-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5145-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff May 24, 2022 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : lrzip CVE ID : CVE-2018-5786 CVE-2022-26291 CVE-2022-28044 Multiple vulnerabilities have been discovered in the lrzip compression program which could result in denial of service or potentially the execution of arbitrary code. For the oldstable distribution (buster), these problems have been fixed in version 0.631+git180528-1+deb10u1. This update also addresses CVE-2021-27345, CVE-2020-25467 and CVE-2021-27347. For the stable distribution (bullseye), these problems have been fixed in version 0.641-1+deb11u1. We recommend that you upgrade your lrzip packages. For the detailed security status of lrzip please refer to its security tracker page at: https://security-tracker.debian.org/tracker/lrzip Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmKNGTcACgkQEMKTtsN8 TjazGRAApfFESYp0z9yJHmiF/rqBm2bJGh1UH0/Zv97a1fpFyCwAQHseA5r6p3Ky gl9339yuiU6E2lSNeMp+hsO2YP8CCW9hmhfQoAZSwcyp/997Fz0jQ1oSdti4rDV2 LpxhA1sjw8xuA2jaS2078Hkwf0t6TbhG8RR0w178NCK9QrKgR1mJ23Pgna7ZH3Wa r4JmYRpS09aKJbO0k4FrWjDsneTLszob++TvYerYXpU/lkW+Xjx+8NLL5VGfn5W8 qT0yk1Wcl9eOU1QbsSgM897ntcvce4xcSrb/I3VYuLX1piFfu9qTdXknn07MKimt 3C57lxkSRv/P6n6UNsVdKrnapxyfTXVwDkNI16VrSUTN4t2Ro5Rt/RX6mZip80dG WdbeC/FiP+9JiwW6x9P8f1jnDhx0bGry/EcWAvLBLw0IyytD3teV7q98zsQcLPOZ Bkr2kR6xJGhIDHdhzgYHONJccK5y14tPTeamM5BFVGC8he5zBBSZdryAAaAwwoW/ F4gkSt3+5d3gE2Dp3zrjNWNlM/72mz4iUGew9ob5DN6j9v47ZWn39Va3g1pS0BWg dzTDjZlYRi5THRG/1myz6/6WfGS5yMP14P4tk94c8VamdFocMtbIaYUKA/P4vv6u SqKLOu7PGcJW5pLL4qxk24Uj+4V0BG3OihZfnfiGCfGxYrVBRvU= =bEKA -----END PGP SIGNATURE-----