-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : libvpx Version : 1.3.0-3+deb8u2 CVE ID : CVE-2019-9232 CVE-2019-9433
Several issues have been found in libvpx, a VP8 and VP9 video codec. CVE-2019-9232 There is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. CVE-2019-9433 There is a possible information disclosure due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. For Debian 8 "Jessie", these problems have been fixed in version 1.3.0-3+deb8u2. We recommend that you upgrade your libvpx packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEmjwHvQbeL0FugTpdYS7xYT4FD1QFAl3dnyUACgkQYS7xYT4F D1SMyQ//ST+X3vR9XI0cGjCUfUDFzDWVeQAUQoxbPk9qi8IqkVsUnvWNZ7nQOydT 5XM8noomSGds29HGdK9L3XtEpEJuANXo1FW8vbgqw3cWnjwpZxLVkmk/U1+UImDw SNZ4BjHi2WitSBwbS6F3ug1PdgCG8hbv8MQhzDZlWBdpuR/6PRqVRVD50mIc3vEM qFRxrWtH0RKTzdRcrXP7ZkDlhsL6XqGrdy/npLAeUKQZUEIEiqc7ZbmLx1/naASI VPiifmDrsCxjVHbc3WQbZpUo17PhsMZiiPU3a5yiGtFrTV3Zb75J/B1i1mrlyja/ BZZPzbMcGKymp+dMDyTMaLRJuoHf9thBHhduZBXHXZDf6FhCXLXBn/GygOWFpCOY CnjkgzVd+bgZGFFl8QZjKgXVGcLKGKSbyGfIGmfgtVX5kbQKWXPpasRj6j7NTo/u wNjLMimDM/lcEVeUjN7TqmLrNOPGAcuAE2gUudxcmgaRGr9ayFPGWR+mC6AJnzY+ +CO4uDj511URoboZJhhzlwPoBJFmI/Q1ZLGPWa5lwhxohMXRqml3wxUv5wApywsE JgkiIrwYjuu4lp/K1Q/wQm5WB+QVvC8kwUq7yh/2P+jG0q/N3Ey9PgiQVHnmzYvh TkEyXz0Nhy82+gyOaB1wV/pzj+xp224z1KgdHxB8Sw4jeVxEaoo= =jp6V -----END PGP SIGNATURE-----
