-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : lcms2 Version : 2.6-3+deb8u2 CVE ID : CVE-2018-16435 Debian Bug : #907983
It was discovered that there was an integer overflow vulnerability in the "Little CMS 2" colour management library. A specially-crafted input file could lead to a heap-based buffer overflow. For Debian 8 "Jessie", this issue has been fixed in lcms2 version 2.6-3+deb8u2. We recommend that you upgrade your lcms2 packages. Regards, - -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `- -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAluQ8U8ACgkQHpU+J9Qx HliqFQ/+M6I99aqzaHZICb+LmfmMWz39zrdLz8hge9hbctIHYjkp39myOnA3Py7z hZfoxQMrod4yRgvOhKOcYblByBHCltE5HNcW0RAcbEClZUrNQMtPcaH2Ek7QpxPy 8MA4nUjk6cBKQGMFUYtDvqueyp4a1CldHxsSprLFSVDq01cuXRxYKm+Bj+FUQ70o GUZVj4pnDycofJdwheUkMluXFOnTBp7xlabJovn3wOia+hCjoX3pq8JJJCEqsKiy m7IO7KNzlBr6VUz2nTfq8sxWFxL6Ta7h2e/NiIbFJiXRInueoBXFix1lY47tNpII 2yDOCPqR3WQ8xyT/M4eXCzYsDzL7ptjzT8Y7onDiswg8xtvh0jNI4q0BYtaEqa2o /9vgOLIQVP9aEkDbch9aoW8eeFyDX/ONDCWXKIv2JGeMH003UZf6aGjMT234NHK7 3+ybyISq81OJycT87aYoGULsYGK2g2mdVOUCrZgiEkJr6wlrK5Ztkinkn2Inuur4 2naAfoj7Uk8jPuZUkq+g/sFpBqtVEheSPLXXoow5oLUMxtYuzGL59QKTzhgS7ny6 441PeHrw1Cp8Erh+tQvUcyxfsyJqIRslHFekQgRh2jWxviJLjexwWvaoNzn1H/dm L/6Aa0ibtwVDNtyB0CrBqIeAvL23525HI28ELkHgNY67kGdt3xg= =qO9g -----END PGP SIGNATURE-----