[ubuntu/plucky-proposed] xz-utils 5.6.4-1ubuntu1 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Thu Apr 3 18:45:41 UTC 2025 

xz-utils (5.6.4-1ubuntu1) plucky; urgency=medium

  * SECURITY UPDATE: issue in threaded .xz decoder
    - debian/patches/CVE-2025-31115-1.patch: fix a comment in
      src/liblzma/common/stream_decoder_mt.c.
    - debian/patches/CVE-2025-31115-2.patch: simplify by removing the
      THR_STOP state in src/liblzma/common/stream_decoder_mt.c.
    - debian/patches/CVE-2025-31115-3.patch: don't free the input buffer
      too early in src/liblzma/common/stream_decoder_mt.c.
    - debian/patches/CVE-2025-31115-4.patch: don't modify thr->in_size in
      the worker thread in src/liblzma/common/stream_decoder_mt.c.
    - CVE-2025-31115

Date: Mon, 31 Mar 2025 14:18:04 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/xz-utils/5.6.4-1ubuntu1
-------------- next part --------------
Format: 1.8
Date: Mon, 31 Mar 2025 14:18:04 -0400
Source: xz-utils
Built-For-Profiles: noudeb
Architecture: source
Version: 5.6.4-1ubuntu1
Distribution: plucky
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Changes:
 xz-utils (5.6.4-1ubuntu1) plucky; urgency=medium
 .
   * SECURITY UPDATE: issue in threaded .xz decoder
     - debian/patches/CVE-2025-31115-1.patch: fix a comment in
       src/liblzma/common/stream_decoder_mt.c.
     - debian/patches/CVE-2025-31115-2.patch: simplify by removing the
       THR_STOP state in src/liblzma/common/stream_decoder_mt.c.
     - debian/patches/CVE-2025-31115-3.patch: don't free the input buffer
       too early in src/liblzma/common/stream_decoder_mt.c.
     - debian/patches/CVE-2025-31115-4.patch: don't modify thr->in_size in
       the worker thread in src/liblzma/common/stream_decoder_mt.c.
     - CVE-2025-31115
Checksums-Sha1:
 7ed168a518c387cd0c13cadc42f9ddc3c8ef32cd 2811 xz-utils_5.6.4-1ubuntu1.dsc
 ea5494ddd0f0a316f8f2d1d59bba450bef44503e 33372 xz-utils_5.6.4-1ubuntu1.debian.tar.xz
 fcefce04f08123746403a3b62d31eb0a5f2b0cd5 6398 xz-utils_5.6.4-1ubuntu1_source.buildinfo
Checksums-Sha256:
 71c01dbd26b65f535e1c5f1b438f54a3fb1af6545bfa8b22420f01652a0a2f05 2811 xz-utils_5.6.4-1ubuntu1.dsc
 dfa36a8d7aebfe7e017323c1ec9d833fb636e42d64cb56000b84ec5fb7fb69be 33372 xz-utils_5.6.4-1ubuntu1.debian.tar.xz
 6d83dcf8edad999957e6f19bb7249cbd2afd3eff028eee04cac6957ffdf4ed81 6398 xz-utils_5.6.4-1ubuntu1_source.buildinfo
Files:
 e93e46c275d57504716bde909da208e1 2811 utils optional xz-utils_5.6.4-1ubuntu1.dsc
 12055c403685bf91159661c777b63afc 33372 utils optional xz-utils_5.6.4-1ubuntu1.debian.tar.xz
 60a179a4fb2364a56185c429a9037f4a 6398 utils optional xz-utils_5.6.4-1ubuntu1_source.buildinfo
Original-Maintainer: Sebastian Andrzej Siewior <sebastian at breakpoint.cc>

More information about the plucky-changes mailing list