-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 21 Mar 2026 19:34:09 +0100 Source: 7zip Binary: 7zip 7zip-dbgsym Architecture: armhf Version: 22.01+really25.01+dfsg-0+deb12u1 Distribution: bookworm Urgency: high Maintainer: armhf Build Daemon (arm-conova-01) Changed-By: Sylvain Beucler Description: 7zip - 7-Zip file archiver with a high compression ratio Closes: 1111068 Changes: 7zip (22.01+really25.01+dfsg-0+deb12u1) bookworm; urgency=high . * Non-maintainer upload by the LTS Security Team. * Bump to upstream 25.01, fixes: - CVE-2023-31102: Ppmd7.c allows an integer underflow and invalid read operation via a crafted 7Z archive. - CVE-2023-40481: SquashFS File Parsing Out-Of-Bounds Write RCE - CVE-2024-11612: CopyCoder Infinite Loop Denial-of-Service - CVE-2025-11001: ZIP File Parsing Directory Traversal RCE - CVE-2025-11002: ZIP File Parsing Directory Traversal RCE - CVE-2025-53817: null pointer dereference in the Compound handler may lead to denial of service - CVE-2025-55188: does not always properly handle symbolic links during extraction. (Closes: #1111068) * Sync patches from 25.01+dfsg-1~deb13u1: - keep old patches: - 000*-Remove-unwanted-hack-for-object-files.patch (no 7z.so) - drop new patches: - 000*-Use-c-flags-for-asmc.patch (no ASM) - 000*-Add-fpic-for-Asmc-options.patch (no ASM) - 000*-Use-system-locale-to-select-codepage-for-legacy-zip-.patch (behavior change) * No changes to packaging to avoid disruption in stable release (no split package, no ASM support, no files in /usr/lib/7z/, etc.) * Enable Salsa CI. * Configure git-buildpackage for oldstable. Checksums-Sha1: ccdc00a50a78bd7955ac192afa8bca662e8ea6af 7076516 7zip-dbgsym_22.01+really25.01+dfsg-0+deb12u1_armhf.deb 0deed6f37b4278382dba39452a35e22487293ff0 6210 7zip_22.01+really25.01+dfsg-0+deb12u1_armhf-buildd.buildinfo a0a721af9478405396834443daa5a1953bc7b365 865760 7zip_22.01+really25.01+dfsg-0+deb12u1_armhf.deb Checksums-Sha256: a7df6eb7c64ef5d75efc4ba6f5ad82cbb83edecd79991cd045f888d4a002c870 7076516 7zip-dbgsym_22.01+really25.01+dfsg-0+deb12u1_armhf.deb e2865c0351e7ff1e153c32c8315d26c284bf3e1c57f63cef9b6b39d05f6a3db7 6210 7zip_22.01+really25.01+dfsg-0+deb12u1_armhf-buildd.buildinfo 72a93eafb375c8ef688a92dda9da5e531354719487c9f749fbbf724180d16712 865760 7zip_22.01+really25.01+dfsg-0+deb12u1_armhf.deb Files: 97fd5bedbd53ba8c421a7ca315525a1c 7076516 debug optional 7zip-dbgsym_22.01+really25.01+dfsg-0+deb12u1_armhf.deb e5e9fda582a4f0523b360c271dc792d7 6210 utils optional 7zip_22.01+really25.01+dfsg-0+deb12u1_armhf-buildd.buildinfo c454270f3293768e21fa50950f425219 865760 utils optional 7zip_22.01+really25.01+dfsg-0+deb12u1_armhf.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEO4qAQUSIo2p/kVRf8U6eOZMpj68FAmn3SSQACgkQ8U6eOZMp j6+3JRAAqAzeust+eb9lKS6MVPZhb4AG4dVhQI7VIbk0Obs+YCAg0uSKDVIKQe+g bgMDiI27Wj8x2lMn8wV+OuZoSA86aEoZ7O31hM/dKXqudKk3GCu+m+mUBwKNdJuJ faMJWf/lzKU6DH2utVIYzldaTJWdtTPvj701kQU154yhToo4dQJjqoswIOtgB9wR uxyKgS2njnrA6JMQqANW7FQxSbbdNHPTpqCtgYj4xsmVbVBP8vzFkf+QgNlH4AZw js6GRQ005nsWkWjwCBt/8phR4rRIlmrcCsxB1WKj9Jx5A6JC0WSDJdyUvphLkMAn krCvfnQAL0gCS3ELx+5Lk5mWpHOyylLAqIRy//AdUPdQBhuNH4r0QAkcnFtVVILG Acj/52vyzPfBaC3EmMgWw2bzu/RSKIz/P2VouDRDA/5PNxlDFVP2ULOxqgDqTl62 Dq8LKm5vog/cK/ITnoXHQIOTMZMDUofHyOJhu20ZZo3qqUyuO2/y+x8V2UMwJbUL 9KAag+s0vkHylM9HarXZx865jQBOIypV7Z1U/erDW1AKRIGIh00IPFzhN/AGcZMI vN0aqL0L5BJXMC+QfX0ZsZA+VIxv/fZvL62KnSXmMXycrSp8AxuVzD36DkbpObgo W9ZXlzwlosy59B1Tc6I4eDsTtKyrICLnF1n0BQK27DJOHUov/Fk= =bCDV -----END PGP SIGNATURE-----