[ubuntu/yakkety-proposed] libarchive 3.1.2-11ubuntu1 (Accepted)

[Marc Deslauriers]

libarchive (3.1.2-11ubuntu1) yakkety; urgency=medium

  * SECURITY UPDATE: code execution via incorrect compressed size
    - debian/patches/CVE-2016-1541.patch: check sizes in
      libarchive/archive_read_support_format_zip.c.
    - CVE-2016-1541
  * SECURITY UPDATE: denial of service via malformed cpio archive
    - debian/patches/issue502.patch: fix implicit cast in
      libarchive/archive_read_support_format_cpio.c, reject attempts to
      move the file pointer by a negative amount in
      libarchive/archive_read.c.
    - CVE number pending.

Date: Fri, 13 May 2016 09:24:48 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/libarchive/3.1.2-11ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 13 May 2016 09:24:48 -0400
Source: libarchive
Binary: libarchive-dev libarchive13 bsdtar bsdcpio
Architecture: source
Version: 3.1.2-11ubuntu1
Distribution: yakkety
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
 bsdcpio    - Implementation of the 'cpio' program from FreeBSD
 bsdtar     - Implementation of the 'tar' program from FreeBSD
 libarchive-dev - Multi-format archive and compression library (development files)
 libarchive13 - Multi-format archive and compression library (shared library)
Changes:
 libarchive (3.1.2-11ubuntu1) yakkety; urgency=medium
 .
   * SECURITY UPDATE: code execution via incorrect compressed size
     - debian/patches/CVE-2016-1541.patch: check sizes in
       libarchive/archive_read_support_format_zip.c.
     - CVE-2016-1541
   * SECURITY UPDATE: denial of service via malformed cpio archive
     - debian/patches/issue502.patch: fix implicit cast in
       libarchive/archive_read_support_format_cpio.c, reject attempts to
       move the file pointer by a negative amount in
       libarchive/archive_read.c.
     - CVE number pending.
Checksums-Sha1:
 132b74a88a33d3a1e90c9c201de54c61f11efbcd 2392 libarchive_3.1.2-11ubuntu1.dsc
 0e7718923c9333362b4627d45e9c8193d66341a4 16092 libarchive_3.1.2-11ubuntu1.debian.tar.xz
Checksums-Sha256:
 3142b39b23a41dc48cf6326f92b114e473faf98089f4db4528e8022e0fd145a9 2392 libarchive_3.1.2-11ubuntu1.dsc
 16014b001ca710fc05eb71f4ec66e88fdf1c6ce172567790997318fee7f2d987 16092 libarchive_3.1.2-11ubuntu1.debian.tar.xz
Files:
 e24defddce8eccfe3bc889bece3af1bc 2392 libs optional libarchive_3.1.2-11ubuntu1.dsc
 abc06a2ac78602002ab724b2f62eb45b 16092 libs optional libarchive_3.1.2-11ubuntu1.debian.tar.xz
Original-Maintainer: Debian Libarchive Maintainers <ah-libarchive at debian.org>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJXNd9JAAoJEGVp2FWnRL6TaFQP/1NO3icuSseOLlgNHiyjPRq8
A9cd4sxRII3lp5O9723VyJGHwqYb7Dg0D2w4/Zwmmaq5t9bRG/n32sISlwHXGnPU
0wYbASgouUJzsXfsxxVTwLOJfohC74FbW5a88P7EBdc6P7r+kuumDtNuibyGs2c8
R+rPYh7c0JPfZnvRWwyFDG2bQoubrUjkhDeAnTX2UOMIzCpLevSHoFdVqdJ2pdRF
l4QI9j4qDA7H5Em2i/46kLAPz/T4YNIdJ7vO63AWvCTFm8AfyBuy8JgW77FK0ktZ
birySo9PkEoD2cgh668xhVTd/L3covaL8JDcH/tP+McglVgPlW8+fVGIeiAsT+AB
b1hA8ms10LwsHeowlG7Znq8zdNhgRxLE5+L1pHV7QV13uCp8prD+OTpKBenqogMD
AkNoKoRacMs3hZD7QeWqX84Hr2TgoVMaq4tNFeIXXnGdo/76pNqrCBdLdf9AaJRy
RUwlrMhFde1XEYOa23AXegjmCR5i3A1zTd9azZ7XFldVsw6iUlmXMD4aCbO1JAx8
kaTr1NZ71lcMLAzF+CTyOlI6kSe7IZcnmqrhBBBuBo/LAlln4Bwj8vJ+AtkPRykZ
4200DsSEdEP0EGuzDgZYcfbalrxZUXLsbr2lDePeMQzT54hXhn8DnofdPuls1iUY
fLfSuGwxvMkJAs7DlEzh
=iq1k
-----END PGP SIGNATURE-----