-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Fri, 4 Jan 2008 15:52:20 +0000 Source: libarchive Binary: libarchive-dev libarchive1 bsdtar Architecture: source i386 Version: 1.2.53-2etch1 Distribution: stable-security Urgency: high Maintainer: John Goerzen <jgoerzen@complete.org> Changed-By: Steffen Joeris <white@debian.org> Description: bsdtar - tar(1) from FreeBSD, using libarchive libarchive-dev - Single library to read/write tar, cpio, pax, zip, iso9660, etc. libarchive1 - Single library to read/write tar, cpio, pax, zip, iso9660, etc. Changes: libarchive (1.2.53-2etch1) stable-security; urgency=high . * Non-maintainer upload by the security team * Fix buffer overflow, NULL pointer reference and DoS in archive_read_support_format_tar.c Fixes: CVE-2007-3641, CVE-2007-3644, CVE-2007-3645 Files: 6bd6417d5da3132138dfec988dd0b484 723 libs optional libarchive_1.2.53-2etch1.dsc 2e2df461fef05049b3a92e5bedc2de2c 522540 libs optional libarchive_1.2.53.orig.tar.gz 454b6a56eec392fff05fde2e39b33241 6474 libs optional libarchive_1.2.53-2etch1.diff.gz e3e924b9c25d33d9412ab66e5745002b 95600 libdevel optional libarchive-dev_1.2.53-2etch1_i386.deb 9ae44a93dbe577fea5a3121b32e00bf5 73122 libs optional libarchive1_1.2.53-2etch1_i386.deb 5f52d186b87c77092c092836ad457585 82918 libs optional bsdtar_1.2.53-2etch1_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFHgAP562zWxYk/rQcRAu97AJ9D2YXx1Mk8n2wQjHPVLO0X/XFJpACeIVkl aYgZBnQMDscYshXxwx4rIyU= =wh1E -----END PGP SIGNATURE----- Accepted: bsdtar_1.2.53-2etch1_i386.deb to pool/main/liba/libarchive/bsdtar_1.2.53-2etch1_i386.deb libarchive-dev_1.2.53-2etch1_i386.deb to pool/main/liba/libarchive/libarchive-dev_1.2.53-2etch1_i386.deb libarchive1_1.2.53-2etch1_i386.deb to pool/main/liba/libarchive/libarchive1_1.2.53-2etch1_i386.deb libarchive_1.2.53-2etch1.diff.gz to pool/main/liba/libarchive/libarchive_1.2.53-2etch1.diff.gz libarchive_1.2.53-2etch1.dsc to pool/main/liba/libarchive/libarchive_1.2.53-2etch1.dsc