-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4026-1 security@xxxxxxxxxx https://www.debian.org/security/ Sebastien Delafond November 09, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : bchunk CVE ID : CVE-2017-15953 CVE-2017-15954 CVE-2017-15955 Debian Bug : 880116 Wen Bin discovered that bchunk, an application that converts a CD image in bin/cue format into a set of iso and cdr/wav tracks files, did not properly check its input. This would allow malicious users to crash the application or potentially execute arbitrary code. For the oldstable distribution (jessie), these problems have been fixed in version 1.2.0-12+deb8u1. For the stable distribution (stretch), these problems have been fixed in version 1.2.0-12+deb9u1. We recommend that you upgrade your bchunk packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@xxxxxxxxxxxxxxxx -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEAqSkbVtrXP4xJMh3EL6Jg/PVnWQFAloEk+wACgkQEL6Jg/PV nWQThAf+O/cqMInKkiwqZ72TdQiADpZgta7ZKCA8gmLMIUwgirZhZxoJAY2AIebR M/QPVlBzyo/W5jxbzZD/YO4ZlbKF/X5opiBW+2oXxnPH92zDSDSYrZ1tCzLBwLZT GzsVdUx+p8AQX0W1NBaX49RG6jyrMA+LwsdwCLAlyvdQsCYASrG0QheFpOHtE6Fh Oe6MbaG3iepNWZl0qEdTQfPO8yEYP6hQ9eUo2dUAnEUyhLvuRPNCtPutS/EhB715 awMvJ4hKQ9g5WaEeZPf5DlLbdpcBY+oVQPe8wrSh+qHnuMGMrtTUwlD/xxrt5uoJ gWxJK6iTJqHS731J1oECJxiQum/MBw== =pVF7 -----END PGP SIGNATURE-----