-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2962-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff June 17, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : nspr CVE ID : CVE-2014-1545 Abhiskek Arya discovered an out of bounds write in the cvt_t() function of the NetScape Portable Runtime Library which could result in the execution of arbitrary code. For the stable distribution (wheezy), this problem has been fixed in version 2:4.9.2-1+deb7u2. For the unstable distribution (sid), this problem has been fixed in version 2:4.10.6-1. We recommend that you upgrade your nspr packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJToJcCAAoJEBDCk7bDfE42gyAP/1/0gNDyGRoG1Ad+RQT/YB5B U5jhZgmJ6QP9vCFQW37SX/lxqsfH5W9HdfbSP8WjV+AIHIzniEMR/Tn2pGhx05q6 miIAHVXqu/HeAJXdF1hhdAzBIEg0ZWAlH6aLLEMmUELAUVgxaCSF54T+1GY+h8+G 8YOeHgSmgvdXaU52TM5knxMT5dDn2eLRsiYfe0hpun82L9OMhA5aokZgnwtngs82 21AnD2mQK9UdpGseFNRI81kD4P116RtI/oOMXDmCE5+sQu0OiHhpe75tuNxKR3wE 1Mr59bFYC05tor8DAjFcOSNuKfyg267QNcVy5U2QBlt9Xuw3l00Wv5kIRUMF9+ga As4FLxFO62PAcjVAaeMP53N66GGTysYKWJiPoqYE4ZeRgvwQiFyo3U9Yk5IaR5ZN QQM0r3mroS3Hbk8xi8+K/WTCpIKq9Xi41zPMfK3iwkjanKleID6c51dcDz186sUz ivMRVEywenMMM3eUdAI2/BdHQ+fzhGfP6kJaKJCTHzBCnarsYzrtpn4MRcs8vDM4 0/Bj0bGio6bNw9d3ftbTtEEh1Pqp5+MA/m457vCcPoWPcpkz16QfPxr4hIf9OP0y 9qhh8zdVa9ZYluMlNOkqAtaIUQTt3z6wxSl1+lI4yZTCDYwtA9jOvgeZE1FIFqMD jwxqafzk9WSpqKWpFrMd =rot/ -----END PGP SIGNATURE-----