- Fix CVE-2022-26291: lrzip v0.641 was discovered to contain a multiple
concurrency use-after-free between the functions zpaq_decompress_buf()
and clear_rulist(). This vulnerability allows attackers to cause a
Denial of Service (DoS) via a crafted Irz file.
- Use official tarball and so drop autoreconf
https://github.com/ckolivas/lrzip/blob/v0.651/WHATS-NEW
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit edbdad9397)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
69d4f8f9b0