lrzip 0.631-1+deb9u3build0.18.04.1 source package in Ubuntu
Changelog
lrzip (0.631-1+deb9u3build0.18.04.1) bionic-security; urgency=medium
* fake sync from Debian
lrzip (0.631-1+deb9u3) stretch-security; urgency=medium
* Non-maintainer upload by the LTS Security Team.
* CVE-2022-28044: Resolve a potential heap corruption.
lrzip (0.631-1+deb9u2) stretch-security; urgency=high
* Non-maintainer upload by the LTS Security Team.
* CVE-2018-5786: there is an infinite loop and application hang in the
get_fileinfo function (lrzip.c). Remote attackers could leverage this
vulnerability to cause a denial of service via a crafted lrz file.
(closes: #888506)
* CVE-2020-25467: a null pointer dereference was discovered
lzo_decompress_buf in stream.c which allows an attacker to cause a
denial of service (DOS) via a crafted compressed file.
* CVE-2021-27345: a null pointer dereference was discovered in
ucompthread in stream.c which allows attackers to cause a denial of
service (DOS) via a crafted compressed file.
* CVE-2021-27347: use after free in lzma_decompress_buf function in
stream.c in allows attackers to cause Denial of Service (DoS) via a
crafted compressed file. (closes: #990583)
* CVE-2022-26291: lrzip was discovered to contain a multiple concurrency
use-after-free between the functions zpaq_decompress_buf() and
clear_rulist(). This vulnerability allows attackers to cause a Denial
of Service (DoS) via a crafted lrz file.
-- Amir Naseredini <email address hidden> Thu, 26 Jan 2023 10:47:32 +0000
Upload details
- Uploaded by:
- Amir Naseredini
- Uploaded to:
- Bionic
- Original maintainer:
- Laszlo Boszormenyi
- Architectures:
- any
- Section:
- utils
- Urgency:
- Very Urgent
See full publishing history Publishing
| Series | Published | Component | Section | |
|---|---|---|---|---|
| Bionic | updates | universe | utils | |
| Bionic | security | universe | utils |
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| lrzip_0.631.orig.tar.bz2 | 509.9 KiB | 0d11e268d0d72310d6d73a8ce6bb3d85e26de3f34d8a713055f3f25a77226455 |
| lrzip_0.631-1+deb9u3build0.18.04.1.debian.tar.xz | 20.8 KiB | f809d778b6685d7d4fe4adc3d086862c771761c7c2c8d63fc2739d3bbbf94c33 |
| lrzip_0.631-1+deb9u3build0.18.04.1.dsc | 1.7 KiB | 94ca39f2d8ffb673d8838d4fabe4fb2578f0ec4494049a0eb72440574533805a |
Available diffs
Binary packages built by this source
- lrzip: compression program with a very high compression ratio
A compression program that can achieve very high compression
ratios and speed when used with large files. It uses the combined
compression algorithms of zpaq and lzma for maximum compression, lzo
for maximum speed, and the long range redundancy reduction of rzip.
It is designed to scale with increases with RAM size, improving
compression further. A choice of either size or speed optimizations
allows for either better compression than even lzma can provide, or
better speed than gzip, but with bzip2 sized compression levels.
- lrzip-dbgsym: debug symbols for lrzip
