CVE-2022-28044

Published: 15 April 2022

Irzip v0.640 was discovered to contain a heap memory corruption via the component lrzip.c:initialise_control.

Priority

9.8

Package	Release	Status
lrzip Launchpad, Ubuntu, Debian	bionic	Not vulnerable (0.631-1+deb9u3build0.18.04.1)
	focal	Not vulnerable (0.631+git180528-1+deb10u1build0.20.04.1)
	impish	Ignored (reached end-of-life)
	jammy	Not vulnerable (0.651-2ubuntu0.22.04.1)
	kinetic	Released (0.651-2ubuntu0.22.10.1)
	trusty	Released (0.616-1ubuntu0.1~esm2)
	upstream	Released (0.650-1)
	xenial	Released (0.621-1ubuntu0.1~esm2)

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.