Debian Package Tracker

From: Markus Koschany <apo@debian.org>
To: <dispatch@tracker.debian.org> , <debian-lts-changes@lists.debian.org>
Subject: Accepted libarchive 3.0.4-3+wheezy2 (source amd64) into oldstable
Date: Thu, 21 Jul 2016 05:50:15 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 21 Jul 2016 07:23:39 +0200
Source: libarchive
Binary: libarchive-dev libarchive12 bsdtar bsdcpio
Architecture: source amd64
Version: 3.0.4-3+wheezy2
Distribution: wheezy-security
Urgency: high
Maintainer: Debian Libarchive Maintainers <ah-libarchive@debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description: 
 bsdcpio    - Implementation of the 'cpio' program from FreeBSD
 bsdtar     - Implementation of the 'tar' program from FreeBSD
 libarchive-dev - Multi-format archive and compression library (development files)
 libarchive12 - Multi-format archive and compression library (shared library)
Changes: 
 libarchive (3.0.4-3+wheezy2) wheezy-security; urgency=high
 .
   * Non-maintainer upload by the LTS team.
   * Build with autoreconf to ensure that all patches and tests are applied
     and executed correctly.
   * Fix CVE-2015-8917, CVE-2015-8919, CVE-2015-8920, CVE-2015-8921,
     CVE-2015-8922, CVE-2015-8923, CVE-2015-8924, CVE-2015-8925,
     CVE-2015-8926, CVE-2015-8930, CVE-2015-8931, CVE-2015-8932,
     CVE-2015-8933, CVE-2015-8934, CVE-2016-4300, CVE-2016-4302,
     CVE-2016-4809, CVE-2016-5844 and one security issue without CVE yet.
     (TEMP-0000000-84D11B.patch)
     Several vulnerabilities were discovered in libarchive, a library for
     reading and writing archives in various formats. An attacker can take
     advantage of these flaws to cause a denial-of-service against an
     application using the libarchive library (application crash), or
     potentially execute arbitrary code with the privileges of the user running
     the application.
Checksums-Sha1: 
 d861e6d32fa0355a63ae53302e35c7ae269953c5 2412 libarchive_3.0.4-3+wheezy2.dsc
 fa841c0602862c7994407291da7eaa4e2e5f64e6 27289 libarchive_3.0.4-3+wheezy2.debian.tar.gz
 a05d13e0188ced0a0167d5adc82599285c1c4796 473934 libarchive-dev_3.0.4-3+wheezy2_amd64.deb
 c3d8151a7bef2f863694e8d4ae4e2561a8b9233e 304550 libarchive12_3.0.4-3+wheezy2_amd64.deb
 d789aa2acd335021afe959036d3236a83c2cc458 55098 bsdtar_3.0.4-3+wheezy2_amd64.deb
 ce0756e1a03623df3e67c9c0ec7cc18670f3dfe5 41574 bsdcpio_3.0.4-3+wheezy2_amd64.deb
Checksums-Sha256: 
 75bfa35a24fc4cf68836fd864c5188c66919a90d205b4acd64402de3bc959f3c 2412 libarchive_3.0.4-3+wheezy2.dsc
 5b21fd8b64cce0063edf03fc16141f29b2496c1f07e96c87d204baaacf967059 27289 libarchive_3.0.4-3+wheezy2.debian.tar.gz
 b55e1349ed1b1c220b84f48509a3776da47c6fbd7235317ffc737692ea9199cf 473934 libarchive-dev_3.0.4-3+wheezy2_amd64.deb
 bf1d57d15b1785217879352ce2d9346cacfef29c63e0ff52f5ea2b0115154923 304550 libarchive12_3.0.4-3+wheezy2_amd64.deb
 6b37243e3a5cbd9f24b5a7e66dbbeb4f0c2bb93df1769ec783d2598aafa1e910 55098 bsdtar_3.0.4-3+wheezy2_amd64.deb
 fa29a4c4066b7de703e09119dd46ac38a52fcb153de2c6541c2d20abfa4ed096 41574 bsdcpio_3.0.4-3+wheezy2_amd64.deb
Files: 
 e913112511710a2ee815292475d4c264 2412 libs optional libarchive_3.0.4-3+wheezy2.dsc
 77f5ebb2fb3a10a20d4956a5a82aea01 27289 libs optional libarchive_3.0.4-3+wheezy2.debian.tar.gz
 58d2751d85b928089e385c40bcf75f78 473934 libdevel optional libarchive-dev_3.0.4-3+wheezy2_amd64.deb
 73285f0a278f8353a316101382d4d9e5 304550 libs optional libarchive12_3.0.4-3+wheezy2_amd64.deb
 38955193473f4707754f0e6e2e747574 55098 utils optional bsdtar_3.0.4-3+wheezy2_amd64.deb
 a629d5890955cd70556f2ab2b17a89e1 41574 utils optional bsdcpio_3.0.4-3+wheezy2_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQJ8BAEBCgBmBQJXkGFkXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRBQ0YzRDA4OEVGMzJFREVGNkExQTgzNUZE
OUFEMTRCOTUxM0I1MUU0AAoJENmtFLlRO1HkVxcQAJbjJ9LdRXCIZObLr5H/CmvX
Ofz/8QqqO3x0mi6kTmYMXvNzyBGUsNIKyQyf7vZfNkyLo28F2hDjtiIdso3BMYnz
xks4QmWrqkdak1mGRCt7W52HpbRFgShtPcQWPgoGKI9l+WPCsEIoOkAiOyrocP96
ntfjBOCNgu5a/IMSC5UMDe3r9CpT80AXzhczI7i9TxRGFCdZ1km0ZwzeoaehLfwa
pPFSlBaAVyuRz7GzaAvksoyD/pgjKUZ2O6nH1+EOdFOx40u+cgqNfwKB0lkyVgIe
0IVFq+IMBWb7rZXXaor1MI47cROL6zU3PjrZLyjyyy6cW3jiMF6C4jr/Z20Lgo7l
Tq4UsI+pseB9ZygIl1ZbWOwWP1lKzFw2TxWrMXWl30iSGT+pAgEmCNzSf/hh1Xul
fgVBcw1LDDsop5UCdjLaQ9Bw5VRMGWYtNuwvNIlVjFyCWzW1TvFmSXI5bCcq9iCz
qwcZJ50SKYg83D7BAbEhBVpNn4gGa7gzdWI93gKw1PgHE/MWgLt5jvFe5XTO4c+/
XkGP9jbWVjLi+ontEMXJgU1By0ICobaPdJSyISv2RjWSGykA+GPWNSaK94M+DCCa
LGjHkQQSGNg3as56Cx8czr70tZ+u21uM9hGHEpBGKKSxNHixwQhsU/Xyjn+gt2DO
6aqjKPM5xNBn4JN8J5uF
=tlOs
-----END PGP SIGNATURE-----
News for package libarchive
