Debian Dar vulnerabilities

CVE-2007-3528 [MEDIUM] CVE-2007-3528: dar - The blowfish mode in DAR before 2.3.4 uses weak Blowfish-CBC cryptography by (1)... The blowfish mode in DAR before 2.3.4 uses weak Blowfish-CBC cryptography by (1) discarding random bits by the blowfish::make_ivec function in libdar/crypto.cpp that results in predictable and repeating IV values, and (2) direct use of a password for keying, which makes it easier for context-dependent attackers to decrypt files. Scope: local bookworm: resolved (fixed in

CVE-2005-2096 [HIGH] CVE-2005-2096: aide - zlib 1.2 and later versions allows remote attackers to cause a denial of service... zlib 1.2 and later versions allows remote attackers to cause a denial of service (crash) via a crafted compressed stream with an incomplete code description of a length greater than 1, which leads to a buffer overflow, as demonstrated using a crafted PNG file. Scope: local bookworm: resolved (fixed in 0.10-6.1.1) bullseye: resolved (fixed in 0.10-6.1.1) forky: resolved (