FS#70970 : [lz4] [security] CVE-2021-3520

FS#70970 - [lz4] [security] CVE-2021-3520

Attached to Project: Arch Linux
Opened by T.J. Townsend (blakkheim) - Friday, 21 May 2021, 14:49 GMT
Last edited by Jonas Witschel (diabonas) - Sunday, 23 May 2021, 19:01 GMT

Task Type	Bug Report
Category	Packages: Core
Status	Closed
Assigned To	Sébastien Luttringer (seblu) Levente Polyak (anthraxx)
Architecture	All
Severity	High
Priority	Normal
Reported Version
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	0
Private	No

Details

Description:
The lz4 package is vulnerable to CVE-2021-3520.

Additional info:
The following commit fixes it, but has not been in a release yet:

https://github.com/lz4/lz4/commit/8301a21773ef61656225e264f4f06ae14462bca7

This task depends upon

Closed by Jonas Witschel (diabonas)
Sunday, 23 May 2021, 19:01 GMT
Reason for closing: Fixed
Additional comments about closing: lz4 1:1.9.3-2

Comment by Sébastien Luttringer (seblu) - Friday, 21 May 2021, 15:27 GMT

Thanks for the watch.. Package is in [testing].

Comment by T.J. Townsend (blakkheim) - Sunday, 23 May 2021, 16:59 GMT

This can be closed now.

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux

FS#70970 - [lz4] [security] CVE-2021-3520

Details

Loading...