-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ----------------------------------------------------------------------- Debian LTS Advisory DLA-2951-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta March 17, 2022 https://wiki.debian.org/LTS - -----------------------------------------------------------------------
Package : flac Version : 1.3.2-2+deb9u2 CVE ID : CVE-2021-0561 Debian Bug : 1006339 In append_to_verify_fifo_interleaved_ of stream_encoder.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. For Debian 9 stretch, this problem has been fixed in version 1.3.2-2+deb9u2. We recommend that you upgrade your flac packages. For the detailed security status of flac please refer to its security tracker page at: https://security-tracker.debian.org/tracker/flac Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmIyVcoACgkQgj6WdgbD S5YSSA/+ODymbCSUcKvEkVHb9Jr4S7nb6lbHxGqfaQ7EShnd8G67m8UOPCIoq4Uo BrzenVa5/vTuA+kxvq0vsS44nESuCBr3mDoK/rwJg1B6qnRmMw8eicAw8gBR0OVe RQrqY8JWCiN2sT5craMpBuffWqEhN9aGU0w/qkZtYWuGMF4/VFsbfE51poO+R+O5 3ji1CVKSwh1zFV/k3stSxSKrktEyeLQQ4kCtGAJh3YSOpa4l0Tj1oTpxV58J8PCc ZDC4hGFmEJCDvLyUl1xdtXYv6I4Go/U8Hmjhiz5qrz4kuYOHtwXqz6+GplJlBHwr I8B1rohPjpRA299wg7mLu0ktMHxAR6DjkkSQuAkPMWj7Tt+WLfjPCprTAu3ilvOL qL/O36wOaSi7Iywy9eK+3KdWUfP9GKCCaBrOC4eU59IwgUg7prfoRxxIlmO6u3mR IOkoEvtp6JoYmHSA3XGqXXvcjmkCNPJwVAqw3riIyg1ujBlfQdN5dk4Ww4iv2F94 H2UWZY3dh7yJ/JfKDJ3kF2vPepwykKoyqp60ytFZBG93YLW4y4B8WjkiMExE1UOj WyD4vmusOk+GierF8qA7kfonlxNirQqi/Fevn0vL3/hftYIfS4qUCY2ON7V3ZTtM DaAu/WRBY+9Ve6xnE/oydUXGsLc+jtLI1SXVPj9TdxoQYRMOvpI= =BeVY -----END PGP SIGNATURE-----
