1. Forum
  2. Usenet
  3. LINUX.DEBIAN.CHANGES

  • Accepted lrzip 0.631+git180528-1+deb10u1 (source) into oldstable-propos

    From Debian FTP Masters@21:1/5 to All on Thu May 26 22:40:01 2022
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    Format: 1.8
    Date: Thu, 12 May 2022 20:53:05 -0400
    Source: lrzip
    Architecture: source
    Version: 0.631+git180528-1+deb10u1
    Distribution: buster-security
    Urgency: high
    Maintainer: Laszlo Boszormenyi (GCS) <gcs@debian.org>
    Changed-By: Stefano Rivera <stefanor@debian.org>
    Changes:
    lrzip (0.631+git180528-1+deb10u1) buster-security; urgency=high
    .
    * Non-maintainer upload by the Security Team.
    * Security updates:
    Two issues that allow remote attackers to cause a denial of service via a
    crafted lrz file:
    - CVE-2018-5786: Resolve a potential infinite loop and application hang in the
    get_fileinfo function.
    - CVE-2021-27345: Resolve a null pointer dereference.
    * CVE-2021-27347: Resolve a use after free.
    - CVE-2020-25467: Resolve a null pointer dereference.
    - CVE-2022-26291: Resolve a multiple concurrency use-after-free.
    A memory corruption issue:
    - CVE-2022-28044: Resolve a potential heap corruption.
    Checksums-Sha1:
    57e2235ab0f60b8928c126b8168821cdd05f0c07 1291 lrzip_0.631+git180528-1+deb10u1.dsc
    f85ef5597367c795efcbcd235747ec073c8cb00b 200908 lrzip_0.631+git180528.orig.tar.xz
    4ba28a5f12e892cd0e1248ebf5d60cf163634e84 10952 lrzip_0.631+git180528-1+deb10u1.debian.tar.xz
    648230920b6d4a370567e680f9d5cdaf2ab5fdc1 5262 lrzip_0.631+git180528-1+deb10u1_source.buildinfo
    Checksums-Sha256:
    66b55fb9b37edf718f40de6941e5a395c3ee298af7111b3bd52c051ba4302ce8 1291 lrzip_0.631+git180528-1+deb10u1.dsc
    006772b04772846e0caa4973ebada8868b294d0fd31c0a712350dea7e7dbe783 200908 lrzip_0.631+git180528.orig.tar.xz
    f8c49f24910436706edf872a9b3e092ebb09c76f143170815d447c3f38042f81 10952 lrzip_0.631+git180528-1+deb10u1.debian.tar.xz
    82bc4944897f7011499dc89214c602521c9273edc9ab3574d7377ff2b1a9fdb7 5262 lrzip_0.631+git180528-1+deb10u1_source.buildinfo
    Files:
    f78918dafa7973d3c97bc21c8071d277 1291 utils optional lrzip_0.631+git180528-1+deb10u1.dsc
    efc958c4ad722963c9c6f01afb0d2311 200908 utils optional lrzip_0.631+git180528.orig.tar.xz
    27b2ba256eaa648c502bfee977349d79 10952 utils optional lrzip_0.631+git180528-1+deb10u1.debian.tar.xz
    66c0083683d5e06e35989f52962c6ff7 5262 utils optional lrzip_0.631+git180528-1+deb10u1_source.buildinfo

    -----BEGIN PGP SIGNATURE-----

    iIoEARYKADIWIQTumtb5BSD6EfafSCRHew2wJjpU2AUCYofuShQcc3RlZmFub3JA ZGViaWFuLm9yZwAKCRBHew2wJjpU2O8tAQC+f3q0B652PG+NyxS1MG6xPg/sk69T h+zgVLLj53gc+QEAgIFKBE46+vLo8ZRauodaKWonx2R75OI7p5rC8wfIiAg=
    =BpAN
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)