[Pkg-gtkpod-devel] Bug#858787: libplist: CVE-2017-6437
Salvatore Bonaccorso
carnil at debian.org
Sun Mar 26 19:38:20 UTC 2017
Source: libplist
Version: 1.12+git+1+e37ca00-0.1
Severity: important
Forwarded: https://github.com/libimobiledevice/libplist/issues/100
Hi,
the following vulnerability was published for libplist.
CVE-2017-6437[0]:
| The base64encode function in base64.c in libimobiledevice libplist
| 1.12 allows local users to cause a denial of service (out-of-bounds
| read) via a crafted plist file.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-6437
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6437
[1] https://github.com/libimobiledevice/libplist/issues/100
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
More information about the Pkg-gtkpod-devel
mailing list