Package : libebml Version : 0.7.7-3.1 CVE ID : CVE-2015-8790 CVE-2015-8791 Two security-related issues were fixed in libebml, a library for accessing the EBML format: CVE-2015-8790 The EbmlUnicodeString::UpdateFromUTF8 function in libEBML before 1.3.3 allows context-dependent attackers to obtain sensitive information from process heap memory via a crafted UTF-8 string, which triggers an invalid memory access. CVE-2015-8791 The EbmlElement::ReadCodedSizeValue function in libEBML before 1.3.3 allows context-dependent attackers to obtain sensitive information from process heap memory via a crafted length value in an EBML id, which triggers an invalid memory access. For Debian 6 "squeeze", these issues have been fixed in libebml version 0.7.7-3.1+deb6u1. We recommend you to upgrade your libebml packages. Learn more about the Debian Long Term Support (LTS) Project and how to apply these updates at: https://wiki.debian.org/LTS/
Attachment:
signature.asc
Description: PGP signature