-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : bchunk Version : 1.2.0-12+deb7u1 CVE ID : CVE-2017-15953 CVE-2017-15954 CVE-2017-15955 Debian Bug : 880116
Several vulnerabilities were discovered in bchunk, a tool to convert a CD image in .bin/.cue format into a set of .iso and .cdr/.wav tracks. It was possible to trigger a heap-based buffer overflow with an resultant invalid free when processing a malformed CUE (.cue) file that may lead to the execution of arbitrary code or a application crash. For Debian 7 "Wheezy", these problems have been fixed in version 1.2.0-12+deb7u1. We recommend that you upgrade your bchunk packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAln7pddfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeRVZA//XWDFB88JCDrmnr3YfPVaiTYRArYvxdoEUyk4WNvx6kRe0ZFxhPqlFC3h 6lk6Z/fEMW/h+E6ox0xtXKqDXXn+zjtbBr8POhUr3AfuW+n9cHakYTHEBFjGxjYT saSDsdhZCOLCdZulEXC4vCnjdbXGNTN1kgOI2DHy+s4IBsaP0AB0bYDu5ihAPFuz II0+TE8qlphwSnXBoxT8DP47wKOvkS/w+z/k8KfOiN+74LTj5/JwZjyZEd3fwR7M L/S99ifRWR1UvcuF0bbrmrt6hET+fn/ZOYxs3h+ZPld50bXnMGu1udhjDZ7a4QiP qx8EdifKC3xYbALI6/Ovm3u/qQaYbaCH6pmbFsvE+ssMvSdRO9DGOEJQl/OxiBsc 2u7sKc2Px2hSwQTHy326jMyGDaDShSNjscZfgnkfo/waWW2IUHP8ps9kpPfurlOd z2BZM9nxVfL9facbxo8u8hMdzTPSoEn3sxzGNHOdjMznFp29t4b9TuS+N8dJDr35 3uu5FaC+bj4Jhk3WgSgjUI595Ewujhq2375TYk4DAPsimHdCW/Y1jdEE+9CS5UQb td4B3bjWYACwOndLbg92CT+PIXCV9vob4dA7refnm29QII8WOlWSA0ntxdtql9do LOp98aYR4g0J2pNNHfkm1Q5h++oHnEs6L4FdBmvOBai9Ks3zxuY= =Qgwv -----END PGP SIGNATURE-----
