-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 13 May 2022 19:39:31 -0400 Source: lrzip Architecture: source Version: 0.641-1+deb11u1 Distribution: bullseye-security Urgency: high Maintainer: Laszlo Boszormenyi (GCS) Changed-By: Stefano Rivera Changes: lrzip (0.641-1+deb11u1) bullseye-security; urgency=high . * Non-maintainer upload by the Security Team. * Security updates: Two issues that allow remote attackers to cause a denial of service via a crafted lrz file: - CVE-2018-5786: Resolve a potential infinite loop and application hang in the get_fileinfo function. - CVE-2022-26291: Resolve a multiple concurrency use-after-free between the functions zpaq_decompress_buf() and clear_rulist(). A memory corruption issue: - CVE-2022-28044: Resolve a potential heap corruption. Checksums-Sha1: 38a67591f0845f9d9674fa7e17117a3d58ec031c 1236 lrzip_0.641-1+deb11u1.dsc c8c070e206b8ecf707c15406689355344ebb2f67 262761 lrzip_0.641.orig.tar.gz 2a0a5e268e29c25c34687b887f66e5dbe99a1700 9664 lrzip_0.641-1+deb11u1.debian.tar.xz 2bc1658c6c8a9e2f5c4a6f4437a07eab9d11e731 5247 lrzip_0.641-1+deb11u1_source.buildinfo Checksums-Sha256: 251d7265feca46adc383f312ef0287b6c38bcc0cd516038261a1e2b9aaa30410 1236 lrzip_0.641-1+deb11u1.dsc 9b6b4bb1ae76dafbaab96ec9d50d41af5fed45a6c4f2e06feea828c2cd8025c0 262761 lrzip_0.641.orig.tar.gz a9c78824c082abf5c230abcf0947fdaa839258b7e0d869cfc772f9e2bc71c79c 9664 lrzip_0.641-1+deb11u1.debian.tar.xz 006723ca8799c86175cacdb670bfcf63246acb7bde23b7f8138a0b0ea5e392fb 5247 lrzip_0.641-1+deb11u1_source.buildinfo Files: 9ed69c38d49b44abeeee77e17eae8fa0 1236 utils optional lrzip_0.641-1+deb11u1.dsc 91f15333c4df7dc848d241d8470fb7c0 262761 utils optional lrzip_0.641.orig.tar.gz dc610d6c51d0b2d7a5fa4744f6720a36 9664 utils optional lrzip_0.641-1+deb11u1.debian.tar.xz 3a906e4fff5b8e7a2348cef1df62de4d 5247 utils optional lrzip_0.641-1+deb11u1_source.buildinfo -----BEGIN PGP SIGNATURE----- iIoEARYKADIWIQTumtb5BSD6EfafSCRHew2wJjpU2AUCYofuVxQcc3RlZmFub3JA ZGViaWFuLm9yZwAKCRBHew2wJjpU2PvxAQDjrBElKxlDVbTWNPWmkw/we3MCVf6T 02Lo4z1B1CGfYwD/Ry4WxxIfsCeDqzXRjJ2gSZ24Fs8hQxH+o57B3FBiugs= =+RHb -----END PGP SIGNATURE-----