-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 13 May 2022 19:39:31 -0400 Source: lrzip Binary: lrzip lrzip-dbgsym Architecture: amd64 Version: 0.641-1+deb11u1 Distribution: bullseye-security Urgency: high Maintainer: amd64 / i386 Build Daemon (x86-ubc-01) Changed-By: Stefano Rivera Description: lrzip - compression program with a very high compression ratio Changes: lrzip (0.641-1+deb11u1) bullseye-security; urgency=high . * Non-maintainer upload by the Security Team. * Security updates: Two issues that allow remote attackers to cause a denial of service via a crafted lrz file: - CVE-2018-5786: Resolve a potential infinite loop and application hang in the get_fileinfo function. - CVE-2022-26291: Resolve a multiple concurrency use-after-free between the functions zpaq_decompress_buf() and clear_rulist(). A memory corruption issue: - CVE-2022-28044: Resolve a potential heap corruption. Checksums-Sha1: 3fd86ed28a1f4f8e16bf872e521004ef18652a61 790768 lrzip-dbgsym_0.641-1+deb11u1_amd64.deb 68fb3fd146502e2b7a996273616535a5c8935f10 6052 lrzip_0.641-1+deb11u1_amd64-buildd.buildinfo 0114b7cb516cd048d706ba28e53f63559bf04b1e 262600 lrzip_0.641-1+deb11u1_amd64.deb Checksums-Sha256: 0b79f23c5595355281d7f12081c2f8f4a1d49ddd433fe0077ff471d9c51e7115 790768 lrzip-dbgsym_0.641-1+deb11u1_amd64.deb 80c646519ba3b7e0d72483995b79791f1ca6333ac4ff192528700c20d518384d 6052 lrzip_0.641-1+deb11u1_amd64-buildd.buildinfo e8a5bb2e698fb28d5c0dec614728b622ca130723bd032c0a5e256b7f7e535a18 262600 lrzip_0.641-1+deb11u1_amd64.deb Files: 73bae7e78a8ad17129d7aa50637c0f8c 790768 debug optional lrzip-dbgsym_0.641-1+deb11u1_amd64.deb 8cb0768dc667e9dc8dcd19fef96d41b7 6052 utils optional lrzip_0.641-1+deb11u1_amd64-buildd.buildinfo 91f250d76f71396b9747a3507fbffae6 262600 utils optional lrzip_0.641-1+deb11u1_amd64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEVvgiDm0iTi84B8TiOTy2rP5qAaMFAmKH9AwACgkQOTy2rP5q AaMUUw/8CUuYgJ9KLBJTgxLdRRo7x3nR8y/DadVBF0xTSJ+0Oz2f3P2c5yWLq9Y1 yXtDAodDiR0T9XQ6M1EGdpPqGwths8kFTw5bdQhrbSlJLC4hkdFZBfLPTk/EF8qO e6M3hSkfK7YDa35Wht2lykH1Mx3/sAlarwqOAMeZDHWsPLKwziCB4Bg5VAaJqeQd E2+pVL0QY0W67Srb0SMBimAPa59hymEfI8A77PulsNnt6JgPVGiKzCnCeqummOv5 G8sSb7y5sqQNav29k9aDIGRLufSWDbjH6eKbDQQz2YeD2g5xE+j9KjgPYu9JkEwE pINftaZfrRmhA4Jo6ucVC2IAhSerXgjd73IjdAIoFF9fl3GJdED4hH4mI8OsiYPo aisFqkMLXL+YBJo8VuC5aoeij85t96NRVqs3gmVM+YwC6wPIDckp3vI1ixSvvKdo 5YZGqK/8FVzvVKeVjGH2MDzGqHbbyz4wFj3FOY1kBFxW3y3TS7MHKzXYSXrkqPcN +gpjLGoCAy9y//McDGvxERMqvFWfiwUR7ySrjAuWLDlpnZWE7JyIbl2S6g5jgvrK 2w07sLl7w5M5tiVEHAYuM5lHoDP8FHDwFVV7eXZ0KsP0z0Fp9XQQA96gw/9rcPbF vVZLSjFojPJ6I0su3/VExZfXFP6p6P7kV8OPV3UumaX3Jnxt7vI= =5J7M -----END PGP SIGNATURE-----