[ubuntu/noble-updates] xz-utils 5.6.1+really5.4.5-1ubuntu0.2 (Accepted)
Ubuntu Archive Robot
ubuntu-archive-robot at lists.canonical.com
Thu Apr 3 17:58:16 UTC 2025
xz-utils (5.6.1+really5.4.5-1ubuntu0.2) noble-security; urgency=medium
* SECURITY UPDATE: issue in threaded .xz decoder
- debian/patches/CVE-2025-31115-1.patch: fix a comment in
src/liblzma/common/stream_decoder_mt.c.
- debian/patches/CVE-2025-31115-2.patch: simplify by removing the
THR_STOP state in src/liblzma/common/stream_decoder_mt.c.
- debian/patches/CVE-2025-31115-3.patch: don't free the input buffer
too early in src/liblzma/common/stream_decoder_mt.c.
- debian/patches/CVE-2025-31115-4.patch: don't modify thr->in_size in
the worker thread in src/liblzma/common/stream_decoder_mt.c.
- CVE-2025-31115
Date: 2025-04-03 14:57:16.090080+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/xz-utils/5.6.1+really5.4.5-1ubuntu0.2
-------------- next part --------------
Sorry, changesfile not available.
More information about the noble-changes
mailing list