Undefined behaviour (signed integer overflow) was discovered in libarchive, in the MTREE parser's calculation of maximum and minimum dates. Upstream bug: https://github.com/libarchive/libarchive/issues/539 Upstream fix: https://github.com/libarchive/libarchive/commit/b31744d
Created libarchive tracking bugs for this issue: Affects: fedora-all [bug 1352776]
FTR: Also 11f6da24 should be backported.
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2016:1844 https://rhn.redhat.com/errata/RHSA-2016-1844.html