libarchive 3.1.2-11ubuntu0.16.04.3 source package in Ubuntu
Changelog
libarchive (3.1.2-11ubuntu0.16.04.3) xenial-security; urgency=medium * SECURITY UPDATE: arbitrary file write via hardlink entries - debian/patches/CVE-2016-5418-1.patch: enforce sandbox with very long pathnames in libarchive/archive_write_disk_posix.c. - debian/patches/CVE-2016-5418-2.patch: fix path handling in libarchive/archive_write_disk_posix.c. - debian/patches/CVE-2016-5418-3.patch: add test cases to Makefile.am, libarchive/test/CMakeLists.txt, libarchive/test/main.c, libarchive/test/test.h, libarchive/test/test_write_disk_secure744.c, libarchive/test/test_write_disk_secure745.c, libarchive/test/test_write_disk_secure746.c. - debian/patches/CVE-2016-5418-4.patch: fix testcases in libarchive/test/test_write_disk_secure745.c, libarchive/test/test_write_disk_secure746.c. - debian/patches/CVE-2016-5418-5.patch: correct PATH_MAX usage in libarchive/archive_write_disk_posix.c. - CVE-2016-5418 * SECURITY UPDATE: denial of service and possible code execution when writing an ISO9660 archive - debian/patches/CVE-2016-6250.patch: check for overflow in libarchive/archive_write_set_format_iso9660.c. - CVE-2016-6250 * SECURITY UPDATE: denial of service via recursive decompression - debian/patches/CVE-2016-7166.patch: limit number of filters in libarchive/archive_read.c, added test to Makefile.am, libarchive/test/CMakeLists.txt, libarchive/test/test_read_too_many_filters.c, libarchive/test/test_read_too_many_filters.gz.uu. - CVE-2016-7166 * SECURITY UPDATE: denial of service via non-printable multibyte character in a filename - debian/patches/CVE-2016-8687.patch: expand buffer size in tar/util.c. - CVE-2016-8687 * SECURITY UPDATE: denial of service via multiple long lines - debian/patches/CVE-2016-8688.patch: fix bounds in libarchive/archive_read_support_format_mtree.c, added test to Makefile.am, libarchive/test/CMakeLists.txt, libarchive/test/test_read_format_mtree_crash747.c, libarchive/test/test_read_format_mtree_crash747.mtree.bz2.uu. - CVE-2016-8688 * SECURITY UPDATE: denial of service via multiple EmptyStream attributes - debian/patches/CVE-2016-8689.patch: reject files with multiple markers in libarchive/archive_read_support_format_7zip.c. - CVE-2016-8689 * SECURITY UPDATE: denial of service via invalid compressed file size - debian/patches/CVE-2017-5601.patch: add check to libarchive/archive_read_support_format_lha.c. - CVE-2017-5601 -- Marc Deslauriers <email address hidden> Thu, 09 Mar 2017 11:01:45 -0500
Upload details
- Uploaded by:
- Marc Deslauriers
- Uploaded to:
- Xenial
- Original maintainer:
- Ubuntu Developers
- Architectures:
- any
- Section:
- libs
- Urgency:
- Medium Urgency
See full publishing history Publishing
Series | Published | Component | Section |
---|
Downloads
File | Size | SHA-256 Checksum |
---|---|---|
libarchive_3.1.2.orig.tar.gz | 4.3 MiB | eb87eacd8fe49e8d90c8fdc189813023ccc319c5e752b01fb6ad0cc7b2c53d5e |
libarchive_3.1.2-11ubuntu0.16.04.3.debian.tar.xz | 38.6 KiB | 2d5b4f2dac2e0581c8e49f45e5de08c71b106a7a185dc3fbd8a55b83b6b085c7 |
libarchive_3.1.2-11ubuntu0.16.04.3.dsc | 2.4 KiB | ef8a3ac52bccecf473345c9e5c8ae75a4c79e950eefcc4e01c24a9f9687c0aaa |
Available diffs
Binary packages built by this source
- bsdcpio: Implementation of the 'cpio' program from FreeBSD
The bsdcpio program is the default system 'cpio' program used on FreeBSD.
bsdcpio uses the libarchive library as a backend which does all of the work for
reading and writing archives in various formats.
- bsdcpio-dbgsym: debug symbols for package bsdcpio
The bsdcpio program is the default system 'cpio' program used on FreeBSD.
bsdcpio uses the libarchive library as a backend which does all of the work for
reading and writing archives in various formats.
