Format: 1.8
Date: Mon, 15 Apr 2024 14:15:02 -0700
Source: xz-utils
Binary: liblzma5 liblzma5-udeb xz-utils xzdec liblzma-dev liblzma-doc
Architecture: source
Version: 5.4.6-0ubuntu1~18.04.sav1
Distribution: bionic
Urgency: medium
Maintainer: Jonathan Nieder <jrnieder@gmail.com>
Changed-By: Rob Savoury <savoury@savos.tech>
Description:
 liblzma-dev - XZ-format compression library - development files
 liblzma-doc - XZ-format compression library - API documentation
 liblzma5   - XZ-format compression library
 liblzma5-udeb - XZ-format compression library (udeb)
 xz-utils   - XZ-format compression utilities
 xzdec      - XZ-format compression utilities - tiny decompressors
Changes:
 xz-utils (5.4.6-0ubuntu1~18.04.sav1) bionic; urgency=medium
 .
   * Response to CVE-2024-3094 backdoor (new upstream changes from April 2024):
     - d/patches/: Add cve-2024-3094-doc-changes-part{1,2,3}.patch (upstream)
         to show current correct maintainer and URL info (removes "Jia Tan")
       - Add cve-2024-3094-doc-changes-part4.patch to purge the evildoer from
         documentation in several additional files not yet changed by upstream
     - NOTE: No ifunc support was in any xz-utils source prior to v5.5.1alpha,
       and at this time all available information about CVE-2024-3094 says that
       the backdoor relied upon ifunc to operate, so this version 5.4.6 should
       not be vulnerable (and as soon as upstream makes a new release with all
       changes by "Jia Tan" removed that release will be published at the PPAs)
Checksums-Sha1:
 ebe79165dd9a1eb09d88e5af56a06e24c1328634 2512 xz-utils_5.4.6-0ubuntu1~18.04.sav1.dsc
 8b077f4faecc78c582fd0b8b0c752bf3b66bcfef 31444 xz-utils_5.4.6-0ubuntu1~18.04.sav1.debian.tar.xz
Checksums-Sha256:
 82c5054642f1b12be5b4145573b07df8f0b6fc073379f77436483dfc1fa8aaf1 2512 xz-utils_5.4.6-0ubuntu1~18.04.sav1.dsc
 8a7dcb7576c91bbdd4e5d351bfcd9b049501a4774c13d83f3c5ab6a89c683a5a 31444 xz-utils_5.4.6-0ubuntu1~18.04.sav1.debian.tar.xz
Files:
 a0de751f6572f08f8da397b8cd234d14 2512 utils optional xz-utils_5.4.6-0ubuntu1~18.04.sav1.dsc
 23244deaf9c9418ecd0c17e40ca49b73 31444 utils optional xz-utils_5.4.6-0ubuntu1~18.04.sav1.debian.tar.xz