On Wed, Jun 21, 2017 at 11:52:37AM -0300, Lucas Kanashiro wrote: > Package : libffi > Version : 3.0.10-3+deb7u1 > CVE ID : CVE-2017-1000376 > > libffi requests an executable stack allowing attackers to more easily trigger > arbitrary code execution by overwriting the stack. Please note that libffi is > used by a number of other libraries. > > For Debian 7 "Wheezy", these problems have been fixed in version > 3.0.10-3+deb7u1. > > We recommend that you upgrade your libffi packages. > > Further information about Debian LTS security advisories, how to apply > these updates to your system and frequently asked questions can be > found at: https://wiki.debian.org/LTS Hello, the page https://packages.debian.org/wheezy/libffi-dev links to several broken locations: https://sources.debian.net/patches/summary/libffi/3.0.10-3+deb7u2/ http://ftp-master.metadata.debian.org/changelogs//main/libf/libffi/libffi_3.0.10-3+deb7u2_copyright http://ftp-master.metadata.debian.org/changelogs//main/libf/libffi/libffi_3.0.10-3+deb7u2_changelog Best Regards Joachim Ernst -- Gruss / Best regards | LF.net GmbH | fon +49 711 90074-0 Joachim Ernst | Ruppmannstrasse 27 | fax +49 711 90074-33 support@lf.net | D-70565 Stuttgart | https://www.lf.net Handelsregister Stuttgart: HRB 18 189 Geschaeftsfuehrer: Norman Fuerst, Rodney Volz
Attachment:
signature.asc
Description: Digital signature