blob: edc4293990e8c76f606dc7de63710d9726250d55 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
|
<define-tag description>LTS security update</define-tag>
<define-tag moreinfo>
<p>zbar, a barcode and qrcode scanner was vulnerable.</p>
<ul>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2023-40889">CVE-2023-40889</a>
<p>A heap-based buffer overflow existed
in the qr_reader_match_centers function.
Specially crafted QR codes may lead to information disclosure
and/or arbitrary code execution. To trigger this
vulnerability, an attacker can digitally input the
malicious QR code, or prepare it to be physically scanned
by the vulnerable scanner.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2023-40890">CVE-2023-40890</a>
<p>A stack overflow was present in lookup_sequence
function. Specially crafted QR codes may lead
to information disclosure and/or arbitrary code execution.
To trigger this vulnerability, an attacker can digitally input
the malicious QR code, or prepare it to be physically scanned
by the vulnerable scanner.</p></li>
</ul>
<p>For Debian 10 buster, these problems have been fixed in version
0.22-1+deb10u1.</p>
<p>We recommend that you upgrade your zbar packages.</p>
<p>For the detailed security status of zbar please refer to
its security tracker page at:
<a href="https://security-tracker.debian.org/tracker/zbar">https://security-tracker.debian.org/tracker/zbar</a></p>
<p>Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: <a href="https://wiki.debian.org/LTS">https://wiki.debian.org/LTS</a></p>
</define-tag>
# do not modify the following line
#include "$(ENGLISHDIR)/lts/security/2023/dla-3675.data"
# $Id: $
|