Hash: SHA256

Package        : libarchive
Version        : 3.0.4-3+wheezy6+deb7u1
CVE ID         : CVE-2017-14166
Debian Bug     : #874539

It was discovered that there was a denial of service vulnerability in the
libarchive multi-format compression library. A specially-crafted .xar
archive could cause via a heap-based buffer over-read.

For Debian 7 "Wheezy", this issue has been fixed in libarchive version
3.0.4-3+wheezy6+deb7u1.

We recommend that you upgrade your libarchive packages.


Regards,

- -- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      [email protected] / chris-lamb.co.uk
       `-