1. Forum
  2. Usenet
  3. LINUX.DEBIAN.CHANGES

  • Accepted lrzip 0.641-1+deb11u1 (source) into proposed-updates->stable-n

    From Debian FTP Masters@21:1/5 to All on Thu May 26 22:40:01 2022
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    Format: 1.8
    Date: Fri, 13 May 2022 19:39:31 -0400
    Source: lrzip
    Architecture: source
    Version: 0.641-1+deb11u1
    Distribution: bullseye-security
    Urgency: high
    Maintainer: Laszlo Boszormenyi (GCS) <gcs@debian.org>
    Changed-By: Stefano Rivera <stefanor@debian.org>
    Changes:
    lrzip (0.641-1+deb11u1) bullseye-security; urgency=high
    .
    * Non-maintainer upload by the Security Team.
    * Security updates:
    Two issues that allow remote attackers to cause a denial of service via a
    crafted lrz file:
    - CVE-2018-5786: Resolve a potential infinite loop and application hang in the
    get_fileinfo function.
    - CVE-2022-26291: Resolve a multiple concurrency use-after-free between
    the functions zpaq_decompress_buf() and clear_rulist().
    A memory corruption issue:
    - CVE-2022-28044: Resolve a potential heap corruption.
    Checksums-Sha1:
    38a67591f0845f9d9674fa7e17117a3d58ec031c 1236 lrzip_0.641-1+deb11u1.dsc
    c8c070e206b8ecf707c15406689355344ebb2f67 262761 lrzip_0.641.orig.tar.gz
    2a0a5e268e29c25c34687b887f66e5dbe99a1700 9664 lrzip_0.641-1+deb11u1.debian.tar.xz
    2bc1658c6c8a9e2f5c4a6f4437a07eab9d11e731 5247 lrzip_0.641-1+deb11u1_source.buildinfo
    Checksums-Sha256:
    251d7265feca46adc383f312ef0287b6c38bcc0cd516038261a1e2b9aaa30410 1236 lrzip_0.641-1+deb11u1.dsc
    9b6b4bb1ae76dafbaab96ec9d50d41af5fed45a6c4f2e06feea828c2cd8025c0 262761 lrzip_0.641.orig.tar.gz
    a9c78824c082abf5c230abcf0947fdaa839258b7e0d869cfc772f9e2bc71c79c 9664 lrzip_0.641-1+deb11u1.debian.tar.xz
    006723ca8799c86175cacdb670bfcf63246acb7bde23b7f8138a0b0ea5e392fb 5247 lrzip_0.641-1+deb11u1_source.buildinfo
    Files:
    9ed69c38d49b44abeeee77e17eae8fa0 1236 utils optional lrzip_0.641-1+deb11u1.dsc
    91f15333c4df7dc848d241d8470fb7c0 262761 utils optional lrzip_0.641.orig.tar.gz
    dc610d6c51d0b2d7a5fa4744f6720a36 9664 utils optional lrzip_0.641-1+deb11u1.debian.tar.xz
    3a906e4fff5b8e7a2348cef1df62de4d 5247 utils optional lrzip_0.641-1+deb11u1_source.buildinfo

    -----BEGIN PGP SIGNATURE-----

    iIoEARYKADIWIQTumtb5BSD6EfafSCRHew2wJjpU2AUCYofuVxQcc3RlZmFub3JA ZGViaWFuLm9yZwAKCRBHew2wJjpU2PvxAQDjrBElKxlDVbTWNPWmkw/we3MCVf6T 02Lo4z1B1CGfYwD/Ry4WxxIfsCeDqzXRjJ2gSZ24Fs8hQxH+o57B3FBiugs=
    =+RHb
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)