Univention Bugzilla – Bug 54660
xz-utils: Multiple issues (4.4)
Last modified: 2022-04-13 15:13:19 CEST
New Debian xz-utils 5.2.2-1.2+deb9u1 fixes: This update addresses the following issue: * arbitrary-file-write vulnerability (CVE-2022-1271)
--- mirror/ftp/4.3/unmaintained/4.3-0/source/xz-utils_5.2.2-1.2.dsc +++ apt/ucs_4.4-0-errata4.4-8/source/xz-utils_5.2.2-1.2+deb9u1.dsc @@ -1,3 +1,9 @@ +5.2.2-1.2+deb9u1 [Sun, 10 Apr 2022 14:23:52 +0530] Utkarsh Gupta <utkarsh@debian.org>: + + * Non-maintainer upload by the LTS team. + * Add patch to fix fix escaping of malicious filenames. + (ZDI-CAN-16587) (Fixes: CVE-2022-1271) (Closes: #1009167) + 5.2.2-1.2 [Sat, 08 Oct 2016 15:11:19 +0200] Sebastian Andrzej Siewior <sebastian@breakpoint.cc>: * Non-maintainer upload. <http://piuparts.knut.univention.de/4.4-8/#7873447676789020327>
OK: yaml OK: announce_errata OK: patch OK: piuparts
<https://errata.software-univention.de/#/?erratum=4.4x1224>