-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 24 Jul 2018 21:08:04 +0200 Source: libarchive-zip-perl Binary: libarchive-zip-perl Architecture: source all Version: 1.39-1+deb8u1 Distribution: jessie-security Urgency: high Maintainer: Debian Perl Group <pkg-perl-maintainers@lists.alioth.debian.org> Changed-By: Markus Koschany <apo@debian.org> Description: libarchive-zip-perl - Perl module for manipulation of ZIP archives Closes: 902882 Changes: libarchive-zip-perl (1.39-1+deb8u1) jessie-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix CVE-2018-10860: perl-archive-zip is vulnerable to a directory traversal in Archive::Zip. It was found that the Archive::Zip module did not properly sanitize paths while extracting zip files. An attacker able to provide a specially crafted archive for processing could use this flaw to write or overwrite arbitrary files in the context of the perl interpreter. (Closes: #902882) Checksums-Sha1: c681b7925445e26e2d9ec633987bb86007387e3e 2383 libarchive-zip-perl_1.39-1+deb8u1.dsc 03a16f6cfdebd1b53db9b998acad2d46da80222a 183667 libarchive-zip-perl_1.39.orig.tar.gz cda236d1e5bf878dd71393745121871081f91277 12608 libarchive-zip-perl_1.39-1+deb8u1.debian.tar.xz 289b1466f22886b83d37962fb01e313fd1bc812f 97264 libarchive-zip-perl_1.39-1+deb8u1_all.deb Checksums-Sha256: 788bb9a4ececc728b804d9e2944d5496f902a5c1cfe82e5f5116c7d64a5ee67e 2383 libarchive-zip-perl_1.39-1+deb8u1.dsc 5b5cae886257288b4af4c9ac7c797627ab193f5dcbb43097c61b2b4c68b2ba10 183667 libarchive-zip-perl_1.39.orig.tar.gz 992215b5b7a71562d085a181cde08d1e9e66df40bda7962910576c5d76799f85 12608 libarchive-zip-perl_1.39-1+deb8u1.debian.tar.xz c17bf524058bc931f481f29069a7ba4a35f9abf7cc23438e677b82116345564f 97264 libarchive-zip-perl_1.39-1+deb8u1_all.deb Files: 16ee3a71c70649c96e5ee5e743fc2c18 2383 perl optional libarchive-zip-perl_1.39-1+deb8u1.dsc 851316e59625317a89e40418a26c676c 183667 perl optional libarchive-zip-perl_1.39.orig.tar.gz 776ef1f0fbf48dcbf5557d00272bed23 12608 perl optional libarchive-zip-perl_1.39-1+deb8u1.debian.tar.xz 33af4a492e40992da981d0b682acaffe 97264 perl optional libarchive-zip-perl_1.39-1+deb8u1_all.deb -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAltXgjxfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkDqAP/3Ce+PoULjnrXZl5HfuQEmW+S+71hqap2+Vn aknaZsQPb/FlbSIyHQxu77yoK/mpYNEdYH5bRM3aW/9xSHxvJ2ZoFGHCK4XcKb5V srasNcvyIyfm8OdWrmODl6cfBT0gIamiwpcXNDWQzLfvEeJ07kvRtNptlsyvZHUi h4tKtC7cv+3RVWZCAuS9AgBN9m7szTaRuJ++IGib3UwCYtyL50q1h6DwJtDY5Eb9 hFah7RlAK6hYcAtLbOp3BlhNc6A/vt+1Akk/egLmXUPJvgPSXP1BULQlQEmdFo8B G8YpjzwQPIGMb2Cfln8bwc+9EsisbQhdXNtgaPTlnWNV69k0VqYzgwvQ0qsCBDRi 2y0pzjFyeszVTIIwT1dkUbKvqGCEeGrvUgb/52Hp7YTv3DqTnTftUeql66o/3ufr Anj/KLPDKt8gFJazhulypCLNz7JHvUrHyhAzIhilJ6hpM935JEDYe8xauNIGy95G 4vKdBj79UIaAJZdL0fmXQY7uDFpQBe01acZtd0eNXuEhgTXQLNAIybPHgUG8hfqH O6lQdPjGzz7vLRHOlNnTfHvOovB8g2UEOTKEqKEjdRfvoKZh0onRAzB5Ufc86O80 GqtHHGP4e/3tFBPK5DhenRv3VNxyvjFRMxT1jpHRIbGoYsssn0QHqCKRD6MI9pjF 5igbRm0W =snia -----END PGP SIGNATURE-----