-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 13 May 2022 19:39:31 -0400
Source: lrzip
Architecture: source
Version: 0.641-1+deb11u1
Distribution: bullseye-security
Urgency: high
Maintainer: Laszlo Boszormenyi (GCS) <
gcs@debian.org>
Changed-By: Stefano Rivera <
stefanor@debian.org>
Changes:
lrzip (0.641-1+deb11u1) bullseye-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Security updates:
Two issues that allow remote attackers to cause a denial of service via a
crafted lrz file:
- CVE-2018-5786: Resolve a potential infinite loop and application hang in the
get_fileinfo function.
- CVE-2022-26291: Resolve a multiple concurrency use-after-free between
the functions zpaq_decompress_buf() and clear_rulist().
A memory corruption issue:
- CVE-2022-28044: Resolve a potential heap corruption.
Checksums-Sha1:
38a67591f0845f9d9674fa7e17117a3d58ec031c 1236 lrzip_0.641-1+deb11u1.dsc
c8c070e206b8ecf707c15406689355344ebb2f67 262761 lrzip_0.641.orig.tar.gz
2a0a5e268e29c25c34687b887f66e5dbe99a1700 9664 lrzip_0.641-1+deb11u1.debian.tar.xz
2bc1658c6c8a9e2f5c4a6f4437a07eab9d11e731 5247 lrzip_0.641-1+deb11u1_source.buildinfo
Checksums-Sha256:
251d7265feca46adc383f312ef0287b6c38bcc0cd516038261a1e2b9aaa30410 1236 lrzip_0.641-1+deb11u1.dsc
9b6b4bb1ae76dafbaab96ec9d50d41af5fed45a6c4f2e06feea828c2cd8025c0 262761 lrzip_0.641.orig.tar.gz
a9c78824c082abf5c230abcf0947fdaa839258b7e0d869cfc772f9e2bc71c79c 9664 lrzip_0.641-1+deb11u1.debian.tar.xz
006723ca8799c86175cacdb670bfcf63246acb7bde23b7f8138a0b0ea5e392fb 5247 lrzip_0.641-1+deb11u1_source.buildinfo
Files:
9ed69c38d49b44abeeee77e17eae8fa0 1236 utils optional lrzip_0.641-1+deb11u1.dsc
91f15333c4df7dc848d241d8470fb7c0 262761 utils optional lrzip_0.641.orig.tar.gz
dc610d6c51d0b2d7a5fa4744f6720a36 9664 utils optional lrzip_0.641-1+deb11u1.debian.tar.xz
3a906e4fff5b8e7a2348cef1df62de4d 5247 utils optional lrzip_0.641-1+deb11u1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iIoEARYKADIWIQTumtb5BSD6EfafSCRHew2wJjpU2AUCYofuVxQcc3RlZmFub3JA ZGViaWFuLm9yZwAKCRBHew2wJjpU2PvxAQDjrBElKxlDVbTWNPWmkw/we3MCVf6T 02Lo4z1B1CGfYwD/Ry4WxxIfsCeDqzXRjJ2gSZ24Fs8hQxH+o57B3FBiugs=
=+RHb
-----END PGP SIGNATURE-----
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)