[SECURITY] [DLA 2492-1] openssl security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-2492-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort December 14, 2020 https://wiki.debian.org/LTS - - Package: openssl Version: 1.1.0l-1~deb9u2 CVE ID : CVE-2020-1971 David Benjamin discovered a flaw in the GENERAL_NAME_cmp() function which could cause a NULL dereference, resulting in denial of service. For Debian 9 stretch, this problem has been fixed in version 1.1.0l-1~deb9u2. We recommend that you upgrade your openssl packages. For the detailed security status of openssl please refer to its security tracker page at: https://security-tracker.debian.org/tracker/openssl Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAl/XKcIACgkQnUbEiOQ2 gwLSzQ/9E5zulPuTtiJy9a8wFLV7MqUjYlDEK1UM5CLh3nS2xRhe45pL1jdVkPoa SOSY262SO3tsGtrf+py4u/wYLK/JHL85g4vZFqCId+BLAa2HhoGAIR++x+tSq9A5 k7LLWfvfFiCgPLsbOLiZlUe2sgUFl3UjW3tJ4tjP02Cj0gjlEQpOG5qbul/lThCP GBOhsO55lljyrY+bBmWIlpF/PNzXxu5b/4dYetlTG0ZklS1RO46sHmLkrZst+Lab B30c9mKKOd9sCoaNA7rMMgbJP8vJOmZGdOyJxLjVKo1z6BcEXYjhyYt9LamtWImt 8+9v0QKLUWQNW76u2cy9itd5sqA5rqUfzkv9zBix6bJswytNVCU45KLvQ7Y4M9Qq xF2LKzMPNbrv1gK5KTwVjamLa3nXPvtKGM6ZvopONwVyFgiBNXzGsLmd7v9u2YRU qqbFPt7Elzc/MDQSSM+dROWJfATjALDBh1g7pEeNqQRtK/ZRAkZdMO4YG38rG43L 8rmozg3XKzHASCCVO561kGtbyjFHjgCAmlPVJqu+0mwTM0W/mI09qSsUCSSYkvct 7HMHsTO7UwHEuTGTs2qNWoC1z78MB0P/Wrwdt7do7bBv/Epm4a6rz3N/QR/qeIIt NS3ihsh8hxBeh+Xo/Yf3J1B1pkWc44ZC6inf/gKR5ihj55cCKyc= =vciH -END PGP SIGNATURE-
[SECURITY] [DLA 2486-1] xorg-server security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-2486-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort December 09, 2020 https://wiki.debian.org/LTS - - Package: xorg-server Version: 2:1.19.2-1+deb9u7 CVE ID : CVE-2020-14360 CVE-2020-25712 Jan-Niklas Sohn discovered that the XKB extension of the Xorg X server performed incomplete input validation, which could result in privilege escalation. For Debian 9 stretch, these problems have been fixed in version 2:1.19.2-1+deb9u7. We recommend that you upgrade your xorg-server packages. For the detailed security status of xorg-server please refer to its security tracker page at: https://security-tracker.debian.org/tracker/xorg-server Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAl/QpqQACgkQnUbEiOQ2 gwKyxw/9Ejv+OATwMLjv49+fdUGLJpbgtlRvbgDCVC16JSyZLO1KSRRR/Hi/u6Ag ReWFQv2489CFuRpc5rZTAGfcGlaV55eUgDOwMeCggP23B8sHzb6L7OasLldlauni ov9ASg+ui/sjCdUS12uB3Ni1qgkcr/ah5PP1D1X7wxAqYJzasFUxTlqBGgaE4i1R YZELkEDpSHJAJ1iR2Oyi5/OxMQqY/wlWNT+QtGF/xjlN8pw9iZioZO1efC5g1UvY CkztRafWw94Pg5FnAd21rZEhFH9Q6+0Tg9k4mBhbPg3TMni1EtPXdJjaxY1jUvx0 bR3xQfUC4SxK7c/DSMCbG8xn/ny0UAjfLDMm6ucR7sjncbvv47WowQ0CyfuFc4rp HCOJnW/gsLH1I/3zK0B58D6heFklU0ee17wDHtO76at/A+2LmoDrbpKKTIk6fwUN Zyvccb8WpEsSCg4a2OxP9syG0IM9yozs2jMfcrcTMD2Ym5bwsMJIDahYcoyJQ0GP R/3+hU4HKjutcfPlNTvoWxJLtghaaGzVZlLQO2fvry8ddB/3FYqncUq2tHs6B+jX JTmis+OhD6wQljOMVVwrYfRqHkxXcsDW9SW2XUk4Lm1Pr+o+S8AuTg4cKw0K7AyN 7PQHuYLpqBCz2NQ4/Nc+Oo2KwCl4SPzLURblm3qYMneuurzl3+c= =lKsx -END PGP SIGNATURE-
[SECURITY] [DLA 2479-1] thunderbird security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-2479-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort December 04, 2020 https://wiki.debian.org/LTS - - Package: thunderbird Version: 1:78.5.1-1~deb9u1 CVE ID : CVE-2020-26970 Chiaki Ishikawa discovered a stack overflow in SMTP server status handling which could potentially result in the execution of arbitrary code. For Debian 9 stretch, this problem has been fixed in version 1:78.5.1-1~deb9u1. We recommend that you upgrade your thunderbird packages. For the detailed security status of thunderbird please refer to its security tracker page at: https://security-tracker.debian.org/tracker/thunderbird Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAl/KGlwACgkQnUbEiOQ2 gwIVTw/+K79o945orQvkdv49vWpXdP0m64wuQcbECdNApXpTL0DNc27JMHpgoR2d v9j2TFdF+24aIrOngs00DCvyazTVyCdcop1W7fBjDPk+prvSgP5sN2NJSnM78STF OW8xYUecSXQmq7g7EKojvJks+K9ZRBIFTyS41GYdQB3AfbyoLITKrqhD/Hb0CRnQ tsRvl5KBQFNSNLG0qonrzNNz3gZmgylYVaUTqhJdcyuEjTnl2n4BZYrCx4XMnzq1 YyApqDoSfLnqMrB7to5C4oxE1WgZ8BaIHrtl7Vm4FQ/YDE1nhMYSWLJlaNXG9igI 3L1gOJ939UpuJflPZWUZtPaXKyn4neETGXy1RA0htymxRjBCdqKAUXe/hg0ClfCt zAt9R+hYts5Le3X+d+YMYwBu9zuPa3toHvnMK34zRjHPQf73KCg+VkWleuag7XlQ vf13GuGjfqesdHHIWLCgSzTV8IFfOK7MEGrHUWNQG0DpJPgCUJ2SZ4ojmCQbYDK1 FSCUf0sCr0pYSyF7yqy5zicBECtwVYQzB6qIIQlCZJxn/KlatJ6VP/gIa2TDlBYg LcpSAuuFK1/d4R0+fGlJsnd0/GTGNp4c5DNsqBTU0QiAMdnzKyRLV8rvdeBTh+go UfWpiRs+2bMV5fa353IorQmTqoE+fT4pZy3YweAJ78Mwm3HmYA8= =/MBt -END PGP SIGNATURE-
[SECURITY] [DLA 2478-1] postgresql-9.6 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-2478-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort December 02, 2020 https://wiki.debian.org/LTS - - Package: postgresql-9.6 Version: 9.6.20-0+deb9u1 CVE ID : CVE-2020-25694 CVE-2020-25695 CVE-2020-25696 Several vulnerabilities have been found in the PostgreSQL database system. CVE-2020-25694 Peter Eisentraut found that database reconnections may drop options from the original connection, such as encryption, which could lead to information disclosure or a man-in-the-middle attack. CVE-2020-25695 Etienne Stalmans reported that a user with permissions to create non-temporary objects in an schema can execute arbitrary SQL functions as a superuser. CVE-2020-25696 Nick Cleaton found that the \gset command modified variables that control the psql behaviour, which could result in a compromised or malicious server executing arbitrary code in the user session. For Debian 9 stretch, these problems have been fixed in version 9.6.20-0+deb9u1. We recommend that you upgrade your postgresql-9.6 packages. For the detailed security status of postgresql-9.6 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/postgresql-9.6 Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAl/HdNIACgkQnUbEiOQ2 gwKcbQ/8D8WHVAYZS0f89rOUfW65vzxj34ntW1lJnoctS0KWQuaxD9cSxUGsmosB TfwjjQ+3v2+idcWrX3LZycGwQQwkyzxVmx1eLkmZabIBxxvIodNGn59bj4TftJhj sCFcRP9KxFYysfhEWsso1P616OOUTHTn3VUMnCAWGHkjkTHB62dCsAPCtvsPXSwe R8wKm3av88w0VOpBRR95ISFKqdQI8cy/TXgSbTeynBK82PaXrPUMB0nw5zCAxv2B lAW/Y4pTfzHNTtj2PJIKDiN5m9EFFfl54CBn8lYwBWBjbVsA8miue6lz8br6Z8A/ OLxJZXygJ6+L2zHDdSLswmKi8qc39f0m1lSPIpE7wJxUgrsa4cRKDqTYBhXfUIqC PN8Pf6wGv66wADzarqIiEZSqE89fdEjW7UJ1lgoA9j/YIT7D+hfw051Nrj1d/lEx tPCGMKo7X2p5vltgiMgQQ+d/QvdZPybmfLKY9i9g3oVd40uZRLbEsgVbIRrNaeeQ F8BMxblpfD01en7TgO6Gm/rQNGLrZV8TzU4x5OUEtGxvaP3g9bAomyR9Cio3pMHs P5c6yybyD2JVluhsxwbMnOBlM+uAkqxLkeYQkN80V8MBaveoD6jdroPZk4d6hFsn x3Shs6WZ2QdS9hHCeZSVwf/+KVTAdzeHknotV8hF/utgLqlREBA= =d8YE -END PGP SIGNATURE-
[SECURITY] [DLA 2466-1] drupal7 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-2466-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort November 27, 2020 https://wiki.debian.org/LTS - - Package: drupal7 Version: 7.52-2+deb9u13 CVE ID : CVE-2020-28948 CVE-2020-28949 Two vulnerabilities were found in the Archive_Tar PHP module, used by Drupal, which could result in the execution of arbitrary code if a malicious user is allowed to upload tar archives. For Debian 9 stretch, these problems have been fixed in version 7.52-2+deb9u13. We recommend that you upgrade your drupal7 packages. For the detailed security status of drupal7 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/drupal7 Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAl/AzbYACgkQnUbEiOQ2 gwJvYw/+P84Qttlwidj2uSbKE4TBkuC65jkURt+xooUquyXjFFrlPd0MrY8Wd/5A euNYHfUGNf3eKs9zqsYHJrpEU4YgQbFCrFs2+wMIr+2q46HWBSozI3TvKCy31T33 VzkEBOWbmBQcXD0HXOdLeqSKvPs7zP8KLw6/q6NfPqEtTdbKsbvV8dGnYckoyzSx JTj9cSt2gvLR2tevAv9wsejmZjZ3Fj1/licE0aobB9sX65lH/aaL+kJnO0nN307N uJ2oot7A28EePk1Shmv08vG3660kiVx3inmBoFk4eZRfEmrym+lc0gg5PnFCYHwv CgL/p5WpymzoRZrOMbseWhyFJR3DDiIrgjTnzj8JnEkKRFb0JXLSlySpEHuUG0+4 cYSbwybC+2s04i4LM0Wwqgyvnr6x4kTIl+BY6+Kv6i5YHU8NZMwCQlZ1iXfUIyVD 0/BrAUfAiFSLFWotstBk8lzC/V6Uxsr0xhIzHU7L7SL27UgU1QY9u6aJrfa50zWI EIloDYHbbbuRlaUTQRXznFHa26o9Otx9xsa2r2kazRcLF04d40uCEUbCYeHquZ94 AYAf1gsNq0XojUT2BBwcvaQVHwMlLYj4B0AjMGlhHYWpz5MctPmb8UGGB3UFJ5vs qYwQPaON0vc5zZo4dKM2ww/wuP26ylyuIHYAhr8yVG6qvtUZSfg= =FYjF -END PGP SIGNATURE-
[SECURITY] [DLA 2464-1] thunderbird security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-2464-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort November 23, 2020 https://wiki.debian.org/LTS - - Package: thunderbird Version: 1:78.5.0-1~deb9u1 CVE ID : CVE-2020-16012 CVE-2020-26951 CVE-2020-26953 CVE-2020-26956 CVE-2020-26958 CVE-2020-26959 CVE-2020-26960 CVE-2020-26961 CVE-2020-26965 CVE-2020-26968 Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code or denial of service. For Debian 9 stretch, these problems have been fixed in version 1:78.5.0-1~deb9u1. We recommend that you upgrade your thunderbird packages. For the detailed security status of thunderbird please refer to its security tracker page at: https://security-tracker.debian.org/tracker/thunderbird Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAl+7hwwACgkQnUbEiOQ2 gwItixAArrk7sAPtGAaSaY92gmuXaibWLJf7HRwEeIWPzAEzHwXp+j+Zq2KjukIS oxy57HQaQA+bq0yeH7RWJUjmxc8F+6Y0gX+UCsh+PNGXswDi0JwR1Py4H+X534Zc Ja7xG0doV/hQDTCC+hjHw+f6veS0FizRmA/brQXvum6sWHvxG7jr+7rC1wvOcbLC GcL58TPovd5Ip/tZfd5I3APyjepTm8YeS0MmXTV/X3oGW4xV0+70i6n0pFi5KQzv abPBVu1dGWhL+xNI/F53FxpFpRIo0GMUylGceEQgrGFmrXQhRmF9/4ORBy23Yn8W SEKg8bIDsHX6sl6uVW/vZJOzWuz4rjbgdMLdbKgPVW6rF4Wy9OC7qovWVSoq9DOZ hCuJ5t79XBhZSFPMQJsH7UOVUACnT6clk2gHXHgfltfQPTj+tWwZg3xERe6OOvfT jtnC/7qglvpOa9JM0M6Pwa/Odxjm0ooUUj3vv4SHeuqz9/Wm2tcc+TyA9BsxKJ0l AlY3hHBEU0eoBwJpi6sgWHiuKQ3JvRFIbBFZVkJCl6vSYAljuZEEfHNK7fQoU16F CYBM4uCti4d9VNaPZCnZkmwRZI5LY8temuO/Hai62WHCf6Vvfl+i517NQQHwDoEH 0lIUi2pEMNEKR6+0MJRE9U/wooCJuWVEPfTdjpS7Mp+mX+5byv4= =4vBc -END PGP SIGNATURE-
[SECURITY] [DLA 2458-1] drupal7 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-2458-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort November 19, 2020 https://wiki.debian.org/LTS - - Package: drupal7 Version: 7.52-2+deb9u12 CVE ID : CVE-2020-13666 CVE-2020-13671 Two vulnerabilities were discovered in Drupal, a fully-featured content management framework. CVE-2020-13666 The Drupal AJAX API did not disable JSONP by default, which could lead to cross-site scripting. For setups that relied on Drupal's AJAX API for JSONP requests, either JSONP will need to be reenabled, or the jQuery AJAX API will have to be used instead. See the upstream advisory for more details: https://www.drupal.org/sa-core-2020-007 CVE-2020-13671 Drupal failed to sanitize filenames on uploaded files, which could lead to those files being served as the wrong MIME type, or being executed depending on the server configuration. It is also recommended to check previously uploaded files for malicious extensions. For more details see the upstream advisory: https://www.drupal.org/sa-core-2020-012 For Debian 9 stretch, these problems have been fixed in version 7.52-2+deb9u12. We recommend that you upgrade your drupal7 packages. For the detailed security status of drupal7 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/drupal7 Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAl+2W0MACgkQnUbEiOQ2 gwLmVhAAroo0l1+hEh1VZ2QNj7kEoffcXZ35nvSXtsfFDDJcVarojRrBAHbK2BYa sDljwaWMlo2chKoEsPNoXPCH17TEgyTHguU2YrX559Z1bDF4/Wj1rXEBUzwRl/Mc uh5fXkOzASfDxnS8p1e2Qh/ksnIf1Z1CC7DvzdOfBOmqQs5s+3zgd9uYiikHX8NR Ucbh3Ji2doCrYh3ZfH0eTujg7KLySjp4hdb8ocgQLMULV8f/ybdm7CA8eB1SWSj0 cbr7qjDye3Ig3xFvdBmUvRXrBGKakuN8c4rpV+tIKrQiOyARubsH0IMfOP6aJVLl Zn9cdNrGN6DJd2LVXfmJNcyci62kIL99q+TeQntNwYfRASyWHLyPylYmJhrcnK++ EJhonrHd9SorQkbvlpDn/C0E/zILoA9fENygTb990mSnPSqnsjlWpbkofpGESIZJ JGmXJfV6vTuZ5ms+rcnp2w8+S8gvZQhDxZb01U+N8U+3EOYGkRi0K2P9hb4SboXg pUSGYa6twbQDm5XzReVEipAuqGSyH22agCckGAiZmluz3iikgQF+GYfa/n/XQirB zq5GGYyiZOvkcVg5pQWGgzcj7KZxDvnvyAY2N+SaN2ohqWYMKgN+Z8pyc3TSHd7G 3NqWZ6BmNJo6A24xn72fmdJJcvHlbw698KgcHgTTBeQjs5ImIJc= =r4OE -END PGP SIGNATURE-
[SECURITY] [DLA 2457-1] firefox-esr security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-2457-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort November 19, 2020 https://wiki.debian.org/LTS - - Package: firefox-esr Version: 78.5.0esr-1~deb9u1 CVE ID : CVE-2020-16012 CVE-2020-26951 CVE-2020-26953 CVE-2020-26956 CVE-2020-26958 CVE-2020-26959 CVE-2020-26960 CVE-2020-26961 CVE-2020-26965 CVE-2020-26968 Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, information disclosure, phishing, cross-site scripting or a DNS rebinding attack. For Debian 9 stretch, these problems have been fixed in version 78.5.0esr-1~deb9u1. We recommend that you upgrade your firefox-esr packages. For the detailed security status of firefox-esr please refer to its security tracker page at: https://security-tracker.debian.org/tracker/firefox-esr Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAl+2Q80ACgkQnUbEiOQ2 gwK3/BAA0eoz1b522rgykpc3q1x0bWOrhOl/4IXO4ZqDvXIQy5ucmtNHDjJ/W5nQ HTsdQcN0ggRAySz4ezfXY4sv/ZVsMZS5fY5OlM5tQzY/HGhB+fGwh4fOkJ+vaNVB 9eBNIX7gOmCj8/JEeZeygSCnWYjeOfHqgCjEpJo+qCfbfXlo4OIME/Qjij1VFT/f iIKZOzFBVpcJiT36yMX/OguAG4A5MZ9gZ2RyIIPlP3LQ51/Du7jORTPWL85xMGTZ 008zjCQsZC2yGqOesxJGZRt357ZcxV/obDywC6ktsy+OpmMC5bAnpTx8n5Sl6Gfv Mc/lfggO4K42y3W8w5QwbK+67yKbIQr3TVkz+se9sqDFT4iS4kl1RA8LPSytbZoh /qWK0+UC37azUbG6sDxzsNW/1BZgVAOfxGMgNGLUCQ00IM/oMzBLF5jwHvymGFHW RqzMLK9HaC2OelpD7B56o8DHZnik/WcjBr4bCwjDwtJre+lUr+e49gQk7Y0OVMnJ Nw6qWbg4arGQhAgzy+BDniQrQ7OFPuXfVaF1ESVXIyYWTX8HUZYv2GJTLxyiFfZ9 u0YvdYPDUuolLWOBEzunVdCnGgMneZjFAFvQBG33OWc74pmh6jha8Ewb9utklSp2 tfSMKU+i5wqUmyjOVHjysnlBbAwBaA1/NRxlBvJDO4LorBLdGX0= =sHlv -END PGP SIGNATURE-
[SECURITY] [DLA 2450-1] libproxy security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-2450-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort November 13, 2020 https://wiki.debian.org/LTS - - Package: libproxy Version: 0.4.14-2+deb9u2 CVE ID : CVE-2020-26154 Debian Bug : 968366 Li Fei found that libproxy, a library for automatic proxy configuration management, was vulnerable to a buffer overflow vulnerability when receiving a large PAC file from a server without a Content-Length header in the response. For Debian 9 stretch, this problem has been fixed in version 0.4.14-2+deb9u2. We recommend that you upgrade your libproxy packages. For the detailed security status of libproxy please refer to its security tracker page at: https://security-tracker.debian.org/tracker/libproxy Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAl+uZ7AACgkQnUbEiOQ2 gwL3wQ//WJYXoI8N0ZqKP1zq6Yb5oso4kCz1h1SbZZVmrXdJ627qsxdBU0Lgmn6Y yjaQ+gwSUiCGn/N+m2VDTCrqQrcs4dBfF/nn8lxZdOAXMTIA70Y2IknTrdn7jvT+ /WDcAJyB0Y6aROHlSka/m02G2cQWb3TOGryZPmtA9SzW/MlZ0E1yXRzx1dPvpF+R 6KQC0lZAU66Rx5dYG1sioqMWhVTXVKVHsC4cB7EZU3ljmbGaSDyz4bvL+1uQwsJS dW5OweX3ucX4/C9e93P57vkw1kj37i4SaLJMQff/J5w/6YdI1Qfh5d07P7J/zxeh kD+Q5GPmvm5r7tBfQmdSFoVAZrKH5nOfjlGNQQYa3Da/jQBmQwGDu6dInWZ3YqgL 7TMPHnH7GMPI5XWb0ZXJFpo6xThzJC+9iVsT9fOKPfcVwDW9i54N6r077Z0yp1m2 sIy6UWT2RGk4VQeToMoQyj3zk8VwKIj9/6RJUHWeMsOCxuh1GmYYnoE7IL2JMwWY LGVkeRdb4po10fO0Qu8crZz8MEpQjaVtpvs9u6uPSwTL/7GQUlf3FvsnuWB6D770 4k98ipb64+uasxvv263flIdC5MgQagbarJ3+cFoxAE0T49KJSjNDs37pTTaawEog qlMJCXBKi/SPzc9PhJUTTHgvaC/qCnobG6TXjKJQYvPJB8iaKYU= =Cz0I -END PGP SIGNATURE-
