Summary: | <app-arch/lrzip-0.650: Multiple vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sam James <sam> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | IN_PROGRESS --- | ||
Severity: | minor | CC: | filip.ambroz, maintainer-needed |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B3 [glsa? cleanup] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 836957 | ||
Bug Blocks: |
Description
Sam James
2022-03-02 02:30:58 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=61c003d081de7195408fb32386a7afdf4ec8b5b2 commit 61c003d081de7195408fb32386a7afdf4ec8b5b2 Author: Sam James <sam@gentoo.org> AuthorDate: 2022-03-02 02:29:49 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-03-02 02:31:03 +0000 app-arch/lrzip: add 0.650 Bug: https://bugs.gentoo.org/834456 Signed-off-by: Sam James <sam@gentoo.org> app-arch/lrzip/Manifest | 1 + app-arch/lrzip/lrzip-0.650.ebuild | 51 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 52 insertions(+) Con just released 0.651: https://ck-hack.blogspot.com/2022/03/lrzip-version-0651.html The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9923950a8fb3c067c6102f7175b94ecc1cbbdfaf commit 9923950a8fb3c067c6102f7175b94ecc1cbbdfaf Author: Sam James <sam@gentoo.org> AuthorDate: 2022-03-11 09:19:46 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-03-11 11:00:55 +0000 app-arch/lrzip: add 0.651 Not thought to fix any further vulnerabilities but it's a better stable candidate. Bug: https://bugs.gentoo.org/834456 Signed-off-by: Sam James <sam@gentoo.org> app-arch/lrzip/Manifest | 1 + app-arch/lrzip/lrzip-0.651.ebuild | 51 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 52 insertions(+) *** Bug 836350 has been marked as a duplicate of this bug. *** Please cleanup CVE-2022-28044 (https://github.com/ckolivas/lrzip/issues/216): Irzip v0.640 was discovered to contain a heap memory corruption via the component lrzip.c:initialise_control. |