lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20180509182439.GA17293@pisco.westfalen.local>
Date: Wed, 9 May 2018 20:24:39 +0200
From: Moritz Muehlenhoff <jmm@...ian.org>
To: bugtraq@...urityfocus.com
Subject: [SECURITY] [DSA 4197-1] wavpack security updaze

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4197-1                   security@...ian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
May 09, 2018                          https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : wavpack
CVE ID         : CVE-2018-10536 CVE-2018-10537 CVE-2018-10538 CVE-2018-10539 
                 CVE-2018-10540

Multiple vulnerabilities were discovered in the wavpack audio codec which
could result in denial of service or the execution of arbitrary code if
malformed media files are processed.

The oldstable distribution (jessie) is not affected.

For the stable distribution (stretch), these problems have been fixed in
version 5.0.0-2+deb9u2.

We recommend that you upgrade your wavpack packages.

For the detailed security status of wavpack please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/wavpack

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@...ts.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlrzPIAACgkQEMKTtsN8
TjatXhAAvWZolol6Pg9GRGJDAQRhStyBToLM3HK9L52XPMQOjdQ3WdsSXwsooHrM
r0i7cwSkM3ODsGZ4+ToQwbNTlvRKPpmjaI9w9BoKlnM2UVFziHaoJnmPQnlyk2Yb
pKm8/xRuhZ0JIDhOM9mhofM1p8GruLcOpdSkw7PkKFWvps0AREf/8TNtH0WTj9oY
jj4hxF2+7bRHBOY906ZKgRXjOsaaKussYt/qIETSibxewLPOcOhqKvfnQBWwgVkm
KesB6yOdx53voSqpH04fsEi+HGQhrnzS7cUUKRdUnlF68xe/9WE8ewbC8hF+Pddv
RYhi7cx2BWl4ibAyYbniD+7k9A6e0ReOWD1/A/dq+g13BniorVFOYcH6RRwDtWJN
oUU971UoN75+0aRjnj8ugfEY81l90c0oJtl09iCzwO5jIepMdj4GaaxFU7i5+y/u
CsKmv7tEvqXJFyIJwY28BbbYN0oY1meIlfgkMwqEHbWsIUPQrSzMlveBMpUhcG7k
2BgLqUR8haVqkq7jzLXzVtv1QArNp3NpllDXCc1SwpnbYmiJdTB9G4/kLJsVRscK
65Cxbergb7LEtWrUmyJq1Lc7yWO1cdaqhSQpxHzK1EhdKTKLzgzTZlT7a6M5zytI
g29ne535y9JmwNoJkQOJz0GxT7NFnr6+X/pL2fmu0630qj++RJA=
=P0EO
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