-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4132-1 security@xxxxxxxxxx https://www.debian.org/security/ Moritz Muehlenhoff March 04, 2018 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libvpx CVE ID : CVE-2017-13194 It was discovered that incorrect validation of frame widths in the libvpx multimedia library may result in denial of service and potentially the execution of arbitrary code. For the oldstable distribution (jessie), this problem has been fixed in version 1.3.0-3+deb8u1. For the stable distribution (stretch), this problem has been fixed in version 1.6.1-3+deb9u1. We recommend that you upgrade your libvpx packages. For the detailed security status of libvpx please refer to its security tracker page at: https://security-tracker.debian.org/tracker/libvpx Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@xxxxxxxxxxxxxxxx -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlqbwwsACgkQEMKTtsN8 TjZXBw/9HXl3uu+Xi+IJHMHaFFssdPWmTIwjhCvEzHjbA4mpPwkoINxXUMjrMvoP ZCfNsPsJ5X1Asde4Yv7tofClgpz55ruVPpgNbo9DJG9m6bx3KMtjD31f4fU3YJUI 0jK/drWM4+Yw5Vm0ptnQ8qDjTsmkc6YQuk+2ewf+laTBL1Gn7DDpqbNr3EqnKoYe nUmJ/YOhI/ZmJc1o+g2iidfJFnOovPmMZKr+tp28KwjWgLlSYURYtAGeDAicfltC C+Pyf6PMsMd4u/N3pH+G3ky4XRITdQRkB8J1bvbn8kwDnBMkE8uIhlLOUYkVtE4A bR67Q7IVIxEPwjdpoKx/aDNnEIsAHiZgcPTwffRPONEk1GGHTffylXCmNTzvFzeZ QzkLukEyUrxvI7BIs7aGAeZd/aGsChBFdc0/AwnFywQ3bWO/pyBk+we6TKNRTzuD f9o9KB998wMvwQv63seWq/BKmkaQn/i+1i6DKnXvo58qT1oy4CNcGZTThKqOvl8C KUG7/fmLFkDASIh7WSdZwDAcXWqW82S68hY8s2U6IwAqSI0ist5CIbLcUHA4Wdv7 9S1rbEWZ01Ul3BmkDd6hcYxve3kgZUHodLK6KoOaXWqsB3GUHF5SavC7lBEOhjkO pwQmiSZDBZ2E2oO7WpRlVNEHgO/OExyqXRhxhpJA+X7jbPdwDhk= =MHSJ -----END PGP SIGNATURE-----