** Summary changed: - Merge lrzip from Debian Unstable for questing + Sync lrzip from Debian Unstable for questing
** Description changed: Scheduled-For: ubuntu-25.07 Ubuntu: 0.651-2ubuntu1 Debian Unstable: 0.651-3 - A new release of lrzip is available for merging from Debian Unstable. + A new release of lrzip is available for syncing from Debian Unstable. - If it turns out this needs a sync rather than a merge, please update the - title as desired. + The Ubuntu delta can be safely dropped as the upstream reverted that security + patch as the whole affected library was removed from the code base. ### New Debian Changes ### lrzip (0.651-3) unstable; urgency=high * Backport hsize validation for empty PCOMP to prevent Denial of Service, fixes CVE-2023-39741 (closes: #1059293). * Use no for Rules-Requires-Root. * Update debhelper level to 13 . * Update Standards-Version to 4.6.2 . -- Laszlo Boszormenyi (GCS) <[email protected]> Fri, 22 Dec 2023 19:05:20 +0100 ### Old Ubuntu Delta ### lrzip (0.651-2ubuntu1) lunar; urgency=medium * SECURITY UPDATE: Memory Corruption - debian/patches/CVE-2022-28044.patch: fixed a heap memory corruption discovered in initialize_control function. - CVE-2022-28044 -- Amir Naseredini <[email protected]> Wed, 01 Feb 2023 15:22:42 +0000 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2112368 Title: Sync lrzip from Debian Unstable for questing To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lrzip/+bug/2112368/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
