-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 20 Jun 2017 20:03:02 +0200 Source: swftools Binary: swftools Architecture: source amd64 Version: 0.9.2+ds1-3+deb7u1 Distribution: wheezy-security Urgency: high Maintainer: Christian Welzel <gawain@camlann.de> Changed-By: Thorsten Alteholz <debian@alteholz.de> Description: swftools - Collection of utilities for SWF file manipulation/creation Changes: swftools (0.9.2+ds1-3+deb7u1) wheezy-security; urgency=high . * Non-maintainer upload by the Wheezy LTS Team. * CVE-2017-8400 In SWFTools 0.9.2, an out-of-bounds write of heap data can occur in the function png_load() in lib/png.c:755. This issue can be triggered by a malformed PNG file that is mishandled by png2swf. Attackers could exploit this issue for DoS; it might cause arbitrary code execution. * CVE-2017-8401 In SWFTools 0.9.2, an out-of-bounds read of heap data can occur in the function png_load() in lib/png.c:724. This issue can be triggered by a malformed PNG file that is mishandled by png2swf. Attackers could exploit this issue for DoS. Checksums-Sha1: d0720f16299a050e77fd8646b75233b5fcd71f58 2053 swftools_0.9.2+ds1-3+deb7u1.dsc 4474510026a487f25327667e6163333087cb920c 2327165 swftools_0.9.2+ds1.orig.tar.gz 4a675ccab86915dacd4f18c071a58b0147f2c10d 14475 swftools_0.9.2+ds1-3+deb7u1.debian.tar.gz 8dcafdb0b9028b9ee295ffb9892d61aba9be0583 2283656 swftools_0.9.2+ds1-3+deb7u1_amd64.deb Checksums-Sha256: 9847d02fae24533497c11e4d74664b72d3515180e5d6d2903784258f78b4d08a 2053 swftools_0.9.2+ds1-3+deb7u1.dsc 3dd56f6843bad43098d3fdfc291c46fe6853c3038a1d1eaaac798d09aea1f985 2327165 swftools_0.9.2+ds1.orig.tar.gz fc80f7bc742474527c7d7824d6e6aaa9d28f99b6b31eebea1d8a57804d68345a 14475 swftools_0.9.2+ds1-3+deb7u1.debian.tar.gz 923fac535a620fd76fd78109d5234edaf0d297481ca19d9522c5df1669cf3246 2283656 swftools_0.9.2+ds1-3+deb7u1_amd64.deb Files: 9de8016c054856a861942ee3599e4aed 2053 utils extra swftools_0.9.2+ds1-3+deb7u1.dsc 04a04e44b37e86ce9009cd3e23d557c0 2327165 utils extra swftools_0.9.2+ds1.orig.tar.gz d67c3bb3e93454c288f1b90b180d6397 14475 utils extra swftools_0.9.2+ds1-3+deb7u1.debian.tar.gz e36fa0455a0a2ba1e93bec87930fb07f 2283656 utils extra swftools_0.9.2+ds1-3+deb7u1_amd64.deb -----BEGIN PGP SIGNATURE----- iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAllJaHhfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh bHRlaG9sei5kZQAKCRCW/KwNOHtYR/HLEACMq30x+o7xRVfpc9SEYQLtux2PwCKW yClpILY17kqqnZEOhzV2EZ55tBv8coCetSLpqJ1aqmydqgr4MnQj4h0soi1HbY86 iYuEjJ0b1FOSJDGKvA78mg78Ls3QDbmvf2jvDDb+c7mg6WzTqLNAC4/T3SJ003Zc taDLSvpVupRukJe7BLEQp7l9m8ic5Zry5b+7yEeHtSpoInZQ/RTfRcSJ9o4zREoW RUk6KtDEcd6SJAwbduUGPpzDlzBdKRQ6sWzvxJu5/Ut08Z0mhOPOnq5CQo0MwHr2 jI3Ur0I92wwEwm0sak+3av63PyOGroDwscQsdIViFwkDB25w9Ney1xuc9+PAp3mT CsrZKf96i9mix0WUl+jUVEtXQQJUsmcIh6RHhw1hZoMxKLciOErxqROcraaC8zeu u3k/2WKxi3NJUt9aXgE+8VvUGSoIgJOyJf/DOa/Zyy8lhq8EkpUibrJ1PvrZoGTJ b4fcKcqGnCzGQxJTKFR5qEdUu12CBRFA4WcTDBUeCAnBEtkzg0EJpTBsk9CSXi61 Q1fE8H+E0GgQ/B4IYPZj7SeRtZf7X6Gp4lsb5kHgT4Zv3mg5IcauA3e9dQqTVo9N NHH6yz3uliUOThkiAj5IhtjqDV8lutPRKSifMLNODuRijn7kUsFzLxsAjaU1bY9c mR14D7OlY+kPfQ== =iTnf -----END PGP SIGNATURE-----
