[SECURITY] [DLA 667-1] libxv security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 667-1] libxv security update
From: Markus Koschany <apo@debian.org>
Date: Wed, 19 Oct 2016 12:07:19 +0200
Message-id: <[🔎] 9b401623-42a9-558c-0426-1d9829d38611@debian.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : libxv
Version        : 2:1.0.7-1+deb7u2
CVE ID         : CVE-2016-5407
Debian Bug     : 840438


Tobias Stoeckmann from the OpenBSD project has discovered a number of
issues in the way various X client libraries handle the responses they
receive from servers. Insufficient validation of data from the X
server can cause out of boundary memory and memory corruption in the
libxv library.

For Debian 7 "Wheezy", these problems have been fixed in version
2:1.0.7-1+deb7u2.

We recommend that you upgrade your libxv packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQJ8BAEBCgBmBQJYB0XWXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRBQ0YzRDA4OEVGMzJFREVGNkExQTgzNUZE
OUFEMTRCOTUxM0I1MUU0AAoJENmtFLlRO1HkiDEP/iV8FcdHcxaMywnRPiVdb21Z
usR1NphkC5lkdPKiT9VncrW7zkGzdvk77ZgkUI848ASKh2UvdHmL0N783btpAqC8
vq57PcFx65IrnIpYQFkwKjRL+rY+nrSqYc15vr/A1M9HorMklx3o31UXcfp49hQA
6UzVlnaVnxydQalG5pQsEQq4qqOSxStkDEQ/Fi0fkgNsuJ0fk6P0dlfeVezTogMU
jnlKmlDf+lzZMIB7ZRZ5wZbYvaaGLzhn2YaF8v1coLpIiJmOGHYt12pC6XaZvB4b
PLxkXhDTAbvLS9QcxNqt7xyA73+Vy4ZpREnXwxP0J8DYaBP461AgkDyGJakCUyee
DONCSzLU8RozMesiGQJ2QVUQWjLIHbWDxFW0AVXsHZBPaJYyIZLDVv2lIJ6fuWAP
wFIpP5DD7VyzGhncX/XKpW6YFX6ob27xASME6hsN+iAuY/d3zukfm+QqHykuoTvX
4DCeVxPUmlVKVVwSfVOlK9/BVqK0rqXp8dPoiC30APtxQRudbAdr8AT4WwBCf/c9
5Zo/JyHJ9VXKbHsC2IAf49Fsy0y2oImlx9BPh4X3lhjfmo1O8TtQ3muex/iIkTud
QBScKXgbUDDLTofuFQxeveIJ0YZiPgcEgXgs70xASaS4aqFJkCAvjrcsb3FobHJ8
U920sp9+bBCjROS+u2Rz
=A928
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 666-1] guile-2.0 security update
Next by Date: [SECURITY] [DLA 668-1] libass security update
Previous by thread: [SECURITY] [DLA 666-1] guile-2.0 security update
Next by thread: [SECURITY] [DLA 668-1] libass security update
Index(es):
- Date
- Thread