[SECURITY] [DLA 1134-1] sdl-image1.2 security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 1134-1] sdl-image1.2 security update
From: Chris Lamb <lamby@debian.org>
Date: Mon, 16 Oct 2017 23:02:06 +0100
Message-id: <[🔎] 1508191326.572978.1140898856.3AA4C39A@webmail.messagingengine.com>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : sdl-image1.2
Version        : 1.2.12-2+deb7u1
CVE ID         : CVE-2017-2887
Debian Bug     : #878267

It was discovered that there was a buffer overflow vulnerability in
sdl-image1.2, an image loading library.

A specially crafted .xcf file could cause a stack-based buffer overflow
resulting in potential code execution.

For Debian 7 "Wheezy", this issue has been fixed in sdl-image1.2 version
1.2.12-2+deb7u1.

We recommend that you upgrade your sdl-image1.2 packages.


Regards,

- -- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlnlK/UACgkQHpU+J9Qx
HliQERAAqadkNNkA7Uz984wM1nCKkJRw9D4FSPd+ewDSxAPGpbfrUIEjUvFNRzyY
86MrmNOoGKBi6qEy1eqdUBWCHZcXRkGdQls1Gptc1piuDgpCAbhp5zhK5jQv6Su0
qMeH7dh7+VQJgjUY8XpeY56J65P1xE6DTWz0u8ClbtKepB/XwPC7vKJVOcg0pryw
Esqk0MvYzzc3hqYkrIx930gmNhSr2KpRsDKP/qrmkouFzMwfb8Pkft9VTnIpEoM4
NfXQ8EUVRmqgLSRzzs6wy/DsRKRVY3QwFwhsasPYeTm/KXpsLXFl8JZo0QZNxL6Z
3kLZcvKXrvMsbpN6ZRMf2s6BDPGOT+rP+SC9oqv3C9Ei5uuNy0+dSiFHaEfzp8fc
rG7eUPEw3a6KfosyQSOBzWgxB13flOL8Tj/R28gtnZ+GXivk1yXevJ5/+pnvA2St
YoumsQuyXL+jeqfZEGQk/M37FEt7CjMzHHda7X1nZZNQiqZGK3Ov1d7aa6jEK5Sg
KBIv19Cuog42Bdkt8HZ4PCWf25XfkTkji49ooPjY6V2BZsyAn+Z6VL3TPmYi4XBN
EW1VIDB9r8IYSzjQxxGZcTOu81nAqW+q3W1IdO3kwCbtdZ7et6e5H1KyEmvVRz1P
S5a0RjwCXzZtTVig1wuMVxMM7Iq9UfP+agF0WgU7IX5VpuEk3L0=
=a4xk
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 1132-1] xen security update
Next by Date: [SECURITY] [DLA 1135-1] db security update
Previous by thread: [SECURITY] [DLA 1132-1] xen security update
Next by thread: [SECURITY] [DLA 1135-1] db security update
Index(es):
- Date
- Thread