Debian Security Advisory
DLA-668-1 libass -- LTS security update
- Date Reported:
- 19 Oct 2016
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2016-7969, CVE-2016-7972.
- More information:
Several vulnerabilities were discovered in libass, a library for manipulating the SubStation Alpha (SSA) subtitle file format. The Common Vulnerabilities and Exposures project identifies the following issues.
Mode 0/3 line wrapping equalization in specific cases which could result in illegal reads while laying out and shaping text.
Memory reallocation issue in the shaper which lead to undefined behavior
For Debian 7
Wheezy, these problems have been fixed in version 0.10.0-3+deb7u1.
We recommend that you upgrade your libass packages.
Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS