Univention Bugzilla – Bug 53267
lz4: Multiple issues (4.4)
Last modified: 2021-05-19 18:01:09 CEST
New Debian lz4 0.0~r131-2+deb9u1 fixes: This update addresses the following issue: * memory corruption due to an integer overflow bug caused by memmove argument (CVE-2021-3520)
--- mirror/ftp/4.3/unmaintained/4.3-0/source/lz4_0.0~r131-2.dsc +++ apt/ucs_4.4-0-errata4.4-8/source/lz4_0.0~r131-2+deb9u1.dsc @@ -1,3 +1,8 @@ +0.0~r131-2+deb9u1 [Wed, 12 May 2021 10:41:05 +0100] Chris Lamb <lamby@debian.org>: + + * CVE-2021-3520: Fix a potential memory corruption vulnerability that could + be exploited with a negative memmove(3) size argument. (Closes: #987856) + 0.0~r131-2 [Thu, 18 Feb 2016 00:27:54 +0900] Nobuhiro Iwamatsu <iwamatsu@debian.org>: * Add support cross compile. (Closes: #814687) <http://piuparts.knut.univention.de/4.4-8/#6105387782039064262>
OK: yaml OK: announce_errata OK: patch OK: piuparts
<https://errata.software-univention.de/#/?erratum=4.4x977>