[SECURITY] [DLA 1686-1] freedink-dfarc security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 1686-1] freedink-dfarc security update
From: Sylvain Beucler <beuc@beuc.net>
Date: Sun, 24 Feb 2019 15:59:52 +0100
Message-id: <[🔎] 20190224145952.s4okkxnfuvsksu7j@mail.beuc.net>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : freedink-dfarc
Version        : 3.12-1+deb8u1
CVE ID         : CVE-2018-0496

Sylvain Beucler and Dan Walma discovered several directory traversal
issues in DFArc, a frontend and extensions manager for the Dink
Smallwood game, allowing an attacker to overwrite arbitrary files on
the user's system.

For Debian 8 "Jessie", this problem has been fixed in version
3.12-1+deb8u1.

We recommend that you upgrade your freedink-dfarc packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEEQic8GuN/xDR88HkSj/HLbo2JBZ8FAlxyrz8ACgkQj/HLbo2J
BZ+1FAf/QUOLJxtFgixRukQ2xs9v1YewkRWNvfZx0e+4x698vC8U8DxNumBsMH42
Lphzwfvaxf7iVYFVty6IT+XNTfsC72qQw8hrk02bAWsjAKWEuER41shzCSLx0rOo
meC83XrCSN+ITfTc2VPnn7x/CKSk3ivAzhPPxZ9lG5q/oSjt4YP+v/pYC7P2i/fs
R8owrh2kkCcP6cxGgO/mKjHdX2VS6JcskUwiOoMAPskDE+01WFmj+xNj5OnYeFF1
F39Nvqe4LyhSr02X2Wvbd1KMPzu8TVdFOVxUkEG0FUEBVGAlgM/sxDEF8c1Dq7pS
y5QgIcqjKsgKR/J/Uac06jHfu9sSVw==
=SW7v
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 1685-1] drupal7 security update
Next by Date: [SECURITY] [DLA 1687-1] sox security update
Previous by thread: [SECURITY] [DLA 1685-1] drupal7 security update
Next by thread: [SECURITY] [DLA 1687-1] sox security update
Index(es):
- Date
- Thread