Debian Package Tracker

From: Salvatore Bonaccorso <carnil@debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted libarchive 3.2.2-2.1 (source) into unstable
Date: Thu, 14 Sep 2017 09:17:20 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 09 Sep 2017 09:09:35 +0200
Source: libarchive
Binary: libarchive-dev libarchive13 libarchive-tools bsdtar bsdcpio
Architecture: source
Version: 3.2.2-2.1
Distribution: unstable
Urgency: medium
Maintainer: Debian Libarchive Maintainers <ah-libarchive@debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 859456 861609 874539
Description: 
 bsdcpio    - transitional dummy package for moving bsdcpio to libarchive-tools
 bsdtar     - transitional dummy package for moving bsdtar to libarchive-tools
 libarchive-dev - Multi-format archive and compression library (development files)
 libarchive-tools - FreeBSD implementations of 'tar' and 'cpio' and other archive too
 libarchive13 - Multi-format archive and compression library (shared library)
Changes:
 libarchive (3.2.2-2.1) unstable; urgency=medium
 .
   * Non-maintainer upload.
   * archive_strncat_l(): allocate and do not convert if length == 0
     (CVE-2016-10209) (Closes: #859456)
   * Reread the CAB header skipping the self-extracting binary code
     (CVE-2016-10349, CVE-2016-10350) (Closes: #861609)
   * Do something sensible for empty strings to make fuzzers happy
     (CVE-2017-14166)
     Fixes heap-based buffer over-read in the atol8 function. (Closes: #874539)
Checksums-Sha1: 
 89f4afa40c5bb51e18412ef04817c2e723e63e2b 2620 libarchive_3.2.2-2.1.dsc
 479bf75dc60cf08dec7ccc72d828b6f6d13732c1 16824 libarchive_3.2.2-2.1.debian.tar.xz
Checksums-Sha256: 
 b8a6cff72d6f64064e5e42889fceffb725e45076194886b041c5ad166fbc6fe9 2620 libarchive_3.2.2-2.1.dsc
 a0d60627d96b07919a7513e3b878c5bdf360c0b425fe35426f39f3f2934960cc 16824 libarchive_3.2.2-2.1.debian.tar.xz
Files: 
 da2db98b3d9493cd75f9512fc8147871 2620 libs optional libarchive_3.2.2-2.1.dsc
 011b8fde2ede67a797a9dade9a1ecb6b 16824 libs optional libarchive_3.2.2-2.1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlmzmHFfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89E0YMP+gP3uW68D8BSdrxMiFWax9PVII+Pp+KM
sHn1dx3ikscyn9Ec93xfMInOmGOVSjiY47IRtbCYaFwsiUEhb0Dm8lQxcCezSPhy
D3L41vbv5z8LXlE96OM0sLLObeSgz9p/dOFuTib8vokAXdSbAiqX21F7ozLfnDyB
9ToKzXDNW7L4viJGC4ienQ79w/OTVpAPAdiNw6gQvnJrqDBoVZbd8szF4VufHmEG
n9KFdVGiC1NFPjVsSlCUCQKo81I0r8GVRVidT6T7amY4F6PVcLkvgq3w2oiu8GkX
NgioPoX95NaXz/rLk1T7KrNlDeyKtH5ZaaFaQLZXZlc+mc+5AhsSo3na8A+tYyiZ
DHHoLKTS5RHf/90UU2RCTW9K8UQAtUI3YOWS0XSbyHpK/fN6jczRPjnVYDXbX/NB
/tuOG+XUiIQJar1BmTFKZPR7dAjIGUmhJA7hQdGMy24HlGcsqLWoVMogsa0YhfV0
jscj9v3pS5UUay7FFZOYCwZV+hpI0eJLtxRZhSH2xOsIneLYFHCLrQyOaZNEoqJt
0EsoQE7uSz1IcXYzRd2UqtYRunCSmiBRbgkjEloXGb+YNUR+gVLZAJ3lyTOx6k75
qNORk5Mj4V0ecPYdB3xZTEXozhwe4U7TGXsqbRbVt5WMM+jZf9ir1dJUajhjLKEu
DiB0e5V6543c
=ywSy
-----END PGP SIGNATURE-----
News for package libarchive
