-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2772-1 debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk September 30, 2021 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : taglib Version : 1.11.1+dfsg.1-0.3+deb9u1 CVE ID : CVE-2017-12678 CVE-2018-11439 Debian Bug : 871511 903847 915281 Several problems were corrected in TagLib, a library for reading and editing audio meta data. CVE-2017-12678 A crafted audio file could result in a crash. CVE-2018-11439 A crafted audio file could result in information disclosure. Additionally, a bug that can lead to corruption of ogg files has been fixed. For Debian 9 stretch, these problems have been fixed in version 1.11.1+dfsg.1-0.3+deb9u1. We recommend that you upgrade your taglib packages. For the detailed security status of taglib please refer to its security tracker page at: https://security-tracker.debian.org/tracker/taglib Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmFWIdoACgkQiNJCh6LY mLHWjw//VdPaAw1mTEYLnfkkskexeWE0W3B4p5YO4zMR2UBBZ8Wbp5ngot6T9bQG 9QnFvoJIa1ihL9t+SIDr4NxslF2nYqQzeYSrKKuTIIMEqEy7KkiSPqYfbQZ3Az7V t4yS+3JToBIx5Ym0I+CCh5FG8GjNtm37ps02dLL72mPSisrf5ggts7kqPzLEvT5W KeKiWRZamDPK9lZ35TbhNE2m3JkeHQOM7VFqzfrPfQGaEI2sJFWOl+XVkpo1a/rS AEV9EMApwTiv1wGwkIBz6bIFVfCEjCWxYEkGoD/Qj3OP6Af15ktyUzQQeVzQKo6z H9Hv9843XYlRl+n7GgjUswZswSvCBfvrqzlyjUdfthdIthPlsL6jOHgyOQ3xgPvG 0fLlQw2xkFcn1pWmq95WZL83jnboxFBx5+E4oWyDUzOr8zHxWgI+4NiCsazpyklf rkYtg6wKnn77jpnGeZpiq0PjaNxRoS3LFHQNGwCnSfimb8B16FW2+P3zQs96bzZf S0rnFkgKsa9hK8G11qRhn5Az9KF+OhYkYMA0C3yDqngWnXe7ZD+s6DXRLcgKf2vD Nu6AoNo4/CEYTr4BiZCmVf3S/UFeKrX0n5AQdP32DyPwlRXnlOrFLiXpJ2hT7b7c Ql2PZ0WRWh2ApBCczqkjmtgDCd1kpXdwjtDtNp1WKYfuucEImdo= =9R2L -----END PGP SIGNATURE-----