-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Henrique de Moraes Holschuh uploaded new packages for iucode-tool which fixed the following security problems:
CVE-2017-0357 iucode-tool v1.4 to v2.1 is vulnerable to a heap buffer overflow in the -tr (recovery) loader. Using specially-crafted data files and a specially crafted command line, it might be possible to leverage this heap buffer overflow to cause heap corruption, which might allow an attacker to run arbitrary code. For the jessie-backports distribution the problem has been fixed in version 2.1.1-1~bpo8+1. For the wheezy-backports distribution, no fix is necessary. For users building directly from the git repository, all debian/release/* branches have been updated with fixed versions where necessary. - -- Henrique Holschuh -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJYh3giAAoJEP4Rv6aLFY6YcrIP+wRDxWJjKRxpNTc1ZKC+kNx7 csuJsF2cQJQC5wvg+5lDFF9zHdn7GyCaW1Hgduz/xstBHetbbt275SWAI9lFiwCg hby8GrNkj5pXxd8484fc7jXnYYTKPxxMnIrBwf2qlyNb/C508HyK/WiYT97gziSr w+unTF/pxuQctAcKQgEpxRoRQA17T13J/I/MMjonKSkoNh157VAuLnUTN9qHUl4m LnRpvDGKUCDjBJML59sn7yatkZbhtdTF6CutN5OEORt4KpEet59pEj/rewb0UNjh kQd4/vczo1HhQME+gxz1dyEcKaqVxo+gO8q6oMi9QxgkqZEgPYdC2gHE5cDxIir7 lG55bRHm1AMzwKuCs1GpeFoGB7hxWlCuXm24g2KMyzUf6jIpCg2SEMCh1q1yYWva Aso62D92p+TRDCdn4pyrqTlR6c8AUAxN8acYbWxrRws46D0EIiM6ePS29/h0tpDW qxruP+7cWJ9dgW0xbMnnnsAInFkr+7NcYb/iU92DBMoefq1U0x0jvWv8srGU+cJx p3S++c4KWx+4q0ieBLpD6qyJ8MK/9xgXUgUpwJaer09gvFCNuGQeUHtHfQfPGWxV FrSZSIciI/s5Oc6Ri3o67LRp120mlqDNt+gO3uefEg6GtabCxbVNmRqb+NQFn5MB UGhxfXIxkztuYrmPx7Do =uTHl -----END PGP SIGNATURE-----
