Source: libplist Version: 1.11-3 Severity: important Tags: upstream patch security fixed-upstream Forwarded: https://github.com/libimobiledevice/libplist/issues/87
Hi, the following vulnerability was published for libplist. CVE-2017-5545[0]: | The main function in plistutil.c in libimobiledevice libplist through | 1.12 allows attackers to obtain sensitive information from process | memory or cause a denial of service (buffer over-read) via Apple | Property List data that is too short. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-5545 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5545 [1] https://github.com/libimobiledevice/libplist/issues/87 Regards, Salvatore