-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 12 May 2022 20:53:05 -0400 Source: lrzip Binary: lrzip lrzip-dbgsym Architecture: amd64 Version: 0.631+git180528-1+deb10u1 Distribution: buster-security Urgency: high Maintainer: amd64 / i386 Build Daemon (x86-ubc-01) Changed-By: Stefano Rivera Description: lrzip - compression program with a very high compression ratio Changes: lrzip (0.631+git180528-1+deb10u1) buster-security; urgency=high . * Non-maintainer upload by the Security Team. * Security updates: Two issues that allow remote attackers to cause a denial of service via a crafted lrz file: - CVE-2018-5786: Resolve a potential infinite loop and application hang in the get_fileinfo function. - CVE-2021-27345: Resolve a null pointer dereference. * CVE-2021-27347: Resolve a use after free. - CVE-2020-25467: Resolve a null pointer dereference. - CVE-2022-26291: Resolve a multiple concurrency use-after-free. A memory corruption issue: - CVE-2022-28044: Resolve a potential heap corruption. Checksums-Sha1: 3e219c7d1900b01023e5056673833a07cc69b31d 773116 lrzip-dbgsym_0.631+git180528-1+deb10u1_amd64.deb 193d470cfd4e450759abaa756063986814586cfc 5781 lrzip_0.631+git180528-1+deb10u1_amd64-buildd.buildinfo c2d5ea55a8dccbab6336ed49ffc9f3474345afd7 260784 lrzip_0.631+git180528-1+deb10u1_amd64.deb Checksums-Sha256: 5a0bacfa18c1f25389c38d46454b504a0b8025022aa0fabe96f618ff52139546 773116 lrzip-dbgsym_0.631+git180528-1+deb10u1_amd64.deb 59829b640232adc30e588dd7841f1c7a79a87a8b50b8c499a7fa54c5f914d402 5781 lrzip_0.631+git180528-1+deb10u1_amd64-buildd.buildinfo 5ab47200e6cbcaf3209eaad866f5faf801854e62a59a80a67527a802da77962f 260784 lrzip_0.631+git180528-1+deb10u1_amd64.deb Files: 3c0920f9438648549303dcbf7988c47f 773116 debug optional lrzip-dbgsym_0.631+git180528-1+deb10u1_amd64.deb 3009c33610802b183d1a8dcc1ad45de1 5781 utils optional lrzip_0.631+git180528-1+deb10u1_amd64-buildd.buildinfo 1f30df40a72b2d0dc8708c6bc1d26048 260784 utils optional lrzip_0.631+git180528-1+deb10u1_amd64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEVvgiDm0iTi84B8TiOTy2rP5qAaMFAmKH87kACgkQOTy2rP5q AaN18xAArioCavidj2AhqP+C59xgyuneTKvJ0ovQNiDpe3cGhpH5OwmK2/NMFsbm kRRB0a+uWx20cK5wogtcO56BIexCN3kt5QtdFW1pecw9ppuhLd0K1Vuo+4m8qt8z 8BtUOL5b1CctgUOP1L5Tb5L8InaO08K1lI/GnCm6DFOCTnki+SbBKeWCHUW+MloU 8NVUbSqrQpuAQ5l4oWi9Q7f+r9QE2CNolqHQDwaGKWSa4O5x8agJzSkH0tmyzU0b Z+pc1ylnvbsjw2gA5GRVbzGQj6g6/3oLHho7fE/pQWQlOcG7vojKuHOcV7/F+iQr gYYK7LXav/VNFQMFJnrSr7XuBcY4BzefNjyV3mGcjbT622dpA5JwJsKE+RqMNGjD 8jB4xVY3gxLeVctFgaC03GgQh8LluNgVhI1aCb2KNEwPg52crqQ2tt0DRcmEZc+R 1FyP8fJ5Sc0AZikKCNckz9BFYYEOYMcWMnZL6WcJb/8mZsvmNLUmDWH+hchqlNY2 9j7qt25bWumrqlzUUOKir363xJFKNsu8k3ng79EM/TwElm9bZUyJgG9D6cvrVgHL FBvLKlcxCx6SEZhukCrjN1uyMYXUQpS422D7DU7OUQLYgfbqxdgSD1XjM1oqefcm sXuHUY5q4q5wNXljzmnJ5yI/kgHruzCNfNA/mYVerC2dxZPqxaA= =YigA -----END PGP SIGNATURE-----