-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 13 May 2022 19:39:31 -0400 Source: lrzip Binary: lrzip lrzip-dbgsym Architecture: i386 Version: 0.641-1+deb11u1 Distribution: bullseye-security Urgency: high Maintainer: i386 Build Daemon (x86-grnet-01) Changed-By: Stefano Rivera Description: lrzip - compression program with a very high compression ratio Changes: lrzip (0.641-1+deb11u1) bullseye-security; urgency=high . * Non-maintainer upload by the Security Team. * Security updates: Two issues that allow remote attackers to cause a denial of service via a crafted lrz file: - CVE-2018-5786: Resolve a potential infinite loop and application hang in the get_fileinfo function. - CVE-2022-26291: Resolve a multiple concurrency use-after-free between the functions zpaq_decompress_buf() and clear_rulist(). A memory corruption issue: - CVE-2022-28044: Resolve a potential heap corruption. Checksums-Sha1: 2fe1a346787be97b2030b182ac9c9d972ed467de 682464 lrzip-dbgsym_0.641-1+deb11u1_i386.deb 556f4d604bc7cb9b57fe665109914555bfbdc212 6007 lrzip_0.641-1+deb11u1_i386-buildd.buildinfo 16b351befa563fd1d6938ae0fec0f2dece0f1735 280692 lrzip_0.641-1+deb11u1_i386.deb Checksums-Sha256: 32a15830c99f1637efd15592521a71ca9688405a639d562e47c6bdeb4c07f213 682464 lrzip-dbgsym_0.641-1+deb11u1_i386.deb 3d70d2d38445d4c6eeba05e3d57bd0f53c0072c0532f007125d7371586688dfd 6007 lrzip_0.641-1+deb11u1_i386-buildd.buildinfo a3139e75276500bb9dd35137055b9ba01dc9b00ea8742eb836732711803ff17d 280692 lrzip_0.641-1+deb11u1_i386.deb Files: 03eaa483d3fde0c57a1a6e8c4dc21cbd 682464 debug optional lrzip-dbgsym_0.641-1+deb11u1_i386.deb cfede58d04ca21a78ecc0da24a45421d 6007 utils optional lrzip_0.641-1+deb11u1_i386-buildd.buildinfo 229b5c0de28651a9e8496a1da11c9066 280692 utils optional lrzip_0.641-1+deb11u1_i386.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEZ+kjGN6s2Ioxmya1SqddLxw5rsoFAmKH89QACgkQSqddLxw5 rso+YQ//dCDSRYHkbWVpnFE7AmtHJ+SqB5uoGnvCmU+ZBWnH7UOphrk1N73T+mMS 16pqw/ob/xrhuyCgG88s9JxUBHBMXTlkUHiuJmHNBP1LN/XQ+J3jZCn+eIhi6Qt/ IovJcd34F7JTxhjrwuEDQfsw3UZJF+gHTIv9u4vbZy2x7YxmQYHKolztltjM9+A1 cuEipdz9CugaJ23aixxPuVeFMvPLz9w8oiVGIHB80si7mNie42NWdFBQDOISrhfJ LY9a43HgrTAe6BF6JZ1V9w/8HLlsUXDsQkzjdo7VAXSndQV2T/j5M2vfDFJc6+EP eGidbqTzkaYfU2M9Rtv7dmw3KqYJXPIR7MMarfy67ma2BH8gW6UFPqqfN/mkbQa/ z4bG5uOgdp9lYr1iIydz+uKmIWJ01TZ8UP0NT33FJRwhzrpoO0mqXPJt4g55H2pK yK8TCO16sIB+B0+I2STcgjrT+cTXG+gYt8jyRJV8s+JpZne746rPbBVV0mqFZSqe EVLJW9IxMSqwCwHnsK2PABha87K0h8WV/g8hfdsnuWwh5a7Adwtrm0O5xi17bW1+ 60mMLNCysAD0DvLLeBa/O9uSLVF3OBgBztx/12cFsnTEikzVlql1MzdKLcWwhgBv /eeP9QA3hp94Qn51o+yeaHDXZjP7eStUtp7ov2ivAqj0QQ02SV0= =8juL -----END PGP SIGNATURE-----