[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SECURITY] [DLA 164-1] unace security update

PHP... used for security advisories...  really? 


Member, OpenBSD foundation  

On Mar 3, 2015, at 12:08 PM, Thorsten Alteholz <debian@alteholz.de> wrote:

Signed PGP part
Package        : unace
Version        : 1.2b-7+deb6u1
CVE ID         : CVE-2015-2063
Debian Bug     : 775003

Jakub Wilk discovered that unace, an utility to extract, test and view
.ace archives, contained an integer overflow leading to a buffer
overflow. If a user or automated system were tricked into processing a
specially crafted ace archive, an attacker could cause a denial of
service (application crash) or, possibly, execute arbitrary code.

To UNSUBSCRIBE, email to debian-lts-announce-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: https://lists.debian.org/alpine.DEB.2.02.1503032007150.17209@jupiter.server.alteholz.net

Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail

Reply to: