Debian Security Advisory
DLA-32-1 nspr -- LTS security update
- Date Reported:
- 07 Aug 2014
- Affected Packages:
- nspr
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2014-1545.
- More information:
-
Abhiskek Arya discovered an out of bounds write in the cvt_t() function of the NetScape Portable Runtime Library which could result in the execution of arbitrary code.
For Debian 6
Squeeze
, these issues have been fixed in nspr version 4.8.6-1+squeeze2