[SECURITY] [DLA 840-1] libplist security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Package : libplist
Version : 1.8-1+deb7u2
CVE ID : CVE-2017-5834 CVE-2017-5835
Debian Bug : 854000
Several vulnerabilities were discovered in libplist, a library for
reading and writing the Apple binary and XML property lists format. A
maliciously crafted plist file could cause an application to crash by
triggering a heap-based buffer overflow and memory allocation error in
the plist_from_bin function.
For Debian 7 "Wheezy", these problems have been fixed in version
1.8-1+deb7u2.
We recommend that you upgrade your libplist packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAli1jqxfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeTjaQ/+KUKpGre99hafCXh8wu5Bs51WKJvmNaR/Jvjz+ReE3sxY2UbDMZDfA3MU
cqiV1HxOFvTNQpGuulxJr27V/0+PjNaas1dLXRuhji6pB4QQ+iDvJxryJpZGaAdh
0qRRJmmUcrCvPWhxyALzrcwEDRltVeIPcsGlb6xjLSZDf2nVpv9HLCm3MDlRWps6
czufvczq8LqjzvAj9isKZDY6/xXaZXrcpjJOtgqRhqQtWH6o81zOQCfLgUeYeRGQ
qiRnXkRjr77PmRSVqIqmKFH/L/WuzB2CcDhEJ8mtM2T1v+m7Q6oz3XR1YJWpnMM4
8OvflrQxEInPJ2ER6K4mZ3TSyFmSqW6V+AO0XlRTbRVRFJlJ0fUs9Mzl/EdVPlMl
OKx1mRE/+fsWkOkneIdvHRuXDMvXi0RvW6SonDUWG7bxirV3I9XvWp6Ufm1K8JZg
0qeWjIbVTOeX+7QPpgqtlHH4rYgOIiw1Tc25kim0oi/G06dp1wzC2SlfdiLz1MaI
XNcc1MpKr7hXKF5Q6Q+djdU3tmIk6aZUsX6OwFaiNNc4jxmOqipjVw/BehdvLBxF
Jtt0VbAXrg6ni9OR1aWlPzfjywhuW5TLsHCJYq+nsiXuFjqPdCvB8i0wjbDfaul2
IYDiBmadMUotrpDWxOscohrUekI5wCNVsmARzg4XGL0YIR15E4o=
=wMLv
-----END PGP SIGNATURE-----
Reply to: