diff options
| author | Moritz Mühlenhoff <jmm@debian.org> | 2022-05-24 19:32:42 +0200 |
|---|---|---|
| committer | Moritz Mühlenhoff <jmm@debian.org> | 2022-05-24 19:32:42 +0200 |
| commit | 1f4572685eb0b9793f5660606cd2fd78b5e6fd5d (patch) | |
| tree | c2b357950eef38c88cda13bafef503af6ca9e995 | |
| parent | 07a81f3a4b85b253dff30fdc8a2a9bd1e7293107 (diff) | |
lrzip DSA
| -rw-r--r-- | data/CVE/list | 8 | ||||
| -rw-r--r-- | data/DSA/list | 4 |
2 files changed, 7 insertions, 5 deletions
diff --git a/data/CVE/list b/data/CVE/list index 9b2d3f23ba..4f734a3c07 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -1,4 +1,3 @@ - CVE-2022-31598 RESERVED CVE-2022-31597 @@ -14806,8 +14805,6 @@ CVE-2022-26292 CVE-2022-26291 (lrzip v0.641 was discovered to contain a multiple concurrency use-afte ...) {DLA-2981-1} - lrzip 0.650-1 - [bullseye] - lrzip <no-dsa> (Minor issue) - [buster] - lrzip <no-dsa> (Minor issue) NOTE: https://github.com/ckolivas/lrzip/issues/206 NOTE: https://github.com/ckolivas/lrzip/commit/4b3942103b57c639c8e0f31d6d5fd7bac53bbdf4 (v0.650) NOTE: clear_rulist() introduced by CVE-2021-27345+CVE-2021-27347 fix @@ -81066,6 +81063,7 @@ CVE-2021-27348 CVE-2021-27347 (Use after free in lzma_decompress_buf function in stream.c in Irzip 0. ...) {DLA-2981-1} - lrzip 0.640-1 (unimportant; bug #990583) + [buster] - lrzip 0.631+git180528-1+deb10u1 NOTE: https://github.com/ckolivas/lrzip/issues/165 NOTE: https://github.com/ckolivas/lrzip/commit/be884d09e09b00fbddd31b75dc1f4736d72006a8 (v0.640) NOTE: Crash in CLI tool, no security impact @@ -81075,6 +81073,7 @@ CVE-2021-27346 CVE-2021-27345 (A null pointer dereference was discovered in ucompthread in stream.c i ...) {DLA-2981-1} - lrzip 0.640-1 (unimportant) + [buster] - lrzip 0.631+git180528-1+deb10u1 NOTE: https://github.com/ckolivas/lrzip/issues/164 NOTE: https://github.com/ckolivas/lrzip/commit/be884d09e09b00fbddd31b75dc1f4736d72006a8 (v0.640) NOTE: Crash in CLI tool, no security impact @@ -117627,6 +117626,7 @@ CVE-2020-25468 CVE-2020-25467 (A null pointer dereference was discovered lzo_decompress_buf in stream ...) {DLA-2981-1} - lrzip 0.640-1 + [buster] - lrzip 0.631+git180528-1+deb10u1 NOTE: https://bugs.launchpad.net/ubuntu/+source/lrzip/+bug/1893641 NOTE: https://github.com/ckolivas/lrzip/issues/163 NOTE: https://github.com/ckolivas/lrzip/commit/e74a11c21bb89d1f48632d8a08f6d66eee923a80 (v0.640) @@ -276685,8 +276685,6 @@ CVE-2017-18044 (A Command Injection issue was discovered in ContentStore/Base/CV CVE-2018-5786 (In Long Range Zip (aka lrzip) 0.631, there is an infinite loop and app ...) {DLA-2981-1} - lrzip 0.651-2 (bug #888506) - [bullseye] - lrzip <no-dsa> (Minor issue) - [buster] - lrzip <no-dsa> (Minor issue) [jessie] - lrzip <no-dsa> (Minor issue) [wheezy] - lrzip <no-dsa> (Minor issue) NOTE: https://github.com/ckolivas/lrzip/issues/91 diff --git a/data/DSA/list b/data/DSA/list index c0cf5729b0..6c238bd6c4 100644 --- a/data/DSA/list +++ b/data/DSA/list @@ -1,3 +1,7 @@ +[24 May 2022] DSA-5145-1 lrzip - security update + {CVE-2018-5786 CVE-2022-26291 CVE-2022-28044} + [buster] - lrzip 0.631+git180528-1+deb10u1 + [bullseye] - lrzip 0.641-1+deb11u1 [22 May 2022] DSA-5144-1 condor - security update {CVE-2019-18823 CVE-2022-26110} [buster] - condor 8.6.8~dfsg.1-2+deb10u1 |