View Bazaar branches
Get this repository:
git clone https://git.launchpad.net/ubuntu/+source/libarchive
Members of Ubuntu Server Dev import team can upload to this repository. Log in for directions.

Branches

Name Last Modified Last Commit
importer/debian/dsc 2020-03-07 22:45:12 UTC 2020-03-07
DSC file for 3.4.0-2

Author: Ubuntu Git Importer
Author Date: 2020-03-07 22:45:12 UTC

DSC file for 3.4.0-2

debian/sid 2020-03-07 22:33:59 UTC 2020-03-07
Import patches-unapplied version 3.4.0-2 to debian/sid

Author: Peter Pentchev
Author Date: 2020-03-07 16:28:00 UTC

Import patches-unapplied version 3.4.0-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 20aa7c1800ae44b3585573d9874afd2260f1a59e

New changelog entries:
  * Declare compliance with Debian Policy 4.5.0 with no changes.
  * Add the year 2020 to my debian/* copyright notice.
  * Add the CVE-2020-9308 patch - invalid RAR5 headers. (Closes: #951759)
  * Make the autopkgtests cross-test-friendly. (Closes: #953140)

applied/debian/sid 2020-03-07 22:33:59 UTC 2020-03-07
Import patches-applied version 3.4.0-2 to applied/debian/sid

Author: Peter Pentchev
Author Date: 2020-03-07 16:28:00 UTC

Import patches-applied version 3.4.0-2 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: d1628f1207584ad48918853b0d8629e0be2430c1
Unapplied parent: fae45de82f0ed28cbcc368af8bbdca370734c1ed

New changelog entries:
  * Declare compliance with Debian Policy 4.5.0 with no changes.
  * Add the year 2020 to my debian/* copyright notice.
  * Add the CVE-2020-9308 patch - invalid RAR5 headers. (Closes: #951759)
  * Make the autopkgtests cross-test-friendly. (Closes: #953140)

importer/ubuntu/dsc 2020-03-05 06:19:10 UTC 2020-03-05
DSC file for 3.4.0-1ubuntu2

Author: Ubuntu Git Importer
Author Date: 2020-03-05 06:19:10 UTC

DSC file for 3.4.0-1ubuntu2

ubuntu/focal-devel 2020-03-05 05:59:15 UTC 2020-03-05
Import patches-unapplied version 3.4.0-1ubuntu2 to ubuntu/focal-proposed

Author: Steve Langasek
Author Date: 2020-03-04 21:47:59 UTC

Import patches-unapplied version 3.4.0-1ubuntu2 to ubuntu/focal-proposed

Imported using git-ubuntu import.

Changelog parent: db29cf1dce8f7fb4f4bdc94b55760797233d4256

New changelog entries:
  * Make autopkgtests cross-test-friendly.

applied/ubuntu/focal-devel 2020-03-05 05:59:15 UTC 2020-03-05
Import patches-applied version 3.4.0-1ubuntu2 to applied/ubuntu/focal-proposed

Author: Steve Langasek
Author Date: 2020-03-04 21:47:59 UTC

Import patches-applied version 3.4.0-1ubuntu2 to applied/ubuntu/focal-proposed

Imported using git-ubuntu import.

Changelog parent: 1ac8cd230e9fd08d18110e652b029b174c121404
Unapplied parent: 1ecf14a5bf2d5f3d542f544020eff2dcf55eb2bb

New changelog entries:
  * Make autopkgtests cross-test-friendly.

ubuntu/focal-proposed 2020-03-05 05:59:15 UTC 2020-03-05
Import patches-unapplied version 3.4.0-1ubuntu2 to ubuntu/focal-proposed

Author: Steve Langasek
Author Date: 2020-03-04 21:47:59 UTC

Import patches-unapplied version 3.4.0-1ubuntu2 to ubuntu/focal-proposed

Imported using git-ubuntu import.

Changelog parent: db29cf1dce8f7fb4f4bdc94b55760797233d4256

New changelog entries:
  * Make autopkgtests cross-test-friendly.

applied/ubuntu/focal 2020-03-05 05:59:15 UTC 2020-03-05
Import patches-applied version 3.4.0-1ubuntu2 to applied/ubuntu/focal-proposed

Author: Steve Langasek
Author Date: 2020-03-04 21:47:59 UTC

Import patches-applied version 3.4.0-1ubuntu2 to applied/ubuntu/focal-proposed

Imported using git-ubuntu import.

Changelog parent: 1ac8cd230e9fd08d18110e652b029b174c121404
Unapplied parent: 1ecf14a5bf2d5f3d542f544020eff2dcf55eb2bb

New changelog entries:
  * Make autopkgtests cross-test-friendly.

applied/ubuntu/devel 2020-03-05 05:59:15 UTC 2020-03-05
Import patches-applied version 3.4.0-1ubuntu2 to applied/ubuntu/focal-proposed

Author: Steve Langasek
Author Date: 2020-03-04 21:47:59 UTC

Import patches-applied version 3.4.0-1ubuntu2 to applied/ubuntu/focal-proposed

Imported using git-ubuntu import.

Changelog parent: 1ac8cd230e9fd08d18110e652b029b174c121404
Unapplied parent: 1ecf14a5bf2d5f3d542f544020eff2dcf55eb2bb

New changelog entries:
  * Make autopkgtests cross-test-friendly.

ubuntu/devel 2020-03-05 05:59:15 UTC 2020-03-05
Import patches-unapplied version 3.4.0-1ubuntu2 to ubuntu/focal-proposed

Author: Steve Langasek
Author Date: 2020-03-04 21:47:59 UTC

Import patches-unapplied version 3.4.0-1ubuntu2 to ubuntu/focal-proposed

Imported using git-ubuntu import.

Changelog parent: db29cf1dce8f7fb4f4bdc94b55760797233d4256

New changelog entries:
  * Make autopkgtests cross-test-friendly.

applied/ubuntu/focal-proposed 2020-03-05 05:59:15 UTC 2020-03-05
Import patches-applied version 3.4.0-1ubuntu2 to applied/ubuntu/focal-proposed

Author: Steve Langasek
Author Date: 2020-03-04 21:47:59 UTC

Import patches-applied version 3.4.0-1ubuntu2 to applied/ubuntu/focal-proposed

Imported using git-ubuntu import.

Changelog parent: 1ac8cd230e9fd08d18110e652b029b174c121404
Unapplied parent: 1ecf14a5bf2d5f3d542f544020eff2dcf55eb2bb

New changelog entries:
  * Make autopkgtests cross-test-friendly.

ubuntu/focal 2020-03-05 05:59:15 UTC 2020-03-05
Import patches-unapplied version 3.4.0-1ubuntu2 to ubuntu/focal-proposed

Author: Steve Langasek
Author Date: 2020-03-04 21:47:59 UTC

Import patches-unapplied version 3.4.0-1ubuntu2 to ubuntu/focal-proposed

Imported using git-ubuntu import.

Changelog parent: db29cf1dce8f7fb4f4bdc94b55760797233d4256

New changelog entries:
  * Make autopkgtests cross-test-friendly.

ubuntu/xenial-devel 2020-03-02 14:03:13 UTC 2020-03-02
Import patches-unapplied version 3.1.2-11ubuntu0.16.04.8 to ubuntu/xenial-sec...

Author: Leonidas S. Barbosa
Author Date: 2020-02-20 14:45:19 UTC

Import patches-unapplied version 3.1.2-11ubuntu0.16.04.8 to ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: 1fa1926033aa9f4cb6601390ffd55003fe563a69

New changelog entries:
  * SECURITY UPDATE: Out-of-read and Denial of service
    - debian/patches/CVE-2019-19221.patch: Bugfix and optimize
      archive_wstring_append_from_mbs() in libarchive/archive_string.c.
    - CVE-2019-19221

ubuntu/xenial-security 2020-03-02 14:03:13 UTC 2020-03-02
Import patches-unapplied version 3.1.2-11ubuntu0.16.04.8 to ubuntu/xenial-sec...

Author: Leonidas S. Barbosa
Author Date: 2020-02-20 14:45:19 UTC

Import patches-unapplied version 3.1.2-11ubuntu0.16.04.8 to ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: 1fa1926033aa9f4cb6601390ffd55003fe563a69

New changelog entries:
  * SECURITY UPDATE: Out-of-read and Denial of service
    - debian/patches/CVE-2019-19221.patch: Bugfix and optimize
      archive_wstring_append_from_mbs() in libarchive/archive_string.c.
    - CVE-2019-19221

applied/ubuntu/xenial-updates 2020-03-02 14:03:13 UTC 2020-03-02
Import patches-applied version 3.1.2-11ubuntu0.16.04.8 to applied/ubuntu/xeni...

Author: Leonidas S. Barbosa
Author Date: 2020-02-20 14:45:19 UTC

Import patches-applied version 3.1.2-11ubuntu0.16.04.8 to applied/ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: b2db82573a5f865be0c343f4cadc474408691673
Unapplied parent: 7f23feef087ae6bfa0fbc45a7012c6f9da0dd708

New changelog entries:
  * SECURITY UPDATE: Out-of-read and Denial of service
    - debian/patches/CVE-2019-19221.patch: Bugfix and optimize
      archive_wstring_append_from_mbs() in libarchive/archive_string.c.
    - CVE-2019-19221

applied/ubuntu/xenial-devel 2020-03-02 14:03:13 UTC 2020-03-02
Import patches-applied version 3.1.2-11ubuntu0.16.04.8 to applied/ubuntu/xeni...

Author: Leonidas S. Barbosa
Author Date: 2020-02-20 14:45:19 UTC

Import patches-applied version 3.1.2-11ubuntu0.16.04.8 to applied/ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: b2db82573a5f865be0c343f4cadc474408691673
Unapplied parent: 7f23feef087ae6bfa0fbc45a7012c6f9da0dd708

New changelog entries:
  * SECURITY UPDATE: Out-of-read and Denial of service
    - debian/patches/CVE-2019-19221.patch: Bugfix and optimize
      archive_wstring_append_from_mbs() in libarchive/archive_string.c.
    - CVE-2019-19221

applied/ubuntu/xenial-security 2020-03-02 14:03:13 UTC 2020-03-02
Import patches-applied version 3.1.2-11ubuntu0.16.04.8 to applied/ubuntu/xeni...

Author: Leonidas S. Barbosa
Author Date: 2020-02-20 14:45:19 UTC

Import patches-applied version 3.1.2-11ubuntu0.16.04.8 to applied/ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: b2db82573a5f865be0c343f4cadc474408691673
Unapplied parent: 7f23feef087ae6bfa0fbc45a7012c6f9da0dd708

New changelog entries:
  * SECURITY UPDATE: Out-of-read and Denial of service
    - debian/patches/CVE-2019-19221.patch: Bugfix and optimize
      archive_wstring_append_from_mbs() in libarchive/archive_string.c.
    - CVE-2019-19221

ubuntu/xenial-updates 2020-03-02 14:03:13 UTC 2020-03-02
Import patches-unapplied version 3.1.2-11ubuntu0.16.04.8 to ubuntu/xenial-sec...

Author: Leonidas S. Barbosa
Author Date: 2020-02-20 14:45:19 UTC

Import patches-unapplied version 3.1.2-11ubuntu0.16.04.8 to ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: 1fa1926033aa9f4cb6601390ffd55003fe563a69

New changelog entries:
  * SECURITY UPDATE: Out-of-read and Denial of service
    - debian/patches/CVE-2019-19221.patch: Bugfix and optimize
      archive_wstring_append_from_mbs() in libarchive/archive_string.c.
    - CVE-2019-19221

applied/ubuntu/bionic-devel 2020-03-02 14:03:09 UTC 2020-03-02
Import patches-applied version 3.2.2-3.1ubuntu0.6 to applied/ubuntu/bionic-se...

Author: Leonidas S. Barbosa
Author Date: 2020-02-20 14:46:13 UTC

Import patches-applied version 3.2.2-3.1ubuntu0.6 to applied/ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: 9316adbf7c1478367d83b6e474200bc241270ee2
Unapplied parent: 67945a5a745907b0e9e75ce1504cd9be120f84df

New changelog entries:
  * SECURITY UPDATE: Out-of-read and Denial of service
    - debian/patches/CVE-2019-19221.patch: Bugfix and optimize
      archive_wstring_append_from_mbs() in libarchive/archive_string.c.
    - CVE-2019-19221

applied/ubuntu/bionic-security 2020-03-02 14:03:09 UTC 2020-03-02
Import patches-applied version 3.2.2-3.1ubuntu0.6 to applied/ubuntu/bionic-se...

