-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : ming Version : 1:0.4.4-1.1+deb7u6 CVE ID : CVE-2017-11732 CVE-2017-16883 CVE-2017-16898
Multiple vulnerabilities have been discovered in Ming: CVE-2017-11732 heap-based buffer overflow vulnerability in the function dcputs (util/decompile.c) in Ming <= 0.4.8, which allows attackers to cause a denial of service via a crafted SWF file. CVE-2017-16883 NULL pointer dereference vulnerability in the function outputSWF_TEXT_RECORD (util/outputscript.c) in Ming <= 0.4.8, which allows attackers to cause a denial of service via a crafted SWF file. CVE-2017-16898 global buffer overflow vulnerability in the function printMP3Headers (util/listmp3.c) in Ming <= 0.4.8, which allows attackers to cause a denial of service via a crafted SWF file. For Debian 7 "Wheezy", these problems have been fixed in version 1:0.4.4-1.1+deb7u6. We recommend that you upgrade your ming packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEE5LpPtQuYJzvmooL3LVy48vb3khkFAlpXQgUACgkQLVy48vb3 khl+kwf+KzzwzIB9vGLaggt00v6QvOXHpN05vEl9ViBjdjx9EHmppCJ7tGdV7rb6 Oo0MS0Wam76GGVGytNlunY8IoyX7JR3r0qs8kfn5BhvXFgrLTN+e4CX6PMU8ReDq jjaiT80gKeC5vIIIRng3IPIYBm57IwraajbnozBxKPqfOif9E+/Hvbei0BhiR+G3 OVppnz0AnGZcsBZFwcxvklhD/enT5pBIFzfZgtumGOGa6Rt3NQ2MZGdS3ZIdMrkl OeEgD0Qdrd+CUfiMOxJRzKekxmC5dMqtv4YsZWzoHjAodiMu+tytWyQ1xKXwKzil D6fBbtcdZ95tKGrsC5nBvWm5SEJqWw== =u/v7 -----END PGP SIGNATURE-----