Patch upstream but no new release.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f5e1e0856c8c0fd62343a53590e2f29266a85d54 commit f5e1e0856c8c0fd62343a53590e2f29266a85d54 Author: Sam James <sam@gentoo.org> AuthorDate: 2022-04-07 18:10:32 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-04-07 18:10:32 +0000 app-arch/xz-utils: patch xzgrep vulnerability (ZDI-CAN-16587) Bug: https://bugs.gentoo.org/837155 Signed-off-by: Sam James <sam@gentoo.org> .../xz-utils-5.2.5-xzgrep-ZDI-CAN-16587.patch | 88 +++++++++++++++ app-arch/xz-utils/xz-utils-5.2.5-r2.ebuild | 118 +++++++++++++++++++++ 2 files changed, 206 insertions(+)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=142c539cc4c68c3dc0a3c55f8a7996f7a5b3c3d6 commit 142c539cc4c68c3dc0a3c55f8a7996f7a5b3c3d6 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2022-09-07 02:51:56 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-09-07 02:58:05 +0000 [ GLSA 202209-01 ] GNU Gzip, XZ Utils: Arbitrary file write Bug: https://bugs.gentoo.org/837152 Bug: https://bugs.gentoo.org/837155 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202209-01.xml | 56 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 56 insertions(+)
GLSA released, all done!