-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 21 Mar 2026 19:34:09 +0100 Source: 7zip Binary: 7zip 7zip-dbgsym Architecture: armel Version: 22.01+really25.01+dfsg-0+deb12u1 Distribution: bookworm Urgency: high Maintainer: arm Build Daemon (arm-ubc-03) Changed-By: Sylvain Beucler Description: 7zip - 7-Zip file archiver with a high compression ratio Closes: 1111068 Changes: 7zip (22.01+really25.01+dfsg-0+deb12u1) bookworm; urgency=high . * Non-maintainer upload by the LTS Security Team. * Bump to upstream 25.01, fixes: - CVE-2023-31102: Ppmd7.c allows an integer underflow and invalid read operation via a crafted 7Z archive. - CVE-2023-40481: SquashFS File Parsing Out-Of-Bounds Write RCE - CVE-2024-11612: CopyCoder Infinite Loop Denial-of-Service - CVE-2025-11001: ZIP File Parsing Directory Traversal RCE - CVE-2025-11002: ZIP File Parsing Directory Traversal RCE - CVE-2025-53817: null pointer dereference in the Compound handler may lead to denial of service - CVE-2025-55188: does not always properly handle symbolic links during extraction. (Closes: #1111068) * Sync patches from 25.01+dfsg-1~deb13u1: - keep old patches: - 000*-Remove-unwanted-hack-for-object-files.patch (no 7z.so) - drop new patches: - 000*-Use-c-flags-for-asmc.patch (no ASM) - 000*-Add-fpic-for-Asmc-options.patch (no ASM) - 000*-Use-system-locale-to-select-codepage-for-legacy-zip-.patch (behavior change) * No changes to packaging to avoid disruption in stable release (no split package, no ASM support, no files in /usr/lib/7z/, etc.) * Enable Salsa CI. * Configure git-buildpackage for oldstable. Checksums-Sha1: 618494425f409decc46e04f5d107680b7d26dd29 6998432 7zip-dbgsym_22.01+really25.01+dfsg-0+deb12u1_armel.deb 0dc954a7cf2469f3d58991f4f42be6af944dc9e1 6192 7zip_22.01+really25.01+dfsg-0+deb12u1_armel-buildd.buildinfo 4bead885903b7b8c52e3c186a5c0a0fdca93a673 850488 7zip_22.01+really25.01+dfsg-0+deb12u1_armel.deb Checksums-Sha256: cf206855a948f3f90e17b7ba16dcf5ddd91c143721f9ff05d704e6b3651cb2ef 6998432 7zip-dbgsym_22.01+really25.01+dfsg-0+deb12u1_armel.deb 535a1282c0865b13bd332799e595eefbfba7ba845ceaab93c26c955afb77c0d6 6192 7zip_22.01+really25.01+dfsg-0+deb12u1_armel-buildd.buildinfo dbf02938889ba0147e2133ea2ea21630205ddb208deea2cb599820435d84c946 850488 7zip_22.01+really25.01+dfsg-0+deb12u1_armel.deb Files: 9bf3a8fc61b8a8c6fa35fc7bbbad8f63 6998432 debug optional 7zip-dbgsym_22.01+really25.01+dfsg-0+deb12u1_armel.deb bf022c1243a073dbce59508c513fbe8f 6192 utils optional 7zip_22.01+really25.01+dfsg-0+deb12u1_armel-buildd.buildinfo bba0e9ecb6cd00b9104c96d6872fe69d 850488 utils optional 7zip_22.01+really25.01+dfsg-0+deb12u1_armel.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE2kd8oHy+LXk/nybqvzDqKQSGl8UFAmn3SSwACgkQvzDqKQSG l8WzPw//cNCyzrHRhug/Sc7DqtgN9bMLagYTU8VrvsCluvLUIsk8s27F6KkGNUH9 RZ1+kMWpyp5Gfn+S34aS2ZYFEFeXlxm9/52SsjROPF0BQ2t24RQ3Io3XmKt1/VlK KmSJH3p+speJHIn3DCe6XO6vK/Pr+fBM/L5xoWumQg0Bo9rTkpYn8Zx2S6VongWP o14VsWws+0mlJqyeVhEPmNYS60MJMo76S3j0K2tsBvDPYXfv9HAKwgaXF+Zgwd8R UeGWvFL63paaWejdbhxTk4UYMoE4+yk7YrXkKlsk6a0H1+KxO8BrxPpde/lfl0QU wStL4vgX3mPZ3yLDdEeTXVJcdcAji+2u3JYoxuBdotVztT2AEISlRXfn+JJS4FfZ nmKCtgqtAh7Oa6flnT2n9JE9qUhvsyngYi4AvoVr8EKIIHzsRZYcA9gnJIO4Cmxf AKHuQ+4qshWzzbBMy+Qrb3Ku7z/+i4DexcvD1xxTz66jxz8LVvtzgb3oAux2I2Fj 8DWbGEV5d30bkxXUEElxMlsHDXdjjsqVWeu/EnVneHSeIyfy0tQDWvq07pPFCu3i Rlk3EBdWfPNQUfsiSdy8hZhd/UXLnLMlX3HRDkQ1Nr9wn8Yybxlq56iJeqge5vAn Nd+1DoTCebSTlkJeB3ZxdXFlXsI4pV9+4NxZFjJcCJwJqtmASoM= =YB2F -----END PGP SIGNATURE-----