[SECURITY] [DLA 3028-1] atftp security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 3028-1] atftp security update
From: Thorsten Alteholz <debian@alteholz.de>
Date: Thu, 26 May 2022 23:37:23 +0000 (UTC)
Message-id: <[🔎] alpine.DEB.2.21.2205262334040.29052@postfach.intern.alteholz.me>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3028-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                    Thorsten Alteholz
May 27, 2022                                  https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : atftp
Version        : 0.7.git20120829-3.1~deb9u3
CVE ID         : CVE-2021-46671


An issue has been found in package atftp, an advanced TFTP client/server.

Due to missing bound checks, data could be read behind a buffer so thatsensible information might be disclosed to a remote client.



For Debian 9 stretch, this problem has been fixed in version
0.7.git20120829-3.1~deb9u3.

We recommend that you upgrade your atftp packages.

For the detailed security status of atftp please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/atftp

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmKQDzNfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEcfEg/+J72HF6LGn6v5AsQ0qC5zSbQGYggaarEnlumZnszETbyK0evjXEbvhcWr
WVqAtAnNdq7GacryDUW/I4APGZomwl68xAxh0i/P4NvoKGbXmfrcg5oVxj0tgZjq
810dovgiwh8Lrg8apiy4j7Xd9iIZXLm+1CkLOjltPbh35+nJ/RUtCatMXwaIZyal
12K5d2ZO91wT+A3AqQHuhz+S/jEJpEE1OWhNhJnqtY7Sel7gvFzhW5KVHrmJZ9zo
dUA6ZtMLgyj/F/ymwewJ1xyIRcx35W+bYTgsUO0pG6B2pSaVrnf8s3fmZbSKY0qy
hQ7uTCqZa5LlMpjf2tM/wA2/xUatiTQG14ylzymjhH3d4uiSRz8dIlJVmdtSPRVJ
hNw4jdBvrxTa+mC5HP9BSouY7PNi4BVGD6ODdsPgH9RRlJF37IVz2dRQfVilCPxh
g4Y84ZVL9/xyAo4gNSv0dGJAiA3mMCbWmYDaFtcg5iPkgwrJ5Cn1DC1NlppwTi9B
AwOMLp2Iy4t83/Veg/X677jRDWXQCVPT3Zg3PYKMIz267bTCe9XJgwZDTUv+fHP6
97HXuEswh887K+ZgJy0aK+XfSo5FVP1UUzSQewDLGbBBA3Py8ILk7cO9LIc5bHR5
wo0OLMHNM0oPbjFO57npFO4Zwfv+oj/FUh4ivGfm8YejaeUFKS4=
=yRBO
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 3029-1] cups security update
Next by Date: [SECURITY] [DLA 3030-1] zipios++ security update
Previous by thread: [SECURITY] [DLA 3029-1] cups security update
Next by thread: [SECURITY] [DLA 3030-1] zipios++ security update
Index(es):
- Date
- Thread