[ubuntu/focal-proposed] libarchive 3.4.0-1ubuntu1 (Accepted)

Leonidas S. Barbosa leo.barbosa at canonical.com
Wed Mar 4 15:54:20 UTC 2020 

libarchive (3.4.0-1ubuntu1) focal; urgency=medium

  * SECURITY UPDATE: Out-of-read and Denial of service
    - debian/patches/CVE-2019-19221.patch: Bugfix and optimize
      archive_wstring_append_from_mbs() in libarchive/archive_string.c.
    - CVE-2019-19221
  * SECURITY UPDATE: SIGSEGV denial of service
    - debian/patches/CVE-2020-9308.patch: reject files that
      declare invalid header flags fix in
      libarchive/archive_read_support_format_rar5.c,
      libarchive/test/test_read_format_rar5.c,
      libarchive/test/test_read_format_rar5_block_size_is_too_small.rar.uu.
    - CVE-2020-9308

Date: Wed, 04 Mar 2020 12:32:51 -0300
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/libarchive/3.4.0-1ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 04 Mar 2020 12:32:51 -0300
Source: libarchive
Architecture: source
Version: 3.4.0-1ubuntu1
Distribution: focal
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Leonidas S. Barbosa <leo.barbosa at canonical.com>
Changes:
 libarchive (3.4.0-1ubuntu1) focal; urgency=medium
 .
   * SECURITY UPDATE: Out-of-read and Denial of service
     - debian/patches/CVE-2019-19221.patch: Bugfix and optimize
       archive_wstring_append_from_mbs() in libarchive/archive_string.c.
     - CVE-2019-19221
   * SECURITY UPDATE: SIGSEGV denial of service
     - debian/patches/CVE-2020-9308.patch: reject files that
       declare invalid header flags fix in
       libarchive/archive_read_support_format_rar5.c,
       libarchive/test/test_read_format_rar5.c,
       libarchive/test/test_read_format_rar5_block_size_is_too_small.rar.uu.
     - CVE-2020-9308
Checksums-Sha1:
 ed71cf9e74727af18b20abc5bb556c65025e77e2 2619 libarchive_3.4.0-1ubuntu1.dsc
 bd23c013dc46c1cb0c3759420f800ad9732e2695 40468 libarchive_3.4.0-1ubuntu1.debian.tar.xz
 eca4f0bc9aa23bf7ba3738d1be8f1d3719ae104e 6461 libarchive_3.4.0-1ubuntu1_source.buildinfo
Checksums-Sha256:
 6b2d3558d9218d8abd40a101f15a0aaee4546cfc8d8bbea270ca0c644e9d1c01 2619 libarchive_3.4.0-1ubuntu1.dsc
 28684153d3333119ac913dd952a15a9b7465a2667ea1fe45c64d3f2da57a0b6e 40468 libarchive_3.4.0-1ubuntu1.debian.tar.xz
 440d6296b5c7051822840e8d4231600774592363761ca56c959564d19245d408 6461 libarchive_3.4.0-1ubuntu1_source.buildinfo
Files:
 ca2fc24df88b828e3d3b20ebfb984822 2619 libs optional libarchive_3.4.0-1ubuntu1.dsc
 c2a7d7b2c7999d5bad30feae5d2cb7a9 40468 libs optional libarchive_3.4.0-1ubuntu1.debian.tar.xz
 f8064e2991bc4bd0ed0984da28cab325 6461 libs optional libarchive_3.4.0-1ubuntu1_source.buildinfo
Original-Maintainer: Peter Pentchev <roam at debian.org>

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl5fziAACgkQZWnYVadE
vpNLlg//WKB2c8LO2QnmzLtT2LahARh5E4OWJyRRR9p1kMTB1GKIuiRu4AmrLFae
9jo8JYbmDsjYfzo60AYHZ4P6hTbcrNpysntowRd9NT1KrTj6AS8ruJt7vdPEzhqc
AKP0G+GpkeSavN47ulfo1+5rQR892aE8Kbqknm3NXIgbSkqv06QGVlfcmh8gvBNe
5DcwJvd3y8L/O+Rw6iiYAQCLzu4WCooW6nPe4mzEQkjF1bB1bMwKTjUOBKDX0VS6
6oD7lJMpgrqWoNIS5z1r1fYQr68Gw4j3OPPQMzsi2Qk43ZkmgDCMLvXQZ2zlqOvK
uzvx2pkpUi2M+rdUN2MhB6eBXrdZCPwweSILxz5y2MdnozKV9rvwLLFa9JoPY/BW
mz3ZGZrk86ewwYLnxojKTumZPzX5jzlBGaiy5rhiX/T3w/Fgy1QZsEtI9+2ssS3A
N61Aj+RFTNEhjeAUpSUPFIslQPQ54QH4q4y4F7PVNcnD6XloOnxPUDVNww42EOQl
Fb9yUNVWlbOU4hPapK6BanMd4hz8OuNTctBY11Xd/yiZx9GOLN8VpgRGoPqtsWj6
7FCksNFb+U6/4/XAZNyTzk0vNEtRzkDcl3mXbD3NMFFELxp9unO8n8iRlEG9Sjac
2HWrCXMT5DS+42bkQwlsAcXX15UR61JDXWQfVmhHwMTfXZxItok=
=N+uK
-----END PGP SIGNATURE-----

More information about the Focal-changes mailing list