Source: partclone Version: 0.2.73-2 Severity: important Tags: upstream security Forwarded: https://github.com/Thomas-Tsai/partclone/issues/91
Hi, the following vulnerability was published for partclone. CVE-2017-6596[0]: | partclone.chkimg in partclone 0.2.89 is prone to a heap-based buffer | overflow vulnerability due to insufficient validation of the partclone | image header. An attacker may be able to launch a 'Denial of Service | attack' in the context of the user running the affected application. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-6596 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6596 [1] https://github.com/Thomas-Tsai/partclone/issues/91 [2] https://github.com/insidej/Partclone_HeapOverFlow/blob/master/README.md Regards, Salvatore
