Debian alert DLA-4450-1 (taglib)
| From: | Thorsten Alteholz <debian@alteholz.de> | |
| To: | debian-lts-announce@lists.debian.org | |
| Subject: | [SECURITY] [DLA 4450-1] taglib security update | |
| Date: | Sat, 24 Jan 2026 18:43:17 +0000 | |
| Message-ID: | <b8e69ccc-3bf9-b6ab-b5f1-7073bf865a54@alteholz.de> |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4450-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Thorsten Alteholz January 24, 2026 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : taglib Version : 1.11.1+dfsg.1-3+deb11u1 CVE ID : CVE-2023-47466 An issues has been found in taglib, an audio meta-data library. The issue is related to a segmentation violation and a resulting application crash due to processing a crafted WAV file in which an id3 chunk is the only valid chunk. For Debian 11 bullseye, this problem has been fixed in version 1.11.1+dfsg.1-3+deb11u1. We recommend that you upgrade your taglib packages. For the detailed security status of taglib please refer to its security tracker page at: https://security-tracker.debian.org/tracker/taglib Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAml1EsVfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7 WEeHyg//RMZ9RlNoTop8V8bhVmgA8so35Sv1obO4LIPMN2NZkeZszCnOs7Au3u+5 NKtJHsBXlPXkmKGOUYnQJJFWGqWHjJw0dV+ho9/uMvfjY2DOrfM+T+eGOuDQNN7P IFc2+sVhsR/DWjC7svezt1hSvWpVhz13a+v3sfq9L+QVAKCfedb6h7cui2ntWZsf hfbHDo9g92tyX9by3Q1NJMbLvOXxgfPQXjkVv9YFF95Ph64DAZD+SVqD+4TjJzIX Kl/PepP8N+siB7hOXmh114bZwPg+0J93db3tjNURKjYAbFRhdro7iyYOfEo2cpRH QVRRND/LzXpDXH1eSCXoxeCiofh2XyqwBH1olt+hRiNnPvrOtE+SZ+Wi4Xr1phMV bmiqdkbH5TIbrajjLO58S3gMswQvqJgvF3nI6DJOqYykhrcaCqCen3YS3eDIBpCu Zgv/2E2TMoUY2nfP4RPcPzhVjWG2nD4WqbHxHhRZXMZLRPrjm/yFmXUmeBEQtMpg MPtf679TutCactab/C5YSlOTrrAHOhUNhcV63KVACXHwPaXP1DZSiht1im7XA7/t JlICq0H+qzz8PpdxIRelUWljN2FubTufv/c9P/YvDdMokTJoBCekEc4XHhCWiJRx dZqcMgeFjnzIvYnD1kBK82auopuDU4SX1F69Zc+ItkBbjHLC5qc= =dKyx -----END PGP SIGNATURE-----