Debian Security Advisory

DLA-417-1 xdelta3 -- LTS security update

Date Reported:

16 Feb 2016

Affected Packages:

xdelta3

Vulnerable:

Yes

Security database references:

In the Debian bugtracking system: Bug 814067.
In Mitre's CVE dictionary: CVE-2014-9765.

More information:

It was discovered that there was a buffer overflow in in xdelta3, a diff utility which works with binary files. This vulnerability allowed arbitrary code execution from input files.

For Debian 6 Squeeze, this issue has been fixed in xdelta3 version 0y.dfsg-1+deb6u1.