Debian-LTS alert DLA-811-1 (libplist)
| From: | Emilio Pozuelo Monfort <pochu@debian.org> | |
| To: | debian-lts-announce@lists.debian.org | |
| Subject: | [SECURITY] [DLA 811-1] libplist security update | |
| Date: | Tue, 31 Jan 2017 21:06:08 +0100 | |
| Message-ID: | <2acdae1b-7851-ccbd-950e-595b853c327b@debian.org> |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : libplist Version : 1.8-1+deb7u1 CVE ID : CVE-2017-5209 CVE-2017-5545 Debian Bug : 851196 852385 The following vulnerabilities have been fixed in libplist: CVE-2017-5209 Out of bounds read when parsing specially crafted Apple plist file CVE-2017-5545 Heap buffer overflow via crafted Apple plist file For Debian 7 "Wheezy", these problems have been fixed in version 1.8-1+deb7u1. We recommend that you upgrade your libplist packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAliQ7isACgkQnUbEiOQ2 gwIjuQ//YlwY0krAlw2j4D0j1cE7e/l1VPkdDsGTPhLrNNE++Hqr/4lrNYed4Oh2 mT9d/bYldAiSK3Gisni3TIeso9beZZAj6GDwyke7ifDIegTfAllFOIdq33ThIXsm 06+aNVXyDPOKKrNVFS5fwuz7ADkjx/yatknrqqUT3WNLo8yhNe8M3hynOLP5S7GS fb7dLFqRQGXeDBcd5pWGUrCwd+dXWbwdIQhwiQ0QfftIjLALOsXrtZr8ZIe4uiT1 3sqehzoQUxpgkWsIf8RQBEbjF+AxRAz437KciG05r46dHOAUoQEGo3i0zksuSMp3 +Ug1bUQubQffmHo7xscc0buCCzWbP0IIm5+e9fFeoUAowkzU/FVWGLds2G/F1rz1 13/23N4dxNgUyJCH/DZyxqV4IUw3izTxwhKjs5Ti2jTjaAUp7DmAHADAmETuSRHl zveM6Spra5lAt1cJj1QawsTEyqoGBQ0NGU9teDpKW/DELOmDT6i61r0tAzLkCnHO 8GyQ1sNKoJbSbYrhdGDUCAyLPEe7+ugsYLFQxInq4lg8MVMyhUipi8fdxuK6EO5u OjA3vHqnkwEJ5+nh1NvKtvnE5WX7Ntl11ZBwPKqkCiIqPbQsP6CeScFZypWyEEir p245j2c0pMk+kDCzI2aJIz7zGqSIomoWQT3v5Y6woQD7lHvNm8w= =WV/r -----END PGP SIGNATURE-----