[SECURITY] [DLA 2449-1] thunderbird security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-2449-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort November 13, 2020 https://wiki.debian.org/LTS - - Package: thunderbird Version: 1:78.4.2-1~deb9u1 CVE ID : CVE-2020-26950 A use-after-free was found in Thunderbird, which could potentially result in the execution of arbitrary code. For Debian 9 stretch, this problem has been fixed in version 1:78.4.2-1~deb9u1. We recommend that you upgrade your thunderbird packages. For the detailed security status of thunderbird please refer to its security tracker page at: https://security-tracker.debian.org/tracker/thunderbird Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAl+uYucACgkQnUbEiOQ2 gwLDKhAAqdyQDtNJXYBQ/58BuR+4tUQ+84lk604Cn0D4rPUW6Aa10px32/ybbUKC c1Ch5qFVNsu9bKdfX6EsrWL5NdwyRGW6F47PsSmQkdT96TuvZP3DzBfChcT/SIUv PXC3H1IM1f6H1SJJj5vyIS2hwXZsJHn1/hed37+O7UFrY3o/CaFyApSsgFqRJtCp dVXtWaEsru9CgWbayGmtAQQWEEPCKGg80UrgUND2z5md3/ka9R9sh9yh+/hJtYy1 SH3hQEOrawlaW2Hww9aX+LnNY3aUg+Xz1oMG2rKhSWv6FFnyKduYMEBQTP+ogpe8 /G4Ew6ztea1Ypt87Skwnx68MjPAijOAJQr3ottITqZNJARJxz3wHUkleKp2f5+DU rGivzLVmLorD6EpqUbTHHmZ8nV48+0JYdxzX6quMCCY6wcIGnk6MGny+h70prQRN QPJOye9Cs/j9mxIpADgsmm0RtCqGbIn0Wav+6FruiOy4Uu0bXv1AsuMcLZVINJ+K +S6iOV1Bx96mAn0H0NGeGdU4zxUf5cCqQcpQMtzqzNyqNwxjH3gzn4dV9UynL9fR OYWLpf7FMTQ+bNI0h9H9AbR8dWIxfAKulINmHhW94azyVeDBEQmL3lj+wSin6aj6 NzCXK6j30sgqFWlWBS5saccO2Jo3HMwZnn91bOTQSU+9qvl5Cms= =oLqR -END PGP SIGNATURE-
[SECURITY] [DLA 2412-1] openjdk-8 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-2412-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort October 23, 2020 https://wiki.debian.org/LTS - - Package: openjdk-8 Version: 8u272-b10-0+deb9u1 CVE ID : CVE-2020-14779 CVE-2020-14781 CVE-2020-14782 CVE-2020-14792 CVE-2020-14796 CVE-2020-14797 CVE-2020-14798 CVE-2020-14803 Several vulnerabilities have been discovered in the OpenJDK Java runtime, resulting in denial of service, bypass of sandbox restrictions or information disclosure. For Debian 9 stretch, these problems have been fixed in version 8u272-b10-0+deb9u1. We recommend that you upgrade your openjdk-8 packages. For the detailed security status of openjdk-8 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/openjdk-8 Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAl+b2UgACgkQnUbEiOQ2 gwKmMQ//UpsuIgrZlPtO5vsQ0cGna/0XeVg+6XPVN3PhxhCSP6ynl5LO+kAOIYS4 TxDKb2HZsgx39pnZy1bFZ2tbnhYUutkmvbnnzyRaILoS+FW7AjVEg+opTjQCNP/K T7D2DHuolXEce9iR47IZrCm1czs50I+XU0XlfACE/jDCB2a9B9mVLhcK9aXwSrD/ /dBeJaAQ79rKrI7u3ujqq1bwaIR2h0Y4nDl+K3XBN7pxu0lgpC3PX5rR3p69/OKY z2fApb+9f9lCM5FYyaDUu0u4lnvHhWTEttupakyPBrjWtEql7UtBMVtln/JKpz6n VWUI0jPiBcB/CvCYeyJ1nkadjnlzqdIr34HxB0jbObHIvBN/r0/6aRiu/BcBPGa8 +2UWsTnCNiQ5w5u/Vn5ZBiF3Y5P82aPnKl6EAI2GbCjun1jWwYxzLiwStQTqa0UC cKt/d1GdFxgmtzid5gqMDk9uBI/yNn163TIcc6W2ite9ZrthjhMZPko0Y1JAc6o2 N3rmaE2TEsRZbksUigmChXN/dY4rFThN6dz+lp3pXzfWBf9CW39k2C8VnPfSF1/P xkyCnCAiedTGA3zYNmfYMPNIw174dRtDTWKMzi5WTbIFuGag4wlWA7YLh5lNYi9I FCpCX9VvQUGXvQrQVnkf3paa8N5riRuWi7ba6CkjVyEyCjIyDho= =8OG0 -END PGP SIGNATURE-
[SECURITY] [DLA 2416-1] thunderbird security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-2416-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort October 27, 2020 https://wiki.debian.org/LTS - - Package: thunderbird Version: 1:78.4.0-1~deb9u1 CVE ID : CVE-2020-15683 CVE-2020-15969 Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code or denial of service. For Debian 9 stretch, these problems have been fixed in version 1:78.4.0-1~deb9u1. We recommend that you upgrade your thunderbird packages. For the detailed security status of thunderbird please refer to its security tracker page at: https://security-tracker.debian.org/tracker/thunderbird Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIyBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAl+XzyEACgkQnUbEiOQ2 gwJBhw/40RdeGsAFQVZZ72HDcm/jH5z7BH5VjBGjC6ZRxdtSZq2B3hewo/W0PlRm 6SauGRIT8EcDWLOg9KQL0s5TJ64ispIIRPqmaJAxVIHA6AO9SCiQjvVVY/sG7t7C yXoX/+M67HLDwZj6d+BUThqqOsUFOgseew3NtLyZun0TOrJ0ucbOEBy1TE94PGEj +5v3/SEs8ra//T1ls6XUaGnbk+RQ025vJcPKRHMMxYzspp9HYzsO8ybCRd7iDiEs hE4apepeXqnBQIjQ6gBWKHNufTMT36S7JQ0Y8gJQVS9x85pMUXKzsVnqvilK9vpH u+rWouFxEUpVi+ap6+Kmr6BAXilBo+BZlpbTkGzuiq5vpnhmDlEmdEt0q0qy8uFz gIZG5DtfMDuEGf70E2SFEh6e8OR4GYzgwIS2oieqPjc6SR8dKrFySoWe/JS6jtjS 1KFOI3YEmTi2mMU8SSxKKFuFqzdrQyV1nGfPKnJJ7qyw7JJQ3O8bceDcdds8UJ0k ZMKFXh0REKXaLaG9bcM5dS8lbk9YkhMFQN/mef6Tglws5tQOtWqsI3Acrb2jWYgw RWQp8MgG/qlKJehQcV1UZHaqmkxIIJu2KEo0pRhavWi0DC0/OpW33jPpsAxJbB3y 5VPHfoRUv1RG/k14kg7+tLsFViMBhm/cPH7OsqUsxfaw7Xp/Hg== =e4SW -END PGP SIGNATURE-
[SECURITY] [DLA 2411-1] firefox-esr security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-2411-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort October 21, 2020 https://wiki.debian.org/LTS - - Package: firefox-esr Version: 78.4.0esr-1~deb9u1 CVE ID : CVE-2020-15683 CVE-2020-15969 Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code. For Debian 9 stretch, these problems have been fixed in version 78.4.0esr-1~deb9u1. We recommend that you upgrade your firefox-esr packages. For the detailed security status of firefox-esr please refer to its security tracker page at: https://security-tracker.debian.org/tracker/firefox-esr Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAl+QqycACgkQnUbEiOQ2 gwII7Q/+MBf6q8PF0cvl9XFAHLiPdGK+q6TKFPkvyYBGY9DQyl51pZVbisHFNj4Y QFSiZtYvgeAXLe1V0OlLzkR8UEan8gp2zN1HrE9I1vEcydCpK0EQ+TDP09LhSuQW kUBpDuplUaXog8GLvuiBuw+2fgAMX52QvZGq610A+9dKux57bbHjHzdngZpSB6a9 l0LH6rR6+FxARjI/AirLSg7vNtWvWA1lTYKZDejvfIYgd1OAbd+AOeccVxcTo6/5 E5Xvk3x3OuiQ9aQJPe96sauyNjVFKBcSPvZJt+St8+32b/ral2l7Y/qu+wKqieFz WxqoAFgYC08WruYTKAZP92q10VJVsn4xKw+tiubnL5lUP8Fx1wfh+sm1kwvT8H3l 7gYnaDHkXGU2XxtBXqTiGrvm+u1LXX5Ry2ED/du87Pw2L6jspgSX48UzXpsQTOuF wyqCnDAN81ImhNpe48gaWrCFc4e1t2XnMJn4PwhjmJ3P+9jCIsdlhDZ8xbiPtx9y LlkvZO9T00ZnijuSAjAmo8R5OF6dobnpuHYTN8jFrbnFDAn15wuC7iUSqYnK+rd8 WuuMgdvKqS/FFT9Z5+3oznEUJfdqcEEEkDROcWc9vFKqZ2iZt+ExRjMul7p2wdIq +0jerE5Bjs5nO8ql72tkKv54Q6E/YXCcN/0rctJltcrU+bh/vQM= =husu -END PGP SIGNATURE-
[SECURITY] [DLA 2409-1] mariadb-10.1 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-2409-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort October 21, 2020 https://wiki.debian.org/LTS - - Package: mariadb-10.1 Version: 10.1.47-0+deb9u1 CVE ID : CVE-2020-15180 A security issue was discovered in the MariaDB database server. For Debian 9 stretch, this problem has been fixed in version 10.1.47-0+deb9u1. We recommend that you upgrade your mariadb-10.1 packages. For the detailed security status of mariadb-10.1 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/mariadb-10.1 Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAl+P5YwACgkQnUbEiOQ2 gwJAPw/9FgTzKb6KcDl+4aO9lEUv6FiTSsVGw8UIs1e8FD8vA/4oqfDwyNmwCRVq HzsNt2U6RH8K/sNC1E9cvdzMRA8HGE3lGC3Poq2+4iZ1NGpnt5cdzVn12NnIEoNB 3+AdQpCT/HsHi41oIYzaPpE6OyD1+j5DDpXo1ZI5hK2adH7w2sfhPtYmt7gMXLAZ on7J6VzdXeb4bjDGErTCnOg82isuvIhwq5jNJyPyqcDCVIzuEfDzuZUTX4SeJqXM VaYJXTEa0W37UkxyKc7dsX/JyuafEiaL/40Bo+VrfHpHdF+3x3jchFw5RNFMvQ/n V3iRhpLBt9GNgiZ1/1t3hRuFeexD1cmp6CLIj7a+pBCKy0nBl5b+ioRbnvfoKspv nH8OjFNybGRC40sVwfb95aBZZhmo/Wgmt6Iy0R8BnSN5tsEmdAxMgMFCAtMmbcxJ WYRxn5xApEJ6FhOu1bzZjA3Px+6nb1fD665loxgpsxMTylnhn1VXNkTcMG4SYRuS kDZmvh1Shraje56C0ciJrdT2VZwusRfPSjH3z8DlJrhuoAb+DuANnx7Z4w2vN+N2 RoYg9dMUkFaxGKKrOAC30kRIcBj2Kqp/WqFzzlp48JYfP6MbHHoEtRRa6VMJUrjC F7D0Gjm86/q0uERS71dKX/rCsSH3UmjM7Ev+W4xajszFuYJBHuk= =G3N+ -END PGP SIGNATURE-
[SECURITY] [DLA 2408-1] thunderbird security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-2408-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort October 17, 2020 https://wiki.debian.org/LTS - - Package: thunderbird Version: 1:78.3.1-2~deb9u1 CVE ID : CVE-2020-15673 CVE-2020-15676 CVE-2020-15677 CVE-2020-15678 Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code or denial of service. Debian follows the Thunderbird upstream releases. Support for the 68.x series has ended, so starting with this update we're now following the 78.x releases. The 78.x series discontinues support for some addons. Also, starting with 78, Thunderbird supports OpenPGP natively. If you are currently using the Enigmail addon for PGP, please refer to the included NEWS and README.Debian.gz files for information on how to migrate your keys. For Debian 9 stretch, these problems have been fixed in version 1:78.3.1-2~deb9u1. We recommend that you upgrade your thunderbird packages. For the detailed security status of thunderbird please refer to its security tracker page at: https://security-tracker.debian.org/tracker/thunderbird Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAl+KI0QACgkQnUbEiOQ2 gwKtEBAAjr5giSel2X9DBupJ2yzkOdySWkXR0OJo8w9yJ1QyuNiqLN0aMNeHexUs Uc6wT/eso6lIq98YQoxF1trF44T9K4Mw6B20pt1Dn4EQCXOmyRJ9b1WlSaBDW28Z 57A2Dtg/NAqkH1xHLHrGVNSSk1SUCNbYr8h9sRCtje2o+6KGBVVI5MSKGB1t181B SyY4APxav29m1ybWmnfg0Yh9e7JaZqnKOwYpuQOpscUa1mWvVq7Che/0jz1W2FQS FPa025fX8xURe76jDM7UNmyq7uBbAbztiffeZNcJ90T9BL/e2SN1jSjH0Cbem1Vn A/yTvCHYMzYEXUshqjF1MHPV6bcQbGzYxgiEQizceVDuTFhFgd/XPKfdUJqAWjsJ pAiTBbCoR9MOTf62K5VH6Dln11lsc0rzIH4EMeIqSaCOUUUw+M2sJFuVkJVJNmQQ sEFvEiDCqcUtglHohrfMV/5OoNIyCbmWRxj74/hxzesKki/szt2cd8xf97/JPSQj Lh4TKmSfosbuG871OU/eB6QFm/Nswe8W959ydQFvaMGRVv80BBl70uW1ehWtlNfA Neq6eKGz+7mmEpMLoIkN0Agn6ie6DrC/wmapwQX6Oxa92OiAiHGdnQdjNIpPEOJ0 EH86CA76ODW1ETT8OUC2keVaQv/CZEzFa6/dw5Ut9qhtw2l+OKI= =LW5o -END PGP SIGNATURE-
[SECURITY] [DLA 2387-2] firefox-esr regression update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-2387-2debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort September 29, 2020https://wiki.debian.org/LTS - - Package: firefox-esr Version: 78.3.0esr-1~deb9u2 This update fixes a problem that caused Firefox to fail to build on the arm64 and armhf architectures. For Debian 9 stretch, this problem has been fixed in version 78.3.0esr-1~deb9u2. We recommend that you upgrade your firefox-esr packages. For the detailed security status of firefox-esr please refer to its security tracker page at: https://security-tracker.debian.org/tracker/firefox-esr Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAl9zswgACgkQnUbEiOQ2 gwJKPhAAukaOqLs+ceq8k6ZTGtQvdlGOPgcith9pRtK+sbaP8V/nqGL0J+0cpUxp c+y9u4vNI3W8Re1SlRI1qV06bIclRmnV2e6C7SpXbEeYeb2URlV063OOVuWSvwYo 35Wk/ZGCoZjl+qsfC0xmihPBMkhrupyuV7Sx4Mo4y3TQZ16VtWcUUCsqaCT4gXuE mkA1J+YujQCr9RmrInKYJV9ibrmRiU9rL+J71hilsKtSjcu5TBHogDDexpxh62je kA1G4Q2tzZ/DCHpqEZPWGk/QU05Lz+DCGxTOY9yTP+Mq5cgz1mdDiGGqw12IZTbl hZA7WJHxnox4sd4+ghnNFvcydpC92/VKFisbM6JClUSEZKhmJoxyFCC4duAfM3zN YjbiXPt0OVkbSbc3ZDokvex4rA+W9rESxA42GDrlGQW4pDifMYvGaDl0XrhoYKrf zDl24ilrG8BPpSPFiqm7p9sbqr5MlMTUL2St8AxE2z5F4byWcTZS6Mp8pxMrnDyt QiBNNQv/Ype/E/Mjf5mhX6Ti/m1+o1FtT1pFlNOqKV2ruOyCp8bzjWZSJhjRPZgI qi0kBUawKqXawu1bYVy8Ix8J3V/t4g9T5M0qpE7Urvz1Xwi5iDk0eR/LaS3NUvmG LORhlw/7Lje72gdxyP7ET1WyIm4UKmCUbrlsG/tAKWlFzDpj0Gs= =yzwQ -END PGP SIGNATURE-
[SECURITY] [DLA 2387-1] firefox-esr security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-2387-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort September 28, 2020https://wiki.debian.org/LTS - - Package: firefox-esr Version: 78.3.0esr-1~deb9u1 CVE ID : CVE-2020-15673 CVE-2020-15676 CVE-2020-15677 CVE-2020-15678 Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, cross-site scripting or spoofing the origin of a download. Debian follows the extended support releases (ESR) of Firefox. Support for the 68.x series has ended, so starting with this update we're now following the 78.x releases. Between 68.x and 78.x, Firefox has seen a number of feature updates. For more information please refer to https://www.mozilla.org/en-US/firefox/78.0esr/releasenotes/ For Debian 9 stretch, these problems have been fixed in version 78.3.0esr-1~deb9u1. We recommend that you upgrade your firefox-esr packages. For the detailed security status of firefox-esr please refer to its security tracker page at: https://security-tracker.debian.org/tracker/firefox-esr Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAl9yVtsACgkQnUbEiOQ2 gwKxGg/+I8hfNnibCT5HYz5NdRkr6JasnPBoBizSr3lfx3lfIWTx6W0TuTaqGo9b j+kdKfRZ9dWDZggVBbwIt6JgozNkqT6qYt7ktTIZkZvM5rxyJIXtw29+OZDHZ3Qa SyED63X6p8yrJZVw6vLnwszY5YO7jWYzJ67gmbv939mxGUYaFa6Qgf9saKZhCJ1W GUqzqXoWbMutAqfwTakk3MeZ97OAlu2R/RYF1C66YzsvUew8q8dNcLVf5K4grD23 9QAmgmnx8VUKI9oZPweEYHk6ApWClU2pb/WDtgIgP+5KXRxvvb4bvNC8LkRw0opb 0dq5mxDIeCv41lmxdtoSVjMZ0ig7D2FvXUzvsOWC9Oa4rBlRScjjvoMl9tsWu6dh 6z/3t/kr9Y+uhrBlbBSQrXJUV73RxcC48BVMhTKYQcm/ErM3YaFg7KNDTL1Mqndt VjRNupvjMB+495+/laJF0jUwmNuwYYhEsPVPmE/Qs6TQwRULFG21pPGiZi+GXWUd hHmjPIdFPHBLwZv1FmHeZoqT4uEKpXf1OWN1ECvUwWRK7LVwjq2DyemCc0bgiQ5W 4ilLQkNwLcLZPz5KhHGauiF+7HBDpqChimd70pdMEkl6kHy4Ufdr36dRWNfdXm6P KvwMjK9WBFvX1ClwT4oBNjzAQ2DJFpt/FJATjkICgxxusURaTQQ= =fBp+ -END PGP SIGNATURE-
[SECURITY] [DLA 2361-1] libx11 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-2361-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort September 01, 2020https://wiki.debian.org/LTS - - Package: libx11 Version: 2:1.6.4-3+deb9u3 CVE ID : CVE-2020-14363 Debian Bug : 969008 Jayden Rivers found an integer overflow in the init_om function of libX11, the X11 client-side library, which could lead to a double free. For Debian 9 stretch, this problem has been fixed in version 2:1.6.4-3+deb9u3. We recommend that you upgrade your libx11 packages. For the detailed security status of libx11 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/libx11 Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAl9N/m0ACgkQnUbEiOQ2 gwLLZRAA0IibAKeJzS3X7lqjPm4JEZknbGvzUD+lZz74jCBCqkkEFb23A4Ti3h/H aAFhzxF7doYZyVGFXZNxdMigD/vCzRqG9pxye7nZ1e46qKBdE2aHkhtJC39hPbeR yRkz6qDD5aexCDKPXW/ohVaUWy9x4Nw0SdrSk1KuHoDJ5AiQ5HnsarZA6Y1laFQW UtOUq3fW8zE20qWdm5EiNGiNVrCQwWB7NqqPkV/7/rV2lnTiz5pzbpNzxEVb1fkU hsxdEimquZ+Nf/ikKuCpwvo43h9vgo7MiAIjAYVXQVgKqarnX9Q0Ovb3OYshiYjh 4TAtzvgK0IXqEAAdH7LbUt0MPO17sFRyrY1TRU4hdczJ57imZ7TGCJ0pmsPYpQiy NapupdQwp56GPdrlKKjixqaFn8XFFVij6oBlYztuVKPFWDAjpSa0gCP0+RSgPp9s IkldaC+NhrCHigfhN+FnE8mRxSd+j3AZo3oZ2r7L8mopwjxd3mx9Kt0CMcD+/oC0 0AtmInQgD6DXIHt9nHIlpKlPd1f6qLIR35eE0JpT69wycRGZWOFTJLLUWTXLx8af +8MJBEUjb/Wpaa0oR5lzRe/pZVN3R7NrPnQtPzYHRD5RsikvEHOvffHTBgILcesv 9jnf2X4RE1mqkqgpL4d4bwOBen67GH9cjURv4OPjTB1v+EuHLLE= =FV2s -END PGP SIGNATURE-
[SECURITY] [DLA 2346-1] firefox-esr security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-2346-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort August 27, 2020 https://wiki.debian.org/LTS - - Package: firefox-esr Version: 68.12.0esr-1~deb9u1 CVE ID : CVE-2020-15664 CVE-2020-15669 Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or unintended or malicious extensions being installed. For Debian 9 stretch, these problems have been fixed in version 68.12.0esr-1~deb9u1. We recommend that you upgrade your firefox-esr packages. For the detailed security status of firefox-esr please refer to its security tracker page at: https://security-tracker.debian.org/tracker/firefox-esr Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAl9HjToACgkQnUbEiOQ2 gwKy1g//epY8CxqTiOyX0tSh2oW2HcbemrHCQ1AcnQfaCw7J7E9gcmIou5u2WBWy ndAz1EbhWE08iFV+IaIzccqA+2kbLNP0IOzFBS4atVTY27ngiR0wXFJK7Hg0uxsf yDGksv0lnjA79Jk9A5TSJt8uvaDFReQv9W2r57V9fDGky1CGTbIonXXGaMdsieDY fOHgqkFOXd4TWlnqGai4zSyxaLO5yqsmllLUzH2PuaFs5pwvKgRkz95cu5DmUUuU faVEO/jyGDpkkVViHCE+baSHoG79xHNGG+Bral/aMdB6O9k25WzOJKW/Dx0tzbMO K0OSSxNHKSnMKoxrtSn4oH9XH0Pq+NiiX7W4ycDhzX5fWXswm9nyGj1SDH5y2IO/ IRH36ycaXq09+7trw1a+XAB2duQ50PBFqlE01h/xOZ9qzmjmliCU05vgVbRraikH cbHj6pRFTnN76UYaWyfaYhkNwu9mHVa5SVPPo0y4LxgtIWDLYfX/u+y08Cth8OM3 JzyTsQKZhPCuLK5zbmPhkTtpeVBbSUICKmhfLQzQKVY15VfeYX+cnS5n/djVidsr BjaOck/WKCz8/wIwG28Qy/MiWI9gmAVPDPcIV1FkW6xgU1Rgw9DHkIrwMe8EOpFT DiIXoDZ6Oem8MFqKM2LAGnUg5f0Gjz933wevtNh5oUTOUTtoK2c= =Ybf8 -END PGP SIGNATURE-
