-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5189-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff July 24, 2022 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : gsasl CVE ID : CVE-2022-2469 Simon Josefsson discovered an out-of-bounds memory read in GNU SASL, an implementation of the Simple Authentication and Security Layer framework, which could result in denial of service. For the oldstable distribution (buster), this problem has been fixed in version 1.8.0-8+deb10u1. For the stable distribution (bullseye), this problem has been fixed in version 1.10.0-4+deb11u1. We recommend that you upgrade your gsasl packages. For the detailed security status of gsasl please refer to its security tracker page at: https://security-tracker.debian.org/tracker/gsasl Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmLdkcYACgkQEMKTtsN8 TjZMEw/9GN/3M2cA43nZZAt0rKrAyg/ie4eO8TmJykQGWRJpLle5Z/nFV4QLAYSu NDWuSa3qlFCAJOr6zI8lgU2nhQVPm8JfkL5hIWHdgtREJMYD9yHHWZEzvzMNa2dj +7bbCCY1ijxaHoChHYRdE9P6m06Gcct1YXu5TjrD+U4PRI9IgYCu37kyY6JAoes3 TPBPGQ849TC4Mb1U2FI4wxNuLcDwiO4SKj66DY0VBOFlh4sGhV15v1XevikfnVIQ 7xLWFiAvzMWuBB+75Ss5vuqXOKBoUAnF04lkYrKlZ4i9KV/Vmb8y30x1Ud91GDBI VLPKddK8dVoxaFx+X9zYO4ZnJ4H+6pTbjZbDOJrsZ6LlJ1/uicaFoRzm23DxqvnI Hl3DzxciA52N8bVEYmI2uHcKEiq5ZHqFXxvkxSb9rYtwLmzgEOMUU0ivMBUCtpNC hMYf1HjhOoG3BLOXqopV/gv2wGQIAnYiJcclcAPVIKc1eBsq4Z+oy54tZp5doodv zAZrUP9yJ8/QKsnx1n2dckGGXr1grdWsN8UtkgpsjjeKDAmb8zWRyubLqhmBT2F3 8txZ3IZ8N7h7VRMf0RRSpSh8zZgCoRKuk5CVOylle/CZ1ttWm97Oz/w15bX8vc1Y oCm8J138CZDYqHMJFLKYJ8DOJQk/oAAV0ZbCoR9tqPiuqX1s2Ws= =F4P5 -----END PGP SIGNATURE-----