Debian Package Tracker

From: Salvatore Bonaccorso <carnil@debian.org>
To:
Subject: Accepted libarchive-zip-perl 1.59-1+deb9u1 (source) into stable->embargoed, stable
Date: Sat, 22 Sep 2018 13:56:42 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 21 Sep 2018 17:17:23 +0200
Source: libarchive-zip-perl
Binary: libarchive-zip-perl
Architecture: source
Version: 1.59-1+deb9u1
Distribution: stretch-security
Urgency: high
Maintainer: Debian Perl Group <pkg-perl-maintainers@lists.alioth.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 902882
Description: 
 libarchive-zip-perl - Perl module for manipulation of ZIP archives
Changes:
 libarchive-zip-perl (1.59-1+deb9u1) stretch-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Prevent from traversing symlinks and parent directories when extracting
     (CVE-2018-10860) (Closes: #902882)
   * Extract test files needed for t/25_traversal.t test.
     Add zip files to debian/t/data directory and add them to
     debian/sorce/include-binaries to include those in the debian tarball.
     Add an override for dh_auto_test to copy debian/t/data/*.zip testfiles
     to test directory prior to running the testsuite.
     Clean test files needed for t/25_traversal.t in dh_clean
Checksums-Sha1: 
 144b84e8de376b68b9c3cffe34602c227e73dab8 2384 libarchive-zip-perl_1.59-1+deb9u1.dsc
 1f229e626474dbc75547ce0f60bae25c5048bd57 192151 libarchive-zip-perl_1.59.orig.tar.gz
 34d49d40ef9e38a2a5319ba1b2f0d90103cb00fd 12308 libarchive-zip-perl_1.59-1+deb9u1.debian.tar.xz
Checksums-Sha256: 
 8fbc41d9820ea63b400b03d1a2d7ffa000828b9e3421e0f54633244a8a1146aa 2384 libarchive-zip-perl_1.59-1+deb9u1.dsc
 7a4b1b0aa43ae7231bb3212e86ab6b538725625df06e82772c3da24c8b26e75d 192151 libarchive-zip-perl_1.59.orig.tar.gz
 d99b8bcc92ce02200d563327fccbccd083d4cec07e41dc5fda63d9de9bc17118 12308 libarchive-zip-perl_1.59-1+deb9u1.debian.tar.xz
Files: 
 82b98e2dd49681fee44a125c93aa7167 2384 perl optional libarchive-zip-perl_1.59-1+deb9u1.dsc
 b649a593391573f9382cef8c08d1d5ba 192151 perl optional libarchive-zip-perl_1.59.orig.tar.gz
 b65e4f6046bdc4b73bd8f8bf3adccaeb 12308 perl optional libarchive-zip-perl_1.59-1+deb9u1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlulTplfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89E5ucP/3c0QFQLOe+lNb6IyUAjP7ig+z9sC3Yu
vhH+LX3JfLgIsqSNFGRW2LEprZnrR+VYoUqQ1xR1I4vf7VdkVbBsyrBSlPGjQe9J
CIIqGj8dI9ArQ7L7e9diKPiyRtvsOQq39ic56Rx/aKP60fDQcReerEbgGmb5dETX
sxIShlOLCv0oXLhrJdKqToth7s1T/DnPxlfCQkBFPnu+FHzqK6Q37mauUOpvguy6
czxMES+eZNNrCs7oyEriN5LtFqak5c/UByjAcS200kPqh7cKVRFGZnRuDS9WtULi
sXKxhvyw6wMWerEtURYIMmSB5152reDZGvPuZoh6ul6+kLCNyiylX2ftyhAeqnbu
lL5O7pIKZbLNynZVWmT2wXquty3AHrGns7R4L23ow2BqVaf1kdgGP4rdkSRyKMOl
3CigtBgiG+HXT3qBkZx5FCGc+dyQA5TISwgMY65QqZuFyF0QmQn2xUDhwS4euhGX
B2vOjKytZHI4rpl3dcxnWG+Nk1kiGm9G19rrAPFR8WdwttCc8oV//4FE9aSa49IO
lmEHv33NHWPTHU5eBLNnsT7w6XEpeIoMzrnib66TMSjE5tf/+ov0vHIFr7UPPqmq
F+PZko9otk9NVe0FX0gkNiO2LfhZkmSEqs2xtS01mfUCBNxONToWyCycBEKQ1Q5r
LLxJhlvDA2QJ
=TXbk
-----END PGP SIGNATURE-----
News for package libarchive-zip-perl
