-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 21 Mar 2026 19:34:10 +0100
Source: p7zip
Binary: p7zip p7zip-dbgsym p7zip-full p7zip-full-dbgsym
Architecture: mips64el
Version: 16.02+really25.01+dfsg-0+deb12u1
Distribution: bookworm
Urgency: high
Maintainer: mipsel Build Daemon (mipsel-osuosl-05) <buildd_mips64el-mipsel-osuosl-05@buildd.debian.org>
Changed-By: Sylvain Beucler <beuc@debian.org>
Description:
 p7zip      - 7zr file archiver with high compression ratio
 p7zip-full - 7z and 7za file archivers with high compression ratio
Closes: 1111068
Changes:
 p7zip (16.02+really25.01+dfsg-0+deb12u1) bookworm; urgency=high
 .
   * Non-maintainer upload by the LTS Security Team.
   * Move codebase to 7-Zip (not p7zip) upstream 25.01, fixes:
     - CVE-2022-47069: heap-buffer-overflow vulnerability via the function
       NArchive::NZip::CInArchive::FindCd
     - CVE-2023-31102: Ppmd7.c allows an integer underflow and invalid read
       operation via a crafted 7Z archive.
     - CVE-2023-40481: SquashFS File Parsing Out-Of-Bounds Write RCE
     - CVE-2023-52168: heap-based buffer overflow in NTFS handler
     - CVE-2023-52169: out-of-bounds read in NTFS handler
     - CVE-2024-11612: CopyCoder Infinite Loop Denial-of-Service
     - CVE-2025-11001: ZIP File Parsing Directory Traversal RCE
     - CVE-2025-11002: ZIP File Parsing Directory Traversal RCE
     - CVE-2025-53817: null pointer dereference in the Compound handler may
       lead to denial of service
     - CVE-2025-55188: does not always properly handle symbolic links
       during extraction. (Closes: #1111068)
   * Add NEWS entry and edit package description about the codebase change.
   * Drop assembly support, which would require asmc-linux, not present
     before trixie, or re-porting the ASM code to yasm as p7zip did.
   * Make 7-Zip behave like p7zip to avoid compatibility issues:
     - d/p/p7zip-compat-version-output.patch: mimic p7zip output
     - d/p/p7zip-compat-symlinks.patch: mimic symlinks handling
     - d/p/p7zip-compat-utf16.patch: mimic -[no-]utf16 options
   * Sync patches from 25.01+dfsg-1~deb13u1:
     - drop all old patches
     - drop new patches:
       - 000*-Use-c-flags-for-asmc.patch (no ASM)
       - 000*-Add-fpic-for-Asmc-options.patch (no ASM)
       - 000*-Use-system-locale-to-select-codepage-for-legacy-zip-.patch
         (behavior change)
   * Selectively import packaging from trixie, to avoid disruption in
     stable release:
     - Sync debian/copyright.
     - Import debian/rules, drop ASM rules, adapt p7zip.install and
       p7zip-full.install, add dependency to dh-exec for *.install
       rename support (as in the 7zip package).
     - Adjust d/p7zip-full.docs, drop d/p7zip-full.doc-base and
       d/p7zip-full.links (no more HTML documentation).
     - Import debian/man/ from trixie (except for 7zz.1), merge
       d/p7zip.1 to debian/man/ (same file), make 7zr.1 the primary
       file (as it's the only one in the p7zip base package / !full).
     - Import debian/test/ (except for 7zz tests).
     - Drop debian/format/ options.
   * Stub debian/watch (reuse 7zip tarball instead).
   * Enable Salsa CI.
   * Configure git-buildpackage for oldstable.
