-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4290-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
September 10, 2018                    https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : libextractor
CVE ID         : CVE-2018-14346 CVE-2018-14347 CVE-2018-16430
Debian Bug     : 904903 904905 907987

Several vulnerabilities were discovered in libextractor, a library to
extract arbitrary meta-data from files, which may lead to denial of
service or the execution of arbitrary code if a specially crafted file
is opened.

For the stable distribution (stretch), these problems have been fixed in
version 1:1.3-4+deb9u2.

We recommend that you upgrade your libextractor packages.

For the detailed security status of libextractor please refer to its
security tracker page at:
https://security-tracker.debian.org/tracker/libextractor

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAluW2HFfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0TuAw//coqF5yAP3KzdcUKz1hkByk0J5mquiLKliZii5RikJHlX72+ZZQjMaZBn
GCQqRYOfgmzK+0uRnVxg1c/7EJVQXyWeKkYysp20PT3qA/aEMg0BqbjfEakGU242
veS5iHgUUjB3D5IyR3cnl5+MGWmfWtN2UyR37a5V6y4ApDFTYRjHf+FyIyKFhm8L
RxhB5mD8+y8Pnj3YLMYUjmI7pIrTHeF9QOYgYyBvL274MQH4GYhUr/RxWWlDD/Q1
IShcpjYI51fNnHvTFFgoKEMqlSGls46zWJustKezgf5OXTM2rKiBWtpYrW0C6dJw
7pw+ErioW10CHNYuQaP78NGSc9iBTrikAkKFhfrUXypgCcu0HQ+WtbclyU7fSnqn
rsl4IP0o/EOtaNKLMpFi8OrJb52+e6JgtXTwnQzlqTlpYLh3F4x+9tebSZW4vgjL
EI2xs0M790JPDZARYXuwOdH/sFd/vTy7IAJgiCmMG+js8/imRHwLcTsKAB6fVgo3
chu3C28K/a9W4JCnK9tlYkJyserVtCLpioAfFinNPTzM0EMHAV8TVZHGo+oBU/Nj
50oIVxaZ/Jbv70GwV5MIPPW3DmuYH15TtBKh9o8I3gAkbWHYwcw4xKzj08NPBSuF
had3/Zr9dPlinR1gXLLRL4qEUhQ9xMioHpDycD9daVOvdfIpTAILIW
-----END PGP SIGNATURE-----