[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 1017-1] mpg123 security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : mpg123
Version        : 1.14.4-1+deb7u2
CVE ID         : CVE-2017-10683
Debian Bug     : #866860

It was discovered that there was a remote denial of service vulnerability in
the mpg123 audio library/player. This was caused by a heap-based buffer
over-read in the "convert_latin1" function.

For Debian 7 "Wheezy", this issue has been fixed in mpg123 version
1.14.4-1+deb7u2.

We recommend that you upgrade your mpg123 packages.


Regards,

- -- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAllgnoUACgkQHpU+J9Qx
Hlg+kw//aMiin1HrRIAHaXgL0sj/JYMxIG9s9aDqC5nu6EHQqrymLqr/6UTWdi2H
q/Tcz86oG5nEkshA7k6pg9iMoVBqfE6fKU+3D3uchzOjcoNBRgRXM6RbD+jnKEp/
MGqXbPuGXJ9AzULH0b4ihuQbwwiZpQBqQulUpJW7UGHDjgZc9+cEK4zIXbo0OSfZ
mcbsFV7p4cbmzWPwgQplcOsB6vg5/kHoaj4u6jMBuZoehDuG4r2Ts0/rCnKMTTFM
FyYC7EuJPCTjcBZ169rRQwdUEdb4TETrhuMlhXezTYZK+hbRC2Gxc9myWQ3Mcz1B
1w7CSvIcrntHq9yZ2k1zXJgHDNwyv37RYlkQ/wpBu1M1kTE/mEAYDiYKX5ESo2qi
klqc03mV0dAcjhecqpZjRetGw3Vi+YcHk7Ag1dmTx9xISdBqUAF2J6DK9hizP1aR
kay/560OkQCBUW8huYiZqTX7s3lXYLo02NevjB3ayZDNARusBxvXNQ66X/AvchbL
DPSV9PyBLgXRWZ9AOHcb0wZWo29OMnete09NO1tH+6JpeXlFfsmixxKuzoCXquam
Yqu0NWciqcYh4bStbdT1f5sdxmnnIgBc7mUjUlN2WsCLNGAl0KRMyg4R4Z3Bn59R
qQNJZcEK8+ME2Tcj3V+QlheVedtVARCdex/Z/tw6zn0AXcIMRQU=
=vDxk
-----END PGP SIGNATURE-----


Reply to: