Debian Security Advisory
DLA-959-1 libical -- LTS security update
- Date Reported:
- 28 May 2017
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2016-5824, CVE-2016-9584.
- More information:
It was discovered that there was a use-after-free vulnerability in the libical iCalendar library. Remote attackers could cause a denial of service and possibly read heap memory via a specially crafted .ICS file.
For Debian 7
Wheezy, this issue has been fixed in libical version 0.48-2+deb7u1.
We recommend that you upgrade your libical packages.