Source: libarchive Version: 3.2.1-5 Severity: grave Tags: upstream security patch Justification: user security hole
Hi, the following vulnerability was published for libarchive. CVE-2017-5601[0]: | An error in the lha_read_file_header_1() function | (archive_read_support_format_lha.c) in libarchive 3.2.2 allows remote | attackers to trigger an out-of-bounds read memory access and | subsequently cause a crash via a specially crafted archive. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. Once fixed for sid, can you please ask for an unblock so we have the fix for the upcoming stable release stretch as well? For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-5601 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
