1. Forum
  2. Usenet
  3. LINUX.DEBIAN.CHANGES

  • Accepted 7zip 22.01+dfsg-8+deb12u1 (source) into proposed-updates

    From Debian FTP Masters@21:1/5 to All on Sat Oct 19 15:40:01 2024
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    Format: 1.8
    Date: Fri, 18 Oct 2024 01:45:17 +0900
    Source: 7zip
    Architecture: source
    Version: 22.01+dfsg-8+deb12u1
    Distribution: bookworm
    Urgency: medium
    Maintainer: YOKOTA Hiroshi <yokota.hgml@gmail.com>
    Changed-By: YOKOTA Hiroshi <yokota.hgml@gmail.com>
    Changes:
    7zip (22.01+dfsg-8+deb12u1) bookworm; urgency=medium
    .
    * Fix CVE-2023-52168 (buffer overflow) and CVE-2023-52169 (buffer over-read)
    .
    * CVE-2023-52168: heap-based buffer overflow
    NTFS handler allows an attacker to overwrite two bytes at multiple
    offsets beyond the allocated buffer size.
    * CVE-2023-52169: out-of-bounds read
    NTFS handler allows an attacker to read beyond the intended buffer.
    The bytes read beyond the intended buffer are presented as a part of
    a filename listed in the file system image. This has security relevance
    in some known web-service use cases where untrusted users can upload
    files and have them extracted by a server-side 7-Zip process.
    .
    Detailed report about these issues are available at:
    https://dfir.ru/2024/06/19/vulnerabilities-in-7-zip-and-ntfs3/ Checksums-Sha1:
    f7f75209af54714b7278caae7d7e4d14dc53641c 1943 7zip_22.01+dfsg-8+deb12u1.dsc
    1a8238aaa7414f14e655d2d4f86d4988bf2ff71d 12428 7zip_22.01+dfsg-8+deb12u1.debian.tar.xz
    906961708bac0883b2a8af637a5879e7088113f8 5493 7zip_22.01+dfsg-8+deb12u1_source.buildinfo
    Checksums-Sha256:
    1c4de3c09edbe16dcb64664eeca345800f10b2326ecbf899cb6166c1fc00042f 1943 7zip_22.01+dfsg-8+deb12u1.dsc
    db397518db0bc29c5e113f07f07f534d36838cbf1e3a2e88996541c7f97d4010 12428 7zip_22.01+dfsg-8+deb12u1.debian.tar.xz
    6708ab8ea2124325367b5c5cd8157f723af29b6fe695ae880fee7cc8347d4e94 5493 7zip_22.01+dfsg-8+deb12u1_source.buildinfo
    Files:
    b1b82c41cdcca951b0a5b20380ef5ed1 1943 utils optional 7zip_22.01+dfsg-8+deb12u1.dsc
    7c87c66626e9669cbed96db13047d070 12428 utils optional 7zip_22.01+dfsg-8+deb12u1.debian.tar.xz
    d07775932b51ffd2f0665d714ae6736a 5493 utils optional 7zip_22.01+dfsg-8+deb12u1_source.buildinfo
    -----BEGIN PGP SIGNATURE-----

    iQJKBAEBCgA0FiEErjlfKHqxT11VFyPEqem2T5LebcoFAmcRSmYWHHlva290YS5o Z21sQGdtYWlsLmNvbQAKCRCp6bZPkt5tyuJAD/0arH3m+gOHmqDO3g1MNZxrlf+s w2+mxmVkSzsFwgjKYTMLIZTqc1AY6nPbraEBDgqk1D8xPE2PoX8KK61FLwqEDZfV ZBTFWj21PBAXDdxxifRIiW3Fn9VsxuLLJAyIzoxeoT9a6q65fKEhfSv47xoRa0EK wHu4DZt7ZphD7ySWNDJ/CKFUN8UZ1q+LTm6XfWSCkBOWE0Gf/1YHqgwPC4Nk3Psi ONFnAJbuyGMN8v7W1KTk0oQV89XU0j/anrv4wEsxudCwniCw4S7dPcHBBGXM+TLW hbWs56fazrBVijfBeQwzGFJQd/pqNjD2zlUKIIsdF/wX+XdyPDyCXv5HcQd6HUHU TmmANrrUBoLMF6s8SbOQvsJS9Zg+Foayeyl1aSZii9mkkfepI5R2EcPS2YJ38VqV jfz5woVqdCNMI8dL/6wA8821uu51ywYgLoL8CVMkuvllgLUwkIs5g5BrqPbuH72n 1Qm0srnkXuVOTIHr/qt1uJDp/qZ8PejiUKlzlZRT7x4LyGWjgw7bee2wVUC2S5gj 1TL8jfYtgLP/WircWAWKHY5paJhH0hKtpbUdiG2ip9aEbg+jS9tevNKdX/nTdYV/ 2xGYuV1TmGyXvuJpX9DvvuEhhFu6zVUGURCI7D1v86Ywu9O7t13tb4Vce4FS0MO9 lJVHQFBQUApanrgPYg==
    =H7sX
    -----END PGP SIGNATURE-----


    --==============p05826586878106683=Content-Type: application/pgp-signature

    -----BEGIN PGP SIGNATURE-----

    iHUEABYIAB0WIQTziqJOuF8J+ZI8pJSb9qggYcy5IQUCZxO02AAKCRCb9qggYcy5 IcY/AQDji0LyVbgWn9Bfxg9WzqWAqrA/BZvZOHrwiRPnLD6UXwEApbyaL/UMgveC PH6hEfh7QSMM8gJKqLfJ6x0KF3+TUwQ=DHEH
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)