-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 07 Feb 2019 13:04:01 -0500 Source: libarchive Binary: libarchive-dev libarchive13 bsdtar bsdcpio Architecture: source amd64 Version: 3.1.2-11+deb8u7 Distribution: jessie-security Urgency: medium Maintainer: Debian Libarchive Maintainers <ah-libarch...@debian.org> Changed-By: Antoine Beaupré <anar...@debian.org> Description: bsdcpio - Implementation of the 'cpio' program from FreeBSD bsdtar - Implementation of the 'tar' program from FreeBSD libarchive-dev - Multi-format archive and compression library (development files) libarchive13 - Multi-format archive and compression library (shared library) Changes: libarchive (3.1.2-11+deb8u7) jessie-security; urgency=medium . * Non-maintainer upload by the LTS Security Team. * Fix CVE-2019-1000019: Out-of-bounds Read vulnerability in 7zip decompression, that can result in a crash (denial of service, CWE-125) * Fix CVE-2019-1000020: vulnerability in ISO9660 parser that can result in DoS by infinite loop (CWE-835) Checksums-Sha1: 591696e41f6e74cd3721f391bb5cc8c0a6215aac 1982 libarchive_3.1.2-11+deb8u7.dsc 58dd6b879a00e0292e128caccd8c923e6c26892a 42656 libarchive_3.1.2-11+deb8u7.debian.tar.xz 05011a5906a3b7a20dcfd94a91bed6fdbc6ea157 434828 libarchive-dev_3.1.2-11+deb8u7_amd64.deb 4e79927ac7e02ae0c42aec5207de3d188872629a 271150 libarchive13_3.1.2-11+deb8u7_amd64.deb e31ef34bfcafaa1e56da1b432789ee666cd646ce 54646 bsdtar_3.1.2-11+deb8u7_amd64.deb 5f6fe0b750c49ae4bd51011be80af36b795f22c5 40200 bsdcpio_3.1.2-11+deb8u7_amd64.deb Checksums-Sha256: 36e8237ba3e554ed03e57a984f3bda296e40280671c9fbee7bc92aa181e3a5a8 1982 libarchive_3.1.2-11+deb8u7.dsc 188786a51ba927b8d498cb92c0939d66b771e7c5e974d399bddb6254c8f135b7 42656 libarchive_3.1.2-11+deb8u7.debian.tar.xz 3b5f07fa874e4b4d3abf4707e4f63cd006a9d1db2b4100283de74ff7989fd828 434828 libarchive-dev_3.1.2-11+deb8u7_amd64.deb 279f990382b6074d302913a87f48cad8ede1df7a390945c029b23015a5b7c2df 271150 libarchive13_3.1.2-11+deb8u7_amd64.deb 2a9edc94203a427966a53c79dacc99021ad961a2e8c478b16ff3fe78a6586af6 54646 bsdtar_3.1.2-11+deb8u7_amd64.deb b149852b52a13cc9c991e9d74f969055cec0bcc7fe152351253f7009d43c368a 40200 bsdcpio_3.1.2-11+deb8u7_amd64.deb Files: 832cc52c0a02dfc04c6fc780f116529f 1982 libs optional libarchive_3.1.2-11+deb8u7.dsc 3cf3372dd630ec4c6d9baa74d4b55fc2 42656 libs optional libarchive_3.1.2-11+deb8u7.debian.tar.xz a20c5c0601a23a475e4b70ce0a6e3bfa 434828 libdevel optional libarchive-dev_3.1.2-11+deb8u7_amd64.deb ae1b3423cfe5d69c7dda16bac6ae017d 271150 libs optional libarchive13_3.1.2-11+deb8u7_amd64.deb 3baee0842be12f726a6ca50d1fa5dfa5 54646 utils optional bsdtar_3.1.2-11+deb8u7_amd64.deb 0584c893887c8865e4df4480cf02e021 40200 utils optional bsdcpio_3.1.2-11+deb8u7_amd64.deb
-----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEexZCBNCWcjsBljWrPqHd3bJh2XsFAlxcfFkACgkQPqHd3bJh 2XsUwwf/Z056V8Dm6oHnsr0pyh8suGwsDvjfdtzGm+5763rt5jr5aaAxCKoWn4a/ mT9pNV+lhMnsM4/v2Mdx5C/FFfZdxeBMSWgptDbBmy1ABdXFVUcMdUMpa4HXwFxq 4gzQ5dtWRid1m4tmWx1rSVszWgDzWQ+KDnDHhGo9XXSpHsm4dLoQVLNQUuW1fkoO gG7u99K1RCwvcJqZZ74nSA/UBvS6LXFnrtjB8o6bOhC4J6MO4O+MGWe9XncPUKo5 mZ94mRHLkCxQ+u/9j3gx5VJamEEvaywsWVkjCoURnLzGye9eo3seRVWqTCusDZNU dvhrI8YErznBrtERdIQSXgV/bLwkIg== =N0VG -----END PGP SIGNATURE-----