[SECURITY] [DLA 2325-1] openjdk-8 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-2325-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort August 13, 2020 https://wiki.debian.org/LTS - - Package: openjdk-8 Version: 8u265-b01-0+deb9u1 CVE ID : CVE-2020-14556 CVE-2020-14577 CVE-2020-14578 CVE-2020-14579 CVE-2020-14581 CVE-2020-14583 CVE-2020-14593 CVE-2020-14621 Several vulnerabilities have been discovered in the OpenJDK Java runtime, resulting in denial of service, bypass of access/sandbox restrictions or information disclosure. For Debian 9 stretch, these problems have been fixed in version 8u265-b01-0+deb9u1. We recommend that you upgrade your openjdk-8 packages. For the detailed security status of openjdk-8 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/openjdk-8 Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAl81ENkACgkQnUbEiOQ2 gwKJNA//aVudX1UHvAYLHly3JxFZanCKBPIxnwo/nVcGvkEsNag7WbDfcEYW/RWA M9Lda3EqfRtgguPHB/AOpGgUj/0gayT4wJb275OTOeuaNd7KdlD8Kk8EMf7E3IGW pRxR2N/mEGhjb7DVXZy/SNWj4co6Yk6Nwh6ikEgR1kXDwlJMXStowKNApyNra+30 rosflBtlkE56uOJQI3GT/B0dF5GuJM5vOzXXM2Lcgo4EKci+vmWq7uzCfDKY2MzO f2Oocfi5CCwS/6S10XkDGG5xvuP3tXKMs7ggfv8ooNDeaGSWnXJIzBFEHg1ILF3j n7KhGIPMysyGbGNU0DgOxCOrsUP8ivhdA36fVWRV7JCFxlHjkM1BYY4z0s5dub3e Q9dR0uPeHfiDUie6LN3FVoiM0ugn32WwtCACG1JvNifLF1vdzgSmvpvKpk1paF+r XBxw9K6p1tggvTMfFGThI/d8Cpmcao38egybPyYdWGzsvMpVu1EgAk4aUDdlHGVh A+C6sH9cUNSAJWcyfa5IGvLiFmjGhl/WDABm0HC7DJ2N5Rp5OsvEpbDJixV4kaa0 A/D8XRRR1UEFeGCWEDmIXaCadaM0qa5yiNNAb1pg5fA+N/lXiM0egmVrrVBskjko 8IGmrdGJCPNgatwL4N/M3E4ZLkqgTyQVIRuX7TYVUDLvfnVynto= =E49I -END PGP SIGNATURE-
[SECURITY] [DLA 2315-1] gupnp security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-2315-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort August 06, 2020 https://wiki.debian.org/LTS - - Package: gupnp Version: 1.0.1-1+deb9u1 CVE ID : CVE-2020-12695 Yunus Çadırcı found an issue in the SUBSCRIBE method of UPnP, a network protocol for devices to automatically discover and communicate with each other. Insuficient checks on this method allowed attackers to use vulnerable UPnP services for DoS attacks or possibly to bypass firewalls. For Debian 9 stretch, this problem has been fixed in version 1.0.1-1+deb9u1. We recommend that you upgrade your gupnp packages. For the detailed security status of gupnp please refer to its security tracker page at: https://security-tracker.debian.org/tracker/gupnp Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAl8sPZEACgkQnUbEiOQ2 gwKOdg//SAzCDZdsvzOl0j8Eij4cHjvDCngX4eFIUvjPCgfOhleul7J5FLq8oLpm bLfUzlFSWI/lGnBc7SOYZpIfQGFS6BfhORCpqi87JbJlTW7P3yDTjaO3TPATiNm2 tT0FeIC2D1s+xzrS+eEK9PoMMUf8m+w4C1XFewXxioeFje34Yuws7GweuvR77tJ5 iGXG5dqqFBmGk/bKNVe+iIK76nWuw5cjgXBPuDLHLIm8YuJVxh7KFDFPoWW479aN PuwpxJOk9rsgMhzxLdz/wHCxQ/Ir9+w2peocQlu/OBsgKDrzIFbpapQhqPONhloj nnIyC2S3e8RUIWZI9zSN8CJQ3bbAN79wQyiLkTFO+9GzKN8zOI2xmV24vGnaBGUh 35T4UJ9A1Wl5oqevCSvMxm9nOmpvOORw553GM+/V/oxLsHeedKIOtrwoFQZqbOmn HB5zvkrq6c4Gbm6cbo1dohSGk9mXrkrs6mUpdSmd+5xKd+SD83AmaYw76Q6Refuq cw4gWRrl7xg6S0JmX8/oV5pp4QATRWaPHjYCq5qDVX0ugIGJzvqr7pQ3iQ1ok1Rd KEH/Ws10istgdPrEhJWZKbRyx4lXz5o+zqomQSS4IqjvRtYCDdZjoQaRW3ACTJgH /drz32GMu6RuFpW1sjVHS3xY2W1mdhNj9FUrFRKTu+7qf5nwa7Y= =AoLt -END PGP SIGNATURE-
[SECURITY] [DLA 2314-1] clamav security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-2314-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort August 06, 2020 https://wiki.debian.org/LTS - - Package: clamav Version: 0.102.4+dfsg-0+deb9u1 CVE ID : CVE-2020-3327 CVE-2020-3350 CVE-2020-3481 Several vulnerabilities have been found in the ClamAV antivirus toolkit: CVE-2020-3327 An out of bounds read in the ARJ archive-parsing module could cause denial of service. The fix in 0.102.3 was incomplete. CVE-2020-3350 A malicious user could trick clamscan, clamdscan or clamonacc into moving or removing a different file than intended when those are used with one of the --move or --remove options. This could be used to get rid of special system files. CVE-2020-3481 The EGG archive module was vulnerable to denial of service via NULL pointer dereference due to improper error handling. The official signature database avoided this problem because the signatures there avoided the use of the EGG archive parser. For Debian 9 stretch, these problems have been fixed in version 0.102.4+dfsg-0+deb9u1. We recommend that you upgrade your clamav packages. For the detailed security status of clamav please refer to its security tracker page at: https://security-tracker.debian.org/tracker/clamav Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAl8rm+QACgkQnUbEiOQ2 gwK3gxAAjL9BRxGbMytuXA1FRpIHf+bRx1s9BIX8mdc/CrdolZ1fw+GdGJ+gwYfT bXdmQdvhaY0e0pwEyZiHp0VSO0fdU2YgbU2Zv0PWDyDQybFX7V+Wi7x8oAdD451Q 8i30HWuWUKCewwDkxPMf0GjNvQjDWNg7T0wXfwYxTRGwSDoOkMe+89WX5jbXqbz/ oroFY65PHogLzOWO6QZQtnJKO1M+9zhZKnec4WQVuCMPj2Bu5BU1XOoZJWLSd2i7 5lRMpHJER5KKdqcsoClhviCazHBF/t5zzRKTz4UgF0Di3BZl0dN23VY3BD+gQ4Ln g7CkPoWvGHHtbwAn39I82KeoqNki5PQ911u8WMF/4VxiqLiZgFOMUCyhVXYMRsRi n5LRVWnUsAJ5/nu51UIKW02jocUd/lEUniEd//+zFYoYKZP4syHwdQyBMsOQkhpm KL6PHmyKQHHm380d0BqCR887NvdHXJyiVTA/nLc2ywbuHGCus5OJ9C04LPNl5g9O imQVxN/zjRB/2IrzMmLoGHLi692eXutZQvsp+nDaAceLXoT5NewDNZG35eHDYHyk IFtklF1S7bjbh59NfWtb46+P+tVk16b3Vf/VXzKc1cwq4l/609MtJwEcPD7mfBph s+e1udE/kx6EnrzlSqISlsQON+ZbEOivXl8MUHdd+THw/NszeWw= =BcAc -END PGP SIGNATURE-
[SECURITY] [DLA 2312-1] libx11 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-2312-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort August 04, 2020 https://wiki.debian.org/LTS - - Package: libx11 Version: 2:1.6.4-3+deb9u2 CVE ID : CVE-2020-14344 Todd Carson discovered some integer overflows in libX11, which could lead to heap corruption when processing crafted messages from an input method. For Debian 9 stretch, this problem has been fixed in version 2:1.6.4-3+deb9u2. We recommend that you upgrade your libx11 packages. For the detailed security status of libx11 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/libx11 Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAl8pE0cACgkQnUbEiOQ2 gwL+yxAAwbCYdXcrFKpXF3OU5pNaXaWEyVPRenKg8U9607pBp3fwx7XnPVffyZwy PobB9BZgEi16XaUTxx4lUUuJuZmw8VLJwSZ74ebVqiNnDE/svnPc5JHT+h0Ejtra lUPJN0xHtMuXVS75EobLTZiimBeE7PrEpYwKXFotgGVjhcpaScI8clK85lBkQUQ3 /bArhAnJ4bmbcTavjUz2mK6b+rHMjilzaBbuR0puQ3fx/9jnnJyQTirQavIWVDAK CJFEvFA55PGmEZNun87Z1uQf7ptfK0eA9Jf83pk3DszSaoyrdsjuKF8AiZIBcVMf Rp2aDqmPuLZN7bxlh8gDDDpm6oXO5F+UUj3shunJKjMma3mmHmR3b5MfXDAsba/J AkPzSC1syxGA/8jQ+eVEsVqaZ1LnREwxLICzF/AfEIwZVP5Sg/D6C5yv9PTcHjbg 5NI16qzTWBJniBh3qmP9tpOFEBDlRAjW7CrXvFIuWFX2D3V71zCximdmmvNoIbIn ZASGzx4aWJXd779pAnc/2pv/NdrRiiDJojXAPrqjmztHsDt73ww8TbNgWMw0Dc7B lSgTNzcfCVE6Wie1oh0BpK3q4KRy2KzeQjmHfRLt5SjF0ONwaZgPSwxl85DKclUl X1D/ED4wxt/XS5foVIddO7w6GnqJBqOc46Qvkx3/SFZrMk9QBk4= =Y2ZK -END PGP SIGNATURE-
[SECURITY] [DLA 2310-1] thunderbird security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-2310-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort August 02, 2020 https://wiki.debian.org/LTS - - Package: thunderbird Version: 1:68.11.0-1~deb9u1 CVE ID : CVE-2020-6463 CVE-2020-6514 CVE-2020-15652 CVE-2020-15659 Multiple security issues have been found in Thunderbird which could result in denial of service or potentially the execution of arbitrary code. For Debian 9 stretch, these problems have been fixed in version 1:68.11.0-1~deb9u1. We recommend that you upgrade your thunderbird packages. For the detailed security status of thunderbird please refer to its security tracker page at: https://security-tracker.debian.org/tracker/thunderbird Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAl8nN5cACgkQnUbEiOQ2 gwLUphAAqSzH6KPTGjU0eF4KXjx8Umk520Yxl/ZqWM7GxSCyYyr9qXNDcWf3X+W4 fFGMgEhOYIoh7oIB9o6+Yuiy7nVLagbAb5YbfKUM6NGufk/0U/CZkXognpk6VEUM DVsYQfmD3rhJOc117th0EuGVqJ16VD6Un+HzkW9bhnJDqXxl/MR+8UrRwXUnAUVp 0AgrBU3XqMowr5UQW3CvP/S96IspkhkWj8z6dy0WJZw5arD2hKi9hxH+VXUV71lO 5RbDUu1Ns1Jm3x0P004h4eGGtdLxJEjUKNjFdacNuIfx80EmEpKThrjRVsK7Ct7H KehMQ6mBZIveLfetMHGUc+yyCpcC+KkTmJsMh+p8vyz+cskCELtGEvbgyxwZEJnn uhJrYV4upLDesGKeRcsSIuE+cMQUNEZ7TZlkJN5AyFl/ZWdfVee86XrrM94CFLii V8kVAfpWRn2jAQ8ZCBUgkwGPXNhq0Zmksq9UzljoS2ogXxBNA6EfB/YLPRGx+5if Xz8vtZsIRd1kU/qte6vjBOJaMT8CdokMtkJi1z4lZRM7XoaENh0n8QWl+Wge57xE 9Xkp9OaXCpLDzxTuFf/BDPYMQubUj0mc/3nwEhxjgqjg594mG0Y+QFFktAEEduY7 chlHMDNsnDKxOeKxBdvSb34YYMdGM1P0NlJjPHlBTaeANJPqmoA= =Zltv -END PGP SIGNATURE-
[SECURITY] [DLA 2301-1] json-c security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-2301-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort July 30, 2020 https://wiki.debian.org/LTS - - Package: json-c Version: 0.12.1-1.1+deb9u1 CVE ID : CVE-2020-12762 Debian Bug : 960326 Tobias Stoeckmann found an integer overflow issue in JSON-C, a C library to manipulate JSON objects, when reading maliciously crafted large files. The issue could be exploited to cause denial of service or possibly execute arbitrary code. For Debian 9 stretch, this problem has been fixed in version 0.12.1-1.1+deb9u1. We recommend that you upgrade your json-c packages. For the detailed security status of json-c please refer to its security tracker page at: https://security-tracker.debian.org/tracker/json-c Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAl8i3I8ACgkQnUbEiOQ2 gwLSwA//ZufnfOdAgWMeOfzeVFFTBXW5YSkNUJobcZ7NHbrwxpYSooiTobU1YQs5 DpDeWP2Vfa3VvG13yjgqysO0U9ijoNiGIhF8jHEAnkEmFi1cQ/Z3MRo5fTXSXU1m yeJ1aKAvqaImBhnVlIKKfCGb0DVC21EkihI8JDjepLLli9/ewtzFjuKxPVK8Z1a+ 12Sl2/HcHAEnmd/Yq6t2zGPqp2RLzs5YzYSDiQDnmcLlp7ibaftwCwckFo1Yo95R mHvBzqsIrME5kIUDYRVK7Br1uAXojkOeSuQLcw1KRfc7khiMXGhkRsCMWBPegS4L cYGP/XiHvsCRfLkvzsAu69CiSd9h5a/lPwQKcCzR3sdcSkRjsLtoGtQJYFIYLvBn G9QCz2V/p19EX1xY39YWuLNugTuV3KHB6soYUIGJkSaRJBNCzWhFGQHJHHVYwmo5 M0lrPBQFMPrbP9agNbZJffVeSFcnV5k9vCDZ9hVKE9ByBERZckjXONCT6fV+JqWq di0K4USvRsXLxW6PWhgoK18GUN+1RqoiLD1r2GCMiPwRVx+v9xqpisvtTFQhVhLS d79LALJktJeq4/4NPB91bJ7OcyXBF6WtvUEMszgLYhLqEGKpYOiVeBy68DB/tvEF ZrqyPCh3eVFGYHZBsww3r0fnoYsnrscOeIowjt09IY0Lylqw1ik= =who8 -END PGP SIGNATURE-
[SECURITY] [DLA 2297-1] firefox-esr security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-2297-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort July 29, 2020 https://wiki.debian.org/LTS - - Package: firefox-esr Version: 68.11.0esr-1~deb9u1 CVE ID : CVE-2020-6463 CVE-2020-6514 CVE-2020-15652 CVE-2020-15659 Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code. For Debian 9 stretch, these problems have been fixed in version 68.11.0esr-1~deb9u1. We recommend that you upgrade your firefox-esr packages. For the detailed security status of firefox-esr please refer to its security tracker page at: https://security-tracker.debian.org/tracker/firefox-esr Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAl8hR7oACgkQnUbEiOQ2 gwK7Yw/9G42KBIoC3fDoFtIrnfJgYljW92BmqQ1ru/odMGbXFUoNrpPSTznhFIJG VxRS/a+JgwI9tw2CZHfXodiSFx4F9riwU5M6ErJ7Ze4Iky5CsK6sXG5exuJPmypf anlEeMsnch5P0zZIgcyusYBg8x9P37IpI6TAYh51Qb/NF/kJz1Hifd790Frg22tM 30CyZ8i9lDTAUeO/fZsSScmD9mndfCd4pkTuWujlyAYTj2pOVIiPQf+w0dMHzm7m T8KvEX/dVVRUkD30Mc6G0/ZIAZmBzuUd38f1v5XGLjLFx6d/heDIxPAzY1R5SfJ/ Jxk58XLNTPiM1z/GXULv1Dpqr5p7dDLoZhtbP3dbWllbGZTEKDc/g2+YXpIeb8W0 40vEjt58biCv7cylt+FeYPMapYSrfR8TkZzd/Nrhy8/llFSbt5SyudU+LgC42iKt qapKs2PHxOuk/FyRvr88xlAM8TlH9YhJidxGQpJ+y+wjj02b5Nc3f08S7/CBE6mr ws1RGbkSFB/6PSXjJgroDGGnjrBV/YSJe8/bIF48kNwA41PQDw+CQBhRCVwI60mf aqs1P/cio/o1s5Oe/DkyYzSXh9/60pRnG1VGotHvLjHntCAFDXvEUcXYgegVoCCD iMUDS+dcS0bdfp6+BRZLDwJFxcJfRYVD5JUJdaLovvpkZAJm2Zc= =xBzb -END PGP SIGNATURE-
[SECURITY] [DLA 2287-1] poppler security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-2287-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort July 23, 2020 https://wiki.debian.org/LTS - - Package: poppler Version: 0.48.0-2+deb9u3 CVE ID : CVE-2017-18267 CVE-2018-16646 CVE-2018-20481 CVE-2018-21009 CVE-2019-9200 CVE-2019-9631 CVE-2019-10872 CVE-2019-12293 Debian Bug : 898357 909802 917325 923414 926530 926673 929423 Several issues were found in Poppler, a PDF rendering library, that could lead to denial of service or possibly other unspecified impact when processing maliciously crafted documents. For Debian 9 stretch, these problems have been fixed in version 0.48.0-2+deb9u3. We recommend that you upgrade your poppler packages. For the detailed security status of poppler please refer to its security tracker page at: https://security-tracker.debian.org/tracker/poppler Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAl8ZY2YACgkQnUbEiOQ2 gwKrbA/9EzPmSehi0LhWL+vq6A7eAPXPRkuAtwQ9elTLOo1jqm2v7XbCbhEdbskC /BNOQo7H55Svfrv3PQ5xDUJu2sHu94yjswVEnQOAeX1QGzj+VlVfC4sMlooxeUyI h4ZkZM8wYx5MCHVOpRmp7+mb5yK0nCixdKYGenQAP0eL4sunBmErX8ZJM38VAFTE l4Mvl8sJhd2a5KDz/5x7BSZAwWLq8RDaIP7uvPS3/nMWr0yDfPXUq4SCBysrb05H MV1TcpUaS+FLgfF8HyREHl+cKUqQoJ3guOOp+GZjrNk5QHsNu6u4eVtfoXmSUhyL MsB6txNDs5iqgeKKFlKWV5UcJRN60NR8+jH/kSn0KI1qEL0cEWAj91Ad4wI3Fy8x KFZvlN1u9cv4oCByEb2WbnPQu9/qKs8nUMFgxB5LwDGrMuEG3w26R0u00fT5v3mF 4L4NU23Kwjbh/+QAiT+MoPx03bYlaDjQs9bAjoWjFiFs3zhUueF6s+YHG9whC8VV diyChBu5q1bZWRTn4V97x4ZdUaMtjGBNZPBzjHBHhU9mbnNjt8JZM0OGS3kStFTh ZlRaiCehnYIh9+FXmbB8VvvP22MNgfBhwKvExWDVfkA68iSrp41Z822D8IubdAb0 md0jzuWUaORITRTlVxyeeuyQtYceyRwkzA6CjRKBCEqPQqhYP2M= =t7Bm -END PGP SIGNATURE-
[SECURITY] [DLA 2285-1] librsvg security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-2285-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort July 22, 2020 https://wiki.debian.org/LTS - - Package: librsvg Version: 2.40.21-0+deb9u1 CVE ID : CVE-2017-11464 CVE-2019-20446 Several vulnerabilities have been found in librsvg, an SVG rendering library. This update corrects some denial of service issues via exponential element processing, stack exhaustion or application crash when processing specially crafted files, as well as some memory safety issues. For Debian 9 stretch, these problems have been fixed in version 2.40.21-0+deb9u1. We recommend that you upgrade your librsvg packages. For the detailed security status of librsvg please refer to its security tracker page at: https://security-tracker.debian.org/tracker/librsvg Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAl8YHZUACgkQnUbEiOQ2 gwKsAw//Vu8qsJMvRju0JqflD+BJTRZQlhx8+e3ovgNREDoHcHI2VMMIdXGAbaof I63IPQc2UhMfAmOvJQX5dlqBAx1/iNKOzbB1KXDnxFVs2hwo9FI/ROk4s5O+t+Ix Nu2AQyyWOgmL9k9QNeJmVxoI0lgXUWE+iADXCyavxefRaE0beT4eyrseKudHxwbW DuX80YYnHfL1B+eIa+AslGeLWeB3chY66u9HE1uYS7ul3YxS47arRmyD83lH5a33 x4w5UERXeQYknPVCPd8h7L649jVo4ynkokfcTeWEHL7AHdh2aru9NaNzl1nwlvMZ HwYvE9Rt6Bmp1lglLe5cltaiQm8LY1HiaE9yHhvtC4/evlzle9YWAZqCYCqWgxj9 y9qPNn5TwCXTotJyyoZrvFRtHpm1yblMM3ScL1x+nMVdB9DkYvM4zjpNjJ5KJg5c tn+sh+VDhTYWCdwsPlJsOUzeXdOPaH2ald1046f9PYm/WSGKcCY/Qj+/DH5sjph7 BHRl7qOHP4kXAHXx7TT1lcUZH6fnEiQtQPNey6BmMI5+k+S8OJAOygJPBW2aMD1c uNvP8B4Y4muSjDfhaVH1WN1tvSSrlaHTggDfUw57QkGWE3WPDgT+ovQIpwThnAaf AURr8VfZwTZ+EwXz3kNRlIDdCzQwMpawwLaenqDJG/ZfKzvKa7k= =7p8K -END PGP SIGNATURE-
