Debian Security Advisory
DSA-4293-1 discount -- security update
- Date Reported:
- 14 Sep 2018
- Affected Packages:
- Security database references:
- In the Debian bugtracking system: Bug 901912.
In Mitre's CVE dictionary: CVE-2018-11468, CVE-2018-11503, CVE-2018-11504, CVE-2018-12495.
- More information:
Several heap buffer overflows were found in discount, an implementation of the Markdown markup language, that could be triggered with specially crafted Markdown data and would cause discount to read past the end of internal buffers.
For the stable distribution (stretch), these problems have been fixed in version 2.2.2-1+deb9u1.
We recommend that you upgrade your discount packages.
For the detailed security status of discount please refer to its security tracker page at: https://security-tracker.debian.org/tracker/discount