blob: 2652aafd807701064979d755ccbc2675909ba66e (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
|
<define-tag description>LTS security update</define-tag>
<define-tag moreinfo>
<p>Michele Spagnuolo, of Google Security Team, and Miroslav Lichvar, of
Red Hat, discovered two issues in flac, a library handling Free
Lossless Audio Codec media: by providing a specially crafted FLAC
file, an attacker could execute arbitrary code.</p>
<ul>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2014-8962">CVE-2014-8962</a>
<p>Heap-based buffer overflow in stream_decoder.c, allowing
remote attackers to execute arbitrary code via a specially
crafted .flac file.</p> </li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2014-9028">CVE-2014-9028</a>
<p>Stack-based buffer overflow in stream_decoder.c, allowing
remote attackers to execute arbitrary code via a specially
crafted .flac file.</p></li>
</ul>
<p>For Debian 6 <q>Squeeze</q>, these issues have been fixed in flac version 1.2.1-2+deb6u1</p>
</define-tag>
# do not modify the following line
#include "$(ENGLISHDIR)/lts/security/2014/dla-99.data"
# $Id$
|