Author: Leonidas S. Barbosa
Author Date: 2020-02-20 14:46:13 UTC

Import patches-applied version 3.2.2-3.1ubuntu0.6 to applied/ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: 9316adbf7c1478367d83b6e474200bc241270ee2
Unapplied parent: 67945a5a745907b0e9e75ce1504cd9be120f84df

New changelog entries:
  * SECURITY UPDATE: Out-of-read and Denial of service
    - debian/patches/CVE-2019-19221.patch: Bugfix and optimize
      archive_wstring_append_from_mbs() in libarchive/archive_string.c.
    - CVE-2019-19221

ubuntu/bionic-security 2020-03-02 14:03:09 UTC 2020-03-02
Import patches-unapplied version 3.2.2-3.1ubuntu0.6 to ubuntu/bionic-security

Author: Leonidas S. Barbosa
Author Date: 2020-02-20 14:46:13 UTC

Import patches-unapplied version 3.2.2-3.1ubuntu0.6 to ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: b0c2fc86f99e9eeb473f4b6092a21d83bd73a97c

New changelog entries:
  * SECURITY UPDATE: Out-of-read and Denial of service
    - debian/patches/CVE-2019-19221.patch: Bugfix and optimize
      archive_wstring_append_from_mbs() in libarchive/archive_string.c.
    - CVE-2019-19221

ubuntu/bionic-devel 2020-03-02 14:03:09 UTC 2020-03-02
Import patches-unapplied version 3.2.2-3.1ubuntu0.6 to ubuntu/bionic-security

Author: Leonidas S. Barbosa
Author Date: 2020-02-20 14:46:13 UTC

Import patches-unapplied version 3.2.2-3.1ubuntu0.6 to ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: b0c2fc86f99e9eeb473f4b6092a21d83bd73a97c

New changelog entries:
  * SECURITY UPDATE: Out-of-read and Denial of service
    - debian/patches/CVE-2019-19221.patch: Bugfix and optimize
      archive_wstring_append_from_mbs() in libarchive/archive_string.c.
    - CVE-2019-19221

applied/ubuntu/bionic-updates 2020-03-02 14:03:09 UTC 2020-03-02
Import patches-applied version 3.2.2-3.1ubuntu0.6 to applied/ubuntu/bionic-se...

Author: Leonidas S. Barbosa
Author Date: 2020-02-20 14:46:13 UTC

Import patches-applied version 3.2.2-3.1ubuntu0.6 to applied/ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: 9316adbf7c1478367d83b6e474200bc241270ee2
Unapplied parent: 67945a5a745907b0e9e75ce1504cd9be120f84df

New changelog entries:
  * SECURITY UPDATE: Out-of-read and Denial of service
    - debian/patches/CVE-2019-19221.patch: Bugfix and optimize
      archive_wstring_append_from_mbs() in libarchive/archive_string.c.
    - CVE-2019-19221

ubuntu/bionic-updates 2020-03-02 14:03:09 UTC 2020-03-02
Import patches-unapplied version 3.2.2-3.1ubuntu0.6 to ubuntu/bionic-security

Author: Leonidas S. Barbosa
Author Date: 2020-02-20 14:46:13 UTC

Import patches-unapplied version 3.2.2-3.1ubuntu0.6 to ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: b0c2fc86f99e9eeb473f4b6092a21d83bd73a97c

New changelog entries:
  * SECURITY UPDATE: Out-of-read and Denial of service
    - debian/patches/CVE-2019-19221.patch: Bugfix and optimize
      archive_wstring_append_from_mbs() in libarchive/archive_string.c.
    - CVE-2019-19221

ubuntu/eoan-updates 2020-03-02 14:03:05 UTC 2020-03-02
Import patches-unapplied version 3.4.0-1ubuntu0.1 to ubuntu/eoan-security

Author: Leonidas S. Barbosa
Author Date: 2020-02-20 14:58:57 UTC

Import patches-unapplied version 3.4.0-1ubuntu0.1 to ubuntu/eoan-security

Imported using git-ubuntu import.

Changelog parent: 20aa7c1800ae44b3585573d9874afd2260f1a59e

New changelog entries:
  * SECURITY UPDATE: Out-of-read and Denial of service
    - debian/patches/CVE-2019-19221.patch: Bugfix and optimize
      archive_wstring_append_from_mbs() in libarchive/archive_string.c.
    - CVE-2019-19221
  * SECURITY UPDATE: SIGSEGV denial of service
    - debian/patches/CVE-2020-9308.patch: reject files that
      declare invalid header flags fix in
      libarchive/archive_read_support_format_rar5.c,
      libarchive/test/test_read_format_rar5.c,
      libarchive/test/test_read_format_rar5_block_size_is_too_small.rar.uu.
    - CVE-2020-9308

ubuntu/eoan-security 2020-03-02 14:03:05 UTC 2020-03-02
Import patches-unapplied version 3.4.0-1ubuntu0.1 to ubuntu/eoan-security

Author: Leonidas S. Barbosa
Author Date: 2020-02-20 14:58:57 UTC

Import patches-unapplied version 3.4.0-1ubuntu0.1 to ubuntu/eoan-security

Imported using git-ubuntu import.

Changelog parent: 20aa7c1800ae44b3585573d9874afd2260f1a59e

New changelog entries:
  * SECURITY UPDATE: Out-of-read and Denial of service
    - debian/patches/CVE-2019-19221.patch: Bugfix and optimize
      archive_wstring_append_from_mbs() in libarchive/archive_string.c.
    - CVE-2019-19221
  * SECURITY UPDATE: SIGSEGV denial of service
    - debian/patches/CVE-2020-9308.patch: reject files that
      declare invalid header flags fix in
      libarchive/archive_read_support_format_rar5.c,
      libarchive/test/test_read_format_rar5.c,
      libarchive/test/test_read_format_rar5_block_size_is_too_small.rar.uu.
    - CVE-2020-9308

ubuntu/eoan-devel 2020-03-02 14:03:05 UTC 2020-03-02
Import patches-unapplied version 3.4.0-1ubuntu0.1 to ubuntu/eoan-security

Author: Leonidas S. Barbosa
Author Date: 2020-02-20 14:58:57 UTC

Import patches-unapplied version 3.4.0-1ubuntu0.1 to ubuntu/eoan-security

Imported using git-ubuntu import.

Changelog parent: 20aa7c1800ae44b3585573d9874afd2260f1a59e

New changelog entries:
  * SECURITY UPDATE: Out-of-read and Denial of service
    - debian/patches/CVE-2019-19221.patch: Bugfix and optimize
      archive_wstring_append_from_mbs() in libarchive/archive_string.c.
    - CVE-2019-19221
  * SECURITY UPDATE: SIGSEGV denial of service
    - debian/patches/CVE-2020-9308.patch: reject files that
      declare invalid header flags fix in
      libarchive/archive_read_support_format_rar5.c,
      libarchive/test/test_read_format_rar5.c,
      libarchive/test/test_read_format_rar5_block_size_is_too_small.rar.uu.
    - CVE-2020-9308

applied/ubuntu/eoan-updates 2020-03-02 14:03:05 UTC 2020-03-02
Import patches-applied version 3.4.0-1ubuntu0.1 to applied/ubuntu/eoan-security

Author: Leonidas S. Barbosa
Author Date: 2020-02-20 14:58:57 UTC

Import patches-applied version 3.4.0-1ubuntu0.1 to applied/ubuntu/eoan-security

Imported using git-ubuntu import.

Changelog parent: d1628f1207584ad48918853b0d8629e0be2430c1
Unapplied parent: 68b471fbb977f76cb9e69605cc048991850212de

New changelog entries:
  * SECURITY UPDATE: Out-of-read and Denial of service
    - debian/patches/CVE-2019-19221.patch: Bugfix and optimize
      archive_wstring_append_from_mbs() in libarchive/archive_string.c.
    - CVE-2019-19221
  * SECURITY UPDATE: SIGSEGV denial of service
    - debian/patches/CVE-2020-9308.patch: reject files that
      declare invalid header flags fix in
      libarchive/archive_read_support_format_rar5.c,
      libarchive/test/test_read_format_rar5.c,
      libarchive/test/test_read_format_rar5_block_size_is_too_small.rar.uu.
    - CVE-2020-9308

applied/ubuntu/eoan-security 2020-03-02 14:03:05 UTC 2020-03-02
Import patches-applied version 3.4.0-1ubuntu0.1 to applied/ubuntu/eoan-security

Author: Leonidas S. Barbosa
Author Date: 2020-02-20 14:58:57 UTC

Import patches-applied version 3.4.0-1ubuntu0.1 to applied/ubuntu/eoan-security

Imported using git-ubuntu import.

Changelog parent: d1628f1207584ad48918853b0d8629e0be2430c1
Unapplied parent: 68b471fbb977f76cb9e69605cc048991850212de

New changelog entries:
  * SECURITY UPDATE: Out-of-read and Denial of service
    - debian/patches/CVE-2019-19221.patch: Bugfix and optimize
      archive_wstring_append_from_mbs() in libarchive/archive_string.c.
    - CVE-2019-19221
  * SECURITY UPDATE: SIGSEGV denial of service
    - debian/patches/CVE-2020-9308.patch: reject files that
      declare invalid header flags fix in
      libarchive/archive_read_support_format_rar5.c,
      libarchive/test/test_read_format_rar5.c,
      libarchive/test/test_read_format_rar5_block_size_is_too_small.rar.uu.
    - CVE-2020-9308

applied/ubuntu/eoan-devel 2020-03-02 14:03:05 UTC 2020-03-02
Import patches-applied version 3.4.0-1ubuntu0.1 to applied/ubuntu/eoan-security

Author: Leonidas S. Barbosa
Author Date: 2020-02-20 14:58:57 UTC

Import patches-applied version 3.4.0-1ubuntu0.1 to applied/ubuntu/eoan-security

Imported using git-ubuntu import.

Changelog parent: d1628f1207584ad48918853b0d8629e0be2430c1
Unapplied parent: 68b471fbb977f76cb9e69605cc048991850212de

New changelog entries:
  * SECURITY UPDATE: Out-of-read and Denial of service
    - debian/patches/CVE-2019-19221.patch: Bugfix and optimize
      archive_wstring_append_from_mbs() in libarchive/archive_string.c.
    - CVE-2019-19221
  * SECURITY UPDATE: SIGSEGV denial of service
    - debian/patches/CVE-2020-9308.patch: reject files that
      declare invalid header flags fix in
      libarchive/archive_read_support_format_rar5.c,
      libarchive/test/test_read_format_rar5.c,
      libarchive/test/test_read_format_rar5_block_size_is_too_small.rar.uu.
    - CVE-2020-9308

applied/debian/stretch 2020-02-08 17:40:29 UTC 2020-02-08
Import patches-applied version 3.2.2-2+deb9u2 to applied/debian/stretch

Author: Thorsten Alteholz
Author Date: 2019-10-27 10:03:02 UTC

Import patches-applied version 3.2.2-2+deb9u2 to applied/debian/stretch

Imported using git-ubuntu import.

Changelog parent: 676650951e741310d61e4d11cae31cd2302bc603
Unapplied parent: 8d1df62f743235a955982b9d8ca1fd608f126089

New changelog entries:
  * Non-maintainer upload by the LTS team.
  * CVE-2019-18408
    Fix use after free in case parts of the archive are corrupt but
    the archive contains several headers.
  * Fix CVE-2019-1000019
    Out-of-bounds Read vulnerability in 7zip decompression, that can
    result in a crash (denial of service, CWE-125)
  * Fix CVE-2019-1000020
    vulnerability in ISO9660 parser that can result in DoS by infinite
    loop (CWE-835)

debian/stretch 2020-02-08 17:40:29 UTC 2020-02-08
Import patches-unapplied version 3.2.2-2+deb9u2 to debian/stretch

Author: Thorsten Alteholz
Author Date: 2019-10-27 10:03:02 UTC

Import patches-unapplied version 3.2.2-2+deb9u2 to debian/stretch

Imported using git-ubuntu import.

Changelog parent: 3154983591beabd1e40d9075338f6a7c56cc234c

New changelog entries:
  * Non-maintainer upload by the LTS team.
  * CVE-2019-18408
    Fix use after free in case parts of the archive are corrupt but
    the archive contains several headers.
  * Fix CVE-2019-1000019
    Out-of-bounds Read vulnerability in 7zip decompression, that can
    result in a crash (denial of service, CWE-125)
  * Fix CVE-2019-1000020
    vulnerability in ISO9660 parser that can result in DoS by infinite
    loop (CWE-835)

applied/debian/buster 2019-11-16 10:48:47 UTC 2019-11-16
Import patches-applied version 3.3.3-4+deb10u1 to applied/debian/buster

Author: Thorsten Alteholz
Author Date: 2019-10-27 08:03:02 UTC

Import patches-applied version 3.3.3-4+deb10u1 to applied/debian/buster

Imported using git-ubuntu import.

Changelog parent: 777d24ebadd58f041731c4fc411d7f7a1785a486
Unapplied parent: 656f65aaf0a1cbb53717a6c5f937244ac95f02b0

New changelog entries:
  * Non-maintainer upload by the LTS team.
  * CVE-2019-18408
    Fix use after free in case parts of the archive are corrupt but
    the archive contains several headers.

debian/buster 2019-11-16 10:48:47 UTC 2019-11-16
Import patches-unapplied version 3.3.3-4+deb10u1 to debian/buster

Author: Thorsten Alteholz
Author Date: 2019-10-27 08:03:02 UTC

Import patches-unapplied version 3.3.3-4+deb10u1 to debian/buster

Imported using git-ubuntu import.

Changelog parent: f5bd55d5e63ba8783756597e787f50ff9e8460dd

New changelog entries:
  * Non-maintainer upload by the LTS team.
  * CVE-2019-18408
    Fix use after free in case parts of the archive are corrupt but
    the archive contains several headers.

applied/ubuntu/disco-updates 2019-10-29 17:39:20 UTC 2019-10-29
Import patches-applied version 3.3.3-4ubuntu0.1 to applied/ubuntu/disco-security

Author: Leonidas S. Barbosa
Author Date: 2019-10-28 13:34:56 UTC

Import patches-applied version 3.3.3-4ubuntu0.1 to applied/ubuntu/disco-security

Imported using git-ubuntu import.

