Back to lrzip PTS page

Accepted lrzip 0.631+git180517-1 (source amd64) into unstable

To: debian-devel-changes@lists.debian.org
Subject: Accepted lrzip 0.631+git180517-1 (source amd64) into unstable
From: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Date: Thu, 17 May 2018 18:10:21 +0000
Mail-followup-to: debian-devel@lists.debian.org
Message-id: <E1fJNM5-000Dbx-BC@fasolo.debian.org>
Reply-to: debian-devel@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 17 May 2018 15:42:06 +0000
Source: lrzip
Binary: lrzip
Architecture: source amd64
Version: 0.631+git180517-1
Distribution: unstable
Urgency: high
Maintainer: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Changed-By: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Description:
 lrzip      - compression program with a very high compression ratio
Closes: 863145 863150 863151 863153 863155 863156 866020 866022 887065 888506 897645 898451
Changes:
 lrzip (0.631+git180517-1) unstable; urgency=high
 .
   * Git snapshot release to fix security issues:
     - CVE-2017-8842: divide-by-zero in bufRead::get() (closes: #863156),
     - CVE-2017-8843: NULL pointer dereference in join_pthread()
       (closes: #863155),
     - CVE-2017-8844: heap-based buffer overflow write in read_1g()
       (closes: #863153),
     - CVE-2017-8845: invalid memory read in lzo_decompress_buf()
       (closes: #863151),
     - CVE-2017-8846: use-after-free in read_stream() (closes: #863150),
     - CVE-2017-8847: NULL pointer dereference in bufRead::get()
       (closes: #863145),
     - CVE-2017-9928: stack buffer overflow in get_fileinfo() (closes: #866022),
     - CVE-2017-9929: another stack buffer overflow in get_fileinfo()
       (closes: #866020),
     - CVE-2018-5650: infinite loop from crafted/corrupt archive in
       unzip_match() (closes: #887065),
     - CVE-2018-5747: use-after-free in ucompthread() (closes: #898451),
     - CVE-2018-5786: infinite loop in get_fileinfo() (closes: #888506),
     - CVE-2018-9058: infinite loop in runzip_fd() ,
     - CVE-2018-10685: use-after-free in lzma_decompress_buf()
       (closes: #897645).
   * Update homepage location.
   * Update debhelper level to 11:
     - don't need dh_installman anymore,
     - remove dh-autoreconf build dependency,
     - remove autotools-dev build dependency.
   * Update Standards-Version to 4.1.4 .
Checksums-Sha1:
 55c93759cf16e87ae9d56738e982f07396de915c 1833 lrzip_0.631+git180517-1.dsc
 49d52bb9edc1524469d618cbe867560c8d704060 200660 lrzip_0.631+git180517.orig.tar.xz
 3fbd5121440aee6c9a26fe2e53c0a7e42f095781 7688 lrzip_0.631+git180517-1.debian.tar.xz
 8ac6130b8ceea862a54b253ffc17ebfc79b0cdb2 606280 lrzip-dbgsym_0.631+git180517-1_amd64.deb
 f79257b587a3fe3594f79400906d19018b352df5 6826 lrzip_0.631+git180517-1_amd64.buildinfo
 c10d6d80eaba467bd8472a836ee192dae21edf17 258876 lrzip_0.631+git180517-1_amd64.deb
Checksums-Sha256:
 18876a30fba64e3e5730a4ecf55687b762d50629a6c7dac52273cfb028b1ec3b 1833 lrzip_0.631+git180517-1.dsc
 9e96b797efb4e908a2412c4e287fd42e766def638e8126cd306397d572a176ef 200660 lrzip_0.631+git180517.orig.tar.xz
 176d38dd20bc9335562b1102d9c907f8bc33922ba07b9dada2461da73fc64c28 7688 lrzip_0.631+git180517-1.debian.tar.xz
 e58240fcd0eef1f3f7738b35ac6c81722f0b805b1e7639100a42ba3b335bd174 606280 lrzip-dbgsym_0.631+git180517-1_amd64.deb
 748dfdf17c6cc651a9a97116429615bf4fbc2449c41bac4b57ccd1ccf9c1453e 6826 lrzip_0.631+git180517-1_amd64.buildinfo
 0cd786cf86077e91fba4fc4944ea987643bb98459fa9f76a73ff9c5fd09a146b 258876 lrzip_0.631+git180517-1_amd64.deb
Files:
 e9c146c5bc64bebe67a2ae4599ffbf49 1833 utils optional lrzip_0.631+git180517-1.dsc
 cd554ed96a3e4a4d02231df70879b842 200660 utils optional lrzip_0.631+git180517.orig.tar.xz
 0e8c44a78604f83544d5f6a0ef79485a 7688 utils optional lrzip_0.631+git180517-1.debian.tar.xz
 32e3570a65a39477911f384fedae8dc1 606280 debug optional lrzip-dbgsym_0.631+git180517-1_amd64.deb
 4ed5c1db1b8ab0a27fa4b84ebbfe3aa8 6826 utils optional lrzip_0.631+git180517-1_amd64.buildinfo
 04db0b66b329ea490835728f5244be53 258876 utils optional lrzip_0.631+git180517-1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEfYh9yLp7u6e4NeO63OMQ54ZMyL8FAlr9wB8ACgkQ3OMQ54ZM
yL90exAAkBIFwgAn2LJ58/BKFZ5jhndecOTJFQhWJ4G+N/ucDsp7Kf6S9h3DyxFJ
EH5DHVFD07psF1ieGAieEvg58NpO6Nf7HAFFwtJdnoZ60p2LUe160Dum6sWdVTm7
gAxJdxoIXKVUy43wRbrMgGHfkq+QoS04VLrxEND+UW1i1Vkb6cOgZXhVbcMhPEfb
pFoWNJtRT3WdEcIOgx8YFh2uaeFXMdcEWnda/OD5JDF4Wu2se53PLRJ2zj7GNtVb
BNpPcyoTuOusxe965RNFzubIBrBchpJz8EtacdLt9lTZBY8VmKGnktR3ocIsLNIm
f6LqxYbyWlyMBJo/QkIZ/DiQLFxNGzk5O5SARGMd1CduqTzj3sQyyXbQJuoO5VTy
yxjBevSuCTx3LYJaE5H5zKvDhmfnDYioD1NGMho0SN3m3K8A1H/UjNhrgMmb44Ip
5buadpsgH4vZJ6RAe+uwuxjp9sj4/P9LLV+PY3xy1fregQPUxuOQVcdcEtzCJd4N
+PHyZxAQOnH11BUj8WaAyyRK4JtrlqLQwm1EkjVCOAc55Z0FzM6VxwBAo/IkYvt1
VOWz20STbPoDycahnygADU57KBdQEm+X3FkTS2LKKXJSd3j/go2zG274ihqjaFQJ
BNDnbJVx0UIrapmUHva7Dfu+WbCHScRRGWfGj0OtVG9dwKMGunw=
=HAH8
-----END PGP SIGNATURE-----