Univention Bugzilla – Bug 54671
xz-utils: Multiple issues (5.0)
Last modified: 2022-04-20 17:41:07 CEST
New Debian xz-utils 5.2.4-1+deb10u1 fixes: This update addresses the following issue: * arbitrary-file-write vulnerability (CVE-2022-1271)
--- mirror/ftp/pool/main/x/xz-utils/xz-utils_5.2.4-1.dsc +++ apt/ucs_5.0-0-errata5.0-1/source/xz-utils_5.2.4-1+deb10u1.dsc @@ -1,3 +1,9 @@ +5.2.4-1+deb10u1 [Mon, 11 Apr 2022 16:51:17 +0200] Salvatore Bonaccorso <carnil@debian.org>: + + * Non-maintainer upload by the Security Team. + * xzgrep: Fix escaping of malicious filenames (ZDI-CAN-16587) + (CVE-2022-1271) (Closes: #1009167) + 5.2.4-1 [Sun, 27 Jan 2019 17:09:34 -0800] Jonathan Nieder <jrnieder@gmail.com>: * New upstream release. Closes: #851615. <http://piuparts.knut.univention.de/5.0-1/#6036705051657338436>
OK: yaml OK: announce_errata OK: patch OK: piuparts
<https://errata.software-univention.de/#/?erratum=5.0x290>