[SECURITY] [DLA 4257-1] libcaca security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 4257-1] libcaca security update
From: Thorsten Alteholz <debian@alteholz.de>
Date: Mon, 28 Jul 2025 09:16:48 +0000 (UTC)
Message-id: <[🔎] 3b7cd0a-fd65-9e10-39c1-1df7dbd51a5f@alteholz.de>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4257-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                    Thorsten Alteholz
July 28, 2025                                 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : libcaca
Version        : 0.99.beta19-2.2+deb11u1
CVE ID         : CVE-2021-30498 CVE-2021-30499


Two issues have been found in libcaca, a colour ASCII art library.

Both are related to heap buffer overflow, which might lead to memorycorruption.



For Debian 11 bullseye, these problems have been fixed in version
0.99.beta19-2.2+deb11u1.

We recommend that you upgrade your libcaca packages.

For the detailed security status of libcaca please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libcaca

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmiHQABfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEcbJA//dSYwsIGQMwrGGzQz72V15HEfg9M6dqwBZi38Tk9PHIqXgyiYNGvc+2eU
uoxe3k61utf49NUGCJDDTGq4sGCk4hCCFha+SIyZTAHtDR9TrzC59Ubq0/qrAeeu
5AYwp/Ne3nAdhUWCb01TJ1LhSR89bqUPMMoNhHLnBwMNkyrXrClQs4vE1xWDlclW
+2K0lmsdZwhUqDM41RLqjALBszUv4aEVqzirPwryLG/khF/Wnrm0zmWrI0PAnz+q
vYCnGm/MAUM7760xvWDYygEW3K+KxYRVnNXdgkyR4b7bk94SkqCAH0YuAFde/gUB
ggbYZoTYT4umykQ8I7MRJrlfFrtAMjTxt44aSL5XsUHdtsqwjMvk1wKa5rmE1GK+
CA0gMJHAVP9mFv/sY2DU85/8R4EybNITHFPpnZmB9sfcAcYwa9NC0VZcwF7yte31
gmEIkXM13hNiHwETyvn4ww4aUSxYiuyQJ/4TAAUOukQH13uVQUD5izngJk8W7v6M
rygGF/1iZcW4UOH/JH4s5sXbWGgnBpxyW0gsMwzP3QEK89nMUd6mwLxYFANJFuxu
wH0VvvLPKjbugMwY0ThOYqCRWTVUHIZ3YXBkMObTYuXpL4fhkw6ISdvyYXY2xF6e
GV5USmwRoSKdU0DdLBSzv3eeyrcKUHjzx5HgWyF/4We5PPee+ME=
=ujTq
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 4256-1] libetpan security update
Next by Date: [SECURITY] [DLA 4255-1] audiofile security update
Previous by thread: [SECURITY] [DLA 4256-1] libetpan security update
Next by thread: [SECURITY] [DLA 4255-1] audiofile security update
Index(es):
- Date
- Thread