-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2962-1                   security@debian.org
http://www.debian.org/security/                        Moritz Muehlenhoff
June 17, 2014                          http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : nspr
CVE ID         : CVE-2014-1545

Abhiskek Arya discovered an out of bounds write in the cvt_t() function 
of the NetScape Portable Runtime  Library which could result in the 
execution of arbitrary code.

For the stable distribution (wheezy), this problem has been fixed in
version 2:4.9.2-1+deb7u2.

For the unstable distribution (sid), this problem has been fixed in
version 2:4.10.6-1.

We recommend that you upgrade your nspr packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJToJcCAAoJEBDCk7bDfE42gyAP/1/0gNDyGRoG1Ad+RQT/YB5B
U5jhZgmJ6QP9vCFQW37SX/lxqsfH5W9HdfbSP8WjV+AIHIzniEMR/Tn2pGhx05q6
miIAHVXqu/HeAJXdF1hhdAzBIEg0ZWAlH6aLLEMmUELAUVgxaCSF54T+1GY+h8+G
8YOeHgSmgvdXaU52TM5knxMT5dDn2eLRsiYfe0hpun82L9OMhA5aokZgnwtngs82
21AnD2mQK9UdpGseFNRI81kD4P116RtI/oOMXDmCE5+sQu0OiHhpe75tuNxKR3wE
1Mr59bFYC05tor8DAjFcOSNuKfyg267QNcVy5U2QBlt9Xuw3l00Wv5kIRUMF9+ga
As4FLxFO62PAcjVAaeMP53N66GGTysYKWJiPoqYE4ZeRgvwQiFyo3U9Yk5IaR5ZN
QQM0r3mroS3Hbk8xi8+K/WTCpIKq9Xi41zPMfK3iwkjanKleID6c51dcDz186sUz
ivMRVEywenMMM3eUdAI2/BdHQ+fzhGfP6kJaKJCTHzBCnarsYzrtpn4MRcs8vDM4
0/Bj0bGio6bNw9d3ftbTtEEh1Pqp5+MA/m457vCcPoWPcpkz16QfPxr4hIf9OP0y
9qhh8zdVa9ZYluMlNOkqAtaIUQTt3z6wxSl1+lI4yZTCDYwtA9jOvgeZE1FIFqMD
jwxqafzk9WSpqKWpFrMd
=rot/
-----END PGP SIGNATURE-----