lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-Id: <E1f8eYZ-0006rJ-GW@seger.debian.org> Date: Wed, 18 Apr 2018 04:18:55 +0000 From: Salvatore Bonaccorso <carnil@...ian.org> To: bugtraq@...urityfocus.com Subject: [SECURITY] [DSA 4175-1] freeplane security update -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4175-1 security@...ian.org https://www.debian.org/security/ Salvatore Bonaccorso April 18, 2018 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : freeplane CVE ID : CVE-2018-1000069 Debian Bug : 893663 Wojciech Regula discovered an XML External Entity vulnerability in the XML Parser of the mindmap loader in freeplane, a Java program for working with mind maps, resulting in potential information disclosure if a malicious mind map file is opened. For the oldstable distribution (jessie), this problem has been fixed in version 1.3.12-1+deb8u1. For the stable distribution (stretch), this problem has been fixed in version 1.5.18-1+deb9u1. We recommend that you upgrade your freeplane packages. For the detailed security status of freeplane please refer to its security tracker page at: https://security-tracker.debian.org/tracker/freeplane Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@...ts.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlrWxN9fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0TWZQ//e38sUdwj6IZXNKfGIwUhzXXYJEt3Sq4VIBYzUIKz62+vDI6JKtFcfgC9 u+VN8bsClzlJwpsJltJXP8XNObvlXdi+xoD/+KcXhrmj0r7I77ZcfkKmD8L1zeR9 R+4tTVsUjahFELM7WcvNMcRPyIYa/fOYDIWYnzLqdHlCKHAfqDUgAcg4l76K44i5 dLC8JfQNMVe/oH2vR5N+nmZzBml44uURsV+D2We0Fr/q4OBcHtFw8vVziiZ8ZWuu fRyR72sX+pjgmFoa2725D9XnRMVOdaCSc778jiwPVRkvWvc6oFtW1shQ4waWl7WO qQggaU6vLot2M0HYdWVLazT3vX6GyVXFV5d9FfHm2/GCcoz/F84Pjwg3Y01X3hCz VBTZUN6B+1WqvxcXSKS33xPIORmMwQZ0jCa+IgNxKUFlnfvML9lsUXSajBNnSziF 1eDw3/opvqom9jluJsCLdeWiDH2Ya3p0C/jJAwYQGZLZZema9FkPI9D6slydJjUE byAo8gmJKUmlHoWNxieumNDfyqzExvGLEsgcLlRtrJoyO4M4l/Uk2BuauEXEkgim 0AW/5biL/gYBX82c5oDx6w1JiKDyJ/lAKmb0ihHcZsPeVJeHIW+tdR6sEfZOrkdM GZtBt39gzpoUesykcGYRWtHq11gxa3JPBEq/6OD6IgZ6XIwPAYw= =VS6n -----END PGP SIGNATURE-----
Powered by blists - more mailing lists