[ubuntu/jammy-proposed] libarchive 3.5.2-1ubuntu1 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Thu Feb 17 13:49:12 UTC 2022 

libarchive (3.5.2-1ubuntu1) jammy; urgency=medium

  * SECURITY UPDATE: use-after-free in copy_string
    - debian/patches/CVE-2021-36976-1.patch: fixed out of bounds read in
      some files in Makefile.am,
      libarchive/archive_read_support_format_rar5.c,
      libarchive/test/*.
    - debian/patches/CVE-2021-36976-2.patch: fix invalid memory access in
      some files in Makefile.am,
      libarchive/archive_read_support_format_rar5.c,
      libarchive/test/test_read_format_rar5.c, libarchive/test/*.
    - CVE-2021-36976

Date: Wed, 16 Feb 2022 08:22:57 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/libarchive/3.5.2-1ubuntu1
-------------- next part --------------
Format: 1.8
Date: Wed, 16 Feb 2022 08:22:57 -0500
Source: libarchive
Built-For-Profiles: noudeb
Architecture: source
Version: 3.5.2-1ubuntu1
Distribution: jammy
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Changes:
 libarchive (3.5.2-1ubuntu1) jammy; urgency=medium
 .
   * SECURITY UPDATE: use-after-free in copy_string
     - debian/patches/CVE-2021-36976-1.patch: fixed out of bounds read in
       some files in Makefile.am,
       libarchive/archive_read_support_format_rar5.c,
       libarchive/test/*.
     - debian/patches/CVE-2021-36976-2.patch: fix invalid memory access in
       some files in Makefile.am,
       libarchive/archive_read_support_format_rar5.c,
       libarchive/test/test_read_format_rar5.c, libarchive/test/*.
     - CVE-2021-36976
Checksums-Sha1:
 fdab41ce2b9597f4881f378aa748b0a2e2b39b88 2615 libarchive_3.5.2-1ubuntu1.dsc
 7cd896c9257b59bc55edafaea1e0222f6c8989d0 30964 libarchive_3.5.2-1ubuntu1.debian.tar.xz
 9a970e145f12031b435aa2ef5993495cc7ff780e 6858 libarchive_3.5.2-1ubuntu1_source.buildinfo
Checksums-Sha256:
 7807c297e252114291185194eb870b4499686d9c0476ceb40fb606208f6a5f69 2615 libarchive_3.5.2-1ubuntu1.dsc
 19df478cbcc8cae11c6e65088084dc2595497e80f816e9f3cca324c33b72f452 30964 libarchive_3.5.2-1ubuntu1.debian.tar.xz
 f097995e3260368a0e71b180a08753a3fa292815d14c9ff1b93a60d5649c8d91 6858 libarchive_3.5.2-1ubuntu1_source.buildinfo
Files:
 c343390916a2fc39f2078f279dc96acb 2615 libs optional libarchive_3.5.2-1ubuntu1.dsc
 d9e9a2bfd3fae024ec31302980aeca53 30964 libs optional libarchive_3.5.2-1ubuntu1.debian.tar.xz
 d4cdddb2fb6457bee375f544236fcad8 6858 libs optional libarchive_3.5.2-1ubuntu1_source.buildinfo
Original-Maintainer: Peter Pentchev <roam at debian.org>

More information about the jammy-changes mailing list