tags 786785 + pending thanks On Monday 25 May 2015 17:00:43 Salvatore Bonaccorso wrote: > the following vulnerability was published for exactimage. > > CVE-2015-3885[0]: > | Integer overflow in the ljpeg_start function in dcraw 7.00 and earlier > | allows remote attackers to cause a denial of service (crash) via a > | crafted image, which triggers a buffer overflow, related to the len > | variable. > > If you fix the vulnerability please also make sure to include the > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. > > For further information see: > > [0] https://security-tracker.debian.org/tracker/CVE-2015-3885 > [1] http://www.ocert.org/advisories/ocert-2015-006.html
Thanks a lot for your report and the references. The fix for unstable will be
uploaded in some minutes.
Kind regards,
Sven
signature.asc
Description: This is a digitally signed message part.
