[SECURITY] [DLA 2660-1] libgetdata security update

To: <debian-lts-announce@lists.debian.org>
Subject: [SECURITY] [DLA 2660-1] libgetdata security update
From: Anton Gladky <gladk@debian.org>
Date: Thu, 13 May 2021 17:00:32 +0200 (CEST)
Message-id: <[🔎] 20210513150032.55A414A00D2@thinkpad.localdomain>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2660-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                         Anton Gladky
May 13, 2021                                  https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : libgetdata
Version        : 0.9.4-1+deb9u1
CVE ID         : CVE-2021-20204

One security issue has been discovered in libgetdata

    CVE-2021-20204

        A heap memory corruption problem (use after free) can be triggered when processing
        maliciously crafted dirfile databases. This degrades the confidentiality,
        integrity and availability of third-party software that uses libgetdata as a library.

For Debian 9 stretch, this problem has been fixed in version
0.9.4-1+deb9u1.

We recommend that you upgrade your libgetdata packages.

For the detailed security status of libgetdata please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libgetdata

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIyBAEBCgAdFiEEu71F6oGKuG/2fnKF0+Fzg8+n/wYFAmCdPw0ACgkQ0+Fzg8+n
/wbrsg/4yqtSRrVIx4RP7XTZUC9NFa2YkX0eXgAIf2WedW9x6kFQPDx8RoV6TEwH
hj9oxRNnNbmmYHABfZ/7F9OAasz5rKUnf916HWdzIfJdbu1xS21alHYMxXrP63mC
IjcKbln5dUnnNCljIdMgDkf11Sq5ylYoe+houbo/pPsephb1c5mQALRzQDQgqCxN
cJUB7dU4ikPanJypDqbHsf8ToNex1RsGBMTCFUghJZxGCYFqAVbAWTUY1civtQ/x
ABBQ5L9BvQzVxOteZsjzMFJM6gzMR6gnGCiWVgIzLhDmCXk/IYHuxchwr6ubOD8V
M0vEi5ntkAoWmdD5QRoMOc/B+uyWcsITQjVGgFkc9UvQhgj9gf8/IM9l4a8JOIw2
wYyO27BnLwZnS34IBrYbwExRf33lBA+KrdtyN5YJ97C4DTEPnos8Xo9MPVnU8B8W
X8NS/6/UrRRv4XiSW1hcybPDJMhcZeJMuVufxIDfUqqSnH/yerWFAmjzi2ZNn8rC
6aQELqx/Z1qnpRiINkoYm5TtrpG87nzcAyvN7qbJcYQRpuMKiiQZiYbIAtL1hNnF
OB3xLjooi61of9ObaJ9MlEwxBJk1GcNGMlEHgMbucumstHwwisoKDzlgVbhNUYZE
ZPxZpBUvpC7xIvMIcR7AIhZ3Whxqg3L0sY2niad+7ZbPC7y1eg==
=pqt1
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 2659-1] graphviz security update
Next by Date: [SECURITY] [DLA 2661-1] jetty9 security update
Previous by thread: [SECURITY] [DLA 2659-1] graphviz security update
Next by thread: [SECURITY] [DLA 2661-1] jetty9 security update
Index(es):
- Date
- Thread