[SECURITY] [DLA 1243-1] xbmc security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 1243-1] xbmc security update
From: Markus Koschany <apo@debian.or>
Date: Tue, 16 Jan 2018 22:10:02 +0100
Message-id: <[🔎] 343b50d6-79ef-1304-4fb3-5fa2be3b7011@gambaru.de>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : xbmc
Version        : 2:11.0~git20120510.82388d5-1+deb7u1
CVE ID         : CVE-2017-8314
Debian Bug     : 863230

The Check Point Research Team discovered that the XBMC media center
allows arbitrary file write when a malicious subtitle file is
downloaded in zip format. This update requires the new dependency
libboost-regex1.49.

For Debian 7 "Wheezy", these problems have been fixed in version
2:11.0~git20120510.82388d5-1+deb7u1.

We recommend that you upgrade your xbmc packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlpeah5fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeQ57g/+OKlOBIYb4mkxd4o9duy4um9Oaj/MzjVrtoGeklTl97FzjZe4yYYYzu66
PIiBs1Z9m+xwxaONkmVDaqgYLUpiNS2GuGMM21zGp2WO+W1LQwLGKgOy6pLQhwsW
AJul6HWDAMhA9160r2DCrxmWNKAPLev7aUxrqJtCm3almYa2tpLh++jPYcni9VbN
4FhgRAEPONvLDKhLCF+FvcGKmAtzXWWeZ2dodn81OiQkYphf1eulkNx1mTR0OnQO
n8FBuSJPmcDkTBkOZC3B82riJJvyomyVjIOTNd6tMzJrkOIFvpsmKX/9LIethHWF
WADPmlIh5GrP/thOmTHbZ+3jLkwHLUtQEgviWFGVeXoR3rzOsTsWp/2diH0VIfPt
FKVjoNaF4At45WZDkTedUEsLwCM9ZMd1Sj/L8MGBC5mhPwSsFnffOGlU2qUUBkc4
yRT/85EhK9UUF99qcKrfxNEFMCfEzqNkZH1hYdWnjGm+DnkMfWPq2Ry4tqduSyRr
tumkut+POsEZdOAJfzCc+kGzqiyr8FRpz1T3Cy8rGtwKIMZH+Jk7Ry4I4qjruJEb
Oj4JCx+LAWKWT5BLDi2HKCtfQ4iBc8pe7Z5OPQlmCy1BWtIAic//NQeCF+dggH6g
+DJKsOaG4wB7prPc1dNIozg930Pf0hhqrjhUjDnOXvfk+3+AWbo=
=xEky
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 1245-1] graphicsmagick security update
Next by Date: [SECURITY] [DLA 1246-1] transmission security update
Previous by thread: [SECURITY] [DLA 1245-1] graphicsmagick security update
Next by thread: [SECURITY] [DLA 1246-1] transmission security update
Index(es):
- Date
- Thread