[ubuntu/bionic-security] lrzip 0.631-1+deb9u3build0.18.04.1 (Accepted)
Amir Naseredini
amir.naseredini at canonical.com
Thu Feb 2 12:26:10 UTC 2023
lrzip (0.631-1+deb9u3build0.18.04.1) bionic-security; urgency=medium
* fake sync from Debian
lrzip (0.631-1+deb9u3) stretch-security; urgency=medium
* Non-maintainer upload by the LTS Security Team.
* CVE-2022-28044: Resolve a potential heap corruption.
lrzip (0.631-1+deb9u2) stretch-security; urgency=high
* Non-maintainer upload by the LTS Security Team.
* CVE-2018-5786: there is an infinite loop and application hang in the
get_fileinfo function (lrzip.c). Remote attackers could leverage this
vulnerability to cause a denial of service via a crafted lrz file.
(closes: #888506)
* CVE-2020-25467: a null pointer dereference was discovered
lzo_decompress_buf in stream.c which allows an attacker to cause a
denial of service (DOS) via a crafted compressed file.
* CVE-2021-27345: a null pointer dereference was discovered in
ucompthread in stream.c which allows attackers to cause a denial of
service (DOS) via a crafted compressed file.
* CVE-2021-27347: use after free in lzma_decompress_buf function in
stream.c in allows attackers to cause Denial of Service (DoS) via a
crafted compressed file. (closes: #990583)
* CVE-2022-26291: lrzip was discovered to contain a multiple concurrency
use-after-free between the functions zpaq_decompress_buf() and
clear_rulist(). This vulnerability allows attackers to cause a Denial
of Service (DoS) via a crafted lrz file.
Date: 2023-02-01 16:12:15.001720+00:00
Changed-By: Amir Naseredini <amir.naseredini at canonical.com>
Maintainer: Laszlo Boszormenyi <gcs at debian.org>
https://launchpad.net/ubuntu/+source/lrzip/0.631-1+deb9u3build0.18.04.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Bionic-changes
mailing list