[Pkg-gtkpod-devel] Bug#851196: libplist: CVE-2017-5209
Salvatore Bonaccorso
carnil at debian.org
Thu Jan 12 21:10:44 UTC 2017
Source: libplist
Version: 1.12-3.1
Severity: important
Tags: security upstream patch
Forwarded: https://github.com/libimobiledevice/libplist/issues/84
Hi,
the following vulnerability was published for libplist.
CVE-2017-5209[0]:
| The base64decode function in base64.c in libimobiledevice libplist
| through 1.12 allows attackers to obtain sensitive information from
| process memory or cause a denial of service (buffer over-read) via
| split encoded Apple Property List data.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-5209
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5209
[1] https://github.com/libimobiledevice/libplist/issues/84
[2] https://github.com/libimobiledevice/libplist/commit/3a55ddd3c4c11ce75a86afbefd085d8d397ff957
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
More information about the Pkg-gtkpod-devel
mailing list