Changelog parent: 777d24ebadd58f041731c4fc411d7f7a1785a486
Unapplied parent: 7cfda504af700e5241a0119946fd1072b3a260f5

New changelog entries:
  * SECURITY UPDATE: Use-after-free
    - debian/patches/CVE-2019-18408.patch: RAR reader: fix use after free
      in libarchive/archive_read_support_format_rar.c.
    - CVE-2019-18408

applied/ubuntu/disco-security 2019-10-29 17:39:20 UTC 2019-10-29
Import patches-applied version 3.3.3-4ubuntu0.1 to applied/ubuntu/disco-security

Author: Leonidas S. Barbosa
Author Date: 2019-10-28 13:34:56 UTC

Import patches-applied version 3.3.3-4ubuntu0.1 to applied/ubuntu/disco-security

Imported using git-ubuntu import.

Changelog parent: 777d24ebadd58f041731c4fc411d7f7a1785a486
Unapplied parent: 7cfda504af700e5241a0119946fd1072b3a260f5

New changelog entries:
  * SECURITY UPDATE: Use-after-free
    - debian/patches/CVE-2019-18408.patch: RAR reader: fix use after free
      in libarchive/archive_read_support_format_rar.c.
    - CVE-2019-18408

applied/ubuntu/disco-devel 2019-10-29 17:39:20 UTC 2019-10-29
Import patches-applied version 3.3.3-4ubuntu0.1 to applied/ubuntu/disco-security

Author: Leonidas S. Barbosa
Author Date: 2019-10-28 13:34:56 UTC

Import patches-applied version 3.3.3-4ubuntu0.1 to applied/ubuntu/disco-security

Imported using git-ubuntu import.

Changelog parent: 777d24ebadd58f041731c4fc411d7f7a1785a486
Unapplied parent: 7cfda504af700e5241a0119946fd1072b3a260f5

New changelog entries:
  * SECURITY UPDATE: Use-after-free
    - debian/patches/CVE-2019-18408.patch: RAR reader: fix use after free
      in libarchive/archive_read_support_format_rar.c.
    - CVE-2019-18408

ubuntu/disco-devel 2019-10-29 17:39:20 UTC 2019-10-29
Import patches-unapplied version 3.3.3-4ubuntu0.1 to ubuntu/disco-security

Author: Leonidas S. Barbosa
Author Date: 2019-10-28 13:34:56 UTC

Import patches-unapplied version 3.3.3-4ubuntu0.1 to ubuntu/disco-security

Imported using git-ubuntu import.

Changelog parent: f5bd55d5e63ba8783756597e787f50ff9e8460dd

New changelog entries:
  * SECURITY UPDATE: Use-after-free
    - debian/patches/CVE-2019-18408.patch: RAR reader: fix use after free
      in libarchive/archive_read_support_format_rar.c.
    - CVE-2019-18408

ubuntu/disco-security 2019-10-29 17:39:20 UTC 2019-10-29
Import patches-unapplied version 3.3.3-4ubuntu0.1 to ubuntu/disco-security

Author: Leonidas S. Barbosa
Author Date: 2019-10-28 13:34:56 UTC

Import patches-unapplied version 3.3.3-4ubuntu0.1 to ubuntu/disco-security

Imported using git-ubuntu import.

Changelog parent: f5bd55d5e63ba8783756597e787f50ff9e8460dd

New changelog entries:
  * SECURITY UPDATE: Use-after-free
    - debian/patches/CVE-2019-18408.patch: RAR reader: fix use after free
      in libarchive/archive_read_support_format_rar.c.
    - CVE-2019-18408

ubuntu/disco-updates 2019-10-29 17:39:20 UTC 2019-10-29
Import patches-unapplied version 3.3.3-4ubuntu0.1 to ubuntu/disco-security

Author: Leonidas S. Barbosa
Author Date: 2019-10-28 13:34:56 UTC

Import patches-unapplied version 3.3.3-4ubuntu0.1 to ubuntu/disco-security

Imported using git-ubuntu import.

Changelog parent: f5bd55d5e63ba8783756597e787f50ff9e8460dd

New changelog entries:
  * SECURITY UPDATE: Use-after-free
    - debian/patches/CVE-2019-18408.patch: RAR reader: fix use after free
      in libarchive/archive_read_support_format_rar.c.
    - CVE-2019-18408

ubuntu/eoan 2019-09-21 04:31:00 UTC 2019-09-21
Import patches-unapplied version 3.4.0-1 to debian/sid

Author: Peter Pentchev
Author Date: 2019-09-20 22:44:44 UTC

Import patches-unapplied version 3.4.0-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: f5bd55d5e63ba8783756597e787f50ff9e8460dd

New changelog entries:
  * Declare compliance with Debian Policy 4.4.0 with no changes.
  * Mark the adequate test as superficial and give it a name.
  * Update the watch file a bit:
    - use the version 4 format placeholders
    - drop the "pasv" option, no FTP upstream sites
    - add the upstream signing key
  * Run all available Salsa CI jobs.
  * Drop the bsdtar and bsdcpio transitional packages.
    Closes: #940745, #940753
  * New upstream version:
    - drop all the patches obtained from the upstream Git repository
      (CVE-2018-1000877, CVE-2018-1000878, CVE-2018-1000879,
       CVE-2018-1000880, CVE-2019-1000019, CVE-2019-1000020, and
       zip-nullptr)
    - update the library symbols file
  * Add some bugfix patches obtained from upstream.
  * Add the typos patch to correct some typographical and grammatical
    errors.
  * Update the upstream copyright information.

ubuntu/eoan-proposed 2019-09-21 04:31:00 UTC 2019-09-21
Import patches-unapplied version 3.4.0-1 to debian/sid

Author: Peter Pentchev
Author Date: 2019-09-20 22:44:44 UTC

Import patches-unapplied version 3.4.0-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: f5bd55d5e63ba8783756597e787f50ff9e8460dd

New changelog entries:
  * Declare compliance with Debian Policy 4.4.0 with no changes.
  * Mark the adequate test as superficial and give it a name.
  * Update the watch file a bit:
    - use the version 4 format placeholders
    - drop the "pasv" option, no FTP upstream sites
    - add the upstream signing key
  * Run all available Salsa CI jobs.
  * Drop the bsdtar and bsdcpio transitional packages.
    Closes: #940745, #940753
  * New upstream version:
    - drop all the patches obtained from the upstream Git repository
      (CVE-2018-1000877, CVE-2018-1000878, CVE-2018-1000879,
       CVE-2018-1000880, CVE-2019-1000019, CVE-2019-1000020, and
       zip-nullptr)
    - update the library symbols file
  * Add some bugfix patches obtained from upstream.
  * Add the typos patch to correct some typographical and grammatical
    errors.
  * Update the upstream copyright information.

applied/ubuntu/eoan-proposed 2019-09-21 04:31:00 UTC 2019-09-21
Import patches-applied version 3.4.0-1 to applied/debian/sid

Author: Peter Pentchev
Author Date: 2019-09-20 22:44:44 UTC

Import patches-applied version 3.4.0-1 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: 777d24ebadd58f041731c4fc411d7f7a1785a486
Unapplied parent: bfac4bc835700d6023598ce6da3a81eac5bb9435

New changelog entries:
  * Declare compliance with Debian Policy 4.4.0 with no changes.
  * Mark the adequate test as superficial and give it a name.
  * Update the watch file a bit:
    - use the version 4 format placeholders
    - drop the "pasv" option, no FTP upstream sites
    - add the upstream signing key
  * Run all available Salsa CI jobs.
  * Drop the bsdtar and bsdcpio transitional packages.
    Closes: #940745, #940753
  * New upstream version:
    - drop all the patches obtained from the upstream Git repository
      (CVE-2018-1000877, CVE-2018-1000878, CVE-2018-1000879,
       CVE-2018-1000880, CVE-2019-1000019, CVE-2019-1000020, and
       zip-nullptr)
    - update the library symbols file
  * Add some bugfix patches obtained from upstream.
  * Add the typos patch to correct some typographical and grammatical
    errors.
  * Update the upstream copyright information.

applied/ubuntu/eoan 2019-09-21 04:31:00 UTC 2019-09-21
Import patches-applied version 3.4.0-1 to applied/debian/sid

Author: Peter Pentchev
Author Date: 2019-09-20 22:44:44 UTC

Import patches-applied version 3.4.0-1 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: 777d24ebadd58f041731c4fc411d7f7a1785a486
Unapplied parent: bfac4bc835700d6023598ce6da3a81eac5bb9435

New changelog entries:
  * Declare compliance with Debian Policy 4.4.0 with no changes.
  * Mark the adequate test as superficial and give it a name.
  * Update the watch file a bit:
    - use the version 4 format placeholders
    - drop the "pasv" option, no FTP upstream sites
    - add the upstream signing key
  * Run all available Salsa CI jobs.
  * Drop the bsdtar and bsdcpio transitional packages.
    Closes: #940745, #940753
  * New upstream version:
    - drop all the patches obtained from the upstream Git repository
      (CVE-2018-1000877, CVE-2018-1000878, CVE-2018-1000879,
       CVE-2018-1000880, CVE-2019-1000019, CVE-2019-1000020, and
       zip-nullptr)
    - update the library symbols file
  * Add some bugfix patches obtained from upstream.
  * Add the typos patch to correct some typographical and grammatical
    errors.
  * Update the upstream copyright information.

ubuntu/bionic-proposed 2019-07-30 21:58:18 UTC 2019-07-30
Import patches-unapplied version 3.2.2-3.1ubuntu0.4 to ubuntu/bionic-proposed

Author: Sebastien Bacher
Author Date: 2019-06-28 19:20:28 UTC

Import patches-unapplied version 3.2.2-3.1ubuntu0.4 to ubuntu/bionic-proposed

Imported using git-ubuntu import.

Changelog parent: 6f1115f931c3e3c93da6e6d1073e9a7bbffd0fe6

New changelog entries:
  * debian/patches/git_zip_directories.patch:
    - backport a fix for an issue where files are created instead of
      directories (lp: #1830629)

applied/ubuntu/bionic-proposed 2019-07-30 21:58:18 UTC 2019-07-30
Import patches-applied version 3.2.2-3.1ubuntu0.4 to applied/ubuntu/bionic-pr...

Author: Sebastien Bacher
Author Date: 2019-06-28 19:20:28 UTC

Import patches-applied version 3.2.2-3.1ubuntu0.4 to applied/ubuntu/bionic-proposed

Imported using git-ubuntu import.

Changelog parent: 9915fc404d0dc2cce147f92d829d4fc52a5c630a
Unapplied parent: 9d44261394a52057a4692e7233f817d6787511a3

New changelog entries:
  * debian/patches/git_zip_directories.patch:
    - backport a fix for an issue where files are created instead of
      directories (lp: #1830629)

ubuntu/cosmic-devel 2019-02-07 12:03:23 UTC 2019-02-07
Import patches-unapplied version 3.2.2-5ubuntu0.2 to ubuntu/cosmic-security

Author: Leonidas S. Barbosa
Author Date: 2019-02-06 11:55:41 UTC

Import patches-unapplied version 3.2.2-5ubuntu0.2 to ubuntu/cosmic-security

Imported using git-ubuntu import.

Changelog parent: 56427107438786204f603375626edbd12ec99fcc

New changelog entries:
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2019-1000019.patch: fix in
      libarchive/archive_read_support_format_7zip.c.
    - CVE-2019-1000019
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2019-1000020.patch: fix in
      libarchive/archive_read_support_format_iso9660.c.
    - CVE-2019-1000020

ubuntu/cosmic-security 2019-02-07 12:03:23 UTC 2019-02-07
Import patches-unapplied version 3.2.2-5ubuntu0.2 to ubuntu/cosmic-security

Author: Leonidas S. Barbosa
Author Date: 2019-02-06 11:55:41 UTC

Import patches-unapplied version 3.2.2-5ubuntu0.2 to ubuntu/cosmic-security

Imported using git-ubuntu import.

Changelog parent: 56427107438786204f603375626edbd12ec99fcc

New changelog entries:
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2019-1000019.patch: fix in
      libarchive/archive_read_support_format_7zip.c.
    - CVE-2019-1000019
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2019-1000020.patch: fix in
      libarchive/archive_read_support_format_iso9660.c.
    - CVE-2019-1000020

ubuntu/cosmic-updates 2019-02-07 12:03:23 UTC 2019-02-07
Import patches-unapplied version 3.2.2-5ubuntu0.2 to ubuntu/cosmic-security

Author: Leonidas S. Barbosa
Author Date: 2019-02-06 11:55:41 UTC

Import patches-unapplied version 3.2.2-5ubuntu0.2 to ubuntu/cosmic-security

Imported using git-ubuntu import.

Changelog parent: 56427107438786204f603375626edbd12ec99fcc

New changelog entries:
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2019-1000019.patch: fix in
      libarchive/archive_read_support_format_7zip.c.
    - CVE-2019-1000019
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2019-1000020.patch: fix in
      libarchive/archive_read_support_format_iso9660.c.
    - CVE-2019-1000020

ubuntu/trusty-updates 2019-02-07 12:03:23 UTC 2019-02-07
Import patches-unapplied version 3.1.2-7ubuntu2.8 to ubuntu/trusty-security

Author: Leonidas S. Barbosa
Author Date: 2019-02-06 11:48:45 UTC

Import patches-unapplied version 3.1.2-7ubuntu2.8 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 6934cf74bf26eabb83886951ce62174f2690e854

New changelog entries:
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2019-1000019.patch: fix in
      libarchive/archive_read_support_format_7zip.c.
    - CVE-2019-1000019
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2019-1000020.patch: fix in
      libarchive/archive_read_support_format_iso9660.c.
    - CVE-2019-1000020

applied/ubuntu/cosmic-security 2019-02-07 12:03:23 UTC 2019-02-07
Import patches-applied version 3.2.2-5ubuntu0.2 to applied/ubuntu/cosmic-secu...

