-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : rzip Version : 2.1-2+deb8u1 CVE ID : CVE-2017-8364
Agostino Sarubbo of Gentoo discovered a heap buffer overflow write in the rzip program (a compression program for large files) when uncompressing maliciously crafted files.
For Debian 8 "Jessie", this problem has been fixed in version 2.1-2+deb8u1. We recommend that you upgrade your rzip packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAl6lzrpfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7 WEeT9Q//ce61QUo3EPS41zV71daeql3YF8cswmYa6r2n6z40AxD2qKzH1P4yjF1W JoSguJTwYOtZf755t3QqOsy6pCE53tOgCcW+xi03Q6oc/kZhKkgaE3hEuIrCsUjK FeROqGobwHWhQzgpIEA1XyM22Xo6Nit0eRBZL/zr9O5tjX9ckX3g9wn8L+kHDnYx rMV7cpcJHZxV7HYAV+/7or1T75bNwjTTTJ3JcwVGNcyNkGIo46MZOFNp3iGZxSVA 9y5edv+NzUKmABXnD1ibHS55a5cGf76VaTtuGfdRiT4mKTIxU8mFux/1/Jfuiyrh I/CtTLvHNsiVraU+IIyH6IXcR+JzheyO7d2xy/ZQArZBG2lLjB2ylQ2P2aSffc1b 8jKqYHUc/2BS1wUgLqBMn3jrBmh3zeYV0yv4h9oYMmKZQ05ZfQ4M+l0PCM9ucBN4 SXGZSpVOyDDyEW9IcvLYUYjH+nnkK2sasSsX0XZScX6+ZZrVJcjktz4cnpFZZphH Uvml5w83z89Jg96S+ZpQvvpAYohftRytnSrsuALCJu73WQPznE+UtACw6781mwJM +QCtB6rNTLoi7dh53qYjxgp/kJ4RwkolMwOfJjhe1+V7iIiBJjkIm6iPVaMarURy x/zeNq/E7A/q26IDCyFzIPeBp/4dtjJdqhSjy/eyEnpJxXvf6oo= =e6Id -----END PGP SIGNATURE-----
