-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 02 Mar 2019 21:00:50 +0100 Source: advancecomp Binary: advancecomp Architecture: source amd64 Version: 1.19-1+deb8u1 Distribution: jessie-security Urgency: high Maintainer: Piotr Ożarowski <piotr@debian.org> Changed-By: Markus Koschany <apo@debian.org> Description: advancecomp - collection of recompression utilities Changes: advancecomp (1.19-1+deb8u1) jessie-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix CVE-2018-1056: Joonun Jang discovered that the advzip tool in advancecomp, a collection of recompression utilities, was prone to a heap-based buffer overflow. This might allow an attacker to cause a denial-of-service (application crash) or other unspecified impact via a crafted file. * The png_compress function in pngex.cc in advpng has an integer overflow upon encountering an invalid PNG size, which results in another heap based buffer overflow. * Backport two upstream commits to address more buffer overflows. Checksums-Sha1: 73bb2c116475020954ce86e8614f0e83e7a45851 1949 advancecomp_1.19-1+deb8u1.dsc 894c2db01c9fff40257f929496621bdcea77748b 1193228 advancecomp_1.19.orig.tar.gz 078feb34f7683f1c2d01c0dbeee1239ff7d4056d 5072 advancecomp_1.19-1+deb8u1.debian.tar.xz 82b2c84937f7f56473342b10681a9744078b463e 162492 advancecomp_1.19-1+deb8u1_amd64.deb Checksums-Sha256: 8e50bfdab39a3c9c8ee968ac51d63017fddbdacfc64845daf16203aa20d43889 1949 advancecomp_1.19-1+deb8u1.dsc d594c50c3da356aa961f75b00e958a4ed1e142c6530b42926092e46419af3047 1193228 advancecomp_1.19.orig.tar.gz fe89252f7e38842b8e6a8e444254353251f100874a12f41c37e26d0c28b754f1 5072 advancecomp_1.19-1+deb8u1.debian.tar.xz 977c3ef04883507f238b5ee264c643fbf852c37a860ce3b9e6ceed9ea3647a2c 162492 advancecomp_1.19-1+deb8u1_amd64.deb Files: a2c4a32f1bcc10857803b7ec2d2c52ce 1949 utils optional advancecomp_1.19-1+deb8u1.dsc 371548ce4cc38cb452c20414cbd8c4fe 1193228 utils optional advancecomp_1.19.orig.tar.gz 1e8bb01c660ec0aaef372065a3ef3073 5072 utils optional advancecomp_1.19-1+deb8u1.debian.tar.xz 74eb531dae1ab1305c941ede27e6c1ff 162492 utils optional advancecomp_1.19-1+deb8u1_amd64.deb -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlx68ChfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1Hk3VwP/0EGBUsNFv/0WzvVK1NQDYQ8s6fHHKPgLBxr O9nlyTHqh52zR0G0ZVLl9scCOu5dLU9LjfX0FDzrWMjC5EbK3qx6mjDhGBTlIc8l KmQu/kj1Co+NHZTrY5eopMEjI2geRHedhMeCeSvX56RIgnwF1h2lkaQJP5uZi/Hd X/56k8tlrPo5b8Rx4JrD5B315R1c4ciD0z3gzF7f47NLrAskO8zZkTGk6Ftwp7WQ XC5WZet4uxM0dOVWcrhSvvlo0pq00wN/9SHDv+rvW01NCX/10Cb7UCuT3VGKfAqD qx8COA7wNQmuiAcKYTn5oE1afm7INdBw4OD41xacTT1mz1nZyAfTd0NNn1QxwQNC +VV7jvqdhpVMOblbQ1obRWurtuJFHwaLF01D42X8vO0dY8kOfnq4GnxsZKLJYtxl Bu06vIec+0fDZ54OIHpNm2Uk/Ye6kGLiTJ8dzGiRsVmX0qqI0MjQ9fa3LtUJI+6B ZmaPpg4Zgz43MCKX625nZP32oJlr61mJq6h1zUcjOckfQMIsug8/5PwU/2oyIPHk 0sbfgb+EGOcw49Wl8HZEF6ufJFLNIlTT55oeBIZgqHVRfQ63jc1lUDtzQBHTVVd+ u4Fh6T6DrAlsQyqc12HLiBVwIorN/u8FFKeNogqVdoxNtX7YP9Z1qDRtb6/b5OkV n1jI1AUL =BMla -----END PGP SIGNATURE-----
