Debian Package Tracker

From: Salvatore Bonaccorso <carnil@debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted libarchive 3.2.2-3.1 (source) into unstable
Date: Thu, 14 Sep 2017 15:15:48 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 14 Sep 2017 16:02:10 +0200
Source: libarchive
Binary: libarchive-dev libarchive13 libarchive-tools bsdtar bsdcpio
Architecture: source
Version: 3.2.2-3.1
Distribution: unstable
Urgency: high
Maintainer: Peter Pentchev <roam@ringlet.net>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 859456 861609 874539
Description: 
 bsdcpio    - transitional dummy package for moving bsdcpio to libarchive-tools
 bsdtar     - transitional dummy package for moving bsdtar to libarchive-tools
 libarchive-dev - Multi-format archive and compression library (development files)
 libarchive-tools - FreeBSD implementations of 'tar' and 'cpio' and other archive too
 libarchive13 - Multi-format archive and compression library (shared library)
Changes:
 libarchive (3.2.2-3.1) unstable; urgency=high
 .
   * Non-maintainer upload.
   * Reupload 3.2.2-2.1 on top of 3.2.2-3
   * archive_strncat_l(): allocate and do not convert if length == 0
     (CVE-2016-10209) (Closes: #859456)
   * Reread the CAB header skipping the self-extracting binary code
     (CVE-2016-10349, CVE-2016-10350) (Closes: #861609)
   * Do something sensible for empty strings to make fuzzers happy
     (CVE-2017-14166)
     Fixes heap-based buffer over-read in the atol8 function. (Closes: #874539)
Checksums-Sha1: 
 9baa983a4914b8cae22cbf2cba9c03985dcb0c97 2513 libarchive_3.2.2-3.1.dsc
 6d5d43352c9a01c51392116a3c05594cbd887d63 16860 libarchive_3.2.2-3.1.debian.tar.xz
Checksums-Sha256: 
 4905764794d3010a56ad9cd91d24be078a99aac3e3761bd9c4e20396c5e664d3 2513 libarchive_3.2.2-3.1.dsc
 8de2c8b2be12b483af4f2ccde9679c603634f2be5f84706965c61d916031645b 16860 libarchive_3.2.2-3.1.debian.tar.xz
Files: 
 322111513c724ecde6e9c12b807ba39a 2513 libs optional libarchive_3.2.2-3.1.dsc
 8d01ed6151bb8b7274cdd2a0b9ac5e09 16860 libs optional libarchive_3.2.2-3.1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlm6jNVfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EbOMP/RAvIUOQmSLqxmJYRdlCEH6CkXjivdrU
KqWO8Ol0VsXWzVWuMIvz4LGrh3ghIxFadf0GlRc4DaRkdoIP2NlwffoDR6wgWyxQ
2C/DtDJPFTo23y62wm1pCTHGDsWcKhy7SBFrc+GRRQntXzuASJQvTuioYrgnVkS2
KkDKuiY1diRzXdGznlM4PsnQb5ToMNv+KzGYrC2Yv5Igaz5FG8XKDTeFofmTgUEx
WIhJMZz0ynsfbL3K/8Nfh+XD0PWJIsQ3GptOXVUXJCudOl8UW+PU1mfHCisNPfrc
eNQF/GeVSRg57MxbKMeCYTmay/Idkc6PfOp3IselFNhs8DJjoUGJf+vbbGIVErti
fGoDpRo1khJqbEBSfyU+vsc9YUcLIX8i3e5opgW8/6X4BI8SXr5Ar8pNlYhXNuLH
Rqb27H0ZwOBo7Nl1LfCmFBlDgA4Yjg3EKsBHbS+8Yh8FmQY6ZSKkYpWuiYnx1YlM
T8IaGKUuisE/E0T+OtBGPV0+9N3+kSBC7G47YodPUZE1m4CfabIdbONZq5MgmqTv
4ClTBecKKLCFak+bKf8WRH+4PQ4hpFgS3vQ9Cc3dN+D9/m2Up5MK/nqDfHVgeoV2
q9wXiE8OksghuDPwFmYHaWeTBK5PoTXkt/we99MpwBa9pWPB3AW6SNDWQWoRhkel
Sz45BQyFQ8e+
=3113
-----END PGP SIGNATURE-----
News for package libarchive
