-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : bsdiff Version : 4.3-15+deb8u1 CVE ID : CVE-2014-9862
An issue in bsdiff, a tool to generate/apply a patch between two binary files, has been found.
Using a crafted patch file an integer signedness error in bspatch could be used for a heap based buffer overflow and possibly execution of arbitrary code.
For Debian 8 "Jessie", this problem has been fixed in version 4.3-15+deb8u1. We recommend that you upgrade your bsdiff packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAl3dmR5fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7 WEdfbg//esgosF/QmWOO1YensbcRkW3wnBh8Q4gzPFbOtUmc/OjeW7ACSlCYr/XU mwBd7kyq+X4SVVN2PMVK21IA2YxIf0UQaKkCX2ThxvEJbxg5tYBM5mBIF1S9NqtM 1Br6GOgT2bpMKfNv28thYjYKOfb1VwSahnTucsK2zoiUqk+OuKAFHUeUupOSZuEc T5ACRQBRZwzR1FhAsahrV19ADUg4cP9v3J3HQsurDiZoDw5g3R75zcaMggAdriPc g11hhbvwhHMMqaCv0lVaRflCLKadvQ4YEPzS1eSb1W5JiK9mjOASLQ52t5+TwATM OT+QIXbXqonhvlhmnJ+4BXfg4NDw16hUNOqErhiGqMTcADKEUS35xic2h7JA7cwZ eMB3n/PKv+HfsMiYgn7htdrGfzckyNgByjXuPyXQA+0ubEUwMyb6cLE1OvCw8+CK JZh8/SKlWLtUMqxzSOt/zm7ddoQGb9uTblKAnI6/t7Zg+kekB7csK6agrOSa7MMq Vi0akSNSByNNPZEtStIJpXAUFoVWcYMIxBxN7z7ACZ8K0RmnC0TSIwABzVXN3C2y IxJkngiRDrF6GbuA7yXsPlHajt3S74iRmV6oJt2KdXg7ynbvvuRorC/rKC48rp59 FDuY9hOahIdNBv2/yGBO8tdVWv/9VB4umVZoKpByS5vj1yXVyXE= =B1g/ -----END PGP SIGNATURE-----
