Debian 9859 Published by

Updated libmspack packages has been released for Debian GNU/Linux 8 LTS



Package : libmspack
Version : 0.5-1+deb8u3
CVE ID : CVE-2018-18584 CVE-2018-18585


CVE-2018-18584
Fixing the size of the CAB block input buffer, which is too small
for the maximal Quantum block, prevents an out-of-bounds write.

CVE-2018-18585
Blank filenames (having length zero or their 1st or 2nd byte is
null) should be rejected.


For Debian 8 "Jessie", these problems have been fixed in version
0.5-1+deb8u3.

We recommend that you upgrade your libmspack packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

  Libmspack Security Update for Debian 8