Debian Security Advisory
DSA-2962-1 nspr -- security update
- Date Reported:
- 17 Jun 2014
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2014-1545.
- More information:
Abhiskek Arya discovered an out of bounds write in the cvt_t() function of the NetScape Portable Runtime Library which could result in the execution of arbitrary code.
For the stable distribution (wheezy), this problem has been fixed in version 2:4.9.2-1+deb7u2.
For the unstable distribution (sid), this problem has been fixed in version 2:4.10.6-1.
We recommend that you upgrade your nspr packages.