[ubuntu/oneiric-security] libarchive 2.8.4-1ubuntu0.11.10.1 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Mon Dec 19 14:03:22 UTC 2011 

libarchive (2.8.4-1ubuntu0.11.10.1) oneiric-security; urgency=low

  * SECURITY UPDATE: arbitrary code execution via iso9660 overflows
    - debian/patches/CVE-2011-1777.patch: correctly fail on out of memory
      conditions in libarchive/archive_read_support_format_iso9660.c.
    - CVE-2011-1777
  * SECURITY UPDATE: arbitrary code execution via tar overflows
    - debian/patches/CVE-2011-1778.patch: correctly fail on out of memory
      conditions in libarchive/archive_read_support_format_tar.c
    - CVE-2011-1778

Date: Fri, 09 Dec 2011 12:34:05 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/oneiric/+source/libarchive/2.8.4-1ubuntu0.11.10.1
-------------- next part --------------
Format: 1.8
Date: Fri, 09 Dec 2011 12:34:05 -0500
Source: libarchive
Binary: libarchive-dev libarchive1 bsdtar bsdcpio
Architecture: source
Version: 2.8.4-1ubuntu0.11.10.1
Distribution: oneiric-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description: 
 bsdcpio    - cpio(1) from FreeBSD, using libarchive
 bsdtar     - tar(1) from FreeBSD, using libarchive
 libarchive-dev - Single library to read/write tar, cpio, pax, zip, iso9660, etc.
 libarchive1 - Single library to read/write tar, cpio, pax, zip, iso9660, etc.
Changes: 
 libarchive (2.8.4-1ubuntu0.11.10.1) oneiric-security; urgency=low
 .
   * SECURITY UPDATE: arbitrary code execution via iso9660 overflows
     - debian/patches/CVE-2011-1777.patch: correctly fail on out of memory
       conditions in libarchive/archive_read_support_format_iso9660.c.
     - CVE-2011-1777
   * SECURITY UPDATE: arbitrary code execution via tar overflows
     - debian/patches/CVE-2011-1778.patch: correctly fail on out of memory
       conditions in libarchive/archive_read_support_format_tar.c
     - CVE-2011-1778
Checksums-Sha1: 
 cc7e6780af5a5827f126aaf28e5e8fc2d603f752 2131 libarchive_2.8.4-1ubuntu0.11.10.1.dsc
 285b86966d7598cec32620fa9d0ccc2b3e23564a 16003 libarchive_2.8.4-1ubuntu0.11.10.1.debian.tar.gz
Checksums-Sha256: 
 41181aa4ecfb470197e6ba2186ffff17d858f8f5dbc1629e23454f44afbfbe3e 2131 libarchive_2.8.4-1ubuntu0.11.10.1.dsc
 74a04701f8aac6ec2317642622317628844ab8859d1de2262bb13bd35e03d102 16003 libarchive_2.8.4-1ubuntu0.11.10.1.debian.tar.gz
Files: 
 f8b0e487e4c16c98329f96b31514647a 2131 libs optional libarchive_2.8.4-1ubuntu0.11.10.1.dsc
 e319ce384e3877754d6ea6a36953ad2b 16003 libs optional libarchive_2.8.4-1ubuntu0.11.10.1.debian.tar.gz
Original-Maintainer: Andreas Henriksson <andreas at fatal.se>

More information about the Oneiric-changes mailing list