-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 24 Sep 2016 13:25:26 +0200 Source: libarchive Binary: libarchive-dev libarchive13 bsdtar bsdcpio Architecture: source Version: 3.1.2-11+deb8u3 Distribution: jessie-security Urgency: high Maintainer: Debian Libarchive Maintainers <ah-libarchive@debian.org> Changed-By: Salvatore Bonaccorso <carnil@debian.org> Closes: 837714 Description: bsdcpio - Implementation of the 'cpio' program from FreeBSD bsdtar - Implementation of the 'tar' program from FreeBSD libarchive-dev - Multi-format archive and compression library (development files) libarchive13 - Multi-format archive and compression library (shared library) Changes: libarchive (3.1.2-11+deb8u3) jessie-security; urgency=high . * Non-maintainer upload by the Security Team. * CVE-2016-7166: Denial of service using a crafted gzip file * CVE-2016-6250: Integer overflow in the ISO9660 writer * CVE-2016-5418: Archive Entry with type 1 (hardlink), but has a non-zero data size file overwrite (Closes: #837714) Checksums-Sha1: effe9337181e17f0dbedd313ec796cb59dd66cba 2453 libarchive_3.1.2-11+deb8u3.dsc 518986a94568b2111a1e087a0ca0cd5ebaa9b268 36064 libarchive_3.1.2-11+deb8u3.debian.tar.xz Checksums-Sha256: 5838e99469280cb3e90653d327c5b3b315fba810414591cb45206488017fb598 2453 libarchive_3.1.2-11+deb8u3.dsc ab2c0220d1253675b07a23c6fe8a4eeea9d59168b165bdf59f6a93c78d25fbe0 36064 libarchive_3.1.2-11+deb8u3.debian.tar.xz Files: 3345cb4ec3faea86a57c70d9fffd703e 2453 libs optional libarchive_3.1.2-11+deb8u3.dsc 10b2951cb6feb392bb6d3831797982e2 36064 libs optional libarchive_3.1.2-11+deb8u3.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQKPBAEBCgB5BQJX54P9XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ0NjQ0NDA5ODA4QzE3MUUwNTUzMURERUUw NTRDQjhGMzEzNDNDRjQ0EhxjYXJuaWxAZGViaWFuLm9yZwAKCRAFTLjzE0PPRDHE EACMnMrIj3TPAhWfJ0azDLuFkU7xWZWwaSHGAN87cZ6OjRTg8I3U0VLkpXrATpFA LXrog/M/ahyM3y4obPNroVUbYwz0tk0Yh/UPa9szVKOPfcprJUyW9iXX0u3oP6Zo GtCLLm2ZBlbgs3bCdEOZBUUzlW/FmpfLfylcXeDSrz2SNvoaT4XBYveGBhgqRwAz Ox7sfVbk5Rzpup7jOJJHrV8fWCcbTAdwap/MpJzRHSmrac1tqEwpVGaZLfUQHTgi GuvKkCsU1V6N5A5tH7cqc//xcfpL0KE1x07DzkxgJNru2lhAc0SoFv0PSsK5VRVM DB4frOERNciOwxqu9le9ktivzlyfrzZrw/HK5ZjMyLFMjKv+Pq6iPNRL16dyKRkG LqcDLkAR8HK4uWus1VaJHtpyxiWWbzIuh/kE39EtOMSv3YNrJkKU+J/eBMMATh1n kmGCKEcGeWpYD0Np65jXU/qB5RkyaJoaG8trv4juhZYPTyO9lPqOhqiDQe59jB1M 7iCmFRbM5IjMBSSh1HDnvBIout6QTwzBnCfvGI28gft6FPVUHTD4UiT0ZccZ+VZl BdBUbmCV3Q8DAWiT6rV0qFQjGatbfk2ysomFp8FTAzPjHiAtTzdAmHy6VMq9Nn/O PjVNV2mEH5pYoDDj6p4LfZuZGXC7GUrWN85zHWnEV18I9Q== =DopT -----END PGP SIGNATURE-----