Groups
Sign in
Groups
linux.debian.bugs.dist
Conversations
About
Send feedback
Help
info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Learn more
Bug#1008953: libarchive: CVE-2022-26280
8 views
Skip to first unread message
Salvatore Bonaccorso
unread,
Apr 4, 2022, 4:10:03 PM
4/4/22
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Sign in to report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to
Source: libarchive
Version: 3.6.0-1
Severity: important
Tags: security upstream
Forwarded:
https://github.com/libarchive/libarchive/issues/1672
X-Debbugs-Cc:
car...@debian.org
, Debian Security Team <
te...@security.debian.org
>
Control: found -1 3.4.3-2+deb11u1
Control: found -1 3.4.0-1
Hi,
The following vulnerability was published for libarchive.
CVE-2022-26280[0]:
| Libarchive v3.6.0 was discovered to contain an out-of-bounds read via
| the component zipx_lzma_alone_init.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0]
https://security-tracker.debian.org/tracker/CVE-2022-26280
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26280
[1]
https://github.com/libarchive/libarchive/issues/1672
[2]
https://github.com/libarchive/libarchive/commit/cfaa28168a07ea4a53276b63068f94fce37d6aff
Regards,
Salvatore
Christian Göttsche
unread,
Nov 10, 2022, 1:20:03 PM
11/10/22
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Sign in to report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to
Kindly ping.
Upstream released a new version (3.6.1) with the fix included 7 month ago.
0 new messages