Accepted lrzip 0.631-1+deb9u2 (source) into oldoldstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 13 Apr 2022 13:13:13 +0200
Source: lrzip
Binary: lrzip
Architecture: source
Version: 0.631-1+deb9u2
Distribution: stretch-security
Urgency: high
Maintainer: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Changed-By: Sylvain Beucler <beuc@debian.org>
Description:
lrzip - compression program with a very high compression ratio
Closes: 888506 990583
Changes:
lrzip (0.631-1+deb9u2) stretch-security; urgency=high
.
* Non-maintainer upload by the LTS Security Team.
* CVE-2018-5786: there is an infinite loop and application hang in the
get_fileinfo function (lrzip.c). Remote attackers could leverage this
vulnerability to cause a denial of service via a crafted lrz file.
(closes: #888506)
* CVE-2020-25467: a null pointer dereference was discovered
lzo_decompress_buf in stream.c which allows an attacker to cause a
denial of service (DOS) via a crafted compressed file.
* CVE-2021-27345: a null pointer dereference was discovered in
ucompthread in stream.c which allows attackers to cause a denial of
service (DOS) via a crafted compressed file.
* CVE-2021-27347: use after free in lzma_decompress_buf function in
stream.c in allows attackers to cause Denial of Service (DoS) via a
crafted compressed file. (closes: #990583)
* CVE-2022-26291: lrzip was discovered to contain a multiple concurrency
use-after-free between the functions zpaq_decompress_buf() and
clear_rulist(). This vulnerability allows attackers to cause a Denial
of Service (DoS) via a crafted lrz file.
Checksums-Sha1:
db383f43e03fc2b5cd1257738e3086bd61fc1125 1831 lrzip_0.631-1+deb9u2.dsc
6b724891551ceba5e75e456c8269a2d0cb2fa60d 20784 lrzip_0.631-1+deb9u2.debian.tar.xz
07aa6875049a4d832ea0746422e8cebf2a2d6f1b 6022 lrzip_0.631-1+deb9u2_amd64.buildinfo
Checksums-Sha256:
cd4caccd50fa969c0f4a3f236e8c55f82f4ef48740ae6cd387e2f0770c9b6550 1831 lrzip_0.631-1+deb9u2.dsc
96d003e902db296122e26a4bb16f338cdef5810e591eab6b09afe9244db3ebe1 20784 lrzip_0.631-1+deb9u2.debian.tar.xz
98ac821d7f7746354a06a42b004833f207c651e068330ea336210a621f8ba780 6022 lrzip_0.631-1+deb9u2_amd64.buildinfo
Files:
01021b40cfa3bf8caafad6524e7d7231 1831 utils optional lrzip_0.631-1+deb9u2.dsc
6b2a23ef9ce460be73591301a92a6c1b 20784 utils optional lrzip_0.631-1+deb9u2.debian.tar.xz
3cb74271814630d6d5d5f02dba898f94 6022 utils optional lrzip_0.631-1+deb9u2_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE1vEOfV7HXWKqBieIDTl9HeUlXjAFAmJWtZoACgkQDTl9HeUl
XjC7nw//Wu5b9UHn/iObOpJ7UWuM8pMrnEbwQKua0C3HoPnKPpkJYgTAJ6M8Lixt
1xHDsVNPZQ/5HgrB1sDKRtbiZxo1sW2ZvnaPRvJeLDxHGNmZCL7gNFOUh/8xuIin
2JXw+IojDRsTJ8bMEdQGx4OPIuAiwV8MtkEq8VVm7Uge7eplyrsOAdjAlA1w8mCE
VUQH6viJzUv98Z3SoOp/Al5epZBKRqf4jLQodj1CF8bhJ2vW6DACt1IKCzlg/MiR
bkpmR4ayaaMpKUwCKvj+rye1QiwMQp82AlP1L9WzgikElY+Ag8v2NEgZMz8Sf/6R
6MFpRl3+V03rFzgLTc8wy3fx3palE/QcUppOXdiTpXrpFXnZNruHI6UXQlI09y64
QbPxQjF9qM45TmCLgsuospXSGVwv1eKyr8VwI4VagjUwimX0of1n2MPGHR33Wy5n
iSfFmyBOLwe2xTSvX0HPEEwK4hBeVQ8M/R84QhKABuMPliovCrK3S41tElbJThJ7
QoWzGbfx2xQNfTSAYTJ93+9snRTpPf7ek+1brNbm2zZ8OsqoJhFgrFirfCTvf6hU
LCxCYUXHhh2v1yztIqGnhbPAIIIwJUcYwHZW2bfst38zGdlOUM/WKQ+wjUGHuTIV
ciBstGEiPvn4Gi92wd835puDKlrJpoF30bl7zVqhkiKq7saZTlg=
=Z6j+
-----END PGP SIGNATURE-----