[SECURITY] [DLA 2267-1] libmatio security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 2267-1] libmatio security update
From: Adrian Bunk <bunk@debian.org>
Date: Tue, 30 Jun 2020 22:25:46 +0300
Message-id: <[🔎] 20200630192546.GA21090@localhost>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : libmatio
Version        : 1.5.2-3+deb8u1
CVE ID         : CVE-2019-17533

In libmatio, a library to read and write Matlab MAT files,
a vulnerability was fixed in Mat_VarReadNextInfo4 in mat4.c
that could lead to a heap-based buffer over-read in strdup_vprintf.

For Debian 8 "Jessie", this problem has been fixed in version
1.5.2-3+deb8u1.

We recommend that you upgrade your libmatio packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAl77kboACgkQiNJCh6LY
mLEP7BAAqxQZZrcRg6dPRYOpD6C5NWFrS8fgaqcwcjFL62yxF1Cp4ycV9eVq24zX
G/NJpjGdYGDL3EFrAF8S3rZvSBmdj/SL30WLdAZpg1RYLZuZOHiSAS5CHp7drnjz
JCh9DMLX8BYyP6FYMp5UagykjEUMwUE+4mPrsXVPLPBrFapYF08XqB5otZP2Ia6f
sIpRw44cmkJEH0zWjq9vowF6aWlWzHTma+Bu4z5jqPhsgTDyKUGk3KZd1R781ay1
20SzB5dZi1wx5VMwEj26+ComcvDhxJW2NcU4ImRAUv0GLNyvJKXglwGNesH8KWZH
CNxXGZAk/IkvtSDYlpnN5T48RkIVlS32huUQrf7ZlfFIwFFRBPhgnY7mS5V4F/1C
KsI4/Y1UKzZ4rmDGqWISzZ6Tudoy/BbkluctqgXpXltC31aWK2Cn6xNj/uXPibGb
rZP184l6+T33QlHgKF+KHseUlktr3oP5Z8d0C6as47zoNVWHaR60ik0Z6Pu/ogUy
mWmjDnstM0amWCLj4qvoE6Nd951I3aZCaZbphtMI0KSwwnC7plkk5W6mbSgkq4SN
cUzKWSZfzVcUJVkKbW1h4IElOWdRlm7DuR7+qbly7p/wS6UF8v1lDfyBjtyfj5VD
40xOiFslQJSMoWRIg9htDeBC+4N3trQAUyoZuvAEvUXufaFZ15Y=
=NQEF
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 2265-1] mailman security update
Next by Date: [SECURITY] [DLA 2266-1] nss security update
Previous by thread: [SECURITY] [DLA 2265-1] mailman security update
Next by thread: [SECURITY] [DLA 2266-1] nss security update
Index(es):
- Date
- Thread