Re: testing jasper for Wheezy LTS
On 23/04/17 13:16, Thorsten Alteholz wrote: > Hi everybody, > > I uploaded version 1.900.1-13+deb7u6 of jasper to: > > https://people.debian.org/~alteholz/packages/wheezy-lts/jasper/amd64/ > > Please give it a try and tell me about any problems you met. If you use jasper > for your own projects, I would be also interested whether you can still build > it > with that new version. Gave this a quick try with some jp2 files I found, using eog (uses jasper through gdk-pixbuf I think) and gimp (uses jasper directly), and all seems fine. I didn't try building anything that uses jasper, but that should be fine unless you changed the API, which I hope you didn't? Cheers, Emilio
testing Mysql 5.5.55 for LTS
On 24/04/17 07:41, Lars Tangvald wrote: > Hi, > > The debian/wheezy branch should now be updated. Thanks Lars. Test packages for amd64 are available at https://people.debian.org/~pochu/lts/mysql/ I did some smoke testing, but we have to wait for the jessie update, so if someone wants to give this some more testing that'd be nice. Thanks, Emilio
[SECURITY] [DLA 914-1] minicom security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Package: minicom Version: 2.6.1-1+deb7u1 CVE ID : CVE-2017-7467 Debian Bug : 860940 CVE-2017-7467 Out of bounds write in vt100.c For Debian 7 "Wheezy", these problems have been fixed in version 2.6.1-1+deb7u1. We recommend that you upgrade your minicom packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iQJ8BAEBCgBmBQJY/lcGXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5 NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHx/gQALxL4Gm408JVwI65MG4dXqyo QPiqyvye+5rbub6thBnwJsm+9fDtWCd3fQ+6tDfLg6awF8fpPsONy0/X1l4NGlxU VrPQ84TOXDy46HhfRHbv6H4CZYSC37udGpjIZzbYOc1Pf7HLHtVLs0ujey7L55Jp GAFgjSetUgc4/mSQ1NAtpv/KdKwpxNZpELGE/yP3pinRRa50TVJQDc4JzXOELwNW zyN/k15ue78YRt1Nbt9VBaWsJi/a0IQKYkoa3YCMueYe6sFuPFIXzBJ/KXn/mUhR 6y7jFEvq5VrCX+S01J9y0IsabRfx82bkwLUwuhrwnRyydWeEb7cMAsL22CoA0vct OQZHEi9lLuAwbeq/C7nITN1dR9wxXTkhwS9XB4s+DPdggqibIyVJ0IVUIIHd9NQo qIN0kft23UukPaamojshg20Qtoh04ozpb0TePlE9Gl9Z2OUiDYtlaljrMs8SZVEU DqcEOOkUttfsKy58hJSBKj1oTryhWDNlypclTeuXgF7rd3SV2KXak9E4M5vgFLxE LEQNufK4XH+B0ftMNEm/p9ift3v9hy6fFksUhE5qcndPZdmkDAfgX1nOxpuYncjn 4627rSj3XnMsBEpxaxYR8I7n7+PkjaLMlohj2dR83tKo7Sh8HCdVvvRfWevU4m7y VeILoBJsnNuQWcCfQhpq =HG8p -END PGP SIGNATURE-
