[SECURITY] [DLA 2805-1] libmspack security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 2805-1] libmspack security update
From: Adrian Bunk <bunk@debian.org>
Date: Sun, 31 Oct 2021 21:33:51 +0200
Message-id: <[🔎] 20211031193351.GA4645@localhost>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2805-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                          Adrian Bunk
October 31, 2021                              https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : libmspack
Version        : 0.5-1+deb9u4
CVE ID         : CVE-2019-1010305

Opening a crafted chm file could result in a buffer overflow in libmspack,
a library for Microsoft compression formats.

For Debian 9 stretch, this problem has been fixed in version
0.5-1+deb9u4.

We recommend that you upgrade your libmspack packages.

For the detailed security status of libmspack please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libmspack

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmF+758ACgkQiNJCh6LY
mLEk/w//a6FKht7C8I8vCBEp9/9fRlbqxBVKp/mETrCkSGvXu25Wbfm5LF1sIMYM
vI58IjuYoDOpcEecX9tW1xJRpI2Qgi4vYTYrm8vM2hcBn5ZQIwRrBad9sx1+DBzm
VegddghkdyNG7rJX1tfZMyt3rugKyiLfFGtbETNf66Amp0SyMihAi+xj3DvZYC47
aJep0TZeLlwLPSrb5TS42hcCA65LQEwsqMWVJ79BpRAdqS70xrlGYoEZhtec3CwG
GydueP8U0/xhGzmOXJiVp44b7bbXMb6ip8oJclpbqTrR8WUBDjCN3mgRkJo/FA2Z
X/W6G3Ez17mTDw7nLJN3HOb2NuLgzuPBFnT4MQTwk+H7prOIP0XgS+fbWiOSABpF
kznzl2oS7QTYIY9jYc4+EPTGl6Wr3BbkmEH8xrX9d59hQk9CIeK7j0p2irtwt0E7
aYg6dJcat4VB7SHyiWns0ay2Zeuyg2Td8q1K4J3T81okLFu0fDfrIxOZ5H4P3eHu
t1dmgsscGwCXBzAuA0ZTmBDyad38lmmikr2JqChPh8U7tHFVarEKERhb45BSWnyF
glYdkyC6MR7CMGy12QUh11DkhOawLYNbNn1QlWDdfv+k0YBz3At1I8UE/HSPI8/a
phmGJ2+NBXzycFVc5+c9iyh62Uw7VBidiEdaxKDpkXaTuWiTkeY=
=D6kO
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 2804-1] libsdl1.2 security update
Previous by thread: [SECURITY] [DLA 2804-1] libsdl1.2 security update
Index(es):
- Date
- Thread