-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : sleuthkit Version : 4.1.3-4+deb8u2 CVE ID : CVE-2020-10232
In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is a stack buffer overflow vulnerability in the YAFFS file timestamp parsing logic in yaffsfs_istat() in fs/yaffs.c. For Debian 8 "Jessie", this problem has been fixed in version 4.1.3-4+deb8u2. We recommend that you upgrade your sleuthkit packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS Best, Utkarsh -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAl5pEzoACgkQgj6WdgbD S5aZSw//e19QZDANQpVNJGuRs4OapZ2CtpIhgY8jIADHNeEs8C6w0ytwzEjaaaQ8 pjWTGHEuthZ7rGsozv7rmyZmOp3rtVcrpRvfBTsarDLmgL/CmjFG2lp2It4E76Qd T/T+7xZyunQTw4tELS/tdpB8mueG9lqNxB6KeQLb8WWs8v3gocuHdg/kGI/HmLuQ gY3nhWoiGdQSfRfZXNOGO2OSL+z72UKdoCucfv7Cuydkj5lAsNO3U4KObaLwNwVz Bnpk8FGf16EIY5bq2VNv/sIF0huEoMOpWZpI1VozPwqnRplWchguwn+G1ERE40v2 ha1t7pI/iu9svMuMjBD4F3ECOS7RiTDLaUIcIeMrDCdIvyNmOb397pPWC4/vrPs3 K+ctHekkn/5h0BWSbEZxm1FYlJRGePOR/mmZ0gJhRc0sf+hlVPasYVTkylIvGTIR unUWFnC+qHTZXBjAAAkIPM9aZQvtTpBFMVCqo3GqNLKper9c5LJ1AVY+yUqpqHjT X0jCof4Ak/TCJGobzBS4cLsp5G0IazU8VBRPCrVr0Jg3nzd8WHkMniCCI6P4y867 NGsZgUyduhcN4czCrqPT3M3ESD1nAUeQIjfkFhzdbNI7ucF6Y13mTtqx1I3Nmj+c Uoc5rMNoVbZpyzqHLzlOOlTzcwQIHG7Rkgkx+ntDWUrszBMnBA0= =WRSv -----END PGP SIGNATURE-----
