Debian Package Tracker
Register | Log in
Subscribe

lrzip

compression program with a very high compression ratio

Choose email to subscribe with

general
  • source: lrzip (main)
  • version: 0.631+git180528-1
  • maintainer: Laszlo Boszormenyi (GCS) (DMD)
  • arch: any
  • std-ver: 4.1.4
  • VCS: unknown
versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]
[pool directory]
  • o-o-stable: 0.616-1
  • oldstable: 0.631-1
  • stable: 0.631+git180528-1
  • testing: 0.631+git180528-1
  • unstable: 0.631+git180528-1
versioned links
  • 0.616-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 0.631-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 0.631+git180528-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
binaries
  • lrzip (2 bugs: 0, 2, 0, 0)
action needed
lintian reports 4 warnings normal
Lintian reports 4 warnings about this package. You should make the package lintian clean getting rid of them.
Created: 2019-08-26 Last update: 2019-08-26 23:53
9 ignored security issues in jessie low
There are 9 open security issues in jessie.
9 issues skipped by the security teams:
  • CVE-2018-11496: In Long Range Zip (aka lrzip) 0.631, there is a use-after-free in read_stream in stream.c, because decompress_file in lrzip.c lacks certain size validation.
  • CVE-2018-5747: In Long Range Zip (aka lrzip) 0.631, there is a use-after-free in the ucompthread function (stream.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted lrz file.
  • CVE-2017-9929: In lrzip 0.631, a stack buffer overflow was found in the function get_fileinfo in lrzip.c:1074, which allows attackers to cause a denial of service via a crafted file.
  • CVE-2017-9928: In lrzip 0.631, a stack buffer overflow was found in the function get_fileinfo in lrzip.c:979, which allows attackers to cause a denial of service via a crafted file.
  • CVE-2018-5786: In Long Range Zip (aka lrzip) 0.631, there is an infinite loop and application hang in the get_fileinfo function (lrzip.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted lrz file.
  • CVE-2018-5650: In Long Range Zip (aka lrzip) 0.631, there is an infinite loop and application hang in the unzip_match function in runzip.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted lrz file.
  • CVE-2018-10685: In Long Range Zip (aka lrzip) 0.631, there is a use-after-free in the lzma_decompress_buf function of stream.c, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.
  • CVE-2017-8844: The read_1g function in stream.c in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted archive.
  • CVE-2017-8846: The read_stream function in stream.c in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted archive.
Please fix them.
Created: 2017-05-09 Last update: 2019-10-21 00:30
9 ignored security issues in stretch low
There are 9 open security issues in stretch.
9 issues skipped by the security teams:
  • CVE-2018-11496: In Long Range Zip (aka lrzip) 0.631, there is a use-after-free in read_stream in stream.c, because decompress_file in lrzip.c lacks certain size validation.
  • CVE-2018-5747: In Long Range Zip (aka lrzip) 0.631, there is a use-after-free in the ucompthread function (stream.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted lrz file.
  • CVE-2017-9929: In lrzip 0.631, a stack buffer overflow was found in the function get_fileinfo in lrzip.c:1074, which allows attackers to cause a denial of service via a crafted file.
  • CVE-2017-9928: In lrzip 0.631, a stack buffer overflow was found in the function get_fileinfo in lrzip.c:979, which allows attackers to cause a denial of service via a crafted file.
  • CVE-2018-5786: In Long Range Zip (aka lrzip) 0.631, there is an infinite loop and application hang in the get_fileinfo function (lrzip.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted lrz file.
  • CVE-2018-5650: In Long Range Zip (aka lrzip) 0.631, there is an infinite loop and application hang in the unzip_match function in runzip.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted lrz file.
  • CVE-2018-10685: In Long Range Zip (aka lrzip) 0.631, there is a use-after-free in the lzma_decompress_buf function of stream.c, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.
