GNU bug report logs - #48656
[PATCH] gnu: lz4: Add a patch for CVE-2021-3520.

Reported by: Solene Rapenne <solene <at> perso.pw>

Date: Tue, 25 May 2021 18:25:01 UTC

Severity: normal

Tags: patch

Message #23 received at 48656 <at> debbugs.gnu.org (full text, mbox):

From: Jelle Licht <jlicht <at> fsfe.org>
To: Leo Famulari <leo <at> famulari.name>
Cc: 48656 <at> debbugs.gnu.org
Subject: Re: [bug#48656] [PATCH] gnu: lz4: Add a patch for CVE-2021-3520.
Date: Mon, 29 May 2023 13:43:24 +0200

Jelle Licht <jlicht <at> fsfe.org> writes:

> Leo Famulari <leo <at> famulari.name> writes:
>
>> On Tue, May 25, 2021 at 03:07:05PM -0400, Leo Famulari wrote:
>>> Is there any discussion about this upstream? Why isn't it included in
>>> lz4 yet?
>>
>> I found approval from the lz4 maintainers:
>>
>> https://github.com/lz4/lz4/pull/972#issuecomment-830192743
>> https://github.com/lz4/lz4/pull/972#issuecomment-799719118
>
> It seems there's some uncertainty w.r.t. the validity of the CVE [0],
> but since then a release has been made that pulls the changes discussed
> in issue 972 into lz4 release 1.9.4.

With [0] being: https://github.com/lz4/lz4/issues/1037#issuecomment-1283560779

This bug report was last modified 2 years and 19 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #48656 [PATCH] gnu: lz4: Add a patch for CVE-2021-3520.

GNU bug report logs - #48656
[PATCH] gnu: lz4: Add a patch for CVE-2021-3520.