-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 02 Jun 2024 16:38:00 +0200 Source: libarchive Architecture: source Version: 3.6.2-1+deb12u1 Distribution: bookworm-security Urgency: high Maintainer: Peter Pentchev Changed-By: Salvatore Bonaccorso Closes: 1068047 1072107 Changes: libarchive (3.6.2-1+deb12u1) bookworm-security; urgency=high . [ Peter Pentchev ] * Add the robust-error-reporting upstream patch. Closes: #1068047 . [ Salvatore Bonaccorso ] * fix: OOB in rar e8 filter (CVE-2024-26256) (Closes: #1072107) * fix: OOB in rar delta filter * fix: OOB in rar audio filter Checksums-Sha1: e6e5f6b4c5fed869bf40f1a0113cf5684c0b02c5 2695 libarchive_3.6.2-1+deb12u1.dsc 35c971132e4ecb1679418d1713e328e415aac569 5213196 libarchive_3.6.2.orig.tar.xz 9c5ae31f3a3850ea301c1db8ccbd312f01e572ff 659 libarchive_3.6.2.orig.tar.xz.asc 07d4afb2b8e42d113a1d2732ef81df40d949931b 26708 libarchive_3.6.2-1+deb12u1.debian.tar.xz Checksums-Sha256: 48516b52965a717d939b65493b7b148b1620045e4c69e4ace2caa199f9ec6b8d 2695 libarchive_3.6.2-1+deb12u1.dsc 9e2c1b80d5fbe59b61308fdfab6c79b5021d7ff4ff2489fb12daf0a96a83551d 5213196 libarchive_3.6.2.orig.tar.xz c6f1cdc29571dd6b09d3776ae98404a81b2dbe970a2bd9dc0bd9ed183ca49b71 659 libarchive_3.6.2.orig.tar.xz.asc 41de35dcf0e1b69654ecdb43de18d3f8ba531340b45555a3e0ba2d822903623e 26708 libarchive_3.6.2-1+deb12u1.debian.tar.xz Files: 9ddad72db13414cb29f3b880e4514662 2695 libs optional libarchive_3.6.2-1+deb12u1.dsc 72cbb3c085624c825f627bfc8f52ce53 5213196 libs optional libarchive_3.6.2.orig.tar.xz fce14a9cae1725d38f714aa23a48e7da 659 libs optional libarchive_3.6.2.orig.tar.xz.asc 3b8b3bea2e56e1fe7d21e1083016d8f6 26708 libs optional libarchive_3.6.2-1+deb12u1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmZchLFfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89EIxMQAIVQztvCD+HoX2yDSqSgxOXycQ+mm6TJ hAaY/9GgJOghFUY+riDwvUi8e0hTG1BDuuUPp6Qn1mGxWkR5+oS39Wvn/ecoZgA1 Sox5SiyUYZ6sjlL/mBLms+cRWrSoIsEKFxtZctWSgvTlB7Azkv4gF4fGYcsENJdq cgBmJoh7wGYquSMggkXxUoL+tfmWJlWe2CMhU+N7RvRqHhSeCn/zVycEDsH1VHgE 3/KbqAGdoqJ6jazFkou3J/DnZuZxX+CVDp6QFaKldmdD+A5fEsXT86lzDtM2y1LA J06SUDiENJ913kmYhH0k3qdkUnoOPKkJyLu5s4YZn4rd2KOsbRxwqeEMcRbe+oIK 0ktnTUDLRZfZpDClxY1jNPrxIh8IUJ0OWN6W1vIJhyzAQ0raj7qzAKLXc8aHyWv/ qh9JBtKsZWQh9Dx72LMiNt655M0z4fpi0aWuBa7r9VObXJcqvKLXdzN8eTAJd2SU Idy0qAUVdCpTVNrxONfysVxYEQV4/c+EQ18YpElQP+fCsKNA8gZrKxg1Jg4sZvzd A2XGByLdTzCoZ+RrM5ekJT35+hgNbyZIJPcbnM33KvslttHim4Myrx0mGqghfZj4 8IQWpj5acIhIpQjifN2/tAmf8Eut3iiLgKizBgz1HXYhJIHwdr2HwL4B0txSg3nN DilLS/tVX7e3 =Lu6c -----END PGP SIGNATURE-----