[SECURITY] [DLA 912-1] tiff3 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Package: tiff3 Version: 3.9.6-11+deb7u5 CVE ID : CVE-2017-7593 CVE-2017-7594 CVE-2017-7595 CVE-2017-7596 CVE-2017-7597 CVE-2017-7599 CVE-2017-7600 CVE-2017-7601 Debian Bug : 86 860001 860003 Multiple security issues have been found in the tiff3 image library that may allow remote attackers to cause a denial of service (application crash), to obtain sensitive information from process memory or possibly have unspecified other impact via a crafted image. For Debian 7 "Wheezy", these problems have been fixed in version 3.9.6-11+deb7u5. We recommend that you upgrade your tiff3 packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlj+V8lfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeREbg//VvROHo5UpciB0T63LsYQRj6t8EzU+FKBH7JgMAGskwL6PJ4JuK+lV6aJ E+kCve+7rF0nHAu+psRJdhUukfr8MIEXkdDPvxZkLPOTioImKdqvKwg6d8TDUGZ3 4NiRyW/Luk2TyZ/c/Bo3n+J4wwxwVU3Aywt+xxQnrHAqorhmCePnV8+Y0CN6eA6v dY9YZVhpjqIHi2VfA4TXKllgpr7coJJGEgFGDo9P541hUh1R6qBME8vJRxpapb4B jbC4pqGDkla0BFSbuScbgFXPvb7U1H/FN6HLcKCiqNup/PegrVkGYHHOOWm8tMfk NT2oS4g5W5HBrHmEfwgt6/DGX2cNpsp9XZdlUtJoTCDvO/8BsCTMKAAwTHHqNO+3 YkyKXkOl0uKybH0WcPY5326PXoEzwrSrdg8TygMG9dFlUSB0So2CpWTLfe2gbnJe hL/RMTXWgyJIG03RIZSyLlAVeAdR9bC3bZQQGhCMqVkIAm+poMhpGdxmuO3I/vez PNcy29vjsI9ru/WEgu6URmgHzceBacFvQfLM/9CGXiZQAu0Ew7a237g+6o1fUjGI gE2Y2yvZ/tIxVMAEuE+Aq3f95NInwEVfgs/5Wzv3zf5i89u7P/iFDcZugXg5bfFB C6aGDYWnFYtngy/Q2HSCWVoK0PYWA+nIvTsy8Wo3K6iFV5rN+c0= =LNgT -END PGP SIGNATURE-
Accepted tiff3 3.9.6-11+deb7u5 (source amd64) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 24 Apr 2017 12:26:42 +0200 Source: tiff3 Binary: libtiff4 libtiffxx0c2 libtiff4-dev Architecture: source amd64 Version: 3.9.6-11+deb7u5 Distribution: wheezy-security Urgency: high Maintainer: Jay BerkenbiltChanged-By: Markus Koschany Description: libtiff4 - Tag Image File Format (TIFF) library (old version) libtiff4-dev - Tag Image File Format (TIFF) library (old version), development f libtiffxx0c2 - Tag Image File Format (TIFF) library (old version) -- C++ interfa Changes: tiff3 (3.9.6-11+deb7u5) wheezy-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix the following security vulnerabilities: * CVE-2017-7593: tif_read.c in LibTIFF does not ensure that tif_rawdata is properly initialized, which might allow remote attackers to obtain sensitive information from process memory via a crafted image. * CVE-2017-7594: The OJPEGReadHeaderInfoSecTablesDcTable function in tif_ojpeg.c in LibTIFF allows remote attackers to cause a denial of service (memory leak) via a crafted image. * CVE-2017-7595: The JPEGSetupEncode function in tiff_jpeg.c in LibTIFF allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image. * CVE-2017-7596, CVE-2017-7597, CVE-2017-7599, CVE-2017-7600: LibTIFF has an "outside the range of representable values of type float" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. * CVE-2017-7601: LibTIFF has a "shift exponent too large for 64-bit type long" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. Checksums-Sha1: