[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 844-1] libquicktime security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : libquicktime
Version        : 2:1.2.4-3+deb7u1
CVE ID         : CVE-2016-2399
Debian Bug     : 855099

Marco 'nemux' Romano discovered that an integer overflow in the
quicktime_read_pascal function in libquicktime 1.2.4 and earlier
allows remote attackers to cause a denial of service or possibly have
other unspecified impact via a crafted hdlr MP4 atom.

For Debian 7 "Wheezy", these problems have been fixed in version
2:1.2.4-3+deb7u1.

We recommend that you upgrade your libquicktime packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJYtiFTAAoJEPZk0la0aRp9hnoP/i67nnjVtc6J6Kdz/08Dx4MX
YxbPDCvlFbmQT/EkL6Y5qpaD8UHxEzHPiu+uZijvEbONtHZJ4ZppX4155lmYY2TT
Wj1DskONEc3pbRLX9AkQ9yDW+O62tfsWqzD5cUYv0ZLU6+BB1f+Q4iq5t9KUyde7
u8CHCC2bf7HVJftEvVCi1PNy21KKjguvn08x2jRaHVr+FkBYlK8tAphg2iYgrYEr
qSG5ruBJrrptpUtnWX/scERPCb+I8Cq03nqqD9ARkN1fYst8oTSO/CXENbUzL3Vm
y5ZriHBWFak2ZnKRqMpL6YjeAAFcnqcJJHkRtrhn/YGnmV0occG2I2uIV3Osy1Fs
qMrRencGnZEKIndMoHPTB8fsfpOL4z2cMm787Wun2qzGEVSkT7I7TwiwXLIzeTej
szhWdy/tEG571QJ7lBzK2IYxscyAOlmKiFjRrsn6uj29cwQ7rl+wscYdwUBhftz8
2bW2UxKhY0LEmVbA2oA3StGTvj+cMlH3cduTw0Ajkf/W+sBCpe7aNM+tQAlemAsC
9VJ29R4mT1Q4VNXl9GthO+1ukylGLhTdbN0pHaemRFl5u1SNdWNSxXKWDzXh2zB8
azuoEQkprLefDIzTRLAqIbDgw6sczUZJMOKUZKlA+lJ8b9bUlJuHgvYL4/Pl+7MN
x9hvPgBvrvOFoD2yW3X5
=Z/1G
-----END PGP SIGNATURE-----


Reply to: