Debian Security Advisory

DLA-417-1 xdelta3 -- LTS security update

Date Reported:
16 Feb 2016
Affected Packages:
xdelta3
Vulnerable:
Yes
Security database references:
In the Debian bugtracking system: Bug 814067.
In Mitre's CVE dictionary: CVE-2014-9765.
More information:

It was discovered that there was a buffer overflow in in xdelta3, a diff utility which works with binary files. This vulnerability allowed arbitrary code execution from input files.

For Debian 6 Squeeze, this issue has been fixed in xdelta3 version 0y.dfsg-1+deb6u1.