-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4919-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso May 21, 2021 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : lz4 CVE ID : CVE-2021-3520 Debian Bug : 987856 Jasper Lievisse Adriaanse reported an integer overflow flaw in lz4, a fast LZ compression algorithm library, resulting in memory corruption. For the stable distribution (buster), this problem has been fixed in version 1.8.3-1+deb10u1. We recommend that you upgrade your lz4 packages. For the detailed security status of lz4 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/lz4 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmCnrLxfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0Qs8Q/7B2cSOJauVyaBvOcOY0CVy1C4LjzD+FMhizy/9WOnOTeSzCEstoZPN0j5 Cw1kVqvkyQvzGIy6lcOpeR9FiWGvAzdW28tWh2e7iCgRnUynIFt9o4kAYet/flNA 0t+QQbSwMgTX0mMCkcqToZxcRpnjCNmrmfu459qGw0zrKQ7uhgjA0QrcTQhVpr4p Xj7NeCS7303ZjV5D+UwdEnYM/vGFNWSAQ0o9veWFwj4+K+AkgwzyeZL3ghAEsS2L WFpX/cMg2WuaEQtA2y6y9UsUPh8hQLN5P6MRnmZoWWXQXrpLOkSN7/rmK1GCeHRJ qc8V1HF6yIPYhpFt+GZJvwc/hnjRYXzvv7k4AtQCCPDTrKbAfwpiPYFdvdrXGfqi 2wy3WdoAQbnRbIujbSBw1NI75tzJm2aAgl6NZ3TrmZ1proNJzWDwvrqGNYPtn6vn xYAZcGeH5JXmXRngfXbQLOXTapniBknaY+c6Eq/LE9WNn169hlfr/OxXwAesTycS skKvWIr6c5pyF9ZGg6FcvWqMI/Hl6zDW1sl5dVlj/o2eQrN6i2zIlhFdSiEVU2UX A1sE4cxEiA0eoZJBg8rdg6A9Ck4MoLuEKVz0HuYsj18+VDAtOz2bvBOLMr3EgV3k AC2Gi1HReVMBihewrnMtiIqu1ZxYVPCkvpKvyzD1R0IxNJofLWE= =+5P6 -----END PGP SIGNATURE-----