b7b334223df9f555df978f5a6b47301f812068f8 2111 tiff3_3.9.6-11+deb7u5.dsc e2cb10b379114e3aa7bed43e372b2f4d051527b6 50286 tiff3_3.9.6-11+deb7u5.debian.tar.gz a1fcd58f99bce4429d09c65bec903571816aaec2 204946 libtiff4_3.9.6-11+deb7u5_amd64.deb 2c32a7cb21bec4d700b54166c5838e3634b5b386 64718 libtiffxx0c2_3.9.6-11+deb7u5_amd64.deb 19a0837a2949e020a892c4dcd2de2bab3469aa85 341276 libtiff4-dev_3.9.6-11+deb7u5_amd64.deb Checksums-Sha256: 60402a42a47b5a086042976902637e37f1150d427538b8d8c613178a1ab2f69b 2111 tiff3_3.9.6-11+deb7u5.dsc 99843ed8e2de9cf367fd0893a0deae211cd291012bc69ac9c24a6fbc8645c090 50286 tiff3_3.9.6-11+deb7u5.debian.tar.gz 55a698f4223db86cd9cfc138e2063472e7a698f4712f9dad6ca5f74b76a022b4 204946 libtiff4_3.9.6-11+deb7u5_amd64.deb 8f5a76da556dcfb414f539ca3ec1f682430e93e80f8a3491005ff15a2dc4cae8 64718 libtiffxx0c2_3.9.6-11+deb7u5_amd64.deb f3dba7fdfb113d2b23010c1c27f4730c866109a2f205a4fb8d009444311753cc 341276 libtiff4-dev_3.9.6-11+deb7u5_amd64.deb Files: 900de34c678e55ff70219251d503ba93 2111 oldlibs optional tiff3_3.9.6-11+deb7u5.dsc 427f7d68a6b2be975354b683742a4aec 50286 oldlibs optional tiff3_3.9.6-11+deb7u5.debian.tar.gz 6e58289850226601dc1c8bce31b7124d 204946 oldlibs optional libtiff4_3.9.6-11+deb7u5_amd64.deb e41c206400d1211be5ffdc58cad131d3 64718 oldlibs optional libtiffxx0c2_3.9.6-11+deb7u5_amd64.deb 77f787059799b7eab08adf4d3d8b38a7 341276 libdevel optional libtiff4-dev_3.9.6-11+deb7u5_amd64.deb -BEGIN PGP SIGNATURE- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlj91c9fFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkdK8P+QENYJCrQKwbsBYjB0uQZFAd055uoKwZp3Ea EbAKKbNCqpKsmiAjiaZVRdSSonE8u4y0qSWBADHJtPvsI2PWJYtwq5bmVoFagpne GgNOvQtQN6+dgibFzkMXS/75GsJUSNSqkQgEfxaAaEqLko/3tW5WfYSeklxtSUxy RPkLn3j/SexApt8mBltLThFmU3JntKZxRwArvTCEqd1lsr7kBaZUfAhfnZaqY+pT tsheObHHbqtDf7B/lSLmBGWCdmiN2O/LCnJLP9VrNNmC4JiyJ2bYL54Jm1ruXkl9 /8WGmxmz77LxsMfyzEr/gG1T5GIq+7/wFtFnQSQl47Ei2X+BoAJfHMEKj1kWyOEe 7j3kJef3JSbmEiKF2aUjTmDaHwnfOu7Yuc9iUewhODtS2geTeSSYAf4gKCqaDpQu 2TjC/qq9yY92duLmy/4iHRHoLjQCYmLbb5izUP4hXYCCIyib1a2QFib1xP7hG+OZ TRm3hrJd7VcL59mE35CfLkYW07U0LWnaO84pG37PV7WRZB70xs4posR6nwomJFXP Jg0nybWhLra5W3A2RgKJ1yLtQh6QnWplG6VuQdMsEhh5v8bK+IWabTJBN+v+FztW AJrkzIr2KB/6M9xOzDU3fp9aGHel9CLGyeTaS441oETF1SdIZYNKOel72eY41wfn qAM589ay =LNsX -END PGP SIGNATURE-
Accepted activemq 5.6.0+dfsg-1+deb7u3 (source all) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 24 Apr 2017 12:50:21 +0200 Source: activemq Binary: libactivemq-java libactivemq-java-doc activemq Architecture: source all Version: 5.6.0+dfsg-1+deb7u3 Distribution: wheezy-security Urgency: high Maintainer: Debian Java MaintainersChanged-By: Markus Koschany Description: activemq - Java message broker - server libactivemq-java - Java message broker core libraries libactivemq-java-doc - Java message broker core libraries - documentation Changes: activemq (5.6.0+dfsg-1+deb7u3) wheezy-security; urgency=high . * Team upload. * Fix CVE-2015-7559. DoS in activemq-core via shutdown command. Checksums-Sha1: f922e53d37583385925a58f7bb69a49fea2f17a9 3503 activemq_5.6.0+dfsg-1+deb7u3.dsc ac5a64b18e223d4de3f852caae40a80e7d276df1 43691 activemq_5.6.0+dfsg-1+deb7u3.debian.tar.gz cf92f843ef327497d160b3a74203893990c9b5d0 4012526 libactivemq-java_5.6.0+dfsg-1+deb7u3_all.deb c69be5dd28242dee046d44115b8b9a21e7505eed 9222544 libactivemq-java-doc_5.6.0+dfsg-1+deb7u3_all.deb cf80e36632a38b2fa9a89128447650d4804dd5f5 53604 activemq_5.6.0+dfsg-1+deb7u3_all.deb Checksums-Sha256: 361c302e3534881fed6d2533f1656d5d90aae11aa735bc7782b2c27da214ae74 3503 activemq_5.6.0+dfsg-1+deb7u3.dsc f070b6d22b107b7ccb9bd43d4e1de1bce96322197793616d87f316be6555d647 43691 activemq_5.6.0+dfsg-1+deb7u3.debian.tar.gz 0633e758d324299a349f67e4c62cad00f4bf8374d7e69d149de2f13a92b34c62 4012526 libactivemq-java_5.6.0+dfsg-1+deb7u3_all.deb 506cb31e225b04b79d1d4525664e18466a71d30739f556f160a3e050120fc76c 9222544 libactivemq-java-doc_5.6.0+dfsg-1+deb7u3_all.deb 35b5fccf4a7b77fba196f22e60ce2ea4439fbd9ad3650da0f10f394a9e1ce37a 53604 activemq_5.6.0+dfsg-1+deb7u3_all.deb Files: 14bc0902f64b313261d6169447d22cab 3503 java optional activemq_5.6.0+dfsg-1+deb7u3.dsc 17f4e38acf24b44f294f116f0319fbe1 43691 java optional activemq_5.6.0+dfsg-1+deb7u3.debian.tar.gz 930765153d429777a0589c07a5733973 4012526 java optional libactivemq-java_5.6.0+dfsg-1+deb7u3_all.deb 599b4b84e1d8dd3be7d4680b72d21303 9222544 doc optional libactivemq-java-doc_5.6.0+dfsg-1+deb7u3_all.deb f522ec157491a5169073b052b3227308 53604 java optional activemq_5.6.0+dfsg-1+deb7u3_all.deb -BEGIN PGP SIGNATURE- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlj95CZfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HklEEP/AhLOOyFX/NMxJaNCy6/RO8kQAAiYuI5CZ1S ds1KguWDKYle+iWtc6rdJJNISKa86Hkji3cDbFkkst0hwjhadrEnLEYDkQ9Lr7wQ yKM9ZH6dL3QhS9gTdd8+/WeSUGkFLX54eLII5ZMA2Qbe2peXmW4XehQVRy9KTCzR thRAMB+rPCP9UyZ6ywKLktvIWsS0QCT5CMEeMegj9/giFIdm8NBFq0UyOPOQZCM7 XRxFYSJSTGnW4OO4rcEeclBbWTaK/QRZvSnAuvwpoxOf2mb14UMkmeHHQON9mXrS nn7sOUwl4dSmNsDTbelapnVvUGUyNz7ybHlejofOxxsyEsiy2Sz0sdHlbHjnE09L lOz89TBjxsmrEaYcr/WhdmDZFddxkSCmcShSsXmXoLy8Gbc4jSeBgAFFqLCZC2xj +w/9Ri+9SllIAc41p1CATs5uLCwtFF/iX1ArFWLFEEPMYa0Dn/C22m5RbvuD8oT2 kl4b2WeWee6z4fHAqZzBcoD+NNO3+HVgWfpikbz0brm7nk3jNSJWcYC7DsvcicT1 dBfOgJamoVH5IKM17qQDq0mwtYfiVjQj5XTP76iivM/mEIDqrz73ra3Au+Uq2Jyh zq58qOu+jh9RuOs0K5vwFJtTwgiPy+ZUou+fL4IfTRZlXet9ls/Jw02KwJB/ZNPj 5xkmO3f7 =MTQN -END PGP SIGNATURE-
Re: Wheezy update of wireshark?
