| Release | Version |
|---|---|
| jessie | 0.0~r122-2+deb8u1 |
| stretch | 0.0~r131-2+deb9u1 |
| buster | 1.8.3-1+deb10u1 |
| bullseye | 1.9.3-2 |
| bookworm | 1.9.4-1 |
| trixie | 1.9.4-2 |
| sid | 1.9.4-2 |
| Bug | jessie | stretch | buster | bullseye | bookworm | trixie | sid | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-17543 | vulnerable (no DSA) | vulnerable (no DSA, ignored) | vulnerable (no DSA, ignored) | fixed | fixed | fixed | fixed | LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4_write32 (rela ... |
| Bug | Description |
|---|---|
| CVE-2021-3520 | There's a flaw in lz4. An attacker who submits a crafted file to an ap ... |
| CVE-2014-4715 | Yann Collet LZ4 before r119, when used on certain 32-bit platforms tha ... |
| CVE-2014-4611 | Integer overflow in the LZ4 algorithm implementation, as used in Yann ... |
| DSA / DLA | Description |
|---|---|
| DSA-4919-1 | lz4 - security update |
| DLA-2657-1 | lz4 - security update |
| ELA-427-1 | lz4 - security update |