From:
[email protected]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- ------------------------------------------------------------------------- Debian Security Advisory DSA-4083-1
[email protected] https://www.debian.org/security/ Sebastien Delafond January 11, 2018
https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : poco
CVE ID : CVE-2017-1000472
Stephan Zeisberg discovered that poco, a collection of open source C++
class libraries, did not correctly validate file paths in ZIP
archives. An attacker could leverage this flaw to create or overwrite
arbitrary files.
For the oldstable distribution (jessie), this problem has been fixed
in version 1.3.6p1-5+deb8u1.
For the stable distribution (stretch), this problem has been fixed in
version 1.7.6+dfsg1-5+deb9u1.
We recommend that you upgrade your poco packages.
For the detailed security status of poco please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/poco
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at:
https://www.debian.org/security/
Mailing list:
[email protected]
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCgAdFiEEAqSkbVtrXP4xJMh3EL6Jg/PVnWQFAlpXJZkACgkQEL6Jg/PV nWQSAAgAyZdKxW5ach7bfDAW9JiPHMAMW5Z32DFgmcEqfmYhFbTa9I3nF6yABjiJ QTF2eSwmPDua6QzozOI4OGAFfO0aJ4DH70pEuj1B0Ea5CItiMeZXXFiquL6sdjud OJTt1Iwh5eKRW0iOenQw24QU4Zd6r254MpIYtppdHfVYF45/E08KcTh78yTEpB5a XR4L23oVQOonytc0GASV/mogfce5bPRMvaGMONQo3d66Dfe5grFFUfO9yrhT47G1 r3eIsMvPWHp6tiCToiZ4nc2/z+o8rp/oBP+y9imvHrZXpsdEjl9DOM0miBrqmzZ6 NOSk3Dywnxm+JPwxJNNf/fm7zbYALw==
=cZI8
-----END PGP SIGNATURE-----
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)