[SECURITY] [DLA 668-1] libass security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Package : libass
Version : 0.10.0-3+deb7u1
CVE ID : CVE-2016-7969 CVE-2016-7972
Several vulnerabilities were discovered in libass, a library for
manipulating the SubStation Alpha (SSA) subtitle file format. The Common
Vulnerabilities and Exposures project identifies the following issues.
CVE-2016-7969
Mode 0/3 line wrapping equalization in specific cases which could
result in illegal reads while laying out and shaping text.
CVE-2016-7972
Memory reallocation issue in the shaper which lead to undefined
behavior
For Debian 7 "Wheezy", these problems have been fixed in version
0.10.0-3+deb7u1.
We recommend that you upgrade your libass packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQJ8BAEBCgBmBQJYB16rXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRBQ0YzRDA4OEVGMzJFREVGNkExQTgzNUZE
OUFEMTRCOTUxM0I1MUU0AAoJENmtFLlRO1HktsMP/3qdxhw7t1fMbFNhCE3R7laf
dZ7d19NiF/urMB0YKwsjTwrDJjEbToxmyKhkWXEKDKBbk2oMqS4XR5iCL0x+TbWa
lNzbwHU0O3IFW6cCr3xKJbNJUUo8kBuRB3lWgF/xH/OeTpAGeodA/SARfoJZSYK2
o7CkMnE04WUMdcRV7DIO+S+Mvw+PoFDx+jxv6Jz7H6+ORQoV3ljmf0exw4xgFNH8
I2NO+dKDKCs2KehIiH3ruFjNlaeu/b8BG4ZdTL79xqxLU1vOxl3usRyPvVOzTwsr
trQx3mu/CfLVnzx6UQ45s8zc1xmF1FFuCvQiydY0V9iaWb19lhNMkp6czrzNGH08
RNX1haieF70Nv/V50xlhhwCixEFjkiqWYiMF9jZhu7iZvPP+e3IR8kE+DFF7Xyp6
11nci8AFsI5EZ2CNkPqdV3HbVsmc2uutPCvcn1JweN8jkMTMvCHw8vBya8xEqnFa
qEQUBRDKl+wnbLXuT1nXA4MpUe5XlB4Ww+9LFnz2M1tJ2lYHSsXgxmUzu3ZltX4M
1sVZVSzJpXrVwnXdi+BV9rWkHeEIQ2PIVKU5uP712rFmOwOpDU7lLV3FUC/WsyVQ
qLv5kCq9tZaIpvVcmeC3Kcl29wLyz58NIui04zSAYj1sAVIrK2b2sLuCaqSIwlax
yfnWg+qwjBe/2CDiFifP
=jtot
-----END PGP SIGNATURE-----
Reply to: