[SECURITY] [DLA 2951-1] flac security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 2951-1] flac security update
From: Utkarsh Gupta <guptautkarsh2102@gmail.com>
Date: Thu, 17 Mar 2022 02:56:52 +0530
Message-id: <[🔎] CAPP0f94qCTsqCDrYoFBL0R9_hP6VQVwsRT4OQVvpXqSi27+67Q@mail.gmail.com>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -----------------------------------------------------------------------
Debian LTS Advisory DLA-2951-1              debian-lts@lists.debian.org
https://www.debian.org/lts/security/                      Utkarsh Gupta
March 17, 2022                              https://wiki.debian.org/LTS
- -----------------------------------------------------------------------

Package        : flac
Version        : 1.3.2-2+deb9u2
CVE ID         : CVE-2021-0561
Debian Bug     : 1006339

In append_to_verify_fifo_interleaved_ of stream_encoder.c, there is
a possible out of bounds write due to a missing bounds check. This
could lead to local information disclosure with no additional
execution privileges needed.

For Debian 9 stretch, this problem has been fixed in version
1.3.2-2+deb9u2.

We recommend that you upgrade your flac packages.

For the detailed security status of flac please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/flac

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmIyVcoACgkQgj6WdgbD
S5YSSA/+ODymbCSUcKvEkVHb9Jr4S7nb6lbHxGqfaQ7EShnd8G67m8UOPCIoq4Uo
BrzenVa5/vTuA+kxvq0vsS44nESuCBr3mDoK/rwJg1B6qnRmMw8eicAw8gBR0OVe
RQrqY8JWCiN2sT5craMpBuffWqEhN9aGU0w/qkZtYWuGMF4/VFsbfE51poO+R+O5
3ji1CVKSwh1zFV/k3stSxSKrktEyeLQQ4kCtGAJh3YSOpa4l0Tj1oTpxV58J8PCc
ZDC4hGFmEJCDvLyUl1xdtXYv6I4Go/U8Hmjhiz5qrz4kuYOHtwXqz6+GplJlBHwr
I8B1rohPjpRA299wg7mLu0ktMHxAR6DjkkSQuAkPMWj7Tt+WLfjPCprTAu3ilvOL
qL/O36wOaSi7Iywy9eK+3KdWUfP9GKCCaBrOC4eU59IwgUg7prfoRxxIlmO6u3mR
IOkoEvtp6JoYmHSA3XGqXXvcjmkCNPJwVAqw3riIyg1ujBlfQdN5dk4Ww4iv2F94
H2UWZY3dh7yJ/JfKDJ3kF2vPepwykKoyqp60ytFZBG93YLW4y4B8WjkiMExE1UOj
WyD4vmusOk+GierF8qA7kfonlxNirQqi/Fevn0vL3/hftYIfS4qUCY2ON7V3ZTtM
DaAu/WRBY+9Ve6xnE/oydUXGsLc+jtLI1SXVPj9TdxoQYRMOvpI=
=BeVY
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 2950-1] python-scrapy security update
Next by Date: [SECURITY] [DLA 2952-1] openssl security update
Previous by thread: [SECURITY] [DLA 2950-1] python-scrapy security update
Next by thread: [SECURITY] [DLA 2952-1] openssl security update
Index(es):
- Date
- Thread