[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 929-1] libpodofo security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : libpodofo
Version        : 0.9.0-1.1+deb7u1
CVE ID         : CVE-2015-8981 CVE-2017-5852 CVE-2017-5853
                 CVE-2017-5854 CVE-2017-5886 CVE-2017-6844
                 CVE-2017-7379
Debian Bug     : 854599 854600 854601 854602 854604 859331

Several heap-based buffer overflows, integer overflows and NULL pointer
dereferences have been discovered in libpodofo, a library for
manipulating PDF files, that allow remote attackers to cause a denial
of service (application crash) or other unspecified impact via a
crafted PDF document.

For Debian 7 "Wheezy", these problems have been fixed in version
0.9.0-1.1+deb7u1.

We recommend that you upgrade your libpodofo packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlkE9RlfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeR8BRAAvpfEbeqWsys1jNTXlW1Q6VtxJpVDk+bYlMdacq8/FjOuURvVrs174iYL
bqEE8KPUdvv2YfHqVFbg1yyd0V/q6LkntLd0BEMvm2TG74PXnwqlgb08GQRyqVCM
3kcFmYjo/1bnfBZW05/UKZBsYOxrPqlZwQzZPAGBrDwaHXIgIs0rIZHCu+UHL3Fd
ZQyXOjzqIqpPy4Grr6Ebi/GxpxK3OuPcRMobtb2DGxj8Ghao5Xs5OfnXEXFNFxMS
ERXQNGAC0E+o4IC6+6LWO49vEP48RFm/LoNeNATMXh2lEKag44K1HprPbTCSQjx7
cWg/I8POUhDNAiM+E6wvY1lkawpOEXshPCVZdyjzqlktiNKX2N2KTJh8i/MT0G9M
Ex4poebolZFm7Nqod3KAKLYWIBWtSpAhKYiJhZyQ/e6vGlMMtmekjFFGzLJUjVUb
71hGPjrUy4vp1J73Tf0zkJwz0CSi9U5wG4bvMPMgAYNVY9/00awe1kIaMQOlpuJ1
TVIcfU20gkt9XzfUKAqwKAaBT4mcpQoULR3Bqc1CM80Fr2BbVcC4nt9hgb8wyjI+
5bj2WZbdD9NpE7gcKbsiokNtGZ5EGmIAWSR9dcn/10kYoyoTyp/evbPuKx15eMMu
rvtOmdmGrAKUsddsawHvbR+Mf8VgHdZ4bSf4HVVvaWPXul47YSE=
=83f5
-----END PGP SIGNATURE-----


Reply to: