Debian-LTS alert DLA-668-1 (libass) [LWN.net]


From:
    	       Markus Koschany <apo@debian.org> 
To:
    	       debian-lts-announce@lists.debian.org 
Subject:
    	       [SECURITY] [DLA 668-1] libass security update 
Date:
    	       Wed, 19 Oct 2016 13:53:15 +0200
Message-ID:
    	       <bbbc8abc-d139-c099-a1b5-3bc93036a8a5@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : libass
Version        : 0.10.0-3+deb7u1
CVE ID         : CVE-2016-7969 CVE-2016-7972


Several vulnerabilities were discovered in libass, a library for
manipulating the SubStation Alpha (SSA) subtitle file format. The Common
Vulnerabilities and Exposures project identifies the following issues.

CVE-2016-7969
  Mode 0/3 line wrapping equalization in specific cases which could
  result in illegal reads while laying out and shaping text.

CVE-2016-7972
  Memory reallocation issue in the shaper which lead to undefined
  behavior

For Debian 7 "Wheezy", these problems have been fixed in version
0.10.0-3+deb7u1.

We recommend that you upgrade your libass packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQJ8BAEBCgBmBQJYB16rXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRBQ0YzRDA4OEVGMzJFREVGNkExQTgzNUZE
OUFEMTRCOTUxM0I1MUU0AAoJENmtFLlRO1HktsMP/3qdxhw7t1fMbFNhCE3R7laf
dZ7d19NiF/urMB0YKwsjTwrDJjEbToxmyKhkWXEKDKBbk2oMqS4XR5iCL0x+TbWa
lNzbwHU0O3IFW6cCr3xKJbNJUUo8kBuRB3lWgF/xH/OeTpAGeodA/SARfoJZSYK2
o7CkMnE04WUMdcRV7DIO+S+Mvw+PoFDx+jxv6Jz7H6+ORQoV3ljmf0exw4xgFNH8
I2NO+dKDKCs2KehIiH3ruFjNlaeu/b8BG4ZdTL79xqxLU1vOxl3usRyPvVOzTwsr
trQx3mu/CfLVnzx6UQ45s8zc1xmF1FFuCvQiydY0V9iaWb19lhNMkp6czrzNGH08
RNX1haieF70Nv/V50xlhhwCixEFjkiqWYiMF9jZhu7iZvPP+e3IR8kE+DFF7Xyp6
11nci8AFsI5EZ2CNkPqdV3HbVsmc2uutPCvcn1JweN8jkMTMvCHw8vBya8xEqnFa
qEQUBRDKl+wnbLXuT1nXA4MpUe5XlB4Ww+9LFnz2M1tJ2lYHSsXgxmUzu3ZltX4M
1sVZVSzJpXrVwnXdi+BV9rWkHeEIQ2PIVKU5uP712rFmOwOpDU7lLV3FUC/WsyVQ
qLv5kCq9tZaIpvVcmeC3Kcl29wLyz58NIui04zSAYj1sAVIrK2b2sLuCaqSIwlax
yfnWg+qwjBe/2CDiFifP
=jtot
-----END PGP SIGNATURE-----

From:		Markus Koschany <apo@debian.org>
To:		debian-lts-announce@lists.debian.org
Subject:		[SECURITY] [DLA 668-1] libass security update
Date:		Wed, 19 Oct 2016 13:53:15 +0200
Message-ID:		<bbbc8abc-d139-c099-a1b5-3bc93036a8a5@debian.org>