Thanks for reporting this issue - this would appear to have potential
security implications, however as it is already public I see no reason
to keep this private - if a CVE were to be assigned then this could be
fixed via a security update by the security team, otherwise this would
be fixed via the normal SRU process[1]. As such, please feel free to
file a CVE request with MITRE[2] and if one is assigned, please update
this bug report with the CVE ID and we can fix it via the security team.

[1] https://wiki.ubuntu.com/StableReleaseUpdates
[2] https://cve.mitre.org/cve/request_id.html

** Information type changed from Private Security to Public Security

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libarchive in Ubuntu.
https://bugs.launchpad.net/bugs/1830629

Title:
  Errors when extracting ZIP files. It can not differentiate between
  files and directories

Status in libarchive package in Ubuntu:
  New

Bug description:
  The specific version included in Ubuntu 18.04 (libarchive 3.2.2) is
  the only version that presents the problem. This version has a known
  problem when reading file entries in ZIP files, where it incorrectly
  identifies directories and files entries.

  It has been confirmed that the previous and following versions
  (3.3.1+) do not have this problem and the library handles the ZIP
  files correctly.

  Is it possible to include a newer version of libarchive (3.3.1+) in
  Bionic?

  This problem is seriously affecting some of our systems.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libarchive/+bug/1830629/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to