Public bug reported:
Scheduled-For: ubuntu-25.07
Ubuntu: 0.651-2ubuntu1
Debian Unstable: 0.651-3
A new release of lrzip is available for merging from Debian Unstable.
If it turns out this needs a sync rather than a merge, please change the
tag 'dcr-merge' to 'dcr-sync', and (optionally) update the title as
desired.
### New Debian Changes ###
lrzip (0.651-3) unstable; urgency=high
* Backport hsize validation for empty PCOMP to prevent Denial of Service,
fixes CVE-2023-39741 (closes: #1059293).
* Use no for Rules-Requires-Root.
* Update debhelper level to 13 .
* Update Standards-Version to 4.6.2 .
-- Laszlo Boszormenyi (GCS) <[email protected]> Fri, 22 Dec 2023 19:05:20
+0100
### Old Ubuntu Delta ###
lrzip (0.651-2ubuntu1) lunar; urgency=medium
* SECURITY UPDATE: Memory Corruption
- debian/patches/CVE-2022-28044.patch: fixed a heap memory corruption
discovered in initialize_control function.
- CVE-2022-28044
-- Amir Naseredini <[email protected]> Wed, 01 Feb 2023
15:22:42 +0000
** Affects: lrzip (Ubuntu)
Importance: Undecided
Assignee: Eduardo Barretto (ebarretto)
Status: New
** Tags: dcr-merge
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2112368
Title:
Merge lrzip from Debian Unstable for questing
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lrzip/+bug/2112368/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