[SECURITY] [DLA 2281-1] evolution-data-server security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-2281-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort July 16, 2020 https://wiki.debian.org/LTS - - Package: evolution-data-server Version: 3.22.7-1+deb9u1 CVE ID : CVE-2020-14928 Damian Poddebniak and Fabian Ising discovered a response injection vulnerability in Evolution data server, which could enable MITM attacks. For Debian 9 stretch, this problem has been fixed in version 3.22.7-1+deb9u1. We recommend that you upgrade your evolution-data-server packages. For the detailed security status of evolution-data-server please refer to its security tracker page at: https://security-tracker.debian.org/tracker/evolution-data-server Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAl8QGqgACgkQnUbEiOQ2 gwJoWA//bs5I4zDbO5IsBH2kCLnwLAQsLg/4pIEnDmHsHEP8VbKsh29UBm17VaN+ 7k/OzY65+zW+V0mO7FNEq4leYKHAKDK/V+9R9RZAK6Dh5DfuVVhbcue8TLCAqu5F opsbM0wmeMbzc2NvR8bcU9Fo2Jl+KEXxXi05nBeu38tXOgyA06CuDoar/bEfi4NE gCTPUcdn82YMDcgunJ36Tg0uJ8/jsCuvd3rqxTd9ZoV3PisiJomqfIgZEEMzGeVK 79UcdbQBHfaycksh1SKabyDPU0YlR7Wtn2jsmzBjX2J24APdoyrdURikJHiu2f3s 5pTiMJ5vJK5UQSNT1WWwfI8OTYbdTFjPOUlziRoRALUsq2IarenkyWJnoxnIpfYv xBFZklhtIvHOz97W9YCqCLM+Gebyr2UkFcDdEMBQEZMRHQESkj58UhW/GuekqCTi J8VIH2xad6TeVWsDk/Y8cge+JooHL5MrUpR/tBNAhAFWVWK8qe+gC2g3/S5SlPSz XDB6x3QhMJ1Chjpk+PBHOBkNKBZ+HAVfWb5P735c57gpTteUU1ikamBaWHNma9Sq TYTKCWoM9OtLneUZZzPf1IL5N+xT4dAwzRkDBfatVZG0QAlSMwG/0mbBiZO6yz+p iYhTI8jkSfqDQi0jiwO//1A8tGRf1jXj/F6jNtDgFpk4oHbaAmI= =qyrw -END PGP SIGNATURE-
[SECURITY] [DLA 2272-1] Debian 8 Long Term Support reaching end-of-life
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 The Debian Long Term Support (LTS) Team hereby announces that Debian 8 jessie support has reached its end-of-life on June 30, 2020, five years after its initial release on April 26, 2015. Debian will not provide further security updates for Debian 8. A subset of jessie packages will be supported by external parties. Detailed information can be found at [Extended LTS]. The LTS Team will prepare the transition to Debian 9 stretch, which is the current oldstable release. The LTS team has taken over support from the Security Team on July 6, 2020 while the final point update for stretch will be released on July 18, 2020. Debian 9 will also receive Long Term Support for five years after its initial release with support ending on June 30, 2022. The supported architectures remain amd64, i386, armel and armhf. In addition we are pleased to announce, for the first time support will be extended to include the arm64 architecture. For further information about using stretch LTS and upgrading from jessie LTS, please refer to [LTS/Using]. Debian and its LTS Team would like to thank all contributing users, developers and sponsors who are making it possible to extend the life of previous stable releases, and who have made this LTS a success. If you rely on Debian LTS, please consider [joining the team], providing patches, testing or [funding the efforts]. More information about Debian Long Term Support can be found at https://wiki.debian.org/LTS/. [Extended LTS] https://wiki.debian.org/LTS/Extended [LTS/Using] https://wiki.debian.org/LTS/Using [joining the team] https://wiki.debian.org/LTS/Development [funding the efforts] https://wiki.debian.org/LTS/Funding -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAl8ENPAACgkQnUbEiOQ2 gwJ/Xw//btcFfkBU/wCuRABz3COAeuz06OOqcocT3E7Fef0EjRCZmIJxee/M24HT FJ7i93gdKf9HhezklLT23Yei1YzGedWRm5uHZv/33ZU8X6KEab+5qGY4in0sllzc TwONsgn/WamBPU0AZvqD45gKZRAbhfZSZQ3dFi6bJcT3mf67m7w4vfmsFPEpsC7v kI2nEkE6vx2gy+JX87fHu/qqzFg49KWOEZEl7ZniUiBUUYqX0H1v6dMvQ4dzE90I dqNEMD7s0Y8sREC8QZz7FEbsqyfPKYe7+IAWKbIrG2sj06BFnCczGWSBQHHti1k2 JHcGiPBio4PuMA/1EASQ7zP+Hz7GDguOhoEiRxfZbDww9yJjTi6lRci0PM5GBaPl 92SlJKyc7mTOtkY9DU6dw8s6cVT6NoVFxIxRpallVpuSahAOQ/WlhvcKsYEPUeF+ VqRW/Po2VGJ4MrKTUrkWtxRafBUGTwUhDXkij6rBlPY7so4ox7i4hjvnHWexCHUT qwPNNe1FrLNIBzh10g8ECLrJOONLoqT14GXI9sDVcqygKVi/hXlS5hDzAV5VUPbT XfKy1qR3gKkDjr95qJYiJ+6vZJcFn6VojCNBA2mle8LmgX2V0tIZ1+3yu5B+l5Of /AIhSRotRXZ2V3LnUQ0WqtAhXfi0bZVIwip9/SfdlcWGOtSkVnU= =sIJF -END PGP SIGNATURE-
[SECURITY] [DLA 2172-1] thunderbird security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: thunderbird Version: 1:68.7.0-1~deb8u1 CVE ID : CVE-2020-6819 CVE-2020-6820 CVE-2020-6821 CVE-2020-6822 CVE-2020-6825 Multiple security issues have been found in Thunderbird which could result in denial of service or potentially the execution of arbitrary code. For Debian 8 "Jessie", these problems have been fixed in version 1:68.7.0-1~deb8u1. We recommend that you upgrade your thunderbird packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAl6VkBYACgkQnUbEiOQ2 gwKEYA/9FtnpASX6c2PexeACS1xphJDcjkJldbsA43ga9B1J0jk2ks2mQp9nCvGc rx3TQYSprC76FMYQz74ga2WtKIkAWR7kXen6nkoWWcYUiBoHE9R7R+FCGeepRbiH 0PzKoSvFHHBBuXSNPLVjFko7A6aAroZdyIoQ5Hkp+nbB9XcSvPOVImVjs5HBz7dH XY7mx0c3Ls3t2Yl3U02js3vh0R3gF7ffAa5gSphACQ2SEWiYQpcUzdcPymPflqH4 j5tGo7MBC5c2A0/E5YrQBLGrMHk4QtLFjF04L7MrfTkpBFq2/d86tIW80X3jlW1M 5Ef/gl6EI57uVCjgemNtXT6STJITkfBowsGy3BttVp1a8Rk1+eT1zlva4lVUT+et YCx33uS186Z5TlE5KZnWly6znfxDsCDdqTkUK+ns/+lyuD7fOjJNnC9NZja4d7V8 LsKehAYg8UtaX07p3ybAbrl75QIQGdUawkZWz/A13HN/OmFrYCdkt62kfRowp1ju Hjkhp4Nc2OR/fNCJuuNyFmHIitpxu/SeW6Hj89GQAtvKFA+RYMwAULT1SeXbY1kJ Uztu9sbC/IwkwdRCfwRMbfkLfwBhlXhJgdOfirqCcW8h0knTu/zh/stuGJYXQeU6 MUbPCPqJogMDFtQdz0rNrStRv6oJ4H4+2gmY9l5XOTEJ7sKpd/Y= =qOqx -END PGP SIGNATURE-
[SECURITY] [DLA 2170-1] firefox-esr security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: firefox-esr Version: 68.7.0esr-1~deb8u1 CVE ID : CVE-2020-6819 CVE-2020-6820 CVE-2020-6821 CVE-2020-6822 CVE-2020-6825 Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code. For Debian 8 "Jessie", these problems have been fixed in version 68.7.0esr-1~deb8u1. We recommend that you upgrade your firefox-esr packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAl6NtzEACgkQnUbEiOQ2 gwLQkRAAwlHcZQ88skZKDrJXgOINXYuORnNV0ppBENn2GsaJAGyiElDL4wnDR7Vs Hpny/dw1COX09MjMI4xICFMmXaCHy1Incrm2koTloL9fTViiHRjtLKoT264DX66C e4jUJiG3E3pjaotOjzMzbJA1ARjhC67sv+z2fmRrxuyOeeB5hn8U13gn+HrMc8iL EbwPOEZFt2WeHqETfeT4ifoDLRGbwgO2IjeTjHiDGTjJYZiW1cv2uBjhODMU5T8w dQtlKvXdCdfmd1KthKJ53U0cRQ01TRWXx2c5EMnvr6VV0Zi7JZAh7z5zM5TxnYUU 8IJO9//CV0HVxKPO4Igl16DzQ+d9pHZGZRm+UD9dlZoyE6cWXIKBIKqMHRsAUXte U/M73xifKq1srFovUxhaH2PoUBm98sfyIBcTamOh2knCC/4Jb+XFm61jZkXEi2PF e5REGtK4SGgZ87dzijSMQOK4wrszw3ntWIXD/KeTAB5FoCZVll99xgTDlGWGN50b cOaSSIHXAhXJrWFwgSBnM04SXhu56KojROhPhXEiMVXj6xmlFRjVttdn5vXIUtfY YFkR8mG+708eXQQnaPpd7KEiDdaSq1rueFy+29DZXzRs5jaYYZbZn2VvDzAs/EJa VpywMDAY9ujpLQS3eurNLuFAqM0nrZS56NuzFz1F8A4UWDxNZEk= =gKkj -END PGP SIGNATURE-
[SECURITY] [DLA 2151-1] icu security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: icu Version: 52.1-8+deb8u8 CVE ID : CVE-2020-10531 Debian Bug : 953747 It was discovered that an integer overflow in the International Components for Unicode (ICU) library could result in denial of service and potentially the execution of arbitrary code. For Debian 8 "Jessie", this problem has been fixed in version 52.1-8+deb8u8. We recommend that you upgrade your icu packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAl50tAwACgkQnUbEiOQ2 gwJdVw//eCmu/7Q2++FSXVU/GdjkerANrnhuNH5sB7r3XWEbWmxuJkS29iXj2zvo F+DJPHUmnHyZtYIy+OpQ40B+j3UR47YSSkcIjQJ053yrKJz7jnVlgRmV8BfHb7Qc djsKNc1/f0/PX6EcNObNES6kZfvqMBa276z0t18FMoDfMtVICQ3caxLMVsZiz+ql AvYQ3HJAZ7PCN03jr6xc9vIKVyWnpOL/CVtYlswl15tXNkSTXLacVZq0sR+/LJzw /Iak76WGJg9hYzZnisHlvL1DTWFMqCBpFeA6FUzXGhODEeXzTlvXRiySbSBLq5uO W89TUcqAbCIo/FzP0g9WnvIZ8Spm2CYLrAtoV+eP/VdZBJvveUZTIqWx90T1E/EK Cj59XKVIR2jKPMAa0xSsNHwm4S1DMThTSJSCcJPfjWCYCPcv7Q57gRaD8bafvdDO O0jw76d6+YO9JgNOALnu8vPFv6YOSd9sQSdqzOhSM10MHAM/P0cSXStxmnyW17uw ADBE/ABI2tJNYIbnNdHgfin1uBcBZA5zrmbb5Al/Oy7XvS3U0kPbfnd+j2TGFnkC RrSVpdrZrw8Dt7NNXnMXc8MGe33V5+nQPcMVyQFvu6KIx2oeIPjfnC7hny0mtYB5 XFQVV7QcwS9+8HqGWgy5uvY/h0rSMs2p3f53fzkJ2RaYfey0NHA= =O+3/ -END PGP SIGNATURE-
[SECURITY] [DLA 2150-1] thunderbird security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: thunderbird Version: 1:68.6.0-1~deb8u1 CVE ID : CVE-2019-20503 CVE-2020-6805 CVE-2020-6806 CVE-2020-6807. CVE-2020-6811 CVE-2020-6812 CVE-2020-6814 Multiple security issues have been found in Thunderbird which could potentially result in the execution of arbitrary code. For Debian 8 "Jessie", these problems have been fixed in version 1:68.6.0-1~deb8u1. We recommend that you upgrade your thunderbird packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAl50lCYACgkQnUbEiOQ2 gwIQDxAAvVjdfQAw8DFhw2Vk7aN1pEboKeZABg5BdwqrFPWZplLZl8pejNQXX7bB s4Scw0x3xOJagRpFZW8ajgVYD3JUzhtbILLJYQUf0GgK990fH+NbtfMoSKNe+lhn SmEUyApTjuGvoQ7CBdvWMtasEc73xNrlRmXH+7KrDsVVVkfxYbc9QAfWUyeu+fmJ WaWq9yixIOsP5JM4hmqta42ZX5tfbeYGYbL8O9uR+g5tqf7RGIbNPxQVknIJgynk hCEQ1JP74MTtsUTvW0OhODPWLAA7nS4K5Kk7ZY192kREFxDcwHtF80G/8p8qHWsO adwyDk9UMX/ATjwlxubulX0Eur4JurOIHfBVjBkylDXucSpiDz2N7eg8/wSUvuFU IvHodyi2BbHRgqkyge1xbiL+rdCbFQyAbn3gE5pjgYqk7LNmR8c1h03p+I0nXTUg AsHjpbf3+PorvkXDFAhuGyJBgq0FZP8uGgb5DX6eD23I39sPUXAggimcYqFSYvsz uR8MjyVFPyGpMXDzb2L6WxToE0HqQE/v++mmUhO96wOdzyniVh7wB56EFybozkhv uYLi73c4iMyT7jSKT9LE4IUyDPJdlrIY7JO0kgTOctwVQCyM2MFDwJ5lgO3gWX+m 2VSHNWGbm1gKJIQTFLIQkqdIuv0oZFAneEqLQZcA8f7/oDD5ulU= =d3Rx -END PGP SIGNATURE-
[SECURITY] [DLA 2144-1] qemu security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: qemu Version: 1:2.1+dfsg-12+deb8u14 CVE ID : CVE-2020-1711 CVE-2020-8608 Two out-of-bounds heap buffer accesses were found in QEMU, a fast processor emulator, which could result in denial of service or abitrary code execution. For Debian 8 "Jessie", these problems have been fixed in version 1:2.1+dfsg-12+deb8u14. We recommend that you upgrade your qemu packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAl5vfKMACgkQnUbEiOQ2 gwLxzRAAwZtDxra4oE1x4hh/dLkHvtMFmtAiHJPai2tt49VvySGfYb76e1Rl13u7 NGJDjswGi0B2eTsisp6+Lid4yNw289e2ZX6YJ6eazhIB2dh0Y3PMqrnNj1Eu18Xi foUf6K0zg5My7pi6CjFfzpL0z9Zf8wsFo0D8W1Gf5j2w1No//Cn/n+vR4yJMj6GE cwpmITgz47gfRwCmSiuBCu3jyOQJil2yvP+efkrO10iKUTy6B+f5C+F/LyMTRQtg clMc8H24YLS9RFUIo1mraZfmE18BsKGHrfGHJ/YgPS6TFLmmu5vtYI8wl7galzov 5xzsJsxMpu1qfEygp4RpjnXllaFSBLv7OS0am1SWZ+3aYnAdsW+W1hNSNxlhn769 EmXDytgSV8VVimEk3lNLlZH6N97c4flocaTk5QSNNse1HwAKQqvb2lGy4LrrxThj uCnP9SoNEL+8vcZGR2N2vQZN2EYDhIZkmRGRKQcZGqiKh6bcvaF8i37C4+Y146MP ZlZ7dR4IBtB4sQyyAbtiIBCaWVxHCWzMGqbOkdJRoEg/mdB1pZEsRSI4UZlQlUSo Mzd3fXqgxLjbw+zHx4CBWVZwnZf7cp5zn59EVEABE7jO6PWH4Jh+j16dpwich/Y5 f9UBXObUeeEWLpRCQp1CStQH0Lg7JAww7sLQPZJ0ZaEKISaJx0I= =Krj3 -END PGP SIGNATURE-
[SECURITY] [DLA 2140-1] firefox-esr security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: firefox-esr Version: 68.6.0esr-1~deb8u1 CVE ID : CVE-2019-20503 CVE-2020-6805 CVE-2020-6806 CVE-2020-6807 CVE-2020-6811 CVE-2020-6812 CVE-2020-6814 Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code. For Debian 8 "Jessie", these problems have been fixed in version 68.6.0esr-1~deb8u1. We recommend that you upgrade your firefox-esr packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAl5pWWkACgkQnUbEiOQ2 gwJdFRAAmiEkBAyHnzWtzQ2ixM25GSK+wBG66SmEjvpy/57+VjU8rTeV7ZslIlAA vfRVJU2wlMQbvMHf+ZJeYq3UkyRYXTPEL8Z6tvRSthUfJRDL+7MRrKIt9ubOMLfX 30FPTJsDAg9C2g+vQLOf+dJAVM+aWG7u4R7N6UabY0N6aa1nEKNHYUnx12xNblDM WAHtb/e66+l1FDLZcyEUz9M74YrS1OObH6BF2wpLEL30cP+D8j1NCzK7Ixck6W6Q GT5rTg8hLCht+QFSAwe77ySaXksy0DLzN4XauACE67Afn10dZcHbMST8W5jO9ZwZ g7Dq+3iw7o96ZwnMVz8em7WEFzDBCSFQAmz/hGLVSZhwrP3jTjAwavqFFLiLM5sQ 2MYXUCr0VGuTZ0zgcMSmazRb7+F6K7X8wcDZ0g/VYKQ73+76FePGpGiwI0jkJJct ZvzSjlvjCwcjTAV5xiJkjtL4cELew1U865B6hw7Woy5jIJtap6Dp9kTRWMjtXAOs EPhJQhP5CyKsbsZ09757OMb5parlgDiv18lMCScR2L1DYUKF0M1le1QKlzTzKBBo YEVvfvbVwocMmQRKEGmv4EQf/2RQHNOCOvgq1oe1EZ3oKVxiysPamzM+ApMkUZOV vU1bFnryEFvHowYb7SQlZET+OVlrIF8r9r5RQMIjf7LHBAl9Kow= =HkZ8 -END PGP SIGNATURE-
[SECURITY] [DLA 2128-1] openjdk-7 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: openjdk-7 Version: 7u251-2.6.21-1~deb8u1 CVE ID : CVE-2020-2583 CVE-2020-2590 CVE-2020-2593 CVE-2020-2601 CVE-2020-2604 CVE-2020-2654 CVE-2020-2659 Several vulnerabilities have been discovered in the OpenJDK Java runtime, resulting in denial of service, incorrect implementation of Kerberos GSSAPI and TGS requests or incorrect TLS handshakes. For Debian 8 "Jessie", these problems have been fixed in version 7u251-2.6.21-1~deb8u1. We recommend that you upgrade your openjdk-7 packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAl5aVpwACgkQnUbEiOQ2 gwJGuA//ZoFOpmYlHPb/YxT4vLO0u1yyqREBRyIsEWAVvuCQ8fQtbR14pgCsFCCT fz84w3h78CPNuhF9Opauz8e/cthejk/bThj4SLiCNFICM2QgBQO+oV4dsXghUVc8 c3o1v8a+nw+ElZOSNgcfvXh+3MyE1Gp4TWpmRY6ijm/Oj02myGHGUYHOcvyD1/0Q AsJTL3wb5jj4Vy8D/7D/JCXq6Y/ZCcBrjyPK0KeQNAlKqIvhSnuknS2vhvtURtG3 t5wcjUl4J2wvBO7FNEps0EwGSABmpsfy9D779YHailJiNhmYx4dQ9staorCqElLJ dlDqoXQT0h9jHHGR/St6Y6+NhINW3i1t5EEbes9dtqpyvrd2bJ0Fo/x8wt/XwYaa 7p03L7cr1eob2SSrPtFuhfgRTEFEFSShpY1Hyc65i9JazBw/HhgK1fs4GL35aRgm 5KLFgq8aKgDBavILTxtgw6cNaZGF+WBh1yfr3QN682IlbZ8LbiQB9zTt0Zxjo41Q 1d+y/A8wfQ59+m2/fCQ8Wj+RQrOj/uiWGHeTX9z+UL5pptQsceoAAmM+jyXgAR/e ChMW71Lyc4sgV3TxjGQ4Dar2WuQJ8E0N7CleSSIywgpYsjiR6Fk+aTZP4eF1PUJv FCbFK0e+wowmXixadw21GfNbtyxV7JtLTAYCAVtPOTDl7YtCLR4= =dzOx -END PGP SIGNATURE-
[SECURITY] [DLA 2119-1] python-pysaml2 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: python-pysaml2 Version: 2.0.0-1+deb8u3 CVE ID : CVE-2020-5390 Debian Bug : 949322 It was discovered that pysaml2, a Python implementation of SAML to be used in a WSGI environment, was susceptible to XML signature wrapping attacks, which could result in a bypass of signature verification. For Debian 8 "Jessie", this problem has been fixed in version 2.0.0-1+deb8u3. We recommend that you upgrade your python-pysaml2 packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAl5WU7sACgkQnUbEiOQ2 gwIIAQ/9G1YRLZmT/Hiui0FpnPw8shMF4aoFl02VSUf4Vk9HlEgW7hVUJrpOTfMf DI4O8e3pJq8kqvfRPUWLarwGICm40U8UBBUNM332nt6XWxf6Tx/vp4Jwzx6r9b0v XsuNfHYOMoC2zhy52VVpe50Xwu8GyuKHyo+OKNh1W0lYZowec2mRqjq+k3oxno82 ARzxZdCqwV9X3V6Bk29fJSuVxmEtEos2Yw/JIIPfA3eWsDQZEKItpAuaiZpVwadH LiOhG7rxC2hR949x7ewGXCRBksW+Vx0jW9iMGrbwkTjj2iT+6X1yOTDc4EU0/EKy bn+wH9XaG4Vu1v969xIJY4ikFch/2vprmR2K0OB2KmqCKGI4FwsH21clelybekg5 bivu1Er8mz1fG5LfFQsOYLDDFh3vf2L1yTzfDs1Uw7ofLpFISSAH2FL9j/NMYTlS bkqWkbJXm/y6XdrMdpjHIWYktW7BQKVRYRcw7pj6cFjc5GZL4MK+7Em1DUbBTl0n MBVzIz2/pd7q/wV01YIQsrNTdVP/ne0aqmoUvvpUZb+SpCJN855qm5FxV9VNnKks HWtTTnH4CzPssx1/mDrWk9RyNn2uv2QeGM9HGBirJxc8//XBACof5hPmEUSQLaz9 zfCnhSRtx5Qv2zCnpz6dT/pjcZCUSn0z9/rbq+vx0zwkXC5pcPE= =kWui -END PGP SIGNATURE-
[SECURITY] [DLA 2111-1] jackson-databind security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: jackson-databind Version: 2.4.2-2+deb8u11 CVE ID : CVE-2019-20330 CVE-2020-8840 It was found that jackson-databind, a Java library used to parse JSON and other data formats, could deserialize data without proper validation, allowing a maliciously client to perform remote code execution on a service with the required characteristics. For Debian 8 "Jessie", these problems have been fixed in version 2.4.2-2+deb8u11. We recommend that you upgrade your jackson-databind packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAl5Oqe0ACgkQnUbEiOQ2 gwLYqw//e1XLJ1OluHoMmrM/STWiS2xV3LU9LMLX4smVl0hyhOHp5ASVEFVUt7jy Djfm8x1HWpzsOJc1CZWhdp8Fo8Ya3M30WQy9C2xxe13/EQivATSw1az7vSG6Rav4 vNE71hGGe8Gcj36ZDIsA7uBBuAn3UnU0oObAKuYv41hzhOlKTmWPqIdjee3juOpL CLiXuqSTAgG6G/FnwU4rGMWZf6SXWsl+UxHmpP0QqJQqqacYDgQ1yj1UAEOY4+6b gEhvrqkY6bmRc0wmDnGc/LaUQQy7Ag3WRaee5Q7hwjEQuzfwWVazE2YUvoNurUd9 +FfXRFaClJ0W6cUVcjH8/HzamboFu481t76y6yTlB35ghmCqsnTozDiHZ5HuIFJr HzODt0CP2sNyHRCcuTvMfXcZzOGTzUipX/zriRMar3KuAYnLqBwilpBtnsOAwC+Q VQLXqsO/5sNioCQhhvnmY144fit7JXF+VD6UWCySenQfoLJZqVqlL/N5IDJfpVDI I6BTdK2jJBb4bpiYru3WweShxisB8/Rsq9DexIE6d9BCK2sU1NJmls+hRKTsOR4H a+mDZlcyFwVMaylCm15Izejgg7svY06f+GFLpWhlcOzVvpdYfXChB1g6l8DYINEa OLK/IZU6b07/q6nRWBvd68btR4+hkMYa5HAwwsQ3q/fKqj6ZBpA= =EuIx -END PGP SIGNATURE-
[SECURITY] [DLA 2112-1] python-reportlab security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: python-reportlab Version: 3.1.8-3+deb8u2 CVE ID : CVE-2019-17626 Debian Bug : 942763 It was found that ReportLab, a Python library to create PDF documents, did not properly parse color strings, allowing an attacker to execute arbitrary code through a crafted input document. For Debian 8 "Jessie", this problem has been fixed in version 3.1.8-3+deb8u2. We recommend that you upgrade your python-reportlab packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAl5Op34ACgkQnUbEiOQ2 gwLfHRAAp68TGkny/FXSIgC651iuUkXmYs+JYwT5k3TUGNykc3DZ+4Y1Xzbr8F8w OIsVmrh1LIvTaNM/ZG6ChS7ThuP6oaeQVELUF4CmUgD55b2aIoUqYh20MVPawDTG AEM0QDbn7AgkfSGUJlAk3sT748aAGEz8DxXjKHSo03PmqJRygSlBuX5vINZ7cekA i72gtbd3b3dK0PctpeMz19ZDg8ku1tKS9G4f8mpDnjKJrjJ+VJD9XOS9XlXi0WWZ XoYTlvku9QojiUDWpy/gXc6u5LF82Dak1eRJssjPemDlRMcwdDA7b7by+c1rZswU 3S4cOz+Cygbfe9unzKCvu6ub7dyWMIb4tuC8LmbeTCeHwVU+1Ajx8O7/s4AO1t5O U+nchSBgd7/89mNuVHcxBnrRUFSMC//P3Qdl078cnJtouD710GCmoV/oz6QU01h3 y4aM06x30TFwo8YXBKXsSJc9532rVRxsI1PIC2U36Na28Grw9cDcIb7r9RWuv/KT LneplEjpWDt0BBd3+SNVAYreUodNsTxp1qpmW2JdGUB7WoLkqW5bgOZOhtbAfYMz KJHJwbfbg+QurJJeGUnl+dlbk6wXwksIT3zEu2UAmm4lNWDwuW1/DOHRJ6UFoLsD 9vWLeaaYaqrpwL+3ollkxHE+Bwb4mF3V6QvCbkTgPqRtp8wUTOM= =Xsug -END PGP SIGNATURE-
[SECURITY] [DLA 2108-1] clamav security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: clamav Version: 0.101.5+dfsg-0+deb8u1 CVE ID : CVE-2019-15961 Debian Bug : 945265 It was found that ClamAV, an antivirus software, was susceptible to a denial of service attack by unauthenticated users via inefficient MIME parsing of especially crafted email files. For Debian 8 "Jessie", this problem has been fixed in version 0.101.5+dfsg-0+deb8u1. We recommend that you upgrade your clamav packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAl5L3ugACgkQnUbEiOQ2 gwI/QxAAxjZi+qbWt+xjyStNKIQ3IFFNFkRRpDnkgjBuH1TID/zSuwMBIQlC6nh+ 9bVW3HHdwRsvkBs9VVZ/aUAgYjAX6GppX5Q5QEb1HPpDzPddnXZbUP2sWTg32cDs EzngxlTxsfPTlQhN4f+vLJRUOEwX5T8/66BKjK0I2DQz+Rs0K4QGYJIumDsORML2 4uKNBua5jq4uricHq3r3QIOdVwSj1Vugv44trHXdkn2F2cKr58UYVKFC6tthbpXB +S6ABd0cXg2z83VkI3Fmyx8ERecNAUCAFJkdRTYgBBJ/JtLHRZEuPiuBLVFscoMy OQfxuJb86gQLiGpEBjymCM08+HQAQUGMA7CwTLq0FRHAIHhi85ds03wVBvdNUkgN Eze16BrYL/9Ehtv+VNfdTGaHaVBjLrSIPTP+m6MEahRDGHouBesFCmnBsuPVLQ99 TLchI+1Uu7FPCJp9ibkWapxTvGSv7FqpmMCtaWAU19j6GLO6VBTcFEDMDBy8fG0P uKb49QSPEjXQwaHaL6czWlYBpNW2eM0WiR9FFID8IDQ4YfPqtMHmL6zRtJMX99C+ VR5TEj15eHkqhCW0D/mFQO8krDyO4s7aR/dnyTnPaG4AEP30/qgX/ov0n8dZcWCb 9QH+5npcqTH+DOhV4eqc1uvNu5AwmjyLb1hvUJ2yXf5bN6woIsY= =zThz -END PGP SIGNATURE-
[SECURITY] [DLA 2107-1] spamassassin security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: spamassassin Version: 3.4.2-0+deb8u3 CVE ID : CVE-2020-1930 CVE-2020-1931 Debian Bug : 950258 Two vulnerabilities were discovered in spamassassin, a Perl-based spam filter using text analysis. Malicious rule or configuration files, possibly downloaded from an updates server, could execute arbitrary commands under multiple scenarios. For Debian 8 "Jessie", these problems have been fixed in version 3.4.2-0+deb8u3. We recommend that you upgrade your spamassassin packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAl5L3psACgkQnUbEiOQ2 gwJ7RQ//R5YJn7oGBYS6R8WK+5xBrdaGLLqLufv0lKGmE5verJrf/OgMBLZSO/bQ hjjPjHJdJI3Bycbj9iwuGezAqzTpxNxLt8+GXst90j0oBAot+JBEG8omBkByYTxn Dgrsb3ATZSIcwt3shh8jF/HJxthX322MGb2h5jYgGPGHXKOjCwFjtZ5dd6DQODd7 AyS0AVSiOylo8DQRrPDkZcbcPURbhrH9cMFQ1FbWYLiKhI0oIfQvYZGiIIbp/ka/ +cQyUiP5kMPiZ+GanguRbgR7kzSFFYz7p5z3rYjdr4kKqWdgq6Nnq86xGp4fa/Yg UZQFDjNeNMRGpI+Hua3oEZW3M9hL8uzfAvpbC5g5hFWE/eKp7hqHTnvofsAqd7II CBiDZa9EOe3h/qJNPwCqEooomv1EwmeNE6SWrlV6tm/EEoVDXrpnN11j5kfGE2sJ ebz/ADc9zzNuK1ENAllxZ5BQOUgWR8CSmPLTNoJsOsrdxslev/jmEWXJe3oZ33A9 gLu0W4uWclguyU1lnLbb0ec3iG/VglliuPaUgqOqRaSl+/EaHbSsziE140XQ6GGX dVndukOIJ75oNo1jFu69UqXyU+uqztb6LG1qF3+iOa3XOnbAb3TXK1c9RwbE5ckP KaEIUmjPfeS6PkDMzM7f4NIl6dYm+p0nlkkOxyyhVKJz4qmuors= =CspL -END PGP SIGNATURE-
[SECURITY] [DLA 2104-1] thunderbird security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: thunderbird Version: 1:68.5.0-1~deb8u1 CVE ID : CVE-2020-6792 CVE-2020-6793 CVE-2020-6794 CVE-2020-6795 CVE-2020-6798 CVE-2020-6800 Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code or denial of service. For Debian 8 "Jessie", these problems have been fixed in version 1:68.5.0-1~deb8u1. We recommend that you upgrade your thunderbird packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAl5KZiwACgkQnUbEiOQ2 gwK4/g//aoMevKWCUSz6wrEmw3j+BPCxj1u/+aoti3m0v7ZeIFG/+Zq+FlBejtbe K1jYgvdwaQk/2r8O5GLbryqsUPKr0GVZDmEgM8kr53/lIxUyIZ8AWQ6i1o0x/9b4 bYpjrTpd4gyPCIUs7Tlbts16KHbTHGiiza6nstyMa1gOClYh6ZKYL9KHWDnrclbc EapkPqo6x/SWfqvdV/4szpymBSH56LumbwkRzdgSEDKiu9UIkntStNs0OMtTqVet +dbO1XyC0K41wmF8HhBvNXBp4yjaV4RbADfuqClWqEvVaqq2EhcLNVXOdEct/m4H udTx4XfTgxdwZ+EwapsgTrAncQ/LSVgm+wZEjzYOBXXkVkJuz/Gw9NtQd14klPFz NFDJBpUbcJ7psdsTIz3vBiSD05DH1ptt8/2DMGSUe+QW7rUEUK1PBSLAb04al2rV Say36hfwl2iRfg8WjSPNzVVbMbqMCRr9vRPX5yk5TVMxOGeg3mc7XoXsndD+MW0C yDO4UXAdtg86et62MJB8HWT4NIdYTudF8I75nnW+y9C+fT9DIynxjNCVl5xQz5JE 03kbSa3jvTe8VR4YalG6s5XoEqfirNmeTqxfLYIER5ss1JSHpATT7AUWRNfrr/CS ceD9e55sXzZD/fGfEU4PxCXSJYOiUdzlKJh4kaD12IOIGVE7h64= =nY5E -END PGP SIGNATURE-
[SECURITY] [DLA 2102-1] firefox-esr security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: firefox-esr Version: 68.5.0esr-1~deb8u1 CVE ID : CVE-2020-6796 CVE-2020-6798 CVE-2020-6800 Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code. For Debian 8 "Jessie", these problems have been fixed in version 68.5.0esr-1~deb8u1. We recommend that you upgrade your firefox-esr packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAl5FKw0ACgkQnUbEiOQ2 gwJ/SA//RwKqkIrY5CuPDofz+6usbil7AWMeEE3G32GBKLkt+ftdK0eQQW76s33y xhAFEOGxtUioo44wDVPMO1hyoi9FTu0GBVNDGWCOwaYCVoLwJdUS1OsVidP/l4Qm w+Czadj0ZX3LitDlgGx0YCxWIg50mq57UAsRNs4hR+WDnuvYKSVSQ2LXLqTXp93V vPMCkhmU/oosbr3HTPcPqU5/ZWULL9ucN4uBuTVD3hQKF9Ybhf19AgU/Rs2cEInL OJRaFzXR5GFVnG7xkaCjZanDIw6C8Lvc5CaCoP6dJzE9vOgQ6X1nSoW10GrmDswl 9Xyf7XApjBRMwCJTm5CjSdLlFwnTpdJ1L+Amc0uxYSh4JFFw69G8XnlT73d3Vn6H WY3JkJ9oBK0diZl5nzFPF8k+Kk/KNH3/f8tTIKpvv2dW4F39nSlTJR1yaivHczJC jEEyKjOlCAXNQRdCcfxvQi4RuPqdOzYZxCOAZAEhmF0g0gCH0+3yJ9FcGkxiv4x0 4+A1Ncz0XbZDUwmEqV9odYlFRmSXzLV1DbGxPUFd055TxrAKBa5Q4guOmHihuzHT BXDfKrppQAR2hTFuGvT3mZSjlatf29PIxVdTEUOGz+RsfoaADlYbPhpFbrB5QRcR e6RKA3X16ZaSBmQB28gsX6QbGduND/kjQyJGuLokTT2+8hiW6n0= =uJs7 -END PGP SIGNATURE-
[SECURITY] [DLA 2093-1] firefox-esr security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: firefox-esr Version: 68.4.1esr-1~deb8u1 CVE ID : CVE-2019-17026 An issue was found in the IonMonkey JIT compiler of the Mozilla Firefox web browser which could lead to arbitrary code execution. For Debian 8 "Jessie", this problem has been fixed in version 68.4.1esr-1~deb8u1. We recommend that you upgrade your firefox-esr packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAl40+3IACgkQnUbEiOQ2 gwJPDg//RYUr2MqUQyHkSA1blir2bcv3+9il7z7j/htwxlduNpHTkhNqU1bKo+Oz TntJvUM293ld25ctKl/rUQzyxk8ps71zXaws6ipVcC6Rd72CsN3+CP22rApdj38S NdhseOPtQnrfDxONujbeke8IGkiYLvSXPkHnbwSO7k5gV69/F/gAjNsMlIih5ia1 wo8jOncmGx057a8FQSWin6zooZ3Rab/ezHIgrj9KYRWH7mEsOvThQsNIJPlxgccb MSs7uGCaqzGXpB+Ay6NlO4Ockfew0RxWCnItsa5a23JHSkUWZpc0nzJgZHUBa4vN 1DwLMdxVIoa0S7mIYn3amRnpr55oscKyDUkQF+DHjsYSK/y6DIFGVHt1yn0bLlWV 0NAQjaGiDoVO/t2mLSu+FMIK3QEsW+Eya5Z+OJF0ocpRjs082slVI0oFo5H5Hc6P +Smolv7ycmMM37ByOx2IwSZR0i9kQ9z4IUBC+wRtthpHMdLWdXZ82uKBMW477jZB fL7S6FKEMGuP6GT065px+vuANQHnfZUem6P0Rhykg/xZoX3J20e6ILFoxV5hXZnW unXPgG9ERGHOhBgq/wLSxAVvNBEsyPitNwLv0wl+i2GIS9rZYMY/srUycWf6Q7Yz 0777ihDhmvj9+mB8CukUfOnsslkHGh2cREAJopftV7hHKxqFdp8= =O7i1 -END PGP SIGNATURE-
[SECURITY] [DLA 2038-1] libssh security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: libssh Version: 0.6.3-4+deb8u4 CVE ID : CVE-2019-14889 Debian Bug : 946548 It was found that libssh, a tiny C SSH library, does not sufficiently sanitize path parameters provided to the server, allowing an attacker with only SCP file access to execute arbitrary commands on the server. For Debian 8 "Jessie", this problem has been fixed in version 0.6.3-4+deb8u4. We recommend that you upgrade your libssh packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAl34zT4ACgkQnUbEiOQ2 gwJIUA/+PXXlcXZb5KgXPkz3vc2C9ZgvXsZAJXGI/+T+mbjeYeVhK80U/QSfaGQ+ wSMdfvXvw/yBOqhql6acRlYdvvxYrHF2jGUuaf0YD39hFCfoGKLDsrzi7qUtYMN5 vaP1XttiXKz3+/iMatVKD0VGZ+HueBz2ovDwlC9bNS06DfzknIszRI+KS3OlHPc+ BGjtJ9psMxiXkloF7b9+3SkZqqJ+J6XnaHBzcVh/vfsC8kxmfn/Yy8jkc1Ul0s+o 74H+uQJftJZL2doVljOteDNj7h2ljGbY63W5ZPm4mUBk5vy8Bj+P0sY2h9v+Yuey +bx6P+YNojtlwU89n3elpHhudB+zqHOa9accDqSyAvw7FsB7M0E9PM9oEjDdswI1 pd4FBkIEWdIpcoXBWPplKESt+Cz9Y4DiV0mPgYpp73jfH37B7C1afxbOxSn+/J8o 7QLg11NbcoLEnMbnjRa9jyYZG6c5PBPPXksaQP2LrqLuCBQDtSHcsEHkXmG8KGf2 5/Y/n+SwQf/HMozyoybAzhO6Q9K8qL64fz5gONxLZBakS6qKFE1RD9+sCHZBr/dM AKBUIp+8n0F/aNo6zRL+NVtSN7VShc25gxk80pfH/LjzGVeMgWkyQZ9Etb6Fbv6+ LfLvqKbjLC9kkQTr3sYH/Nv2aABtu2MAIB3D5EGpb2HpzKN0yec= =LgUv -END PGP SIGNATURE-
[SECURITY] [DLA 2036-1] thunderbird security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: thunderbird Version: 1:68.3.0-2~deb8u1 CVE ID : CVE-2019-17005 CVE-2019-17008 CVE-2019-17010 CVE-2019-17011 CVE-2019-17012 Multiple security issues have been found in Thunderbird which could potentially result in the execution of arbitrary code. For Debian 8 "Jessie", these problems have been fixed in version 1:68.3.0-2~deb8u1. We recommend that you upgrade your thunderbird packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAl33d7EACgkQnUbEiOQ2 gwKbZA/+JfVfZPwns+zlBPjozGMrciG2fTROS5f+OlOWRcVYAohbosS2xKco3fHR Lh/iutmiK+pTqKbdiC+9sW2MDfVfdCMS8SmALg9qEQFVyMIXVWAal5OwBlDMdnkL wpd3dKQWlvMtA7AZVc3rLswPu9oCYR0L6J0713TPTw1j9xYRnTQxJv9XKk3wc3Xo E7SuQvsXtBC9SsqF+NBrKfETH8fVEzeFPMw75kouvMAzx+T/rDxq6kXAFc/MdLki CGd+Sj79kWzbx5tw2pOByPmazXz7Eb2F3UCVOdTEMMNnIRjXUC1EET9DIMA6p6ei lwFg6AKHXi+hnEkHLWd6nchzcXrDmcVTNVTtd7v9jWOmAelZcennoCPdoCVn0KJf 2IDVhgar6kevUrvxvICD/4+lIQYDpVAotRx8oY6pb2YKc6T8jKyJSZ+Ct7CKeInV 7fDz/e1Km21obbZquOrOLGYg5/Q0us66/t4glks9TB31p2OcIhaFupo+Opu+ri5Q uIGPoIrKZkiS+Gyp3seFz4/e6AFiRsPNZzO85uGyIAwJioH143UY1aeezCRUNZLQ 7ktVF37va+KI+rS6AX8IvWfr+cjs+WtNJJ8/o4tUOxq/mNjg5IqEFdeJj+rQQ856 AV1rnojXX/goVG3sXLZnMUBochMBwU6Lz5qxBqGq5KYopOT3gOo= =4gAx -END PGP SIGNATURE-
[SECURITY] [DLA 2029-1] firefox-esr security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: firefox-esr Version: 68.3.0esr-1~deb8u1 CVE ID : CVE-2019-17005 CVE-2019-17008 CVE-2019-17010 CVE-2019-17011 CVE-2019-17012 Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code. For Debian 8 "Jessie", these problems have been fixed in version 68.3.0esr-1~deb8u1. We recommend that you upgrade your firefox-esr packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAl3vmo4ACgkQnUbEiOQ2 gwIaORAAvAWR0dnQ3rCX/GAet5BaSt/G62c/L5GE18WzaD3xhLtVIK4/tfSn4ZEf m2ZMRj55Pth8NB4hsOjKjKgXXjlpH6jlCCJZC2MuLK7MOrzVpKjr6EmRoKc6q2SE g0zR49ml0mK6DRcDdXsAJCtkWTAF8mcEsO8LoYbXxZRHW70jQ6e1+OQY64I8VRcG bDE7mQ5n3jxfyzW/BVyOce8fWMEeuR2X2fuiu7IC/kdQCMZXN1LtC/W9z6EHB2Kq hA/zpt847a9LsiPfhNa8SND1DYqgfk6K6lUQlUnDIXM5lbp9jW+AWJTkX7qmryRk wbt0vJSfyfpgoyQsugycXVD+fFWA1KMwp1YDaBq40awaukarLWlAT5KC2S6iOaKu LeLRVnL6880r1A/hxHE8qKW4EcJcJOiu3ffmQbh0KOhN9g0YoLYDNazLi/BA+3Iq lEUPBVaOnHIdlqNMpzBZlOoj96rgRMyQ1GM1SphfX3xc6CwLEby5eEuX/LDqrC0i MPuwukBbu7UBYNcN3FGIcMCJnwd5N11ssGeUkDHW3gu3FFq4JqvmewbX9fkM+4H9 RWsqVyOb4WSmasKrSlMnG5HEFbFMiBOsGf2IoI2KsWWSOEcRGEPuIsk4htwprzHB qINScKLzDy1ohsD5lOGrQMoPYeZ23H1rEDlKlWS4mWY/4GPbd1k= =2dew -END PGP SIGNATURE-
[SECURITY] [DLA 1997-1] thunderbird security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: thunderbird Version: 1:68.2.2-1~deb8u1 CVE ID : CVE-2019-11755 CVE-2019-11757 CVE-2019-11759 CVE-2019-11760 CVE-2019-11761 CVE-2019-11762 CVE-2019-11763 CVE-2019-11764 CVE-2019-15903 Multiple security issues have been found in Thunderbird which could potentially result in the execution of arbitrary code or denial of service. Debian follows the Thunderbird upstream releases. Support for the 60.x series has ended, so starting with this update we're now following the 68.x releases. For Debian 8 "Jessie", these problems have been fixed in version 1:68.2.2-1~deb8u1. We recommend that you upgrade your thunderbird packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAl3Sx3EACgkQnUbEiOQ2 gwKafg/+PNjgaQUy2F5qhcE4VkpwoYMSefYGzSSJnDELOnky43v6zxJeBnAdgPX6 bPeSc4hB2T19cSaJpRrFfj3pkEtJZCT6Uc7vDpCl5vEkgSuXhmcilMyRd1/+u3wM dmXmKyGMCjTEDMosqjflybccPKHaPAU9HPdngjvl1r9sbSu7kbLwT+eJcNYfqt/6 3jzPsgTw4tMBz9BkGTbvaEGBAIOLEkQoDbZPHXuDgo6DVI7dXf5I8z7FbVSKCumE nK/ziwMhFMR1/3rGkiWnKfrqvYSCSob1j4cE3yrj4hxrslP0IBdL7aELI6y8xqIL J/WakEJUERuOPDjJV3V0bjWT5LjvKZvoWzMcBMXCWwYcx1mfpgc6R/VTxUAsCGsi tPF06JjMamSG2toy7gqgSxmxAnMiYUQ4mH5XX1K1AXXMpG3OHq4fmieAZYeTPzOp 6Wm5NIjkRlH2L2Hmym2lch/WsaeIzfWr3JHpPLyGa+9kgiYnWLgOeCmtjjsUGf5K R0hFXlhSrr4oUamcFNBQkVrjxmZo72PLsVIask8MMgPgQfyFp54xdmL7jKWZkNen 9Dr1R84JQqmRkYDCbopJjxBHlQBEugMxjWWvHVQOBSMZ5aatagVnq90HEuEjMoj1 nZXGePEzyrK7DSb9uQQh6Dp9Bh92DFwzzBMNAon96AwFhn5i8CU= =+Fk8 -END PGP SIGNATURE-
[SECURITY] [DLA 1987-1] firefox-esr security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: firefox-esr Version: 68.2.0esr-1~deb8u1 CVE ID : CVE-2019-11757 CVE-2019-11759 CVE-2019-11760 CVE-2019-11761 CVE-2019-11762 CVE-2019-11763 CVE-2019-11764 CVE-2019-15903 Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, information disclosure, cross-site scripting or denial of service. Debian follows the extended support releases (ESR) of Firefox. Support for the 60.x series has ended, so starting with this update we're now following the 68.x releases. For Debian 8 "Jessie", these problems have been fixed in version 68.2.0esr-1~deb8u1. We recommend that you upgrade your firefox-esr packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAl3H3VEACgkQnUbEiOQ2 gwIvXhAAkRI0XXZDmG8//koXAxGAPLJsvYSixbr4idDiCmh2i5Pha1t1FzGQYKBq zhTj0PG9opf0FyQTrggUNrUwlkReXqUHYsJgBMZLZLGax+joZ46+2He2bSc8YC6u KQH7EPvYD1soPNVnW+EzzPZPhBJOE+zFWBsWYiughkOCjd8xOawBakByt/fa+GF3 6aOB+eq7dezsthwzL0Th3m57bE2htPwIWvmKA40rSwae/zRC8rzSTTtSIzAsBv58 CE5aklqWcJtxRfFJDbbFh4FL6WZwTkDNPlGjLJYyyN1EGDi8EJ17ARGeWvixSHS5 dgiPyCmT9rHGUheFnlHTGUhmxbhUxAgfKs/+eXOfG5e/ZYB+qm4ASl/o4BVA+c78 8pjFhxJbjBjV7ENjOAyS4E9+4GjSuhSNlkO3zP9BI73qy2sAUHnfkynSWhA+829U rD9M5PvVDaDBLuVrTDFPuObHVzRCflpKSnQ0sSLXnuL82HQSqwUb+maDFPlc9A7h r1rqf7j+bOpHA5S8XAxbwvGwQy5oZzhQx3MtWDySBqyTnE1ks1VAhiEQLJYSsMZ3 dvbXfDLOd9xHONfEjCpMOT32En3SMnpxYfsm4ZAXs67Xx/TEZO3SiwDyMj0TgK3W R4eCx0HxSBhRMLzuTatBBUS03ENYzzem4o7dI3k1xDqtRbRR5E4= =1L3U -END PGP SIGNATURE-
[SECURITY] [DLA 1958-1] libdatetime-timezone-perl new upstream version
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: libdatetime-timezone-perl Version: 1:1.75-2+2019c This update includes the changes in tzdata 2019c for the Perl bindings. For the list of changes, see DLA-1957-1. For Debian 8 "Jessie", this problem has been fixed in version 1:1.75-2+2019c. We recommend that you upgrade your libdatetime-timezone-perl packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAl2kWxEACgkQnUbEiOQ2 gwLAnRAAwvD532KZnjg7C4sCRBfHZ6JC3HC2jhzbi7VpDm5IpyUCCPfBsulyUbgl JPdk1aWSgMcC5RwsXI3PTaLPNyp9Sc1Vcfc93sIOltpUGAWcrPiNgav7a1pIoT+V 1d2Yv3nsiSTBmhKSjaO2iqrWQPJOEISAjMNPK9IcjScXC9B0S/sjdoL4wbBv0zqB 7kDmCjLLtBWgsgV3cyru8Rz9rzLtRiWI6wxDC7LpM/7dK8vgvyQaxsXBnM5cdO+h 1WzPD9NKgS4VAHB52dCgd4Srxi6sL9Yh42orWyQUPSRDftlIgah76uUvZuV8n64O /0udneCx2iTAdtL3D6oCxlMjhnRyzn98EQpCPRfmf5EW++Dx9DtGgBgbeIpMMvEr 0fwNkff3BrWYuZuS3w6WZsXQaomhyLQHjGez6uJyUicKmRWm6QDuX1LbyoHQwCmG kjLPU3W+NQ7Kh25U9uMGy6k35qkjIX+eYDkTmyFxp/6JmuDZRWDbfgpI5Thri8Bg eibmn2FjFPoifd7RAzYJDBtcTr2X8TGzMF4IDCTP0TasgFLJh1sAflTwLAJxBZjg tXb91fw60p6nU2Ql/Ga8cgOYVO4xdHsSEIRFhmP8CiuvJysuC8e8h4CrlRJo4zEh 0feFXd749E+H/QjAH40tBe7wNg8LX8b5+EDAevwYBylfw1Y9fhk= =DkqD -END PGP SIGNATURE-
[SECURITY] [DLA 1957-1] tzdata new upstream version
