710f81f529679037091c 11846 oldlibs extra bsdtar_3.2.2-2+deb9u1_all.deb
 4e5abc89de748ab1e865d30f29d0acd7 478360 libdevel optional libarchive-dev_3.2.2-2+deb9u1_amd64.deb
 5432deca1cee518184a33a293317485b 90702 debug extra libarchive-tools-dbgsym_3.2.2-2+deb9u1_amd64.deb
 ef9b1547307d5972bce08b722fb7b256 73202 utils optional libarchive-tools_3.2.2-2+deb9u1_amd64.deb
 5aa3835304790b323133f8670d7c3214 840928 debug extra libarchive13-dbgsym_3.2.2-2+deb9u1_amd64.deb
 45ac01dc6dae9cd64574d154efabc496 294378 libs optional libarchive13_3.2.2-2+deb9u1_amd64.deb
 5581a8875982c628f4571b93c18efb80 8340 libs optional libarchive_3.2.2-2+deb9u1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlwkBLBfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkEisP/0a9DrUaafcD1Z/+LM2t9SYZb5iDdapsf3l0
o3hAk6M7jSJtDrbsSJoGVku3i+y47ltKdilP0QWTVGKt7VlwGM5XJ+Est1MMIGgl
HHPSCFKODT2A3VO8Po31jMX1r5CEwvUtILhTFLfAP3jxdXRaYCYK/EHSSfQ/aTNB
3aoVGIyNi+yII0uKdaaNsC7KyZWG/V6gCtTdSP51ZpPm5O5Q7o3sULYusbcbj6yd
tV0rQgcOnJ6tsU4bjQtmiK9TFrtHfH9FK4QRnvYrQDqzqBW31rCNJjoxh8bE/Tis
inqSYfq2t4lHAQafgLROA2irMLIVOCrslJyCDQk2OLMZ120deEZRmKoORSqd+vOY
kzNXCspvFpR3J3eY29Ay9GyQ7Hb6UTxOi9lEHwNa+2lu0KctF0T9fYEiC4kEugza
w4UTDyiSUCSj/qz9pCtatcskCvpJEdgE8CuGGOxRFxsFJUNRnpnK+qBvtdoVpjnZ
7Ca2/U5hcuWMk8/ul3iYuskr1yHzCLQsNRoMjQZ5TK6IPTkhOXkFvZIbEmMQOQva
YFZXVjPNYFyxY6ZzKk0cS6OeYikAlosY8bGd+HJLWCwmbwl+JAAN8QAykHVUwmf/
3WxefDSn1she++IwxU6la90sZ0eccG3jVlozRWMWu/qfpltlTAsDZNhT6Cew2Ryw
JWXowAZC
=O32P
-----END PGP SIGNATURE-----
News for package libarchive
