-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ----------------------------------------------------------------------- Debian LTS Advisory DLA-2525-1 debian-...@lists.debian.org https://www.debian.org/lts/security/ Utkarsh Gupta January 15, 2021 https://wiki.debian.org/LTS - -----------------------------------------------------------------------
Package : wavpack Version : 5.0.0-2+deb9u3 CVE ID : CVE-2018-19840 CVE-2018-19841 CVE-2019-11498 CVE-2019-1010315 CVE-2019-1010317 CVE-2019-1010319 CVE-2020-35738 Debian Bug : 915564 915565 932060 932061 927903 978548 Multiple vulnerabilites in wavpack were found, like OOB read (which could potentially lead to a DOS attack), unexpected control flow, crashes, integer overflow, and segfaults. For Debian 9 stretch, these problems have been fixed in version 5.0.0-2+deb9u3. We recommend that you upgrade your wavpack packages. For the detailed security status of wavpack please refer to its security tracker page at: https://security-tracker.debian.org/tracker/wavpack Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmABaXsACgkQgj6WdgbD S5aJrg/+IN3Qo681oqQ8UhGMoY7sORVnwsIrTFj9PkMPsOPCQY5FOPHPPGDYJAvT k9YkskGwtwnTn1wjnSrzpFEh74rOaWmEvdLoy7U4Cyqgqip0MeBw0PfTUAtytLis JIbcUhHvLHZwTQYG8BLwFuud9IjaX2a5xeVc+O5dGn5mOI4XOc9IO4h5uGOrkfod 2X5rhH5ft+D5kMNcJaboxvnNe+lAEi/ea779uXuB6va1UEmEtQUbi8LuaIopCt9c Mte4/nLPVxCL9fwsdoaP6Le1BDois6AL1JzAdw8/btJibJUmQ6Ji1z6z6x47afNX mudxqCPs7F911EPGB9XFVMry30OqucghxJzqIO3MUiTnnPI8NUXBbUJcW98L+AKi 4OVaC2BoZKpAEOSaOJeLLBBkz0fU0yJfeE4vP51Kad4JdIG5+8K4xvsm++Yf+Kdo aSgYLeAwaPBCs2SOOwzWM5RI0BNwf0STmYJw14UJq76eBZYgdQw0CuUnq9dU21xm 3uesY3RiUnbOhb8z18EdDzMGZjgM7rIdROwWPbvD1UvAefbViCLEzVPvVBGtbKsU /9cA7IyTOjaXywxvJW59ONCah1IodaEGtqEonA5yjbe/z4vtihSRjJLd71LWilYN 2V1NH7ow/Z4NJdra/9xIqj9+BgdmD00pGqN3WL5OPTHcwnBiOeY= =7FNQ -----END PGP SIGNATURE-----