[SECURITY] [DLA 2573-1] libzstd security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
- -----------------------------------------------------------------------
Debian LTS Advisory DLA-2573-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Utkarsh Gupta
February 20, 2021 https://wiki.debian.org/LTS
- -----------------------------------------------------------------------
Package : libzstd
Version : 1.1.2-1+deb9u1
Debian Bug : 981404 982519
It was discovered that zstd, a compression utility, was vulnerable
to a race condition: it temporarily exposed, during a very short
timeframe, a world-readable version of its input even if the
original file had restrictive permissions.
For Debian 9 stretch, this problem has been fixed in version
1.1.2-1+deb9u1.
We recommend that you upgrade your libzstd packages.
For the detailed security status of libzstd please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libzstd
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmAxSCkACgkQgj6WdgbD
S5aRwBAAiIkh/lZbQ/xN5oIIr+nySmjIiWpgkJhbOL3SWbVH6nCXp45Bpa7fjEmJ
bwbimzjzAQnb8GkyXDoVY6JEcXak2URq7RTPRbet4e26uFV8JbPQPbZ5rDEDP56H
jifY5B2V9Z6aAsu78aE5Dki9Mg9bjJHi/IUZosvZlN4+FpbbK4BbixnmPoXCFfzF
andt3FTmf/alOYonEeA4nuCsvt9owAzqjZd0VeWs1s1iz3kTt34SDTN1gBlihhcV
MfCfm/WzfaZLCV6A1vA1kgIzZBg4xGiuYhO3z6Dk4Je2FrmOthu6q0YTDH2Sk7lR
qb2lbIH88zaxHv+WBGZqAXJaexXtqk/MwA1B9VLtrKi6evB0qaYaF/YQpMPKZZR9
D5DueXkdMVFuc842BjclDRPvk/BpyfcZEU26b4mMRHfCXsoxj0pJ+MM9reAVVg8S
Xrj/VCQa0/ImLxxf4a4Liobvlnrs+DbB9AMNDu4cbHll+mIeRty87JOV8DL2BSKy
/8w+V+xSNcRo+491lgJqr1LfkxnPM+V9ZimNJh2hfajgCYCqmGUnSTscOKqjeOwH
/QHqz3kO5fZEkg9l9eMBibkmeUBxjWfgGdzq5o6Rpt4f0DNCs+bhQ7oMpLGB23o5
hjHParwbVWG5i8XHm1GPXBiaRXp6yBmPaqg2e23ZAyBGHBJNJtw=
=u10s
-----END PGP SIGNATURE-----
Reply to: