-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ----------------------------------------------------------------------- Debian LTS Advisory DLA-2573-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta February 20, 2021 https://wiki.debian.org/LTS - -----------------------------------------------------------------------
Package : libzstd Version : 1.1.2-1+deb9u1 Debian Bug : 981404 982519 It was discovered that zstd, a compression utility, was vulnerable to a race condition: it temporarily exposed, during a very short timeframe, a world-readable version of its input even if the original file had restrictive permissions. For Debian 9 stretch, this problem has been fixed in version 1.1.2-1+deb9u1. We recommend that you upgrade your libzstd packages. For the detailed security status of libzstd please refer to its security tracker page at: https://security-tracker.debian.org/tracker/libzstd Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmAxSCkACgkQgj6WdgbD S5aRwBAAiIkh/lZbQ/xN5oIIr+nySmjIiWpgkJhbOL3SWbVH6nCXp45Bpa7fjEmJ bwbimzjzAQnb8GkyXDoVY6JEcXak2URq7RTPRbet4e26uFV8JbPQPbZ5rDEDP56H jifY5B2V9Z6aAsu78aE5Dki9Mg9bjJHi/IUZosvZlN4+FpbbK4BbixnmPoXCFfzF andt3FTmf/alOYonEeA4nuCsvt9owAzqjZd0VeWs1s1iz3kTt34SDTN1gBlihhcV MfCfm/WzfaZLCV6A1vA1kgIzZBg4xGiuYhO3z6Dk4Je2FrmOthu6q0YTDH2Sk7lR qb2lbIH88zaxHv+WBGZqAXJaexXtqk/MwA1B9VLtrKi6evB0qaYaF/YQpMPKZZR9 D5DueXkdMVFuc842BjclDRPvk/BpyfcZEU26b4mMRHfCXsoxj0pJ+MM9reAVVg8S Xrj/VCQa0/ImLxxf4a4Liobvlnrs+DbB9AMNDu4cbHll+mIeRty87JOV8DL2BSKy /8w+V+xSNcRo+491lgJqr1LfkxnPM+V9ZimNJh2hfajgCYCqmGUnSTscOKqjeOwH /QHqz3kO5fZEkg9l9eMBibkmeUBxjWfgGdzq5o6Rpt4f0DNCs+bhQ7oMpLGB23o5 hjHParwbVWG5i8XHm1GPXBiaRXp6yBmPaqg2e23ZAyBGHBJNJtw= =u10s -----END PGP SIGNATURE-----
