Debian Patches

Status for libarchive/3.6.2-1+deb12u2

Search:

Patch	Description	Author	Forwarded	Bugs	Origin	Last update
fix-OOB-in-rar-audio-filter-2149.patch	fix: OOB in rar audio filter (#2149) This patch ensures that `src` won't move ahead of `dst`, so `src` will not OOB. Similar situation like in a1cb648.	Wei-Cheng Pan <legnaleurc@gmail.com>	no		https://github.com/libarchive/libarchive/commit/3006bc5d02ad3ae3c4f9274f60c1f9d2d834734b	2024-04-29
fix-OOB-in-rar-delta-filter-2148.patch	fix: OOB in rar delta filter (#2148) Ensure that `src` won't move ahead of `dst`, so `src` will not OOB. Since `dst` won't move in this function, and we are only increasing `src` position, this check should be enough. It should be safe to early return because this function does not allocate resources.	Wei-Cheng Pan <legnaleurc@gmail.com>	no		https://github.com/libarchive/libarchive/commit/a1cb648d52f5b6d3f31184d9b6a7cbca628459b7	2024-04-29
fix-OOB-in-rar-e8-filter-2135.patch	fix: OOB in rar e8 filter (#2135) This patch fixes an out-of-bound error in rar e8 filter.	Wei-Cheng Pan <legnaleurc@gmail.com>	yes	debian upstream	https://github.com/libarchive/libarchive/commit/eb7939b24a681a04648a59cdebd386b1e9dc9237	2024-04-22
iconv-pkgconfig.patch	Do not add "iconv" to pkg-config unless it is needed	Peter Pentchev <roam@ringlet.net>	yes			2022-12-24
rar4-reader-protect-copy_from_lzss_window_to_unp-217.patch	rar4 reader: protect copy_from_lzss_window_to_unp() (#2172) copy_from_lzss_window_to_unp unnecessarily took an `int` parameter where both of its callers were holding a `size_t`. A lzss opcode chain could be constructed that resulted in a negative copy length, which when passed into memcpy would result in a very, very large positive number. Switching copy_from_lzss_window_to_unp to take a `size_t` allows it to properly bounds-check length. In addition, this patch also ensures that `length` is not itself larger than the destination buffer.	"Dustin L. Howett" <dustin@howett.net>	yes	debian upstream	https://github.com/libarchive/libarchive/commit/eac15e252010c1189a5c0f461364dbe2cd2a68b1	2024-05-09
robust-error-reporting.patch	tar: make error reporting more robust and use correct errno	Ed Maste <emaste@freebsd.org>	no		upstream, https://github.com/libarchive/libarchive/commit/6110e9c82d8ba830c3440f36b990483ceaaea52c	2024-03-30
typos.patch	Correct some typographical errors.	Peter Pentchev <roam@ringlet.net>	yes			2022-03-29

Showing 1 to 7 of 7 entries

All known versions for source package 'libarchive'

3.7.4-1.1 (sid, trixie)
3.6.2-1+deb12u2 (bookworm-security, bookworm)
3.4.3-2+deb11u2 (bullseye-security)
3.4.3-2+deb11u1 (bullseye)

Links