Bug#839827: freeimage: CVE-2016-5684
Balint Reczey
balint at balintreczey.hu
Wed Oct 5 14:15:10 UTC 2016
Hi,
On Wed, 05 Oct 2016 15:07:41 +0200 Salvatore Bonaccorso
<carnil at debian.org> wrote:
> Source: freeimage
> Version: 3.17.0+ds1-2
> Severity: grave
> Tags: security upstream
> Justification: user security hole
>
> Hi,
>
> the following vulnerability was published for freeimage.
>
> CVE-2016-5684[0]:
> XMP Image Handling Code Execution Vulnerability
>
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
>
> For further information see:
>
> [0] https://security-tracker.debian.org/tracker/CVE-2016-5684
>
> Please adjust the affected versions in the BTS as needed. Only sid has
> been checked source wise in this case.
Jessie and Wheezy seem to be affected as well.
Cheers,
Balint
More information about the debian-science-maintainers
mailing list