-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4141-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso March 16, 2018 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libvorbisidec CVE ID : CVE-2018-5147 Debian Bug : 893132 Huzaifa Sidhpurwala discovered that an out-of-bounds memory write in the codebook parsing code of the Libtremor multimedia library could result in the execution of arbitrary code if a malformed Vorbis file is opened. For the oldstable distribution (jessie), this problem has been fixed in version 1.0.2+svn18153-1~deb8u2. For the stable distribution (stretch), this problem has been fixed in version 1.0.2+svn18153-1+deb9u1. We recommend that you upgrade your libvorbisidec packages. For the detailed security status of libvorbisidec please refer to its security tracker page at: https://security-tracker.debian.org/tracker/libvorbisidec Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlqsMoZfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0RusxAAky9XYo+9XeZK8rUyu91/MFSvOwCxgHahp9DVQ7mTc2W8RTLAW/NDN2Rg HOGb9Mz//l631kmK5pxk778WRcRPxD8F7M1BuR726onh1WsvrMMFrYqaSyN+9rtO Q2CoF3SD5GcyzOLe25+HudW32hIH3Qh0m18aPQo6Bl7QVluxg0Sk/OHArccMlE9t /N2Z+5WccjDPZW/ZDJXlaKflkXf66Npe9QZGY45VdBFygz24pqw1NV3Hpl4U93cw rCywm/9UnGti1s4yRCr/55Lil8Afnm5cj2HfibHqcpBfpMGY98sKfY3N03YE/ZO2 4tHwxqI1o/8SoktkcXrltnqd0eYGGR0CDPccJ6yoFAjfMX6WNSTJwauWMZZ0yDko GRQv/ZhKVTvmEDgPTbJD3xflKmO5UDcgbLOq8MjdoBUOvbYgrkksrERodnzqRYcO 8/NXw+a0dmUcEnqtcBAQKqHejGlibsFsKlKFIUR8kos5efXaI3+6aLHJmahTwlW+ SOc7amh9xEa0eF/MKSSl9bGBNMMSJlnIarIe+pwurdeDPLECvM1XieJZYU9ue5v0 yrlZS3t9nmCdtyp/6yHbAQ65I4rMlnn0s2utfH3/15KadGvxuPLyROVeY/ZWMTor HmPLHlACNYRU/b+/9IDRu47IcgPI3iXkJCFCeAPKWHdAb/CEkAI= =hYbe -----END PGP SIGNATURE-----