Debian-LTS alert DLA-417-1 (xdelta3) [LWN.net]


From:
    	       Chris Lamb <lamby@debian.org> 
To:
    	       debian-lts-announce@lists.debian.org 
Subject:
    	       [SECURITY] [DLA 417-1] xdelta3 security update 
Date:
    	       Tue, 16 Feb 2016 11:32:15 +0100
Message-ID:
    	       <1455618735.2594883.522530610.439B088F@webmail.messagingengine.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : xdelta3
Version        : 0y.dfsg-1+deb6u1
CVE ID         : CVE-2014-9765
Debian Bug     : 814067

It was discovered that there was a buffer overflow in in xdelta3,
a diff utility which works with binary files. This vulnerability
allowed arbitrary code execution from input files.

For Debian 6 Squeeze, this issue has been fixed in xdelta3 version
0y.dfsg-1+deb6u1.


Regards,

- -- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJWwvqaAAoJEB6VPifUMR5Y3LYP/3EpCRR9zrjYAWIJLWb+ZFs6
k+pQkZ1zPfNqsf6K0IWF7X2tV+JAZltAK39AuFnsiKjmKmajnVVNuAhzS/Tq8SpY
2EEuCuaz6mFrsGu0WQxn+/I8CnlmkhXnaD5RiNAuNOdH0y55VTFiR5I+rq8J4oyj
JWhciVZ/9X0JcsdV2+p5cAv7K+K1j+V0REWjPkomkAXFMCMUEDW/wlKgUQ/0+TYa
0OD+YoMN07pHfmJle5CS5ShXTcAAnEIDenI6gvJdrsQh+qCcvWKdRIQ/Y+uGiFSn
kgP+Dx9ARYG7glUt03VaRLiRp8bebv0puu0BH4MPNxdPbbXOChDZxQCab9EYg7Oe
hZZjevk1as68NXwIpZTrsBOxcfam0tRoOTsRALDVflC4bCnPpThat5kMDizVqQTo
Vy1NZyZmHWaTu/Dd0Slz6k+FHlayIlNQ9eeM9FCPTE1NB4eBpi23LDv/JZWYNGfm
TMLLjg1CZPavIAQ7ZJcTYf1pUfm629e56YAShHTQpl6DkMOtyEPOzV7mMZh5uWaw
UF5YIQeliwl6GRZC2PvZS+xnMqJH12Tt1EPAb9kTkc9+wQW35xO08h5hr5MmA51s
WKbz2iTk/TUrLJnLrPSQfHBptJ/sFJA2Smk5nypveoEuyoMB4IHCopneT+V8w2Os
tErbaAvc3eFnfvVxir7r
=RPQo
-----END PGP SIGNATURE-----

From:		Chris Lamb <lamby@debian.org>
To:		debian-lts-announce@lists.debian.org
Subject:		[SECURITY] [DLA 417-1] xdelta3 security update
Date:		Tue, 16 Feb 2016 11:32:15 +0100
Message-ID:		<1455618735.2594883.522530610.439B088F@webmail.messagingengine.com>