Errata overview
Errata ID 609
Date 2019-11-06
Source package libarchive
Fixed in version 3.2.2-2+deb9u2
This update addresses the following issues:
* archive_read_format_rar_read_data() in archive_read_support_format_rar.c
  has a use-after-free in a certain ARCHIVE_FAILED situation, related to
  Ppmd7_DecodeSymbol. (CVE-2019-18408)
* Out of bounds read in archive_read_support_format_7zip.c resulting in a
  denial of service (CVE-2019-1000019)
* Infinite recursion in archive_read_support_format_iso9660.c resulting in
  denial of service (CVE-2019-1000020)
Additional notes
CVE ID CVE-2019-18408
UCS Bug number #50439