Bug#778266: marked as done (libarchive: Directory traversal)

[Debian Bug Tracking System]

Your message dated Thu, 05 Mar 2015 15:35:49 +0000
with message-id <e1ytxot-0003y3...@franck.debian.org>
and subject line Bug#778266: fixed in libarchive 3.1.2-11
has caused the Debian Bug report #778266,
regarding libarchive: Directory traversal
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
778266: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778266
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Source: libarchive
Severity: grave
Tags: security

Hi,
please see http://www.openwall.com/lists/oss-security/2015/01/16/7
for details.

Cheers,
        Moritz

--- End Message ---

--- Begin Message ---

Source: libarchive
Source-Version: 3.1.2-11

We believe that the bug you reported is fixed in the latest version of
libarchive, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 778...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Andreas Henriksson <andr...@fatal.se> (supplier of updated libarchive package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 05 Mar 2015 14:54:43 +0100
Source: libarchive
Binary: libarchive-dev libarchive13 bsdtar bsdcpio
Architecture: source amd64
Version: 3.1.2-11
Distribution: unstable
Urgency: medium
Maintainer: Debian Libarchive Maintainers <ah-libarch...@debian.org>
Changed-By: Andreas Henriksson <andr...@fatal.se>
Description:
 bsdcpio    - Implementation of the 'cpio' program from FreeBSD
 bsdtar     - Implementation of the 'tar' program from FreeBSD
 libarchive-dev - Multi-format archive and compression library (development 
files)
 libarchive13 - Multi-format archive and compression library (shared library)
Closes: 778266
Changes:
 libarchive (3.1.2-11) unstable; urgency=medium
 .
   * Add d/p/Add-ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS-option.patch
     (Closes: #778266)
Checksums-Sha1:
 6fb8176c8c93670c233c6905e64dabcafcc224f3 2285 libarchive_3.1.2-11.dsc
 7ec2ec21417ce9c1da5da023a73367abe87de99f 14436 
libarchive_3.1.2-11.debian.tar.xz
 2fb0945694bc7a07ab7e86e969913d5cd892ef6d 432964 
libarchive-dev_3.1.2-11_amd64.deb
 2e65b7744d0f625365bc3f02a394549fad7908cc 268900 libarchive13_3.1.2-11_amd64.deb
 5a4a18ac4f165de13e847a00f63d681b86d83f8c 53406 bsdtar_3.1.2-11_amd64.deb
 090903b87f34cd9f5575742a2c94ed309b2b7cd3 39068 bsdcpio_3.1.2-11_amd64.deb
Checksums-Sha256:
 7755deede3e7646e1c9002faee730eacd560e45dd42b1daa5df25877534df576 2285 
libarchive_3.1.2-11.dsc
 bca89d9154472794e4046972b58cd3307bac86ac085ae6717af8e03d90092532 14436 
libarchive_3.1.2-11.debian.tar.xz
 d7e4acdd2ecc702128da04da6a1d3082d0a27ae09c363d0845c16571e6ecb070 432964 
libarchive-dev_3.1.2-11_amd64.deb
 2d8c2e3be06b341488ee588f7fd70f48ace24503c374c54bfe87950a7a9cd5b8 268900 
libarchive13_3.1.2-11_amd64.deb
 2d395b183b2d9a3d2138b5e23f2b4e2c067e99de3ddf5ee8205a46b4acc26b34 53406 
bsdtar_3.1.2-11_amd64.deb
 fb67264fa603d49938b5abfd48a8502b558cfffec197462415b13912d1094f92 39068 
bsdcpio_3.1.2-11_amd64.deb
Files:
 2ed7166094dec5f603892cd704399667 2285 libs optional libarchive_3.1.2-11.dsc
 2b4ef1c52fb083cc43fc1ca846fdbaaf 14436 libs optional 
libarchive_3.1.2-11.debian.tar.xz
 0afa864db15ca0b3673fb9b05eca1acc 432964 libdevel optional 
libarchive-dev_3.1.2-11_amd64.deb
 c37d4337087992e8bfeec23affaa25f7 268900 libs optional 
libarchive13_3.1.2-11_amd64.deb
 ce89d7660d7f228169c461eed45335b4 53406 utils optional bsdtar_3.1.2-11_amd64.deb
 6425f1eccf8d5b7c6053b5bef32dd05c 39068 utils optional 
bsdcpio_3.1.2-11_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJU+GKyAAoJEAvEfcZNE1MG4HYP/3E3p9n4N0u3rVZY6TQAUjeN
XZrpqV3xf5DYRH1ysIg9T1Cwp/UsXpkYifh+5oOgtx9PUmXhWuxGo024HRgP9nDv
tNpLJ6CkEaPsc4Za/FFVWvX9M+TcPs1emM6QDKJeXugZoHBDVUBKf0WsoPeSAIx9
u7R2jEx1K1hMBdVF2i8zhoo8aoLWTI0xRvRZMmveEzD1s7LslPuQj4jNTAtvFlu8
dZMEZ4K5w/yvn4GpRoj3h47OvF6//hv2lZdJlNtOvmrZhJcIch6ZR4G5FBiQZHDs
HXR3kwCGK+vJAgnTbVtP8fsvKoGTvXHQcKXxBqfEkmBpV7ijkx3G9S+Tnrs/A3qL
sqcp+bwX+ehftTsWf9hm4UrHTqvfdPH+iM+NiDD7Y8iIr5GYm1JdwExW2iNbwyaP
pPt3Cxt0zA5b9Wy2bFCNutVBJdOnq/1xyZO8SST0XFknmL0zKXrlDmn3lQJQrR/B
vPkUyPEnjwCDj7nFg/+Br5XKmf9Cnuwkdy1G1WwBm0WtOGnj//n7pMCpEmnhLBVp
2F/337/P3bzQntpWZ/bbXc/mzAGCAC0e4s1xNVFRh7g1kJDX0Ewuq/6zMok1B0wB
BfChUn8acCdAGzZ22U4+9ZjIAn9F3/34zehCdK3aK+6xWpyqN/JQls+utxqzw7P5
KcTysX54iDJI/4hMguKV
=iS9G
-----END PGP SIGNATURE-----

--- End Message ---