1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 2916-1] libmms security update

    From Moritz Muehlenhoff@1:229/2 to All on Mon Apr 28 18:50:03 2014
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-2916-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff
    April 28, 2014 http://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : libmms
    CVE ID : CVE-2014-2892

    Alex Chapman discovered that a buffer overflow in processing "MMS over
    HTTP" messages could result in the execution of arbitrary code.

    For the oldstable distribution (squeeze), this problem has been fixed in version 0.6-1+squeeze2.

    For the stable distribution (wheezy), this problem has been fixed in
    version 0.6.2-3+deb7u1.

    For the unstable distribution (sid), this problem has been fixed in
    version 0.6.2-4.

    We recommend that you upgrade your libmms packages.

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: http://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1

    iQIcBAEBAgAGBQJTXoWvAAoJEBDCk7bDfE424hkP/jUv5rBxjQmzJPaqqfzLAvDz Zz98k1lw5+BoXBlWF8OiabNm7oVJYGbJOPwFMwJXnOWNvY3g8PvSn332mefXnyqC y2cMnyLR3OBMe7XM3dQZbKveyVhq7a1lrig002+Leihihcomlq/1BE+F3mrTpix0 nbWMW1kliXG/c2IpHprJNOdNMGZaA4+wtHrBIvpmJ5B3zw48YSKpq3TvuvsLdYr8 BzKzdcF0nHQ7oRpSKnpuk4IEj0cWKLkt8oo+9LCQS0UwW3vGg0sx5rqZpbGIOLyz a88fDOJGTE8EnNz5svuYNGcK1Rp6ovGS0e7OFt12NEjdZuGF96n7bIoonx4qO5Uz 4SChgNqC8pCpCqMbBfn79wpkSVijak7MYpb4IaHtTPRm2bzftj4tikms0HUZmkZ7 apXa0t+3dFqMCNWJRRitu4q3XAjahANhAUtfeec6kYkVhMxM5hz5IZqOy+VmkvJr cX71dH9oRV6mzyMyPUGG6gYtxGwcCB0fcdISx6P0yERCrcIU8+yndOKaS6vu6eQR VoiKkPmYFrM67DmkCGttXS91m1flTGgSz1u6228Z/tnE7BNWKQuGsiAGnjF7tY9v ndcgJ2kQw+hkS+KLaqZX0iLw70vqOke96djlxGU81a16Z9us+3sh1SbE55Qm0pZe 1apUKqp4U8tlwdHwiRZ8
    =ESif
    -----END PGP SIGNATURE-----


    --
    To UNSUBSCRIBE, email to [email protected]
    with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/[email protected]

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)
  • From Francesco Silvestri@1:229/2 to All on Mon Apr 28 19:20:03 2014
    XPost: linux.debian.security
    From: [email protected]

    -----Original Message-----
    From: Moritz Muehlenhoff <[email protected]>
    Date: Mon, 28 Apr 2014 18:47:14
    To: <[email protected]>
    Reply-To: [email protected]
    Subject: [SECURITY] [DSA 2916-1] libmms security update

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-2916-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff
    April 28, 2014 http://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : libmms
    CVE ID : CVE-2014-2892

    Alex Chapman discovered that a buffer overflow in processing "MMS over
    HTTP" messages could result in the execution of arbitrary code.

    For the oldstable distribution (squeeze), this problem has been fixed in version 0.6-1+squeeze2.

    For the stable distribution (wheezy), this problem has been fixed in
    version 0.6.2-3+deb7u1.

    For the unstable distribution (sid), this problem has been fixed in
    version 0.6.2-4.

    We recommend that you upgrade your libmms packages.

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: http://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1

    iQIcBAEBAgAGBQJTXoWvAAoJEBDCk7bDfE424hkP/jUv5rBxjQmzJPaqqfzLAvDz Zz98k1lw5+BoXBlWF8OiabNm7oVJYGbJOPwFMwJXnOWNvY3g8PvSn332mefXnyqC y2cMnyLR3OBMe7XM3dQZbKveyVhq7a1lrig002+Leihihcomlq/1BE+F3mrTpix0 nbWMW1kliXG/c2IpHprJNOdNMGZaA4+wtHrBIvpmJ5B3zw48YSKpq3TvuvsLdYr8 BzKzdcF0nHQ7oRpSKnpuk4IEj0cWKLkt8oo+9LCQS0UwW3vGg0sx5rqZpbGIOLyz a88fDOJGTE8EnNz5svuYNGcK1Rp6ovGS0e7OFt12NEjdZuGF96n7bIoonx4qO5Uz 4SChgNqC8pCpCqMbBfn79wpkSVijak7MYpb4IaHtTPRm2bzftj4tikms0HUZmkZ7 apXa0t+3dFqMCNWJRRitu4q3XAjahANhAUtfeec6kYkVhMxM5hz5IZqOy+VmkvJr cX71dH9oRV6mzyMyPUGG6gYtxGwcCB0fcdISx6P0yERCrcIU8+yndOKaS6vu6eQR VoiKkPmYFrM67DmkCGttXS91m1flTGgSz1u6228Z/tnE7BNWKQuGsiAGnjF7tY9v ndcgJ2kQw+hkS+KLaqZX0iLw70vqOke96djlxGU81a16Z9us+3sh1SbE55Qm0pZe 1apUKqp4U8tlwdHwiRZ8
    =ESif
    -----END PGP SIGNATURE-----


    --
    To UNSUBSCRIBE, email to [email protected]
    with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/[email protected]


    --
    This e-mail (including attachments) is intended only for the recipient(s) named above. It may contain confidential or privileged information and
    should not be read, copied or otherwise used by any other person. If you
    are not the named recipient, please contact the sender and delete the
    e-mail from your system. Rif. L. D. 196/2003.

    Le informazioni, i dati e le notizie contenute nella presente comunicazione
    e i relativi allegati sono di natura privata e come tali possono essere riservate e sono, comunque, destinate esclusivamente ai destinatari
    indicati in epigrafe. La diffusione, distribuzione e/o la copia del
    documento trasmesso da parte di qualsiasi soggetto diverso dal destinatario
    � proibita, sia ai sensi dell'art. 616 c.p., sia ai sensi del