Accepted libarchive-zip-perl 1.39-1+deb8u1 (source all) into oldstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 24 Jul 2018 21:08:04 +0200
Source: libarchive-zip-perl
Binary: libarchive-zip-perl
Architecture: source all
Version: 1.39-1+deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: Debian Perl Group <pkg-perl-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
libarchive-zip-perl - Perl module for manipulation of ZIP archives
Closes: 902882
Changes:
libarchive-zip-perl (1.39-1+deb8u1) jessie-security; urgency=high
.
* Non-maintainer upload by the LTS team.
* Fix CVE-2018-10860:
perl-archive-zip is vulnerable to a directory traversal in Archive::Zip.
It was found that the Archive::Zip module did not properly sanitize paths
while extracting zip files. An attacker able to provide a specially
crafted archive for processing could use this flaw to write or overwrite
arbitrary files in the context of the perl interpreter. (Closes: #902882)
Checksums-Sha1:
c681b7925445e26e2d9ec633987bb86007387e3e 2383 libarchive-zip-perl_1.39-1+deb8u1.dsc
03a16f6cfdebd1b53db9b998acad2d46da80222a 183667 libarchive-zip-perl_1.39.orig.tar.gz
cda236d1e5bf878dd71393745121871081f91277 12608 libarchive-zip-perl_1.39-1+deb8u1.debian.tar.xz
289b1466f22886b83d37962fb01e313fd1bc812f 97264 libarchive-zip-perl_1.39-1+deb8u1_all.deb
Checksums-Sha256:
788bb9a4ececc728b804d9e2944d5496f902a5c1cfe82e5f5116c7d64a5ee67e 2383 libarchive-zip-perl_1.39-1+deb8u1.dsc
5b5cae886257288b4af4c9ac7c797627ab193f5dcbb43097c61b2b4c68b2ba10 183667 libarchive-zip-perl_1.39.orig.tar.gz
992215b5b7a71562d085a181cde08d1e9e66df40bda7962910576c5d76799f85 12608 libarchive-zip-perl_1.39-1+deb8u1.debian.tar.xz
c17bf524058bc931f481f29069a7ba4a35f9abf7cc23438e677b82116345564f 97264 libarchive-zip-perl_1.39-1+deb8u1_all.deb
Files:
16ee3a71c70649c96e5ee5e743fc2c18 2383 perl optional libarchive-zip-perl_1.39-1+deb8u1.dsc
851316e59625317a89e40418a26c676c 183667 perl optional libarchive-zip-perl_1.39.orig.tar.gz
776ef1f0fbf48dcbf5557d00272bed23 12608 perl optional libarchive-zip-perl_1.39-1+deb8u1.debian.tar.xz
33af4a492e40992da981d0b682acaffe 97264 perl optional libarchive-zip-perl_1.39-1+deb8u1_all.deb
-----BEGIN PGP SIGNATURE-----
iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAltXgjxfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkDqAP/3Ce+PoULjnrXZl5HfuQEmW+S+71hqap2+Vn
aknaZsQPb/FlbSIyHQxu77yoK/mpYNEdYH5bRM3aW/9xSHxvJ2ZoFGHCK4XcKb5V
srasNcvyIyfm8OdWrmODl6cfBT0gIamiwpcXNDWQzLfvEeJ07kvRtNptlsyvZHUi
h4tKtC7cv+3RVWZCAuS9AgBN9m7szTaRuJ++IGib3UwCYtyL50q1h6DwJtDY5Eb9
hFah7RlAK6hYcAtLbOp3BlhNc6A/vt+1Akk/egLmXUPJvgPSXP1BULQlQEmdFo8B
G8YpjzwQPIGMb2Cfln8bwc+9EsisbQhdXNtgaPTlnWNV69k0VqYzgwvQ0qsCBDRi
2y0pzjFyeszVTIIwT1dkUbKvqGCEeGrvUgb/52Hp7YTv3DqTnTftUeql66o/3ufr
Anj/KLPDKt8gFJazhulypCLNz7JHvUrHyhAzIhilJ6hpM935JEDYe8xauNIGy95G
4vKdBj79UIaAJZdL0fmXQY7uDFpQBe01acZtd0eNXuEhgTXQLNAIybPHgUG8hfqH
O6lQdPjGzz7vLRHOlNnTfHvOovB8g2UEOTKEqKEjdRfvoKZh0onRAzB5Ufc86O80
GqtHHGP4e/3tFBPK5DhenRv3VNxyvjFRMxT1jpHRIbGoYsssn0QHqCKRD6MI9pjF
5igbRm0W
=snia
-----END PGP SIGNATURE-----