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: tzdata Version: 2019c-0+deb8u1 This update includes the changes in tzdata 2018c. Notable changes are: - Brazil has canceled DST and will stay on standard time indefinitely. - Fiji's next DST transitions will be 2019-11-10 and 2020-01-12 instead of 2019-11-03 and 2020-01-19. - Norfolk Island will observe Australian-style DST starting in spring 2019. The first transition is on 2019-10-06. For Debian 8 "Jessie", this problem has been fixed in version 2019c-0+deb8u1. We recommend that you upgrade your tzdata packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAl2kWs4ACgkQnUbEiOQ2 gwKkZA//RFoguYWRS9/Y9n+4BBSWCvyj2bLCBzuk8UPzCgwu5PKmFnO9gTTrKU6u 9x4w30lFawGsco1X4GcsPR3btXGAS5NKOZbgCIgzXGGjdVKW0dsb/SN/10eQ5XLy d6HCcyxgtB9QFYEZUHBFWO+lt2S8fRi4CMm4ZEcIHjcU+ajsq6pr56P3liNHoi3z EK5WpNpxkrmQAX0V/13O/Nxk1ZyNAX33N9G1xbcjSpGqeecrymhAYyQzLj2CXmBP kCnFWcUYS62wlIVFX2z25dMuFBLxgwstA2pOFFc2UnoW85n3ZnPFOtpzBziW5KED nbczf2f/2ecgLRDc2JYkYmCgg7raZaUS5/cvjQCgTzp6SPu5nIaHCmOausUeX+Xb VEnwaj/KRC3DQhp3m/Hts/IOXB7vZusrehcd16cmo+3kpzsgjPUCOHqWX0ltjhlb cCCv3M1n3rBbc8E3U3CuydI9ZciMkM2X9AwpluiM5tvNFvLNC4E74x3GtMCPAX31 oPJlYpgC7mL32zlcvw8SKFN/F5UEcep/EQihGIRLk8+Du4QoY8v2FYf4XT/sKZq5 iD5vuK5ryljzXXFFRac4hH2nS7cnS0CC/JSWsCePHFHld97G4G+u/9yQBCMG6dz0 Npu8RLac70wiD6nlorbk6hZa/ykq3PUl08ClLOecED9R566O/PI= =ZTwu -END PGP SIGNATURE-
[SECURITY] [DLA 1926-1] thunderbird security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: thunderbird Version: 1:60.9.0-1~deb8u1 CVE ID : CVE-2019-11739 CVE-2019-11740 CVE-2019-11742 CVE-2019-11743 CVE-2019-11744 CVE-2019-11746 CVE-2019-11752 Multiple security issues have been found in Thunderbird which could potentially result in the execution of arbitrary code, cross-site scripting, information disclosure and a covert content attack on S/MIME encryption using a crafted multipart/alternative message. For Debian 8 "Jessie", these problems have been fixed in version 1:60.9.0-1~deb8u1. We recommend that you upgrade your thunderbird packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAl2CI4UACgkQnUbEiOQ2 gwIJIg//YFmchGzhIuRmjoEX9WI0tQE9Fo9c/lc3e0dyZpWCi82RX+97qmYBLO1q wsrgQk8G/OMZ/yx9zroLU2H7ThK9dcDSNO9yMT0zgWGUHBxATsrkXEPa5fU2pJyk 15NVPdDGJ2O99j9a5DKJT/FV+d1sxK1LlI8ejS7GdpgTnIAR/VURx5bR3COvZMdD 0hKW+uriuwP8/o5DDmelCuhoAL5X9/Qapsrnm5RmOmuGSlzawTFKlrOS1MRfNrmq TJMSPLt4A/AIF/pXXnjLw9mrkTBtSADOH9wOje24feFXn/DyZa3WOWFwxWWTE/Cb f0UAfjY85RdkSg30mFiiz7rP0ffRz2N53bVI8YdC5EtmqB0TLMvw9f/JtLFB2CYr hMZ0tX70rZNhmxNjMlLDFCn2EY0LHXz3zj0h6Xzzy+A0KF8P6px7vi1oaUvDmRKf UUelCM/uooGTt7kYTQvmhsLtIsNwTT2CqOUERXmimM8Q59ICjWG1BIP/LNBpcYks tvOsWUY+bXdvHVTkM7TOk9LxXaubU4CmaOWb61oCCQpbC0CVVpOdV27R0p2Q A04WbmZOzig/JhA/WJJEByuCk7vcZR3kA13sR/WpghK46TNhVwP4DUiK7pJha6Dm UzeqD1C/3fwfPCQJxSbxMTMuAfMZSdITmNxMY80ocxk4PZB/ap0= =FY6G -END PGP SIGNATURE-
[SECURITY] [DLA 1910-1] firefox-esr security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: firefox-esr Version: 60.9.0esr-1~deb8u1 CVE ID : CVE-2019-9812 CVE-2019-11740 CVE-2019-11742 CVE-2019-11743 CVE-2019-11744 CVE-2019-11746 CVE-2019-11752 Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, cross-site scripting, bypass of the same-origin policy, sandbox escape, information disclosure or denial of service. For Debian 8 "Jessie", these problems have been fixed in version 60.9.0esr-1~deb8u1. We recommend that you upgrade your firefox-esr packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAl1yKMkACgkQnUbEiOQ2 gwKuDxAAg6udaACeWt06mkBRb1ieqyNUWsLN26fG+diKx0HwQC7YXrSHjtaail6x iWPnc6ZIp7slgl+eVXZNUQroh1WWH6HT5atE13e1YpW/0cOcGJLNmFREAoqVpv0/ bTwDEMrjJyRpuvVpACuUUYemVmXKwNU9nvKjATCluwv3f2yN1hnCwXWZfIhcaU0j oTTdEkr1wV9xsj6E8IL2OoxiHTxJ1Z832sn6NfMd9jOLQ5mHbQfLXgl8Z/S3qLhJ 0p9YNUyRF6qJNmZwYJVhZh5M6mgOr3q/1TDBdpdamasKhrQ5KG9sAUIJCGP3sLTV IJxk7FOKy3boMz58WqoldHnIuCtgtNIB2/jmJgkHXZmXWy0s3vEuFuLFH5NK9Ur+ jvcpm/fJvi/emRj1THEbiKFtCQIZhFmu/j+1U/VIXeWK8HDwz+YE8dUIvgTYdqA7 5o2iJAdaz6tT6uytMnrXdH4WKzQfiVtwKvOv2Hegy8jgaaTMgXbZJsrHvrEdfp4J 56JADEfbKSa2tC3Er0PyxVRU1u/vA/e7OikNRkakJ7jTa8CKBDOhWYWjAeP6pF7P /4Z8C2H0d7ccWI06ukLFXbh84eTe39kukO1+eQVSYz2xxKp/qzNWp+eS3ujzd1mL 7emfdlcm/eTDIr6QUkQKomEeOfNCDybey2QxD3PM8d4Rf2ep0NA= =i9ne -END PGP SIGNATURE-
[SECURITY] [DLA 1882-1] atril security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: atril Version: 1.8.1+dfsg1-4+deb8u2 CVE ID : CVE-2017-1000159 CVE-2019-11459 CVE-2019-1010006 A few issues were found in Atril, the MATE document viewer. CVE-2017-1000159 When printing from DVI to PDF, the dvipdfm tool was called without properly sanitizing the filename, which could lead to a command injection attack via the filename. CVE-2019-11459 The tiff_document_render() and tiff_document_get_thumbnail() did not check the status of TIFFReadRGBAImageOriented(), leading to uninitialized memory access if that funcion fails. CVE-2019-1010006 Some buffer overflow checks were not properly done, leading to application crash or possibly arbitrary code execution when opening maliciously crafted files. For Debian 8 "Jessie", these problems have been fixed in version 1.8.1+dfsg1-4+deb8u2. We recommend that you upgrade your atril packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAl1Sr7sACgkQnUbEiOQ2 gwLLDA//TEu8+dtgHdyxsQ1/QbND4tQzkZmxnwuLXslnJKDYhivUO0119f/gJuW8 bfzN0bBJ+A+j19kkY1RXp2ZNIEj4vXSKiw+he8vDY8jzMe/jflA7n9ot2faX0an3 FFeGC6gpcfYi3O/YDFV4Bs8wDKaWIlwmd3FvRfBQggRtnlNUMTkTymkA6ZyViCrO uCTSKG9eEpx63wUVUTLASC+t5XpUNEcgCI1CZ3jxWoHMU8o4USRecDoyxPBQ3LJy 1uya0IZXMW7+qr2CuQGW5py5h/LAmyoaIEGA+a4+MnuoYn9pBRSI1KQ9bTFNcJiw PO0ReSrVVbwZsZYCvfGDJlNEEAGbEMjdSvKB9q5peOrkoIxMQnw9a2rwLWgOeY8v TfEct4YwUI0Em75J3ltW6wJzdxeJs485UqxqZDrDzDt5FmxQI0y0vDWBoF127Bzx EaG5RG3fTDIkwKJjsq3z3ttxYrHWQE3oGzfuIPXc5vKJ++OuktXeTXbPMVE+/QZX sdxc7gnS0Nzfbnu33GDE80rgQNjRQI4gPJc4cJyVGBis3DOGk4jKpVZOuR2m1Pob +B+7EPla4DZVT04XfhVSwDdhlwtBdTHSZqLTtZNAPvcSuiGJLd6X8hTD6K5tl6Tj nbc1QdDGaRURAntkSOBla/REbIc1gUSfTMBaCWRsQ2sPer3dRvs= =y+9p -END PGP SIGNATURE-
[SECURITY] [DLA 1880-1] ghostscript security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: ghostscript Version: 9.26a~dfsg-0+deb8u4 CVE ID : CVE-2019-10216 Debian Bug : 934638 Netanel reported that the .buildfont1 procedure in Ghostscript, the GPL PostScript/PDF interpreter, does not properly restrict privileged calls, which could result in bypass of file system restrictions of the dSAFER sandbox. For Debian 8 "Jessie", this problem has been fixed in version 9.26a~dfsg-0+deb8u4. We recommend that you upgrade your ghostscript packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAl1SfqgACgkQnUbEiOQ2 gwIGSRAAni9loAOTP4P/H2WNbxT6EmSSCuyvOq3yb6vDHX1iUIpijT1fT1BjMwz3 gYhfHkwZXeFsX8rqPp36jJ5sWJdh689fb4AX8o9zCADwqQ9fURrHa9TYT1NctqPv Z1KIUhiMqmb7EBDxuQjEsmaaW01p20oPeE/WxS+mx9jHRy9Zo74urugN0NtDTbl1 R5Pr4qK6S4cXNQHeom6/A2Y/xCNHAiqBB3BiFBZFOL56PSjvx15xrip3ldZeJtM8 W2zhTspWgtaz0B366f/eIMwYAgQvuT60GN8MMGaIQar+n2b+Im/HWsYMQ84/j/At C9tGBL2e6Rs01cfHP4aedg+hbuNpJ5MTpnKTk8SAhYJMsjQ9ml6Y72UK+WqCBfhe 6Fcv98+phzsjSWJgQPX5RX1Gf5FlShYf/Rj1Up6ricKkcaUvSvSEIkoaACnfIyo9 jP918MvNBbHrsmGZ3A60V5vxanHHhMInCNll0WIcWL6Jmk0hQKKdBXCZ5jlsmlcd cnMEnYeU0+lJDEyBpWzfwyPmKZEu+ZrL2VrvusopspWqlx+p2ofAmCB0JqBUhFRa 5+apw2Uhv/Oi5ij7FAcZ6pFduqIsmD3xBc3HmFNtqNNB9E4cRGD/wkEtHQBayZUS Yhojwp8IcqWBp1DU8x2sS2t847SHW3PqgMexYY0DiqU6B/h1LtM= =rLH6 -END PGP SIGNATURE-
[SECURITY] [DLA 1878-1] php5 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: php5 Version: 5.6.40+dfsg-0+deb8u5 CVE ID : CVE-2019-11041 CVE-2019-11042 Two heap buffer overflows were found in the EXIF parsing code of PHP, a widely-used open source general purpose scripting language. For Debian 8 "Jessie", these problems have been fixed in version 5.6.40+dfsg-0+deb8u5. We recommend that you upgrade your php5 packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAl1R2QEACgkQnUbEiOQ2 gwLj/g//YbVrMeI/7EqO4dxUDm+SgzS5PGIuBVg2R3O6Hmh+QLqPVdS4DTM0duoR 6+NAGj9kiYwWDZk7mloFTm5bRsKxizFmNNtz02xFMYuQzF94rDnTHyV30oLwz24T DnLeIM+xBbGtLxsT3GetA1q10BzNvyOtsSPpf8bQQWedDdiWTDqDvX/nULk34V36 oD2nocurcn8a6WZxf3h+NzHEck7+058EiKo/RT/0VRZ6pw6zEi0hrELkfiGioNmX DwrpnBiSj78LkV8pO4OOERuw8PWK3dFdgBunTNqKkzpzjXFukKF0nfsRYZbKxVhs EFKfYrTCfZLb84LshbDr8IqpQuvPVrLMD1BStK5AZH8QHasnZa1MnKYNKHuKB6yU d0r4zTDdmgBGcURKeKoVGi/kn8jB3JJMjBcDeD9zBqi9GTmdjy5D/0NVPAuRN2cH njTi/WX7gkfsW1GXM6E63a0awkAWjhDBn/EbDFd6VZ89jOYESV5195bjy21CtayQ vnY2ZY98CuM9SYk9/iWLidg8dT8ja3or9KO8kWkM+x2o5QohKgkR0fbXfh90NFhl B7YD0d+a1+roYyETULpeyM7k2yuVFoEUQVF+ymDGKFbcB49rbsZSRpRPFq7fiMhE MMaO2w8PLTe4iNMJ2yqOg4jGBYUlO6RfOcvaMPjkZK8YRbobanI= =1fhH -END PGP SIGNATURE-
[SECURITY] [DLA 1870-1] thunderbird security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: thunderbird Version: 1:60.8.0-1~deb8u1 CVE ID : CVE-2019-9811 CVE-2019-11709 CVE-2019-11711 CVE-2019-11712 CVE-2019-11713 CVE-2019-11715 CVE-2019-11717 CVE-2019-11730 Multiple security issues have been found in Thunderbird which could potentially result in the execution of arbitrary code, cross-site scripting, spoofing, information disclosure, denial of service or cross-site request forgery. For Debian 8 "Jessie", these problems have been fixed in version 1:60.8.0-1~deb8u1. We recommend that you upgrade your thunderbird packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAl1EBlcACgkQnUbEiOQ2 gwJ61g//XEI5cmRL6ODBgJ0BoLAxIoEzSd8RD2ZcZu/uEMFDtyAQdElxJOYnSOLZ eL+M2P1I3A+cWnxsS9VEKPtQA1sAljhAifpFFdq/nZxZ9AIW5voa5XDsYd6e51QE bLEd40USCZK+CGqXKta1lq6yPJa8p7LkPK+0RTG/sxWhTSEp5xuP6pVK81HHEQaf QXYIbIsiZrfMZr8vTWuhAsxwQj9yxAQosEANOGsDi4FFo56yHjysXOHeO0AHVk3k BA8lQmq6poAVtquhoQZ0F+3JBNVEiyPqEcf36ZIgCkVoWNyyRMI1c55SsIfJs6lC z9xq/fgk883+Vxl98TZXCcQ6YurRL41GAAwgZOUIprgzn7ZSStcHWB7crm+7RM/D ++9sUK18mRbTNjCi/V/vwFUPi1kWgXTxdNc4vprl5epPd8YFcNYzJRDDNiBrZXDl aFs5tUpgl0eR3wvRg4rAiWDObbIP4VWCmFTIsfjWOXcQYCNjq1YSp7mSf1dqYwaI tadTLdSOXh1IdTPQx81IeffCzm1mq6lNIyuw4HkOVyn3tHUJ5KJEdk9qK4qnLVU2 z8kqkhySguUP/DiC/rhd/uAzVDzEUC3DZJhPxaqiqLvhK5uW+RcupOjM9/FGgSzt T8SaFP0Cv9JIWQSf6X8MAvpK9FxZRfz0p0YQq+kmbu3m+LNbIkk= =5vdT -END PGP SIGNATURE-
[SECURITY] [DLA 1869-1] firefox-esr security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: firefox-esr Version: 60.8.0esr-1~deb8u1 CVE ID : CVE-2019-9811 CVE-2019-11709 CVE-2019-11711 CVE-2019-11712 CVE-2019-11713 CVE-2019-11715 CVE-2019-11717 CVE-2019-11730 Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, cross-site scripting, spoofing, information disclosure, denial of service or cross-site request forgery. For Debian 8 "Jessie", these problems have been fixed in version 60.8.0esr-1~deb8u1. We recommend that you upgrade your firefox-esr packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAl1EBgIACgkQnUbEiOQ2 gwL/Iw//TVOkSFwnc7bYkXc8B4TvFQPb7bVhINiYun7t2zzAXi/7wzxUdAR4kdB4 mk+uVup3XyKmGWjBjo92R3K4O+j4MLGY4jdOC6azidG4UVFjGKh/o9FuwEQ6iR53 MVQS2xLW+xcBqBGMGINlP+NQC6wr5eh2ngcVVA06PrVQOgMN/LQMisMaEpssG98w oju+WZ/d1YuyMJFZP2uNEhA5cUPV7Hreq0c79Way3qi7BjB/aiSJKie78IcJQkGF 7ddkOULsyIDpif1XbVXeEWYxG8nLUrFBmtGy6jGvTbvxXUqxRhA97xnAYx1RkKTo 6m238yP2wS+YzkVgk8BhEiSdVmWnkf72eWJhAmooec9+j/RC+WaQJqit8bQfb61C lMrnHCBMsKw5KaG3yJ7JTAfU0EKdw7WCpJbwWIqFPRmPIUdJP1sU1MeeCuQ0Rc7V SBToNfjiG79RE7MYKP3j+zoBQzySDm2J5WG9AV4sHxee5JXlayggym5vsV0kwOqc nfz+BhEHUf1EKL0OhI9PLglllAasOnHA3MNxXDewBtfc3Ouii3Wgfegv71i0L9MT qWbz6ElBfvBpuBvRhlgHTIqDCD/4kco6vLJn2O773JevtmFQ8CEyLEPiP6k/GhCr u2LP5pSkElzdX7OhvvPgaBQLnfXyVmoDitfP7nmeZ4AAADmHQdk= =UXyz -END PGP SIGNATURE-
[SECURITY] [DLA 1836-1] thunderbird security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: thunderbird Version: 1:60.7.2-1~deb8u1 CVE ID : CVE-2019-11707 CVE-2019-11708 Multiple security issues have been found in Thunderbird which may lead to the execution of arbitrary code if malformed email messages are read. For Debian 8 "Jessie", these problems have been fixed in version 1:60.7.2-1~deb8u1. We recommend that you upgrade your thunderbird packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAl0R53YACgkQnUbEiOQ2 gwJygRAAhmsa0VtJx8GcNvQmbjsb3UMpcda8QLRSKBcSWlQ5eKiRPs+NTI07H+RR WsurSfKe27j44aHhNP8qoZSV9XhzTDltem8Ib+uwTkK27zw24XCxFHGzNeN91dbX kPe9WygkGjdjeSvXfTeQmjjLbJ55ynM6wAZtLzyht2ED2by4YHpEYvlWjXdv7iAb PXdM0c8j1/c6JVnFCIz2S6KQej+J5Qpk2J2Z5zkvq3jXJsWHmmLGW0rD/JY75oAm 34x4qEs8nWmxc8GqK1lKX193U0OwtZ8aqrGYDUt9m8995tIcmZygciCjG68LEZIX uBRXYBLJr2neETzTDL8RZ+6uWFshdnKBo4BHeB9siDCc8/CsSIUWsA9NNPJS54kK lShSakgjYm+4XDibwqaQwpl/qkXFwFe0Ovoay+wHIVKiItX1nnYDqyesfudrqcof ZyHQeShEbrbb2k9o34xyKUdcDGoO96d0UxCFGp3+eB7o/iLvX3vPEHG6qTCb3XIA ZNpUMfwU5pOpIemoJgx5IiVZYZ0MwrF6GNhk3iP4DvLMbOAIYROv8JNAd/k4pKr7 YEMy/aBGdy+PM9l/vq7F1YbdtEPoMyjKPjDFqkR2jfsQA7m8be9FJoGj/Pjn7xZ8 aRmMY3/KBYvF0ViQ9P+Pk5Esb/OQVlz44H0HmDtOGKCPuYbApKA= =dqrK -END PGP SIGNATURE-
[SECURITY] [DLA 1829-1] firefox-esr security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: firefox-esr Version: 60.7.1esr-1~deb8u1 CVE ID : CVE-2019-11707 Samuel Gross discovered a type confusion bug in the JavaScript engine of the Mozilla Firefox web browser, which could result in the execution of arbitrary code when browsing a malicious website. For Debian 8 "Jessie", this problem has been fixed in version 60.7.1esr-1~deb8u1. We recommend that you upgrade your firefox-esr packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAl0LUc0ACgkQnUbEiOQ2 gwKSgRAAoduapUwQ9iT+5a1ogoIV5tYc1KZ2Xya47L5e9cFdSDhGoN9pukflfRTS 8j3rTLpYwl6m7N/rsTX+p2N0mth52MRpjLNPU/CDKPSRQtVqNiDe+eJrbBertTVu PXcD1h7RMRfYRO5oXQsPRtLAVGUF6YDOjtdOz/EEZbx4RGyNCLtEaHLuAfMAvJNQ W2I5renf4amVPpoFuUkgv93NNh9ZxBkkGOwNfuyh4edy4oLmmgXPCjnr+zKKdW69 Jn1qByIcIJ4ndyrVSQVT6ryUI29Q6aFDO3h9MPcSLU7JeTjLRbSDeubMr5t2BNjV jSkqAch5WJ8NDAOYNr7huO/yJYbpOZW2LcZ+k2gcrKm7JBhN3mbL9cgX9e2nIDF8 jkOtYynOCuRDXhVVOP6EZoTM1p8D5ficv9rqOLhBu+YnMhgzBXcx43eUr56HggzY Fl66iJdqowiHDY12Ac+7mHLqKjipS31Ce+9Y80YBphNOGS7Awg1tvvfUznC1B1Mw 1Pafgfuz8CxsEsn8r/NwK97Bszlt/j/Q/3SkGUuH/QAaayy8alvXO+Qcz73TJMrn C5DaUF57Y+KRv6f6qhH32x7mQSXGGvyoJvQj0Fus5yyrgozUJ/o6QPxf9OUK3jS7 emwdo3+sgt5XS8UUgmcnF0mUugcFHqKW/ddI7j+yKgPhu8Vsosc= =xR7Z -END PGP SIGNATURE-
[SECURITY] [DLA 1820-1] thunderbird security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: thunderbird Version: 1:60.7.1-1~deb8u1 CVE ID : CVE-2019-11703 CVE-2019-11704 CVE-2019-11705 CVE-2019-11706 Multiple security issues have been found in Thunderbird which may lead to the execution of arbitrary code if malformed email messages are read. For Debian 8 "Jessie", these problems have been fixed in version 1:60.7.1-1~deb8u1. We recommend that you upgrade your thunderbird packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAl0HQ2MACgkQnUbEiOQ2 gwKJ3w/+Id/5iYIoyEZafOwuIFLjfvnK7ixyT3Esj0o0z0wAo8eju3ewqZeCEnp+ 34TCXnHF89L3SySHO1qduxrKCFmcZc7+R4J1IVgDafmoIyT7ZYsd/LNgP4PWIrZW lf/mMwFGXo8OqBfMvrfr995WN83XCOnWXWdUOa/fSzAmBwccBspWbjDWcjNORu0G Aa5xygY0OpVmUq8xKnIPOZCDndVAqpViLGecYNC5XnDRLLJJR4JWrk6Ld6cuO5j1 gnN+tvlzOws+4nT9SdUKxrgD/DFZNNOMQJLBtb6YevIZJpEJA+COEqyGbCAp+tzk uDuHbqkiLXF5aaX4Y5HlCYtQL1fs+cCTKt0ZiY3HA5OzDVABzoYjLTcZ29xETNtx EXTWpRgdph+4sPysI7yw2DW87GmnVxeK2PkZiwW0yG85VX6ZxZiWqotLYlaLiXzA HHkt8CRFAj827RDDRIbj4RnVBNbxWZtQQy5NFomzIcUbN+mb7cS/QkQIeEYriTF/ wxNDB4zjlnBz1Nt9yTzyy5B1EOFZ22pf3WqKCD2q1YSlMCuNS7wR05D5A+y1kP4M vM2zeDF5Ilts6sZoLPFRgt1QNcSGdI3uxCVqoIaLtCLif3yHksyJigrIWFWBvNVS CAusPGUvsl/onAcs1ewmEHnh9+o4oAiv+ZHmV5RpGGn4zq4S9mw= =isfR -END PGP SIGNATURE-
[SECURITY] [DLA 1815-1] poppler security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: poppler Version: 0.26.5-2+deb8u10 CVE ID : CVE-2019-10872 CVE-2019-12293 CVE-2019-12360 Several vulnerabilities have been found in the poppler PDF rendering library, which could result in denial of service or possibly other unspecified impact when processing malformed or maliciously crafted files. For Debian 8 "Jessie", these problems have been fixed in version 0.26.5-2+deb8u10. We recommend that you upgrade your poppler packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAlz4+F8ACgkQnUbEiOQ2 gwIubw/9HiHWpAwhmT2kN6QO9G38iG7J/q3HR38jGa5rDC4rE7dT4iAs3jeU5okY PszkoqZkc63OOhNf+5M5alVD6HIAEbSeH/FALKVTZ+OxLNX2VFUu/tvoH/RTpuT5 VCjgZ4vcPtzqRiuxPVjw/AmVWfVXIVNgHiAf2j+9Zw5d/xdbhIJwFnhYTC/sLaEZ UkSZkQMKHrImbq1lspAg2U0HgVuK+Ybx0yHRiOkYkr3J/XH3+gGktXqvmmR5IXbh 3rSh22mXLnKWErrwEWnWE36/YU0UUzq5vRvafCYkNE9MKyYYpCUpAb5m2dTYzfh/ NgSqJlrt3eG9XrgS9oByvvurZpeYXY1TzKcsTL5GTnJbAK8F70FRKCBKj4lkbJvW 2HOfJvATTRBjlEg6vPNBYdO674UG864j+/BXg35or047L2BF4A6FeR/+ISz+r+Ek 2J7yAdeCu2WmMlZyVZZu5n+e4DgcW55zAm51JDUE66JnC8uSnVJW68C6WYfk8Z7Q 1VesubpqT76FnhAh6cTjP93oEi/QBM1eCzMjUjGEt7gjGNb+42zsda9v2n6v4VE4 ZUCrYaV66wC0MWqGSwiFFYMaG/muMo3o/oFN8z9vmLEMpmTlfZ7I+OlzAxtH2no0 tOmLNN8ix+QPPcXWcLF8KgGxNbHvM8wj53sCdUjo//iRuB6yLbI= =YmfQ -END PGP SIGNATURE-
[SECURITY] [DLA 1813-1] php5 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: php5 Version: 5.6.40+dfsg-0+deb8u4 CVE ID : CVE-2019-11039 CVE-2019-11040 Two vulnerabilities were found in PHP, a widely-used open source general purpose scripting language. CVE-2019-11039 An integer underflow in the iconv module could be exploited to trigger an out of bounds read. CVE-2019-11040 A heap buffer overflow was discovered in the EXIF parsing code. For Debian 8 "Jessie", these problems have been fixed in version 5.6.40+dfsg-0+deb8u4. We recommend that you upgrade your php5 packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAlz1AiwACgkQnUbEiOQ2 gwJ6hQ//e3FxCHkLhDfI2h1U6c2gl7iCeA3CNE8sGNcdrdhUwj6q/aO4vq7SifqD Pczdrx8eUjJqnRbvyfoC+zbVLv3Hj11EFU8RSfc5KMYjSeSWh3RZV+DR0JDtkjys SI+rShck2Ej7Ajv9XHy/xfseI2PoZ4eIOEBrZgyhMTPBULxUxzIkTUyQd0wcHQsI rAaQR/ePhH59loXagJa4HrKqRQMs0Tk6ZZo8oODbnMXpqysupfW7X/Q3kI4rn5Eq qQbsnZF8B90CptEZpUSu5VEALi4FmB7NMEMx9NjeEO93A6rvF4cFUXKlVsaSalsn U7Pl1wjlBvSJG1M5o9+g7XKCPfG5yN6/ER/NTK/zKNRcwhN6wfMc6FpsFCo6grNf YNv9rqu5ST5F4ta7NEsRo4tD4QlfAFPX6MkBpiV3oOnXe8zZ1M6ZevbNpwFuAOHX jd/T/xCrcZbhdgK2PSc+2PC+eOPbpESbl24Df5CSpNch1rt22c0GweJihYXsF2oK V/SfBN+aDvieRyaBJDRHy13N+3OuB6AiQofHh11w053SV9YUTfcgsfTB5GrqKL47 N7wqmriUIoZKKQox+ynAZ0MI6e7snuRST/r5n+U1mkh3dEl1fYfq93xLmJYX4sd1 LXat7RgOlhz1HLUNJk2vNE77a0Ykwvu6dNuwCAdqyoa1bMXTSo4= =WqNG -END PGP SIGNATURE-
[SECURITY] [DLA 1808-1] sox security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: sox Version: 14.4.1-5+deb8u4 CVE ID : CVE-2019-8354 CVE-2019-8355 CVE-2019-8356 CVE-2019-8357 Debian Bug : 927906 Several issues were found in SoX, the Swiss army knife of sound processing programs, that could lead to denial of service via application crash or potentially to arbitrary code execution by processing maliciously crafted input files. For Debian 8 "Jessie", these problems have been fixed in version 14.4.1-5+deb8u4. We recommend that you upgrade your sox packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAlzs4iIACgkQnUbEiOQ2 gwIfsRAApZUUeMcVgDham5qEE5ra79rcBSrdJvbaYrEgllnOTgC675kJu9p4R4vb Tlp8vZv7MJadz/C5vdlNhIW70bnHOXua6P3sdbXf7rEAYWWguJZumChvFORm0Z10 Viiy+0vL1eo73LHQ6Hj2ThrjUyuXGGLd9JrAEHdyug+WwMiDciBsfgWlg+3s3iI0 nxDvJpXn1NpmSll/TN2GhEr6fAeF/PfemdTgV7L3Og3HtDqtZMM79z1hm1uWsSzd U7M37Vh8vKxGEEvZ0EtOsuoRwRCCpZEUtESWysntu9jlTXBFlhCsLSZkAWZyAFoM RWOT2CzZYPdz/kg1XBvCLiKEF+YpEpVfh0j1+Ky7glJSrnK1U2Hj0VoSaHazzVv5 IwI1/vRCK72yiJFcW9fQjuy+ArCvXiJI1ep2vYpi6VB/XHjezdFmk0QheWXusW+Q EfFGsQ2mDYVoZslaSgWiXVPuhjrQitrgkuolwBN6QNIs0QYGmkKmoV5jwGkw+zXj lomCBxQiInoHHs6CGK5QapJ77X5mMQf3au/PHNN6K33wJvMfQCkjZ3Ik0VNUf/r4 ZdnyMmytc+Okxy54WaX/5B3dQaYRk1uQy++zilmqEdNC841fOVlky6KC0zyoK8fT U0bnsER4fZqfxNfIsKL9tvRHomCP5QSJM4fPQ2OjS2EFve0hknU= =+Sew -END PGP SIGNATURE-
[SECURITY] [DLA 1806-1] thunderbird security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: thunderbird Version: 1:60.7.0-1~deb8u1 CVE ID : CVE-2018-18511 CVE-2019-5798 CVE-2019-7317 CVE-2019-9797 CVE-2019-9800 CVE-2019-9816 CVE-2019-9817 CVE-2019-9819 CVE-2019-9820 CVE-2019-11691 CVE-2019-11692 CVE-2019-11693 CVE-2019-11698 Multiple security issues have been found in Thunderbird: Multiple vulnerabilities may lead to the execution of arbitrary code or denial of service. For Debian 8 "Jessie", these problems have been fixed in version 1:60.7.0-1~deb8u1. We recommend that you upgrade your thunderbird packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAlzro/kACgkQnUbEiOQ2 gwKriRAAh8FFNQt0oDiWd+OPwn38noQ7w0UOsGsf9t5Hhy/eLK4kmUIeJ1j2HhiL SwHeq32Nwb3W0rTGoETSUCY+iHPAl0VVlshxO60rAlC9gPb3us18x5yqIqw5vWVa FnBxF4CeClLleChfPOBV14kyaWGGxkY2xRJJbVKca0qzKwOErELgX+NOCteaRWwx Z3JucZ6h8iN32NdimVj3gVXL+G6omi314KBelluc03LbATvIMUnUQ67S+iXK8cFc FGvZ11rm60pKHRI1apL878MZO0KGT/Mdk679cvnmSqrnLw3co05dNu+mnys0Uieq gU800oaabTC2tFsj2JzlSx1cUgdEMKafA8+8AIUnKep5EfdlarjEod0+TilEhqfo KfKCv/+oyDqZPqfhuO0grIdlKDpj162W+aSmlR2LOlHmPBzwDt5MXaS0G5R3L3iO 1m5UijOIi2qjHQ+pwP2Gdoe6zQI1iUJXbpR8rGR4WefURz6LW+qzjNqKo+0sq7Ha Z76zkB/4K/dAlt6U2W02KSUzeZiHY+Gr4oCnhjMhLXIjQudKuqnW/rqebia+vV1e uCE14SVtVpyj6rERQkpb05n5GEAFEAtYY7WlNMIi5xhAsgjPAHzFMYDRjjhmjZRS Dy0cB0K4bRAEw4zIVT10trBtksZCgyko/qHi4EwMg5RU3dSBChg= =42Ni -END PGP SIGNATURE-
[SECURITY] [DLA 1800-1] firefox-esr security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: firefox-esr Version: 60.7.0esr-1~deb8u1 CVE ID : CVE-2018-18511 CVE-2019-5798 CVE-2019-7317 CVE-2019-9797 CVE-2019-9800 CVE-2019-9816 CVE-2019-9817 CVE-2019-9819 CVE-2019-9820 CVE-2019-11691 CVE-2019-11692 CVE-2019-11693 CVE-2019-11698 Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code. For Debian 8 "Jessie", these problems have been fixed in version 60.7.0esr-1~deb8u1. We recommend that you upgrade your firefox-esr packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAlzmapAACgkQnUbEiOQ2 gwKVFw/+IIgOR6VqEeqH4Wdylmgs+m8AL2TJu77QzW04+QigCz3U3FpuNr2GseJ3 18gCGdXyRd4uhkCLfn84sFq4CULJYp0a5kb3tFhq/5KlL1mO32bvqWRZvEyg2kdg L0H9tLCQ+FJp8Fc/2rP0PBul3Z5SnHmv4ql7vT/dINcHhRldtF6t/bzInxQZNOIp s2AwfjHzvQ/VpHIUTBtMKJFPMI0SplNiCRqd4QmWk0Mnx8yOLPP+gW1XVBWhVUnJ 1eNs5Noe1X2Ac+tsgTZ62YSqKDJg7eSl4G7JVoFqCKyImIshJxPlq3GcYPZa07ZQ +sfnBKMkERKlWN00DzDXjlc5RgDWlC0HJ83wEbfXvPCn9Qi/eLbY8CFWVTFXUdYI 1UXDz5GdSN4oMAXWp4ZvMp6TDvw/hCjkFXGzInsh9hhEnuXbhq8VJCYX8Ji+CNCO fTxruT2bwu1jT8250PwdK2F417yTYg38oAbx9L16xfyj53kL8d/FfbU5tX5q+mfy jl8PtLn8P4m5iYetlIVzF33rMRFPZNnfJD4RybFTiUKlTsiby2UEaxT0qwHpPUjp T4uruWm45wybbIptPLUQan/Mdx8XHRufvv8IByPPIHfF+PhjbSu0G+C82cKe4etn 4MtJK83fNjRB/e/D6oK6lVyPZFjSsxRIdNinyqoCsfyd6mVo/mE= =0sV4 -END PGP SIGNATURE-
[SECURITY] [DLA 1788-1] samba security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: samba Version: 2:4.2.14+dfsg-0+deb8u13 CVE ID : CVE-2018-16860 Isaac Boukris and Andrew Bartlett discovered that the S4U2Self Kerberos extension used in Samba's Active Directory support was susceptible to man-in-the-middle attacks caused by incomplete checksum validation. For Debian 8 "Jessie", this problem has been fixed in version 2:4.2.14+dfsg-0+deb8u13. We recommend that you upgrade your samba packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAlzcfEYACgkQnUbEiOQ2 gwISkA/5AVU9SPoBNLSkliomQy8G/Ts7iuNpuieyCtRQP2BqjeNAYvRXmKbcW6EZ IcpfA4GpJc2Iro6X5dQSyfu4pucPCt79LNkDSz6Mf/UZ4yppbFUXF+fLSBj6NiDM F6eejQzzlA78VQsgGMBaMc4znGMqjZBWXBuin2SFfJNy/BS14Fp48eVYh2hoiDk6 6s4VgmIBX69lGGAYMhAI3W4Tf9EDu6IeCHbJ428qim1RKTq4kRUI3moTvJBkO80C F2NPpmd8cliX6sk5HFKVCX8F6vgOmh0v6wT2cUmb/mHHcSy/gtP8qUsL+9pJ4Kl9 gTqJfkV+VDVYktJKH3w0ZQwEAG0C3zV4Sm8hOeU0o71mgD0EnfMhHc/Eme2bKzRC kHw/jcu443rpqkuK+IZiYrhobDJ5NaILBsV5c4GTVV7NxYCwgzINdIhM5TDDXJf8 R3b6lpWIHtKfJ71T3orui7sKLengrJv0Y9fONfGOkIoExynOR4g+lixGc2sy1cRN euBhFdP4lG0HUnvzg0gIEZeLIfSwsWbCem9iterVd+oBrdrzIBV2CwkI9JCZkERw rgdPPbtaR9vpbGTNmwPPngz59U/TcuqrOrpQ+P8Oe+QcA7bpeD2tGJZa19DiwLda iOxjTkmu3uSM33gCusUlZP8zDJqXfkE0DNkPoJwayOSTkr58xMk= =mYiM -END PGP SIGNATURE-
[SECURITY] [DLA 1781-1] qemu security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: qemu Version: 1:2.1+dfsg-12+deb8u11 CVE ID : CVE-2018-11806 CVE-2018-18849 CVE-2018-20815 CVE-2019-9824 Debian Bug : 901017 912535 Several vulnerabilities were found in QEMU, a fast processor emulator: CVE-2018-11806 It was found that the SLiRP networking implementation could use a wrong size when reallocating its buffers, which can be exploited by a priviledged user on a guest to cause denial of service or possibly arbitrary code execution on the host system. CVE-2018-18849 It was found that the LSI53C895A SCSI Host Bus Adapter emulation was susceptible to an out of bounds memory access, which could be leveraged by a malicious guest user to crash the QEMU process. CVE-2018-20815 A heap buffer overflow was found in the load_device_tree function, which could be used by a malicious user to potentially execute arbitrary code with the priviledges of the QEMU process. CVE-2019-9824 William Bowling discovered that the SLiRP networking implementation did not handle some messages properly, which could be triggered to leak memory via crafted messages. For Debian 8 "Jessie", these problems have been fixed in version 1:2.1+dfsg-12+deb8u11. We recommend that you upgrade your qemu packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAlzUdIUACgkQnUbEiOQ2 gwKh6A/8CR5876MFmMly2kfPEep9f7arCi5Yr5rGn9c/8+qjjMQRNmrdCea78Gk+ dkGfNQEs//fAyRsYm0+2VwUszvEd0FJvi4pdqCKEQaHFT/6AP+hyZiL9VlhZ3gf6 RHVBAnFSRbaQhH2Us8kmFvSkLp9az6G8scHgaGxe62HZk4rxqiMVn3GxO2OygMqP Scl4V0XEuWHUzpLepYRpatb2peMmwoLg/URvcN3vhZaoyVtbrWuAVTBfUMxhXfVe Gw0wRdzb3ziKqQN3aw3Ao/f+ErOS8SGTyo7ns1wM4F0eIvLnd1McFaZ5Tfs269fb 68wfcMqqz3PZ6bQFXK273jes8krUn8dviHWAmtqf3cSK7iSCrsr/iOqYRtbUX5Bn XpNTfPns3oDiUrp3HMUqRkZCjxdhSCbFwerJYezX90wXZZxMd1R7zqVd3hu/u0Pj uragBJTcQpvFzpOcrI6j8CWc5tj2FFHeSGZqKdypdhPutEYL2VDEkKTQSaePzWzE rFTCbQ7Ymk4Cisi/bsaGpjCKOn8xi8ulXef8a9WR74On9gntYysG/411QUyOeeSe E+YP3eCSS6FMB343i/8avr2+77XB8d/zA2VbCT7+rnStEeXXXB9fL+xNjSzR4yNY FnfkbsMAJKeblf/2fIMVdbI76NGRvgAj6z4ojBS2nXu4MrxDhcE= =NNRo -END PGP SIGNATURE-
[SECURITY] [DLA 1746-1] drupal7 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: drupal7 Version: 7.32-1+deb8u16 CVE ID : CVE-2019-6341 It was discovered that missing input sanitising in the file module of Drupal, a fully-featured content management framework, could result in cross-site scripting. For Debian 8 "Jessie", this problem has been fixed in version 7.32-1+deb8u16. We recommend that you upgrade your drupal7 packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAlyiHFEACgkQnUbEiOQ2 gwL8thAAgLDwlOyeLMD5lsmaJbErDZUvR+D0leuMPFMV7ijf2ZbIJp8EFs7nCP8a 4JpIeuTD5IOPqc6dspsDe+DAmLKEfpLBgdHMOkmEZ3oE2s4MEhKpAvrM9lJYhbRi UD/MI1KQ3Xi9M+XSS1/eglUZrWjbpRvGgsuCMo89r6HJD56fcIuIMCOqj6DgYK6s Lq8qVOlDMPs2PD7r/Wql/yOW2RSp3AXoijLc7xreOQ0Lb+zye5cVCrzEosQpLvAO OcgjIxilYmYtVIZn6c5abGx2QUDdAovWI3kssie8Yz0odxqsP6rAabAP2Xktwhe9 GijALQYv38aGcLVXw9+RZ5l2wBM30Utj0RwIywKuD7LYQX+nR/YaS3G5y+iEbP3c V6B07ywrWr3los2myeKtsleaLXTuWFCh4L5a9cyVddmt50sZy7D6ty67WX7uMvUD MNRSMdjG2zmjhJLt9H3lMbjtNUg1+ZZwETYrZTZ40O+JKPLeckNBETO/GaX5rveq /2YopnA09UJuBnCgHSZ4cYyhJ2dol8JyPT7iQt2v5vS3YrZHy1BzUkjydtbpZ+S3 6lldzsh+XljoH5piPCBF2fxnqaMWpZgHI3iaHjxIt4GQD5uoMlAvNTpilHXoMapr Pon+4I7WZ73Kx5gxAjI/1QJN7SKRZTvTyCdJ+VJy7v7abkviq1g= =ZWIA -END PGP SIGNATURE-
[SECURITY] [DLA 1745-1] libdatetime-timezone-perl new upstream version
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: libdatetime-timezone-perl Version: 1:1.75-2+2019a This update includes the changes in tzdata 2019a for the Perl bindings. For the list of changes, see DLA-1744-1. For Debian 8 "Jessie", this problem has been fixed in version 1:1.75-2+2019a. We recommend that you upgrade your libdatetime-timezone-perl packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAlyh4rIACgkQnUbEiOQ2 gwJ6hQ//TmQOkANtnQHjrtNiA/CAA/sBpbbprjpcR61UsWJ5QlpJJbi/riGLHE44 E1ZOlAVJwuwn7O9Vb7BtrZ6VPDepf7ogtyavNKYW31GNe5PJUR0HOgTKxAAxyZ4j JOy37iyDFUNxbUfco0Y0COeSh7aT6+hXwFRWVUMB3bFi0J9oAjrgxm6cyh19YwEL UtZfzx5p5FS99v0rIPL7qyJMxLpNkeN+YRiaE4mHKY47SA+0BwO1L6PKMQAchW8q DgirvnIic+RUZoDOGMhAMp82B+MwC8y1zR+balGM+ICMxBWoemJZUgBkOPZYWs3+ +cntH/WumpI4BEJwMiioSRVcaC1z2sGLXsT6zbp5iMB8YGihvSVrV2AN8+BBweyt CFmPSbL6SFaLzFGfF2bMat+VGjo8p1p3BEg4S6poDFTZhV1LmsJTBnuDVeLJs/MZ vrPhDy96nXGItQBe6HQmExjj/DMDl/mO9W+DK5WiVWCxCeDQfPfuZC+d+8HPCG7x hAXd1nzvoZrbva0/VWHuvHOJPZtcnNeQmp6Y4GD668PD8Tjfj8T53CID44BKMENo WdA6ZnOcTjj9vSFRbhfzWboNtZKJI08X8AOqwkMgzuJz22wYZNP9W3wIE423w8+c b/FQy092uwKA2Ljl7umhRkrbifahiaBL63tCfDfzluvaZjh2RX4= =vTsM -END PGP SIGNATURE-
[SECURITY] [DLA 1744-1] tzdata new upstream version
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: tzdata Version: 2019a-0+deb8u1 This update includes the changes in tzdata 2019a. Notable changes are: - Palestine started DST on 2019-03-30, instead of 2019-03-23 as previously predicted. - Metlakatla ended its observance of Pacific standard time, rejoining Alaska Time, on 2019-01-20 at 02:00. For Debian 8 "Jessie", this problem has been fixed in version 2019a-0+deb8u1. We recommend that you upgrade your tzdata packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAlyh4hgACgkQnUbEiOQ2 gwLS1A//S9NGbu15AdbZP2v1/NDz88iSctXm6fIF/ZCzfY8DHUcPBgTl6Z2dr9iZ dZvVgzpedcLEE61CHmuZrtX94nKZ4cioVVF4RUaDckgSFaOHnOeMuxROxlx3oEdZ GjPl8ztYaCA2mzVUPIYDOxbVNowScGmdabOR9g8tQ1HsjQBud2hFkkA9FTpElYTR 40CS3CzsuDcg1XMTJIAoSOwoVDI3HvJBhEWc1w9A5mSH5QXr7f1H7ODLA1PESxIi R9LMXjsqDss5ibtHlz0y92ucEbPXhFwvnMwkNq5gOiVoxqxyPheR2rvLksv4xxX8 81FBKkjeo+8sWp/MAUvsN1t8KyuRUrDOk1RZTDEg/96hibg2jRROtGiPcw6ErcWU ZdXZLefTx0AVkaBVZLy0lNlCW3f5E2BOwYYyO0uMteoVeh8o5RqiTlX//ijsAGK/ Ha/NslWC7e3Q3+C5Rkebxmyhj8+ZkLADo/+3NK+MRkwaIR90BppDS4tkNlK9D4J0 EXEbpKQlVmPVsy7lXxv+9dYKqEHGcvSb5Ux5+0aNBgIca+HRoH2n5KT7XCGOnEZa 4CqxzmM2rD9idIKfo/z3KFGgFaTPe/ejT212mxZvNUHk77i4n3GW21FiDYpxz3el qkmMjBuFIs2Y7PyI/kYuAYJhV4cHPfNYa8y7ZdkdTeBXuhcUK7E= =Osgt -END PGP SIGNATURE-
[SECURITY] [DLA 1743-1] thunderbird security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: thunderbird Version: 1:60.6.1-1~deb8u1 CVE ID : CVE-2018-18506 CVE-2019-9788 CVE-2019-9790 CVE-2019-9791 CVE-2019-9792 CVE-2019-9793 CVE-2019-9795 CVE-2019-9796 Multiple security issues have been found in the Thunderbird mail client, which could lead to the execution of arbitrary code or denial of service. For Debian 8 "Jessie", these problems have been fixed in version 1:60.6.1-1~deb8u1. We recommend that you upgrade your thunderbird packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAlyh09kACgkQnUbEiOQ2 gwIO9g/+O8pnr6WWawgqZXC+6FRPBYYUzucv+39whdKcydeXX2GWrKFuWdh+fjXf WK0syZfLeQsyTjUDZ0l9ssunZquwFTV78YF6S6eck+uQPjcnfIB7NV7/5wkI7zV3 TNiZQZXobp4frApJNiw2OanuwXN8WqT5sRaFb+lniUvRmQ1Dt4dX/OGSmXNcLCh4 6hulQk3w4JdpVLBuOTFwDN+aXDZlCyILjoRTQMhF+4UUWSWGzcc8fjnp6e7jpew5 qeWyKYT00bGTINfSk8fWDoDTdhkHgKB6Jzs2vUdxi56aAPHtNxvJuOIZ2Tzm3aFx 0zvAKnM10v+jB1a5/YznTVbctbKCrRN3HgZph01VlE9ij8j7EusNFbqIbop7TmNB VZiUoKCSgLwWfaw8RMUBbdWvSv0jJ1SJ3lgOaIVGGiW9RZqP6FdcU88jNydpbpdN xonZA6t7SGgJWsdbctLXq88nUyoZuME2rbYNof7rph+Zp9IqsEPPahIOIwkc4dEy 7mJCKYjudxbu4c5/acrsZLzLTN8mvXpoIWnluJURL4vfUh18EmAxzT65sgMq3tL1 ++FYEox7aSJop6U9/wYIdEOTAOyzSeuIH6ekooDuZYsuNqBvgK2agnKfGZdRKO4M RSSMz4dffbRiHcsdIR72cZv9+tH5qtCSoxLjmHoP9OJ45a+h2uQ= =5vQG -END PGP SIGNATURE-
