[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 966-1] pngquant security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : pngquant
Version        : 1.0-4.1+deb7u1
CVE ID         : CVE-2016-5735
Debian Bug     : 863469

It was found that pngquant is susceptible to a buffer overflow write
issue triggered by a maliciously crafted png image, which could lead
into denial of service or other issues.

For Debian 7 "Wheezy", these problems have been fixed in version
1.0-4.1+deb7u1.

We recommend that you upgrade your pngquant packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAlkttTYACgkQnUbEiOQ2
gwJeKg/8CgTRzi34xBXiTgArBm0T9rEbhKUBsG1M/uYJWAadvfPtuhaqxi+51SNZ
hnluPudE6FXFe79Nsv0VtkvbNW1tNwTZCX8iNHxDzRoAE+5i17wNWdGBElr5aGDv
cyRW3FikJ/Y20NnZeZdwZeEm2IVtFGMtFK/ag2o1dfMhw6L3NvHBbjeik1HN4gqL
cBRwMku8QajKpbyWsL/FmOyu+mCvqlyE2fidh5Zb+k4SKd9f0B+Mi6EXMWjr7xOd
P5TewbIL5TGbW+DhWAI8ZGHw5MyH8Msex/S5zlHJpEFQYTsKo4od97vtZ+gebH68
t0kOpyOUy+rjR+TD3kQCrW+J62io/dz7F/fMrlCeAsmPZjFbtSdnsAMtIYXVBWR8
97DUCsMdMyMjUlRogFBWUwHiX6npjrdiT5S3tz+7OhUh2w6Fr9TDh6lLx/+wFiId
eCaLtDFhpfSBUoGMADKs4PvyuDzU+DP3a12UMrU9Sidw4bVNCi2ryXJ1EKCxwgxr
Aw92z/jhHM6MbecU94FViVmvv3+BclN2EBDV5DZfqrm6qIOtrYEdm0WuoqGtte1v
7WalcWhRO4PbC/c5MbxBawamlm5WBZ09f388PJo5O8Oz+dGuIUo3ltcSjr++hU8U
pI0LaXS1BTBI/DgHvxxEycc1yo6sGdHzDBwyDp6cs+ZNwDLZ4no=
=9vh4
-----END PGP SIGNATURE-----


Reply to: