Arch Linux

Please read this before reporting a bug:
https://wiki.archlinux.org/index.php/Reporting_Bug_Guidelines

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!
Tasklist

FS#70970 - [lz4] [security] CVE-2021-3520

Attached to Project: Arch Linux
Opened by mysta (mysta) - Friday, 21 May 2021, 14:49 GMT
Last edited by Jonas Witschel (diabonas) - Sunday, 23 May 2021, 19:01 GMT
Task Type Bug Report
Category Packages: Core
Status Closed
Assigned To S├ębastien Luttringer (seblu)
Levente Polyak (anthraxx)
Architecture All
Severity High
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Description:
The lz4 package is vulnerable to CVE-2021-3520.

Additional info:
The following commit fixes it, but has not been in a release yet:

https://github.com/lz4/lz4/commit/8301a21773ef61656225e264f4f06ae14462bca7
This task depends upon

Closed by  Jonas Witschel (diabonas)
Sunday, 23 May 2021, 19:01 GMT
Reason for closing:  Fixed
Additional comments about closing:  lz4 1:1.9.3-2
Comment by S├ębastien Luttringer (seblu) - Friday, 21 May 2021, 15:27 GMT
Thanks for the watch.. Package is in [testing].
Comment by mysta (mysta) - Sunday, 23 May 2021, 16:59 GMT
This can be closed now.

Loading...