Author: Leonidas S. Barbosa
Author Date: 2019-02-06 11:55:41 UTC

Import patches-applied version 3.2.2-5ubuntu0.2 to applied/ubuntu/cosmic-security

Imported using git-ubuntu import.

Changelog parent: b633248024bd082d1c1b9f3b96082b051bfbb448
Unapplied parent: 55f9de3f0c4ac158bd69d35aaebd049f6a58535d

New changelog entries:
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2019-1000019.patch: fix in
      libarchive/archive_read_support_format_7zip.c.
    - CVE-2019-1000019
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2019-1000020.patch: fix in
      libarchive/archive_read_support_format_iso9660.c.
    - CVE-2019-1000020

applied/ubuntu/cosmic-updates 2019-02-07 12:03:23 UTC 2019-02-07
Import patches-applied version 3.2.2-5ubuntu0.2 to applied/ubuntu/cosmic-secu...

Author: Leonidas S. Barbosa
Author Date: 2019-02-06 11:55:41 UTC

Import patches-applied version 3.2.2-5ubuntu0.2 to applied/ubuntu/cosmic-security

Imported using git-ubuntu import.

Changelog parent: b633248024bd082d1c1b9f3b96082b051bfbb448
Unapplied parent: 55f9de3f0c4ac158bd69d35aaebd049f6a58535d

New changelog entries:
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2019-1000019.patch: fix in
      libarchive/archive_read_support_format_7zip.c.
    - CVE-2019-1000019
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2019-1000020.patch: fix in
      libarchive/archive_read_support_format_iso9660.c.
    - CVE-2019-1000020

applied/ubuntu/trusty-updates 2019-02-07 12:03:23 UTC 2019-02-07
Import patches-applied version 3.1.2-7ubuntu2.8 to applied/ubuntu/trusty-secu...

Author: Leonidas S. Barbosa
Author Date: 2019-02-06 11:48:45 UTC

Import patches-applied version 3.1.2-7ubuntu2.8 to applied/ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: afb6eab260e9569e95d1d324bfcc7dfbfb5e8e74
Unapplied parent: 0b233f5752e310b98d3887516a53841292388a17

New changelog entries:
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2019-1000019.patch: fix in
      libarchive/archive_read_support_format_7zip.c.
    - CVE-2019-1000019
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2019-1000020.patch: fix in
      libarchive/archive_read_support_format_iso9660.c.
    - CVE-2019-1000020

applied/ubuntu/trusty-security 2019-02-07 12:03:23 UTC 2019-02-07
Import patches-applied version 3.1.2-7ubuntu2.8 to applied/ubuntu/trusty-secu...

Author: Leonidas S. Barbosa
Author Date: 2019-02-06 11:48:45 UTC

Import patches-applied version 3.1.2-7ubuntu2.8 to applied/ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: afb6eab260e9569e95d1d324bfcc7dfbfb5e8e74
Unapplied parent: 0b233f5752e310b98d3887516a53841292388a17

New changelog entries:
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2019-1000019.patch: fix in
      libarchive/archive_read_support_format_7zip.c.
    - CVE-2019-1000019
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2019-1000020.patch: fix in
      libarchive/archive_read_support_format_iso9660.c.
    - CVE-2019-1000020

applied/ubuntu/trusty-devel 2019-02-07 12:03:23 UTC 2019-02-07
Import patches-applied version 3.1.2-7ubuntu2.8 to applied/ubuntu/trusty-secu...

Author: Leonidas S. Barbosa
Author Date: 2019-02-06 11:48:45 UTC

Import patches-applied version 3.1.2-7ubuntu2.8 to applied/ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: afb6eab260e9569e95d1d324bfcc7dfbfb5e8e74
Unapplied parent: 0b233f5752e310b98d3887516a53841292388a17

New changelog entries:
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2019-1000019.patch: fix in
      libarchive/archive_read_support_format_7zip.c.
    - CVE-2019-1000019
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2019-1000020.patch: fix in
      libarchive/archive_read_support_format_iso9660.c.
    - CVE-2019-1000020

applied/ubuntu/cosmic-devel 2019-02-07 12:03:23 UTC 2019-02-07
Import patches-applied version 3.2.2-5ubuntu0.2 to applied/ubuntu/cosmic-secu...

Author: Leonidas S. Barbosa
Author Date: 2019-02-06 11:55:41 UTC

Import patches-applied version 3.2.2-5ubuntu0.2 to applied/ubuntu/cosmic-security

Imported using git-ubuntu import.

Changelog parent: b633248024bd082d1c1b9f3b96082b051bfbb448
Unapplied parent: 55f9de3f0c4ac158bd69d35aaebd049f6a58535d

New changelog entries:
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2019-1000019.patch: fix in
      libarchive/archive_read_support_format_7zip.c.
    - CVE-2019-1000019
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2019-1000020.patch: fix in
      libarchive/archive_read_support_format_iso9660.c.
    - CVE-2019-1000020

ubuntu/trusty-devel 2019-02-07 12:03:23 UTC 2019-02-07
Import patches-unapplied version 3.1.2-7ubuntu2.8 to ubuntu/trusty-security

Author: Leonidas S. Barbosa
Author Date: 2019-02-06 11:48:45 UTC

Import patches-unapplied version 3.1.2-7ubuntu2.8 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 6934cf74bf26eabb83886951ce62174f2690e854

New changelog entries:
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2019-1000019.patch: fix in
      libarchive/archive_read_support_format_7zip.c.
    - CVE-2019-1000019
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2019-1000020.patch: fix in
      libarchive/archive_read_support_format_iso9660.c.
    - CVE-2019-1000020

ubuntu/trusty-security 2019-02-07 12:03:23 UTC 2019-02-07
Import patches-unapplied version 3.1.2-7ubuntu2.8 to ubuntu/trusty-security

Author: Leonidas S. Barbosa
Author Date: 2019-02-06 11:48:45 UTC

Import patches-unapplied version 3.1.2-7ubuntu2.8 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 6934cf74bf26eabb83886951ce62174f2690e854

New changelog entries:
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2019-1000019.patch: fix in
      libarchive/archive_read_support_format_7zip.c.
    - CVE-2019-1000019
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2019-1000020.patch: fix in
      libarchive/archive_read_support_format_iso9660.c.
    - CVE-2019-1000020

ubuntu/disco 2019-02-06 16:37:28 UTC 2019-02-06
Import patches-unapplied version 3.3.3-4 to debian/sid

Author: Peter Pentchev
Author Date: 2019-02-06 09:01:25 UTC

Import patches-unapplied version 3.3.3-4 to debian/sid

Imported using git-ubuntu import.

Changelog parent: b3732f8027e0b6d7ac08e65995bd2703515008d0

New changelog entries:
  * Add three upstream patches:
    - CVE-2019-1000019: fix a crash when parsing some 7zip archives
    - CVE-2019-1000020: require the RockRidge extension for iso9660
    - zip-nullptr: fix a null pointer deference in ZIP files handling

applied/ubuntu/disco-proposed 2019-02-06 16:37:28 UTC 2019-02-06
Import patches-applied version 3.3.3-4 to applied/debian/sid

Author: Peter Pentchev
Author Date: 2019-02-06 09:01:25 UTC

Import patches-applied version 3.3.3-4 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: d3c14aaf6b79a057122d84d10a2ec2a1df256857
Unapplied parent: 84d76bee88b9d7248c39b86f47779cdcdb170900

New changelog entries:
  * Add three upstream patches:
    - CVE-2019-1000019: fix a crash when parsing some 7zip archives
    - CVE-2019-1000020: require the RockRidge extension for iso9660
    - zip-nullptr: fix a null pointer deference in ZIP files handling

applied/ubuntu/disco 2019-02-06 16:37:28 UTC 2019-02-06
Import patches-applied version 3.3.3-4 to applied/debian/sid

Author: Peter Pentchev
Author Date: 2019-02-06 09:01:25 UTC

Import patches-applied version 3.3.3-4 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: d3c14aaf6b79a057122d84d10a2ec2a1df256857
Unapplied parent: 84d76bee88b9d7248c39b86f47779cdcdb170900

New changelog entries:
  * Add three upstream patches:
    - CVE-2019-1000019: fix a crash when parsing some 7zip archives
    - CVE-2019-1000020: require the RockRidge extension for iso9660
    - zip-nullptr: fix a null pointer deference in ZIP files handling

ubuntu/disco-proposed 2019-02-06 16:37:28 UTC 2019-02-06
Import patches-unapplied version 3.3.3-4 to debian/sid

Author: Peter Pentchev
Author Date: 2019-02-06 09:01:25 UTC

Import patches-unapplied version 3.3.3-4 to debian/sid

Imported using git-ubuntu import.

Changelog parent: b3732f8027e0b6d7ac08e65995bd2703515008d0

New changelog entries:
  * Add three upstream patches:
    - CVE-2019-1000019: fix a crash when parsing some 7zip archives
    - CVE-2019-1000020: require the RockRidge extension for iso9660
    - zip-nullptr: fix a null pointer deference in ZIP files handling

ubuntu/cosmic 2018-08-25 22:32:37 UTC 2018-08-25
Import patches-unapplied version 3.2.2-5 to debian/sid

Author: Peter Pentchev
Author Date: 2018-08-25 15:28:10 UTC

Import patches-unapplied version 3.2.2-5 to debian/sid

Imported using git-ubuntu import.

Changelog parent: e9a01a756ca56a1f7f9812d4023bb2d368abb5cf

New changelog entries:
  * Acknowledge NMUs; many thanks to Salvatore Bonaccorso!
  * Use my Debian e-mail address.
  * Declare compliance with Debian Policy 4.2.0:
    - add Rules-Requires-Root: no to the source control stanza
    - install the upstream release notes (NEWS)
  * Drop the duplicate Priority fields for the binary packages.
  * Switch to the HTTPS scheme in various upstream and Debian
    packaging URLs.
  * Drop some trailing whitespace from old changelog entries.
  * Bump the debhelper compatibility level to 11 with no changes and
    use the B-D: debhelper-compat (= 11) mechanism.
  * Add a trivial autopkgtest running adequate on the binary packages.

ubuntu/cosmic-proposed 2018-08-25 22:32:37 UTC 2018-08-25
Import patches-unapplied version 3.2.2-5 to debian/sid

Author: Peter Pentchev
Author Date: 2018-08-25 15:28:10 UTC

Import patches-unapplied version 3.2.2-5 to debian/sid

Imported using git-ubuntu import.

Changelog parent: e9a01a756ca56a1f7f9812d4023bb2d368abb5cf

New changelog entries:
  * Acknowledge NMUs; many thanks to Salvatore Bonaccorso!
  * Use my Debian e-mail address.
  * Declare compliance with Debian Policy 4.2.0:
    - add Rules-Requires-Root: no to the source control stanza
    - install the upstream release notes (NEWS)
  * Drop the duplicate Priority fields for the binary packages.
  * Switch to the HTTPS scheme in various upstream and Debian
    packaging URLs.
  * Drop some trailing whitespace from old changelog entries.
  * Bump the debhelper compatibility level to 11 with no changes and
    use the B-D: debhelper-compat (= 11) mechanism.
  * Add a trivial autopkgtest running adequate on the binary packages.

applied/ubuntu/cosmic-proposed 2018-08-25 22:32:37 UTC 2018-08-25
Import patches-applied version 3.2.2-5 to applied/debian/sid

Author: Peter Pentchev
Author Date: 2018-08-25 15:28:10 UTC

Import patches-applied version 3.2.2-5 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: 5acaf5e221942f72ae94dceb655a4c71bb113942
Unapplied parent: 7a3b904c45e7d219b49d98f22874e53622ef7e2a

New changelog entries:
  * Acknowledge NMUs; many thanks to Salvatore Bonaccorso!
  * Use my Debian e-mail address.
  * Declare compliance with Debian Policy 4.2.0:
    - add Rules-Requires-Root: no to the source control stanza
    - install the upstream release notes (NEWS)
  * Drop the duplicate Priority fields for the binary packages.
  * Switch to the HTTPS scheme in various upstream and Debian
    packaging URLs.
  * Drop some trailing whitespace from old changelog entries.
  * Bump the debhelper compatibility level to 11 with no changes and
    use the B-D: debhelper-compat (= 11) mechanism.
  * Add a trivial autopkgtest running adequate on the binary packages.

applied/ubuntu/cosmic 2018-08-25 22:32:37 UTC 2018-08-25
Import patches-applied version 3.2.2-5 to applied/debian/sid

Author: Peter Pentchev
Author Date: 2018-08-25 15:28:10 UTC

Import patches-applied version 3.2.2-5 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: 5acaf5e221942f72ae94dceb655a4c71bb113942
Unapplied parent: 7a3b904c45e7d219b49d98f22874e53622ef7e2a

New changelog entries:
  * Acknowledge NMUs; many thanks to Salvatore Bonaccorso!
  * Use my Debian e-mail address.
  * Declare compliance with Debian Policy 4.2.0:
    - add Rules-Requires-Root: no to the source control stanza
    - install the upstream release notes (NEWS)
  * Drop the duplicate Priority fields for the binary packages.
  * Switch to the HTTPS scheme in various upstream and Debian
    packaging URLs.
  * Drop some trailing whitespace from old changelog entries.
  * Bump the debhelper compatibility level to 11 with no changes and
    use the B-D: debhelper-compat (= 11) mechanism.
  * Add a trivial autopkgtest running adequate on the binary packages.

importer/ubuntu/pristine-tar 2018-03-28 07:08:21 UTC 2018-03-28
pristine-tar data for libarchive_3.2.2.orig.tar.gz

Author: Ubuntu Git Importer
Author Date: 2018-03-28 07:08:21 UTC

pristine-tar data for libarchive_3.2.2.orig.tar.gz

importer/debian/pristine-tar 2018-03-28 06:44:18 UTC 2018-03-28
pristine-tar data for libarchive_3.2.2.orig.tar.gz

Author: Ubuntu Git Importer
Author Date: 2018-03-28 06:44:18 UTC

pristine-tar data for libarchive_3.2.2.orig.tar.gz

ubuntu/artful 2017-09-14 22:34:17 UTC 2017-09-14
Import patches-unapplied version 3.2.2-3.1 to debian/sid

Author: Salvatore Bonaccorso
Author Date: 2017-09-14 14:02:10 UTC

Import patches-unapplied version 3.2.2-3.1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: d4b2822716f6d63288b822e268840966a0641480

New changelog entries:
  * Non-maintainer upload.
  * Reupload 3.2.2-2.1 on top of 3.2.2-3
  * archive_strncat_l(): allocate and do not convert if length == 0
    (CVE-2016-10209) (Closes: #859456)
  * Reread the CAB header skipping the self-extracting binary code
    (CVE-2016-10349, CVE-2016-10350) (Closes: #861609)
  * Do something sensible for empty strings to make fuzzers happy
    (CVE-2017-14166)
    Fixes heap-based buffer over-read in the atol8 function. (Closes: #874539)

applied/ubuntu/bionic 2017-09-14 22:34:17 UTC 2017-09-14
Import patches-applied version 3.2.2-3.1 to applied/debian/sid

Author: Salvatore Bonaccorso
Author Date: 2017-09-14 14:02:10 UTC

Import patches-applied version 3.2.2-3.1 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: 2dc104f802727d3457a9c13f7b535bb03c917052
Unapplied parent: 3d2a65827a79ffae932bfd3d9e9e0ea5cba87205

New changelog entries:
  * Non-maintainer upload.
  * Reupload 3.2.2-2.1 on top of 3.2.2-3
  * archive_strncat_l(): allocate and do not convert if length == 0
    (CVE-2016-10209) (Closes: #859456)
  * Reread the CAB header skipping the self-extracting binary code
    (CVE-2016-10349, CVE-2016-10350) (Closes: #861609)
  * Do something sensible for empty strings to make fuzzers happy
    (CVE-2017-14166)
    Fixes heap-based buffer over-read in the atol8 function. (Closes: #874539)

applied/ubuntu/artful-devel 2017-09-14 22:34:17 UTC 2017-09-14
Import patches-applied version 3.2.2-3.1 to applied/debian/sid

Author: Salvatore Bonaccorso
Author Date: 2017-09-14 14:02:10 UTC

Import patches-applied version 3.2.2-3.1 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: 2dc104f802727d3457a9c13f7b535bb03c917052
Unapplied parent: 3d2a65827a79ffae932bfd3d9e9e0ea5cba87205

New changelog entries:
  * Non-maintainer upload.
  * Reupload 3.2.2-2.1 on top of 3.2.2-3
  * archive_strncat_l(): allocate and do not convert if length == 0
    (CVE-2016-10209) (Closes: #859456)
  * Reread the CAB header skipping the self-extracting binary code
    (CVE-2016-10349, CVE-2016-10350) (Closes: #861609)
  * Do something sensible for empty strings to make fuzzers happy
    (CVE-2017-14166)
    Fixes heap-based buffer over-read in the atol8 function. (Closes: #874539)

applied/ubuntu/artful-proposed 2017-09-14 22:34:17 UTC 2017-09-14
Import patches-applied version 3.2.2-3.1 to applied/debian/sid

Author: Salvatore Bonaccorso
Author Date: 2017-09-14 14:02:10 UTC

Import patches-applied version 3.2.2-3.1 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: 2dc104f802727d3457a9c13f7b535bb03c917052
Unapplied parent: 3d2a65827a79ffae932bfd3d9e9e0ea5cba87205

New changelog entries:
  * Non-maintainer upload.
  * Reupload 3.2.2-2.1 on top of 3.2.2-3
  * archive_strncat_l(): allocate and do not convert if length == 0
    (CVE-2016-10209) (Closes: #859456)
  * Reread the CAB header skipping the self-extracting binary code
    (CVE-2016-10349, CVE-2016-10350) (Closes: #861609)
  * Do something sensible for empty strings to make fuzzers happy
    (CVE-2017-14166)
    Fixes heap-based buffer over-read in the atol8 function. (Closes: #874539)

ubuntu/bionic 2017-09-14 22:34:17 UTC 2017-09-14
Import patches-unapplied version 3.2.2-3.1 to debian/sid

Author: Salvatore Bonaccorso
Author Date: 2017-09-14 14:02:10 UTC

Import patches-unapplied version 3.2.2-3.1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: d4b2822716f6d63288b822e268840966a0641480

New changelog entries:
  * Non-maintainer upload.
  * Reupload 3.2.2-2.1 on top of 3.2.2-3
  * archive_strncat_l(): allocate and do not convert if length == 0
    (CVE-2016-10209) (Closes: #859456)
  * Reread the CAB header skipping the self-extracting binary code
    (CVE-2016-10349, CVE-2016-10350) (Closes: #861609)
  * Do something sensible for empty strings to make fuzzers happy
    (CVE-2017-14166)
    Fixes heap-based buffer over-read in the atol8 function. (Closes: #874539)

applied/ubuntu/artful 2017-09-14 22:34:17 UTC 2017-09-14
Import patches-applied version 3.2.2-3.1 to applied/debian/sid

Author: Salvatore Bonaccorso
Author Date: 2017-09-14 14:02:10 UTC

Import patches-applied version 3.2.2-3.1 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: 2dc104f802727d3457a9c13f7b535bb03c917052
Unapplied parent: 3d2a65827a79ffae932bfd3d9e9e0ea5cba87205

New changelog entries:
  * Non-maintainer upload.
  * Reupload 3.2.2-2.1 on top of 3.2.2-3
  * archive_strncat_l(): allocate and do not convert if length == 0
    (CVE-2016-10209) (Closes: #859456)
  * Reread the CAB header skipping the self-extracting binary code
    (CVE-2016-10349, CVE-2016-10350) (Closes: #861609)
  * Do something sensible for empty strings to make fuzzers happy
    (CVE-2017-14166)
    Fixes heap-based buffer over-read in the atol8 function. (Closes: #874539)

ubuntu/artful-devel 2017-09-14 22:34:17 UTC 2017-09-14
Import patches-unapplied version 3.2.2-3.1 to debian/sid

Author: Salvatore Bonaccorso
Author Date: 2017-09-14 14:02:10 UTC

Import patches-unapplied version 3.2.2-3.1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: d4b2822716f6d63288b822e268840966a0641480

New changelog entries:
  * Non-maintainer upload.
  * Reupload 3.2.2-2.1 on top of 3.2.2-3
  * archive_strncat_l(): allocate and do not convert if length == 0
    (CVE-2016-10209) (Closes: #859456)
  * Reread the CAB header skipping the self-extracting binary code
    (CVE-2016-10349, CVE-2016-10350) (Closes: #861609)
  * Do something sensible for empty strings to make fuzzers happy
    (CVE-2017-14166)
    Fixes heap-based buffer over-read in the atol8 function. (Closes: #874539)

ubuntu/artful-proposed 2017-09-14 22:34:17 UTC 2017-09-14
Import patches-unapplied version 3.2.2-3.1 to debian/sid

Author: Salvatore Bonaccorso
Author Date: 2017-09-14 14:02:10 UTC

Import patches-unapplied version 3.2.2-3.1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: d4b2822716f6d63288b822e268840966a0641480

New changelog entries:
  * Non-maintainer upload.
  * Reupload 3.2.2-2.1 on top of 3.2.2-3
  * archive_strncat_l(): allocate and do not convert if length == 0
    (CVE-2016-10209) (Closes: #859456)
  * Reread the CAB header skipping the self-extracting binary code
    (CVE-2016-10349, CVE-2016-10350) (Closes: #861609)
  * Do something sensible for empty strings to make fuzzers happy
    (CVE-2017-14166)
    Fixes heap-based buffer over-read in the atol8 function. (Closes: #874539)

ubuntu/zesty 2017-04-04 04:15:52 UTC 2017-04-04
Import patches-unapplied version 3.2.2-2 to debian/sid

Author: Andreas Henriksson
Author Date: 2017-04-03 20:20:05 UTC

Import patches-unapplied version 3.2.2-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 47cc4433d159e690cc165258221a045f67e26fd4

New changelog entries:
  * Disable tests (Closes: #859455)

applied/ubuntu/zesty-devel 2017-04-04 04:15:52 UTC 2017-04-04
Import patches-applied version 3.2.2-2 to applied/debian/sid

Author: Andreas Henriksson
Author Date: 2017-04-03 20:20:05 UTC

Import patches-applied version 3.2.2-2 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: 21057d283f60388e8df0df16cd53698ae074e144
Unapplied parent: 4c629041c9e56ae4464b18c11b0309cf0140665f

New changelog entries:
  * Disable tests (Closes: #859455)

applied/ubuntu/zesty 2017-04-04 04:15:52 UTC 2017-04-04
Import patches-applied version 3.2.2-2 to applied/debian/sid

Author: Andreas Henriksson
Author Date: 2017-04-03 20:20:05 UTC

Import patches-applied version 3.2.2-2 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: 21057d283f60388e8df0df16cd53698ae074e144
Unapplied parent: 4c629041c9e56ae4464b18c11b0309cf0140665f

New changelog entries:
  * Disable tests (Closes: #859455)

ubuntu/zesty-devel 2017-04-04 04:15:52 UTC 2017-04-04
Import patches-unapplied version 3.2.2-2 to debian/sid

Author: Andreas Henriksson
Author Date: 2017-04-03 20:20:05 UTC

Import patches-unapplied version 3.2.2-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 47cc4433d159e690cc165258221a045f67e26fd4

New changelog entries:
  * Disable tests (Closes: #859455)

ubuntu/zesty-proposed 2017-04-04 04:15:52 UTC 2017-04-04
Import patches-unapplied version 3.2.2-2 to debian/sid

Author: Andreas Henriksson
Author Date: 2017-04-03 20:20:05 UTC

Import patches-unapplied version 3.2.2-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 47cc4433d159e690cc165258221a045f67e26fd4

New changelog entries:
  * Disable tests (Closes: #859455)

applied/ubuntu/zesty-proposed 2017-04-04 04:15:52 UTC 2017-04-04
Import patches-applied version 3.2.2-2 to applied/debian/sid

Author: Andreas Henriksson
Author Date: 2017-04-03 20:20:05 UTC

Import patches-applied version 3.2.2-2 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: 21057d283f60388e8df0df16cd53698ae074e144
Unapplied parent: 4c629041c9e56ae4464b18c11b0309cf0140665f

New changelog entries:
  * Disable tests (Closes: #859455)

applied/ubuntu/yakkety-devel 2017-03-09 18:33:18 UTC 2017-03-09
Import patches-applied version 3.2.1-2ubuntu0.1 to applied/ubuntu/yakkety-sec...

Author: Marc Deslauriers
Author Date: 2017-03-09 15:35:20 UTC

Import patches-applied version 3.2.1-2ubuntu0.1 to applied/ubuntu/yakkety-security

Imported using git-ubuntu import.

Changelog parent: 6c1a360f6481bbb2a8a74bce3aed9d1454b92e0a
Unapplied parent: e8d30d0307332fb9302715d10d4d91ce8b39b512

New changelog entries:
  * SECURITY UPDATE: arbitrary file write via hardlink entries
    - debian/patches/CVE-2016-5418-1.patch: enforce sandbox with very long
      pathnames in libarchive/archive_write_disk_posix.c.
    - debian/patches/CVE-2016-5418-2.patch: fix path handling in
      libarchive/archive_write_disk_posix.c.
    - debian/patches/CVE-2016-5418-3.patch: add test cases to Makefile.am,
      libarchive/test/CMakeLists.txt, libarchive/test/main.c,
      libarchive/test/test.h, libarchive/test/test_write_disk_secure744.c,
      libarchive/test/test_write_disk_secure745.c,
      libarchive/test/test_write_disk_secure746.c.
    - debian/patches/CVE-2016-5418-4.patch: fix testcases in
      libarchive/test/test_write_disk_secure745.c,
      libarchive/test/test_write_disk_secure746.c.
    - debian/patches/CVE-2016-5418-5.patch: correct PATH_MAX usage in
      libarchive/archive_write_disk_posix.c.
    - CVE-2016-5418
  * SECURITY UPDATE: denial of service via non-printable multibyte
    character in a filename
    - debian/patches/CVE-2016-8687.patch: expand buffer size in tar/util.c.
    - CVE-2016-8687
  * SECURITY UPDATE: denial of service via multiple long lines
    - debian/patches/CVE-2016-8688.patch: fix bounds in
      libarchive/archive_read_support_format_mtree.c, added test to
      Makefile.am, libarchive/test/CMakeLists.txt,
      libarchive/test/test_read_format_mtree_crash747.c,
      libarchive/test/test_read_format_mtree_crash747.mtree.bz2.uu.
    - CVE-2016-8688
  * SECURITY UPDATE: denial of service via multiple EmptyStream attributes
    - debian/patches/CVE-2016-8689.patch: reject files with multiple
      markers in libarchive/archive_read_support_format_7zip.c.
    - CVE-2016-8689
  * SECURITY UPDATE: denial of service via invalid compressed file size
    - debian/patches/CVE-2017-5601.patch: add check to
      libarchive/archive_read_support_format_lha.c.
    - CVE-2017-5601

ubuntu/yakkety-updates 2017-03-09 18:33:18 UTC 2017-03-09
Import patches-unapplied version 3.2.1-2ubuntu0.1 to ubuntu/yakkety-security

Author: Marc Deslauriers
Author Date: 2017-03-09 15:35:20 UTC

Import patches-unapplied version 3.2.1-2ubuntu0.1 to ubuntu/yakkety-security

Imported using git-ubuntu import.

