[SECURITY] [DLA 3019-1] admesh security update

To: <debian-lts-announce@lists.debian.org>
Subject: [SECURITY] [DLA 3019-1] admesh security update
From: Anton Gladky <gladk@debian.org>
Date: Mon, 23 May 2022 05:41:53 +0200
Message-id: <[🔎] 20220523034153.B6D4C4A02F7@thinkpad.localdomain>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3019-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                         Anton Gladky
May 22, 2022                                  https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : admesh
Version        : 0.98.2-3+deb9u1
CVE ID         : CVE-2018-25033
Debian Bug     : 1010770

One security issue has been found in a tool for processing triangulated solid
meshes admesh.

A heap-based buffer over-read in stl_update_connects_remove_1 (called from
stl_remove_degenerate) in connect.c was detected which might lead to memory
corruption and other potential consequences.

For Debian 9 stretch, this problem has been fixed in version
0.98.2-3+deb9u1.

We recommend that you upgrade your admesh packages.

For the detailed security status of admesh please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/admesh

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEu71F6oGKuG/2fnKF0+Fzg8+n/wYFAmKLAnQACgkQ0+Fzg8+n
/wYpLw/+KtBi5ChsLMU1jLZjls+VLfnHQqHPignYNTSW7uFLnI/VDRo81PVYE19f
LqzNbfo8xYsEBrUyiYpd9P0D5luaYBwxPrsQr7stfTlIUrVEVpgHFBPHYmXOA4Vj
EI9K0wYLY7FVJyiC/Ry+qlSx2PMd48QdIt2ILD1EoTHKccUWUR0QJotvly5s1bvA
9B2Yxm32jGRmKpS78FZoT+FGI4XGEzOdufdCVGaMeTCeSpUd8EPla9vycQZ1tz9c
M283aFNWYSDCZUutlfbfbnx9CmgvH/W59jzyOjdch03+kvN/qz48t1ApYpynSBtj
373R0D3SkRHzLo4i0NYKW5Mtnxw9sQYNvPSMQjdSlMjKE5Z7nL0sUckEqGJS+9nW
J4vSCya37H9JFv68G3E6XR8hr0RAS+dg+65NshrYJgLRwNE0VcGLQP2ZVHZYubyE
rUfk6V19DV/pjtUKSdazDOC5pUBp/XlsQ6FWuIYc4qyvPzYs0gj14zn1S5/D9V/i
agh2o4qxqTHrRGMw3QYbArL7Z7XuxvGSKUnJW79OCHgtO+ikIA+l0tjbn9wJLAjb
RJ/IGAIRHWewoxMTbAB5gHMEFPIaTVIKT71+j9k18yHveNxg6mtLI/vCEbjI1H7t
9+WVEL8T4J/3MCNaNCWWZFdbYJFt9TGb68KI1XciWM5ssmnPE3c=
=2Q17
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 3016-1] rsyslog security update
Next by Date: [SECURITY] [DLA 3020-1] thunderbird security update
Previous by thread: [SECURITY] [DLA 3016-1] rsyslog security update
Next by thread: [SECURITY] [DLA 3020-1] thunderbird security update
Index(es):
- Date
- Thread