[SECURITY] [DLA 1656-1] agg security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 1656-1] agg security update
From: Markus Koschany <apo@debian.org>
Date: Fri, 1 Feb 2019 13:35:43 +0100
Message-id: <[🔎] 0822b54e-fc70-615a-ff95-b71b5cca1b9d@debian.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : agg
Version        : 2.5+dfsg1-9+deb8u1
CVE ID         : CVE-2019-6245
Debian Bug     : 919322

A stack overflow vulnerability was discovered in AGG,
the AntiGrain Geometry graphical toolkit, that may lead to code
execution if a malformed file is processed. Since AGG only provides a
static library, the desmume and exactimage packages were rebuilt
against the latest security update.

For Debian 8 "Jessie", this problem has been fixed in version
2.5+dfsg1-9+deb8u1.

We recommend that you upgrade your agg packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlxUPR9fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeSw+A/9ETiRF3Z18QGxWjJ7AFX3jYEyeCmqocQnyLpPsqtgaMhPTvSmos7OGyEY
RyCfj4ZAnKwCLX4ZYH2x7AGxkOwLU+tDG2MpMEUkfUvYm6/m95WJ1fJSeXv6trUu
ZWjot0xmaUfeF495zSle9hzqCVv7CH0QPmX83xadXp/6Xns93A5z1XIfzyu8MIL0
Edjc3tS/QQ53y49pyAHSUvLR1FFYxR14jWduK8W+O0V0/rWtpzcXVazAj3lsA8nR
VqEJDyLthq9ugbzD/L3hCFSHreBg2OoEu8os9w8DSA65qziXFclUrfWOf6pb9zQu
MrIbCEfdB6gZVGDj1R6HDM7Ly+UIek7ErQHv1xEwmuhU/dbMjkTrkVZUaOvWsPT9
lpeF7wXKUt3wefEhjU/OEO/oxT3k4BVnK1IPQXoemkxVPUN8IYG5y2tARoIq9hl+
pDdRUoUciFyHRgOaXBBLwRDdLmmQXbPnOdQkpGHmx0iHIVEpft3UL7E5v+m/f60l
i8ZWOQsnB/0wo81eYIucKsBTogef0vRIVFhRSGgCL4qMVZTg5MbeaZn29FKJd4XE
UZr6UjVgQGU7yEenUUMevAxCfYh8i6S/tg7W/2dpXoaGUJ9pG0BVO2gFcZrtH9Xs
GES2D5Qa9yY5hqrGs91Mb/n3+vTrHGPSznC/kP/wDXBv0aOfJYk=
=khtk
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 1655-1] mariadb-10.0 security update
Next by Date: [SECURITY] [DLA-1657-1] debian-security-support enigmail end of life
Previous by thread: [SECURITY] [DLA 1655-1] mariadb-10.0 security update
Next by thread: [SECURITY] [DLA-1657-1] debian-security-support enigmail end of life
Index(es):
- Date
- Thread