[ubuntu/questing-updates] libarchive 3.7.7-0ubuntu3.1 (Accepted)
Ubuntu Archive Robot
ubuntu-archive-robot at lists.canonical.com
Thu Apr 2 22:28:25 UTC 2026
libarchive (3.7.7-0ubuntu3.1) questing-security; urgency=medium
* SECURITY UPDATE: Out-of-bounds read during streamed archive skipping
- debian/patches/CVE-2025-5918-1.patch: Prevent EOF-skipping in
libarchive/archive_read_open_fd.c, libarchive/archive_read_open_file.c,
libarchive/archive_read_open_filename.c, add relevant tests in
libarchive/test/test_read_format_rar.c
- debian/patches/CVE-2025-5918-2.patch: Fix file skip offset handling in
libarchive/archive_read_open_file.c
- CVE-2025-5918
* SECURITY UPDATE: Unbounded memory allocation during bsdtar substitution
processing
- debian/patches/CVE-2025-60753.patch: Advance zero-length matches in
tar/subst.c and add tests in tar/test/test_option_s.c
- CVE-2025-60753
* SECURITY UPDATE: Infinite loop during RAR5 decompression
- debian/patches/CVE-2026-4111.patch: Filter bounds in
libarchive/archive_read_support_format_rar5.c and add loop regression
tests in libarchive/test/test_read_format_rar5_loop_bug.c,
libarchive/test/test_read_format_rar5_loop_bug.rar.uu
- CVE-2026-4111
Date: 2026-04-02 13:26:39.160755+00:00
Changed-By: Shafayat Hossain Majumder <shafayat.majumder at canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/libarchive/3.7.7-0ubuntu3.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Questing-changes
mailing list