Accepted 7zip 22.01+dfsg-8+deb12u1 (source) into proposed-updates

To: debian-changes@lists.debian.org
Subject: Accepted 7zip 22.01+dfsg-8+deb12u1 (source) into proposed-updates
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Sat, 19 Oct 2024 13:32:08 +0000
Message-id: <[🔎] E1t29Yu-00BXjg-I2@fasolo.debian.org>
Mail-followup-to: debian-devel@lists.debian.org
Reply-to: debian-devel@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 18 Oct 2024 01:45:17 +0900
Source: 7zip
Architecture: source
Version: 22.01+dfsg-8+deb12u1
Distribution: bookworm
Urgency: medium
Maintainer: YOKOTA Hiroshi <yokota.hgml@gmail.com>
Changed-By: YOKOTA Hiroshi <yokota.hgml@gmail.com>
Changes:
 7zip (22.01+dfsg-8+deb12u1) bookworm; urgency=medium
 .
   * Fix CVE-2023-52168 (buffer overflow) and CVE-2023-52169 (buffer over-read)
 .
     * CVE-2023-52168: heap-based buffer overflow
         NTFS handler allows an attacker to overwrite two bytes at multiple
         offsets beyond the allocated buffer size.
     * CVE-2023-52169: out-of-bounds read
         NTFS handler allows an attacker to read beyond the intended buffer.
         The bytes read beyond the intended buffer are presented as a part of
         a filename listed in the file system image. This has security relevance
         in some known web-service use cases where untrusted users can upload
         files and have them extracted by a server-side 7-Zip process.
 .
     Detailed report about these issues are available at:
     https://dfir.ru/2024/06/19/vulnerabilities-in-7-zip-and-ntfs3/
Checksums-Sha1:
 f7f75209af54714b7278caae7d7e4d14dc53641c 1943 7zip_22.01+dfsg-8+deb12u1.dsc
 1a8238aaa7414f14e655d2d4f86d4988bf2ff71d 12428 7zip_22.01+dfsg-8+deb12u1.debian.tar.xz
 906961708bac0883b2a8af637a5879e7088113f8 5493 7zip_22.01+dfsg-8+deb12u1_source.buildinfo
Checksums-Sha256:
 1c4de3c09edbe16dcb64664eeca345800f10b2326ecbf899cb6166c1fc00042f 1943 7zip_22.01+dfsg-8+deb12u1.dsc
 db397518db0bc29c5e113f07f07f534d36838cbf1e3a2e88996541c7f97d4010 12428 7zip_22.01+dfsg-8+deb12u1.debian.tar.xz
 6708ab8ea2124325367b5c5cd8157f723af29b6fe695ae880fee7cc8347d4e94 5493 7zip_22.01+dfsg-8+deb12u1_source.buildinfo
Files:
 b1b82c41cdcca951b0a5b20380ef5ed1 1943 utils optional 7zip_22.01+dfsg-8+deb12u1.dsc
 7c87c66626e9669cbed96db13047d070 12428 utils optional 7zip_22.01+dfsg-8+deb12u1.debian.tar.xz
 d07775932b51ffd2f0665d714ae6736a 5493 utils optional 7zip_22.01+dfsg-8+deb12u1_source.buildinfo
-----BEGIN PGP SIGNATURE-----

iQJKBAEBCgA0FiEErjlfKHqxT11VFyPEqem2T5LebcoFAmcRSmYWHHlva290YS5o
Z21sQGdtYWlsLmNvbQAKCRCp6bZPkt5tyuJAD/0arH3m+gOHmqDO3g1MNZxrlf+s
w2+mxmVkSzsFwgjKYTMLIZTqc1AY6nPbraEBDgqk1D8xPE2PoX8KK61FLwqEDZfV
ZBTFWj21PBAXDdxxifRIiW3Fn9VsxuLLJAyIzoxeoT9a6q65fKEhfSv47xoRa0EK
wHu4DZt7ZphD7ySWNDJ/CKFUN8UZ1q+LTm6XfWSCkBOWE0Gf/1YHqgwPC4Nk3Psi
ONFnAJbuyGMN8v7W1KTk0oQV89XU0j/anrv4wEsxudCwniCw4S7dPcHBBGXM+TLW
hbWs56fazrBVijfBeQwzGFJQd/pqNjD2zlUKIIsdF/wX+XdyPDyCXv5HcQd6HUHU
TmmANrrUBoLMF6s8SbOQvsJS9Zg+Foayeyl1aSZii9mkkfepI5R2EcPS2YJ38VqV
jfz5woVqdCNMI8dL/6wA8821uu51ywYgLoL8CVMkuvllgLUwkIs5g5BrqPbuH72n
1Qm0srnkXuVOTIHr/qt1uJDp/qZ8PejiUKlzlZRT7x4LyGWjgw7bee2wVUC2S5gj
1TL8jfYtgLP/WircWAWKHY5paJhH0hKtpbUdiG2ip9aEbg+jS9tevNKdX/nTdYV/
2xGYuV1TmGyXvuJpX9DvvuEhhFu6zVUGURCI7D1v86Ywu9O7t13tb4Vce4FS0MO9
lJVHQFBQUApanrgPYg==
=H7sX
-----END PGP SIGNATURE-----

Attachment: pgpj2CzuIzDOa.pgp
Description: PGP signature

Reply to:

Prev by Date: Accepted webkit2gtk 2.44.3-1~deb12u1 (source) into proposed-updates
Next by Date: Accepted exim4 4.96-15+deb12u6 (source) into proposed-updates
Previous by thread: Accepted webkit2gtk 2.44.3-1~deb12u1 (source) into proposed-updates
Next by thread: Accepted exim4 4.96-15+deb12u6 (source) into proposed-updates
Index(es):
- Date
- Thread