Source: libarchive Version: 3.2.1-2 Severity: grave Tags: security upstream patch
Hi, the following vulnerability was published for libarchive. CVE-2016-5418[0]: |Archive Entry with type 1 (hardlink), but has a non-zero data size |file overwrite This corresponds to [1] and [2], which is upstream as [3]. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-5418 [1] https://git.centos.org/blob/rpms!libarchive.git/9952851f8b327a8c93d26a5873c190c1fb09ae6c/SOURCES!libarchive-3.1.2-CVE-2016-5418.patch;jsessionid=1dexz8h9qdewibih5aonbu3 [2] https://git.centos.org/blob/rpms!libarchive.git/9952851f8b327a8c93d26a5873c190c1fb09ae6c/SOURCES!libarchive-3.1.2-CVE-2016-5418-variation.patch;jsessionid=1dexz8h9qdewibih5aonbu3 [3] https://github.com/libarchive/libarchive/commit/dfd6b54ce33960e420fb206d8872fb759b577ad9 Please adjust the affected versions in the BTS as needed. jessie version has not been checked yet, but is probably similar affected. Regards, Salvatore
