Source: libarchive Version: 3.4.3-2 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi, The following vulnerability was published for libarchive. CVE-2021-36976[0]: | libarchive 3.4.1 through 3.5.1 has a use-after-free in copy_string | (called from do_uncompress_block and process_block). If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2021-36976 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36976 [1] https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32375 [2] https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libarchive/OSV-2021-557.yaml Please adjust the affected versions in the BTS as needed. Regards, Salvatore
