-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 12 May 2022 20:53:05 -0400 Source: lrzip Binary: lrzip lrzip-dbgsym Architecture: mips Version: 0.631+git180528-1+deb10u1 Distribution: buster-security Urgency: high Maintainer: mips Build Daemon (mips-manda-01) Changed-By: Stefano Rivera Description: lrzip - compression program with a very high compression ratio Changes: lrzip (0.631+git180528-1+deb10u1) buster-security; urgency=high . * Non-maintainer upload by the Security Team. * Security updates: Two issues that allow remote attackers to cause a denial of service via a crafted lrz file: - CVE-2018-5786: Resolve a potential infinite loop and application hang in the get_fileinfo function. - CVE-2021-27345: Resolve a null pointer dereference. * CVE-2021-27347: Resolve a use after free. - CVE-2020-25467: Resolve a null pointer dereference. - CVE-2022-26291: Resolve a multiple concurrency use-after-free. A memory corruption issue: - CVE-2022-28044: Resolve a potential heap corruption. Checksums-Sha1: 87ed92d1fca6c00eb0adb95eeda9a76668a0e2f5 790492 lrzip-dbgsym_0.631+git180528-1+deb10u1_mips.deb 654a551cedb7e96291bc70c16117556800d71ad4 5607 lrzip_0.631+git180528-1+deb10u1_mips-buildd.buildinfo ff871fa866cc245e1c5b716d2e1ce5c7407db64d 276692 lrzip_0.631+git180528-1+deb10u1_mips.deb Checksums-Sha256: a481cd44406d4a12f2126b6219174510861f854016b328a7d2ccc2c559bec029 790492 lrzip-dbgsym_0.631+git180528-1+deb10u1_mips.deb 4047b06b42505f62f0956c876280e32347c9d045bbb6db1a8192c268f2939b01 5607 lrzip_0.631+git180528-1+deb10u1_mips-buildd.buildinfo b3cc30e42a1207984d0df2cabb74e77a17aebb817423ed5f83377940299fa507 276692 lrzip_0.631+git180528-1+deb10u1_mips.deb Files: 05bcf1672f461f2f1758b860b8ea2111 790492 debug optional lrzip-dbgsym_0.631+git180528-1+deb10u1_mips.deb 60b82fdfae8f7fd0da9466197cab6e23 5607 utils optional lrzip_0.631+git180528-1+deb10u1_mips-buildd.buildinfo d789e64c09094260a53abc56f6134d08 276692 utils optional lrzip_0.631+git180528-1+deb10u1_mips.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEevYDcCpw+gxaAIfyzhCNGbK1Cr8FAmKH9GYACgkQzhCNGbK1 Cr9zuw//ThfcOL9Uf7sMwHrAftx81NrJqLjbnvspzV+Lb7dLVjGbkQuObOYcfGl9 UUhjmh7lG4qqudnTYOCJFIBstIYFKw0kvuHAbk2jO4J1mz10g+UlzjR2hNeNZbZy 0kz39au45pZ59u6IbbFNMmMiRz2JcmWmKdZtatK2vyduua+MjrMYAkBxgnQxzgtn MJYJFUgY+TDWQBxprvVLR5BjtnskiLtSb64Nbzzzn+7qK+sogBpNOCgHbTA7JHpZ UGB2RGOyBW0hLZK4dkRgknbjuiFnxZdv1glVxq2bw3aIt4PSypBtyKnZbDGoIB2O fz2NGD8DIfrKsHss2IvR0OsO7NfQghygM6qX8VpbjrWDTknkO/l5s4VkPsZKa+F7 FnejYXhTJB1mDltHZV4Vvr99DruUDStaIaeE+AuHXuJHrF78UW2saQn2HOeqTRQ8 ClbromacOa7BfBT1qqUcyyeLIOT4iWObyHu/KD3WRI+EDsgl5j8C82y11C/+V5FQ KyYw2EzyOLp5RF6fbtMwzyUCko5vpGj6xbebJojiSLbf3lz3lUSP2BBrc+SVKl6V jKtV1ZBmiByJYpDd95abXQ54eTBfX0PFRhUtYpim26KMwElR0AtN1kHuAHD9t6I4 cNvMkDrjJMSH/mULLWwb8SdUqKsbtKkrxrcgAVH6Y7igPahDk3w= =2/5W -----END PGP SIGNATURE-----