UbuntuUpdates.org

Package "bsdcpio"

Name: bsdcpio

Description:

transitional dummy package for moving bsdcpio to libarchive-tools
Latest version: 3.2.2-3.1ubuntu0.7
Release: bionic (18.04)
Level: security
Repository: universe
Head package: libarchive
Homepage: http://www.libarchive.org/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "bsdcpio"

All arch deb package
APT INSTALL

Other versions of "bsdcpio" in Bionic

Repository Area Version
base universe 3.2.2-3.1
updates universe 3.2.2-3.1ubuntu0.7

Changelog

Version: 3.2.2-3.1ubuntu0.7 2021-06-07 17:06:31 UTC

  libarchive (3.2.2-3.1ubuntu0.7) bionic-security; urgency=medium

  * Add metadata support to fix issues with gnome-autoar security update
    (LP: #1929304)
    - debian/patches/metadata_support.patch: support reading metadata from
      compressed files.

 -- Marc Deslauriers <email address hidden> Fri, 04 Jun 2021 10:37:49 -0400
Source diff to previous version
1929304 file-roller / gnome archive manager fails to extract

Version: 3.2.2-3.1ubuntu0.6 2020-03-02 15:06:59 UTC

  libarchive (3.2.2-3.1ubuntu0.6) bionic-security; urgency=medium

  * SECURITY UPDATE: Out-of-read and Denial of service
    - debian/patches/CVE-2019-19221.patch: Bugfix and optimize
      archive_wstring_append_from_mbs() in libarchive/archive_string.c.
    - CVE-2019-19221

 -- <email address hidden> (Leonidas S. Barbosa) Thu, 20 Feb 2020 14:46:13 -0300
Source diff to previous version
CVE-2019-19221 In Libarchive 3.4.0, archive_wstring_append_from_mbs in archive_string.c has an out-of-bounds read because of an incorrect mbrtowc or mbtowc call. Fo

Version: 3.2.2-3.1ubuntu0.5 2019-10-29 19:06:27 UTC

  libarchive (3.2.2-3.1ubuntu0.5) bionic-security; urgency=medium

  * SECURITY UPDATE: Use-after-free
    - debian/patches/CVE-2019-18408.patch: RAR reader: fix use after free
      in libarchive/archive_read_support_format_rar.c.
    - CVE-2019-18408

 -- <email address hidden> (Leonidas S. Barbosa) Mon, 28 Oct 2019 10:50:50 -0300
Source diff to previous version
CVE-2019-18408 archive_read_format_rar_read_data in archive_read_support_format_rar.c in libarchive before 3.4.0 has a use-after-free in a certain ARCHIVE_FAILED si

Version: 3.2.2-3.1ubuntu0.3 2019-02-07 13:07:34 UTC

  libarchive (3.2.2-3.1ubuntu0.3) bionic-security; urgency=medium

  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2019-1000019.patch: fix in
      libarchive/archive_read_support_format_7zip.c.
    - CVE-2019-1000019
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2019-1000020.patch: fix in
      libarchive/archive_read_support_format_iso9660.c.
    - CVE-2019-1000020

 -- <email address hidden> (Leonidas S. Barbosa) Wed, 06 Feb 2019 08:54:50 -0300
Source diff to previous version
CVE-2019-1000019 libarchive version commit bf9aec176c6748f0ee7a678c5f9f9555b9a757c1 onwards (release v3.0.2 onwards) contains a CWE-125: Out-of-bounds Read vulnerabil
CVE-2019-1000020 libarchive version commit 5a98dcf8a86364b3c2c469c85b93647dfb139961 onwards (version v2.8.0 onwards) contains a CWE-835: Loop with Unreachable Exit Co

Version: 3.2.2-3.1ubuntu0.2 2019-01-15 15:06:37 UTC

  libarchive (3.2.2-3.1ubuntu0.2) bionic-security; urgency=medium

  * SECURITY UPDATE: Out-of-bounds read
    - debian/patches/CVE-2017-14502.patch: fix in
      libarchive/archive_read_support_format_rar.c.
    - CVE-2017-14502
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2018-1000877.patch: fix in
      libarchive/archive_read_support_format_rar.c.
    - CVE-2018-1000877
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2018-1000878.patch: fix in
      libarchive/archive_read_support_format_rar.c.
    - CVE-2018-1000878
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2018-1000880.patch: fix in
      libarchive/archive_read_support_format_warc.c.
    - CVE-2018-1000880

 -- <email address hidden> (Leonidas S. Barbosa) Mon, 14 Jan 2019 09:53:14 -0300
CVE-2017-14502 read_header in archive_read_support_format_rar.c in libarchive 3.3.2 suffers from an off-by-one error for UTF-16 names in RAR archives, leading to an
CVE-2018-1000877 libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-415: Double Free vulnerability in
CVE-2018-1000878 libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-416: Use After Free vulnerability
CVE-2018-1000880 libarchive version commit 9693801580c0cf7c70e862d305270a16b52826a7 onwards (release v3.2.0 onwards) contains a CWE-20: Improper Input Validation vuln


About   -   Send Feedback to @ubuntu_updates