-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : advancecomp Version : 1.15-1+deb7u1 CVE ID : CVE-2018-1056 Debian Bug : 889270
Joonun Jang discovered that the advzip tool in advancecomp, a collection of recompression utilities, was prone to a heap-based buffer overflow. This might allow an attacker to cause a denial-of-service (application crash) or other unspecified impact via a crafted file. For Debian 7 "Wheezy", these problems have been fixed in version 1.15-1+deb7u1. We recommend that you upgrade your advancecomp packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlqDEx9fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeSDfg/8C5HUZH8Ak4ZDdpmhKGs28FCLtiVAXHxSaoa14b9FKS79vVxWaVIQnyJU KhwAJeP+N7/mc5y6sqnm0AUommwxP1cJtJ5bwPZHz0+ZEFRilIFct2N6q83F7zB2 gAe0a9y+ZBJzfvckp8O5bi15y0extwdKijOuOKy81BZmqZOnYHtMItxVihpsKfBu hxQjosliPrkE4kgxm/En2HYsuyrjeiYvC+At0j2vv8hdEk+NjuwjxpOb/hNDvGqE bdmFfGQYVQRvw6hSrikOexM2QpyA1U3LOTavPrjlKXWO11KUBjUkjCLq686vuBmV AEegSSIQih618yMA49g8yoxP2rUBAVdcnBAkQlSdhUuKwy4ZPnaWH4MQg5iUtPYu jZnlTakDm/kPXxRyrY6/V2h3/BUJWqJ/RedqIjN5ciOrOgEb5/wTxlQh/oTCPxD1 WV/JfZAWURS+vQUHi/irjhvdohEGTXPc7A/vMbVZWyzZDqdnj+VUd/DoIBVamH9n oZo9Np57seBEr7xzZai4/wvf1XgdF3kxxpYMczJ+mM9SO8hT88POoZ9mrxwOGgSp wOo484zKbHEYpBDSeWDpbysfa5UR1g7TLFQGX4nemTKwFtytk2lGJQ+GrcDjPv0A 3nJiMBt1eXyoedhhDqBxa3iRcGr28F3s+hCOXxiG7yivPRR1zaY= =D4vU -----END PGP SIGNATURE-----