- bsdtar: Implementation of the 'tar' program from FreeBSD
The bsdtar program is the default system 'tar' program used on FreeBSD. bsdtar
uses the libarchive library as a backend which does all of the work for reading
and writing archives in various formats.
- bsdtar-dbgsym: debug symbols for package bsdtar
The bsdtar program is the default system 'tar' program used on FreeBSD. bsdtar
uses the libarchive library as a backend which does all of the work for reading
and writing archives in various formats.
- libarchive-dev: Multi-format archive and compression library (development files)
The libarchive library provides a flexible interface for reading and writing
archives in various formats such as tar and cpio. libarchive also supports
reading and writing archives compressed using various compression filters such
as gzip and bzip2. The library is inherently stream-oriented; readers serially
iterate through the archive, writers serially add things to the archive.
.
Archive formats supported are:
.
* tar (read and write, including GNU extensions)
* pax (read and write, including GNU and star extensions)
* cpio (read and write, including odc and newc variants)
* iso9660 (read and write, including Joliet and Rockridge extensions, with
some limitations)
* zip (read only, with some limitations, uses zlib)
* mtree (read and write)
* shar (write only)
* ar (read and write, including BSD and GNU/SysV variants)
* empty (read only; in particular, note that no other format will accept an
empty file)
* raw (read only)
* xar (read only)
* rar (read only, with some limitations)
* 7zip (read and write, with some limitations)
.
Filters supported are:
.
* gzip (read and write, uses zlib)
* bzip2 (read and write, uses bzlib)
* compress (read and write, uses an internal implementation)
* uudecode (read only)
* separate command-line compressors with fixed-signature auto-detection
* xz and lzma (read and write using liblzma)
.
This package provides the files necessary for development with libarchive.
- libarchive13: Multi-format archive and compression library (shared library)
The libarchive library provides a flexible interface for reading and writing
archives in various formats such as tar and cpio. libarchive also supports
reading and writing archives compressed using various compression filters such
as gzip and bzip2. The library is inherently stream-oriented; readers serially
iterate through the archive, writers serially add things to the archive.
.
Archive formats supported are:
.
* tar (read and write, including GNU extensions)
* pax (read and write, including GNU and star extensions)
* cpio (read and write, including odc and newc variants)
* iso9660 (read and write, including Joliet and Rockridge extensions, with
some limitations)
* zip (read only, with some limitations, uses zlib)
* mtree (read and write)
* shar (write only)
* ar (read and write, including BSD and GNU/SysV variants)
* empty (read only; in particular, note that no other format will accept an
empty file)
* raw (read only)
* xar (read only)
* rar (read only, with some limitations)
* 7zip (read and write, with some limitations)
.
Filters supported are:
.
* gzip (read and write, uses zlib)
* bzip2 (read and write, uses bzlib)
* compress (read and write, uses an internal implementation)
* uudecode (read only)
* separate command-line compressors with fixed-signature auto-detection
* xz and lzma (read and write using liblzma)
.
This package provides the libarchive shared library.
- libarchive13-dbgsym: debug symbols for package libarchive13
The libarchive library provides a flexible interface for reading and writing
archives in various formats such as tar and cpio. libarchive also supports
reading and writing archives compressed using various compression filters such
as gzip and bzip2. The library is inherently stream-oriented; readers serially
iterate through the archive, writers serially add things to the archive.
.
Archive formats supported are:
.
* tar (read and write, including GNU extensions)
* pax (read and write, including GNU and star extensions)
* cpio (read and write, including odc and newc variants)
* iso9660 (read and write, including Joliet and Rockridge extensions, with
some limitations)
* zip (read only, with some limitations, uses zlib)
* mtree (read and write)
* shar (write only)
* ar (read and write, including BSD and GNU/SysV variants)
* empty (read only; in particular, note that no other format will accept an
empty file)
* raw (read only)
* xar (read only)
* rar (read only, with some limitations)
* 7zip (read and write, with some limitations)
.
Filters supported are:
.
* gzip (read and write, uses zlib)
* bzip2 (read and write, uses bzlib)
* compress (read and write, uses an internal implementation)
* uudecode (read only)
* separate command-line compressors with fixed-signature auto-detection
* xz and lzma (read and write using liblzma)
.
This package provides the libarchive shared library.