[ubuntu/precise] libarchive 2.8.5-3ubuntu1 (Accepted)
Marc Deslauriers
marc.deslauriers at ubuntu.com
Mon Dec 12 15:10:25 UTC 2011
libarchive (2.8.5-3ubuntu1) precise; urgency=low
* SECURITY UPDATE: arbitrary code execution via iso9660 overflows
- debian/patches/CVE-2011-1777.patch: correctly fail on out of memory
conditions in libarchive/archive_read_support_format_iso9660.c.
- CVE-2011-1777
* SECURITY UPDATE: arbitrary code execution via tar overflows
- debian/patches/CVE-2011-1778.patch: correctly fail on out of memory
conditions in libarchive/archive_read_support_format_tar.c
- CVE-2011-1778
Date: Fri, 09 Dec 2011 09:52:51 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/precise/+source/libarchive/2.8.5-3ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 09 Dec 2011 09:52:51 -0500
Source: libarchive
Binary: libarchive-dev libarchive1 bsdtar bsdcpio
Architecture: source
Version: 2.8.5-3ubuntu1
Distribution: precise
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
bsdcpio - cpio(1) from FreeBSD, using libarchive
bsdtar - tar(1) from FreeBSD, using libarchive
libarchive-dev - Multi-format archive and compression library (development files)
libarchive1 - Multi-format archive and compression library (shared library)
Changes:
libarchive (2.8.5-3ubuntu1) precise; urgency=low
.
* SECURITY UPDATE: arbitrary code execution via iso9660 overflows
- debian/patches/CVE-2011-1777.patch: correctly fail on out of memory
conditions in libarchive/archive_read_support_format_iso9660.c.
- CVE-2011-1777
* SECURITY UPDATE: arbitrary code execution via tar overflows
- debian/patches/CVE-2011-1778.patch: correctly fail on out of memory
conditions in libarchive/archive_read_support_format_tar.c
- CVE-2011-1778
Checksums-Sha1:
1511d68a41acc5c6f2e9763e49626b969532d433 2262 libarchive_2.8.5-3ubuntu1.dsc
f27105586d2400407fd5768b9e0ec50625225c90 160178 libarchive_2.8.5-3ubuntu1.debian.tar.gz
Checksums-Sha256:
46ebfd6ed9d067479ff3afecaef08bda18c628ba18f61279ed31b563093fe5c1 2262 libarchive_2.8.5-3ubuntu1.dsc
a7c23fb554d79bba4387e84b40ca4e8dbc2be5778227ad5fdb73ae3329cf260f 160178 libarchive_2.8.5-3ubuntu1.debian.tar.gz
Files:
c8236b1e1acfcfd9648ef723a46a0132 2262 libs optional libarchive_2.8.5-3ubuntu1.dsc
c5f56dd95b37c8f620f9864d13d423a0 160178 libs optional libarchive_2.8.5-3ubuntu1.debian.tar.gz
Original-Maintainer: Andreas Henriksson <andreas at fatal.se>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAEBCgAGBQJO5hgCAAoJEGVp2FWnRL6T4F4QALW7Z+vyLIYslQybOSHzwx0Z
Ut+HTughx0FXSvsSWwnruiWZYP7OAPtfNovFG63qffI5lRng3TnHd1yBuIjiFmxe
XSBNHLdziMHt5bPEY9dyJNzlbDf3xUk9v5vEqnVYy0LgVA5kqTl8W6ytJOApOCD3
Os5jKoUc5RkQWrLa5WQ6Zs+Ejc6psOuTps7Q1LVdOUcSSPwdJvnBskIa/E76cN/S
ALOxHZLiBAx2Fu+rQIbPAmfgzXfzFMgOCalrsIZGFMbJDjmRWpFb/hB7HoV5Z0PC
BDIEAfvZBF9M2u3gXzCH6Otm1i+hLXyucMlUcYg4HkUgh8f0DcloHUzfGLOQYLTT
u9m0Ka2n+/7O4QeN82tjzhJBPUewB0l5hvrtsCZYcbxAgpGa/AynHhAZ7NA0Ge+b
5vv0yBC1O0c2KfWdoSOwGoB/EosDE5FJyMpz92vcSd0UU+xOlO2656zM3GiUDLNy
pwViOm+h2JTBBihxaBcTNh4sQqpBpoimeIJY3QeDxjXYisKh5T6Y1sV+AcdlNIny
VqCtShaoEdJaF/H6uyadVZ/o12+fxeqV9JOm0U98+4NhxG4ivJeWHx3QOD6cDNlG
+C4iHp85fciyXeykC2Gm3LCJlmz6fYjmFwAHqCB6hEtvzI6mntswl4iVi4FTXrXL
Hmbcqm4OWiQ2tv1WrIXk
=C7bR
-----END PGP SIGNATURE-----
More information about the Precise-changes
mailing list