Henrique de Moraes Holschuh uploaded new packages for iucode-tool which
fixed the following security problems:
CVE-2017-0357
iucode-tool v1.4 to v2.1 is vulnerable to a heap buffer overflow in
the -tr (recovery) loader. Using specially-crafted data files and a
specially crafted command line, it might be possible to leverage this
heap buffer overflow to cause heap corruption, which might allow an
attacker to run arbitrary code.
For the jessie-backports distribution the problem has been fixed in
version 2.1.1-1~bpo8+1.
For the wheezy-backports distribution, no fix is necessary.
For users building directly from the git repository, all
debian/release/* branches have been updated with fixed versions where
necessary.
Henrique Holschuh