Univention Bugzilla – Full Text Bug Listing |
Summary: | libarchive: Multiple issues (4.3) | ||
---|---|---|---|
Product: | UCS | Reporter: | Quality Assurance <qa> |
Component: | Security updates | Assignee: | Quality Assurance <qa> |
Status: | CLOSED FIXED | QA Contact: | Philipp Hahn <hahn> |
Severity: | normal | ||
Priority: | P3 | ||
Version: | UCS 4.3 | ||
Target Milestone: | UCS 4.3-3-errata | ||
Hardware: | All | ||
OS: | Linux | ||
What kind of report is it?: | Security Issue | What type of bug is this?: | --- |
Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
User Pain: | Enterprise Customer affected?: | ||
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | Bug group (optional): | ||
Max CVSS v3 score: | 3.3 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) Debian RedHat |
Description
Quality Assurance
2019-01-03 08:45:50 CET
--- mirror/ftp/4.3/unmaintained/4.3-0/source/libarchive_3.2.2-2.dsc +++ apt/ucs_4.3-0-errata4.3-3/source/libarchive_3.2.2-2+deb9u1.dsc @@ -1,3 +1,18 @@ +3.2.2-2+deb9u1 [Fri, 21 Dec 2018 21:11:50 +0100] Markus Koschany <apo@debian.org>: + + * Non-maintainer upload. + * Fix the following security vulnerabilities: + CVE-2016-10209, CVE-2016-10349, CVE-2016-10350, CVE-2017-14166, + CVE-2017-14501, CVE-2017-14502, CVE-2017-14503, CVE-2018-1000877, + CVE-2018-1000878, CVE-2018-1000879 and CVE-2018-1000880. + Multiple security vulnerabilities were found in libarchive, a multi-format + archive and compression library. Heap-based buffer over-reads, NULL pointer + dereferences, use-after-frees and out-of-bounds reads allow remote + attackers to cause a denial-of-service (application crash) via specially + crafted archive files. + (Closes: #859456, #861609, #874539, #875966, #875974, #875960, #916964, + #916963, #916960) + 3.2.2-2 [Mon, 03 Apr 2017 22:20:05 +0200] Andreas Henriksson <andreas@fatal.se>: * Disable tests (Closes: #859455) <http://10.200.17.11/4.3-3/#5965341833370939909> OK: yaml OK: announce_errata OK: patch OK: piuparts [4.3-3] 625046afd8 Bug #48408: libarchive 3.2.2-2+deb9u1 doc/errata/staging/libarchive.yaml | 26 +++++++++++--------------- 1 file changed, 11 insertions(+), 15 deletions(-) [4.3-3] 6a3570e827 Bug #48408: libarchive 3.2.2-2+deb9u1 doc/errata/staging/libarchive.yaml | 49 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) |