-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4083-1 security@xxxxxxxxxx https://www.debian.org/security/ Sebastien Delafond January 11, 2018 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : poco CVE ID : CVE-2017-1000472 Stephan Zeisberg discovered that poco, a collection of open source C++ class libraries, did not correctly validate file paths in ZIP archives. An attacker could leverage this flaw to create or overwrite arbitrary files. For the oldstable distribution (jessie), this problem has been fixed in version 1.3.6p1-5+deb8u1. For the stable distribution (stretch), this problem has been fixed in version 1.7.6+dfsg1-5+deb9u1. We recommend that you upgrade your poco packages. For the detailed security status of poco please refer to its security tracker page at: https://security-tracker.debian.org/tracker/poco Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@xxxxxxxxxxxxxxxx -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEAqSkbVtrXP4xJMh3EL6Jg/PVnWQFAlpXJZkACgkQEL6Jg/PV nWQSAAgAyZdKxW5ach7bfDAW9JiPHMAMW5Z32DFgmcEqfmYhFbTa9I3nF6yABjiJ QTF2eSwmPDua6QzozOI4OGAFfO0aJ4DH70pEuj1B0Ea5CItiMeZXXFiquL6sdjud OJTt1Iwh5eKRW0iOenQw24QU4Zd6r254MpIYtppdHfVYF45/E08KcTh78yTEpB5a XR4L23oVQOonytc0GASV/mogfce5bPRMvaGMONQo3d66Dfe5grFFUfO9yrhT47G1 r3eIsMvPWHp6tiCToiZ4nc2/z+o8rp/oBP+y9imvHrZXpsdEjl9DOM0miBrqmzZ6 NOSk3Dywnxm+JPwxJNNf/fm7zbYALw== =cZI8 -----END PGP SIGNATURE-----
