-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : apng2gif Version : 1.5-1+deb7u1 CVE ID : CVE-2017-6960 Debian Bug : #854367
It was discovered that apng2gif was vulnerable to an integer overflow resulting in a heap-based buffer over-read/write. A remote attacker could use this flaw to cause a denial of service (application crash) via a crafted APNG file. For Debian 7 "Wheezy", these problems have been fixed in version 1.5-1+deb7u1. We recommend that you upgrade your apng2gif packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEErLe2fxl/mzIVM0McrJCsPsUkBl4FAlk3p8MACgkQrJCsPsUk Bl4g4Q//Vs+SxqSSCtU3BwKik5no/0Kc1rEXHH2Mc8CFdcsu4bYfkRn8eSJKa98k v02YrHYQqTM9sFmjXjYQIdh/pyPAUU51bqXLQOSn89RbdW5z0DCGYkEpYoSZoxG5 egsL33o0zCLckRFhAYBR7QC8z1bcBh3HpW5DSJdyano7sePNCbzkF3+pkaJFmn0a MJWT+cEwD+F4R1jSq9EHxT2ecrwP+BAWCmTgzYpF43qLXH8znnXJhKI9Sxv6+GOH J7MX5xhFZKOQKd9NKc14Y9yBMzV+PGJRvD0e1wqd/E1YXhaAxrD2AlDOc07HFK6B +bJ6/lRSBWpyOLDhnsig0m/Ji6x7rNDmZoHmOkY4Dj7d2Y4O16ztn0s54gvO/DVh OrOhhUFKDHuZ3z2hmFK9vdw/p9R+4a5nI2Ci55ggIgXZ69+hvtpoMNlADVG1iXFW 11LRjac3F1tP7iHRtCRXY9HdHwb4D82/a/+9vV6hOPhvistCSwxFQ118elPbq05a p/mubHey1MSM1Iqo0AICBxye+NzC+++QDXbUEWeXvhyDEwz+5mIAr3WuxBpyXuno tz0wh9p6hvmNfYLo/lz09uLo++Ze0x0c5gCroYJSZA/3S52zQBbwo0+i86/qDG3d AYY1Vj4ZfiM8jZxPi/x25tlIovCx2r5fq1GszcJwr8EWgLd0EM4= =anaS -----END PGP SIGNATURE-----