Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 618026 (CVE-2016-10349, CVE-2016-10350) - <app-arch/libarchive-3.3.0: two heap-based buffer overflow read (CVE-2016-{10349,10350})
Summary: <app-arch/libarchive-3.3.0: two heap-based buffer overflow read (CVE-2016-{10...
Alias: CVE-2016-10349, CVE-2016-10350
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
Whiteboard: A3 [glsa cve cleanup]
Depends on:
Reported: 2017-05-09 18:34 UTC by Agostino Sarubbo
Modified: 2018-07-28 17:54 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---
stable-bot: sanity-check+


Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2017-05-09 18:34:27 UTC
Details at $URL.

@maintainer(s): since the fixed package is already in the tree, please let us know if it is ready for the stabilization or not.
Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev 2017-06-06 10:51:40 UTC
@ Arches,

please test and mark stable: =app-arch/libarchive-3.3.1
Comment 2 Agostino Sarubbo gentoo-dev 2017-06-06 11:31:29 UTC
amd64 stable
Comment 3 Markus Meier gentoo-dev 2017-06-08 05:07:20 UTC
arm stable
Comment 4 Agostino Sarubbo gentoo-dev 2017-06-09 10:20:40 UTC
x86 stable
Comment 5 Agostino Sarubbo gentoo-dev 2017-06-10 13:46:15 UTC
sparc stable
Comment 6 Agostino Sarubbo gentoo-dev 2017-06-10 15:18:06 UTC
ia64 stable
Comment 7 Agostino Sarubbo gentoo-dev 2017-06-13 12:32:34 UTC
ppc64 stable
Comment 8 Tobias Klausmann (RETIRED) gentoo-dev 2017-06-20 15:02:35 UTC
Stable on alpha.
Comment 9 Agostino Sarubbo gentoo-dev 2017-06-21 11:59:16 UTC
ppc stable
Comment 10 Volkan 2017-06-21 21:21:49 UTC
second CVE is CVE-2016-10350
Comment 11 Christopher Díaz Riveros (RETIRED) gentoo-dev Security 2017-08-16 15:09:58 UTC
Arches, please finish stabilizing hppa

Gentoo Security Padawan
Comment 12 Sergei Trofimovich (RETIRED) gentoo-dev 2017-10-15 13:20:37 UTC
hppa stable
Comment 13 Aaron Bauman (RETIRED) gentoo-dev 2017-10-15 13:35:21 UTC
GLSA request filed.

@maintainer(s), please clean the vulnerable versions.
Comment 14 GLSAMaker/CVETool Bot gentoo-dev 2017-10-18 00:59:25 UTC
This issue was resolved and addressed in
 GLSA 201710-19 at
by GLSA coordinator Aaron Bauman (b-man).
Comment 15 Sergei Trofimovich (RETIRED) gentoo-dev 2018-07-28 17:54:40 UTC
commit 7cd820a867b08c4de305661ddce7136fac639a56
Author: Mart Raudsepp <>
Date:   Fri Mar 2 22:16:38 2018 +0200

    app-arch/libarchive-3.3.1: arm64 stable