Debian Package Tracker

From: Thorsten Alteholz <debian@alteholz.de>
To: <debian-changes@lists.debian.org>
Subject: Accepted libarchive 3.2.2-2+deb9u2 (source all amd64) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates
Date: Fri, 01 Nov 2019 10:47:38 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 27 Oct 2019 10:03:02 +0200
Source: libarchive
Binary: libarchive-dev libarchive13 libarchive-tools bsdtar bsdcpio
Architecture: source all amd64
Version: 3.2.2-2+deb9u2
Distribution: stretch-security
Urgency: high
Maintainer: Debian Libarchive Maintainers <ah-libarchive@debian.org>
Changed-By: Thorsten Alteholz <debian@alteholz.de>
Description:
 bsdcpio    - transitional dummy package for moving bsdcpio to libarchive-tools
 bsdtar     - transitional dummy package for moving bsdtar to libarchive-tools
 libarchive-dev - Multi-format archive and compression library (development files)
 libarchive-tools - FreeBSD implementations of 'tar' and 'cpio' and other archive too
 libarchive13 - Multi-format archive and compression library (shared library)
Changes:
 libarchive (3.2.2-2+deb9u2) stretch-security; urgency=high
 .
   * Non-maintainer upload by the LTS team.
   * CVE-2019-18408
     Fix use after free in case parts of the archive are corrupt but
     the archive contains several headers.
   * Fix CVE-2019-1000019
     Out-of-bounds Read vulnerability in 7zip decompression, that can
     result in a crash (denial of service, CWE-125)
   * Fix CVE-2019-1000020
     vulnerability in ISO9660 parser that can result in DoS by infinite
     loop (CWE-835)
Checksums-Sha1:
 b93ea8ba3dc46315d0868146ded9222e50fe658f 2644 libarchive_3.2.2-2+deb9u2.dsc
 ccf14e3b4ec7c6b242cf07062dd40e82a17485a5 5458241 libarchive_3.2.2.orig.tar.gz
 fba50f2df0470c0160d28fdbd5e9251593d9eb83 20628 libarchive_3.2.2-2+deb9u2.debian.tar.xz
 7154636ee6c1718c25268a33dca37be431c0ee96 12078 bsdcpio_3.2.2-2+deb9u2_all.deb
 caf247622711886d91f121433c94333af86f6406 12072 bsdtar_3.2.2-2+deb9u2_all.deb
 2562489d29407f35ac21c9e656a0d55b38676e5c 478404 libarchive-dev_3.2.2-2+deb9u2_amd64.deb
 a2a9c89c249924da932264b3da386cf166ed74fd 90690 libarchive-tools-dbgsym_3.2.2-2+deb9u2_amd64.deb
 4f7a45412f9d37abff1f24859d82337fbe10413f 73452 libarchive-tools_3.2.2-2+deb9u2_amd64.deb
 4ae9b066fd303a5e0f392d36d3ba716a1d7b2dcd 840816 libarchive13-dbgsym_3.2.2-2+deb9u2_amd64.deb
 521521d766b4232e7c8c7679a6343723d9888dc3 294448 libarchive13_3.2.2-2+deb9u2_amd64.deb
 c22c55bc83418d6fb75d2f13eb3405b42d176c74 8391 libarchive_3.2.2-2+deb9u2_amd64.buildinfo
Checksums-Sha256:
 188d14846701eba7e6caaba30bbccc178b2fbce8690964bb2356018c7a0d438e 2644 libarchive_3.2.2-2+deb9u2.dsc
 691c194ee132d1f0f7a42541f091db811bc2e56f7107e9121be2bc8c04f1060f 5458241 libarchive_3.2.2.orig.tar.gz
 0374969f2be08877324a97cf21a3e6ac73c1cde07c30d2b15b005a7da8429334 20628 libarchive_3.2.2-2+deb9u2.debian.tar.xz
