-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 12 May 2022 20:53:05 -0400 Source: lrzip Binary: lrzip lrzip-dbgsym Architecture: armel Version: 0.631+git180528-1+deb10u1 Distribution: buster-security Urgency: high Maintainer: armel Build Daemon (hasse) Changed-By: Stefano Rivera Description: lrzip - compression program with a very high compression ratio Changes: lrzip (0.631+git180528-1+deb10u1) buster-security; urgency=high . * Non-maintainer upload by the Security Team. * Security updates: Two issues that allow remote attackers to cause a denial of service via a crafted lrz file: - CVE-2018-5786: Resolve a potential infinite loop and application hang in the get_fileinfo function. - CVE-2021-27345: Resolve a null pointer dereference. * CVE-2021-27347: Resolve a use after free. - CVE-2020-25467: Resolve a null pointer dereference. - CVE-2022-26291: Resolve a multiple concurrency use-after-free. A memory corruption issue: - CVE-2022-28044: Resolve a potential heap corruption. Checksums-Sha1: 00573b5b0cd36904adcd1dd7b06b66fc9b3596e7 701428 lrzip-dbgsym_0.631+git180528-1+deb10u1_armel.deb d4a4e78318e655977ecc40395587b36aae324d28 5665 lrzip_0.631+git180528-1+deb10u1_armel-buildd.buildinfo 9ca36daec4074ec9f4c36b6d547be8c9d2f12cd2 240052 lrzip_0.631+git180528-1+deb10u1_armel.deb Checksums-Sha256: 615a2e4c221b23021e5af4f870de75d0b7917cea169f189c25769587fbfc8289 701428 lrzip-dbgsym_0.631+git180528-1+deb10u1_armel.deb e87a006ccd175a6d7b9216c5d57542596fc12648ff81f3638b759b71e7c03724 5665 lrzip_0.631+git180528-1+deb10u1_armel-buildd.buildinfo b15e79e1c496c13dab05d45b4df529f68936ee4d328a69c85ae6abe1012f332d 240052 lrzip_0.631+git180528-1+deb10u1_armel.deb Files: 909751834d27e62c87dd3ef94c9057d4 701428 debug optional lrzip-dbgsym_0.631+git180528-1+deb10u1_armel.deb bf3a20066d3ddab40b34c6bf6fbca187 5665 utils optional lrzip_0.631+git180528-1+deb10u1_armel-buildd.buildinfo 9678586157aa4196ef42a8b76b1cef64 240052 utils optional lrzip_0.631+git180528-1+deb10u1_armel.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEyFcFNfjuR9XuHflsPdjLYqcLkd8FAmKH9YkACgkQPdjLYqcL kd9vxBAAps8aK3DyT86ejDTsGRTx6YXZtdSPyhQpEuM8mn/uOufveppfu8kdOW+j GSWPkPynK+JK8x8FUHaCjSzjRr+PhocPjMXaoy5FBKQCr/KNh45lzKyQiDrGhFGb DpERbJc2zXqEeeqzmPKmX8Kas1+oMt8UMl8lWDuiaMSkCnDblH9Z+XMXYKX5blkQ op8Py/YiojYtC7dqij90Y9YCSOnfSdvagF1pzb2mGvbupqBsNtizk7Wb5eLxYmSQ iU4U1Lxw7xe1HVRm1/vMNj7EYMAfLxTY4jak+WxstFEj0Lxai3AtwDsHgvj84rXu KAFmTLxBkMsl55jL2q1CC0uB2UOUWrS1g4bX9IE1ojNSejrEvZzXXoz1hkvIRt2n FK6//qhCxr3UsLvfUEQAy6ZmgY6UHg/V0+m5unredNa6UHQsxwg5VXfT7D/eH2hF S8np4K7tnwzLeJqxau1gkU51FzQFoynGwl9eT4m9wRLOtGw5c+soEspiPZEdWzbc T3Mn8U29P9axyqKmMJbCbri9ZFW8K5Jfz0lP/molA9d//rxyyt+VSea/4alP9WmY PP8UY3fU6OpuluBr3FkZV0/63vfN83pUy+R38kPm4rlNujAJ/lWQveIRj/0w8nTh H5r3ZDmhXT+Kv2SdIeTGrU7puJ5OuNEmECZcr5Q/mqka7wI7mlA= =22Kk -----END PGP SIGNATURE-----