[ubuntu/oracular-security] xz-utils 5.6.2-2ubuntu0.2 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Thu Apr 3 17:28:59 UTC 2025
xz-utils (5.6.2-2ubuntu0.2) oracular-security; urgency=medium
* SECURITY UPDATE: issue in threaded .xz decoder
- debian/patches/CVE-2025-31115-1.patch: fix a comment in
src/liblzma/common/stream_decoder_mt.c.
- debian/patches/CVE-2025-31115-2.patch: simplify by removing the
THR_STOP state in src/liblzma/common/stream_decoder_mt.c.
- debian/patches/CVE-2025-31115-3.patch: don't free the input buffer
too early in src/liblzma/common/stream_decoder_mt.c.
- debian/patches/CVE-2025-31115-4.patch: don't modify thr->in_size in
the worker thread in src/liblzma/common/stream_decoder_mt.c.
- CVE-2025-31115
Date: 2025-04-03 14:19:20.960881+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/xz-utils/5.6.2-2ubuntu0.2
-------------- next part --------------
Sorry, changesfile not available.
More information about the oracular-changes
mailing list