[SECURITY] [DLA 1496-1] lcms2 security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 1496-1] lcms2 security update
From: Chris Lamb <lamby@debian.org>
Date: Thu, 06 Sep 2018 10:20:22 +0100
Message-id: <[🔎] 1536225622.3977914.1498680648.00583297@webmail.messagingengine.com>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : lcms2
Version        : 2.6-3+deb8u2
CVE ID         : CVE-2018-16435
Debian Bug     : #907983

It was discovered that there was an integer overflow vulnerability
in the "Little CMS 2" colour management library. A specially-crafted
input file could lead to a heap-based buffer overflow.

For Debian 8 "Jessie", this issue has been fixed in lcms2 version
2.6-3+deb8u2.

We recommend that you upgrade your lcms2 packages.


Regards,

- -- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAluQ8U8ACgkQHpU+J9Qx
HliqFQ/+M6I99aqzaHZICb+LmfmMWz39zrdLz8hge9hbctIHYjkp39myOnA3Py7z
hZfoxQMrod4yRgvOhKOcYblByBHCltE5HNcW0RAcbEClZUrNQMtPcaH2Ek7QpxPy
8MA4nUjk6cBKQGMFUYtDvqueyp4a1CldHxsSprLFSVDq01cuXRxYKm+Bj+FUQ70o
GUZVj4pnDycofJdwheUkMluXFOnTBp7xlabJovn3wOia+hCjoX3pq8JJJCEqsKiy
m7IO7KNzlBr6VUz2nTfq8sxWFxL6Ta7h2e/NiIbFJiXRInueoBXFix1lY47tNpII
2yDOCPqR3WQ8xyT/M4eXCzYsDzL7ptjzT8Y7onDiswg8xtvh0jNI4q0BYtaEqa2o
/9vgOLIQVP9aEkDbch9aoW8eeFyDX/ONDCWXKIv2JGeMH003UZf6aGjMT234NHK7
3+ybyISq81OJycT87aYoGULsYGK2g2mdVOUCrZgiEkJr6wlrK5Ztkinkn2Inuur4
2naAfoj7Uk8jPuZUkq+g/sFpBqtVEheSPLXXoow5oLUMxtYuzGL59QKTzhgS7ny6
441PeHrw1Cp8Erh+tQvUcyxfsyJqIRslHFekQgRh2jWxviJLjexwWvaoNzn1H/dm
L/6Aa0ibtwVDNtyB0CrBqIeAvL23525HI28ELkHgNY67kGdt3xg=
=qO9g
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 1495-1] git-annex security update
Next by Date: [SECURITY] [DLA 1493-1] xen security update
Previous by thread: [SECURITY] [DLA 1495-1] git-annex security update
Next by thread: [SECURITY] [DLA 1493-1] xen security update
Index(es):
- Date
- Thread