-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 21 Mar 2026 19:34:09 +0100 Source: 7zip Binary: 7zip 7zip-dbgsym Architecture: mipsel Version: 22.01+really25.01+dfsg-0+deb12u1 Distribution: bookworm Urgency: high Maintainer: mipsel Build Daemon (mipsel-osuosl-05) Changed-By: Sylvain Beucler Description: 7zip - 7-Zip file archiver with a high compression ratio Closes: 1111068 Changes: 7zip (22.01+really25.01+dfsg-0+deb12u1) bookworm; urgency=high . * Non-maintainer upload by the LTS Security Team. * Bump to upstream 25.01, fixes: - CVE-2023-31102: Ppmd7.c allows an integer underflow and invalid read operation via a crafted 7Z archive. - CVE-2023-40481: SquashFS File Parsing Out-Of-Bounds Write RCE - CVE-2024-11612: CopyCoder Infinite Loop Denial-of-Service - CVE-2025-11001: ZIP File Parsing Directory Traversal RCE - CVE-2025-11002: ZIP File Parsing Directory Traversal RCE - CVE-2025-53817: null pointer dereference in the Compound handler may lead to denial of service - CVE-2025-55188: does not always properly handle symbolic links during extraction. (Closes: #1111068) * Sync patches from 25.01+dfsg-1~deb13u1: - keep old patches: - 000*-Remove-unwanted-hack-for-object-files.patch (no 7z.so) - drop new patches: - 000*-Use-c-flags-for-asmc.patch (no ASM) - 000*-Add-fpic-for-Asmc-options.patch (no ASM) - 000*-Use-system-locale-to-select-codepage-for-legacy-zip-.patch (behavior change) * No changes to packaging to avoid disruption in stable release (no split package, no ASM support, no files in /usr/lib/7z/, etc.) * Enable Salsa CI. * Configure git-buildpackage for oldstable. Checksums-Sha1: 612505adfbd00bf1bb52878dc15732b869380306 7153036 7zip-dbgsym_22.01+really25.01+dfsg-0+deb12u1_mipsel.deb 585a86337902409bcde0073e33f23207103ee91c 6135 7zip_22.01+really25.01+dfsg-0+deb12u1_mipsel-buildd.buildinfo e878bee76f31398f44b86e3260b431b83446a4a7 1039164 7zip_22.01+really25.01+dfsg-0+deb12u1_mipsel.deb Checksums-Sha256: 253302e0b81c98c73b99bff80719f5f30920c7c2f232181d7366ae9d211dde42 7153036 7zip-dbgsym_22.01+really25.01+dfsg-0+deb12u1_mipsel.deb cc44d5391d9945ae7ac7e141fe532fd75d0cafc8f583de6f9f52a9497c21e325 6135 7zip_22.01+really25.01+dfsg-0+deb12u1_mipsel-buildd.buildinfo ed14a90bdbd97735e9542b426d4fc61e30ad120e1308e956dfd24909574ca448 1039164 7zip_22.01+really25.01+dfsg-0+deb12u1_mipsel.deb Files: be696e930bbacf4a555754317908f5db 7153036 debug optional 7zip-dbgsym_22.01+really25.01+dfsg-0+deb12u1_mipsel.deb d707a660146caeec97c0a030c18e58b3 6135 utils optional 7zip_22.01+really25.01+dfsg-0+deb12u1_mipsel-buildd.buildinfo cb2f250ddc450dc1cbc5028519b69308 1039164 utils optional 7zip_22.01+really25.01+dfsg-0+deb12u1_mipsel.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4ZxaH3zEHAF/GhnCHrk2gTKeWggFAmn3SbcACgkQHrk2gTKe Wgg0gRAAgYyu/arEtorzfk4N1IvaRgsfugfdSP+5o23XkrjUTVg/O0KJYP/rn+Gc cix7mpTuIo+Te1CiQPkaP78FVtx+ysK7x91e+wn2UZHml7RgU9t1lwAuHKn5Hy1G gAMbS3gBJiXJcDmV7SwL8E3SVa/K1mkFN4dxP7nnNj5AGBq5HwgVW6Cavks+chMq PDC7gOfpWOuYtzsRh+JM6aNcrOptewpqE7fcMWp1VwHFpy4WE3f9J+i2hSBk5OAO FI83o85HGdfZWzJIbs0ZRh3W53QF2XGUl3/Vna2IxlPCN0LyUvkzYM9e55HYV6bn JAXY3GepSaXuU0/OFGPSa4Oec/Z00ZWb3fkFy3Pk1R6qx1Uq7dZ2NWMfN7o2Mwny /eJCxi4r2TcP9e4yI2CACnpci/I1gCRatzxJIzX+Mq6P1jzjNfORgw9kbTOjKcB1 QJmHTRxyyYDsFby4oK3OWcxnQ1b6nL4Zs9PcT4N32iDLSdBCYxJ18ywvyI4onr9q zipgTE/jH98Ojf1uDbm9GEAfNueZ42dLYgEct0XZU85xtB2zchpUAgyhchoL8ojB AtjIorE6RemQqT5JQ8paU4C1K2qje0CYeLesT22rKwVQxS+h6BGMXileLrCrBuIr 01PdtKQe2HyD9MK13ZJvUWsE7K4n0A8zKBgcaaQ6tYTbsOUK9xU= =hHgX -----END PGP SIGNATURE-----