-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 12 May 2022 20:53:05 -0400 Source: lrzip Binary: lrzip lrzip-dbgsym Architecture: ppc64el Version: 0.631+git180528-1+deb10u1 Distribution: buster-security Urgency: high Maintainer: ppc64el Build Daemon (ppc64el-unicamp-01) Changed-By: Stefano Rivera Description: lrzip - compression program with a very high compression ratio Changes: lrzip (0.631+git180528-1+deb10u1) buster-security; urgency=high . * Non-maintainer upload by the Security Team. * Security updates: Two issues that allow remote attackers to cause a denial of service via a crafted lrz file: - CVE-2018-5786: Resolve a potential infinite loop and application hang in the get_fileinfo function. - CVE-2021-27345: Resolve a null pointer dereference. * CVE-2021-27347: Resolve a use after free. - CVE-2020-25467: Resolve a null pointer dereference. - CVE-2022-26291: Resolve a multiple concurrency use-after-free. A memory corruption issue: - CVE-2022-28044: Resolve a potential heap corruption. Checksums-Sha1: 6a1325d0d577f0b206f815b82e2531d50987e499 774236 lrzip-dbgsym_0.631+git180528-1+deb10u1_ppc64el.deb 6e2dc0eba34cba2666b0c31c50c9441a89f24515 5780 lrzip_0.631+git180528-1+deb10u1_ppc64el-buildd.buildinfo 7bd00c81d90a492c8d52095af3a4637bf4a9c2fa 271468 lrzip_0.631+git180528-1+deb10u1_ppc64el.deb Checksums-Sha256: f1ad645cd2d417d3cd768570bf3d7971f682d1549657615affcd12f3c4af33a9 774236 lrzip-dbgsym_0.631+git180528-1+deb10u1_ppc64el.deb c8d1aad9fad865f8f802469589ce022bd62e51a7cfb50b2189d54709138521b5 5780 lrzip_0.631+git180528-1+deb10u1_ppc64el-buildd.buildinfo a2f20d7f0eb8ede8738c59b310370791f3b69b662a7f1cd198007e24030292dc 271468 lrzip_0.631+git180528-1+deb10u1_ppc64el.deb Files: e4ac59ecc429005a48c854e497bc0836 774236 debug optional lrzip-dbgsym_0.631+git180528-1+deb10u1_ppc64el.deb 0433944f61d6caca8bf4d319e7d6c68b 5780 utils optional lrzip_0.631+git180528-1+deb10u1_ppc64el-buildd.buildinfo e95ec31388fc100e6a8ce57e8222aa6a 271468 utils optional lrzip_0.631+git180528-1+deb10u1_ppc64el.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEM6ceAMELlsCX7atTQTdFj1F/eVQFAmKH87oACgkQQTdFj1F/ eVQCbA/7BDTZCNvdQUdi4xk/abwoh0QRcMlPCredeTNwqHIn8Ev0Maxr3pFKrH3W z2PlaAizKjSYNAF5pE6Gkc93LTbBFzYci858MEPb1wKlpPXsalRDM0DSqEoRUDrg GbG5xTMQpjDWsF1CbuoG4o5mI7bfUzpjWXrydyTB0a02nXszCSz2kchbg3hsiEzO HVfiZWKcOG2jNoCiY5MXiEuLYcggiq8sj97HKP4yOLA6CSJDrB2oP/MAEtrPzR4T qcaZ+94GgtfdADtQJNmADsKojv8k3D9rc1WajbNasoSphIk79y/6FtkpopmNadJg 8Dn2e9byMCw0UXe4gAc5g/YgfPPRC8/uqv0WJsUMum7dbqF7w3fwnKiUVvp0AWmt nA/DMaQPak66GIBXPAaGiboMGLlWC3W863D+oa8dNqbyEnr/markl5xZ+GDiORNq SRewMWk92Bpo8xBea2f2S7Zgh7USBNoXwGU56JlbqNCh4tWHCKWgAoOR+1UfY7XU yM6xcQ31M3rtYoEfRTjR2KDMwQsZeKWw1wQ29z+dve6hJdADqU+KLFADGy2O8etz kbc8priLk38CT7Aitfw1g/vJXl4O6rzjy+0HAgagtgq/RJzs7932I+eWOnyw7v5C pg3u7NZkCdgXUfTmKQt5aC2g5VEOUlP5P2hb7fgINf40lDlkg6c= =zh4E -----END PGP SIGNATURE-----