Debian Security Advisory

DLA-1470-1 confuse -- LTS security update

Date Reported:
18 Aug 2018
Affected Packages:
Security database references:
In the Debian bugtracking system: Bug 904159.
In Mitre's CVE dictionary: CVE-2018-14447.
More information:

An out of bound read was discoverd in libConfuse, a configuration file parser library.

  • CVE-2018-14447

    An out of bound read in trim_whitespace, fixed thanks to Sebastian Roland <>.

For Debian 8 Jessie, this problem has been fixed in version 2.7-5+deb8u1.

We recommend that you upgrade your confuse packages.

Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: