-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 12 May 2022 20:53:05 -0400 Source: lrzip Binary: lrzip lrzip-dbgsym Architecture: s390x Version: 0.631+git180528-1+deb10u1 Distribution: buster-security Urgency: high Maintainer: s390x Build Daemon (zandonai) Changed-By: Stefano Rivera Description: lrzip - compression program with a very high compression ratio Changes: lrzip (0.631+git180528-1+deb10u1) buster-security; urgency=high . * Non-maintainer upload by the Security Team. * Security updates: Two issues that allow remote attackers to cause a denial of service via a crafted lrz file: - CVE-2018-5786: Resolve a potential infinite loop and application hang in the get_fileinfo function. - CVE-2021-27345: Resolve a null pointer dereference. * CVE-2021-27347: Resolve a use after free. - CVE-2020-25467: Resolve a null pointer dereference. - CVE-2022-26291: Resolve a multiple concurrency use-after-free. A memory corruption issue: - CVE-2022-28044: Resolve a potential heap corruption. Checksums-Sha1: 6c686773f8291f3a5997f34ad497c5a2111f6829 793036 lrzip-dbgsym_0.631+git180528-1+deb10u1_s390x.deb d6f1d8d043abdd41456b56700aba74404bf8cc50 5685 lrzip_0.631+git180528-1+deb10u1_s390x-buildd.buildinfo f2b5952f5cf778f70c1b0bb8b7b4a5defb4452f3 247864 lrzip_0.631+git180528-1+deb10u1_s390x.deb Checksums-Sha256: 9484bf7de318ab86b64f0501fbcabd86710ae9f5a2331a72a3cdc6d9434cc285 793036 lrzip-dbgsym_0.631+git180528-1+deb10u1_s390x.deb df0278f1ade3aef20fb620f2a142042a406875b348a1fb7658eaf6349ca2ed94 5685 lrzip_0.631+git180528-1+deb10u1_s390x-buildd.buildinfo 180bfa54fdddbe417176b857f9613696bf6ab06307b8f6917cc51bec4afe95cb 247864 lrzip_0.631+git180528-1+deb10u1_s390x.deb Files: 840581afed2b29195c34acdfcd2ca6e0 793036 debug optional lrzip-dbgsym_0.631+git180528-1+deb10u1_s390x.deb 78c446e5984cada4c5fa316188bde3e0 5685 utils optional lrzip_0.631+git180528-1+deb10u1_s390x-buildd.buildinfo 9c9f42685d0db2d86b116b0b64f9269b 247864 utils optional lrzip_0.631+git180528-1+deb10u1_s390x.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEEwflLi3dfm21PN8mA0zNy/MAOYMFAmKH9CAACgkQA0zNy/MA OYNKxw//S4YVdBXzOCzs13y1oOTyI7TIihS9hcP36emrTaWWfoAFkrMW8rR8Gbwd SwlgX/q6owFh2DuhekfUC69HLwjfYKP8tX1nk44L01iHiyc7xHuO8JqWZef+N4Cm QldzmgCCbAUxNWZRXi5Hhi6OK1ByP9c1baswbcfMtkH2uOKOT0VOLk7nsgt8W7d+ boWDdLhW0UbSQogFdtORRytN5+l8wcCRTJbTt14JabLOpgUzSBIn0wOgjmxoXq3k q4fqEGbImbNyeRqyeq5trYTkXy+rLywdaKSTtrVB0d9luolknEoYAKNxY06dG1KM Yw7IwI6O1pEYTT6aXCj+mNHBCYLBbp7rbw3dfvLxgxEqjVMJUL1K1xkMrVDSNerE 3R5CTnZoGE4TTrlow1hWYLWU/EIOKmCz3FOpAZSLvIF3S1OgggQVgwpSxxTa6PiL CvF0OBmTc5EoXPsbw8hrnYeUBAxed8w6647it3t9Ip7kV6KwSJND1vhUCHG6bG20 klxARNrucDmOMPa3GQtxsluiWSx/2aks0NKGjcuOQ2J0Hkl6+8IxKMddwhl7l1Zn YUrEn8DYy2EFqSctNi40ZBmRkRpg7kTQr4h6xDpXoCXAXnCPHxOGP3oyA0X3/Bqb ofx+v04i6yIqAiiLp6MGWTH78cqSZP8ETwmQav2gDyOKHbr9Erc= =w+Fk -----END PGP SIGNATURE-----