Changelog parent: d3d704c1bc791ad9e8d86fb5c57a8a7ba2f21b2f

New changelog entries:
  * SECURITY UPDATE: arbitrary file write via hardlink entries
    - debian/patches/CVE-2016-5418-1.patch: enforce sandbox with very long
      pathnames in libarchive/archive_write_disk_posix.c.
    - debian/patches/CVE-2016-5418-2.patch: fix path handling in
      libarchive/archive_write_disk_posix.c.
    - debian/patches/CVE-2016-5418-3.patch: add test cases to Makefile.am,
      libarchive/test/CMakeLists.txt, libarchive/test/main.c,
      libarchive/test/test.h, libarchive/test/test_write_disk_secure744.c,
      libarchive/test/test_write_disk_secure745.c,
      libarchive/test/test_write_disk_secure746.c.
    - debian/patches/CVE-2016-5418-4.patch: fix testcases in
      libarchive/test/test_write_disk_secure745.c,
      libarchive/test/test_write_disk_secure746.c.
    - debian/patches/CVE-2016-5418-5.patch: correct PATH_MAX usage in
      libarchive/archive_write_disk_posix.c.
    - CVE-2016-5418
  * SECURITY UPDATE: denial of service via non-printable multibyte
    character in a filename
    - debian/patches/CVE-2016-8687.patch: expand buffer size in tar/util.c.
    - CVE-2016-8687
  * SECURITY UPDATE: denial of service via multiple long lines
    - debian/patches/CVE-2016-8688.patch: fix bounds in
      libarchive/archive_read_support_format_mtree.c, added test to
      Makefile.am, libarchive/test/CMakeLists.txt,
      libarchive/test/test_read_format_mtree_crash747.c,
      libarchive/test/test_read_format_mtree_crash747.mtree.bz2.uu.
    - CVE-2016-8688
  * SECURITY UPDATE: denial of service via multiple EmptyStream attributes
    - debian/patches/CVE-2016-8689.patch: reject files with multiple
      markers in libarchive/archive_read_support_format_7zip.c.
    - CVE-2016-8689
  * SECURITY UPDATE: denial of service via invalid compressed file size
    - debian/patches/CVE-2017-5601.patch: add check to
      libarchive/archive_read_support_format_lha.c.
    - CVE-2017-5601

ubuntu/yakkety-devel 2017-03-09 18:33:18 UTC 2017-03-09
Import patches-unapplied version 3.2.1-2ubuntu0.1 to ubuntu/yakkety-security

Author: Marc Deslauriers
Author Date: 2017-03-09 15:35:20 UTC

Import patches-unapplied version 3.2.1-2ubuntu0.1 to ubuntu/yakkety-security

Imported using git-ubuntu import.

Changelog parent: d3d704c1bc791ad9e8d86fb5c57a8a7ba2f21b2f

New changelog entries:
  * SECURITY UPDATE: arbitrary file write via hardlink entries
    - debian/patches/CVE-2016-5418-1.patch: enforce sandbox with very long
      pathnames in libarchive/archive_write_disk_posix.c.
    - debian/patches/CVE-2016-5418-2.patch: fix path handling in
      libarchive/archive_write_disk_posix.c.
    - debian/patches/CVE-2016-5418-3.patch: add test cases to Makefile.am,
      libarchive/test/CMakeLists.txt, libarchive/test/main.c,
      libarchive/test/test.h, libarchive/test/test_write_disk_secure744.c,
      libarchive/test/test_write_disk_secure745.c,
      libarchive/test/test_write_disk_secure746.c.
    - debian/patches/CVE-2016-5418-4.patch: fix testcases in
      libarchive/test/test_write_disk_secure745.c,
      libarchive/test/test_write_disk_secure746.c.
    - debian/patches/CVE-2016-5418-5.patch: correct PATH_MAX usage in
      libarchive/archive_write_disk_posix.c.
    - CVE-2016-5418
  * SECURITY UPDATE: denial of service via non-printable multibyte
    character in a filename
    - debian/patches/CVE-2016-8687.patch: expand buffer size in tar/util.c.
    - CVE-2016-8687
  * SECURITY UPDATE: denial of service via multiple long lines
    - debian/patches/CVE-2016-8688.patch: fix bounds in
      libarchive/archive_read_support_format_mtree.c, added test to
      Makefile.am, libarchive/test/CMakeLists.txt,
      libarchive/test/test_read_format_mtree_crash747.c,
      libarchive/test/test_read_format_mtree_crash747.mtree.bz2.uu.
    - CVE-2016-8688
  * SECURITY UPDATE: denial of service via multiple EmptyStream attributes
    - debian/patches/CVE-2016-8689.patch: reject files with multiple
      markers in libarchive/archive_read_support_format_7zip.c.
    - CVE-2016-8689
  * SECURITY UPDATE: denial of service via invalid compressed file size
    - debian/patches/CVE-2017-5601.patch: add check to
      libarchive/archive_read_support_format_lha.c.
    - CVE-2017-5601

ubuntu/precise-devel 2017-03-09 18:33:18 UTC 2017-03-09
Import patches-unapplied version 3.0.3-6ubuntu1.4 to ubuntu/precise-security

Author: Marc Deslauriers
Author Date: 2017-03-09 16:34:04 UTC

Import patches-unapplied version 3.0.3-6ubuntu1.4 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: 933df5037ca0a4911e7228edae15e96b054c0ba7

New changelog entries:
  * SECURITY UPDATE: arbitrary file write via hardlink entries
    - debian/patches/CVE-2016-5418-1.patch: enforce sandbox with very long
      pathnames in libarchive/archive_write_disk_posix.c.
    - debian/patches/CVE-2016-5418-2.patch: fix path handling in
      libarchive/archive_write_disk_posix.c.
    - debian/patches/CVE-2016-5418-3.patch: add test cases to Makefile.am,
      libarchive/test/CMakeLists.txt, libarchive/test/main.c,
      libarchive/test/test.h, libarchive/test/test_write_disk_secure744.c,
      libarchive/test/test_write_disk_secure745.c,
      libarchive/test/test_write_disk_secure746.c.
    - debian/patches/CVE-2016-5418-4.patch: fix testcases in
      libarchive/test/test_write_disk_secure745.c,
      libarchive/test/test_write_disk_secure746.c.
    - debian/patches/CVE-2016-5418-5.patch: correct PATH_MAX usage in
      libarchive/archive_write_disk_posix.c.
    - CVE-2016-5418
  * SECURITY UPDATE: denial of service and possible code execution when
    writing an ISO9660 archive
    - debian/patches/CVE-2016-6250.patch: check for overflow in
      libarchive/archive_write_set_format_iso9660.c.
    - CVE-2016-6250
  * SECURITY UPDATE: denial of service via recursive decompression
    - debian/patches/CVE-2016-7166.patch: limit number of filters in
      libarchive/archive_read.c, added test to Makefile.am,
      libarchive/test/CMakeLists.txt,
      libarchive/test/test_read_too_many_filters.c,
      libarchive/test/test_read_too_many_filters.gz.uu.
    - CVE-2016-7166
  * SECURITY UPDATE: denial of service via non-printable multibyte
    character in a filename
    - debian/patches/CVE-2016-8687.patch: expand buffer size in tar/util.c.
    - CVE-2016-8687
  * SECURITY UPDATE: denial of service via multiple long lines
    - debian/patches/CVE-2016-8688.patch: fix bounds in
      libarchive/archive_read_support_format_mtree.c, added test to
      Makefile.am, libarchive/test/CMakeLists.txt,
      libarchive/test/test_read_format_mtree_crash747.c,
      libarchive/test/test_read_format_mtree_crash747.mtree.bz2.uu.
    - CVE-2016-8688
  * SECURITY UPDATE: denial of service via multiple EmptyStream attributes
    - debian/patches/CVE-2016-8689.patch: reject files with multiple
      markers in libarchive/archive_read_support_format_7zip.c.
    - CVE-2016-8689
  * SECURITY UPDATE: denial of service via invalid compressed file size
    - debian/patches/CVE-2017-5601.patch: add check to
      libarchive/archive_read_support_format_lha.c.
    - CVE-2017-5601

ubuntu/precise-security 2017-03-09 18:33:18 UTC 2017-03-09
Import patches-unapplied version 3.0.3-6ubuntu1.4 to ubuntu/precise-security

Author: Marc Deslauriers
Author Date: 2017-03-09 16:34:04 UTC

Import patches-unapplied version 3.0.3-6ubuntu1.4 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: 933df5037ca0a4911e7228edae15e96b054c0ba7

New changelog entries:
  * SECURITY UPDATE: arbitrary file write via hardlink entries
    - debian/patches/CVE-2016-5418-1.patch: enforce sandbox with very long
      pathnames in libarchive/archive_write_disk_posix.c.
    - debian/patches/CVE-2016-5418-2.patch: fix path handling in
      libarchive/archive_write_disk_posix.c.
    - debian/patches/CVE-2016-5418-3.patch: add test cases to Makefile.am,
      libarchive/test/CMakeLists.txt, libarchive/test/main.c,
      libarchive/test/test.h, libarchive/test/test_write_disk_secure744.c,
      libarchive/test/test_write_disk_secure745.c,
      libarchive/test/test_write_disk_secure746.c.
    - debian/patches/CVE-2016-5418-4.patch: fix testcases in
      libarchive/test/test_write_disk_secure745.c,
      libarchive/test/test_write_disk_secure746.c.
    - debian/patches/CVE-2016-5418-5.patch: correct PATH_MAX usage in
      libarchive/archive_write_disk_posix.c.
    - CVE-2016-5418
  * SECURITY UPDATE: denial of service and possible code execution when
    writing an ISO9660 archive
    - debian/patches/CVE-2016-6250.patch: check for overflow in
      libarchive/archive_write_set_format_iso9660.c.
    - CVE-2016-6250
  * SECURITY UPDATE: denial of service via recursive decompression
    - debian/patches/CVE-2016-7166.patch: limit number of filters in
      libarchive/archive_read.c, added test to Makefile.am,
      libarchive/test/CMakeLists.txt,
      libarchive/test/test_read_too_many_filters.c,
      libarchive/test/test_read_too_many_filters.gz.uu.
    - CVE-2016-7166
  * SECURITY UPDATE: denial of service via non-printable multibyte
    character in a filename
    - debian/patches/CVE-2016-8687.patch: expand buffer size in tar/util.c.
    - CVE-2016-8687
  * SECURITY UPDATE: denial of service via multiple long lines
    - debian/patches/CVE-2016-8688.patch: fix bounds in
      libarchive/archive_read_support_format_mtree.c, added test to
      Makefile.am, libarchive/test/CMakeLists.txt,
      libarchive/test/test_read_format_mtree_crash747.c,
      libarchive/test/test_read_format_mtree_crash747.mtree.bz2.uu.
    - CVE-2016-8688
  * SECURITY UPDATE: denial of service via multiple EmptyStream attributes
    - debian/patches/CVE-2016-8689.patch: reject files with multiple
      markers in libarchive/archive_read_support_format_7zip.c.
    - CVE-2016-8689
  * SECURITY UPDATE: denial of service via invalid compressed file size
    - debian/patches/CVE-2017-5601.patch: add check to
      libarchive/archive_read_support_format_lha.c.
    - CVE-2017-5601

applied/ubuntu/yakkety-updates 2017-03-09 18:33:18 UTC 2017-03-09
Import patches-applied version 3.2.1-2ubuntu0.1 to applied/ubuntu/yakkety-sec...

Author: Marc Deslauriers
Author Date: 2017-03-09 15:35:20 UTC

Import patches-applied version 3.2.1-2ubuntu0.1 to applied/ubuntu/yakkety-security

Imported using git-ubuntu import.

Changelog parent: 6c1a360f6481bbb2a8a74bce3aed9d1454b92e0a
Unapplied parent: e8d30d0307332fb9302715d10d4d91ce8b39b512

New changelog entries:
  * SECURITY UPDATE: arbitrary file write via hardlink entries
    - debian/patches/CVE-2016-5418-1.patch: enforce sandbox with very long
      pathnames in libarchive/archive_write_disk_posix.c.
    - debian/patches/CVE-2016-5418-2.patch: fix path handling in
      libarchive/archive_write_disk_posix.c.
    - debian/patches/CVE-2016-5418-3.patch: add test cases to Makefile.am,
      libarchive/test/CMakeLists.txt, libarchive/test/main.c,
      libarchive/test/test.h, libarchive/test/test_write_disk_secure744.c,
      libarchive/test/test_write_disk_secure745.c,
      libarchive/test/test_write_disk_secure746.c.
    - debian/patches/CVE-2016-5418-4.patch: fix testcases in
      libarchive/test/test_write_disk_secure745.c,
      libarchive/test/test_write_disk_secure746.c.
    - debian/patches/CVE-2016-5418-5.patch: correct PATH_MAX usage in
      libarchive/archive_write_disk_posix.c.
    - CVE-2016-5418
  * SECURITY UPDATE: denial of service via non-printable multibyte
    character in a filename
    - debian/patches/CVE-2016-8687.patch: expand buffer size in tar/util.c.
    - CVE-2016-8687
  * SECURITY UPDATE: denial of service via multiple long lines
    - debian/patches/CVE-2016-8688.patch: fix bounds in
      libarchive/archive_read_support_format_mtree.c, added test to
      Makefile.am, libarchive/test/CMakeLists.txt,
      libarchive/test/test_read_format_mtree_crash747.c,
      libarchive/test/test_read_format_mtree_crash747.mtree.bz2.uu.
    - CVE-2016-8688
  * SECURITY UPDATE: denial of service via multiple EmptyStream attributes
    - debian/patches/CVE-2016-8689.patch: reject files with multiple
      markers in libarchive/archive_read_support_format_7zip.c.
    - CVE-2016-8689
  * SECURITY UPDATE: denial of service via invalid compressed file size
    - debian/patches/CVE-2017-5601.patch: add check to
      libarchive/archive_read_support_format_lha.c.
    - CVE-2017-5601

ubuntu/precise-updates 2017-03-09 18:33:18 UTC 2017-03-09
Import patches-unapplied version 3.0.3-6ubuntu1.4 to ubuntu/precise-security

Author: Marc Deslauriers
Author Date: 2017-03-09 16:34:04 UTC

Import patches-unapplied version 3.0.3-6ubuntu1.4 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: 933df5037ca0a4911e7228edae15e96b054c0ba7

New changelog entries:
  * SECURITY UPDATE: arbitrary file write via hardlink entries
    - debian/patches/CVE-2016-5418-1.patch: enforce sandbox with very long
      pathnames in libarchive/archive_write_disk_posix.c.
    - debian/patches/CVE-2016-5418-2.patch: fix path handling in
      libarchive/archive_write_disk_posix.c.
    - debian/patches/CVE-2016-5418-3.patch: add test cases to Makefile.am,
      libarchive/test/CMakeLists.txt, libarchive/test/main.c,
      libarchive/test/test.h, libarchive/test/test_write_disk_secure744.c,
      libarchive/test/test_write_disk_secure745.c,
      libarchive/test/test_write_disk_secure746.c.
    - debian/patches/CVE-2016-5418-4.patch: fix testcases in
      libarchive/test/test_write_disk_secure745.c,
      libarchive/test/test_write_disk_secure746.c.
    - debian/patches/CVE-2016-5418-5.patch: correct PATH_MAX usage in
      libarchive/archive_write_disk_posix.c.
    - CVE-2016-5418
  * SECURITY UPDATE: denial of service and possible code execution when
    writing an ISO9660 archive
    - debian/patches/CVE-2016-6250.patch: check for overflow in
      libarchive/archive_write_set_format_iso9660.c.
    - CVE-2016-6250
  * SECURITY UPDATE: denial of service via recursive decompression
    - debian/patches/CVE-2016-7166.patch: limit number of filters in
      libarchive/archive_read.c, added test to Makefile.am,
      libarchive/test/CMakeLists.txt,
      libarchive/test/test_read_too_many_filters.c,
      libarchive/test/test_read_too_many_filters.gz.uu.
    - CVE-2016-7166
  * SECURITY UPDATE: denial of service via non-printable multibyte
    character in a filename
    - debian/patches/CVE-2016-8687.patch: expand buffer size in tar/util.c.
    - CVE-2016-8687
  * SECURITY UPDATE: denial of service via multiple long lines
    - debian/patches/CVE-2016-8688.patch: fix bounds in
      libarchive/archive_read_support_format_mtree.c, added test to
      Makefile.am, libarchive/test/CMakeLists.txt,
      libarchive/test/test_read_format_mtree_crash747.c,
      libarchive/test/test_read_format_mtree_crash747.mtree.bz2.uu.
    - CVE-2016-8688
  * SECURITY UPDATE: denial of service via multiple EmptyStream attributes
    - debian/patches/CVE-2016-8689.patch: reject files with multiple
      markers in libarchive/archive_read_support_format_7zip.c.
    - CVE-2016-8689
  * SECURITY UPDATE: denial of service via invalid compressed file size
    - debian/patches/CVE-2017-5601.patch: add check to
      libarchive/archive_read_support_format_lha.c.
    - CVE-2017-5601

ubuntu/yakkety-security 2017-03-09 18:33:18 UTC 2017-03-09
Import patches-unapplied version 3.2.1-2ubuntu0.1 to ubuntu/yakkety-security

Author: Marc Deslauriers
Author Date: 2017-03-09 15:35:20 UTC

Import patches-unapplied version 3.2.1-2ubuntu0.1 to ubuntu/yakkety-security

Imported using git-ubuntu import.

Changelog parent: d3d704c1bc791ad9e8d86fb5c57a8a7ba2f21b2f

New changelog entries:
  * SECURITY UPDATE: arbitrary file write via hardlink entries
    - debian/patches/CVE-2016-5418-1.patch: enforce sandbox with very long
      pathnames in libarchive/archive_write_disk_posix.c.
    - debian/patches/CVE-2016-5418-2.patch: fix path handling in
      libarchive/archive_write_disk_posix.c.
    - debian/patches/CVE-2016-5418-3.patch: add test cases to Makefile.am,
      libarchive/test/CMakeLists.txt, libarchive/test/main.c,
      libarchive/test/test.h, libarchive/test/test_write_disk_secure744.c,
      libarchive/test/test_write_disk_secure745.c,
      libarchive/test/test_write_disk_secure746.c.
    - debian/patches/CVE-2016-5418-4.patch: fix testcases in
      libarchive/test/test_write_disk_secure745.c,
      libarchive/test/test_write_disk_secure746.c.
    - debian/patches/CVE-2016-5418-5.patch: correct PATH_MAX usage in
      libarchive/archive_write_disk_posix.c.
    - CVE-2016-5418
  * SECURITY UPDATE: denial of service via non-printable multibyte
    character in a filename
    - debian/patches/CVE-2016-8687.patch: expand buffer size in tar/util.c.
    - CVE-2016-8687
  * SECURITY UPDATE: denial of service via multiple long lines
    - debian/patches/CVE-2016-8688.patch: fix bounds in
      libarchive/archive_read_support_format_mtree.c, added test to
      Makefile.am, libarchive/test/CMakeLists.txt,
      libarchive/test/test_read_format_mtree_crash747.c,
      libarchive/test/test_read_format_mtree_crash747.mtree.bz2.uu.
    - CVE-2016-8688
  * SECURITY UPDATE: denial of service via multiple EmptyStream attributes
    - debian/patches/CVE-2016-8689.patch: reject files with multiple
      markers in libarchive/archive_read_support_format_7zip.c.
    - CVE-2016-8689
  * SECURITY UPDATE: denial of service via invalid compressed file size
    - debian/patches/CVE-2017-5601.patch: add check to
      libarchive/archive_read_support_format_lha.c.
    - CVE-2017-5601

applied/ubuntu/precise-updates 2017-03-09 18:33:18 UTC 2017-03-09
Import patches-applied version 3.0.3-6ubuntu1.4 to applied/ubuntu/precise-sec...

Author: Marc Deslauriers
Author Date: 2017-03-09 16:34:04 UTC

Import patches-applied version 3.0.3-6ubuntu1.4 to applied/ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: e8be0bbc247ae848eb753eaae08b76fc37f3cfda
Unapplied parent: 0f86878f8bcf4854f0d526228495d2d71fdcf848

New changelog entries:
  * SECURITY UPDATE: arbitrary file write via hardlink entries
    - debian/patches/CVE-2016-5418-1.patch: enforce sandbox with very long
      pathnames in libarchive/archive_write_disk_posix.c.
    - debian/patches/CVE-2016-5418-2.patch: fix path handling in
      libarchive/archive_write_disk_posix.c.
    - debian/patches/CVE-2016-5418-3.patch: add test cases to Makefile.am,
      libarchive/test/CMakeLists.txt, libarchive/test/main.c,
      libarchive/test/test.h, libarchive/test/test_write_disk_secure744.c,
      libarchive/test/test_write_disk_secure745.c,
      libarchive/test/test_write_disk_secure746.c.
    - debian/patches/CVE-2016-5418-4.patch: fix testcases in
      libarchive/test/test_write_disk_secure745.c,
      libarchive/test/test_write_disk_secure746.c.
    - debian/patches/CVE-2016-5418-5.patch: correct PATH_MAX usage in
      libarchive/archive_write_disk_posix.c.
    - CVE-2016-5418
  * SECURITY UPDATE: denial of service and possible code execution when
    writing an ISO9660 archive
    - debian/patches/CVE-2016-6250.patch: check for overflow in
      libarchive/archive_write_set_format_iso9660.c.
    - CVE-2016-6250
  * SECURITY UPDATE: denial of service via recursive decompression
    - debian/patches/CVE-2016-7166.patch: limit number of filters in
      libarchive/archive_read.c, added test to Makefile.am,
      libarchive/test/CMakeLists.txt,
      libarchive/test/test_read_too_many_filters.c,
      libarchive/test/test_read_too_many_filters.gz.uu.
    - CVE-2016-7166
  * SECURITY UPDATE: denial of service via non-printable multibyte
    character in a filename
    - debian/patches/CVE-2016-8687.patch: expand buffer size in tar/util.c.
    - CVE-2016-8687
  * SECURITY UPDATE: denial of service via multiple long lines
    - debian/patches/CVE-2016-8688.patch: fix bounds in
      libarchive/archive_read_support_format_mtree.c, added test to
      Makefile.am, libarchive/test/CMakeLists.txt,
      libarchive/test/test_read_format_mtree_crash747.c,
      libarchive/test/test_read_format_mtree_crash747.mtree.bz2.uu.
    - CVE-2016-8688
  * SECURITY UPDATE: denial of service via multiple EmptyStream attributes
    - debian/patches/CVE-2016-8689.patch: reject files with multiple
      markers in libarchive/archive_read_support_format_7zip.c.
    - CVE-2016-8689
  * SECURITY UPDATE: denial of service via invalid compressed file size
    - debian/patches/CVE-2017-5601.patch: add check to
      libarchive/archive_read_support_format_lha.c.
    - CVE-2017-5601

applied/ubuntu/precise-security 2017-03-09 18:33:18 UTC 2017-03-09
Import patches-applied version 3.0.3-6ubuntu1.4 to applied/ubuntu/precise-sec...

Author: Marc Deslauriers
Author Date: 2017-03-09 16:34:04 UTC

Import patches-applied version 3.0.3-6ubuntu1.4 to applied/ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: e8be0bbc247ae848eb753eaae08b76fc37f3cfda
Unapplied parent: 0f86878f8bcf4854f0d526228495d2d71fdcf848

New changelog entries:
  * SECURITY UPDATE: arbitrary file write via hardlink entries
    - debian/patches/CVE-2016-5418-1.patch: enforce sandbox with very long
      pathnames in libarchive/archive_write_disk_posix.c.
    - debian/patches/CVE-2016-5418-2.patch: fix path handling in
      libarchive/archive_write_disk_posix.c.
    - debian/patches/CVE-2016-5418-3.patch: add test cases to Makefile.am,
      libarchive/test/CMakeLists.txt, libarchive/test/main.c,
      libarchive/test/test.h, libarchive/test/test_write_disk_secure744.c,
      libarchive/test/test_write_disk_secure745.c,
      libarchive/test/test_write_disk_secure746.c.
    - debian/patches/CVE-2016-5418-4.patch: fix testcases in
      libarchive/test/test_write_disk_secure745.c,
      libarchive/test/test_write_disk_secure746.c.
    - debian/patches/CVE-2016-5418-5.patch: correct PATH_MAX usage in
      libarchive/archive_write_disk_posix.c.
    - CVE-2016-5418
  * SECURITY UPDATE: denial of service and possible code execution when
    writing an ISO9660 archive
    - debian/patches/CVE-2016-6250.patch: check for overflow in
      libarchive/archive_write_set_format_iso9660.c.
    - CVE-2016-6250
  * SECURITY UPDATE: denial of service via recursive decompression
    - debian/patches/CVE-2016-7166.patch: limit number of filters in
      libarchive/archive_read.c, added test to Makefile.am,
      libarchive/test/CMakeLists.txt,
      libarchive/test/test_read_too_many_filters.c,
      libarchive/test/test_read_too_many_filters.gz.uu.
    - CVE-2016-7166
  * SECURITY UPDATE: denial of service via non-printable multibyte
    character in a filename
    - debian/patches/CVE-2016-8687.patch: expand buffer size in tar/util.c.
    - CVE-2016-8687
  * SECURITY UPDATE: denial of service via multiple long lines
    - debian/patches/CVE-2016-8688.patch: fix bounds in
      libarchive/archive_read_support_format_mtree.c, added test to
      Makefile.am, libarchive/test/CMakeLists.txt,
      libarchive/test/test_read_format_mtree_crash747.c,
      libarchive/test/test_read_format_mtree_crash747.mtree.bz2.uu.
    - CVE-2016-8688
  * SECURITY UPDATE: denial of service via multiple EmptyStream attributes
    - debian/patches/CVE-2016-8689.patch: reject files with multiple
      markers in libarchive/archive_read_support_format_7zip.c.
    - CVE-2016-8689
  * SECURITY UPDATE: denial of service via invalid compressed file size
    - debian/patches/CVE-2017-5601.patch: add check to
      libarchive/archive_read_support_format_lha.c.
    - CVE-2017-5601

applied/ubuntu/precise-devel 2017-03-09 18:33:18 UTC 2017-03-09
Import patches-applied version 3.0.3-6ubuntu1.4 to applied/ubuntu/precise-sec...

Author: Marc Deslauriers
Author Date: 2017-03-09 16:34:04 UTC

Import patches-applied version 3.0.3-6ubuntu1.4 to applied/ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: e8be0bbc247ae848eb753eaae08b76fc37f3cfda
Unapplied parent: 0f86878f8bcf4854f0d526228495d2d71fdcf848

New changelog entries:
  * SECURITY UPDATE: arbitrary file write via hardlink entries
    - debian/patches/CVE-2016-5418-1.patch: enforce sandbox with very long
      pathnames in libarchive/archive_write_disk_posix.c.
    - debian/patches/CVE-2016-5418-2.patch: fix path handling in
      libarchive/archive_write_disk_posix.c.
    - debian/patches/CVE-2016-5418-3.patch: add test cases to Makefile.am,
      libarchive/test/CMakeLists.txt, libarchive/test/main.c,
      libarchive/test/test.h, libarchive/test/test_write_disk_secure744.c,
      libarchive/test/test_write_disk_secure745.c,
      libarchive/test/test_write_disk_secure746.c.
    - debian/patches/CVE-2016-5418-4.patch: fix testcases in
      libarchive/test/test_write_disk_secure745.c,
      libarchive/test/test_write_disk_secure746.c.
    - debian/patches/CVE-2016-5418-5.patch: correct PATH_MAX usage in
      libarchive/archive_write_disk_posix.c.
    - CVE-2016-5418
  * SECURITY UPDATE: denial of service and possible code execution when
    writing an ISO9660 archive
    - debian/patches/CVE-2016-6250.patch: check for overflow in
      libarchive/archive_write_set_format_iso9660.c.
    - CVE-2016-6250
  * SECURITY UPDATE: denial of service via recursive decompression
    - debian/patches/CVE-2016-7166.patch: limit number of filters in
      libarchive/archive_read.c, added test to Makefile.am,
      libarchive/test/CMakeLists.txt,
      libarchive/test/test_read_too_many_filters.c,
      libarchive/test/test_read_too_many_filters.gz.uu.
    - CVE-2016-7166
  * SECURITY UPDATE: denial of service via non-printable multibyte
    character in a filename
    - debian/patches/CVE-2016-8687.patch: expand buffer size in tar/util.c.
    - CVE-2016-8687
  * SECURITY UPDATE: denial of service via multiple long lines
    - debian/patches/CVE-2016-8688.patch: fix bounds in
      libarchive/archive_read_support_format_mtree.c, added test to
      Makefile.am, libarchive/test/CMakeLists.txt,
      libarchive/test/test_read_format_mtree_crash747.c,
      libarchive/test/test_read_format_mtree_crash747.mtree.bz2.uu.
    - CVE-2016-8688
  * SECURITY UPDATE: denial of service via multiple EmptyStream attributes
    - debian/patches/CVE-2016-8689.patch: reject files with multiple
      markers in libarchive/archive_read_support_format_7zip.c.
    - CVE-2016-8689
  * SECURITY UPDATE: denial of service via invalid compressed file size
    - debian/patches/CVE-2017-5601.patch: add check to
      libarchive/archive_read_support_format_lha.c.
    - CVE-2017-5601

applied/ubuntu/yakkety-security 2017-03-09 18:33:18 UTC 2017-03-09
Import patches-applied version 3.2.1-2ubuntu0.1 to applied/ubuntu/yakkety-sec...

Author: Marc Deslauriers
Author Date: 2017-03-09 15:35:20 UTC

Import patches-applied version 3.2.1-2ubuntu0.1 to applied/ubuntu/yakkety-security

Imported using git-ubuntu import.

Changelog parent: 6c1a360f6481bbb2a8a74bce3aed9d1454b92e0a
Unapplied parent: e8d30d0307332fb9302715d10d4d91ce8b39b512

New changelog entries:
  * SECURITY UPDATE: arbitrary file write via hardlink entries
    - debian/patches/CVE-2016-5418-1.patch: enforce sandbox with very long
      pathnames in libarchive/archive_write_disk_posix.c.
    - debian/patches/CVE-2016-5418-2.patch: fix path handling in
      libarchive/archive_write_disk_posix.c.
    - debian/patches/CVE-2016-5418-3.patch: add test cases to Makefile.am,
      libarchive/test/CMakeLists.txt, libarchive/test/main.c,
      libarchive/test/test.h, libarchive/test/test_write_disk_secure744.c,
      libarchive/test/test_write_disk_secure745.c,
      libarchive/test/test_write_disk_secure746.c.
    - debian/patches/CVE-2016-5418-4.patch: fix testcases in
      libarchive/test/test_write_disk_secure745.c,
      libarchive/test/test_write_disk_secure746.c.
    - debian/patches/CVE-2016-5418-5.patch: correct PATH_MAX usage in
      libarchive/archive_write_disk_posix.c.
    - CVE-2016-5418
  * SECURITY UPDATE: denial of service via non-printable multibyte
    character in a filename
    - debian/patches/CVE-2016-8687.patch: expand buffer size in tar/util.c.
    - CVE-2016-8687
  * SECURITY UPDATE: denial of service via multiple long lines
    - debian/patches/CVE-2016-8688.patch: fix bounds in
      libarchive/archive_read_support_format_mtree.c, added test to
      Makefile.am, libarchive/test/CMakeLists.txt,
      libarchive/test/test_read_format_mtree_crash747.c,
      libarchive/test/test_read_format_mtree_crash747.mtree.bz2.uu.
    - CVE-2016-8688
  * SECURITY UPDATE: denial of service via multiple EmptyStream attributes
    - debian/patches/CVE-2016-8689.patch: reject files with multiple
      markers in libarchive/archive_read_support_format_7zip.c.
    - CVE-2016-8689
  * SECURITY UPDATE: denial of service via invalid compressed file size
    - debian/patches/CVE-2017-5601.patch: add check to
      libarchive/archive_read_support_format_lha.c.
    - CVE-2017-5601

applied/debian/jessie 2017-01-14 17:26:24 UTC 2017-01-14
Import patches-applied version 3.1.2-11+deb8u3 to applied/debian/jessie

Author: Salvatore Bonaccorso
Author Date: 2016-09-24 11:25:26 UTC

Import patches-applied version 3.1.2-11+deb8u3 to applied/debian/jessie

Imported using git-ubuntu import.

Changelog parent: a41ffd4ffd8e7de7e8df44fd38263f2bf1fdc27e
Unapplied parent: aff21464baeb61a8ae68a805c299d096b918d170

New changelog entries:
  * Non-maintainer upload by the Security Team.
  * CVE-2016-7166: Denial of service using a crafted gzip file
  * CVE-2016-6250: Integer overflow in the ISO9660 writer
  * CVE-2016-5418: Archive Entry with type 1 (hardlink), but has a non-zero
    data size file overwrite (Closes: #837714)

debian/jessie 2017-01-14 17:26:24 UTC 2017-01-14
Import patches-unapplied version 3.1.2-11+deb8u3 to debian/jessie

Author: Salvatore Bonaccorso
Author Date: 2016-09-24 11:25:26 UTC

Import patches-unapplied version 3.1.2-11+deb8u3 to debian/jessie

Imported using git-ubuntu import.

Changelog parent: 8645d67b774100884ae5b53e5f38b5450e603ff8

New changelog entries:
  * Non-maintainer upload by the Security Team.
  * CVE-2016-7166: Denial of service using a crafted gzip file
  * CVE-2016-6250: Integer overflow in the ISO9660 writer
  * CVE-2016-5418: Archive Entry with type 1 (hardlink), but has a non-zero
    data size file overwrite (Closes: #837714)

applied/ubuntu/xenial-backports 2016-07-28 14:39:24 UTC 2016-07-28
Import patches-applied version 3.2.1-2~ubuntu16.04.1 to applied/ubuntu/xenial...

Author: Iain Lane
Author Date: 2016-07-28 13:28:03 UTC

Import patches-applied version 3.2.1-2~ubuntu16.04.1 to applied/ubuntu/xenial-backports

Imported using git-ubuntu import.

Changelog parent: 6c1a360f6481bbb2a8a74bce3aed9d1454b92e0a
Unapplied parent: 25dcc5aaac70380e9139f63cedf9cded58ac57cd

New changelog entries:
  * No-change backport to xenial (LP: #1607385)

ubuntu/xenial-backports 2016-07-28 14:39:24 UTC 2016-07-28
Import patches-unapplied version 3.2.1-2~ubuntu16.04.1 to ubuntu/xenial-backp...

Author: Iain Lane
Author Date: 2016-07-28 13:28:03 UTC

Import patches-unapplied version 3.2.1-2~ubuntu16.04.1 to ubuntu/xenial-backports

Imported using git-ubuntu import.

Changelog parent: d3d704c1bc791ad9e8d86fb5c57a8a7ba2f21b2f

New changelog entries:
  * No-change backport to xenial (LP: #1607385)

applied/ubuntu/yakkety-proposed 2016-07-26 16:14:04 UTC 2016-07-26
Import patches-applied version 3.2.1-2 to applied/debian/sid

Author: Andreas Henriksson
Author Date: 2016-07-25 15:54:13 UTC

Import patches-applied version 3.2.1-2 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: 2b20c1d61077c1462310f49a3460643ef33e7a31
Unapplied parent: b983d8c6ab8fba36b9c17b85eec5f7ca8d9d9d7b

New changelog entries:
  * The "welcome Peter to the team" upload
  [ Peter Pentchev ]
  * Declare compliancy with Debian Policy 3.9.8 with no changes.
  * Remove the "XS-Testsuite: autopkgtest" header from the control file:
    it has not been "XS-" for some time, and it is added by default by
    dpkg-1.17.11 when debian/tests/control is present.
  * Use the HTTPS scheme for the Alioth VCS URLs.
  * Switch to Alioth's cgit in the Vcs-Browser source control field.
  * Convert the copyright file to the machine-readable format.
  * Fill in the upstream metadata file.
  * Enable full build hardening.
  * Pass --as-needed to the linker to avoid overlinking.
  * Bump the debhelper build dependency to version 9 to reflect
    the debhelper compatibility level and drop the now-unused Lintian
    override.
  * Fold the bsdtar and bsdcpio packages into the new libarchive-tools
    binary package and install bsdcat into it, too. Make bsdtar and
    bsdcpio transitional dummy packages.
  * Drop the Breaks and Replaces relations to libarchive1, it's not
    even in oldstable any more.
  * Drop the misc:Pre-Depends that were needed for the multi-arch
    transition; dpkg-dev adds them automatically now.
  * Fix a typo in README.Debian.
  * Add an upstream patch to replace the use of SIGRTMAX with something
    that calculates the exact value of the highest signal actually used;
    hopefully this fixes the FTBFS on the GNU Hurd.
  * Drop the outdated and unused SONAME mismatch Lintian override.
  * Re-enable the use of minitar for extraction, too, in the CI test;
    keep the untar test for completeness.
  * Add the Typos patch to fix a couple of typographical errors.
  * Add the Candidate patch to fix a typographical error in a structure
    member field and, consequently, update all references to it.
  * Add the CPPCheck patch to fix some issues reported by cppcheck.
  [ Andreas Henriksson ]
  * Add Peter Pentchev to Uploaders

ubuntu/yakkety 2016-07-26 16:14:04 UTC 2016-07-26
Import patches-unapplied version 3.2.1-2 to debian/sid

Author: Andreas Henriksson
Author Date: 2016-07-25 15:54:13 UTC

Import patches-unapplied version 3.2.1-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: c33e09b3ff021ee0132abdaa7374234e6f76da91

New changelog entries:
  * The "welcome Peter to the team" upload
  [ Peter Pentchev ]
  * Declare compliancy with Debian Policy 3.9.8 with no changes.
  * Remove the "XS-Testsuite: autopkgtest" header from the control file:
    it has not been "XS-" for some time, and it is added by default by
    dpkg-1.17.11 when debian/tests/control is present.
  * Use the HTTPS scheme for the Alioth VCS URLs.
  * Switch to Alioth's cgit in the Vcs-Browser source control field.
  * Convert the copyright file to the machine-readable format.
  * Fill in the upstream metadata file.
  * Enable full build hardening.
  * Pass --as-needed to the linker to avoid overlinking.
  * Bump the debhelper build dependency to version 9 to reflect
    the debhelper compatibility level and drop the now-unused Lintian
    override.
  * Fold the bsdtar and bsdcpio packages into the new libarchive-tools
    binary package and install bsdcat into it, too. Make bsdtar and
    bsdcpio transitional dummy packages.
  * Drop the Breaks and Replaces relations to libarchive1, it's not
    even in oldstable any more.
  * Drop the misc:Pre-Depends that were needed for the multi-arch
    transition; dpkg-dev adds them automatically now.
  * Fix a typo in README.Debian.
  * Add an upstream patch to replace the use of SIGRTMAX with something
    that calculates the exact value of the highest signal actually used;
    hopefully this fixes the FTBFS on the GNU Hurd.
  * Drop the outdated and unused SONAME mismatch Lintian override.
  * Re-enable the use of minitar for extraction, too, in the CI test;
    keep the untar test for completeness.
  * Add the Typos patch to fix a couple of typographical errors.
  * Add the Candidate patch to fix a typographical error in a structure
    member field and, consequently, update all references to it.
  * Add the CPPCheck patch to fix some issues reported by cppcheck.
  [ Andreas Henriksson ]
  * Add Peter Pentchev to Uploaders

1100 of 222 results

Other repositories

Name Last Modified
lp:~ddstreet/ubuntu/+source/libarchive 2020-03-27
lp:ubuntu/+source/libarchive 2020-03-07
12 of 2 results
You can't create new repositories for libarchive in Ubuntu.