Hi, On Wed, 05 Oct 2016 15:07:41 +0200 Salvatore Bonaccorso <car...@debian.org> wrote: > Source: freeimage > Version: 3.17.0+ds1-2 > Severity: grave > Tags: security upstream > Justification: user security hole > > Hi, > > the following vulnerability was published for freeimage. > > CVE-2016-5684[0]: > XMP Image Handling Code Execution Vulnerability > > If you fix the vulnerability please also make sure to include the > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. > > For further information see: > > [0] https://security-tracker.debian.org/tracker/CVE-2016-5684 > > Please adjust the affected versions in the BTS as needed. Only sid has > been checked source wise in this case.
Jessie and Wheezy seem to be affected as well. Cheers, Balint
