Debian-LTS alert DLA-694-1 (libwmf)

From:
    	     
 
Balint Reczey <balint@balintreczey.hu> 
To:
    	     
 
debian-lts-announce@lists.debian.org 
Subject:
    	     
 
[SECURITY] [DLA 694-1] libwmf security update 
Date:
    	     
 
Wed, 2 Nov 2016 15:31:34 +0100
Message-ID:
    	     
 
<e20524fe-c4af-a7a3-c30b-92f123b3bee1@balintreczey.hu>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : libwmf
Version        : 0.2.8.4-10.3+deb7u2
CVE ID         : CVE-2016-9011
Debian Bug     : 842090

Agostino Sarubbo from Gentoo discovered a flaw in libwmf's Windows
Metafile Format (WMF) parser which caused allocation of excessive
amount of memory potentially leading to a crash.

For Debian 7 "Wheezy", these problems have been fixed in version
0.2.8.4-10.3+deb7u2.

We recommend that you upgrade your libwmf packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJYGfjGAAoJEPZk0la0aRp97QcP/jocLxjkuNCeUSJJ6awFhTCe
5FA+Ufmbf4AnaccnmfCS1yenadgTkEmzbEJrBUPbfeqAsMaT+kaj7GXOtSAQHwCN
jq30QZMSfNQJNzE+f9lPntM6ZD9xkjdt1twfuVS7JpA4bY3qgP7uBUEySnwOnSXU
kxTr48dCi+WVksXQ9h7Snk6ov2wedmrNEI/j0ukC1vIQ97sX3y6aw9ijuIqNiW8x
Hnl7/11zFjV5aDe7jaMHeT1xg4c6PVmZmXxcHzrqBEZVxpikc3wEAi+UPSjcc5+R
ZPxKFq6HCSbttj9Ftw3nOvuvzex1o5Gn130MsBqIJJ1JTyZ2ytDGn7K5+nJOP8yl
FFWMYKf02Xj3JmYqiuuv34QmZDO6wkI7gMCW2Ohm4SpYC2lTwr5BEi/2tSUV2Wrp
TIt4zZsNq3gYUuPF73MKVktOd5SwMIWKIe1l37yFLtoFqukvxUc6Lw+aR6K7mEjT
zU5Ge4amc7tjG02qgbvwpAOEdLGiiBhbD8ZNwWz6dOvzjWOzv3tkRylw9lX4OALI
rGDtaf9jCQhGWAGxbBM6uD6hz+DVIZJBW9Euyl0hErb0OCcANpIlIr7nj28Raaqt
pYL1GKc9Ajwbm5LQc6g0djC90cyoPushTnWds+JaPomCvlVX5aV0hxKjyQ/qKZTa
epMQiVdakbDcB/PWQvi4
=eBHk
-----END PGP SIGNATURE-----