On 2017-02-18 15:31:07, Moritz Mühlenhoff wrote: > On Sat, Feb 18, 2017 at 01:22:19AM +0100, Bálint Réczey wrote: >> Were there any reason for handling the last CVE very quickly? I can >> catch up with the changes in Jessie. > > No. It's totally harmless, for jessie let's also line this one up in > git for the next Wireshark advisory round. Hi, I assume this is the status for the more recent Wireshark vulnerabilities jessie and wheezy are exposed to? https://security-tracker.debian.org/tracker/source-package/wireshark Bálint: I noticed you performed the last LTS update as well - should we just wait for you to perform this one as well? Thanks for the followup! A. -- Les plus beaux chants sont les chants de revendications Le vers doit faire l'amour dans la tête des populations. À l'école de la poésie, on n'apprend pas: on se bat! - Léo Ferré, "Préface"
[SECURITY] [DLA 911-1] tiff security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Package: tiff Version: 4.0.2-6+deb7u12 CVE ID : CVE-2017-7592 CVE-2017-7593 CVE-2017-7594 CVE-2017-7595 CVE-2017-7596 CVE-2017-7597 CVE-2017-7598 CVE-2017-7599 CVE-2017-7600 CVE-2017-7601 CVE-2017-7602 Debian Bug : 859998 86 860001 860003 Multiple security issues have been found in the tiff image library that may allow remote attackers to cause a denial of service (application crash), to obtain sensitive information from process memory or possibly have unspecified other impact via a crafted image For Debian 7 "Wheezy", these problems have been fixed in version 4.0.2-6+deb7u12. We recommend that you upgrade your tiff packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlj9xaRfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeRVbQ//ZT13rLFzY44u1eUqzD1k3YT//fc10Raja94mVwl8iMz0atfJR52FOE+l 8jR03R7Q6HblNOPLyD/rx2jEcd+1XrkOFIgY68R5biACMDBMIeIKzPc3bU4CSPFG qRp3BmJjHWRD/NEp7rXB/wmuti1y4s121H+44Uxw0faVF+x6+jwWE1X37kVwB9lF Vl+PydCHsxSks/SQFmQrrugXG07ZU7mt7aMCW+apqQvARggbp7Y+3fKnZivT8sKQ +BkjgL1/MrXDirfKUNyXF1IlJa0ah1piymxDpucL+thgYB2P05JxXZf65WgMsKh0 HcBfR9DQvV4+QFC92dU7znG81y5uPnTkBmKvqlT6bVlh+uVYd4zxrQLgBPnD0R6L VVAer4biHnUhXoZcVduWOu986s3sBlxKA5TDdFRgG4iwAzCtdcZ/fYcAIKCh6V9v AmwFVTO6igtz56BI1BqtoCT6ZZLrwO8b1zCGpSTxObYTFn53njmpI1A7ohb41EtB qvxs8jnyzE/MMQQuNXDXoMCmITB9PFbDdLRORCBpVJ6VEbVVB1v9W5QxH+IoWYpT l+TB8UobiPp7CboIwMmugUqs7Q02StSLKb8m2E0I7E3nz8rFUDuy+ru3rqh+qSya UojQOB3MCRgOw1Uko51QlHhXIKrEFKc1rsLt9fVzOPL3PSJfVMA= =tQI3 -END PGP SIGNATURE-
Accepted tiff 4.0.2-6+deb7u12 (source all amd64) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 24 Apr 2017 09:53:51 +0200 Source: tiff Binary: libtiff5 libtiffxx5 libtiff5-dev libtiff5-alt-dev libtiff-tools libtiff-opengl libtiff-doc Architecture: source all amd64 Version: 4.0.2-6+deb7u12 Distribution: wheezy-security Urgency: high Maintainer: Ondřej SurýChanged-By: Markus Koschany Description: libtiff-doc - TIFF manipulation and conversion