FS#74851 : [lrzip] [security] CVE-2018-5786

FS#74851 - [lrzip] [security] CVE-2018-5786

Attached to Project: Community Packages
Opened by T.J. Townsend (blakkheim) - Wednesday, 25 May 2022, 16:30 GMT
Last edited by Leonidas Spyropoulos (inglor) - Friday, 27 May 2022, 07:58 GMT

Task Type	Bug Report
Category	Packages
Status	Closed
Assigned To	Leonidas Spyropoulos (inglor) Filipe Laíns (FFY00)
Architecture	All
Severity	Low
Priority	Normal
Reported Version
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	0
Private	No

Details

Description:
The lrzip package in [community] is vulnerable to (at least) CVE-2018-5786; possibly more because it's so outdated. The attached diff pulls in the fixes.

Additional info:
https://github.com/ckolivas/lrzip/commit/3495188cd8f2215a9feea201f3e05c1341ed95fb

lrzip.diff (0.6 KiB)

This task depends upon

Closed by Leonidas Spyropoulos (inglor)
Friday, 27 May 2022, 07:58 GMT
Reason for closing: Fixed
Additional comments about closing: 0.651-2

Comment by T.J. Townsend (blakkheim) - Thursday, 26 May 2022, 18:26 GMT

Field changed: Percent Complete (100% → 0%)

CVE was not fixed, maintainer did not read report.

Comment by T.J. Townsend (blakkheim) - Thursday, 26 May 2022, 19:06 GMT

The latest release does not contain the fix, so it needs to be cherry-picked as is done in the submitted patch.

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux

FS#74851 - [lrzip] [security] CVE-2018-5786

Details

Loading...