Univention Bugzilla – Bug 47855
hylafax: Multiple issues (4.2)
Last modified: 2018-09-26 13:41:49 CEST
New Debian hylafax 3:6.0.6-6+deb8u1 fixes: This update addresses the following issue: * A missing input sanitising in the Hylafax fax software could potentially result in the execution of arbitrary code via a malformed fax message (CVE-2018-17141)
--- mirror/ftp/4.2/unmaintained/4.2-0/source/hylafax_6.0.6-6.dsc +++ apt/ucs_4.2-0-errata4.2-5/source/hylafax_6.0.6-6+deb8u1.dsc @@ -1,3 +1,10 @@ +3:6.0.6-6+deb8u1 [Sat, 22 Sep 2018 19:03:02 +0200] Thorsten Alteholz <debian@alteholz.de>: + + * Non-maintainer upload by the LTS Team. + * CVE-2018-17141 + Fix to prevent senders from setting JPEG and MH/MR/MMR/JBIG + formats in the same DCS signal. + 3:6.0.6-6 [Thu, 04 Dec 2014 22:47:58 +0100] Giuseppe Sacco <eppesuig@debian.org>: * Don't remove files managed by dpkg when purging package. <http://10.200.17.11/4.2-5/#4188496749033548587>
OK: yaml OK: announce_errata OK: patch FAIL: piuparts [4.2-5] 76ef6eca6f Bug #47855: hylafax_3:6.0.6-6+deb8u1 doc/errata/staging/hylafax.yaml | 14 ++++++++++++++ 1 file changed, 14 insertions(+)
<http://errata.software-univention.de/ucs/4.2/518.html>