Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 607794 (CVE-2017-5601) - <app-arch/libarchive-3.2.2-r1: heap overflow
Summary: <app-arch/libarchive-3.2.2-r1: heap overflow
Alias: CVE-2017-5601
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
Whiteboard: B3 [noglsa cve]
: 617408 (view as bug list)
Depends on:
Reported: 2017-01-31 12:38 UTC by Agostino Sarubbo
Modified: 2017-07-09 21:22 UTC (History)
2 users (show)

See Also:
Package list:
=app-arch/libarchive-3.2.2-r1 alpha amd64 arm hppa ia64 ppc ppc64 sparc x86
Runtime testing required: No
stable-bot: sanity-check+


Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2017-01-31 12:38:28 UTC
From ${URL} :

Fixes a heap buffer overflow reported in Secunia SA74169

@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 Adam Feldman gentoo-dev 2017-02-11 17:16:19 UTC
Please stabilize =app-arch/libarchive-3.2.2-r1 on all arches that were stable for =3.2.2 (alpha amd64 arm hppa ia64 ppc ppc64 sparc x86)
Comment 2 Agostino Sarubbo gentoo-dev 2017-02-13 11:13:27 UTC
amd64 stable
Comment 3 Agostino Sarubbo gentoo-dev 2017-02-14 15:40:03 UTC
x86 stable
Comment 4 Tobias Klausmann gentoo-dev 2017-02-15 14:23:43 UTC
Stable on alpha.
Comment 5 Markus Meier gentoo-dev 2017-02-15 17:52:09 UTC
arm stable
Comment 6 Michael Weber (RETIRED) gentoo-dev 2017-02-16 18:46:48 UTC
ppc ppc64 stable.
Comment 7 Agostino Sarubbo gentoo-dev 2017-02-17 10:59:48 UTC
sparc stable
Comment 8 Jeroen Roovers (RETIRED) gentoo-dev 2017-02-18 12:05:33 UTC
Stable for HPPA.
Comment 9 Agostino Sarubbo gentoo-dev 2017-02-18 14:47:17 UTC
ia64 stable.

Maintainer(s), please cleanup.
Security, please vote.
Comment 10 Thomas Deutschmann gentoo-dev Security 2017-02-18 17:49:25 UTC
GLSA Vote: No
Comment 11 Yury German Gentoo Infrastructure gentoo-dev 2017-05-03 16:23:04 UTC
*** Bug 617408 has been marked as a duplicate of this bug. ***
Comment 12 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2017-07-09 21:22:16 UTC
Tree is clean.