-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : mpg123 Version : 1.14.4-1+deb7u2 CVE ID : CVE-2017-10683 Debian Bug : #866860
It was discovered that there was a remote denial of service vulnerability in the mpg123 audio library/player. This was caused by a heap-based buffer over-read in the "convert_latin1" function. For Debian 7 "Wheezy", this issue has been fixed in mpg123 version 1.14.4-1+deb7u2. We recommend that you upgrade your mpg123 packages. Regards, - -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `- -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAllgnoUACgkQHpU+J9Qx Hlg+kw//aMiin1HrRIAHaXgL0sj/JYMxIG9s9aDqC5nu6EHQqrymLqr/6UTWdi2H q/Tcz86oG5nEkshA7k6pg9iMoVBqfE6fKU+3D3uchzOjcoNBRgRXM6RbD+jnKEp/ MGqXbPuGXJ9AzULH0b4ihuQbwwiZpQBqQulUpJW7UGHDjgZc9+cEK4zIXbo0OSfZ mcbsFV7p4cbmzWPwgQplcOsB6vg5/kHoaj4u6jMBuZoehDuG4r2Ts0/rCnKMTTFM FyYC7EuJPCTjcBZ169rRQwdUEdb4TETrhuMlhXezTYZK+hbRC2Gxc9myWQ3Mcz1B 1w7CSvIcrntHq9yZ2k1zXJgHDNwyv37RYlkQ/wpBu1M1kTE/mEAYDiYKX5ESo2qi klqc03mV0dAcjhecqpZjRetGw3Vi+YcHk7Ag1dmTx9xISdBqUAF2J6DK9hizP1aR kay/560OkQCBUW8huYiZqTX7s3lXYLo02NevjB3ayZDNARusBxvXNQ66X/AvchbL DPSV9PyBLgXRWZ9AOHcb0wZWo29OMnete09NO1tH+6JpeXlFfsmixxKuzoCXquam Yqu0NWciqcYh4bStbdT1f5sdxmnnIgBc7mUjUlN2WsCLNGAl0KRMyg4R4Z3Bn59R qQNJZcEK8+ME2Tcj3V+QlheVedtVARCdex/Z/tw6zn0AXcIMRQU= =vDxk -----END PGP SIGNATURE-----