GNU bug report logs - #48656
[PATCH] gnu: lz4: Add a patch for CVE-2021-3520.

Reported by: Solene Rapenne <solene <at> perso.pw>

Date: Tue, 25 May 2021 18:25:01 UTC

Severity: normal

Tags: patch

Message #20 received at 48656 <at> debbugs.gnu.org (full text, mbox):

From: Jelle Licht <jlicht <at> fsfe.org>
To: Leo Famulari <leo <at> famulari.name>
Cc: 48656 <at> debbugs.gnu.org
Subject: Re: bug#48656: [PATCH] gnu: lz4: Add a patch for CVE-2021-3520.
Date: Mon, 29 May 2023 13:31:12 +0200

Leo Famulari <leo <at> famulari.name> writes:

> On Tue, May 25, 2021 at 03:07:05PM -0400, Leo Famulari wrote:
>> Is there any discussion about this upstream? Why isn't it included in
>> lz4 yet?
>
> I found approval from the lz4 maintainers:
>
> https://github.com/lz4/lz4/pull/972#issuecomment-830192743
> https://github.com/lz4/lz4/pull/972#issuecomment-799719118

It seems there's some uncertainty w.r.t. the validity of the CVE [0],
but since then a release has been made that pulls the changes discussed
in issue 972 into lz4 release 1.9.4.

This bug report was last modified 2 years and 18 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #48656 [PATCH] gnu: lz4: Add a patch for CVE-2021-3520.

GNU bug report logs - #48656
[PATCH] gnu: lz4: Add a patch for CVE-2021-3520.