-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 13 May 2022 19:39:31 -0400 Source: lrzip Binary: lrzip lrzip-dbgsym Architecture: s390x Version: 0.641-1+deb11u1 Distribution: bullseye-security Urgency: high Maintainer: s390x Build Daemon (zandonai) Changed-By: Stefano Rivera Description: lrzip - compression program with a very high compression ratio Changes: lrzip (0.641-1+deb11u1) bullseye-security; urgency=high . * Non-maintainer upload by the Security Team. * Security updates: Two issues that allow remote attackers to cause a denial of service via a crafted lrz file: - CVE-2018-5786: Resolve a potential infinite loop and application hang in the get_fileinfo function. - CVE-2022-26291: Resolve a multiple concurrency use-after-free between the functions zpaq_decompress_buf() and clear_rulist(). A memory corruption issue: - CVE-2022-28044: Resolve a potential heap corruption. Checksums-Sha1: 9587e6c570bc1615411ecd4c0f625dbff30cdace 803016 lrzip-dbgsym_0.641-1+deb11u1_s390x.deb 736b83542320a28916630806b546f78255f47fc8 5972 lrzip_0.641-1+deb11u1_s390x-buildd.buildinfo 918db4b9867ef5d75b520c5b37bd3f85b63d8a35 249892 lrzip_0.641-1+deb11u1_s390x.deb Checksums-Sha256: 7b2bf7ac5aeb32c9d86a7a51c133893f3429d6e7e12a4d5eaeccab73aec7ceb2 803016 lrzip-dbgsym_0.641-1+deb11u1_s390x.deb 9ccab4479f8e3c1beec0fadc51a94bb8ae00f8a06b840ffb7b32360c2041c7d1 5972 lrzip_0.641-1+deb11u1_s390x-buildd.buildinfo ddbb766886dbe68a5e9d2af62aa967bdbd463dadcd28c45f6f77a4bb80aec719 249892 lrzip_0.641-1+deb11u1_s390x.deb Files: 798b838065044afba9b0d36a9bb85464 803016 debug optional lrzip-dbgsym_0.641-1+deb11u1_s390x.deb dd0ab6ee6485a35a697b16eb70d58d17 5972 utils optional lrzip_0.641-1+deb11u1_s390x-buildd.buildinfo 587558c321af9053933c5b8306a873f8 249892 utils optional lrzip_0.641-1+deb11u1_s390x.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEEwflLi3dfm21PN8mA0zNy/MAOYMFAmKH9EoACgkQA0zNy/MA OYMKnw/9H9Qba3GAyBxHZzsiaTBmptvphB6FT43DNdlACR8w52dvtZ16ifn8jyVd mUaaobpOeKuRENpJUBxNIn9LNP3vqJqTxVYKfxyqWe4T80QoiGy4LeFEoGmuwGRq V8UWs2u4mFwCRxCTikhn4DFCceXIvwfXJsE98I0PLPZ2Q56XGamSyTz/bkPsA3Td Oma1cnBeaxtujH3p/RmlU/sjMTmuZ/NgnZA3bapRKsk2CL/moDRH07+C1y3X67DG QMUxhihICS9v8S3nzMRktrTxQpLFrjwSmERVevKUE5TCqSK3VQvx0F857OHF98J0 7kvaKBO/gv8InTKbl8JGq8lKqPaXLBDm100rTUu0CY8ETXayuM5LPxVVUUuN3u53 Fvlt0/dGqV1X1rqe09sxysP+TwNYlhr00T99WvTKIpzkXqLU7HLOVAQ5EOyEdif4 fZmDrvScMfkBSB+5HNPQP69V7CVPecq9W97ZDEW3bF5AhBCFwsXUw2mgWt+FPUfV opYaEX7a9O5ah3KJt7Zqzr26Rj1YHfYc35VokONLMCbGdbmYbm1Rlx46y1Y0j11n uHY4lNteQ+OHl9N7EsZ9Mfb6O0DMfZayVseuVnfcdkKN0Pj1XWcAX5KHguChySKX m2GsNo3UpPxgnaE3pNMhSAS1MFWtTNFEAtgqtqOyfQO0QAv/lco= =SzCM -----END PGP SIGNATURE-----