Your message dated Sat, 04 Jul 2026 12:32:06 +0000
with message-id <[email protected]>
and subject line Bug#1132497: fixed in xz-utils 5.8.1-1+deb13u1
has caused the Debian Bug report #1132497,
regarding xz-utils: CVE-2026-34743
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
1132497: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132497
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: xz-utils
Version: 5.8.2-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Control: found -1 5.8.1-1
Control: found -1 5.4.1-1

Hi,

The following vulnerability was published for xz-utils.

CVE-2026-34743[0]:
| liblzma: Fix a buffer overflow in lzma_index_append()


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2026-34743
    https://www.cve.org/CVERecord?id=CVE-2026-34743
[1] https://tukaani.org/xz/index-append-overflow.html
[2] 
https://github.com/tukaani-project/xz/commit/c8c22869e780ff57c96b46939c3d79ff99395f87

Regards,
Salvatore

--- End Message ---
--- Begin Message ---
Source: xz-utils
Source-Version: 5.8.1-1+deb13u1
Done: Adrian Bunk <[email protected]>

We believe that the bug you reported is fixed in the latest version of
xz-utils, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Adrian Bunk <[email protected]> (supplier of updated xz-utils package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 01 Jul 2026 22:00:37 +0300
Source: xz-utils
Architecture: source
Version: 5.8.1-1+deb13u1
Distribution: trixie
Urgency: medium
Maintainer: Sebastian Andrzej Siewior <[email protected]>
Changed-By: Adrian Bunk <[email protected]>
Closes: 1132497
Changes:
 xz-utils (5.8.1-1+deb13u1) trixie; urgency=medium
 .
   * Non-maintainer upload.
   * CVE-2026-34743: Buffer overflow in lzma_index_append()
     (Closes: #1132497)
Checksums-Sha1:
 81bd81b15c3e5c9965ecebece5a3a2cc99354516 2736 xz-utils_5.8.1-1+deb13u1.dsc
 c29df8058b6279bfab2744f3e79b2940229207a3 1461872 xz-utils_5.8.1.orig.tar.xz
 3658f92b0eec052a58ca69fa3c12c5b095a05fc6 833 xz-utils_5.8.1.orig.tar.xz.asc
 a4388b86149165bb1ae1010d54cf89f2fddfbfcc 25696 
xz-utils_5.8.1-1+deb13u1.debian.tar.xz
Checksums-Sha256:
 ddadd9d9f7c4bb80b08f9f17409e2701a29a4cf8fe25e15d19605e5281c1fc1b 2736 
xz-utils_5.8.1-1+deb13u1.dsc
 0b54f79df85912504de0b14aec7971e3f964491af1812d83447005807513cd9e 1461872 
xz-utils_5.8.1.orig.tar.xz
 4138f4ceca1aa7fd2085fb15a23f6d495d27bca6d3c49c429a8520ea622c27ae 833 
xz-utils_5.8.1.orig.tar.xz.asc
 0e48427971a9ce674ddbba26e34ac1dd009c683f3816ce17852d99dc7b0a8e46 25696 
xz-utils_5.8.1-1+deb13u1.debian.tar.xz
Files:
 ed1d27219223e4c1af9586d670944589 2736 utils optional 
xz-utils_5.8.1-1+deb13u1.dsc
 cf5e1feb023d22c6bdaa30e84ef3abe3 1461872 utils optional 
xz-utils_5.8.1.orig.tar.xz
 7a1c93af83d35ba1e0ba9cbe12f01493 833 utils optional 
xz-utils_5.8.1.orig.tar.xz.asc
 55542a3c8ee3a20b0a82b484c04259fc 25696 utils optional 
xz-utils_5.8.1-1+deb13u1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmpGN50ACgkQiNJCh6LY
mLELGQ/+J8CATk83elX4Tw6GV4lG+X1qF4ZCphGKDpB5Xsy5qmGB1VeCqMeTRfFC
TW6YTcgZxDk0+lnF4XpBSeQr/SE5mNizuOLtN3ymO5mhHetSSrLyDMQEs5cFd1Dh
/aOx1tC88JomnxXUsp/8MIxmLmL8n3FjyTiv8cXBeVemq+rijUsAUJcEt+HOykUb
Jh1KqOL4+Nzuwyk01e2RIlapDKGJQepIGfAPBIz06WafoozGzx9wbAa1pOoXjFrZ
p4mJXEMnsr994Wjkq02YkXv8Y3gXSeTdgwenj0bC19bUV+SxuKU/cBVNMhebD0Zg
blpFg5S52kyYFNTwCU9QqKcCwQEyFUYgyhA2OLGuoWLzlsXABn2UGmCGUuJVMK3H
E9OyGiGE7lFsfkle0Go2yay9a9AjsO1nym7srUSHHO2/n0l050bAq0RiEkXqjhnw
2j8FQkQe+vcz+i5yROjqqarh4nSONy5ljnAGuhSTecNpvkFliocWZehozxpEG2Ve
XcCKtM+TJiymyBlNt/aPu7XgolTjeM9E+e+qSJf2F1QFOFEwvVpm2LSZ2BmZcVtF
go7jmn4WTsMbcn2Qw+akfRSKAqEnMTca3sNzzQJVKJOCb+n8/WvwHFKDiIDZ+64e
sOxjqEK8UNiBwcyZd+B4uLPoWIn+fe+AjmmwSGb55nUfPgNTeVQ=
=fsNL
-----END PGP SIGNATURE-----

Attachment: pgpBLQ5q6loVo.pgp
Description: PGP signature


--- End Message ---

Reply via email to