Re: [SECURITY] [DLA 164-1] unace security update

To: debian-lts@lists.debian.org

Subject: Re: [SECURITY] [DLA 164-1] unace security update

From: Mark - Syminet <mark@syminet.com>

Date: Tue, 3 Mar 2015 13:18:34 -0700

Message-id: <[🔎] D812877F-DFED-449F-A479-8CF234449156@syminet.com>

In-reply-to: <alpine.DEB.2.02.1503032007150.17209@jupiter.server.alteholz.net>

References: <alpine.DEB.2.02.1503032007150.17209@jupiter.server.alteholz.net>

PHP... used for security advisories... really?

Mark

Member, OpenBSD foundation

On Mar 3, 2015, at 12:08 PM, Thorsten Alteholz <debian@alteholz.de> wrote:

Signed PGP part
Package : unace
Version : 1.2b-7+deb6u1
CVE ID : CVE-2015-2063
Debian Bug : 775003

Jakub Wilk discovered that unace, an utility to extract, test and view
.ace archives, contained an integer overflow leading to a buffer
overflow. If a user or automated system were tricked into processing a
specially crafted ace archive, an attacker could cause a denial of
service (application crash) or, possibly, execute arbitrary code.

--
To UNSUBSCRIBE, email to debian-lts-announce-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: https://lists.debian.org/alpine.DEB.2.02.1503032007150.17209@jupiter.server.alteholz.net

Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail

Reply to: