Back to libofx PTS page

Accepted libofx 1:0.9.4-2.1+deb7u1 (source amd64 all) into oldoldstable

To: dispatch@tracker.debian.org, debian-lts-changes@lists.debian.org
Subject: Accepted libofx 1:0.9.4-2.1+deb7u1 (source amd64 all) into oldoldstable
From: Thorsten Alteholz <debian@alteholz.de>
Date: Sun, 26 Nov 2017 15:40:22 +0000
Mail-followup-to: debian-lts@lists.debian.org
Message-id: <E1eIz2c-0002Ic-6i@seger.debian.org>
Reply-to: debian-lts@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 26 Nov 2017 16:03:02 +0200
Source: libofx
Binary: libofx4 libofx-dev libofx4-dbg libofx-doc ofx
Architecture: source amd64 all
Version: 1:0.9.4-2.1+deb7u1
Distribution: wheezy-security
Urgency: low
Maintainer: Bryan Donlan <bdonlan@gmail.com>
Changed-By: Thorsten Alteholz <debian@alteholz.de>
Description:
 libofx-dev - development package for libofx4
 libofx-doc - documentation for libofx4
 libofx4    - library to support the Open Financial Exchange format
 libofx4-dbg - debugging symbols for libofx4
 ofx        - Open Financial Exchange programs
Changes:
 libofx (1:0.9.4-2.1+deb7u1) wheezy-security; urgency=low
 .
   * Non-maintainer upload by the Wheezy LTS Team.
   * CVE-2017-2816
     An exploitable buffer overflow vulnerability exists in the tag
     parsing functionality of LibOFX 0.9.11. A specially crafted OFX
     file can cause a write out of bounds resulting in a buffer
     overflow on the stack. An attacker can construct a malicious
     OFX file to trigger this vulnerability.
   * CVE-2017-14731
     ofx_proc_file in ofx_preproc.cpp allows remote attackers to cause
     a denial of service (heap-based buffer over-read and application
     crash) via a crafted file
Checksums-Sha1:
 74d3c2fc40a4e62a679889af7f9b3bd5e6d3db6e 2274 libofx_0.9.4-2.1+deb7u1.dsc
 7370245c011ac4ea9313ba24a88c70e0eb9c317b 1263379 libofx_0.9.4.orig.tar.gz
 2d74c044856b86e052ed3dd718d9a2f11a24c25d 15542 libofx_0.9.4-2.1+deb7u1.debian.tar.gz
 ae47f97feb1d039a1698dae6517523475fefb225 188596 libofx4_0.9.4-2.1+deb7u1_amd64.deb
 e4fa58f375858cd46ca0786d05ea789e798f5c4a 157694 libofx-dev_0.9.4-2.1+deb7u1_amd64.deb
 6280539a56fe11044353fc9479c76d5bec0edc2b 657246 libofx4-dbg_0.9.4-2.1+deb7u1_amd64.deb
 30f7600061751099e46833144d0fab67e744c348 699548 libofx-doc_0.9.4-2.1+deb7u1_all.deb
 5167e8cce9a1988c1124c7cdb9ed31d6aeebf93b 65146 ofx_0.9.4-2.1+deb7u1_amd64.deb
Checksums-Sha256:
 94698c7648c679b35beff36cc0703d4a2079910e4d9d8b17eee68cda480a06da 2274 libofx_0.9.4-2.1+deb7u1.dsc
 9b30641fd5672e7a4a7fd3dd789a8a9df80039e5cc5756e28e16e8935560dbaf 1263379 libofx_0.9.4.orig.tar.gz
 764604643ccc528a2853738ea91b4f4fa6598753a69d8a7d0d003e39a3897ea7 15542 libofx_0.9.4-2.1+deb7u1.debian.tar.gz
 9e2a1709e6dc5b8ec04526b09d9ed96c015013aa3bc58b5d4bfe96c63a16d332 188596 libofx4_0.9.4-2.1+deb7u1_amd64.deb
 4b76d1c8712fe500b934a8dc8f029fdc04cd7317d715bcf9f91c6d4c2681eae8 157694 libofx-dev_0.9.4-2.1+deb7u1_amd64.deb
 010de71156082fb458f4ab82eda91b573516e07c1c7f325366550de687d0b5e8 657246 libofx4-dbg_0.9.4-2.1+deb7u1_amd64.deb
 37c02280d74b866e528af14ad49a512fd9464d9fece7b8bec4bfd7cddc5fd013 699548 libofx-doc_0.9.4-2.1+deb7u1_all.deb
 b6276111167f3322718664d2f74e9871d4a4b0740b96126abe2ebfa2f9ef81dd 65146 ofx_0.9.4-2.1+deb7u1_amd64.deb
Files:
 b65aed99d43db306b539af5a313de509 2274 libs optional libofx_0.9.4-2.1+deb7u1.dsc
 f2419bf8d01c0cff74efe7084e0a26c5 1263379 libs optional libofx_0.9.4.orig.tar.gz
 dc7f9481cdb76e84190b4735dfbf0764 15542 libs optional libofx_0.9.4-2.1+deb7u1.debian.tar.gz
 ad4395f8271ad42218ce410b643d14df 188596 libs optional libofx4_0.9.4-2.1+deb7u1_amd64.deb
 e9da23675c20a35e20bf9d36212fcb4a 157694 libdevel optional libofx-dev_0.9.4-2.1+deb7u1_amd64.deb
 9c7bf619692634cf9fba582327b8b736 657246 debug extra libofx4-dbg_0.9.4-2.1+deb7u1_amd64.deb
 57a9f106009da2d402338fbc6ffc3901 699548 doc optional libofx-doc_0.9.4-2.1+deb7u1_all.deb
 e86aa9368ecf3a225c6f8d81dc63fa94 65146 libs optional ofx_0.9.4-2.1+deb7u1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAloa23pfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh
bHRlaG9sei5kZQAKCRCW/KwNOHtYRxQRD/0eMvoOG8lh8O3bq+tUYzBFceT8da5z
QoHBUfLNkSVFi9sw+5uU49m5heu4VhCjgnWDIS/dqimJ21mCiAZuA1YSrn3FTw0G
XpqUc8XNm6wvKN/725ladwkthi5upn3hbTOvOYoYF6kYJvCGNyJaglDUJUeSYsFn
gb5x0Iotw5AtrEIFe/iRBndH8q7vP4fbP1CtbEZ39tng5ULESazyOapuYsaM0N3J
G2w4MfbHUkkLwsnvhu47MsTfGsCQZeQHKkdhjOnOrvHDdeTj+y+SD5ONhCUUPWxJ
WFoe24ZBWeo8P3E9vf/FAlWXZrhiDe8QzQML5Aqr5OtcyCpo6ZLOhBd9k8sXYFMI
5M+DeZp0UNFWOMUHpJqikruvCc+Fvx66AQMWvOHgDg/suvsavLucqfABxgwpeM10
Sl22Xayb3V/DnmjpbdNb7hAo3f9o9/TYSf6rqoyDcXoQ4plXCFRY/Tzasd+uGAnJ
OLG8BbaGsmp4+h81wl3Cm/0ZFVfclaLrjheKKveXRSoO21rKA2NlGq5lsulVMye9
7YrEtncD4z+wfhrXxLDSSW6kEjpBjJ+KQtiuEnFHPElravJPKQGavH1P1xaB7afR
Rb3eMOb6dJjrzPn+kCRIOVcktiOORNfrm82QVVRH3LIKJi8cJpPct4wCWnqZhxvy
uAqPzilYYNu2IQ==
=iex/
-----END PGP SIGNATURE-----