Debian 10230 Published by

The following updates has been released for Debian GNU/Linux 8 LTS:

DLA 1686-1: freedink-dfarc security update
DLA 1687-1: sox security update



DLA 1686-1: freedink-dfarc security update




Package : freedink-dfarc
Version : 3.12-1+deb8u1
CVE ID : CVE-2018-0496

Sylvain Beucler and Dan Walma discovered several directory traversal
issues in DFArc, a frontend and extensions manager for the Dink
Smallwood game, allowing an attacker to overwrite arbitrary files on
the user's system.

For Debian 8 "Jessie", this problem has been fixed in version
3.12-1+deb8u1.

We recommend that you upgrade your freedink-dfarc packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


DLA 1687-1: sox security update




Package : sox
Version : 14.4.1-5+deb8u1
CVE ID : CVE-2014-8145
Debian Bug : 773720

Mike Salvatore discovered that the fixes for these heap-based buffer
overflows had not been properly applied in the Debian package.

For Debian 8 "Jessie", this problem has been fixed in version
14.4.1-5+deb8u1.

We recommend that you upgrade your sox packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS