-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 21 Mar 2026 19:34:09 +0100 Source: 7zip Binary: 7zip 7zip-dbgsym Architecture: ppc64el Version: 22.01+really25.01+dfsg-0+deb12u1 Distribution: bookworm Urgency: high Maintainer: ppc64el Build Daemon (ppc64el-osuosl-01) Changed-By: Sylvain Beucler Description: 7zip - 7-Zip file archiver with a high compression ratio Closes: 1111068 Changes: 7zip (22.01+really25.01+dfsg-0+deb12u1) bookworm; urgency=high . * Non-maintainer upload by the LTS Security Team. * Bump to upstream 25.01, fixes: - CVE-2023-31102: Ppmd7.c allows an integer underflow and invalid read operation via a crafted 7Z archive. - CVE-2023-40481: SquashFS File Parsing Out-Of-Bounds Write RCE - CVE-2024-11612: CopyCoder Infinite Loop Denial-of-Service - CVE-2025-11001: ZIP File Parsing Directory Traversal RCE - CVE-2025-11002: ZIP File Parsing Directory Traversal RCE - CVE-2025-53817: null pointer dereference in the Compound handler may lead to denial of service - CVE-2025-55188: does not always properly handle symbolic links during extraction. (Closes: #1111068) * Sync patches from 25.01+dfsg-1~deb13u1: - keep old patches: - 000*-Remove-unwanted-hack-for-object-files.patch (no 7z.so) - drop new patches: - 000*-Use-c-flags-for-asmc.patch (no ASM) - 000*-Add-fpic-for-Asmc-options.patch (no ASM) - 000*-Use-system-locale-to-select-codepage-for-legacy-zip-.patch (behavior change) * No changes to packaging to avoid disruption in stable release (no split package, no ASM support, no files in /usr/lib/7z/, etc.) * Enable Salsa CI. * Configure git-buildpackage for oldstable. Checksums-Sha1: b7be22457ae9978b13f92abddac8aae264c9976e 7209260 7zip-dbgsym_22.01+really25.01+dfsg-0+deb12u1_ppc64el.deb 4382b18c35b5ae2a15af3f7f324d58e766335049 6366 7zip_22.01+really25.01+dfsg-0+deb12u1_ppc64el-buildd.buildinfo 32113c9c3497c75266fc32b93a5ca84b96f42658 1080644 7zip_22.01+really25.01+dfsg-0+deb12u1_ppc64el.deb Checksums-Sha256: 96667dcada73c7af603f1e30c47ef8c5b4c92e777b112d7a6802e7956a35eb09 7209260 7zip-dbgsym_22.01+really25.01+dfsg-0+deb12u1_ppc64el.deb 988a02bc3f8608ae9059245b05cfc34b76c6895f92bda1213e6e548e1146b68a 6366 7zip_22.01+really25.01+dfsg-0+deb12u1_ppc64el-buildd.buildinfo dbdc03b8059ae1b50d82a014f732aff8991ff05b1a27e4e4cf37ff8151948485 1080644 7zip_22.01+really25.01+dfsg-0+deb12u1_ppc64el.deb Files: 66ecb459d2a3b1a48e72126795949cfe 7209260 debug optional 7zip-dbgsym_22.01+really25.01+dfsg-0+deb12u1_ppc64el.deb 0c2aabed6fa4df3d5ed65960c4fe1416 6366 utils optional 7zip_22.01+really25.01+dfsg-0+deb12u1_ppc64el-buildd.buildinfo 3e5c5ba4510a049000f06824b26fa471 1080644 utils optional 7zip_22.01+really25.01+dfsg-0+deb12u1_ppc64el.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEGHWM+bJZRznwgySGOrVShFbIMGEFAmn3SUQACgkQOrVShFbI MGEbGA//QWRHDYpBgzx2vr1CZzeB038Jj12FnamaUDssVQDZMLYHwk1jZumhJEUl AljVW7+6LmAbA5Fvn3HmMAhBHk6LYsNix2ihjnPBU5pyfcsiLcF95MpZY4OOircD RYWjW+8emzsAi/Is+epUTsRT8NZekuMyECn62YyhHvet6pGU57vHUGLF7FE/QNou oBmdMg1OEwF2Q6mtG43AuhqKrG4nPvHwsp+P6MbFO8iAMb0TePe7Gx6Z19D3Cyvq gwfhhOmWnSV5iErpBVHeVtAlRq/qjSW7pQqZOB3+vE1GH5XMBgx/H9L+S7nK9iYG Z9+GKR2xXfV66ELXLhUXMcVh5XUMbVwOal4+JycXSQJcBzZywUkwDqONmEqCnwNZ pf8JDfyQq7NjcQKiuLlI8O3PKl3FpwE53SOiH+PZbZp520xItRA4vZ+YlXY09PqS RckhaJBjjwHt45U75XpaxAQ3aG6pidIrXT8qqQmJJXIXuanxslbZv9A292ro2qof HjPSQ6kUdrHDYTnntUZSD7aKMlU+Zy0pBYCcWLoMpiktH9u6NXAYsy9jn6ssNvlN d8nGuyhe12Crnbdpg4AkaAPyhTDk3Ls8JA6p+GM5hbBmc/AvvrLyTUqC/9ZIpRG5 SgDaSK2am0f55iagRocLtQlwW3ikgcxI5M+zgphp6I0StAAIqqk= =W+Mu -----END PGP SIGNATURE-----