-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3540-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff April 03, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : lhasa CVE ID : CVE-2016-2347 Marcin Noga discovered an integer underflow in Lhasa, a lzh archive decompressor, which might result in the execution of arbitrary code if a malformed archive is processed. For the oldstable distribution (wheezy), this problem has been fixed in version 0.0.7-2+deb7u1. For the stable distribution (jessie), this problem has been fixed in version 0.2.0+git3fe46-1+deb8u1. For the testing distribution (stretch), this problem has been fixed in version 0.3.1-1. For the unstable distribution (sid), this problem has been fixed in version 0.3.1-1. We recommend that you upgrade your lhasa packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJXAP/fAAoJEBDCk7bDfE42KEEP/3FxbjYu17qork2DanUsqzAn BCLBRfOQu3wJhbDs7jvu773UhvC27zs6DstmW6yvKVvs7xxlS+zHEx4FNxwuVJCW X20BjWSGECuLYeotkxOpLpV4a4kqOVgSXfddwkAbTGPb8wAxs942roYg7GC7NbOL hHtwOzaRytIUH1CuxNWO3iLt5Cq3nqhABXaD/8LjiCtH2GgoWN7x2YOodTBBN3Fu GPPu8fbUQRAzZ8hfMkpUTBmJJYsagxaHDhfEY5hdzZPHph2lINbkVtc/+JI8XApX GMyKVSwUDSsBagRUuztexQHj7KPs0ou5WkT2MscoMveJSRGO5pwbJijq5MzvhzAD xrFnfOgeCeE6qEQ4h8y1dDvXyN/Y28oVb8HfLsHeWSBGgIekr8r2YrT8weNYtwKR +XClICAlA2RndYLDqp6ZnqWgm1CPgESpasb5fsMM5OqoP3YWuGFdiqoZMGYr1XBm 6K3s4FJkul5yyN9isvphdMkBxNAYgItisvEJgY6hf10/VYMatClfKfPslhG+sWtE +GdWZ3lcgLd/Ax5AHx/pHBz6jpkKioOBGlD1WQvEoJu1ZjrnQ236y84k/GzDcpwl bHhcLzSbtHbEn7cP0k6NjOMM9pyO7ivpjZ4Y6LgA8RyF2yHzi4sYBuTiM7uY4c8J qaB3YfTyeNgdM8o9O2Kz =i7al -----END PGP SIGNATURE-----