[SECURITY] [DLA 1595-1] gnuplot5 security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Package : gnuplot5
Version : 5.0.0~rc+dfsg2-1+deb8u1
CVE ID : CVE-2018-19490 CVE-2018-19491 CVE-2018-19492
gnuplot5, a command-line driven interactive plotting program, has been
examined with fuzzing by Tim Blazytko, Cornelius Aschermann, Sergej
Schumilo and Nils Bars.
They found various overflow cases which might lead to the execution of
arbitrary code.
Due to special toolchain hardening in Debian, CVE-2018-19492 is not
security relevant, but it is a bug and the patch was applied for the sake
of completeness. Probably some downstream project does not have the same
toolchain settings.
For Debian 8 "Jessie", these problems have been fixed in version
5.0.0~rc+dfsg2-1+deb8u1.
We recommend that you upgrade your gnuplot5 packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAlv7EsZfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEdxnxAAiEPXXuDa7NP94I9qmH8siZEhxXTtzVEIrqBHR8uNDzlf3XuGiNPTsgTw
oFVEbSLaHOBPN5VjtzznVut6KuuEOWzMk/oi+N+OnDpQy+WM96u/M8tAXGKkkubI
ZG2X3hHkyqlW0DbHq6MxjIfA7CE7oXnNfUcO3AMi16Nyoig24KD4ktzzlGYn94sa
GuTPDde3WCc7kQSOiV/7pDHh7mq/Hnh/1PdwMsfpx3og1z7YcvIaix1Zod9DBuri
dCYO9xTpmwdRcfYuR/4IRfY5PuefyJuEZIix/B3CkJ8BRwum15qpOr1Fgpe20bzP
XygZLiu7lvJKBbR4ImagivrOTQq9tAVDXEnXBro2uKLIHg4GxzZd2P0FqSFwwfVR
WzDAEqR750YY9T2bqHEqTcQVv71nI+DBp0hT6LyHvwsTLOGFqfWSeMvls4aUxljD
RC6r9i5osMO8lpX0eIU7uj10lDPxedwSjjJDidyMDBYb5PuhfpBNXFcCo71YyHIz
X+3gRL7RYsnYYdIRwBV/HT4WSqHjahUPw3kgueQElo9HDWQFNJut/2VcszXTgRD7
O6a2gutW449elVqTKRHuTqkSVVBzRtHiQ4CGLh7wj/akeOn6+5PmxsrdY3qS0Pz4
svcO7gVstqqtDBn0QFddTGmgj2Pr9oAa1KBweRau7pq70SvQOCM=
=0BKK
-----END PGP SIGNATURE-----
Reply to: