[SECURITY] [DLA 1184-1] optipng security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 1184-1] optipng security update
From: Markus Koschany <apo@debian.org>
Date: Tue, 21 Nov 2017 21:26:51 +0100
Message-id: <[🔎] 93482889-baa5-4892-d7b0-bc169a4e05c8@debian.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : optipng
Version        : 0.6.4-1+deb7u3
CVE ID         : CVE-2017-1000229
Debian Bug     : 882032

An integer overflow vulnerability was found in optipng, an advanced
PNG optimizer that also recognizes other external file formats. This
may lead to arbitrary code execution when a maliciously crafted TIFF
file is processed.

For Debian 7 "Wheezy", these problems have been fixed in version
0.6.4-1+deb7u3.

We recommend that you upgrade your optipng packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAloUjApfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeSEDw/+JuEMuzLEFnmRKpQUPBqpN+nwQ7SpPILNjVw6E5+KWzo5bI5iQ5v8/oCz
I11uj3Fsmv5ftpQRKBK2ElpR+4EX9s9Hmgyx0rrUMy7XkvGZkxxEdXmqlsFYs/0W
YgOlZqzCoVIdikB/eyKruhESndoPz6a2gAsl8ZgUYmeWO0qACqR/qzD1n7BqfVtn
UpGbsKKunsUDwxA1NPibCdCHd3EErRA6nN3ofDF7Vooh7WIPOAgUW6FcSczz5qdp
gpb1HCuJJXvBLHEMwoNYxVBGBs7wZ2czbwJaqpyEurkrQLJNA2722k2Wy5t5/lOg
mK3qHIKOGjCcMpytVqv5+HXkSxdicLST2HUmw2XoMCnAl8g+MJAMTMRzgj29mVXi
Wyi5I+HOn+l5Xr7W7AvhaY1HTCI+FYMqbMLRYVlMfOgtXPz7VYMcClZY5FvqF5gD
miYeW4g2yUSYGW+BzD9LKwf1zqjbu8sKbskIbEatgQuxau8k0sOKqZvdmLkJQbnj
3v7/pVpAFP7q8KtOFwrQ9BUibzw82gbnvdJ/jLa9qSiO71Qjp4XFMmNq5cZXBP8v
fye82CXyC22yx/VnhA5SDiwL8qiy9pdNLfze1WlVf/KMH+RdQxpxHhmO4Wmbpzew
VxEhUPIO+V9pmR7Whqi/1TxSFe3NzQFnqFI4bUQbUV5zVuaa1i0=
=AOHH
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 1183-1] samba security update
Next by Date: [SECURITY] [DLA 1185-1] sam2p security update
Previous by thread: [SECURITY] [DLA 1183-1] samba security update
Next by thread: [SECURITY] [DLA 1185-1] sam2p security update
Index(es):
- Date
- Thread