[SECURITY] [DLA 1499-1] discount security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 1499-1] discount security update
From: Markus Koschany <apo@debian.org>
Date: Sat, 8 Sep 2018 22:46:19 +0200
Message-id: <[🔎] 31fd7df5-fd33-9dca-caef-6911e744c597@debian.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : discount
Version        : 2.1.7-1+deb8u1
CVE ID         : CVE-2018-11468 CVE-2018-11503 CVE-2018-11504
                 CVE-2018-12495
Debian Bug     : 901912

Several heap-based buffer over-reads were found in discount, an
implementation of the Markdown markup language in C, that allowed
remote attackers to cause a denial-of-service via specially crafted
files.

For Debian 8 "Jessie", these problems have been fixed in version
2.1.7-1+deb8u1.

We recommend that you upgrade your discount packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAluUNRtfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeTvYBAArlQa684OwEEr1tu2rd19e6sc8BLV0F9y+7alrynhXxKbnaKrIkn/r1dd
rItS7/p4BDBc99LCb1QDrZLlbxokfuC1hE6EcmpUGfER8zS2woM+2KfvHS+Ax0DQ
02Ef7X8RC3ZeEsk8f4yo2XPT7LcXSdXj5qSahGfWgoSjTCbhg4zUrf6sdBioy8M4
aLcI394XCqpgfqFSUGxuKeUPZsPoUtw1O6DreyOG0CiIUKgxHLjnNJAr4AzdYf/x
9taTcMWwEIyJTALN9Te73Hx6fqY6sdGe4Fuy9gXR3c1J8KpJO+uT0kWostnJd9FN
mJYfSDQuJKpa/YfJmvs3lzZKM3BIu6KphjOK24gfLMVgqdZVV3QC1yuCxEZXfXtL
DWydI98nefD5MKHH8tHyBqltbnbNkCOSvPkOCb6GHHwLzSJDOiQNhs2vdsIFtdvT
AjPlgYMppnaWUv1fgnYHmirhiC4KFsoi5Jdbak8w/dHG3KpU2SSmG5oStLpQpKlg
fIucU8Z2x93JVcgHyLJj40Pzl9eWYrERcBzkX5EtSNvoc/x+RGXDq++N79nYEKlA
zqUL3ESvc0qJ7X8eZKOpzeZlRLRj5CfCvh4yV8drmGOdQr3zwyN0bS1IuluzMbOr
9f7B7bZg7h4JYk0TfiQDfBBXRG54oO4cIvzGGyejedQv4/cBfpc=
=EluF
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 1498-1] curl security update
Next by Date: [SECURITY] [DLA 1500-1] openssh security update
Previous by thread: [SECURITY] [DLA 1498-1] curl security update
Next by thread: [SECURITY] [DLA 1500-1] openssh security update
Index(es):
- Date
- Thread