[SECURITY] [DLA 968-1] libpodofo security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 968-1] libpodofo security update
From: Markus Koschany <apo@debian.org>
Date: Tue, 30 May 2017 23:00:37 +0200
Message-id: <[🔎] f37f55f3-72c3-aa41-c920-117214c4837f@debian.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : libpodofo
Version        : 0.9.0-1.1+deb7u2
CVE ID         : CVE-2017-6840 CVE-2017-6842 CVE-2017-6843
                 CVE-2017-6847 CVE-2017-6848 CVE-2017-7378
                 CVE-2017-7380 CVE-2017-7381 CVE-2017-7382
                 CVE-2017-7383
Debian Bug     : 861557 861564 859330 859329

Several heap-based buffer overflows and NULL pointer
dereferences have been discovered in libpodofo, a library for
manipulating PDF files, that allow remote attackers to cause a denial
of service (application crash) or other unspecified impact via a
crafted PDF document.

For Debian 7 "Wheezy", these problems have been fixed in version
0.9.0-1.1+deb7u2.

We recommend that you upgrade your libpodofo packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlkt3XVfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeQVKhAAybrQymbK36byzq2XVySSkER2o1yJ2RPBURc/hvZZ42+AeNGYuR5H+JRo
BdY0+jrDoBalnAv2NrmMdowB8W573L/dVA4R35QgFmeu6JHIBzIoBV6N/L6yoZRg
UiZ2rqiudCfCz2whH9oH9FlN/hVAvkS7/o7bSiVdry7TlAJlFbGCqH9Wg7xCaOVw
uSpzu0ielbRiaR8C8ZGrr53kPTN0PyMRanOI9VZSOZ2JgajLiB2nNCPimm3XLXaQ
jX2GwwIQdajlW+U80By0FfOcVxdLK54wD1mbcii8da4Dmsl6WFZz0lWS5C3sOJ+t
Udelx9NOawSfquY2p5PPuSLxU+NFMSlvl0XFss3B2PCwGYaWM35jnTTUL3OKIga1
w2VanBn/eB6bOzMJueRVTXnVF4Sat0jhYb+liUV4yr0UQplDLrV6JD5DwclkseVV
Thle3tmCvAcJV/gTNQGhc7mLjrRdE5/MZNaW7Je60pSreSxOA1SzDU1MvwKCVqRe
3xG0bWDd/3ibkiXVQtomEUBrpUjDWCUnSZBfR+WGeaVlXaB8o5oyt/p6UYip79Jb
NrulVhUgojAHzux/Two57rg1fp4scL8Cxf+q5ljnHGJsypuuan1tyFZkAwhescIZ
qJ0yRkZU6eh0SmgxCQgHERuu6MS02D81qUAVcYVs5wrZpY/TbpQ=
=lh14
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 967-1] gajim security update
Next by Date: [SECURITY] [DLA 969-1] tiff security update
Previous by thread: [SECURITY] [DLA 967-1] gajim security update
Next by thread: [SECURITY] [DLA 969-1] tiff security update
Index(es):
- Date
- Thread