[SECURITY] [DLA 2050-1] php5 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Package: php5 Version: 5.6.40+dfsg-0+deb8u8 CVE ID : CVE-2019-11045 CVE-2019-11046 CVE-2019-11047 CVE-2019-11050 Several security bugs have been identified and fixed in php5, a server-side, HTML-embedded scripting language. The affected components include the exif module and handling of filenames with \0 embedded. For Debian 8 "Jessie", these problems have been fixed in version 5.6.40+dfsg-0+deb8u8. We recommend that you upgrade your php5 packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAl4JLPBfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7 WEdvGg/+LCvb4lL6rl2mi3BG2RucYt9kDWFGJmavBcx6+yRTQAkXWg7rg4pQ73Pd 0SM7lXx+vu13IfoKoRdbe7y1iBwRo6gcbYewNwI3sSUCo4sRph2iRTka8KJ4M7RC RU12Zkhrk4lBWatn+YJC4/z1jCEnPgWuDkBmDwd6uVBKsttLP41k75Bpn+uvekxf aBFen+tCkP786KvG33jkeC1AakeiNRNjI6UvweqiArOiNm58yyKNDMaX7M/ugkg4 lshzGegItgBHd/qJpacFQxDON4eC4/D1RrjJDS/4SAfcHuid8iz6NVbnvk6MkzU1 xAnumUiZNs6FQBYurxdEOWPXXYnWmVtD/XOtG+HYAR3iPDyxyVvda4cQGUsi2B4w dF27zjUvykHWk3BmOj1QqG6VL8uCJ5YXKcgihuvpq56kF7TCR3qADD9O69NgPnQS Paa/XMxJsi+qAX1tdF/7waXhdxUysX3mVjWzRoS16CBpk9OfAI3t9jgm+TBsH6hW 9fy52dJpHtfBJVbKA5yRAPza3sZvN23MS+A/LIre8cNEHEX4cS3UPjDqWjZtBjz0 JLjs9C46ioVdkZr5cmM+f0KU1FvXIzpTa6AnvU4ovIuxMr6pLaoE4l0JUKwYxLVa nm4x8pOHZSseX0EBh1PCj5W6gAxHHFonZMUaY2A9d952jzXQppE= =Pkwu -END PGP SIGNATURE-
[SECURITY] [DLA 2049-1] imagemagick security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Package: imagemagick Version: 8:6.8.9.9-5+deb8u19 CVE ID : CVE-2019-19948 CVE-2019-19949 Debian Bug : 947309 947308 Multiple vulnerabilities have been found in imagemagick, an image processing toolkit. CVE-2019-19948 Heap-buffer-overflow in WriteSGIImage (coders/sgi.c) caused by insufficient validation of row and column sizes. This vulnerability might be leveraged by remote attackers to cause denial of service or any other unspecified impact via crafted image data. CVE-2019-19949 Heap-based buffer over-read (off-by-one) in WritePNGImage (coders/png.c) caused by missing length check prior pointer dereference. This vulnerability might be leveraged by remote attackers to cause denial of service via crafted image data. For Debian 8 "Jessie", these problems have been fixed in version 8:6.8.9.9-5+deb8u19. We recommend that you upgrade your imagemagick packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQGzBAEBCgAdFiEEeDb9QWtkMa2LX4zREeMFjl5EGkIFAl4InAcACgkQEeMFjl5E GkJrbAv/eWOqkyABBeozgLK0wt5ckcRkkFus8h1mAxM+a+isfUF19gM6sBqIB1AW R/HZFcyavNm1CKzkbjUAT7ACP4Y32M4gK1MBsWK0TqSQYiGVxVwcSMPRa+GGbhgl c9+Bdv4/ntYvikhkbrxbJ4DkqrpUfz6bsWTKKSsUoQ//ntlY/Yv8QqwjOLpLVQ5H sHrv8qC5NcAnuRn3ae9v5epSxlLe8H6v1CEDu/yoYT5j7k0YEMoYV4MK74GdPdXp qXryn+Hgm0dKgsucFRJRMHKqnElu0E3hP2peMJt2a3oVwEF6wnvrDBHMFN/49eG+ HVgbsfRGto8qAiHqORRW/6ms2/BaynE9HDYl12XMaC/A1qv8xLKCB0rg1BUtJkHC xBChp+EPpzHg3DfDJFznR3Zg8i3UrT29znxkOym+jO/ta6BiKJt/BL8mMJgJZWYg zO7BpFu1/zeIazB2+SxHB7ZZfhr2mnlh6Th/yP8Vohlw7+FffYEC50uSJQT3xX6v QdGdVwKL =5vMR -END PGP SIGNATURE-