-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 18 Oct 2024 01:45:17 +0900
Source: 7zip
Binary: 7zip 7zip-dbgsym
Architecture: amd64
Version: 22.01+dfsg-8+deb12u1
Distribution: bookworm
Urgency: medium
Maintainer: amd64 / i386 Build Daemon (x86-ubc-01) <buildd_amd64-x86-ubc-01@buildd.debian.org>
Changed-By: YOKOTA Hiroshi <yokota.hgml@gmail.com>
Description:
 7zip       - 7-Zip file archiver with a high compression ratio
Changes:
 7zip (22.01+dfsg-8+deb12u1) bookworm; urgency=medium
 .
   * Fix CVE-2023-52168 (buffer overflow) and CVE-2023-52169 (buffer over-read)
 .
     * CVE-2023-52168: heap-based buffer overflow
         NTFS handler allows an attacker to overwrite two bytes at multiple
         offsets beyond the allocated buffer size.
     * CVE-2023-52169: out-of-bounds read
         NTFS handler allows an attacker to read beyond the intended buffer.
         The bytes read beyond the intended buffer are presented as a part of
         a filename listed in the file system image. This has security relevance
         in some known web-service use cases where untrusted users can upload
         files and have them extracted by a server-side 7-Zip process.
 .
     Detailed report about these issues are available at:
     https://dfir.ru/2024/06/19/vulnerabilities-in-7-zip-and-ntfs3/
Checksums-Sha1:
 e3c85b1a47c5c70ec074e377c3147adc09f156a8 6875672 7zip-dbgsym_22.01+dfsg-8+deb12u1_amd64.deb
 63f9e171b638c3b364e34babda7dae1cd8f42710 6082 7zip_22.01+dfsg-8+deb12u1_amd64-buildd.buildinfo
 68e2952b9128858b9f3f5563423338ef5bb26a0a 976712 7zip_22.01+dfsg-8+deb12u1_amd64.deb
Checksums-Sha256:
 fbd60794463dbd77eab3bf5bd8ed956b1fded534e102815d0bdc25ad3d823274 6875672 7zip-dbgsym_22.01+dfsg-8+deb12u1_amd64.deb
 8efbe7e3a4e4cbdba7aac2dbca9aae2b238efbbe7719b65b366f580e3357f343 6082 7zip_22.01+dfsg-8+deb12u1_amd64-buildd.buildinfo
 be27e811e1c8db338fa8f31a15ff0185218de90e11fb5242f43e636e5f9274ac 976712 7zip_22.01+dfsg-8+deb12u1_amd64.deb
Files:
 14c055973a0b571c89e706bf56b04f1d 6875672 debug optional 7zip-dbgsym_22.01+dfsg-8+deb12u1_amd64.deb
 9d0b5b40ed7993f9cd20ccf6fec5b71b 6082 utils optional 7zip_22.01+dfsg-8+deb12u1_amd64-buildd.buildinfo
 f6bac18809612883a306ee8465852a2b 976712 utils optional 7zip_22.01+dfsg-8+deb12u1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE4Unr4QHS5Yi4rr9Q3KGKEAtjIVgFAmcTuX4ACgkQ3KGKEAtj
IVh2rg/9FnSjmFz7DXBKFkRlWNWgDp1Os//tr6MPmrcgVhmXkAFfPrj5RzfmG3NO
fd7OnDyWjOhQLsa7d+aY3xBabn+b+BAjTfD7HmLjy52wcgPzNqtD4iJpA/sD2tIW
PFjf27jk+xNqW1ge3Mwd6x2NLTbHwHnBBuBWdcDw7sQAVLZcqLkwYfi+2T4adxWq
bb+TVIB2v+J4/J5BJVH5poF+6r+KRqBEPTChxqhmpoFjB+uufvTJmQxV0+ZqAiJC
fQjXdpQoLhFVoFGyn8PYNfXoYoMEauVcigWSPuwTaUnqd6OPbiGTHTejXV3zXiz1
P4Z8PnXUHWOye7B2FP08A4gr8awI9gATBVl9xWm2fD20oDBkALb4DdRyrVCMnAHe
wqoDh7mCs4GtCYsciAo1nPCGnBpH+FmsjMZE5Iwz9eDXIhPq9uQ4PPD5JIq/mOWk
Jchr64DuNSUCssp1a5nftmpdSHMPastISXWoa1GOTHOnqgMM4+GuHvL9LyDfVgHr
uH9SY0FMPKDbl0k5t3zQbdtvFXBZk4U4tRqKvj+nFdaXzacOBFS2SieH4i8PAWUs
bvWeahRSUa8Oo1o2ANMbqNL85ATrSevG3a++T9PR2hGZ0MoZImvYNwioqNUYfS3/
oqQtdF/BgGjSzSCMbeJ6+nrc9tmDk7m6C6bIIgn+52UtFuNqJEQ=
=6w6G
-----END PGP SIGNATURE-----