documentation libtiff-opengl - TIFF manipulation and conversion tools libtiff-tools - TIFF manipulation and conversion tools libtiff5 - Tag Image File Format (TIFF) library libtiff5-alt-dev - Tag Image File Format library (TIFF), alternative development fil libtiff5-dev - Tag Image File Format library (TIFF), development files libtiffxx5 - Tag Image File Format (TIFF) library -- C++ interface Changes: tiff (4.0.2-6+deb7u12) wheezy-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix the following security vulnerabilities: * CVE-2017-7592: The putagreytile function in tif_getimage.c has a left-shift undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. * CVE-2017-7593: tif_read.c in LibTIFF does not ensure that tif_rawdata is properly initialized, which might allow remote attackers to obtain sensitive information from process memory via a crafted image. * CVE-2017-7594: The OJPEGReadHeaderInfoSecTablesDcTable function in tif_ojpeg.c in LibTIFF allows remote attackers to cause a denial of service (memory leak) via a crafted image. * CVE-2017-7595: The JPEGSetupEncode function in tiff_jpeg.c in LibTIFF allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image. * CVE-2017-7596, CVE-2017-7597, CVE-2017-7599, CVE-2017-7600: LibTIFF has an "outside the range of representable values of type float" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. * CVE-2017-7598: tif_dirread.c in LibTIFF might allow remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image. * CVE-2017-7601: LibTIFF has a "shift exponent too large for 64-bit type long" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. * CVE-2017-7602: LibTIFF has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. Checksums-Sha1: fc1de67c973f54cfb0a737e90227ce2f89fbff7b 2361 tiff_4.0.2-6+deb7u12.dsc c761c86c25b555bb55e35f358ddd6919666e7ee4 76595 tiff_4.0.2-6+deb7u12.debian.tar.gz f865fc713d3e50fee3a3742b9abdb2e123c1b97d 416894 libtiff-doc_4.0.2-6+deb7u12_all.deb cba95a625de104c967a7e4a6b9495b3686a35921 239096 libtiff5_4.0.2-6+deb7u12_amd64.deb b29cdc286cc432c88eadb9d5402d74d13aa3ffe2 76738 libtiffxx5_4.0.2-6+deb7u12_amd64.deb ceda49a5fd175e2adf65a05b00228d9b476b19c1 382932 libtiff5-dev_4.0.2-6+deb7u12_amd64.deb 1d14e1ce25754c0892de50b12f24cda739ac08b9 303230 libtiff5-alt-dev_4.0.2-6+deb7u12_amd64.deb db9ed81e19eb52820e7bedb77aa124010ef566e3 309040 libtiff-tools_4.0.2-6+deb7u12_amd64.deb 145dbc99fcbf6520d72ab9bb78ad2d39728d5f07 82246 libtiff-opengl_4.0.2-6+deb7u12_amd64.deb Checksums-Sha256: 6681c0a125d3e8b358cabff07303c73c451bd7c8b2648b0f2e14bf1c8b214eb2 2361 tiff_4.0.2-6+deb7u12.dsc 22bb072badd4005c14dcd4592d244612e1f328266d8a239c545ea0c31f1d399c 76595 tiff_4.0.2-6+deb7u12.debian.tar.gz 2bc783caeb7a84e5b891cfb0828f9ec990f655265a288238b25f27426b215ecb 416894 libtiff-doc_4.0.2-6+deb7u12_all.deb d47e7a312861f8dd22eacd87b04a6ce6c4eb40e4aba48102b883212414289e67 