Your message dated Fri, 06 Mar 2015 21:17:06 +0000
with message-id <e1ytzci-0001wb...@franck.debian.org>
and subject line Bug#778266: fixed in libarchive 3.0.4-3+wheezy1
has caused the Debian Bug report #778266,
regarding libarchive: Directory traversal
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
778266: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778266
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: libarchive
Severity: grave
Tags: security
Hi,
please see http://www.openwall.com/lists/oss-security/2015/01/16/7
for details.
Cheers,
Moritz
--- End Message ---
--- Begin Message ---
Source: libarchive
Source-Version: 3.0.4-3+wheezy1
We believe that the bug you reported is fixed in the latest version of
libarchive, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 778...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Alessandro Ghedini <gh...@debian.org> (supplier of updated libarchive package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Thu, 05 Mar 2015 11:26:19 +0100
Source: libarchive
Binary: libarchive-dev libarchive12 bsdtar bsdcpio
Architecture: source amd64
Version: 3.0.4-3+wheezy1
Distribution: wheezy-security
Urgency: high
Maintainer: Debian Libarchive Maintainers <ah-libarch...@debian.org>
Changed-By: Alessandro Ghedini <gh...@debian.org>
Description:
bsdcpio - Implementation of the 'cpio' program from FreeBSD
bsdtar - Implementation of the 'tar' program from FreeBSD
libarchive-dev - Multi-format archive and compression library (development
files)
libarchive12 - Multi-format archive and compression library (shared library)
Closes: 778266
Changes:
libarchive (3.0.4-3+wheezy1) wheezy-security; urgency=high
.
* Fix directory traversal vulnerability in bsdcpio (Closes: #778266)
Checksums-Sha1:
d3e5470de797444de108360c4f6225d2f14735b2 2265 libarchive_3.0.4-3+wheezy1.dsc
81bf817aa512ad67af583c7a2dab79743e418899 3632806 libarchive_3.0.4.orig.tar.gz
8239e0cc558dc8da53c42d80adb0aceb53ffde5a 13095
libarchive_3.0.4-3+wheezy1.debian.tar.gz
82266d953797e356fb35d55d56b3417678cbbc93 472376
libarchive-dev_3.0.4-3+wheezy1_amd64.deb
18f891bca66622199b17bdfbbf04e0323ab17f90 303536
libarchive12_3.0.4-3+wheezy1_amd64.deb
b78a66f3d9e2a0b57ae6e952ae5a03ae96fd3f79 54722 bsdtar_3.0.4-3+wheezy1_amd64.deb
b24bb470c2d24ee90799934ba02cf76c8227cb95 41090
bsdcpio_3.0.4-3+wheezy1_amd64.deb
Checksums-Sha256:
a0ae302f4448b79f345be2ee81874a07e6d351470db32cac926b530676e5a3d7 2265
libarchive_3.0.4-3+wheezy1.dsc
76e8d7c7b100ec4071e48c1b7d3f3ea1d22b39db3e45b7189f75b5ff4df90fac 3632806
libarchive_3.0.4.orig.tar.gz
94fb184a4da403608b5148f0d735029aca3ce0b7c7805a8fd86aaf84ee80782c 13095
libarchive_3.0.4-3+wheezy1.debian.tar.gz
81c9bbf443792e0d08d5ec989551a82dfd2054382bcae8ef5a22c83b92383535 472376
libarchive-dev_3.0.4-3+wheezy1_amd64.deb
80560e1227c6e72231410d06b16857587982ccb273595ff6c246bdda97fc98f6 303536
libarchive12_3.0.4-3+wheezy1_amd64.deb
45bb89a03b00580272513a01be9de7ccea4913b8b306e982402ba184fcb6f22d 54722
bsdtar_3.0.4-3+wheezy1_amd64.deb
fde1185fa26dee4b05b8095044c302870ef757b7380003b101814f551720f95a 41090
bsdcpio_3.0.4-3+wheezy1_amd64.deb
Files:
7ba517dfed36c2a4524e3197ae929ae4 2265 libs optional
libarchive_3.0.4-3+wheezy1.dsc
af443ca9a10ddbcbf00f7ae34ca7fc16 3632806 libs optional
libarchive_3.0.4.orig.tar.gz
2825020a140d808a9ebf640e45947fbe 13095 libs optional
libarchive_3.0.4-3+wheezy1.debian.tar.gz
dca903e8077090060cd3e19703c8c952 472376 libdevel optional
libarchive-dev_3.0.4-3+wheezy1_amd64.deb
f990fbb40a827f7f59ff5d0d7b36eb42 303536 libs optional
libarchive12_3.0.4-3+wheezy1_amd64.deb
9b47bcffa5f3d32ab8f0e1b0928e17be 54722 utils optional
bsdtar_3.0.4-3+wheezy1_amd64.deb
b128ff2861d1c31259da15568b943b72 41090 utils optional
bsdcpio_3.0.4-3+wheezy1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBAgAGBQJU+KF0AAoJEK+lG9bN5XPLgfgP/AxEudGWw/Ey9ZZLXx0i7FPv
MA/WqNxOlwHHKcljPFASPW1+v/qV/c9M1rBteyixOaqcEtohuI1poIuaIlUk5PCl
ZeUBV8Dgvh4QdsXXccDIl0IYeUr608DLgSHLK4TInsTvPPLdwDIF0sHJ78W+Jwoc
GkVr8jPU9gCyFai1sG97aQRTb6k4HiHcJL3bjCzQegZ576wR7COFT0pkANvpiHXi
QmaAamUTnhGI/Ls+o5XCrjvdSVHUB4iwfOvVEuO4HXOIhW3GDG5UFEvoZd2tWN0d
q3Q2iACMxbzxY637/kXnB63H+TaT5vCe6dgBSRnXIduIzkrLnrX6ujFPDiqHvCnr
tbud6QKpIGuve3pJ7CpynRF4Z9Jzrx1dcopFr/I7nKS88oLhY5gc7QgbP+Rz/Ajc
/y3JTNP7c0AmUN6ArU126IpfN50Nd3VaSX3Dm0v3Cu3gxbAXSJU09ls/r0omHypd
LsuA4Fa7NOdV/9SvPf/A4ce1I1TdlLVrwgk36+u/Zm/stMWkot9UrPo65XsHnbYh
IUULJj7OHgKZh3MifOhSRMJkp+UG0Kl4maCu79Lr4Q/aqMIUIsLmJn+pcsK+yzqR
B5SV+cErx/SxJ9yHYU6gd5mxxHLK59IkhMh1e1xBAyUQb5O7fPLSW28dwEaksj4W
Gc2WjPUjEruA2Aan62OF
=xODg
-----END PGP SIGNATURE-----
--- End Message ---
