libarchive 3.1.2-11ubuntu0.15.10.2 source package in Ubuntu
Changelog
libarchive (3.1.2-11ubuntu0.15.10.2) wily-security; urgency=medium * SECURITY UPDATE: denial of service via malformed rar or cab files - debian/patches/CVE-2015-8916.patch: ignore entries with empty filenames in tar/read.c. - CVE-2015-8916 - CVE-2015-8917 * SECURITY UPDATE: denial of service via malformed lzh file - debian/patches/CVE-2015-8919.patch: recognize empty dir name in libarchive/archive_read_support_format_lha.c. - CVE-2015-8919 * SECURITY UPDATE: buffer underflow parsing ar header - debian/patches/CVE-2015-8920.patch: check for empty filenames in libarchive/archive_read_support_format_ar.c. - CVE-2015-8920 * SECURITY UPDATE: read past end of string parsing - debian/patches/CVE-2015-8921.patch: properly calculate string length in libarchive/archive_entry.c. - CVE-2015-8921 * SECURITY UPDATE: segfault on malformed 7z archive - debian/patches/CVE-2015-8922.patch: reject some malformed files in libarchive/archive_read_support_format_7zip.c, added tests to Makefile.am, libarchive/test/test_read_format_7zip_malformed.7z.uu, libarchive/test/test_read_format_7zip_malformed.c, libarchive/test/test_read_format_7zip_malformed2.7z.uu, libarchive/test/CMakeLists.txt. - CVE-2015-8922 * SECURITY UPDATE: segfault on malformed Zip archive - debian/patches/CVE-2015-8923.patch: properly handle sizes in libarchive/archive_read_support_format_zip.c, added tests to Makefile.am, libarchive/test/CMakeLists.txt, libarchive/test/test_read_format_zip_malformed.c, libarchive/test/test_read_format_zip_malformed1.zip.uu. - CVE-2015-8923 * SECURITY UPDATE: buffer overflow when processing tar files - debian/patches/CVE-2015-8924.patch: properly handle empty filenames in libarchive/archive_read_support_format_tar.c. - CVE-2015-8924 * SECURITY UPDATE: improper newline parsing - debian/patches/CVE-2015-8925.patch: fix escaped newline parsing in libarchive/archive_read_support_format_mtree.c, added tests to libarchive/test/test_read_format_mtree.c, libarchive/test/test_read_format_mtree.mtree.uu. - CVE-2015-8925 * SECURITY UPDATE: segfault on invalid rar archive - debian/patches/CVE-2015-8926.patch: properly handle return code in libarchive/archive_read_support_format_rar.c. - CVE-2015-8926 * SECURITY UPDATE: out-of-bounds read in mtree - debian/patches/CVE-2015-8928.patch: properly handle filename parsing in libarchive/archive_read_support_format_mtree.c. - CVE-2015-8928 * SECURITY UPDATE: segfault via dir loop in malformed ISO - debian/patches/CVE-2015-8930.patch: limit recursion in libarchive/archive_read_support_format_iso9660.c. - CVE-2015-8930 * SECURITY UPDATE: integer overflow parsing time values - debian/patches/CVE-2015-8931.patch: fix time handling in libarchive/archive_read_support_format_mtree.c. - CVE-2015-8931 * SECURITY UPDATE: crash via invalid compressed data - debian/patches/CVE-2015-8932.patch: add more checks to libarchive/archive_read_support_filter_compress.c, added tests to Makefile.am, libarchive/test/CMakeLists.txt, libarchive/test/test_read_filter_compress.c. - CVE-2015-8932 * SECURITY UPDATE: integer overflow via negative-sized sparse blocks - debian/patches/CVE-2015-8933.patch: add check to libarchive/archive_read_support_format_tar.c. - CVE-2015-8933 * SECURITY UPDATE: heap overflow parsing malformed tar archives - debian/patches/CVE-2015-8934.patch: properly check reading from lzss decompression buffer in libarchive/archive_read_support_format_rar.c, added tests to Makefile.am, libarchive/test/CMakeLists.txt, libarchive/test/test_read_format_rar_invalid1.c, libarchive/test/test_read_format_rar_invalid1.rar.uu. - CVE-2015-8934 * SECURITY UPDATE: overflow reading 7-Zip with large number of substreams - debian/patches/CVE-2016-4300.patch: add another limit to libarchive/archive_read_support_format_7zip.c. - CVE-2016-4300 * SECURITY UPDATE: crash via rar files with zero dictionary size - debian/patches/CVE-2016-4302.patch: handle zero-sized disctionary in libarchive/archive_ppmd7.c, libarchive/archive_read_support_format_rar.c. - CVE-2016-4302 * SECURITY UPDATE: memory allocation issues with large cpio symlinks - debian/patches/CVE-2016-4809.patch: reject large symlinks in libarchive/archive_read_support_format_cpio.c. - CVE-2016-4809 * SECURITY UPDATE: integer overflow when computing volume descriptor - debian/patches/CVE-2016-5844.patch: fix multiplications in libarchive/archive_read_support_format_iso9660.c. - CVE-2016-5844 -- Marc Deslauriers <email address hidden> Wed, 13 Jul 2016 11:17:13 -0400
Upload details
- Uploaded by:
- Marc Deslauriers
- Uploaded to:
- Wily
- Original maintainer:
- Ubuntu Developers
- Architectures:
- any
- Section:
- libs
- Urgency:
- Medium Urgency
See full publishing history Publishing
Series | Published | Component | Section |
---|
Downloads
File | Size | SHA-256 Checksum |
---|---|---|
libarchive_3.1.2.orig.tar.gz | 4.3 MiB | eb87eacd8fe49e8d90c8fdc189813023ccc319c5e752b01fb6ad0cc7b2c53d5e |
libarchive_3.1.2-11ubuntu0.15.10.2.debian.tar.xz | 28.3 KiB | 5cd0b7d586f216bcf0925e90fb20502f5672b95fce24090d259515f7020f5a56 |
libarchive_3.1.2-11ubuntu0.15.10.2.dsc | 2.4 KiB | 1ba51edd4667aae65e6aab42dc5dcc636a58445f319075d6028fd0f25182e2e6 |
Available diffs
Binary packages built by this source
- bsdcpio: No summary available for bsdcpio in ubuntu wily.
No description available for bsdcpio in ubuntu wily.
- bsdcpio-dbgsym: No summary available for bsdcpio-dbgsym in ubuntu wily.
No description available for bsdcpio-dbgsym in ubuntu wily.
- bsdtar: No summary available for bsdtar in ubuntu wily.
No description available for bsdtar in ubuntu wily.
- bsdtar-dbgsym: No summary available for bsdtar-dbgsym in ubuntu wily.
No description available for bsdtar-dbgsym in ubuntu wily.
- libarchive-dev: No summary available for libarchive-dev in ubuntu wily.
No description available for libarchive-dev in ubuntu wily.
- libarchive13: No summary available for libarchive13 in ubuntu wily.
No description available for libarchive13 in ubuntu wily.
- libarchive13-dbgsym: No summary available for libarchive13-dbgsym in ubuntu wily.
No description available for libarchive13-dbgsym in ubuntu wily.