Commit b8d0707a for xz
commit b8d0707ae788b401161babf0fe771c859e3f996c
Author: Lasse Collin <lasse.collin@tukaani.org>
Date: Thu Jul 2 21:09:36 2026 +0300
NEWS: Clarify which bug is CVE-2026-34743
Fixes: https://salsa.debian.org/debian/xz-utils/-/merge_requests/5#note_775071
diff --git a/NEWS b/NEWS
index c08b2f7d..c1870e89 100644
--- a/NEWS
+++ b/NEWS
@@ -11,8 +11,8 @@ XZ Utils Release Notes
* liblzma:
- - Fix a buffer overflow in lzma_index_append(): If
- lzma_index_decoder() was used to decode an Index that
+ - Fix a buffer overflow in lzma_index_append() (CVE-2026-34743):
+ If lzma_index_decoder() was used to decode an Index that
contained no Records, the resulting lzma_index was left in
a state where where a subsequent lzma_index_append() would
allocate too little memory, and a buffer overflow would occur.