-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 18 Oct 2024 01:45:17 +0900
Source: 7zip
Binary: 7zip 7zip-dbgsym
Architecture: i386
Version: 22.01+dfsg-8+deb12u1
Distribution: bookworm
Urgency: medium
Maintainer: amd64 / i386 Build Daemon (x86-ubc-02) <buildd_amd64-x86-ubc-02@buildd.debian.org>
Changed-By: YOKOTA Hiroshi <yokota.hgml@gmail.com>
Description:
 7zip       - 7-Zip file archiver with a high compression ratio
Changes:
 7zip (22.01+dfsg-8+deb12u1) bookworm; urgency=medium
 .
   * Fix CVE-2023-52168 (buffer overflow) and CVE-2023-52169 (buffer over-read)
 .
     * CVE-2023-52168: heap-based buffer overflow
         NTFS handler allows an attacker to overwrite two bytes at multiple
         offsets beyond the allocated buffer size.
     * CVE-2023-52169: out-of-bounds read
         NTFS handler allows an attacker to read beyond the intended buffer.
         The bytes read beyond the intended buffer are presented as a part of
         a filename listed in the file system image. This has security relevance
         in some known web-service use cases where untrusted users can upload
         files and have them extracted by a server-side 7-Zip process.
 .
     Detailed report about these issues are available at:
     https://dfir.ru/2024/06/19/vulnerabilities-in-7-zip-and-ntfs3/
Checksums-Sha1:
 449d10cbab73539d6d6f6b481fd5c79cd410e054 6587408 7zip-dbgsym_22.01+dfsg-8+deb12u1_i386.deb
 2e54bd13acd11586748ee9b8a055cf6d3cb9220c 6025 7zip_22.01+dfsg-8+deb12u1_i386-buildd.buildinfo
 ac7cd3de81c670ebeff8fdd73a17e4a60e5155a7 1099072 7zip_22.01+dfsg-8+deb12u1_i386.deb
Checksums-Sha256:
 0b42426b19fa0a584b009ffc1cc97286e591424f89feb37bad7e09f9b6d3e7d4 6587408 7zip-dbgsym_22.01+dfsg-8+deb12u1_i386.deb
 5281ab466b77a1afadebd4e6b7e8bb0e7bcea592901fe1d9192ce9ab5059ad89 6025 7zip_22.01+dfsg-8+deb12u1_i386-buildd.buildinfo
 dd589f05bb200c926e76ad36e41f864a1e074156bfd355d68d44cae43d3f5bb7 1099072 7zip_22.01+dfsg-8+deb12u1_i386.deb
Files:
 681c8c3349f9116b0691b6bf5846723d 6587408 debug optional 7zip-dbgsym_22.01+dfsg-8+deb12u1_i386.deb
 4f8e36cb27ea46d69f188726a0df9acd 6025 utils optional 7zip_22.01+dfsg-8+deb12u1_i386-buildd.buildinfo
 247376112de25005a7636b86861ec01c 1099072 utils optional 7zip_22.01+dfsg-8+deb12u1_i386.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEGBeuno8wiDXCewDuqqLQG5ksqMMFAmcTuckACgkQqqLQG5ks
qMOQ+xAAkZm9zDYUJI9OHCE3dlk52q2dGy0S3Vzo+PPnDJBSqdyJWXW3cgAXPy1e
bewQ4IdP6HmlkbUWfj7PbPotICWENA0fpRhQeUma6po6XdECdshvxALxEJvQTc+/
MCJv2bZRMIkLaGRLl0ze+cSZwWpUUI78Zee4E3dQdpIPOCVqXJ/Lif1eJ3zEkIBp
BLQ07jAM4Jw1ktwQCv1PnlRGn3fZNcvZx0SZkkElWm8gk6TcmGmkUr8EoDIArMXk
jinubENBta/yRIIG+BrBSzRK6m7t+wXZQVtelU+rQd/mgZeIXpSd3IQ2FH3Qj8vo
2uVjvrHS84KIaF7ZrA0xw2biGgbVT5Qh+3qO1GIPpXGG/mGqG/jV72Wux/zVUFqS
31p28vkaEHg1cY1XZu9HAc7IlxBxFEeQX4zf98Qxx7duucucVhbiF706ZKnQgMrc
/wuJiUI2stSsXh7OY6z4JNStvE9AoNcUqisxj1x6cFbG50GbrFk5gy/ODZ8z1fPE
KxtYl5b7obDdK+jis2VuvC3xG+Zb1rs9ZuUXoKhA1CftQSnt4uTBI815j43jfAES
k7BmCO3kYFDrtJtf7zLoLbsMtk64d+vNGJ/+u0lDAHR2kIZmIlNAxqNQgzYKOnjk
SBRp0I2mLIYqWHGBVr3tBDqHOrcFqVGfUVd2LWXyGqKKLPrqY1A=
=+jmQ
-----END PGP SIGNATURE-----