-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 17 May 2018 15:42:06 +0000 Source: lrzip Binary: lrzip Architecture: source amd64 Version: 0.631+git180517-1 Distribution: unstable Urgency: high Maintainer: Laszlo Boszormenyi (GCS) <gcs@debian.org> Changed-By: Laszlo Boszormenyi (GCS) <gcs@debian.org> Description: lrzip - compression program with a very high compression ratio Closes: 863145 863150 863151 863153 863155 863156 866020 866022 887065 888506 897645 898451 Changes: lrzip (0.631+git180517-1) unstable; urgency=high . * Git snapshot release to fix security issues: - CVE-2017-8842: divide-by-zero in bufRead::get() (closes: #863156), - CVE-2017-8843: NULL pointer dereference in join_pthread() (closes: #863155), - CVE-2017-8844: heap-based buffer overflow write in read_1g() (closes: #863153), - CVE-2017-8845: invalid memory read in lzo_decompress_buf() (closes: #863151), - CVE-2017-8846: use-after-free in read_stream() (closes: #863150), - CVE-2017-8847: NULL pointer dereference in bufRead::get() (closes: #863145), - CVE-2017-9928: stack buffer overflow in get_fileinfo() (closes: #866022), - CVE-2017-9929: another stack buffer overflow in get_fileinfo() (closes: #866020), - CVE-2018-5650: infinite loop from crafted/corrupt archive in unzip_match() (closes: #887065), - CVE-2018-5747: use-after-free in ucompthread() (closes: #898451), - CVE-2018-5786: infinite loop in get_fileinfo() (closes: #888506), - CVE-2018-9058: infinite loop in runzip_fd() , - CVE-2018-10685: use-after-free in lzma_decompress_buf() (closes: #897645). * Update homepage location. * Update debhelper level to 11: - don't need dh_installman anymore, - remove dh-autoreconf build dependency, - remove autotools-dev build dependency. * Update Standards-Version to 4.1.4 . Checksums-Sha1: 55c93759cf16e87ae9d56738e982f07396de915c 1833 lrzip_0.631+git180517-1.dsc 49d52bb9edc1524469d618cbe867560c8d704060 200660 lrzip_0.631+git180517.orig.tar.xz 3fbd5121440aee6c9a26fe2e53c0a7e42f095781 7688 lrzip_0.631+git180517-1.debian.tar.xz 8ac6130b8ceea862a54b253ffc17ebfc79b0cdb2 606280 lrzip-dbgsym_0.631+git180517-1_amd64.deb f79257b587a3fe3594f79400906d19018b352df5 6826 lrzip_0.631+git180517-1_amd64.buildinfo c10d6d80eaba467bd8472a836ee192dae21edf17 258876 lrzip_0.631+git180517-1_amd64.deb Checksums-Sha256: 18876a30fba64e3e5730a4ecf55687b762d50629a6c7dac52273cfb028b1ec3b 1833 lrzip_0.631+git180517-1.dsc 9e96b797efb4e908a2412c4e287fd42e766def638e8126cd306397d572a176ef 200660 lrzip_0.631+git180517.orig.tar.xz 176d38dd20bc9335562b1102d9c907f8bc33922ba07b9dada2461da73fc64c28 7688 lrzip_0.631+git180517-1.debian.tar.xz e58240fcd0eef1f3f7738b35ac6c81722f0b805b1e7639100a42ba3b335bd174 606280 lrzip-dbgsym_0.631+git180517-1_amd64.deb 748dfdf17c6cc651a9a97116429615bf4fbc2449c41bac4b57ccd1ccf9c1453e 6826 lrzip_0.631+git180517-1_amd64.buildinfo 0cd786cf86077e91fba4fc4944ea987643bb98459fa9f76a73ff9c5fd09a146b 258876 lrzip_0.631+git180517-1_amd64.deb Files: e9c146c5bc64bebe67a2ae4599ffbf49 1833 utils optional lrzip_0.631+git180517-1.dsc cd554ed96a3e4a4d02231df70879b842 200660 utils optional lrzip_0.631+git180517.orig.tar.xz 0e8c44a78604f83544d5f6a0ef79485a 7688 utils optional lrzip_0.631+git180517-1.debian.tar.xz 32e3570a65a39477911f384fedae8dc1 606280 debug optional lrzip-dbgsym_0.631+git180517-1_amd64.deb 4ed5c1db1b8ab0a27fa4b84ebbfe3aa8 6826 utils optional lrzip_0.631+git180517-1_amd64.buildinfo 04db0b66b329ea490835728f5244be53 258876 utils optional lrzip_0.631+git180517-1_amd64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEfYh9yLp7u6e4NeO63OMQ54ZMyL8FAlr9wB8ACgkQ3OMQ54ZM yL90exAAkBIFwgAn2LJ58/BKFZ5jhndecOTJFQhWJ4G+N/ucDsp7Kf6S9h3DyxFJ EH5DHVFD07psF1ieGAieEvg58NpO6Nf7HAFFwtJdnoZ60p2LUe160Dum6sWdVTm7 gAxJdxoIXKVUy43wRbrMgGHfkq+QoS04VLrxEND+UW1i1Vkb6cOgZXhVbcMhPEfb pFoWNJtRT3WdEcIOgx8YFh2uaeFXMdcEWnda/OD5JDF4Wu2se53PLRJ2zj7GNtVb BNpPcyoTuOusxe965RNFzubIBrBchpJz8EtacdLt9lTZBY8VmKGnktR3ocIsLNIm f6LqxYbyWlyMBJo/QkIZ/DiQLFxNGzk5O5SARGMd1CduqTzj3sQyyXbQJuoO5VTy yxjBevSuCTx3LYJaE5H5zKvDhmfnDYioD1NGMho0SN3m3K8A1H/UjNhrgMmb44Ip 5buadpsgH4vZJ6RAe+uwuxjp9sj4/P9LLV+PY3xy1fregQPUxuOQVcdcEtzCJd4N +PHyZxAQOnH11BUj8WaAyyRK4JtrlqLQwm1EkjVCOAc55Z0FzM6VxwBAo/IkYvt1 VOWz20STbPoDycahnygADU57KBdQEm+X3FkTS2LKKXJSd3j/go2zG274ihqjaFQJ BNDnbJVx0UIrapmUHva7Dfu+WbCHScRRGWfGj0OtVG9dwKMGunw= =HAH8 -----END PGP SIGNATURE-----
