Package: xz-utils Version: 4.999.8beta-1 Severity: critical Justification: causes serious data loss
http://tukaani.org/xz/ says: XZ Utils 4.999.9beta was released on 2009-08-27. Among many less important changes, this release fixes a data corruption in the compression code. (The bug was specific to XZ Utils and was not present in 7-Zip or LZMA SDK.) Everyone using an older version of XZ Utils should upgrade. The bug report by Jonathan Stott on Arch Linux (FS#15964) says: Certain files (quite rarely) can become corrupted when extracting from xz compressed files, due to the truncation of the last few bytes. So, if I understand correctly (upstream doesn't provide a test case), once a file is compressed, its original content can definitely be lost since the bug is in the compression code. The patch: http://git.archlinux.de/xz/commit/?id=3ce1916c83041113b9cad9ead5c97a527cf8aa1d -- System Information: Debian Release: squeeze/sid APT prefers oldstable APT policy: (500, 'oldstable'), (500, 'unstable'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.26.5-20080922 (SMP w/2 CPU cores; PREEMPT) Locale: LANG=POSIX, LC_CTYPE=en_US.ISO8859-1 (charmap=ISO-8859-1) Shell: /bin/sh linked to /bin/bash Versions of packages xz-utils depends on: ii libc6 2.9-26 GNU C Library: Shared libraries ii liblzma0 4.999.8beta-1 high compression-ratio compression xz-utils recommends no packages. xz-utils suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
