-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 21 Mar 2026 19:34:09 +0100 Source: 7zip Binary: 7zip 7zip-dbgsym Architecture: mips64el Version: 22.01+really25.01+dfsg-0+deb12u1 Distribution: bookworm Urgency: high Maintainer: mipsel Build Daemon (mipsel-osuosl-03) Changed-By: Sylvain Beucler Description: 7zip - 7-Zip file archiver with a high compression ratio Closes: 1111068 Changes: 7zip (22.01+really25.01+dfsg-0+deb12u1) bookworm; urgency=high . * Non-maintainer upload by the LTS Security Team. * Bump to upstream 25.01, fixes: - CVE-2023-31102: Ppmd7.c allows an integer underflow and invalid read operation via a crafted 7Z archive. - CVE-2023-40481: SquashFS File Parsing Out-Of-Bounds Write RCE - CVE-2024-11612: CopyCoder Infinite Loop Denial-of-Service - CVE-2025-11001: ZIP File Parsing Directory Traversal RCE - CVE-2025-11002: ZIP File Parsing Directory Traversal RCE - CVE-2025-53817: null pointer dereference in the Compound handler may lead to denial of service - CVE-2025-55188: does not always properly handle symbolic links during extraction. (Closes: #1111068) * Sync patches from 25.01+dfsg-1~deb13u1: - keep old patches: - 000*-Remove-unwanted-hack-for-object-files.patch (no 7z.so) - drop new patches: - 000*-Use-c-flags-for-asmc.patch (no ASM) - 000*-Add-fpic-for-Asmc-options.patch (no ASM) - 000*-Use-system-locale-to-select-codepage-for-legacy-zip-.patch (behavior change) * No changes to packaging to avoid disruption in stable release (no split package, no ASM support, no files in /usr/lib/7z/, etc.) * Enable Salsa CI. * Configure git-buildpackage for oldstable. Checksums-Sha1: 2171cc3b740aa09117aa9ac35713d8fa2efd8af1 7235768 7zip-dbgsym_22.01+really25.01+dfsg-0+deb12u1_mips64el.deb f4b81c300e07832c1035e9acad8e1eca4e678e1a 6155 7zip_22.01+really25.01+dfsg-0+deb12u1_mips64el-buildd.buildinfo 0fd642d54f242628bc04952e2bbca257b12013b7 987648 7zip_22.01+really25.01+dfsg-0+deb12u1_mips64el.deb Checksums-Sha256: 36200386f0e6d7894d9fbb6369a8b32b259fead74b29913dd8d8bdde0026e0a1 7235768 7zip-dbgsym_22.01+really25.01+dfsg-0+deb12u1_mips64el.deb e4643eac6f480bd40734efa945b41f9426f01ed768cfb69e966533b973b0573f 6155 7zip_22.01+really25.01+dfsg-0+deb12u1_mips64el-buildd.buildinfo 3cb0c9ce67f2128743b47f3e3aa06055df9688cdc1e82c6b3296ed4539307541 987648 7zip_22.01+really25.01+dfsg-0+deb12u1_mips64el.deb Files: 1a1df2baaf2457134cfc76d025a31ff8 7235768 debug optional 7zip-dbgsym_22.01+really25.01+dfsg-0+deb12u1_mips64el.deb 5b3df7651e09c1190e5cc351e70b672c 6155 utils optional 7zip_22.01+really25.01+dfsg-0+deb12u1_mips64el-buildd.buildinfo 1d230563beac331516e08a9a5b8e0dc6 987648 utils optional 7zip_22.01+really25.01+dfsg-0+deb12u1_mips64el.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE7sd7jtCtE5bBJ1Hx/qmHKZssfSAFAmn3SikACgkQ/qmHKZss fSAFkA/+Oa/ZyFVH93+bfCy7HzkwMv4FFkD9XLSChpvG/gtppRf06+Peo112mhDX rPtd5/4zPBRJ/T0B2jefjUZL8ZS56z7acx7OewboPQaEJfv5YkFglXtkyvIjGwFh ihuMduXWftg1DIzn0NwHc0PZKKrGmqENmP5+Jq6HDAhNvHB5KXm8qB6WLdJILd61 qp2lBBvfJUFnQRwrSTtwxBuuGITeNJc+u6Fz7K4Vr9sXDr98OI3R77tuMvOiyaAC 5+UPyg86pFclhFsXysVew8eFyLYULE8U7dG+9vvK4Bw+2XaGxoVujtP96Z4GNmYd h+07DF8RdNlKQ0S9RHpchCKvDa1kPCHulbpWv6NrJkE4e2YisTUPd8clBfozEc5Z J20F/IHA5yuaZcE1ysahz1pHltkF+Fa4PcmjBMWtDnKIh0t/4+/JvkNhwDRlgygv pv/fKe9VJR87g16V+dQ16PxlGglVlwX73X5A3FgT51Y03tPFm/EyRk47b8ExCejC VGAkaXr/0WDqA4DiHr9SSM9q63SKWmmvTy24N/gXYuo1HOyWNASqpZPK0DW9eHvQ 3wi2w7U06ZMzCFzlXG4fxHbp9r4uDOXHtiFDa9dgRMLV3kqc0G1En1sqlTr6sesL qkZD7quTVi7iWSagrjKA6ZLTbeI8rSUisRL3xy4g9g4SAn6yo30= =rcGg -----END PGP SIGNATURE-----