-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 30 Jun 2017 10:21:03 +0200 Source: libarchive Binary: libarchive-dev libarchive12 bsdtar bsdcpio Architecture: source amd64 Version: 3.0.4-3+wheezy6 Distribution: wheezy-security Urgency: high Maintainer: Debian Libarchive Maintainers <ah-libarchive@debian.org> Changed-By: Raphaël Hertzog <hertzog@debian.org> Description: bsdcpio - Implementation of the 'cpio' program from FreeBSD bsdtar - Implementation of the 'tar' program from FreeBSD libarchive-dev - Multi-format archive and compression library (development files) libarchive12 - Multi-format archive and compression library (shared library) Closes: 859456 861609 Changes: libarchive (3.0.4-3+wheezy6) wheezy-security; urgency=high . [ Markus Koschany ] * Non-maintainer upload by the LTS team. * Fix CVE-2016-10349 and CVE-2016-10350: Possible heap-based buffer overread that might allow remote attackers to cause a denial of service via a crafted file. Closes: #861609 . [ Raphaël Hertzog ] * Fix CVE-2016-10209: possible NULL pointer dereference in archive_wstring_append_from_mbs via a crafted archive file. Closes: #859456 Checksums-Sha1: 4571c84ce744f19709866adb0edb2fbbe14275a6 1986 libarchive_3.0.4-3+wheezy6.dsc b37df3c34848c7f0b12a5e753c210e52a869ba4d 42577 libarchive_3.0.4-3+wheezy6.debian.tar.gz 7f7cb4610c9f11dec438f90050b324ade135b36a 475594 libarchive-dev_3.0.4-3+wheezy6_amd64.deb 1d44afe52c7a49276828466bdf85353f0a36d1ac 305882 libarchive12_3.0.4-3+wheezy6_amd64.deb 49af81b6a28696d4b0628c332821e0ada35b0c7e 55646 bsdtar_3.0.4-3+wheezy6_amd64.deb 4b5e7e901079f8eb3201e66861138b8d26467fc8 42478 bsdcpio_3.0.4-3+wheezy6_amd64.deb Checksums-Sha256: 1514ce72855d047c9b385755092e0c13bfd006759296717559cbb5843be527cd 1986 libarchive_3.0.4-3+wheezy6.dsc 27f6a478193c6a6db7c6450c4faaf55ff36a3876e4f9934648039c297595bdd1 42577 libarchive_3.0.4-3+wheezy6.debian.tar.gz 22436d6690a19d6422adec46b2e5289750739731c319ff31192bc4410add87f0 475594 libarchive-dev_3.0.4-3+wheezy6_amd64.deb 5478229211f79fedffa1dfff601790d9ce4eb3b622729ec63e8a592b819ea617 305882 libarchive12_3.0.4-3+wheezy6_amd64.deb 299fa3c046d0cc8c8a08a270f357698f7f04746d735b58addda5a7e5d1251fa2 55646 bsdtar_3.0.4-3+wheezy6_amd64.deb decbd5771157a9c688228d873d4e4a485bc77ee74f83b7d91a403c209faf8ded 42478 bsdcpio_3.0.4-3+wheezy6_amd64.deb Files: abe101f63d9b2bf8a42f32b04035a9e1 1986 libs optional libarchive_3.0.4-3+wheezy6.dsc da2baf06416ca3d0e9f9d12554fb43b6 42577 libs optional libarchive_3.0.4-3+wheezy6.debian.tar.gz 552134d12b8663ad3406fa09bdd39825 475594 libdevel optional libarchive-dev_3.0.4-3+wheezy6_amd64.deb 723ee1484730735ea693d9bb7a45d067 305882 libs optional libarchive12_3.0.4-3+wheezy6_amd64.deb 31a15b57faec87ce1d9b1811fa923d25 55646 utils optional bsdtar_3.0.4-3+wheezy6_amd64.deb 31fed02f387227fd55cc4dd80ec8d09d 42478 utils optional bsdcpio_3.0.4-3+wheezy6_amd64.deb -----BEGIN PGP SIGNATURE----- Comment: Signed by Raphael Hertzog iQEzBAEBCgAdFiEE1823g1EQnhJ1LsbSA4gdq+vCmrkFAllWGrwACgkQA4gdq+vC mrn3KQf+Lxjas1ZkVX6owKaBb8GujlFtqqR/kSuqeNNAXK8bh0vcIt9aCwAv2ktH rD3/L2Ss1c0ykXo+Z6dw7gDQexWxOLcO4eT+c0+UGleNy7EVrDE7i+/AmGNRGQAL YRCX01NBE0ffO+VQWvCUSGCRSU+RrIRMb0ezAKbxUW1TB9Fwl68Klxa8TuY5mtUB NWTrxiiIiq5iGCCuXhMmf3uwLvsJUVak2YGQOW+wj1m3YncqbhZ3S3HzF0DNVv6i CgJ7iSxREQPc3mNZRbF8GmGkFFq2N+pdQGAHps2ZHdmBviZmmD/gwdcWeQ7+LhOf vdqvsxTJeO4jq/WB8C3wxuZAiDNvYg== =CWdp -----END PGP SIGNATURE-----
