Package: cfitsio Version: 3.420-3 Severity: grave Tags: security Hi,
a new version of cfitsio just came out, accompanied with the following notice from upstream: The NASA security team requires the following warning to all users of CFITSIO: ===== The CFITSIO open source software project contains vulnerabilities that could allow a remote, unauthenticated attacker to take control of a server running the CFITSIO software. These vulnerabilities affect all servers and products running the CFITSIO software. The CFITSIO team has released software updates to address these vulnerabilities. There are no workarounds to address these vulnerabilities. In all cases, the CFITSIO team is recommending an immediate update to resolve the issues. ===== I didn't check the specific problem, but it may be important to upgrade. Best regards Ole
