-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 12 May 2022 20:53:05 -0400 Source: lrzip Architecture: source Version: 0.631+git180528-1+deb10u1 Distribution: buster-security Urgency: high Maintainer: Laszlo Boszormenyi (GCS) <gcs@debian.org> Changed-By: Stefano Rivera <stefanor@debian.org> Changes: lrzip (0.631+git180528-1+deb10u1) buster-security; urgency=high . * Non-maintainer upload by the Security Team. * Security updates: Two issues that allow remote attackers to cause a denial of service via a crafted lrz file: - CVE-2018-5786: Resolve a potential infinite loop and application hang in the get_fileinfo function. - CVE-2021-27345: Resolve a null pointer dereference. * CVE-2021-27347: Resolve a use after free. - CVE-2020-25467: Resolve a null pointer dereference. - CVE-2022-26291: Resolve a multiple concurrency use-after-free. A memory corruption issue: - CVE-2022-28044: Resolve a potential heap corruption. Checksums-Sha1: 57e2235ab0f60b8928c126b8168821cdd05f0c07 1291 lrzip_0.631+git180528-1+deb10u1.dsc f85ef5597367c795efcbcd235747ec073c8cb00b 200908 lrzip_0.631+git180528.orig.tar.xz 4ba28a5f12e892cd0e1248ebf5d60cf163634e84 10952 lrzip_0.631+git180528-1+deb10u1.debian.tar.xz 648230920b6d4a370567e680f9d5cdaf2ab5fdc1 5262 lrzip_0.631+git180528-1+deb10u1_source.buildinfo Checksums-Sha256: 66b55fb9b37edf718f40de6941e5a395c3ee298af7111b3bd52c051ba4302ce8 1291 lrzip_0.631+git180528-1+deb10u1.dsc 006772b04772846e0caa4973ebada8868b294d0fd31c0a712350dea7e7dbe783 200908 lrzip_0.631+git180528.orig.tar.xz f8c49f24910436706edf872a9b3e092ebb09c76f143170815d447c3f38042f81 10952 lrzip_0.631+git180528-1+deb10u1.debian.tar.xz 82bc4944897f7011499dc89214c602521c9273edc9ab3574d7377ff2b1a9fdb7 5262 lrzip_0.631+git180528-1+deb10u1_source.buildinfo Files: f78918dafa7973d3c97bc21c8071d277 1291 utils optional lrzip_0.631+git180528-1+deb10u1.dsc efc958c4ad722963c9c6f01afb0d2311 200908 utils optional lrzip_0.631+git180528.orig.tar.xz 27b2ba256eaa648c502bfee977349d79 10952 utils optional lrzip_0.631+git180528-1+deb10u1.debian.tar.xz 66c0083683d5e06e35989f52962c6ff7 5262 utils optional lrzip_0.631+git180528-1+deb10u1_source.buildinfo -----BEGIN PGP SIGNATURE----- iIoEARYKADIWIQTumtb5BSD6EfafSCRHew2wJjpU2AUCYofuShQcc3RlZmFub3JA ZGViaWFuLm9yZwAKCRBHew2wJjpU2O8tAQC+f3q0B652PG+NyxS1MG6xPg/sk69T h+zgVLLj53gc+QEAgIFKBE46+vLo8ZRauodaKWonx2R75OI7p5rC8wfIiAg= =BpAN -----END PGP SIGNATURE-----