I will upload a fix to unstable shortly. However, it sounds like this could also impact the version in stable, so CCing [EMAIL PROTECTED]
On Fri July 13 2007 12:11:39 am Florian Weimer wrote: > Package: libarchive1 > Version: 2.2.3-1 > Tags: security > Severity: grave > > FreeBSD has disclosed several security problems in libarchive: > | Several problems have been found in the code used to parse the tar and > | pax interchange formats. These include entering an infinite loop if an > | archive prematurely ends within a pax extension header or if certain > | types of corruption occur in pax extension headers [CVE-2007-3644]; > | dereferencing a NULL pointer if an archive prematurely ends within a > | tar header immediately following a pax extension header or if certain > | other types of corruption occur in pax extension headers > | [CVE-2007-3645]; and miscomputing the length of a buffer resulting in a > | buffer overflow if yet another type of corruption occurs in a pax > | extension header [CVE-2007-3641]. > > Please mention the CVE names when fixing these bugs. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
