Source: libarchive Version: 3.1.2-11 Severity: grave Tags: security upstream fixed-upstream Justification: user security hole Control: fixed -1 3.2.0-1
Hi, the following vulnerability was published for libarchive. CVE-2016-1541[0]: | Heap-based buffer overflow in the zip_read_mac_metadata function in | archive_read_support_format_zip.c in libarchive before 3.2.0 allows | remote attackers to execute arbitrary code via crafted entry-size | values in a ZIP archive. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-1541 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1541 [1] https://www.kb.cert.org/vuls/id/862384 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
