A security issue fixed upstream in Hylafax+ has been announced:
The issue was fixed upstream in 5.6.1.
Debian has issued an advisory for this on September 20:
Done for mga6!
Assigning to all packagers collectively, since there is no registered maintainer for this package.
Also CC'ing some committers.
cjw, marja11, smelror
(In reply to David GEIGER from comment #1)
> Done for mga6!
Thanks, David, and sorry for having missed that (It's still early)
Assigning to you then, because there's no adivisory etc. yet.
Updated hylafax+ packages fixes security vulnerability:
Luis Merino, Markus Vervier and Eric Sesterhenn discovered that missing input
sanitising in the Hylafax fax software could potentially result in the
execution of arbitrary code via a malformed fax message (CVE-2018-17141).
Updated packages in core/updates_testing: