Univention Bugzilla – Bug 53405
lz4: Multiple issues (5.0)
Last modified: 2021-06-09 19:26:06 CEST
New Debian lz4 1.8.3-1+deb10u1 fixes: This update addresses the following issue: * memory corruption due to an integer overflow bug caused by memmove argument (CVE-2021-3520)
--- mirror/ftp/pool/main/l/lz4/lz4_1.8.3-1.dsc +++ apt/ucs_5.0-0-errata5.0-0/source/lz4_1.8.3-1+deb10u1.dsc @@ -1,3 +1,9 @@ +1.8.3-1+deb10u1 [Sun, 16 May 2021 21:23:00 +0200] Salvatore Bonaccorso <carnil@debian.org>: + + * Non-maintainer upload by the Security Team. + * Fix potential memory corruption with negative memmove() size + (CVE-2021-3520) (Closes: #987856) + 1.8.3-1 [Tue, 25 Sep 2018 22:26:58 +0900] Nobuhiro Iwamatsu <iwamatsu@debian.org>: * New upstream release. <http://piuparts.knut.univention.de/5.0-0/#9152902414270417240>
OK: yaml OK: announce_errata OK: patch OK: piuparts
<https://errata.software-univention.de/#/?erratum=5.0x7>