diff --git a/debian/changelog b/debian/changelog
index f7d33f4a2473c52868b759b2d86b38703cbcef10..90cdad061b9ee4cf6ffb4b238107fee05cb5842d 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+libarchive (3.4.0-ok5) yangtze; urgency=medium
+
+  * cacu CVE-2022-26280 安全更新：Libarchive v3.6.0存在安全漏洞，该漏洞源于组件 zipx_lzma_alone_init 的越界读取。
+
+ -- cacu <20373971@buaa.edu.cn>  Thu, 31 Mar 2023 21:08:51 +0800
+
 libarchive (3.4.0-ok4) yangtze; urgency=medium
 
   * leocheng_bupt_0 CVE-2021-36976 安全更新：libarchive 3.4.1到3.5.1在copy_string（从do_uncompress_block和process_block调用）中使用after free.
diff --git a/libarchive/archive_read_support_format_zip.c b/libarchive/archive_read_support_format_zip.c
index 9934bf1504dc639f5d7e51fecdae421bf878bc33..8acc11500896991d586ce3d32ccaf6e8b9edce9e 100644
--- a/libarchive/archive_read_support_format_zip.c
+++ b/libarchive/archive_read_support_format_zip.c
@@ -1596,7 +1596,7 @@ zipx_lzma_alone_init(struct archive_read *a, struct zip *zip)
 	 */
 
 	/* Read magic1,magic2,lzma_params from the ZIPX stream. */
-	if((p = __archive_read_ahead(a, 9, NULL)) == NULL) {
+	if(zip->entry_bytes_remaining < 9 || (p = __archive_read_ahead(a, 9, NULL)) == NULL) {
 		archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
 		    "Truncated lzma data");
 		return (ARCHIVE_FATAL);