-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Package : freeimage
Version : 3.15.4-4.2+deb8u2
CVE ID : CVE-2019-12211 CVE-2019-12213
Debian Bug : 929597
It was found that freeimage, a graphics library, was affected by the following
two security issues:
CVE-2019-12211
Heap buffer overflow caused by invalid memcpy in PluginTIFF. This flaw
might be leveraged by remote attackers to trigger denial of service or any
other unspecified impact via crafted TIFF data.
CVE-2019-12213
Stack exhaustion caused by unwanted recursion in PluginTIFF. This flaw
might be leveraged by remote attackers to trigger denial of service via
crafted TIFF data.
For Debian 8 "Jessie", these problems have been fixed in version
3.15.4-4.2+deb8u2.
We recommend that you upgrade your freeimage packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQGzBAEBCgAdFiEEeDb9QWtkMa2LX4zREeMFjl5EGkIFAl3vylAACgkQEeMFjl5E
GkJAjQwAmsgpg0WZCWgPBEEwsHI6lJQZ7YUbqTdxXfuA/TqZrsWvtjT9I7ZR9InY
zGG7Yi1cAsuWCT7WOhlX+/QNFxkVBv0to4Bhv3JoOIMY/RK6HImD9ej9M2WdkLRr
enPjAAwouHIZyfTt2ld9ODC5XX+Gy5Mz0TyoCZDaDQ8UbLkYJQZG3bvAOttzgQaA
3oZtncEbcs5UVbpFtxDewuR2Zf9pJnUmVWRmxVEE5jxiWDrlbish5PeuteL16HeY
pnT1ClZBo1jrAy5asKUohYKLl6WwuoQoCMjy31VYChjVikH5qtub5NJTh5jXnnoQ
2A58bEAJK64swb4Anq/tttKwIwAb53rJJbn5PtIonDAr5BYeywZZXmbRBMRtu51b
rnvrU1pJrNFFzUaf09ek4Duvrk9rH8Kz2ZADBjeXQYi477M8IvfxWAA2Ky4GryCS
pN4xz4HQPlNO2crA38OtlH2HdYnhosuqfHUkwLI/IvaBeqvhfpd4PyvhfJLyVPcs
Lp46A9qi
=EXjY
-----END PGP SIGNATURE-----