239096 libtiff5_4.0.2-6+deb7u12_amd64.deb 0d7488a515bbfc06be66f7e3caf83385d84053b8f72694dc10a8f6c507998861 76738 libtiffxx5_4.0.2-6+deb7u12_amd64.deb 9ffba0f864d64113e3f2d841a216cbe3903e1bffe99d229184221bb3a97803c0 382932 libtiff5-dev_4.0.2-6+deb7u12_amd64.deb b7564fed8f33dd1bd6b51034d8dba1147e9a462efce50af2c4371584c6cadf23 303230 libtiff5-alt-dev_4.0.2-6+deb7u12_amd64.deb 077bb8d3dcf4d825f171194dab637adfeb083ee09e61265bbb47a89ec33821a1 309040 libtiff-tools_4.0.2-6+deb7u12_amd64.deb 3296859c0df5f31cd6be2bd23d1fedd2688b33f02515722b995acc09e81fb7ed 82246 libtiff-opengl_4.0.2-6+deb7u12_amd64.deb Files: 03bdd9c7a366ec912f80f6f06dafadc5 2361 libs optional tiff_4.0.2-6+deb7u12.dsc 86908af95730793f3c737de6d18cb3b4 76595 libs optional tiff_4.0.2-6+deb7u12.debian.tar.gz 5c36a8f57ec79d21188b82f5e7d70db2 416894 doc optional
Re: Wheezy update of batik?
Hi Just for information. I based my conclusion on that the package is affected by a statement from security team that all versions from 1.0 are affected. // Ola On 23 April 2017 at 23:06, Emilio Pozuelo Monfortwrote: > On 23/04/17 21:50, Ola Lundqvist wrote: > > Dear maintainer(s), > > > > The Debian LTS team would like to fix the security issues which are > > currently open in the Wheezy version of batik: > > https://security-tracker.debian.org/tracker/CVE-2017-5662 > > FWIW I investigated this a bit and there doesn't seem to be any details > other > than what is in the advisory: i.e. I couldn't find the commit that fixes > this > (looking at the svn repository) or an upstream bug report. I found a > security-related one, reported by Lars Krapf (as mentioned in the > oss-security > mail) but that seemed different than CVE-2017-5662 and much older (see > [1]). > > Also our 1.8 and the upstream 1.9 tarballs have different layouts so it's > hard > to compare them. > > Cheers, > Emilio > > [1] https://issues.apache.org/jira/browse/BATIK-1139 > -- --- Inguza Technology AB --- MSc in Information Technology / o...@inguza.comFolkebogatan 26\ | o...@debian.org 654 68 KARLSTAD| | http://inguza.com/Mobile: +46 (0)70-332 1551 | \ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 / ---
Re: Mysql 5.5.55
Hi, The debian/wheezy branch should now be updated. -- Lars On 04/23/2017 02:12 PM, Emilio Pozuelo Monfort wrote: Hi Lars, I see that you already started preparing MySQL 5.5.55 for wheezy in https://urldefense.proofpoint.com/v2/url?u=https-3A__anonscm.debian.org_cgit_pkg-2Dmysql_mysql-2D5.5.git_log_-3Fh-3Ddebian_wheezy=DwIDaQ=RoP1YumCXCgaWHvlZYR8PQcxBKCX5YTpkKY057SbK10=HPjEzLhETPj8fl9HCxxISaaV3f5tXDpGXDR3R2IELxg=OXZ-mPBOb1aDtu253RZDNLexhCUPtUx0S1P4-y-d_VQ=JjozhmBLoLkqpEOObpOLd2XZDxVhtGaHIahsbPfqLbA= If you want I can upload the package and send the announcement. Just let me know when you're done with the update (at least I think the changelog needs to be updated). Cheers, Emilio