[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 2772-1] taglib security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2772-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                          Adrian Bunk
September 30, 2021                            https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : taglib
Version        : 1.11.1+dfsg.1-0.3+deb9u1
CVE ID         : CVE-2017-12678 CVE-2018-11439
Debian Bug     : 871511 903847 915281

Several problems were corrected in TagLib,
a library for reading and editing audio meta data.

CVE-2017-12678

    A crafted audio file could result in a crash.

CVE-2018-11439

    A crafted audio file could result in information disclosure.

Additionally, a bug that can lead to corruption of ogg files
has been fixed.

For Debian 9 stretch, these problems have been fixed in version
1.11.1+dfsg.1-0.3+deb9u1.

We recommend that you upgrade your taglib packages.

For the detailed security status of taglib please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/taglib

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmFWIdoACgkQiNJCh6LY
mLHWjw//VdPaAw1mTEYLnfkkskexeWE0W3B4p5YO4zMR2UBBZ8Wbp5ngot6T9bQG
9QnFvoJIa1ihL9t+SIDr4NxslF2nYqQzeYSrKKuTIIMEqEy7KkiSPqYfbQZ3Az7V
t4yS+3JToBIx5Ym0I+CCh5FG8GjNtm37ps02dLL72mPSisrf5ggts7kqPzLEvT5W
KeKiWRZamDPK9lZ35TbhNE2m3JkeHQOM7VFqzfrPfQGaEI2sJFWOl+XVkpo1a/rS
AEV9EMApwTiv1wGwkIBz6bIFVfCEjCWxYEkGoD/Qj3OP6Af15ktyUzQQeVzQKo6z
H9Hv9843XYlRl+n7GgjUswZswSvCBfvrqzlyjUdfthdIthPlsL6jOHgyOQ3xgPvG
0fLlQw2xkFcn1pWmq95WZL83jnboxFBx5+E4oWyDUzOr8zHxWgI+4NiCsazpyklf
rkYtg6wKnn77jpnGeZpiq0PjaNxRoS3LFHQNGwCnSfimb8B16FW2+P3zQs96bzZf
S0rnFkgKsa9hK8G11qRhn5Az9KF+OhYkYMA0C3yDqngWnXe7ZD+s6DXRLcgKf2vD
Nu6AoNo4/CEYTr4BiZCmVf3S/UFeKrX0n5AQdP32DyPwlRXnlOrFLiXpJ2hT7b7c
Ql2PZ0WRWh2ApBCczqkjmtgDCd1kpXdwjtDtNp1WKYfuucEImdo=
=9R2L
-----END PGP SIGNATURE-----


Reply to: