[SECURITY] [DLA 166-1] libarchive security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 166-1] libarchive security update
From: Thorsten Alteholz <debian@alteholz.de>
Date: Sat, 7 Mar 2015 17:01:51 +0100 (CET)
Message-id: <[🔎] alpine.DEB.2.02.1503071700280.6596@jupiter.server.alteholz.net>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : libarchive
Version        : 2.8.4.forreal-1+squeeze3
CVE ID         : not yet assigned
Debian Bug     : 778266

Alexander Cherepanov discovered that bsdcpio, an implementation of the
'cpio' program part of the libarchive project, is susceptible to a
directory traversal vulnerability via absolute paths.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQJ8BAEBCgBmBQJU+yDvXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHOXIQAKtfAic1PnTpNjjpaLJI/Xr1
hXCzh3EAF3qTHuOkn4mVR1VUKUaTIFN2zVfP0wwI2qY1DyquWirYVlFYXU1g2CD7
r+Qmd8fLjXhN4OImLKMUMfioyF4fqWerlolsWpnO/CuKWj2OMambOBGPU+3cNpeg
SpRj52RVwyPN9sJBnmxPZO/9TXSmmW9PEpppYvfjEqvg3oJCe2LYLBRwygicYFBF
7x7IgOLvsK2bdrkkAPUimqgB+OrKaQK6GZ2EH/XzfYVoYXYZEmi4FA0+/AqgTJJi
5qM2H7gaNV2wafyOxvOyXKdAHq6hoBRA8p6E+sIYYPzjv1fVJ+xqHDK65YXIbMOM
qTxKwC9tuNIW+eSOwEZVMvDEMCKS+WWejcNf6RRgxkwunU8SJtC1+6a1oOjvemUQ
VZjRXvGlZzqxZKkM2uCgzS0iGSvIGUpejUjsNzdy6OKAgVixs9u9oIYt2wcY3vWM
ok1Qm2p/CT901B6oUtvH7r7ymIZPU0E2DGMryfnFdga0z2WsDOEqkYTNXnAefcWP
vJjPwSNLtNV0EYVHt/CNOEa/o0UBr4hmeiUIMvs7okO1GZPJ1CW4T/QkW/b6cF//
2ETfjDl5hZv2ZtXOCIAzt/m/YDqIRpckhhOer4LzZbHBf/67/SqlmuozX7v4BMm3
N7tcl60NH9xh7/3vn3vv
=XWzt
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 165-1] eglibc security update
Next by Date: [SECURITY] [DLA 167-1] redcloth security update
Previous by thread: [SECURITY] [DLA 165-1] eglibc security update
Next by thread: [SECURITY] [DLA 167-1] redcloth security update
Index(es):
- Date
- Thread