-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4368-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
January 14, 2019                      https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : zeromq3
CVE ID         : CVE-2019-6250

Guido Vranken discovered that an incorrect bounds check in ZeroMQ, a
lightweight messaging kernel, could result in the execution of arbitrary
code.

For the stable distribution (stretch), this problem has been fixed in
version 4.2.1-4+deb9u1.

We recommend that you upgrade your zeromq3 packages.

For the detailed security status of zeromq3 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/zeromq3

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlw9B+oACgkQEMKTtsN8
TjY2Fg//cMqmMXI4D6jl3wsp5m0EFZ089qqfylN+IzJlRj4MWg8EzP/EgfoemJJe
8syzJsLzZ7soyHROeVqFQqhz4t3IL+SpZUWFHFWgA8/iR8g0/L4E1AQXwZ6C3Wc9
XfQnuB5kR1di6F+/m3P7gg03uhsAsC3efJ7X/qotWkRAjVgAVJ5pq9EHX3Ymd4pQ
yzvBjnLln0ynVbZ7ju2dyyaFj3JnDT7uhxBsufgPH5FYpPG5UgUkbCx8zYX8Ek3V
R3jJFreNCq3/pPBs/SpeTUAwXyfjNd3ylR5g+rW9slUhjf7uGyx7G3R0DjBo3BiJ
Hyga2Pw81/GS9PeFDwqkE2pa7jx14gn6kBRoitVZyJzEqiIUR2Lm6vOprgOPZAiz
7eMNxCz+RluEMNywRxL+Grt/gBxd03bpYgjxSG+E724t20WcJg7QvCWq9HoeLKiO
6kGGOL/GPGXOcPt9btuCEGEWp+65CAeUgNdIo+kkd2q4WHcZ9kJ02+iPEkXj9Cyd
FFCF5kCvytdjwlQiGRRoAbKNE7X6IlKpp1S+ZHa4NHarbBk8hE2TML/t9r0XsRhQ
F3JsVSE1rmhKenl3h6RPd0BfzoWJ0sOQB+BC/mgi9TgWiL/6mhy1lwuiuiO5U/UR
45ypb818eOekbfp3HOoeZGco7CHMaxLHjG4PbDPps8lR47479/s=OF8G
-----END PGP SIGNATURE-----