[SECURITY] [DLA 3945-1] libheif security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 3945-1] libheif security update
From: "Chris Lamb" <lamby@debian.org>
Date: Tue, 05 Nov 2024 15:18:05 -0800
Message-id: <[🔎] 173084141667.26680.15382887709931554970@copycat>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3945-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                           Chris Lamb
November 05, 2024                             https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : libheif
Version        : 1.11.0-1+deb11u2
CVE IDs        : CVE-2023-0996 CVE-2023-29659
Debian Bugs    : 1032101 1035607

It was discovered that there were two issues in libheif, a decoder
and encoder for the HEIF and AVIF image formats that could have been
exploited by specially-crafted image files.

For Debian 11 bullseye, these problems have been fixed in version
1.11.0-1+deb11u2.

We recommend that you upgrade your libheif packages.

For the detailed security status of libheif please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libheif

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmcqi0cACgkQHpU+J9Qx
HliSug/+P+WXaOurk+4FCYvVhVKp+1uMSJNV2zYm1nU8BT8mFd+euUElPhhVnbDY
dVGhJH0OjGjWAzqn1ku67FxylnLP1raBwlpwkeSmhthWgMm++YdDSPr6l8tZ23f8
fA90sHRB7Yek8vWH5q8PoM1ZUZa7ZpsvR58IPK5UcaaEJPqnhDvshWpkM/UsEUuy
Qxy4/UZ7aru8LSPqJWIvTPilyJSQwgxKGglfduOYfSpTVKbKMPTi5aecGh4FMY1V
J1aTYYvw25nvH1F3PQhxlrlqgA0mWOhTsMm9bYnJyAwOJN9Ahcnl2MaH0eBhSoqS
5Tv2Eq9g5jSME+JWkMi1LfU89rBCz7Vai7vMLjiUc+ZyyBcliJ0judAmra5LXIe6
WTuYsslrgyZ4Sl+E9Tqkf7W1m+gk43+zgdQVmX3gyv9c2qk+vjHrRv2Fo3FYfdPW
e6QrNgc45fW1vbArpPMsYWv6JUe8rtVRREluFC3avEwlKPAMEER0qt32bgEEPREo
GHy9mpqSMZMjcKtBbUM80ByaAWuY/yVHwih7dY8ZWOYpczc9WnmNIPwvPm+wlzqp
/kucPS5oXMB3k5Shdacp7aTsQPstrPeMk85L9eBoueZuoPEnIyTgw7XPA++s4ESp
yqzZVmXtO0b8FoVUuqMpBzXJ69BxC/EP0Sg4GV4+TqzK5LmMt5A=
=cF0K
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 3946-1] context bugfix update
Next by Date: [SECURITY] [DLA 3947-1] puma security update
Previous by thread: [SECURITY] [DLA 3946-1] context bugfix update
Next by thread: [SECURITY] [DLA 3947-1] puma security update
Index(es):
- Date
- Thread