[SECURITY] [DLA 2165-1] apng2gif security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 2165-1] apng2gif security update
From: Thorsten Alteholz <debian@alteholz.de>
Date: Tue, 31 Mar 2020 19:36:42 +0200 (CEST)
Message-id: <[🔎] alpine.DEB.2.20.2003311934590.1408@jupiter.server.alteholz.net>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : apng2gif
Version        : 1.5-3+deb8u1
CVE ID         : CVE-2017-6960

An issue has been found in apng2gif, a tool for converting APNG images toanimated GIF format.

One of the function contained an integer overflow resulting in aheap-based buffer over-read.



For Debian 8 "Jessie", this problem has been fixed in version
1.5-3+deb8u1.

We recommend that you upgrade your apng2gif packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAl6Df6pfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEd5eg/+IFMULfDHTZDGtMuTneo4m8zIT5ooHczsGfZ0S4YVC814S0litxXrsHmO
a/vJQOaxtQnyb9ufd78P0aw0LfFhLjF3ja3jivSDkwssj54OgKn4hc79ujbbOb6U
yurbCYShkGZ/UeSWhN7N5az5uRijH/DJ8ByF2tOXFFL2xphZV+OGJKCxyqCoOe7F
fdxN3y6xZNBwu8rD7rxcbif110ELouOddslXIK0yv9OK4GZMgEH6/kCUv1wlmkNT
rVs94XdFQMgTy0aTeHt/rDEoygPBTHVQb+GzE3dS7R8R2YegaJ9Po1VGBD/STfxT
qmjkXe9DP97SnWBlmK2VFVy/8OKWZOoPOh4bHNqIobokUE2dS1XaOLv+5gNf4IK/
/tO46FErr4RzrE3hFAdWzC0qcadDpqrwAX0XCcZdGBIBMrnPSXsWeZi4wHnRvr9K
laiSprViW0oM1RO1jolRgUI9eYStDSSCc2feRZT5jj5kbNIcU/IRPPgj1aeAPWjL
XZ2xZA5WqKo1PbT6b4FEA3mbwHF706PhZcKYAYOW9E3Z8Hgmj5EA9Q/N2HbRkCOm
K/0EDj86hVnjz9icD7e+k9TdursNL6gvNev8oltuiuZ7L3zlr5hGdI8JumYSptZl
hfC6bExID5OBPl6VbsuupFxevtz9iRNN0z/dTyvxh2URkJIS1o0=
=YSQk
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 2164-1] gst-plugins-bad0.10 security update
Previous by thread: [SECURITY] [DLA 2164-1] gst-plugins-bad0.10 security update
Index(es):
- Date
- Thread