-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 12 May 2022 20:53:05 -0400 Source: lrzip Binary: lrzip lrzip-dbgsym Architecture: i386 Version: 0.631+git180528-1+deb10u1 Distribution: buster-security Urgency: high Maintainer: i386 Build Daemon (x86-grnet-01) Changed-By: Stefano Rivera Description: lrzip - compression program with a very high compression ratio Changes: lrzip (0.631+git180528-1+deb10u1) buster-security; urgency=high . * Non-maintainer upload by the Security Team. * Security updates: Two issues that allow remote attackers to cause a denial of service via a crafted lrz file: - CVE-2018-5786: Resolve a potential infinite loop and application hang in the get_fileinfo function. - CVE-2021-27345: Resolve a null pointer dereference. * CVE-2021-27347: Resolve a use after free. - CVE-2020-25467: Resolve a null pointer dereference. - CVE-2022-26291: Resolve a multiple concurrency use-after-free. A memory corruption issue: - CVE-2022-28044: Resolve a potential heap corruption. Checksums-Sha1: 9b454d007ed37c5a085716692f30cc171de403a5 670724 lrzip-dbgsym_0.631+git180528-1+deb10u1_i386.deb 713261133fae8231dc260a179e1d353284576504 5741 lrzip_0.631+git180528-1+deb10u1_i386-buildd.buildinfo b59c5d7f3304c703036cbe95070771e2a95e2bd2 278100 lrzip_0.631+git180528-1+deb10u1_i386.deb Checksums-Sha256: 7368c840ce58b13b872dfaacdae4af77997d6e858257ab436f7c3ecf0818e6b4 670724 lrzip-dbgsym_0.631+git180528-1+deb10u1_i386.deb 1251f8976dd9a0010fbe08c33074a2d5f5fb35493e7272572e9a18cf2256d73c 5741 lrzip_0.631+git180528-1+deb10u1_i386-buildd.buildinfo ff33de4c5245776c6e04387bcb63ed537e4f676591ec32969deca5573ca0f5dc 278100 lrzip_0.631+git180528-1+deb10u1_i386.deb Files: 169718386191f2ecac862701269c07f9 670724 debug optional lrzip-dbgsym_0.631+git180528-1+deb10u1_i386.deb 616b6fffa373b3fb64b7573ed4871c4e 5741 utils optional lrzip_0.631+git180528-1+deb10u1_i386-buildd.buildinfo a7ad6aea036070cbaee96a6b6d1dbe08 278100 utils optional lrzip_0.631+git180528-1+deb10u1_i386.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEZ+kjGN6s2Ioxmya1SqddLxw5rsoFAmKH83YACgkQSqddLxw5 rsoFlBAArAoyx2qnhu17PjWoGxH/wdyJpwvFqRlTLcQZkBUERoEW3A6WxyX0z310 XugHuuRvdK+VwuPdJ+btQjvqTvo1kLGD4774kJldRnHlSS8VibHWt9FSZWXw4znK rK7Yqyt5/uCrHmzk6zscib8xaC8y/QhwMK3L9qz584KHglxqpTV5uKdUZsWfVtrk r5AP4R/WQ+BjC/P/p9Y9tYK002l5Q5J+3HwB6tF4LojNDaXgYd1pAiLK8sS3R3hO VAg3CSXD7nT5yc9U+2yx/lVoZ7+WPiuG65crH7iMbUQpHm22eywPMOGI4/wde6wZ GX4tLGWdvn1YsqdY2gKZAt3K7PZ4EjyUmlu23mNmxufADxYFEFkGL+ZiGANJLHDG f/0q0eXlavEMxTZIPQZx3mby6rDD8dYSTBtgFQcj8YsW7RGrUSc/LbcJtxugMpc0 ntYPmYtrsuyWSD+XG/jKwkd4dpvpu8WPUpefrPOysk8TOX6up1MUti5UunSLDKjY vW19AKqS94g/X2LrkoN2Y+1PSUh5Q4lIfZSHYB1PRAMMgMK1Z6yrCXAPLD/6zNof kctJ2QM0k1794OPl5VBFE1wyNXVdgxvaR43sbUS1M5kQMIrtv+wRv/IJxqmEdzu/ RlKsOZkt7sbS8ONBfCp7UBSeNM3mZ1nJnhhdMtfd2PJgiqG2d4Y= =4L8+ -----END PGP SIGNATURE-----