-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2868-1 debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk December 29, 2021 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : advancecomp Version : 1.20-1+deb9u1 CVE ID : CVE-2018-1056 CVE-2019-8379 CVE-2019-8383 CVE-2019-9210 Debian Bug : 889270 923416 928729 928730 Several vulnerabilities have been fixed in the AdvanceCOMP recompression utilities. CVE-2018-1056 Out-of-bounds heap buffer read in advzip. CVE-2019-8379 NULL pointer dereference in be_uint32_read(). CVE-2019-8383 Invalid memory access in adv_png_unfilter_8(). CVE-2019-9210 Integer overflow in advpng with invalid PNG size. For Debian 9 stretch, these problems have been fixed in version 1.20-1+deb9u1. We recommend that you upgrade your advancecomp packages. For the detailed security status of advancecomp please refer to its security tracker page at: https://security-tracker.debian.org/tracker/advancecomp Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmHM1kgACgkQiNJCh6LY mLGJlBAAswPtPEg2XbjxgdH6NaMi68OB2rx5/GbSMMAoWMscFA39DdbJnRupRvXR Q3yq6EzgcUBhFvvGku6hqiLz7f8eaavYKlDHeTye+cWdRxb5xYUmEnu+FEacDSRs aWmSxYimMi33Mtpc3F01TWMAmyOjSAZHja+Je2FqpJ8IRL6GQHqt/e0qeYLzolUL 1hd0OpsTNKIzhcFILeH9D0w70/JAVDb91Oi8D6cukOKDnuUWK/gjyll60odOB0CH oy5ua/ArRggTMC0be8w18NafD6wOaG9r4jVAM075FW6XP3EjxnsLD50nTIY2XhGB UMQhx29P8QRs12E20soycMIUxkiksoBLarSbq+tRLCRo303bXY8IvO5INw1tFHuK 1xe/N7OeVLQl82p6QvxMexymYvtUB/xp/OXWn50ARgPbKTlMrsdYcvFwqjRthlsl On6m4EnkItMFZLCCOTqaV1RdNSFLQpij1BU501nY8SdGX/Gb4ttA4nrGlLeT7q5Z QuZ8a+9JMSI89cK1xrd2MA1u3DEhLj9jmsV2jG3yWUZRxJHYIWJ6nx/7/C0M7z1L LGuiqQd4XMcbxeoDqb8Gab9hivxfpLKUIqD0jR0UCY60P4WbbQmcQ923qljonGZR ew151zJv2wOHtAfCyNRpXCmN/ExyCK3/b2LRUO82zVXZK3wzDV4= =qhuc -----END PGP SIGNATURE-----