-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 03 Apr 2025 21:55:39 +0200
Source: xz-utils
Architecture: source
Version: 5.4.1-1
Distribution: bookworm-security
Urgency: medium
Maintainer: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Changed-By: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Changes:
 xz-utils (5.4.1-1) bookworm-security; urgency=medium
 .
   * Add fix from upstream when the threaded decompresses frees memory too
     early on invalid input (CVE-2025-31115).
Checksums-Sha1:
 86f393f5250d01485acaa8453547dcb9503ac87b 2620 xz-utils_5.4.1-1.dsc
 8facb914772e5963d86f9cdd781c928009879b3b 1485272 xz-utils_5.4.1.orig.tar.xz
 7c8305fda4dbb47a962858e3e3496da0af715c4b 833 xz-utils_5.4.1.orig.tar.xz.asc
 7f6eccda8aa1fed2ec18c5329d010509a434f606 91000 xz-utils_5.4.1-1.debian.tar.xz
 089c49f080d27769b8fd728ead8e4423625d0d16 883 xz-utils_5.4.1-1_source.buildinfo
Checksums-Sha256:
 5c39ef3c918c2a5517306779b21fa4a2995c95c7ddbdbf48af63b4da97f4715b 2620 xz-utils_5.4.1-1.dsc
 5d9827aa1875b21c288f78864bb26d2650b436ea8d2cad364e4921eb6266a5a5 1485272 xz-utils_5.4.1.orig.tar.xz
 4b0c7707114996092a5f75a98333de2102db83a27218e4903b8fb7c24a8d0233 833 xz-utils_5.4.1.orig.tar.xz.asc
 17fdce0230999e3e19796a5a77c74d297fbaf41c6db0d21b07f76a2be1dd66c8 91000 xz-utils_5.4.1-1.debian.tar.xz
 312a52c4e3f3f15eeb1842a112a08c8c595d3adb902ef1e70999ffdce3b50bb4 883 xz-utils_5.4.1-1_source.buildinfo
Files:
 a61a28c904325b35726838c19d117c65 2620 utils optional xz-utils_5.4.1-1.dsc
 47d831c659e94071d5dd384d0d1ed4c6 1485272 utils optional xz-utils_5.4.1.orig.tar.xz
 6bc67b7cf68811620ef641ed53ecea3f 833 utils optional xz-utils_5.4.1.orig.tar.xz.asc
 156ce5980be294f1183554af3204f070 91000 utils optional xz-utils_5.4.1-1.debian.tar.xz
 31e3c3d16cf6c3429d283bb4f3b836d9 883 utils optional xz-utils_5.4.1-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEZCVGlf/wqkRmzBnme5boFiqM9dEFAmfu9bgACgkQe5boFiqM
9dHVsQ/+M9BJOajB4c+mgCqc1tisQl4Uqd1FxjT4St7P95h05GXyrwRL7SS5Nw/u
gTN/Mipn2wstelk0WUMfylp40ksWt5dAtHi4K5ZJOmbYv9kV6Hqig+RSAwO1+8lO
Wl+odiOIdnOe3QIlCH2zC8Yhs67kYD4QtgGUZ7/yve8eRb0v/NIDlg0i+zsL2ra0
LbL2ORkJGErqg0QejQZPUNKmred7/wH3C/8KrvqSBPpMWXF6Bg/WqQgEkLbeURBG
FYOZsjVUufYVEQzKkz9xz03pHGx/r3VnEqty+q34ZOi5rVO1fA0dnCP2e9XFwIVt
7JnI26qmhwC3kxman26dk93xrrpr2do7/WO5WcTFEgFks2Ons++mzIluokGi3R6Q
Fp6MSgQcvq1PlsBnQCDuK02U8uAhtmOBVt9BVkqhBdmrox+c6/6tVdbXHf5lmbJk
4+hvhjBOwP+C7A63Amjx+L4Z5zo71H25VjUdcZYkYiPXT9bicEXqbZm/hhCWPjmW
dJEY3RY5KOjRBhSsqH1UAjus3Yr2YHEgeY6q0tbDdoX53sBulCQkVhem+EYll0Lb
LsO/sgJi9KAkSyjAAW9qOSGzGriIWBzCuR/i5kSgmUZf783cI6LLg4b5q0o7ikL7
nOBOG4NI1MIbpntzbaJ/j/1L2yiTgI3SF0QBClbl+UBFFd2dLbA=
=sDa+
-----END PGP SIGNATURE-----