-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : libplist Version : 1.8-1+deb7u2 CVE ID : CVE-2017-5834 CVE-2017-5835 Debian Bug : 854000
Several vulnerabilities were discovered in libplist, a library for reading and writing the Apple binary and XML property lists format. A maliciously crafted plist file could cause an application to crash by triggering a heap-based buffer overflow and memory allocation error in the plist_from_bin function. For Debian 7 "Wheezy", these problems have been fixed in version 1.8-1+deb7u2. We recommend that you upgrade your libplist packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAli1jqxfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeTjaQ/+KUKpGre99hafCXh8wu5Bs51WKJvmNaR/Jvjz+ReE3sxY2UbDMZDfA3MU cqiV1HxOFvTNQpGuulxJr27V/0+PjNaas1dLXRuhji6pB4QQ+iDvJxryJpZGaAdh 0qRRJmmUcrCvPWhxyALzrcwEDRltVeIPcsGlb6xjLSZDf2nVpv9HLCm3MDlRWps6 czufvczq8LqjzvAj9isKZDY6/xXaZXrcpjJOtgqRhqQtWH6o81zOQCfLgUeYeRGQ qiRnXkRjr77PmRSVqIqmKFH/L/WuzB2CcDhEJ8mtM2T1v+m7Q6oz3XR1YJWpnMM4 8OvflrQxEInPJ2ER6K4mZ3TSyFmSqW6V+AO0XlRTbRVRFJlJ0fUs9Mzl/EdVPlMl OKx1mRE/+fsWkOkneIdvHRuXDMvXi0RvW6SonDUWG7bxirV3I9XvWp6Ufm1K8JZg 0qeWjIbVTOeX+7QPpgqtlHH4rYgOIiw1Tc25kim0oi/G06dp1wzC2SlfdiLz1MaI XNcc1MpKr7hXKF5Q6Q+djdU3tmIk6aZUsX6OwFaiNNc4jxmOqipjVw/BehdvLBxF Jtt0VbAXrg6ni9OR1aWlPzfjywhuW5TLsHCJYq+nsiXuFjqPdCvB8i0wjbDfaul2 IYDiBmadMUotrpDWxOscohrUekI5wCNVsmARzg4XGL0YIR15E4o= =wMLv -----END PGP SIGNATURE-----