[SECURITY] [DLA 959-1] libical security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 959-1] libical security update
From: Chris Lamb <lamby@debian.org>
Date: Sun, 28 May 2017 19:02:30 +0100
Message-id: <[🔎] 1495994550.3608129.991097192.0CA8ECD9@webmail.messagingengine.com>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : libical
Version        : 0.48-2+deb7u1
CVE ID         : CVE-2016-5824 CVE-2016-9584
Debian Bug     : #860451, #852034

It was discovered that there was a use-after-free vulnerability in the libical
iCalendar library. Remote attackers could cause a denial of service and
possibly read heap memory via a specially crafted .ICS file.

For Debian 7 "Wheezy", this issue has been fixed in libical version
0.48-2+deb7u1.

We recommend that you upgrade your libical packages.


Regards,

- -- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlkrEBcACgkQHpU+J9Qx
HliKJRAAhQcuNbRyrCm87kvaccY2Yfh6/ABnPLkfI2zcowpOZ+i8fLpEsosdqDVd
dK8x6HOT6kXKnfmcXFV/3XC3btiOVRJC9QpH6S+XrPxhTq4g4BAsG8/pLe64yCo+
DtN7qEErZeVudYN5WBddT1qMKAnyad0x+ql1HD3vOI4Yw1+SW5ffL+uoYsfUP2mV
psESqThICO97ZtyzExYVJ3T4NgAzd9IB8PRe9BETA8SiOhtgkb4flJDu6Yl6+p0m
U0uqXNG1CalR19Yn7Wvpopfu/DWHXURPHUbvykkd3kJ148c/qW0yjl/t0c28kf+V
UZbgiM8BePbzDiiVvAiZbGzPU3pDnynrLvmlBPyQAuLsHBXpI51AnNehCafl7cXd
8YUxfDVC8r+nyXhZrJZ24mkjDwCb/Pk4051X8uX+qIAJdYlwa6LwdtNKWDZctTes
+nysfye3/cBxMgu9Qi8eASsAJIzjoZeKd6CAA+VFC/KMsQ0DuD2zjNvnR5f1fA5d
OsrZ6ZgNfc5XrL3XWYWsVeOefijAKSkEOZNgINbdRq1iOzevAReLmSUEccn+Kqx9
IUX/IbMwZbDBKUXU6I/GGQ1xlYmKm3zrVbh/gdjjJUVmEZiDZlfZ0/rtvyHNUhgo
r34Ft4OJ5b8hqXNvrWN9Iz1q7b9OLsO5OelpyVryeDw2xM1TxtI=
=tx1k
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 958-1] libonig security update
Next by Date: [SECURITY] [DLA 960-1] imagemagick security update
Previous by thread: [SECURITY] [DLA 958-1] libonig security update
Next by thread: [SECURITY] [DLA 960-1] imagemagick security update
Index(es):
- Date
- Thread