-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : cracklib2 Version : 2.8.19-3+deb7u1 CVE ID : CVE-2016-6318 Debian Bug : 834502
It was discovered that there was a stack-based buffer overflow when parsing large GECOS fields in cracklib2, a pro-active password checker library. For Debian 7 "Wheezy", this issue has been fixed in cracklib2 version 2.8.19-3+deb7u1. We recommend that you upgrade your cracklib2 packages. Regards, - -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `- -----BEGIN PGP SIGNATURE----- iQIcBAEBCAAGBQJXuIwzAAoJEB6VPifUMR5Y5NMP/3Cuq0mb+7v+r4D1YcRCtCet O1hGCIey70ynlWsr6hVRcemRA4jHSCKFRXKZ0Z8ZS/MVPgUCg7BEZtH06nGSSQXG YcWXhnaaoNB9IRLpMXWy9pX3pzVk4TbcVtIIFBGvpK2+eWGAGbHyLIBQ0qY5eid9 krtAh9Vwhu12pD5jCmjHTLwAz41V8lXKrPNtLnVbSdmWRI3+iOUA/L6H8D/BQtR4 4GQ8MQK7zxNwpwgacKHFK3FGoYq/2OJZTW++1VBkrnp03aFsrSMDxsDPNM74ggkl anUkpBCQ8CC2IE9e2CtIAa2jUnnNC6BL93JPcXySJs5vIIxgGrvouLF1sT3dvn1/ S+nNqE0joYQKMP4dGVECODUaBsrAc1HPsL/y+vZPfmgiQlHQTHvS/e9qM9vrlqnu iE4Alcz1EwrGsZXI2HzT6yrwgBVgC4mSO5Vk0JibV3Yd0vXL7h4Zx2q6a7V478WK 9zRhjnUWVffB0xVFyjDhssEimyJmhPDkcxnZE7lrRQO4GbnVaRO0wGV0QmUjoaW2 WoDbbeUOk2+9dS4ZrPCYySKyUxvsntjtpu8hRNM+ZgLa12rp6NwzoA52tLbF8S2b cbqqUmRrzeZuXQRDz9RdmOjAxchWHdNyHtmX8lXyziF/p8nJzfiZxJFf70CJDbzX hcW6mYS9q112J9jjPPeB =XQsA -----END PGP SIGNATURE-----