 90881989159ac7f397d14321f01ca69a9dac4c0c40c36d5e4366eefa9dea2851 12078 bsdcpio_3.2.2-2+deb9u2_all.deb
 5a379df869ef78dfbba3db163e895f3aeefb9c58295239e9ff97d7c968e162e6 12072 bsdtar_3.2.2-2+deb9u2_all.deb
 2b79b205cf360289362c8bee806f45840806c5f0cb876293cbd072406de59202 478404 libarchive-dev_3.2.2-2+deb9u2_amd64.deb
 748924cb3a86b4a91dcc54ba1e0090cf069b0258fc71fa5318927dab5776557a 90690 libarchive-tools-dbgsym_3.2.2-2+deb9u2_amd64.deb
 180a9497b83ed230388606e555e519316e60fac27817a57f322a51a8998348b7 73452 libarchive-tools_3.2.2-2+deb9u2_amd64.deb
 f45695a60f87033202446a2ee099744d736af612016ea07d5b1f588c922b6266 840816 libarchive13-dbgsym_3.2.2-2+deb9u2_amd64.deb
 d008342111fd7899807509013148eeb2379b432689790c1d701df1911e0c3fc9 294448 libarchive13_3.2.2-2+deb9u2_amd64.deb
 8dff033c564ac872ac73ac86c2f4ddccce29a40dbeb28364ace97ebadfd8aaa1 8391 libarchive_3.2.2-2+deb9u2_amd64.buildinfo
Files:
 8059aeca3a44457252f4ea46d8a9334a 2644 libs optional libarchive_3.2.2-2+deb9u2.dsc
 1ec00b7dcaf969dd2a5712f85f23c764 5458241 libs optional libarchive_3.2.2.orig.tar.gz
 9357d4873df848e94c9824893dd536e8 20628 libs optional libarchive_3.2.2-2+deb9u2.debian.tar.xz
 6fdee2e8664ec08bde95026ebe9db756 12078 oldlibs extra bsdcpio_3.2.2-2+deb9u2_all.deb
 b6744a414d7526cad92777dcb951aacc 12072 oldlibs extra bsdtar_3.2.2-2+deb9u2_all.deb
 1f9f4597819deded7cfcc17f6f4f796d 478404 libdevel optional libarchive-dev_3.2.2-2+deb9u2_amd64.deb
 30566fe1e7b2a519ecdbd39d8e3ceb30 90690 debug extra libarchive-tools-dbgsym_3.2.2-2+deb9u2_amd64.deb
 fd8ff78ab2755d691d3159975171d13b 73452 utils optional libarchive-tools_3.2.2-2+deb9u2_amd64.deb
 4286ecba97ec52946949e5cce403889b 840816 debug extra libarchive13-dbgsym_3.2.2-2+deb9u2_amd64.deb
 113b3c77663c77f55ad8d659736884f4 294448 libs optional libarchive13_3.2.2-2+deb9u2_amd64.deb
 e980e6837527c471e9876c37749e97ed 8391 libs optional libarchive_3.2.2-2+deb9u2_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAl26AJZfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh
bHRlaG9sei5kZQAKCRCW/KwNOHtYR7o2EADCEup2l3Tfu5PS4spLrRRESb5PvAAP
zdiHceju95bbiWQ+PZ2zVE7HleTFOmJeJOcVmH/4AVR7j53Am2A2OkJ7L8kfgeOs
a0PRRhbaBpXpJ4+zDJ4sfXICKUwTnyNvq9rriU51h+f/kUSwURtibNsefILZI0wU
wF52yqeERMQvmSDhG/Wgy1QxiEkgv7cAd7Qu/tN0IEPqxrgaiU7UIvl/UzNTs41B
LgG4i5Gj8HJ4YQfjxhyVyl+01REBvv06juAMlyeueUMTBIHlTNopwp7lt3Vb9Cpx
gp9nnUzmEa3XQK2xMP9XK0FVgIxShzII4nlVVSTNhNRuhE+dUfxUxn5LAqwCceNT
TlJsD1oCGGCcIwTBZQjxPIQ8kUmfKhPpPQU30qcGVfczB4xF0ImOZFaVP+sa/qTU
T/U01F1bj4zcRnA4lFRMjXOV19ysKOaUf8T+yI5uqJZWfbmw6VpV/upKTv08k/+U
kyPF6SY9v7FSHEKRwdA0yf6XznY7CG1Lx51DyQ0GzCo1cSgEfk7HsYwHXDDaSGhT
alSBwy2RiHUbAq8xx8ErVPTgXxI8oHjIvHABA2J/OLc4ELPFu68kk9RSp7psb3iZ
jaflywnBLa9dMOB/nsfC6Mx0RkYLVpM3eYTpStU5g8AstaDsNACyt9HEXTlIkfCu
GeNXYflD4Ovu7w==
=AkC2
-----END PGP SIGNATURE-----
News for package libarchive
