[SECURITY] [DLA 636-2] firefox-esr regression update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: firefox-esr Version: 45.4.0esr-1~deb7u2 The update of firefox-esr to 45.4.0esr-1~deb7u1 caused build failure on armel and armhf architectures. For Debian 7 "Wheezy", these problems have been fixed in version 45.4.0esr-1~deb7u2. We recommend that you upgrade your firefox-esr packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBCAAGBQJX7pm5AAoJEPZk0la0aRp9ZS4P/1QFwUfLRX0QIRDEcFM070KO ttG4mYVawuKqIKyoIZoPazRAXt124+eHFnNK1AONdRp7YfX/t0u0pz9LZLdK8yS3 cQWe9Fit1phbtcwjYrLHuK4pHbSwpN9763g6iLwAMdELQ3BJvrjdRDBlo+eWavvf u0sxQG4UeLYtLCiTsppccv2uvX57LAs2lK64CCe/G3T2UA0FGcnKSuHOyrK+2zxQ pAzEN9VYZ4Gqzk8W0HwUxdb3h1mlc9SUp3Y3PA2AuiuYY3elTor/X1fYrDQNEgqj rB9SDu15YfCAdY6cqhsoV9QIr8SU8ze2M/fvZetY5FRc6cyAl/6nJlcQIxcr7G7B GJU/ZYt3wWjVG8RpzPwTzb7GSfKe0phsQuOCOB88pawqbYCqG7mn6LjNk1Oukkmk /4YDn1w9vgU95ksTXV1Q0C9mSQU7GYQkK4kHoQLHura3vex+GyWvXEDWqnB0VZQx qA8aOf2Vt52Rfks/cKMhoZQarTgbMIg6F8U4K06N6ruWVcFL19MifIGU1G6VBEUm hS9LZwwmU1XX0vIXUKVdgI8cpd1jUXPiAzq53Qr5fxDtVgc0NUvQ5JYI221oChmZ +O5pHSqVpb1LLkvYkFMW6BFbPoC2+pRKxebhYreTtLC6cU8t7NdwwzyYqJxj3UhE w8D+l5whW5qGSbI7X/SG =MoG/ -END PGP SIGNATURE-
[SECURITY] [DLA 643-1] chicken security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: chicken Version: 4.7.0-1+deb7u1 CVE ID : CVE-2016-6830 CVE-2016-6831 Multiple vulnerabilities have been found in the CHICKEN Scheme compiler: CVE-2016-6830 Buffer overrun in CHICKEN Scheme's "process-execute" and "process-spawn" procedures from the posix unit CVE-2016-6831 Memory leak in CHICKEN Scheme's process-execute and process-spawn procedures For Debian 7 "Wheezy", these problems have been fixed in version 4.7.0-1+deb7u1. We recommend that you upgrade your chicken packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBCAAGBQJX7pmBAAoJEPZk0la0aRp94LAP/i8dZ62I/fM/MnbJVjyhyWEb e2FmsHO6CFYP5KaR/hXQv8oKpssTlabLAQzJcbgN9RJbqZ7SpWmaFBXINIWxsCEB qJeCG8bLQs8qrKP/9JYbQxsr4TMvq31yk5i0AFTkELTcKdWi+ORa+1+5mmzBCh7g azlaONXKxTtKDzQ6hk4Cb8tihbJVZQ2S/8BHVn+EcSlUJBOe05lonuT8Nb/rCSer dQ3ZRtgqyVUd7hqR8eZu7Nms+2cxcjjSGfBPM3FnT0uajY9piwBD3lJtH99a7t96 zf/b3sFEvIkNie4I0otharywzcrXZU22MjVw6DT3PJxFdUDbfvsMLH+D0ezBdS28 DFTQ53tsLoby/LW7IEj8y18fYVZ276N0UCtDCbquv7HQa3JE8DbAZUDojlNu1WNI Fe/r8LW1v4ddA64VOg3aqxKDxZjLq7yv3aLxOf/QejSmP7EOxmrIcZ0q0SkAhaGt S0liJcAACY7RLxd2VCbWHPd75tNkbuQ8oYLEsGKeuXhgrpEyhV2C1zEvixaY5hom +Vp16GZROhT8PpsR/YB6wo0UQ55YWhOW4AzMYk5sZwpJrKDfjISPl+48RQUjq4Xc XUAru0HNx866VbzhTpuhur3XluaaHwUrll4m817xatRs9vcrl7KuIjPRGSeuYsPa Jlf08vQEUMEN6+eXQ/1f =9BJF -END PGP SIGNATURE-
[SECURITY] [DLA 641-1] ruby-activesupport-3.2 security update
Package: ruby-activesupport-3.2 Version: 3.2_3.2.6-6+deb7u3 CVE ID : CVE-2016-0753 Active Support in Ruby on Rails 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 supports the use of instance-level writers for class accessors, which allows remote attackers to bypass intended validation steps via crafted parameters. For Debian 7 "Wheezy", these problems have been fixed in version 3.2_3.2.6-6+deb7u3. We recommend that you upgrade your ruby-activesupport-3.2 packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS signature.asc Description: PGP signature