xz-utils 5.6.2-2ubuntu0.2 source package in Ubuntu
Changelog
xz-utils (5.6.2-2ubuntu0.2) oracular-security; urgency=medium
* SECURITY UPDATE: issue in threaded .xz decoder
- debian/patches/CVE-2025-31115-1.patch: fix a comment in
src/liblzma/common/stream_decoder_mt.c.
- debian/patches/CVE-2025-31115-2.patch: simplify by removing the
THR_STOP state in src/liblzma/common/stream_decoder_mt.c.
- debian/patches/CVE-2025-31115-3.patch: don't free the input buffer
too early in src/liblzma/common/stream_decoder_mt.c.
- debian/patches/CVE-2025-31115-4.patch: don't modify thr->in_size in
the worker thread in src/liblzma/common/stream_decoder_mt.c.
- CVE-2025-31115
-- Marc Deslauriers <email address hidden> Mon, 31 Mar 2025 14:21:51 -0400
Upload details
- Uploaded by:
- Marc Deslauriers
- Uploaded to:
- Oracular
- Original maintainer:
- Ubuntu Developers
- Architectures:
- any all
- Section:
- utils
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section | |
|---|---|---|---|---|
| Oracular | updates | main | utils | |
| Oracular | security | main | utils |
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| xz-utils_5.6.2.orig.tar.xz | 1.2 MiB | a9db3bb3d64e248a0fae963f8fb6ba851a26ba1822e504dc0efd18a80c626caf |
| xz-utils_5.6.2.orig.tar.xz.asc | 833 bytes | 297c242cb55ae70242e8773ee8099c6561b9d8a49dab3b3cfccb33465c108e20 |
| xz-utils_5.6.2-2ubuntu0.2.debian.tar.xz | 27.4 KiB | 82510c93562efea0a810723b20866fbe099f407bda36aab3069f051f64582fb8 |
| xz-utils_5.6.2-2ubuntu0.2.dsc | 2.8 KiB | f13cf72353f1be0dc9a97d616d0caf98c614bf22e961162eab962a8a7eb93a46 |
Available diffs
Binary packages built by this source
- liblzma-dev: XZ-format compression library - development files
XZ is the successor to the Lempel-
Ziv/Markov- chain Algorithm
compression format, which provides memory-hungry but powerful
compression (often better than bzip2) and fast, easy decompression.
.
The native format of liblzma is XZ; it also supports raw (headerless)
streams and the older LZMA format used by lzma. (For 7-Zip's related
format, use the p7zip package instead.) This package provides the
development library needed to build programs using liblzma.
- liblzma-doc: XZ-format compression library - API documentation
This package contains a reference manual for the liblzma data
compression library, in Doxygen-generated HTML files. The purpose
of each struct, macro, and function in the public interface is
explained.
- liblzma5: XZ-format compression library
XZ is the successor to the Lempel-
Ziv/Markov- chain Algorithm
compression format, which provides memory-hungry but powerful
compression (often better than bzip2) and fast, easy decompression.
.
The native format of liblzma is XZ; it also supports raw (headerless)
streams and the older LZMA format used by lzma. (For 7-Zip's related
format, use the p7zip package instead.)
- liblzma5-dbgsym: debug symbols for liblzma5
- xz-utils: XZ-format compression utilities
XZ is the successor to the Lempel-
Ziv/Markov- chain Algorithm
compression format, which provides memory-hungry but powerful
compression (often better than bzip2) and fast, easy decompression.
.
This package provides the command line tools for working with XZ
compression, including xz, unxz, xzcat, xzgrep, and so on. They can
also handle the older LZMA format, and if invoked via appropriate
symlinks will emulate the behavior of the commands in the lzma
package.
.
The XZ format is similar to the older LZMA format but includes some
improvements for general use:
.
* 'file' magic for detecting XZ files;
* crc64 data integrity check;
* limited random-access reading support;
* improved support for multithreading (not used in xz-utils);
* support for flushing the encoder.
- xz-utils-dbgsym: debug symbols for xz-utils
- xzdec: XZ-format compression utilities - tiny decompressors
XZ is the successor to the Lempel-
Ziv/Markov- chain Algorithm
compression format, which provides memory-hungry but powerful
compression (often better than bzip2) and fast, easy decompression.
.
This package provides the xzdec and lzmadec utilities, which write
the decompressed version of a compressed file to standard output. The
binaries are very small, so they can be easily stored on small media
with some compressed files, and they are linked statically against
liblzma so they can be used on machines without a compatible version
of liblzma installed. However, they have:
.
* no compression support;
* no support for writing to a file other than standard output;
* no translated messages;
* been optimized for size rather than speed.
.
For a full-featured xzcat command without these limitations, use
the xz-utils package instead.
- xzdec-dbgsym: debug symbols for xzdec
