Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecNots] [SECURITY] [DSA 4083-1] poco security update

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 4083-1] poco security update


Chronologisch Thread 
  • From: Sebastien Delafond <seb AT debian.org>
  • To: debian-security-announce AT lists.debian.org
  • Subject: [IT-SecNots] [SECURITY] [DSA 4083-1] poco security update
  • Date: Thu, 11 Jan 2018 08:51:53 +0000
  • List-archive: https://lists.debian.org/msgid-search/E1eZYaX-0007Mn-8K AT seger.debian.org
  • List-id: <debian-security-announce.lists.debian.org>
  • List-url: <http://lists.debian.org/debian-security-announce/>
  • Old-return-path: <seb AT seger.debian.org>
  • Priority: urgent
  • Resent-date: Thu, 11 Jan 2018 08:52:12 +0000 (UTC)
  • Resent-from: debian-security-announce AT lists.debian.org
  • Resent-message-id: <Fmd0K_rMMIP.A.f4G.7WyVaB@bendel>
  • Resent-sender: debian-security-announce-request AT lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4083-1 security AT debian.org
https://www.debian.org/security/ Sebastien Delafond
January 11, 2018 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : poco
CVE ID : CVE-2017-1000472

Stephan Zeisberg discovered that poco, a collection of open source C++
class libraries, did not correctly validate file paths in ZIP
archives. An attacker could leverage this flaw to create or overwrite
arbitrary files.

For the oldstable distribution (jessie), this problem has been fixed
in version 1.3.6p1-5+deb8u1.

For the stable distribution (stretch), this problem has been fixed in
version 1.7.6+dfsg1-5+deb9u1.

We recommend that you upgrade your poco packages.

For the detailed security status of poco please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/poco

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEEAqSkbVtrXP4xJMh3EL6Jg/PVnWQFAlpXJZkACgkQEL6Jg/PV
nWQSAAgAyZdKxW5ach7bfDAW9JiPHMAMW5Z32DFgmcEqfmYhFbTa9I3nF6yABjiJ
QTF2eSwmPDua6QzozOI4OGAFfO0aJ4DH70pEuj1B0Ea5CItiMeZXXFiquL6sdjud
OJTt1Iwh5eKRW0iOenQw24QU4Zd6r254MpIYtppdHfVYF45/E08KcTh78yTEpB5a
XR4L23oVQOonytc0GASV/mogfce5bPRMvaGMONQo3d66Dfe5grFFUfO9yrhT47G1
r3eIsMvPWHp6tiCToiZ4nc2/z+o8rp/oBP+y9imvHrZXpsdEjl9DOM0miBrqmzZ6
NOSk3Dywnxm+JPwxJNNf/fm7zbYALw==
=cZI8
-----END PGP SIGNATURE-----



  • [IT-SecNots] [SECURITY] [DSA 4083-1] poco security update, Sebastien Delafond, 11.01.2018

Archiv bereitgestellt durch MHonArc 2.6.19.

Seitenanfang