-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3967-1 debian-...@lists.debian.org https://www.debian.org/lts/security/ Bastien Roucariès November 26, 2024 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : mpg123 Version : 1.26.4-1+deb11u1 CVE ID : CVE-2024-10573 Debian Bug : 1086443 mpg123 a popular MPEG layer 1/2/3 audio player was afected by a vulnerability. An out-of-bounds write flaw was found in mpg123 when handling crafted streams. When decoding PCM, the libmpg123 may write past the end of a heap-located buffer. Consequently, heap corruption may happen. For Debian 11 bullseye, this problem has been fixed in version 1.26.4-1+deb11u1. We recommend that you upgrade your mpg123 packages. For the detailed security status of mpg123 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/mpg123 Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmdGNskACgkQADoaLapB CF9O0g/9FhyETELnf2JIWnWdNA78WBQGha1jOl+CXYTHMnw7vd7r+RWvwNd8KkH2 X3p5BxfBvjFuUX9f9bmxrahmnXC9mSu2ReEqh2OTZsds+Mie7dnlkxxV33paTJcU Mf+dsJ6thYGXomLE0EJlzlcL4DEdgWh4cwdJC4VmGYV/YlV4nUSmvIGa51Pfr2ZT hTDJlGsoIm20K9YVv1TsAEbGIGOK3gDX9n59jEZQxUXxVLvBr9RZld62gy5aun6P pllX+fFabKbdkjF7wVevKaCFNoVfTcelTumYQD59OGQdXFIL+egXoe4IeOCitFF1 9VLw7p4ZIcRQE6WnaFdAPprJetpC/2q3IC0uEN+2ajg5uA8DkhDPbmss20Hyoa2h /kJ8lQ1iFnekX87UMDOUQJ31GUImfB9QUF4Mp6SvZrg+EbBZaw8qTf4047XWofzX DHNJVK68CIOr/UpmnKp7Vrr35wWmMssFmQ+R1Tj7TBxrinPa1nJ+JDyybSrpEeVj ep8iCBFTXxHl/P+jmnp6aS9Ij70KiQlRAjhSGjVEzsJu01WzoaMkZ/zdvN2Nd01A bCMiQsAy68uMG1xSx/i7tm02z0a1vY85a6XEpqVWHpl5q+kmFtCeMcCRkqlDIeHN VoNu74IKk09FbFpVZDtbgV1ILrgzNE3QWqdslBl63jXP+KkJrxc= =ozUF -----END PGP SIGNATURE-----