Debian alert DLA-2001-1 (libofx)

From:
             
 
Dylan Aïssi  <daissi@debian.org> 
To:
             
 
debian-lts-announce@lists.debian.org 
Subject:
             
 
[SECURITY] [DLA 2001-1] libofx security update 
Date:
             
 
Sat, 23 Nov 2019 10:22:13 +0100
Message-ID:
             
 
 <CA+6XHwSwvVA8SZf9nGJUntsDtSan2JKNK_QaT9y2b648+MTOTw@mail.gmail.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : libofx
Version        : 1:0.9.10-1+deb8u2
CVE ID         : CVE-2019-9656
Debian Bug     : #924350


There is a NULL pointer dereference in the function
OFXApplication::startElement in the file lib/ofx_sgml.cpp,
as demonstrated by ofxdump.

For Debian 8 "Jessie", this problem has been fixed in version
1:0.9.10-1+deb8u2.

We recommend that you upgrade your libofx packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEmjwHvQbeL0FugTpdYS7xYT4FD1QFAl3Y+hIACgkQYS7xYT4F
D1T/Jg/7BaSEOZkz0IvTGotvT5tsmy2sH2Gkt0KKPg7kReoRP4x1UxtbIa+s1hGO
q0WDTAvyJt4ge9g2jQs1TTVphd0V9m+aqdZ9uBRQsqAv3oQ0LYzOAnDkCA7UTbjC
Yq9tOR7/beOyqa9WvnuKuxCGBLk6mE2hijmYeEdrvZS+eU56/rTzfETK5TQgrhwQ
IvHFhYXPy5DBDzENos5jVmEPPv+HBLfiLjY7buaeiRPG6eI6rfe8g6zF7Xx+rBcs
QGbW9IiI3p15tLPZ2tqLPhH17gawLv2y2kF4mpIWNwfwlf+5pz7M8wvQ59IcR91H
ZukHWCulziqyg8pZpOyzZB5KIxyI9CixvKEOfb5kNtusECrrI7uaiaxLK0kmMuNB
Iu/M5+0XieQr1b3cx+w5lL8Ks8TKk1bPuRQjAS/eac+8rq7dM5s6pDa42GI4SQNz
tNWFnGCLI583xkAnNSSvxnWFo7hFTeVw2JYqUR9dAVl30E6BNsoBq2oQBug25wzR
SF6srofYpQBAFa7iFbBUzHAgrWXH4Sa7rKFVKUse02B2ueUYdu2xnOmHQUUZInAs
7qf8nW59yrtCRsZ25p7OXTiPKmXAoG5keMqNofUF6wMk6yXkAkHY6uFqRlSTyNPk
yb+uBs75tF4XFFTJB294HG69orP0ZP1rO33AOtFd6n8nwYXJzs0=
=vusU
-----END PGP SIGNATURE-----