Debian-LTS alert DLA-816-1 (svgsalamander)

From:
    	     
 
Bas Couwenberg <sebastic@debian.org> 
To:
    	     
 
debian-lts-announce@lists.debian.org 
Subject:
    	     
 
[SECURITY] [DLA 816-1] svgsalamander security update 
Date:
    	     
 
Fri, 3 Feb 2017 11:55:35 +0100
Message-ID:
    	     
 
<39edce30-188a-d9bf-7de1-1848828fea3e@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : svgsalamander
Version        : 0~svn95-1+deb7u1
CVE ID         : CVE-2017-5617
Debian Bug     : #853134

Luc Lynx discovered a Server-Side Request Forgery in svgSalamander
allowing access to the trusted network with specially crafted SVG files.

For Debian 7 "Wheezy", these problems have been fixed in version
0~svn95-1+deb7u1.

We recommend that you upgrade your svgsalamander packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEgYLeQXBWQI1hRlDRZ1DxCuiNSvEFAliUYaQACgkQZ1DxCuiN
SvGmoA/8Cep8vu6kUwT9LDa2dpVYt1ILSbiGc2cz4h02k9Gl+8m9xSAGOC3dJbIT
q8MJOCxVZj8ZGExrgurTb4mDZaw7ETkQZRHIADiutJbfFaCd4hvTh18HPs5TVT5G
fLoexV4U2t+Lg/j6wCyACfGkOM7w/no2SOZRHJgO9CqXJzsRpZy0gUstdpbjBt3L
CHI9jw4p4j1Pqj+Wzpebdtwrhg5c4w8RmYfkyfxkB5IFHKjf3mCywzuZQctf9dHI
E2HDjcIXHY7r7S6oDmXFRjVPsThRnRlZwK0ClFmnwKseYCi3IXE+OCD74ThFJqMz
0vREU7r5LoCp/Q2JzSvlfrPYblLXzyWeFs4tbAPn23XFl1vej4lPFoIDSoIUH1nh
lzTrxe5r9v8P6poVbN4rEBdJzowPav6gy25qYyXAB/+kxIM00t2BeOt+n35LC58U
crltSqTcq4B0p9Verwx+K8fY6QPLy9zDhvEzrMmSeOKhX798wAU84sRQUJsfEBnp
WfAQpb5lHJCFCjocuqVLAeKQ28em5P0goC671rWFYgv6tx4QKP4wkdrxG2zge87Y
RcO5NBPMr/xYbuKGj0w56LS5Ye562aLYF4qJSX2uTa5N95tK8WH2QpM6ftbIuXs8
0F2AgSGInDlF6gN7NgQNHD+ZFzF+++1Qa0fHDTdtQWlFJUeY31Q=
=dcc7
-----END PGP SIGNATURE-----