Security Information / 2018 / Security Information -- DSA-4293-1 discount

Debian Security Advisory

DSA-4293-1 discount -- security update

Date Reported:

14 Sep 2018

Affected Packages:

discount

Vulnerable:

Yes

Security database references:

In the Debian bugtracking system: Bug 901912.
In Mitre's CVE dictionary: CVE-2018-11468, CVE-2018-11503, CVE-2018-11504, CVE-2018-12495.

More information:

Several heap buffer overflows were found in discount, an implementation of the Markdown markup language, that could be triggered with specially crafted Markdown data and would cause discount to read past the end of internal buffers.

For the stable distribution (stretch), these problems have been fixed in version 2.2.2-1+deb9u1.

We recommend that you upgrade your discount packages.

For the detailed security status of discount please refer to its security tracker page at: https://security-tracker.debian.org/tracker/discount