-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 21 Mar 2026 19:34:09 +0100 Source: 7zip Binary: 7zip 7zip-dbgsym Architecture: arm64 Version: 22.01+really25.01+dfsg-0+deb12u1 Distribution: bookworm Urgency: high Maintainer: arm Build Daemon (arm-ubc-01) Changed-By: Sylvain Beucler Description: 7zip - 7-Zip file archiver with a high compression ratio Closes: 1111068 Changes: 7zip (22.01+really25.01+dfsg-0+deb12u1) bookworm; urgency=high . * Non-maintainer upload by the LTS Security Team. * Bump to upstream 25.01, fixes: - CVE-2023-31102: Ppmd7.c allows an integer underflow and invalid read operation via a crafted 7Z archive. - CVE-2023-40481: SquashFS File Parsing Out-Of-Bounds Write RCE - CVE-2024-11612: CopyCoder Infinite Loop Denial-of-Service - CVE-2025-11001: ZIP File Parsing Directory Traversal RCE - CVE-2025-11002: ZIP File Parsing Directory Traversal RCE - CVE-2025-53817: null pointer dereference in the Compound handler may lead to denial of service - CVE-2025-55188: does not always properly handle symbolic links during extraction. (Closes: #1111068) * Sync patches from 25.01+dfsg-1~deb13u1: - keep old patches: - 000*-Remove-unwanted-hack-for-object-files.patch (no 7z.so) - drop new patches: - 000*-Use-c-flags-for-asmc.patch (no ASM) - 000*-Add-fpic-for-Asmc-options.patch (no ASM) - 000*-Use-system-locale-to-select-codepage-for-legacy-zip-.patch (behavior change) * No changes to packaging to avoid disruption in stable release (no split package, no ASM support, no files in /usr/lib/7z/, etc.) * Enable Salsa CI. * Configure git-buildpackage for oldstable. Checksums-Sha1: a7ff37abb070ccb963d86ce6e17f5b5f0cda5229 7093572 7zip-dbgsym_22.01+really25.01+dfsg-0+deb12u1_arm64.deb 754b7c953f0e5bc2fda8c211f1fef2109fcdf95f 6350 7zip_22.01+really25.01+dfsg-0+deb12u1_arm64-buildd.buildinfo 7dc1cae196f61b94df841f3643a73c6f2fded7c0 918884 7zip_22.01+really25.01+dfsg-0+deb12u1_arm64.deb Checksums-Sha256: 60acead620b78c3c3a28dc30bf2e16c9fe273690a8d827999b55e8b32f3326d5 7093572 7zip-dbgsym_22.01+really25.01+dfsg-0+deb12u1_arm64.deb 327e66daa004e8def70f81dd099241f92f797d44d9a24264b44006dab5e69dfe 6350 7zip_22.01+really25.01+dfsg-0+deb12u1_arm64-buildd.buildinfo d8f9bc42f342cc62e2e309e969cd5b609ff6b4c2d1084723c42917b345326164 918884 7zip_22.01+really25.01+dfsg-0+deb12u1_arm64.deb Files: 2a9a89e4efa5c8b4e69cfcaa63e4632a 7093572 debug optional 7zip-dbgsym_22.01+really25.01+dfsg-0+deb12u1_arm64.deb 5137486e94f848e6e511273894a12f1f 6350 utils optional 7zip_22.01+really25.01+dfsg-0+deb12u1_arm64-buildd.buildinfo 4bbdc634da85fcb5002c47a906128701 918884 utils optional 7zip_22.01+really25.01+dfsg-0+deb12u1_arm64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE0Ha//LlsGOpbQ/H4xqCFmsOWgoYFAmn3SRQACgkQxqCFmsOW goYvZw//WLi9f9Id6DmQTu+lG8U9Akb/9PoAjj90uLofq5tj1O4UNqBDyQ5EGtaI bDN/Yr7e+lcDPLyNg8m4+UbccalVunsemkR0E6SKeiRUWHH3wNCzUG+wmBTESMkf dt7OHOhj+o7fe5laMvM+k4ygLkxDmAJ5adL6JvJwowV4C2iadgivaRIlWzGUPgW3 HXodnubBSP2UCkkxZd+WCQ5IUIj1sDkG6QJUbDraa4Y74yuQQ+nsHvIoMp0yBOII ww6vevQXFQaUr5vgwrDiYFz3clvzgTtP3UA/Dc5ocyA3PAUksyBuWUeoZTISamBU b7/u272E0d8hSjya6ioNELCHn0KmKyfG+hs0rsjkxPWirSymQG6bnvhkqb0v1rCe rjUpIulKX7W42qD14RCTIuen+wbdAfX9WDDHrdEYfWR7jG8QnpQVDfJ3wZ0smBfN wIn/6gJCVfncjQ+ltCaAazLbbJpl8eIsVK4iuv3pRf+VZsBsSc0nt5iwMmI5wRp/ NnitBzPRzA5QfY0Pd6jbSWjk8E1Ser3fNNJx1tO80kBC4BOC2c38vbhV93oMQ+Di NcJGbwNprZgQkH3l8ejbgWJVLd3IOOGpvgZ2UspfL9uf7Z0N+Yb6NgblepTepNNg kXNhKy54UdTrQ4Xh/c8gJH9aeLIoIZznO+LwsL3YpTU6u3SpHak= =rUzc -----END PGP SIGNATURE-----