[SECURITY] [DLA 569-1] xmlrpc-epi security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 569-1] xmlrpc-epi security update
From: Thorsten Alteholz <debian@alteholz.de>
Date: Fri, 29 Jul 2016 23:13:39 +0200 (CEST)
Message-id: <[🔎] alpine.DEB.2.02.1607292311410.16461@jupiter.server.alteholz.net>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : xmlrpc-epi
Version        : 0.54.2-1+deb7u1
CVE ID         : CVE-2016-6296

Integer signedness error in the simplestring_addn function insimplestring.c in xmlrpc-epi through 0.54.2 allows remote attackers tocause a denial of service (heap-based buffer overflow) or possibly haveunspecified other impact via a long first argument to the PHPxmlrpc_encode_request function.


For Debian 7 "Wheezy", these problems have been fixed in version
0.54.2-1+deb7u1.

We recommend that you upgrade your xmlrpc-epi packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQJ8BAEBCgBmBQJXm8cDXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHzywQAL554KXIGdo3zoPZEoNC3KPU
OTVG4HLh1deYDv3H2JvfE71PwsOwS4jlnVby5a1w6Bzjt8LHqScpzePy0OzV7I4/
IzJdekAHwQPe7uLWRAm8y+3v5e9mE9NbR75DDpG+3MSTx/biupOESYRkqOBlI9k3
RYMTnzOFS3TNs44DByIPyQ/yD0wti0tizWk8r93cy2V5cdhkt541iJ9xpUuhvnxD
2SM9EJTT3eGOCgP7c2atGzYI6+PeDvAMce9gH340RKNSDcPs15I+BYivVWmGQR5g
uC161aaC9rb7uMWRGgR8oxJCOuFLFRYM9mSa2obz2P+QAE+nDDXk3mvlbHSq4/To
Or/3dcEgq8BjnUQg/qZp5foOO4poLkmk9z15g+vP6eIRd+wDc1cjLoH19DVbezoA
I6y7g3YwUcjwvi/MmLbM6r1YEa1pMPRYx4y/h6lP+rMfR1LFcaCr77rsynArhCFw
xQ8s4vuPw2hzic9ndJwpiTq9A7bV1tvLFibbwDs0Q7231Iv4TRbFYYJlX5JuOers
IPFXNPQ5Pk3YLOCm72PjxHsc7ieoAGGShglE8WnGBMOKxUjeXJxGbLyJLdPMbIKJ
6d7ir5Kzm0bTwbwvIq5yNUjo1/b6k/WZJwks63cOpFW5LtCZcXZnmJsy8lSyL+6Q
F+wYNG6XnUlfhSf5ELyC
=uX3E
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 568-1] wordpress security update
Next by Date: [SECURITY] [DLA 570-1] kde4libs security update
Previous by thread: [SECURITY] [DLA 568-1] wordpress security update
Next by thread: [SECURITY] [DLA 570-1] kde4libs security update
Index(es):
- Date
- Thread