Checksums-Sha1:
 214aeff1833c677823644e1ff60b5224691b5d03 3196748 p7zip-dbgsym_16.02+really25.01+dfsg-0+deb12u1_mips64el.deb
 8d92ef95af9fc84300c32a3554ac492181f24786 13543252 p7zip-full-dbgsym_16.02+really25.01+dfsg-0+deb12u1_mips64el.deb
 9d0b05b9f528883e1833976860e42903be657eeb 1338628 p7zip-full_16.02+really25.01+dfsg-0+deb12u1_mips64el.deb
 24cf0319759a6ccaf46401c05ee17e116a0f4c90 6911 p7zip_16.02+really25.01+dfsg-0+deb12u1_mips64el-buildd.buildinfo
 adeade005eebcc4bcee521c1b176b78c18da62ff 442640 p7zip_16.02+really25.01+dfsg-0+deb12u1_mips64el.deb
Checksums-Sha256:
 4f72c24d3e577a7f485d1194b03a07d560205f37c459e92801c7702c3db431d0 3196748 p7zip-dbgsym_16.02+really25.01+dfsg-0+deb12u1_mips64el.deb
 870a712fcbdda6cb1ff5241c1b35b990809d5f71591a6b480d64e42b2e71f421 13543252 p7zip-full-dbgsym_16.02+really25.01+dfsg-0+deb12u1_mips64el.deb
 e1ea4a85c6ceb5ceade5a79434f6ef560c1896e3791eb47a14087e953ab3e6ab 1338628 p7zip-full_16.02+really25.01+dfsg-0+deb12u1_mips64el.deb
 9dfd29816b221f8e77db747586a11bc24452d02264b839fa12fc9fe5747f3345 6911 p7zip_16.02+really25.01+dfsg-0+deb12u1_mips64el-buildd.buildinfo
 cd3fa233d5c7168d55237f186f805bd9450e3f906a55492a350458c491c9a4c3 442640 p7zip_16.02+really25.01+dfsg-0+deb12u1_mips64el.deb
Files:
 4f4d5e25671b597a60b3011e76cfd27d 3196748 debug optional p7zip-dbgsym_16.02+really25.01+dfsg-0+deb12u1_mips64el.deb
 bcadb214a323d9f962ebfb73f7144996 13543252 debug optional p7zip-full-dbgsym_16.02+really25.01+dfsg-0+deb12u1_mips64el.deb
 458b8364430ff17caac75246d3ae53b0 1338628 utils optional p7zip-full_16.02+really25.01+dfsg-0+deb12u1_mips64el.deb
 4c7555f9101c9dcab042afee434db38a 6911 utils optional p7zip_16.02+really25.01+dfsg-0+deb12u1_mips64el-buildd.buildinfo
 0e61e31ac5b95eb7cf73655ea95d94e6 442640 utils optional p7zip_16.02+really25.01+dfsg-0+deb12u1_mips64el.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE4ZxaH3zEHAF/GhnCHrk2gTKeWggFAmn3TOwACgkQHrk2gTKe
Wghygw/8CalcDMeLGn1wcmWbTmlLecRvsSZQLTroGmKmqH9udI02+xph8DIfbgVG
qGqXTmZB4KBZTlcS+t5XK5aBz7Y57CwgDEYX/n8sNefjhRvA4+N4lMI+ljp9iKeM
MmWVjzGcvrfpKZayhKsOsjrZqUmdoFxHgDuwYwfLXL3U/oV5XF5Z3jtaKs+08/bE
cYFANHMKg9EjSBBKgdo//5B1yOxL3pflSWa2AxZv9TYueFuUzreKAcOB42JnuwEK
jIBUJNJbV1UXmP84np3sTzV01wS6mi78xK7XzHEt3mzKzDckbwXGyxt+b3MbW5ep
3lpfk5DIKyEAX6qNI6S8DLsmrxO7RAWTgv55zbLCo6uG5yfaFV5149YsSV6UrO6B
FoDfb78K8xjDSdsM9lA4UnrV8TTyqtaYK8znaKgEJ5d00gNHDsgME3UhDQtGDjgl
wY3+ssZ026g5wvO7bMNL9/pD/RXbNCQod2t+o5QKqG8r6ZMVXpCnlcUkYc6SJ7S5
CP+m2BZBzULEd6jJX1lzHzphB6o0Mkb43WGKpIjCJnwO1spNKEj4oAcqPKtCpFc6
jJmvsuugjYhqv6mZ9gUp4fynIUAOaPDM30lFQ28SWSdGc/sC+n5801CY2S0u/Hm0
ZjZ3UTTQSZOPcom0vrcfVLUgZyo10fIoLyCHgsKbdaSAZ1tfYEg=
=edo0
-----END PGP SIGNATURE-----