Yashashree Gund

**Name of the Vulnerable Software and Affected Versions** dpkg-deb (affected versions not specified) **Description** The dpkg-deb component of the Debian package management system does not properly validate the end of the data stream when uncompressing a zstd-compressed .deb archive. This can lead to a denial of service condition, specifically an infinite loop that consumes CPU resources. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** rust-rpm-sequoia (affected versions not specified) **Description** A flaw exists in rust-rpm-sequoia that allows an attacker to cause an application-level denial of service. This occurs when a specially crafted Red Hat Package Manager (RPM) file is provided. The vulnerability is triggered during RPM signature verification, specifically within the OpenPGP signature parsing code, leading to the unconditional termination of the `rpm` process. This prevents the system from processing RPM files for signature verification. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.