-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : libextractor Version : 1:1.3-2+deb8u2 CVE ID : CVE-2018-14346 CVE-2018-14347 Debian Bug : #904903 #904905
It was discovered that there were two vulnerabilities in libextractor, a library to obtain metadata from files of arbitrary type. * A stack-based buffer overflow in unzip.c. (CVE-2018-14346) * An infinite loop vulnerability in mpeg_extractor.c. (CVE-2018-14347) For Debian 8 "Jessie", these issues have been fixed in libextractor version 1:1.3-2+deb8u2. We recommend that you upgrade your libextractor packages. Regards, - -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `- -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAluCpsMACgkQHpU+J9Qx HlhwQQ/7BJ/MbTr9F4zWumr0slSv7Cy6jb4SUt7DoksTfyERdQwqVvfZOMClskth 957WeUKKbNVYbMBBtS3SZBSefzYJhNUfGwSWESW9FoAbrandkp2lIVEEuqBxGnRn B+znSd3hAkpt1xaPEKSgqAZhMAr7kK7onQbfNJg22jK+6irp4ToCmE7zHjdcoBTR 7bk1iBE8ZaHCUnlCTtdrIh7fMW4WxCeUkJWdjxMZ7HdxhePYHt/A3EWhy33rfSBw y09I6IPdfo0v/jtnUZc612ytEK540wllRcFvsK+Uoe7o9USmSuY7vc7I8t4mT0fM BvBnrSMZiY8oBDOSkTDPFpHB8yP5lEBGMmEnzTOJu0Fy7AgljA5gSXpvB1EfGKg6 tJ7v8JQ8Kt/8KD4pQF5kRhUmDzubAkFFYWTEpmP4eVHHkziN3yLHlW54f/SOrETj DDrKfHSxEvGexolZHeB88nxqlKANiLVhLTRKy9b9FSkiistm8jGyC+U+ivsn70vm vNMkdHsh7J6A8P3LPrKxSWFdwdlU2suPiMay4qQ8MI9UHNK4rhlN9RtwzNDMBdco JKUx9nu80gGOSF8TEj6PLBHN+yzKG6tEo1ahVDM+koSCdNTmtaGK5zJoHObf5uhJ xCR6x7XKgSi/bHnzjVQZPU2MwS6lMW3ORKbBVjzxY+Xk6sryywI= =6Xno -----END PGP SIGNATURE-----