Register | Log in

libarchive

Choose email to subscribe with

general

source: libarchive (main)
version: 3.3.3-4
maintainer: Peter Pentchev [DMD]
arch: all any
std-ver: 4.3.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 3.1.2-11+deb8u3
o-o-sec: 3.1.2-11+deb8u7
oldstable: 3.2.2-2+deb9u1
old-sec: 3.2.2-2+deb9u1
stable: 3.3.3-4
testing: 3.3.3-4
unstable: 3.3.3-4

versioned links

3.1.2-11+deb8u3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.1.2-11+deb8u7: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.2.2-2+deb9u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.3.3-4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

bsdcpio
bsdtar (6 bugs: 0, 3, 3, 0)
libarchive-dev
libarchive-tools
libarchive13

action needed

2 ignored security issues in stretch low

There are 2 open security issues in stretch.

2 issues skipped by the security teams:

CVE-2019-1000020: libarchive version commit 5a98dcf8a86364b3c2c469c85b93647dfb139961 onwards (version v2.8.0 onwards) contains a CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in ISO9660 parser, archive_read_support_format_iso9660.c, read_CE()/parse_rockridge() that can result in DoS by infinite loop. This attack appears to be exploitable via the victim opening a specially crafted ISO9660 file.
CVE-2019-1000019: libarchive version commit bf9aec176c6748f0ee7a678c5f9f9555b9a757c1 onwards (release v3.0.2 onwards) contains a CWE-125: Out-of-bounds Read vulnerability in 7zip decompression, archive_read_support_format_7zip.c, header_bytes() that can result in a crash (denial of service). This attack appears to be exploitable via the victim opening a specially crafted 7zip file.

Please fix them.

Created: 2019-02-05 Last update: 2019-07-07 09:01

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.4.0 instead of 4.3.0).

Created: 2019-07-08 Last update: 2019-07-08 20:09

news

[2019-02-08] libarchive 3.3.3-4 MIGRATED to testing (Debian testing watch)
[2019-02-07] Accepted libarchive 3.1.2-11+deb8u7 (source amd64) into oldstable (Antoine Beaupré)
[2019-02-06] Accepted libarchive 3.3.3-4 (source) into unstable (Peter Pentchev)
[2019-01-08] libarchive 3.3.3-3 MIGRATED to testing (Debian testing watch)
[2019-01-05] Accepted libarchive 3.3.3-3 (source) into unstable (Peter Pentchev)
[2018-12-30] Accepted libarchive 3.2.2-2+deb9u1 (source all amd64) into proposed-updates->stable-new, proposed-updates (Markus Koschany)
[2018-12-27] Accepted libarchive 3.2.2-2+deb9u1 (source all amd64) into stable->embargoed, stable (Markus Koschany)
[2018-12-24] libarchive 3.3.3-2 MIGRATED to testing (Debian testing watch)
[2018-12-21] Accepted libarchive 3.1.2-11+deb8u6 (source amd64) into oldstable (Markus Koschany)
[2018-12-21] Accepted libarchive 3.3.3-2 (source) into unstable (Peter Pentchev)
[2018-12-17] libarchive 3.3.3-1 MIGRATED to testing (Debian testing watch)
[2018-12-15] Accepted libarchive 3.3.3-1 (source) into unstable (Peter Pentchev)
[2018-11-29] Accepted libarchive 3.1.2-11+deb8u5 (source amd64) into oldstable (Markus Koschany)
[2018-11-29] Accepted libarchive 3.1.2-11+deb8u4 (source amd64) into oldstable (Markus Koschany)
[2018-08-28] libarchive 3.2.2-5 MIGRATED to testing (Debian testing watch)
[2018-08-28] libarchive 3.2.2-5 MIGRATED to testing (Debian testing watch)
[2018-08-25] Accepted libarchive 3.2.2-5 (source) into unstable (Peter Pentchev)
[2018-08-17] libarchive 3.2.2-4.2 MIGRATED to testing (Debian testing watch)
[2018-08-15] Accepted libarchive 3.2.2-4.2 (source) into unstable (Salvatore Bonaccorso)
[2018-07-28] libarchive 3.2.2-4.1 MIGRATED to testing (Debian testing watch)
[2018-07-25] Accepted libarchive 3.2.2-4.1 (source) into unstable (Salvatore Bonaccorso)
[2018-06-02] libarchive 3.2.2-4 MIGRATED to testing (Debian testing watch)
[2018-05-30] Accepted libarchive 3.2.2-4 (source) into unstable (Andreas Henriksson)
[2017-09-17] libarchive 3.2.2-3.1 MIGRATED to testing (Debian testing watch)
[2017-09-14] Accepted libarchive 3.2.2-3.1 (source) into unstable (Salvatore Bonaccorso)
[2017-09-14] Accepted libarchive 3.2.2-3 (source) into unstable (Andreas Henriksson)
[2017-09-14] Accepted libarchive 3.2.2-2.1 (source) into unstable (Salvatore Bonaccorso)
[2017-09-08] Accepted libarchive 3.0.4-3+wheezy6+deb7u1 (source amd64) into oldoldstable (Chris Lamb)
[2017-06-30] Accepted libarchive 3.0.4-3+wheezy6 (source amd64) into oldoldstable (Raphaël Hertzog)
[2017-04-09] libarchive 3.2.2-2 MIGRATED to testing (Debian testing watch)

1
2

bugs [bug history graph]

all: 6
RC: 0
I&N: 3
M&W: 3
F&P: 0
patch: 0

links

homepage
buildd: logs, clang, reproducibility, cross
popcon
browse source code
edit tags
security tracker
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 3.3.3-4
4 bugs

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing