Univention Bugzilla – Bug 48771
libarchive: Multiple issues (4.2)
Last modified: 2019-02-27 14:06:49 CET
New Debian libarchive 3.1.2-11+deb8u7 fixes: This update addresses the following issues: * 3.1.2-11+deb8u7 (Thu, 07 Feb 2019 13:04:01 -0500) * Non-maintainer upload by the LTS Security Team. * Fix CVE-2019-1000019: Out-of-bounds Read vulnerability in 7zip decompression, that can result in a crash (denial of service, CWE-125) * Fix CVE-2019-1000020: vulnerability in ISO9660 parser that can result in DoS by infinite loop (CWE-835) * 3.1.2-11+deb8u7 (Thu, 07 Feb 2019 13:04:01 -0500) * Non-maintainer upload by the LTS Security Team. * Fix CVE-2019-1000019: Out-of-bounds Read vulnerability in 7zip decompression, that can result in a crash (denial of service, CWE-125) * Fix CVE-2019-1000020: vulnerability in ISO9660 parser that can result in DoS by infinite loop (CWE-835) * 3.1.2-11+deb8u7 (Thu, 07 Feb 2019 13:04:01 -0500) * Non-maintainer upload by the LTS Security Team. * Fix CVE-2019-1000019: Out-of-bounds Read vulnerability in 7zip decompression, that can result in a crash (denial of service, CWE-125) * Fix CVE-2019-1000020: vulnerability in ISO9660 parser that can result in DoS by infinite loop (CWE-835) * 3.1.2-11+deb8u7 (Thu, 07 Feb 2019 13:04:01 -0500) * Non-maintainer upload by the LTS Security Team. * Fix CVE-2019-1000019: Out-of-bounds Read vulnerability in 7zip decompression, that can result in a crash (denial of service, CWE-125) * Fix CVE-2019-1000020: vulnerability in ISO9660 parser that can result in DoS by infinite loop (CWE-835)
--- mirror/ftp/4.2/unmaintained/component/4.2-5-errata/source/libarchive_3.1.2-11+deb8u6.dsc +++ apt/ucs_4.2-0-errata4.2-5/source/libarchive_3.1.2-11+deb8u7.dsc @@ -1,3 +1,11 @@ +3.1.2-11+deb8u7 [Thu, 07 Feb 2019 13:04:01 -0500] Antoine Beaupré <anarcat@debian.org>: + + * Non-maintainer upload by the LTS Security Team. + * Fix CVE-2019-1000019: Out-of-bounds Read vulnerability in 7zip + decompression, that can result in a crash (denial of service, CWE-125) + * Fix CVE-2019-1000020: vulnerability in ISO9660 parser that can result + in DoS by infinite loop (CWE-835) + 3.1.2-11+deb8u6 [Fri, 21 Dec 2018 22:24:50 +0100] Markus Koschany <apo@debian.org>: * Non-maintainer upload by the LTS team. <http://10.200.17.11/4.2-5/#2657342048021980738>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.2-5] 079358f7e0 Bug #48771: libarchive 3.1.2-11+deb8u7 doc/errata/staging/libarchive.yaml | 28 ++++------------------------ 1 file changed, 4 insertions(+), 24 deletions(-) [4.2-5] a907c6b899 Bug #48771: libarchive 3.1.2-11+deb8u7 doc/errata/staging/libarchive.yaml | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+)
<http://errata.software-univention.de/ucs/4.2/602.html>