[SECURITY] [DLA 1555-1] libmspack security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 1555-1] libmspack security update
From: Thorsten Alteholz <debian@alteholz.de>
Date: Fri, 26 Oct 2018 22:56:37 +0200 (CEST)
Message-id: <[🔎] alpine.DEB.2.02.1810262255390.3180@jupiter.server.alteholz.net>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : libmspack
Version        : 0.5-1+deb8u3
CVE ID         : CVE-2018-18584 CVE-2018-18585


CVE-2018-18584
     Fixing the size of the CAB block input buffer, which is too small
     for the maximal Quantum block, prevents an out-of-bounds write.

CVE-2018-18585
     Blank filenames (having length zero or their 1st or 2nd byte is
     null) should be rejected.


For Debian 8 "Jessie", these problems have been fixed in version
0.5-1+deb8u3.

We recommend that you upgrade your libmspack packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQJ8BAEBCgBmBQJb03+GXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHeMQP/1DBvI2YByRIZGXJDpfXaXPl
HJHpfMqWM+MAsWB21VGhOON6yrr7VNi6sw93V3OevuHlk8SaDRctB3q2PTMrjEbD
tTZdI4LJLrZbT7WkpFzaqIVuBWFQjd8W+s5xx6c1v7QHrdt1vqMXwvNH2AIz/b1W
fnks37FYtCT81UXWGvSFzOJlxyUGpYrpvL3W46KxXMPKOnLBib7Bs2vDYXSPNtJP
hT2lo1TXZA0oFAUhwBqzsa/+zveJZ2QDt4nFi5GwsYBgzU7+jXiil897md4KpoY+
bQl5Awv/iu3rP2JpwBMDlSPDceRHfS6XPGpzFKCInvoFQc8OSq2ODXBfcn7yETnS
tcN6YaCUFFxZHrHN84c+/mKjwXEZ9DkNUaIwAiEAJlbk5Z0yl7r9qWjAkv1fZdG/
lcWiCZKacSvY8c7Zv92dvX0xFk4MR73rSp3pQhpjDOYm0ScPl8fnQtdGjeoYDaZO
QplZViGckWc4pFS5mP8i9dU3yQR196nQXzlnW0Fw+QXEUUjRMYFd940Rcn4aRv+M
oOtumW/iSj9UQhfseToQKFZppyzf1q9Zllgib7yT+6l1ptOjhwVCDpOD3YJcYon8
8nJcXSdDrLeld0/Qqlw53dtA7gxm7APLALUObT0Vnix/SqAW7vC91Rp5pM2yKH4D
qXCyp7xJlL9HPOfF6OXz
=RN1G
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 1554-2] 389-ds-base regression update
Next by Date: [SECURITY] [DLA 1556-1] paramiko security update
Previous by thread: [SECURITY] [DLA 1554-2] 389-ds-base regression update
Next by thread: [SECURITY] [DLA 1556-1] paramiko security update
Index(es):
- Date
- Thread