-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : xmlrpc-epi Version : 0.54.2-1+deb7u1 CVE ID : CVE-2016-6296
Integer signedness error in the simplestring_addn function in simplestring.c in xmlrpc-epi through 0.54.2 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a long first argument to the PHP xmlrpc_encode_request function.
For Debian 7 "Wheezy", these problems have been fixed in version 0.54.2-1+deb7u1. We recommend that you upgrade your xmlrpc-epi packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQJ8BAEBCgBmBQJXm8cDXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5 NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHzywQAL554KXIGdo3zoPZEoNC3KPU OTVG4HLh1deYDv3H2JvfE71PwsOwS4jlnVby5a1w6Bzjt8LHqScpzePy0OzV7I4/ IzJdekAHwQPe7uLWRAm8y+3v5e9mE9NbR75DDpG+3MSTx/biupOESYRkqOBlI9k3 RYMTnzOFS3TNs44DByIPyQ/yD0wti0tizWk8r93cy2V5cdhkt541iJ9xpUuhvnxD 2SM9EJTT3eGOCgP7c2atGzYI6+PeDvAMce9gH340RKNSDcPs15I+BYivVWmGQR5g uC161aaC9rb7uMWRGgR8oxJCOuFLFRYM9mSa2obz2P+QAE+nDDXk3mvlbHSq4/To Or/3dcEgq8BjnUQg/qZp5foOO4poLkmk9z15g+vP6eIRd+wDc1cjLoH19DVbezoA I6y7g3YwUcjwvi/MmLbM6r1YEa1pMPRYx4y/h6lP+rMfR1LFcaCr77rsynArhCFw xQ8s4vuPw2hzic9ndJwpiTq9A7bV1tvLFibbwDs0Q7231Iv4TRbFYYJlX5JuOers IPFXNPQ5Pk3YLOCm72PjxHsc7ieoAGGShglE8WnGBMOKxUjeXJxGbLyJLdPMbIKJ 6d7ir5Kzm0bTwbwvIq5yNUjo1/b6k/WZJwks63cOpFW5LtCZcXZnmJsy8lSyL+6Q F+wYNG6XnUlfhSf5ELyC =uX3E -----END PGP SIGNATURE-----