  • CVE-2017-8844: The read_1g function in stream.c in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted archive.
  • CVE-2017-8846: The read_stream function in stream.c in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted archive.
Please fix them.
Created: 2017-05-09 Last update: 2019-10-21 00:30
Standards version of the package is outdated. wishlist
The package should be updated to follow the last version of Debian Policy (Standards-Version 4.4.1 instead of 4.1.4).
Created: 2018-08-20 Last update: 2019-09-29 23:40
news
[rss feed]
  • [2018-06-01] lrzip 0.631+git180528-1 MIGRATED to testing (Debian testing watch)
  • [2018-05-29] Accepted lrzip 0.631+git180528-1 (source amd64) into unstable (Laszlo Boszormenyi (GCS)) (signed by: Laszlo Boszormenyi)
  • [2018-05-21] lrzip 0.631+git180517-1 MIGRATED to testing (Debian testing watch)
  • [2018-05-17] Accepted lrzip 0.631+git180517-1 (source amd64) into unstable (Laszlo Boszormenyi (GCS)) (signed by: Laszlo Boszormenyi)
  • [2016-11-25] lrzip 0.631-1 MIGRATED to testing (Debian testing watch)
  • [2016-11-14] Accepted lrzip 0.631-1 (source amd64) into unstable (Laszlo Boszormenyi (GCS)) (signed by: Laszlo Boszormenyi)
  • [2016-08-31] lrzip 0.630-1 MIGRATED to testing (Debian testing watch)
  • [2016-08-21] Accepted lrzip 0.630-1 (source amd64) into unstable (Laszlo Boszormenyi (GCS)) (signed by: Laszlo Boszormenyi)
  • [2015-05-07] lrzip 0.621-1 MIGRATED to testing (Britney)
  • [2015-04-26] Accepted lrzip 0.621-1 (source amd64) into unstable (Laszlo Boszormenyi (GCS)) (signed by: Laszlo Boszormenyi)
  • [2014-04-08] lrzip 0.616-1 MIGRATED to testing (Debian testing watch)
  • [2014-03-28] Accepted lrzip 0.616-1 (source amd64) (Laszlo Boszormenyi (GCS)) (signed by: Laszlo Boszormenyi)
  • [2012-02-20] lrzip 0.608-2 MIGRATED to testing (Debian testing watch)
  • [2012-02-10] Accepted lrzip 0.608-2 (source amd64) (Jari Aalto) (signed by: tony mancill)
  • [2011-11-04] lrzip 0.608-1 MIGRATED to testing (Debian testing watch)
  • [2011-10-25] Accepted lrzip 0.608-1 (source amd64) (Jari Aalto) (signed by: tony mancill)
  • [2011-10-06] lrzip 0.607+20110921+gita28def8-1 MIGRATED to testing (Debian testing watch)
  • [2011-09-26] Accepted lrzip 0.607+20110921+gita28def8-1 (source amd64) (Jari Aalto) (signed by: tony mancill)
  • [2011-09-20] Accepted lrzip 0.607+20110917+git79c2e9a-2 (source amd64) (Jari Aalto) (signed by: tony mancill)
  • [2011-09-19] Accepted lrzip 0.607+20110917+git79c2e9a-1 (source amd64) (Jari Aalto) (signed by: tony mancill)
  • [2011-05-10] lrzip 0.603+2011.0423+git7ed977b-1 MIGRATED to testing (Debian testing watch)
  • [2011-04-29] Accepted lrzip 0.603+2011.0423+git7ed977b-1 (source i386) (Jari Aalto) (signed by: tony mancill)
  • [2011-04-22] Accepted lrzip 0.602-1 (source i386) (Jari Aalto) (signed by: tony mancill)
  • [2011-02-28] lrzip 0.552+20110217+gitcd8b086-1 MIGRATED to testing (Debian testing watch)
  • [2011-02-17] Accepted lrzip 0.552+20110217+gitcd8b086-1 (source i386) (Jari Aalto) (signed by: tony mancill)
  • [2011-02-17] Accepted lrzip 0.552-1 (source i386) (Jari Aalto) (signed by: tony mancill)
  • [2010-12-15] Accepted lrzip 0.551-1 (source i386) (Jari Aalto) (signed by: tony mancill)
  • [2010-11-13] Accepted lrzip 0.530-1 (source i386) (Jari Aalto) (signed by: tony mancill)
  • [2010-10-27] Accepted lrzip 0.46-1 (source i386) (Jari Aalto) (signed by: tony mancill)
  • [2010-04-14] lrzip 0.45-1 MIGRATED to testing (Debian testing watch)
  • 1
  • 2
bugs [bug history graph]
  • all: 2
  • RC: 0
  • I&N: 2
  • M&W: 0
  • F&P: 0
  • patch: 0
links
  • homepage
  • lintian (0, 4)
  • buildd: logs, clang, reproducibility, cross
  • popcon
  • browse source code
  • edit tags
  • security tracker
  • screenshots
ubuntu Ubuntu logo [Information about Ubuntu for Debian Developers]
  • version: 0.631+git180528-1
  • 4 bugs

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers
Report problems to the tracker.debian.org pseudo-package in the Debian BTS.
Documentation — Bugs — Git Repository — Contributing