Your message dated Sun, 09 Jun 2024 22:32:09 +0000
with message-id <e1sgr57-00e0jj...@fasolo.debian.org>
and subject line Bug#1072107: fixed in libarchive 3.6.2-1+deb12u1
has caused the Debian Bug report #1072107,
regarding libarchive: CVE-2024-26256
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1072107: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1072107
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: libarchive
Version: 3.7.2-2
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Control: found -1 3.6.2-1
Hi,
The following vulnerability was published for libarchive.
CVE-2024-26256[0]:
| libarchive Remote Code Execution Vulnerability
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2024-26256
https://www.cve.org/CVERecord?id=CVE-2024-26256
[1] https://github.com/advisories/GHSA-2jc9-36w4-pmqw
[2]
https://github.com/libarchive/libarchive/commit/eb7939b24a681a04648a59cdebd386b1e9dc9237
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libarchive
Source-Version: 3.6.2-1+deb12u1
Done: Salvatore Bonaccorso <car...@debian.org>
We believe that the bug you reported is fixed in the latest version of
libarchive, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1072...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <car...@debian.org> (supplier of updated libarchive
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 02 Jun 2024 16:38:00 +0200
Source: libarchive
Architecture: source
Version: 3.6.2-1+deb12u1
Distribution: bookworm-security
Urgency: high
Maintainer: Peter Pentchev <r...@debian.org>
Changed-By: Salvatore Bonaccorso <car...@debian.org>
Closes: 1068047 1072107
Changes:
libarchive (3.6.2-1+deb12u1) bookworm-security; urgency=high
.
[ Peter Pentchev ]
* Add the robust-error-reporting upstream patch. Closes: #1068047
.
[ Salvatore Bonaccorso ]
* fix: OOB in rar e8 filter (CVE-2024-26256) (Closes: #1072107)
* fix: OOB in rar delta filter
* fix: OOB in rar audio filter
Checksums-Sha1:
e6e5f6b4c5fed869bf40f1a0113cf5684c0b02c5 2695 libarchive_3.6.2-1+deb12u1.dsc
35c971132e4ecb1679418d1713e328e415aac569 5213196 libarchive_3.6.2.orig.tar.xz
9c5ae31f3a3850ea301c1db8ccbd312f01e572ff 659 libarchive_3.6.2.orig.tar.xz.asc
07d4afb2b8e42d113a1d2732ef81df40d949931b 26708
libarchive_3.6.2-1+deb12u1.debian.tar.xz
Checksums-Sha256:
48516b52965a717d939b65493b7b148b1620045e4c69e4ace2caa199f9ec6b8d 2695
libarchive_3.6.2-1+deb12u1.dsc
9e2c1b80d5fbe59b61308fdfab6c79b5021d7ff4ff2489fb12daf0a96a83551d 5213196
libarchive_3.6.2.orig.tar.xz
c6f1cdc29571dd6b09d3776ae98404a81b2dbe970a2bd9dc0bd9ed183ca49b71 659
libarchive_3.6.2.orig.tar.xz.asc
41de35dcf0e1b69654ecdb43de18d3f8ba531340b45555a3e0ba2d822903623e 26708
libarchive_3.6.2-1+deb12u1.debian.tar.xz
Files:
9ddad72db13414cb29f3b880e4514662 2695 libs optional
libarchive_3.6.2-1+deb12u1.dsc
72cbb3c085624c825f627bfc8f52ce53 5213196 libs optional
libarchive_3.6.2.orig.tar.xz
fce14a9cae1725d38f714aa23a48e7da 659 libs optional
libarchive_3.6.2.orig.tar.xz.asc
3b8b3bea2e56e1fe7d21e1083016d8f6 26708 libs optional
libarchive_3.6.2-1+deb12u1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmZchLFfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EIxMQAIVQztvCD+HoX2yDSqSgxOXycQ+mm6TJ
hAaY/9GgJOghFUY+riDwvUi8e0hTG1BDuuUPp6Qn1mGxWkR5+oS39Wvn/ecoZgA1
Sox5SiyUYZ6sjlL/mBLms+cRWrSoIsEKFxtZctWSgvTlB7Azkv4gF4fGYcsENJdq
cgBmJoh7wGYquSMggkXxUoL+tfmWJlWe2CMhU+N7RvRqHhSeCn/zVycEDsH1VHgE
3/KbqAGdoqJ6jazFkou3J/DnZuZxX+CVDp6QFaKldmdD+A5fEsXT86lzDtM2y1LA
J06SUDiENJ913kmYhH0k3qdkUnoOPKkJyLu5s4YZn4rd2KOsbRxwqeEMcRbe+oIK
0ktnTUDLRZfZpDClxY1jNPrxIh8IUJ0OWN6W1vIJhyzAQ0raj7qzAKLXc8aHyWv/
qh9JBtKsZWQh9Dx72LMiNt655M0z4fpi0aWuBa7r9VObXJcqvKLXdzN8eTAJd2SU
Idy0qAUVdCpTVNrxONfysVxYEQV4/c+EQ18YpElQP+fCsKNA8gZrKxg1Jg4sZvzd
A2XGByLdTzCoZ+RrM5ekJT35+hgNbyZIJPcbnM33KvslttHim4Myrx0mGqghfZj4
8IQWpj5acIhIpQjifN2/tAmf8Eut3iiLgKizBgz1HXYhJIHwdr2HwL4B0txSg3nN
DilLS/tVX7e3
=Lu6c
-----END PGP SIGNATURE-----
pgp7fxC_e6HJR.pgp
Description: PGP signature
--- End Message ---
