-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 26 Nov 2017 16:03:02 +0200 Source: libofx Binary: libofx4 libofx-dev libofx4-dbg libofx-doc ofx Architecture: source amd64 all Version: 1:0.9.4-2.1+deb7u1 Distribution: wheezy-security Urgency: low Maintainer: Bryan Donlan <bdonlan@gmail.com> Changed-By: Thorsten Alteholz <debian@alteholz.de> Description: libofx-dev - development package for libofx4 libofx-doc - documentation for libofx4 libofx4 - library to support the Open Financial Exchange format libofx4-dbg - debugging symbols for libofx4 ofx - Open Financial Exchange programs Changes: libofx (1:0.9.4-2.1+deb7u1) wheezy-security; urgency=low . * Non-maintainer upload by the Wheezy LTS Team. * CVE-2017-2816 An exploitable buffer overflow vulnerability exists in the tag parsing functionality of LibOFX 0.9.11. A specially crafted OFX file can cause a write out of bounds resulting in a buffer overflow on the stack. An attacker can construct a malicious OFX file to trigger this vulnerability. * CVE-2017-14731 ofx_proc_file in ofx_preproc.cpp allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file Checksums-Sha1: 74d3c2fc40a4e62a679889af7f9b3bd5e6d3db6e 2274 libofx_0.9.4-2.1+deb7u1.dsc 7370245c011ac4ea9313ba24a88c70e0eb9c317b 1263379 libofx_0.9.4.orig.tar.gz 2d74c044856b86e052ed3dd718d9a2f11a24c25d 15542 libofx_0.9.4-2.1+deb7u1.debian.tar.gz ae47f97feb1d039a1698dae6517523475fefb225 188596 libofx4_0.9.4-2.1+deb7u1_amd64.deb e4fa58f375858cd46ca0786d05ea789e798f5c4a 157694 libofx-dev_0.9.4-2.1+deb7u1_amd64.deb 6280539a56fe11044353fc9479c76d5bec0edc2b 657246 libofx4-dbg_0.9.4-2.1+deb7u1_amd64.deb 30f7600061751099e46833144d0fab67e744c348 699548 libofx-doc_0.9.4-2.1+deb7u1_all.deb 5167e8cce9a1988c1124c7cdb9ed31d6aeebf93b 65146 ofx_0.9.4-2.1+deb7u1_amd64.deb Checksums-Sha256: 94698c7648c679b35beff36cc0703d4a2079910e4d9d8b17eee68cda480a06da 2274 libofx_0.9.4-2.1+deb7u1.dsc 9b30641fd5672e7a4a7fd3dd789a8a9df80039e5cc5756e28e16e8935560dbaf 1263379 libofx_0.9.4.orig.tar.gz 764604643ccc528a2853738ea91b4f4fa6598753a69d8a7d0d003e39a3897ea7 15542 libofx_0.9.4-2.1+deb7u1.debian.tar.gz 9e2a1709e6dc5b8ec04526b09d9ed96c015013aa3bc58b5d4bfe96c63a16d332 188596 libofx4_0.9.4-2.1+deb7u1_amd64.deb 4b76d1c8712fe500b934a8dc8f029fdc04cd7317d715bcf9f91c6d4c2681eae8 157694 libofx-dev_0.9.4-2.1+deb7u1_amd64.deb 010de71156082fb458f4ab82eda91b573516e07c1c7f325366550de687d0b5e8 657246 libofx4-dbg_0.9.4-2.1+deb7u1_amd64.deb 37c02280d74b866e528af14ad49a512fd9464d9fece7b8bec4bfd7cddc5fd013 699548 libofx-doc_0.9.4-2.1+deb7u1_all.deb b6276111167f3322718664d2f74e9871d4a4b0740b96126abe2ebfa2f9ef81dd 65146 ofx_0.9.4-2.1+deb7u1_amd64.deb Files: b65aed99d43db306b539af5a313de509 2274 libs optional libofx_0.9.4-2.1+deb7u1.dsc f2419bf8d01c0cff74efe7084e0a26c5 1263379 libs optional libofx_0.9.4.orig.tar.gz dc7f9481cdb76e84190b4735dfbf0764 15542 libs optional libofx_0.9.4-2.1+deb7u1.debian.tar.gz ad4395f8271ad42218ce410b643d14df 188596 libs optional libofx4_0.9.4-2.1+deb7u1_amd64.deb e9da23675c20a35e20bf9d36212fcb4a 157694 libdevel optional libofx-dev_0.9.4-2.1+deb7u1_amd64.deb 9c7bf619692634cf9fba582327b8b736 657246 debug extra libofx4-dbg_0.9.4-2.1+deb7u1_amd64.deb 57a9f106009da2d402338fbc6ffc3901 699548 doc optional libofx-doc_0.9.4-2.1+deb7u1_all.deb e86aa9368ecf3a225c6f8d81dc63fa94 65146 libs optional ofx_0.9.4-2.1+deb7u1_amd64.deb -----BEGIN PGP SIGNATURE----- iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAloa23pfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh bHRlaG9sei5kZQAKCRCW/KwNOHtYRxQRD/0eMvoOG8lh8O3bq+tUYzBFceT8da5z QoHBUfLNkSVFi9sw+5uU49m5heu4VhCjgnWDIS/dqimJ21mCiAZuA1YSrn3FTw0G XpqUc8XNm6wvKN/725ladwkthi5upn3hbTOvOYoYF6kYJvCGNyJaglDUJUeSYsFn gb5x0Iotw5AtrEIFe/iRBndH8q7vP4fbP1CtbEZ39tng5ULESazyOapuYsaM0N3J G2w4MfbHUkkLwsnvhu47MsTfGsCQZeQHKkdhjOnOrvHDdeTj+y+SD5ONhCUUPWxJ WFoe24ZBWeo8P3E9vf/FAlWXZrhiDe8QzQML5Aqr5OtcyCpo6ZLOhBd9k8sXYFMI 5M+DeZp0UNFWOMUHpJqikruvCc+Fvx66AQMWvOHgDg/suvsavLucqfABxgwpeM10 Sl22Xayb3V/DnmjpbdNb7hAo3f9o9/TYSf6rqoyDcXoQ4plXCFRY/Tzasd+uGAnJ OLG8BbaGsmp4+h81wl3Cm/0ZFVfclaLrjheKKveXRSoO21rKA2NlGq5lsulVMye9 7YrEtncD4z+wfhrXxLDSSW6kEjpBjJ+KQtiuEnFHPElravJPKQGavH1P1xaB7afR Rb3eMOb6dJjrzPn+kCRIOVcktiOORNfrm82QVVRH3LIKJi8cJpPct4wCWnqZhxvy uAqPzilYYNu2IQ== =iex/ -----END PGP SIGNATURE-----
