Bug#839827: freeimage: CVE-2016-5684

Balint Reczey balint at balintreczey.hu
Wed Oct 5 14:15:10 UTC 2016


Hi,

On Wed, 05 Oct 2016 15:07:41 +0200 Salvatore Bonaccorso
<carnil at debian.org> wrote:
> Source: freeimage
> Version: 3.17.0+ds1-2
> Severity: grave
> Tags: security upstream
> Justification: user security hole
> 
> Hi,
> 
> the following vulnerability was published for freeimage.
> 
> CVE-2016-5684[0]:
> XMP Image Handling Code Execution Vulnerability
> 
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
> 
> For further information see:
> 
> [0] https://security-tracker.debian.org/tracker/CVE-2016-5684
> 
> Please adjust the affected versions in the BTS as needed. Only sid has
> been checked source wise in this case.

Jessie and Wheezy seem to be affected as well.

Cheers,
Balint



More information about the debian-science-maintainers mailing list