Package: libotr5 Version: 4.1.0-7 Severity: grave Tags: security Justification: user security hole
Dear Maintainer, the libotr versions prior to 4.1.1 contain an integer overflow vulnerability. This can cause buffer overflow that could lead to code execution. The vulnerability has been assigned the CVE-2016-2851. You can find more information here: https://www.x41-dsec.de/lab/advisories/x41-2016-001-libotr/ Sincerely, Michail Bachmann -- System Information: Debian Release: stretch/sid APT prefers unstable APT policy: (500, 'unstable'), (300, 'experimental') Architecture: i386 (i686) Kernel: Linux 4.4.0-1-686-pae (SMP w/2 CPU cores) Locale: LANG=C.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages libotr5 depends on: ii libc6 2.22-2 ii libgcrypt20 1.6.5-2 libotr5 recommends no packages. Versions of packages libotr5 suggests: pn libotr5-bin <none> -- no debconf information