[SECURITY] [DLA 1732-1] openjdk-7 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: openjdk-7 Version: 7u211-2.6.17-1~deb8u1 CVE ID : CVE-2019-2422 A memory disclosure vulnerability was discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in information disclosure or bypass of sandbox restrictions. For Debian 8 "Jessie", this problem has been fixed in version 7u211-2.6.17-1~deb8u1. We recommend that you upgrade your openjdk-7 packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAlybRUIACgkQnUbEiOQ2 gwIX+Q/+LS0Jag8PGk1Hy8RnxorE93hi2fGOjD8u74ZID4KRfMNd/81yK4Uhg/+B H744T1mY029DcIsB8yYx5hLYD0M/Ijh/sIGq5r2kANoyIMRVk5L+A9UpX5fWwx8r h3tGUrQt9gPKS7sG5TjEpcdl4fuQ4tRbqsV2lpzLC92dtJOnusv4oR2YfWhqKIBn TrWPOxctTgMMpPGJTiJiMoFAQcmDHEv4iID3kx+TT+H8aceuj+NnOaWtVo7JAyDi MZFDXtPZBauHzG/SiLMJNFAtQhdnTIRJdt94dy6t9L0BrZd3xvXqDTUD7Qyhm9t8 mA3XjIKBD5mFjBh89SZShb85pnjMk/JrWAsaSAJYrSAt5BwJImyEylwE3by7XFir 3vcGCjnhJvex6fMHgZc5jMUh1ftoXU757cdgXwU/m4B2wYDKYv3gkhtbXgQoNOK9 f4k1hYUxziOCnACtTyHFjYhp5ko/y15ZRD85uDd+9z8RM4kHQKMcI2dNvaZZ07DD 0s+iMKRtZ24U8Ia0iDctxU/5mALcSDOf/sNUoxajLWef+dMPxuGpgPnOM6CHg2Zb lgvFMpcnPLSHGBBFBo+cNMjMIA5+d1kvNIon5xEQNtrB07qiCzEy2KQsQZlpU/kU A9/Ny7tjhqB8OMMxI//uDdzYVSgGopqxqnGEg434NHN9mMx5+Ng= =+5k3 -END PGP SIGNATURE-
[SECURITY] [DLA 1726-1] bash security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: bash Version: 4.3-11+deb8u2 CVE ID : CVE-2016-9401 CVE-2019-9924 Two issues have been fixed in bash, the GNU Bourne-Again Shell: CVE-2016-9401 The popd builtin segfaulted when called with negative out of range offsets. CVE-2019-9924 Sylvain Beucler discovered that it was possible to call commands that contained a slash when in restricted mode (rbash) by adding them to the BASH_CMDS array. For Debian 8 "Jessie", these problems have been fixed in version 4.3-11+deb8u2. We recommend that you upgrade your bash packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAlyYwccACgkQnUbEiOQ2 gwJ00xAAha7Q/3rsy3EwilgHyJwnV5PkXBQ8EAgI1KQ6EuqWWLsDykSQ2zmG79dC DQDK1Re0ikpZJy8x70GwW+Nf61s6bJFMLRrxApnKcn80339qXEjMdgoHsHP5qIfm dPxKk8ulR+Ppdcq/Kjhu90wT0+v7k4XusucB6SAZBmUdAL4qns93AN4svjbSlsrb Nr5QM1mzc4d3rNXTCn2Ek5u2bMipHge5tJlmncWljOInvGXMTFsOozcL1A9V3+Wc l7o3dvF4bEnho/A1mRDUvdnPVrFmUfBJrIuSoTOvInLd2ebS1+Uijt4a+dxWudZX M1X9OERN3+uVCnLz/2AhVsmfO/AfRI8Vt0RL7dvAQKPWUmZqNDIKK7O8A6bh7tt2 5Fn+1SALP6TF/Rtb5E5fI90zIydsJDiNIBL2TyGsrL+w+kCxmhsj7BEnID6iC50/ GkpmT2IWx8etOHNag8DxImFwNLj1doDueXxp+nz8guhK2WV6ey+i1iYxbU9ow9kH Y5AlCD5pcPRezj0YEfSuDzvPlJ0qDEaT0mINPdChktaOYzGFzCw+Ufx7TgRm/mXX tdGjOnzo1J/GWMBK4D7Ztf7wzWmeInNA4vy0t0s859vhHgF+cdEs4al7MUWH/sZd Qs6EdrkWxBOyzEZLoOl59Fhn7i7KLSf/1cQlW1lNTzV/MGSRFGM= =qNdv -END PGP SIGNATURE-
[SECURITY] [DLA 1724-1] ntfs-3g security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: ntfs-3g Version: 1:2014.2.15AR.2-1+deb8u4 CVE ID : CVE-2019-9755 A heap-based buffer overflow was discovered in NTFS-3G, a read-write NTFS driver for FUSE. A local user can take advantage of this flaw for local root privilege escalation. For Debian 8 "Jessie", this problem has been fixed in version 1:2014.2.15AR.2-1+deb8u4. We recommend that you upgrade your ntfs-3g packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAlyU+NEACgkQnUbEiOQ2 gwLxdQ/+K1rZ9xBdzrfbAAGeooLCL1+fBCjlY3I1lA6vWcLEL+WiMJA0TTIoy+XI fHn6zUCmWoNwXqO4NM1HkBzHUFWWY0ryW3oxcxKpF38jfKQ+TwjwPkhcz/cIytnq UynmZDvo3AG+asliLSa8dAn3ui/P2NReZiR4GCL7u9SRgp5JF+SHzAII/RoHCu5w 4KBxC51UA8cqe2ZK+kqM5hERY6ZBh53Mp7y8TCOfQ+DsQdJoQM3qYUzjISH4KIXG BSuXnW/Iey+/ybi7yhBVd/VQULRcmeHCJM6YAnxNgmTSsPVQd4Uf+AvFLntAqJ4i kgfAYHgPN/xv7ZCNwQKvE9i/Wd8o7IuaDsqI2HooqlD+S3vpf6sQxOSkKlZ2ZyKt +jN6kLHUBxUoUdu/8VOdYqJGgcGB1EFeIgreCnZ5SRT6nk4oXPov7/J+gDQn+Cfw bPOtdaB3iEi4caL8DWHWRvYTLQNdRMsyymzbIzr3UzwtEd99cLrtBNIxpeENTYtw /Efq6bbBj9efvFxbynAp9GtBA+sttbQraGHtEgstOrDV6X+qmQkUSuKTjsEvCrIj i8F61i9/ruVRYFZ9U6n4zQwyM67rS/ziWuKtey4LUEMnMkldAJxzXIkaPYI4edwj nJAugJ3N7rSRHkeqZJGxJYooeLJRBS8sq53uU/TRHopna0IL9RA= =56cb -END PGP SIGNATURE-
[SECURITY] [DLA 1722-1] firefox-esr security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: firefox-esr Version: 60.6.0esr-1~deb8u1 CVE ID : CVE-2018-18506 CVE-2019-9788 CVE-2019-9790 CVE-2019-9791 CVE-2019-9792 CVE-2019-9793 CVE-2019-9795 CVE-2019-9796 Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code. For Debian 8 "Jessie", these problems have been fixed in version 60.6.0esr-1~deb8u1. We recommend that you upgrade your firefox-esr packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAlyTdxsACgkQnUbEiOQ2 gwIV3w//TOif8ZAh2jaaasAn/iLtXHGMCFNRF8ew/gdcqm+nnKOYWKSHOXqqeRe3 UyZRbGQI/t2qmP3sSjM2fXN1HOMTalc6uRnFSkfuUT/H03BOTWoX0rQaUznX6w6G bxC9I/AxqciuBEGZv56YYNanTyhnqpgF90WkQ3KAvnrcjccgq51h4U8e2g3l4imy Pjdhu4ZhHgg4fvlWjWxexSyCClF6yuqeniR92fs2gmtfUQo5R966PEVvHtgZWj6j vMV6xwfhwCsLRb/qD56hD0Dg+76n46wrVmqqWyvkcxvnd3DULBpvMUqgsI/W7DOj KOIchWkgaWMu9DHtUtb/kNFQPNWOKxc2sLg12lGDsNMuflyyZ9WU2zzp4KM6U7Oy NrdGHP4q5Jp2vaCUF9+hYaZPTlKoOJln2WI2+xyVrL0aSbaBaUxWNdxpsgjbpbaO kiC8JetPDWEr+SuLMspdo4ZWM+0WaxY/gTDmH3ewAcMRHIibPMyRUVLrB4YVKIWp 5Ae4d9AQhgOhSWg1e51fTTfX/gD2CeQWPOdvFwAVQ464+kQbMDkRcpBPpNCa+nvW RRzvwBVhptRr7TF3kSWybXJWHRuoXhUymepwgQYvbpxuOvhoRfRKlcrNM/1QMu69 NhssW3g18RERoz+cGbaJr8ELRkV0ZCvwtJSCV8sHkUmqaKRtCb0= =oKor -END PGP SIGNATURE-
[SECURITY] [DLA 1712-1] libsndfile security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: libsndfile Version: 1.0.25-9.1+deb8u4 CVE ID : CVE-2019-3832 It was found that the fix for CVE-2018-19758 was incomplete. That has been addressed in this update. The description for CVE-2018-19758 follows: A heap-buffer-overflow vulnerability was discovered in libsndfile, the library for reading and writing files containing sampled sound. This flaw might be triggered by remote attackers to cause denial of service (out of bounds read and application crash). For Debian 8 "Jessie", this problem has been fixed in version 1.0.25-9.1+deb8u4. We recommend that you upgrade your libsndfile packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAlyI/X4ACgkQnUbEiOQ2 gwLyHQ//WB9Vd6+C3BR1Cfx29xUmeLx4GiXjGLZdcEVotH6sRsgG6DQKfQenqDMi sgRPwO3/4AlEl3LI7RBsPApc6jY38G4rMa1csIh8iVcrJkM6lGY5xiHHd1uBRZRw OoboMQiVTDv0skJtnHVg8ZOta1hafE0lgMAXW7PW/iLNiQIBs3lKKAd87tsXDLXn JcYPrNwXeMe6mzZ7JZ+zl/pVWmQfnMw/IYyRUbD8iOQBrbRQE38UTIHRdVRwS1Op fwpYAeWeMvZNsk7Iaj38YMR6xKgn0k5qHVoSDgetw+tS5v4Kx5KfPTiq3ZzbIhFU 8onySMKPO5k9LVfDijODek/bAjCHO7E1F9W7WvU4ZesCmXZmGMI29xl3K98zh5RK E7IR6UzlJSWVd+G0IPAE917q0+16tNXnppiuoUZLmQj1AdZPnEHU4vNvRkHXZ0Zh aerGDqrZ/3+SuLZKaC6Zc4d6oDsE+eFl8z1tZLdOE7iI701o5O91uhp8QB54OvzA mMu1WitpWfhWEhO6D17x7GPsuu6NIukBgW4V5HZxDBsZ7eat7RYfGMh6LyM6uQNV MqK/xf+OHk2Hj2H0B5bcxsInWL0nyDbqdJXwxLbt3X+Kwx0OxHUw1bi7G+jVRHHg sX0ehGo1KZR9RGAs/F/CeGvJ9q3v+QHvh6/W/rFiMbbCHqpeB/g= =HiS7 -END PGP SIGNATURE-
[SECURITY] [DLA 1684-1] systemd security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: systemd Version: 215-17+deb8u10 CVE ID : CVE-2019-6454 Chris Coulson discovered a flaw in systemd leading to denial of service. An unprivileged user could take advantage of this issue to crash PID1 by sending a specially crafted D-Bus message on the system bus. For Debian 8 "Jessie", this problem has been fixed in version 215-17+deb8u10. We recommend that you upgrade your systemd packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAlxsWMoACgkQnUbEiOQ2 gwL9Rg//WDV2Yuj7f46NSXH7FSAlxPLi7gldKTCoSF1J0/Yt9wIKLslgXu3zh2ah 7CCpbwra4yXeXy/kBW+yRuIBNTZH6FPE4o+FVR/ulHAy9qRGFvaHdxdsemSbVevp cGlXlG0CLsL0GJKvDN6u9gZZLugMcuQroMrNRSESE2vF9Wo5dZybIMtiv8xi/cn0 06EnGZIyxiINhGLeS36ng0qlWgu9dg5/OkdPzeT+wlLJ4aVtz1wCzW1lE9zqABbh NMV3dK99Afssun5UYRu4AlOBnjnVoPKKenWnelH646WyuKi3KxHQGWoanNA139uX 1x31IkJ+wyaawPug7mYH5TmL8YCMBx4vI6Nrrc+EEGYZNW1d/hG54ismPuN+ZV6D DEoIXS+3dGdL8Wmw3afUW/p4yDyle5Sil+D+dq3678kJve8YjqZvV5MnPfjppsw7 CgpqPwwYHDkWWanmmCrQPNjN5DsklAq+NGyP+Hh4nbfHN/ejKz3t3wJn3DIcxbdm Q+hKsKkIfMeaxc+6OSmFIUELvB+fqQlCTYCnTSFr0JcAPrwGUewLo006fSQNJ88k HzFbmDHxHZNBLbglXJMRRufr73O5nJODUeHyruG+ZnlJU4XAAKeoyURAX/rAEZ+2 j48u6jI0PJen0gYgpPFsleutpwjkbHECCpv6zvGkByBlh//9NTs= =yZ30 -END PGP SIGNATURE-
[SECURITY] [DLA 1683-1] rdesktop security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: rdesktop Version: 1.8.4-0+deb8u1 CVE ID : CVE-2018-8791 CVE-2018-8792 CVE-2018-8793 CVE-2018-8794 CVE-2018-8795 CVE-2018-8796 CVE-2018-8797 CVE-2018-8798 CVE-2018-8799 CVE-2018-8800 CVE-2018-20174 CVE-2018-20175 CVE-2018-20176 CVE-2018-20177 CVE-2018-20178 CVE-2018-20179 CVE-2018-20180 CVE-2018-20181 CVE-2018-20182 Multiple security issues were found in the rdesktop RDP client, which could result in denial of service, information disclosure and the execution of arbitrary code. For Debian 8 "Jessie", these problems have been fixed in version 1.8.4-0+deb8u1. We recommend that you upgrade your rdesktop packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAlxr3PEACgkQnUbEiOQ2 gwL88w/+NQ0SVpQO8aATxWTlPXxUyNdG8YCiabHdRmzMFpvl81JwbDubtt4TZ+MD ownJZX9kpiAdfTiGbN6n66faXAW6u+bXeeZTQy/N8ah42lIYc808rZi/44i20zLS tcunfyWvBPcnp5csFABNTW8z6dihxWHIONsdy3FUqidc1zNYQyqs1E5svm649uO4 SuzSPey2xJGCo8nhZXQL4AUDiRNxi4aq6BVsf0+4w1WszVR3+3ViMjITvOKmRLVL IGNujLW9JHPr+cUvyBvb77lYibnVHUq2nU4zACDADejtOcB728SJew4xltSCvvaR rLPd6zXjqnN4IXbjstJ1NvyDcLzXxgnnrvUD95HIxWPjB19Tut077Iy1QS128Gqr iUmiySd4gOvViHxwZS9qsfQ2IkkWxjD9U6ix+0Z3mywYIUo/IJ9NB+sdGBi70Eo2 9s6biaTyMggKTT01ppp6vKbR1qU/75K9Veo3MKxcirfOsXzy9YBDqXxevUtNisw3 0CBKkHcJnRDO5nslGJc3D9rvuvd5gooEzRmuE8Ofol4FNQrdKMGHUpuybFvvsUwn DZwJunMswx25OZuqSatt8Eirr/YbB+rLAM8Ca1jPY8tI2thfAyH1SEV7XRpFy//h i95vTp6Lol123KkW/+RLDlOLAuym/worI1MTVB/2mgGgBpX1H54= =AL7b -END PGP SIGNATURE-
[SECURITY] [DLA 1678-1] thunderbird security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: thunderbird Version: 1:60.5.1-1~deb8u1 CVE ID : CVE-2018-18356 CVE-2018-18500 CVE-2018-18501 CVE-2018-18505. CVE-2018-18509 CVE-2019-5785 Multiple security issues have been found in the Thunderbird mail client, which could lead to the execution of arbitrary code, denial of service or spoofing of S/MIME signatures. For Debian 8 "Jessie", these problems have been fixed in version 1:60.5.1-1~deb8u1. We recommend that you upgrade your thunderbird packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAlxoXaoACgkQnUbEiOQ2 gwK/aRAAkOM9szWovA4AXiuDhqsKacxNNHPW/epAx9MZg9nhmSsd6H5n19rsasbK K6pJmIa5UziDr1XwXSCPjjSI5c0sPrNbJtEYCQDA2PSIE3NDyPwKhoBKg4z9HSzG +1QS/G4EcVYblA38WBv0hXlgI5Ldd7/5cs8sVHcqVRlaHIWhTYlTQxuKucIVddgZ WglOnsoYjpBoPuUiCyNdbC7Fsqqi1GOgPn+DUus9NKIsxUtmrEGl1UVo+4SQaqsd 4DFjgr7TvpCWBr4tEEK84nwbTkjbe8AFZRhSrkLO9hNXAm3Qi0GxC1FA4KUlrFz+ aaMfEuyDb0xpMOvhMjqvPa3mgcSxQlz7819ypV2NumsXJcHm5SLIZXuahKfzyUgK 26czPYOmlIQM1JZu10MNX8L1pWmotcfhmt04Wv3M7Vgk9H0h7xVRv2i0HSEoTere 4abLn87I5YkXAU8kit+POu9DnUK6RErnoIxWK9xv8HR83PnVbfwavLmfuHzLEVdI ZNlx8Xfe3ppSBLVA0szAF98ySDfmXBDnTc4zXj/W/4TgifQIMdtyf1+Enf8q/LBF AASWxDiR5x4oxj/Zn2eDNJECP/kxXEyKeCVFkAN1gikf3rfqjPldZ7b0XaQRkt9y SNoltAV6TzMQuiAj+8tkyiHObX+QsH0eW47Xq0doN2lcTTTRSPE= =8CA8 -END PGP SIGNATURE-
[SECURITY] [DLA 1677-1] firefox-esr security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: firefox-esr Version: 60.5.1esr-1~deb8u1 CVE ID : CVE-2018-18356 CVE-2019-5785 Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code. For Debian 8 "Jessie", these problems have been fixed in version 60.5.1esr-1~deb8u1. We recommend that you upgrade your firefox-esr packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAlxmrVoACgkQnUbEiOQ2 gwLeaQ//en7NRTKHTojr2D+YSpitnUEmBWfuuPROQ/Y9KwLQ16c7103fzqmz7aVN J35qT37a4zxZ2zPmha3sFh/IEZdshVV64imVvxG7xiXhmUSvet1BY/1qRHNT1gCS qXp30mYpyPWAP2nx2y2OUUr+DQE/uPBw8PyeFWWT//wMIFDitl0U+eyzdQDBsjjs m9kbp7uIZPr8xJoRpyZvRqGUhukGLnrDUhQF7FuKiafu/BELUDyOVMZdyOpDelwA erZbmkmm7GWWsH7yaeiDH9Sw+SSGFCF/D1wWx2AdRmX/EcR2O3ib87ug0zdQBhIt P7UIcnki/cDi9jV3NOrA2hVpGd9qMryie+rnnYKOwzwVpPV1aMZyppEKBH7k+pMc 4ODgVLh5fRXnvFmhduXc1oRg740Uk/ZhczVptWQtX9pu1LtIzY60Bc+GFgCpLVs1 PNT8KE5Wa+MJvwIukTUSeMsTo64djL5S1lWfUW0lvc+WSVxepeo6mz9ge7dC/wR1 IXGQte1iDS0K+DwHnbkQj8LWnKFDCyCijnG40mr3wO706KXvURkxbXpiUh4ikitE qmYrGPK0WSvXAYHz9f/W8nyiC/3Qixd24FGuZU0w7DOd8zWbRGv9gvc1WELZ7g1l Goua/+1e75n69hNIQmtXa3dZ5LRP9wf3lgbhKz4aXY7KBoWJjoM= =z2eQ -END PGP SIGNATURE-
[SECURITY] [DLA 1670-1] ghostscript security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: ghostscript Version: 9.26a~dfsg-0+deb8u1 CVE ID : CVE-2019-6116 Tavis Ormandy discovered a vulnerability in Ghostscript, the GPL PostScript/PDF interpreter, which may result in denial of service or the execution of arbitrary code if a malformed Postscript file is processed (despite the -dSAFER sandbox being enabled). For Debian 8 "Jessie", this problem has been fixed in version 9.26a~dfsg-0+deb8u1. We recommend that you upgrade your ghostscript packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAlxhOPcACgkQnUbEiOQ2 gwI9OQ/+IZ1ind4UeMXs1nlTahELEdQAzKOgtsPn51gl+2HW+PNIyYn0Offf4sHF ck1TSwcl9F2OqEev6WHrPtxBVHXk64Xny3NN8DC/D4YddP3beemvS7lvtyXhQ5ob G//D923qj4OSDfBjmIy3NQwnYgPpqKgFBFZ+gdPR6uZuOuHTu87MwE+BhqkJXZPN yvwHl1lToPpueXrxuSV7KsO8D50Qu4lhu05bY4ifz6156aDC/JKprC8h3In7u2ct NNd/OkKfwg4flpYk0wfxSmeWbxDc06ruaSpkZOYy9SxvqcfEFlk/pEePzxRwuNpl SoscFTU0RAWWS+9JXRT+vavITZvypWTmIuaKtTL2m+KdEWYgEPH7HL73Vo+u/zgs fT+SRn2KBpfB8JQJNuZnddBNj4w3f2E55JiW008iJBBvOVvyyo27Y9NG5W3mRV7a 3g9zRWZJ9dPDGrhQIHowMrx6cVxags7UhaVwn5CVAqtw3S87VrrD+1Y4TC8Q6L96 BFcsvGSo7l3cXFJ7/ulk0Lg3FC9t3RF+Rnkwl88Nx3vMD8vtXMwv5LRH8r8pFjzw SxLLqFio66mG2+uNejNuCUk6YW9vFJFeP128YZOlMuamWrSug6Nq3E54/wMwNhjx op7j77VZWvROc5NRduLGEXRJiQPHDqASd04aWXYM6fx24Mj7Fkw= =onkV -END PGP SIGNATURE-
[SECURITY] [DLA 1655-1] mariadb-10.0 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: mariadb-10.0 Version: 10.0.38-0+deb8u1 CVE ID : CVE-2019-2529 CVE-2019-2537 Several issues have been discovered in the MariaDB database server. The vulnerabilities are addressed by upgrading MariaDB to the new upstream version 10.0.38. Please see the MariaDB 10.0 Release Notes for further details: https://mariadb.com/kb/en/mariadb/mariadb-10038-release-notes/ For Debian 8 "Jessie", these problems have been fixed in version 10.0.38-0+deb8u1. We recommend that you upgrade your mariadb-10.0 packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAlxUAykACgkQnUbEiOQ2 gwJDvA/9FCwWJpYtL9HPbJHGI4vp5EDxznNb8dSQubKXP10PP87ty7/2IA0RrvwE jySuVooRSF3KVj9LtGuys/Hsd9yb5An7nFVaTdvysH05F1uMVd1w6DhORVrY0vEE 6b/ZQpEeyVdITXkS9Q9eiG8WRnrdSsUv2sNY4FnQDUByuNgX304biKveOzRFKg2K n1zKx9c2/4tp7tT/gdfgNKmfYWDviXElq3vGhapBJG15ES+q4oGN2jvmAwvt24wf ZUya/VFUgoAibgEB0ruasKj8oV0o0QfFoTkHi3+Pm/ublZrVehZP2yOXr40wqMSf i0skKkBqxm/ekmCzJBt//BVh/rfftoiADFazDQYaMMkCe9kqAJQurOSXXmkz+o8E c7ULhmxQYeS0l4WbYsi4TXxYUq7kRcERBJ15/Ts5EJjr8dpxVpP7y10mrtdwnsTj uRz3gEL+74WP2ksLg+NwbwpmkaGHuqkDhXsz33fE0C3UWvLhhOX5EEv0OwBYVWTh OFbo9mTsC+atIYO0JFBAPbdMqPCmeVsgAN/op7D+G4TJNFSE+acp9uw+rAt1UOjt XTRhYG8MbiYpug0Dd1aTqwXyC3U9FjHkz8TcqoB2rGeulUmsmLaYNwmaaSJtfAlN MU7gXYUvw3ybMIeEpE7oRefJ+VQOgHSEcyrxJQfteKDuxC2OT5o= =Flsk -END PGP SIGNATURE-
[SECURITY] [DLA 1653-1] postgis security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: postgis Version: 2.1.4+dfsg-3+deb8u1 CVE ID : CVE-2017-18359 It was found that the function ST_AsX3D in PostGIS, a module that adds spatial objects to the PostgreSQL object-relational database, did not handle empty values properly, allowing malicious users to cause denial of service or possibly other unspecified behaviour. For Debian 8 "Jessie", this problem has been fixed in version 2.1.4+dfsg-3+deb8u1. We recommend that you upgrade your postgis packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAlxTQScACgkQnUbEiOQ2 gwJzcxAAnMS9Lq/M2vU3GfSO0WPqLZayL5A/772xLDdUKRHGBeMnkt/ZArS5keK+ AGok/rrhlEQBQLCgWsYFpdL/dQoPbYiNBrxKGSnDpw5oBkL5hUHyMQxZWc9JFFA5 o3qypOEzKOYgWmYmwT9be4MraAYQ+q9/UhHlTpTOqx2GPEEVnuAZ+80ImsyJ8To2 kuATuPowTSmE+MDdIlkR7xV89KkA7NY9ZAZ3JBboESiLYg3o8bXVQNtPrlBogGB7 AyUukdx7PPN8XPvRPvFwKr9+uQr4vDJRusLDyK8C60mvt8ONXx0TVIOeHXBfijqR 6kf38a6LAffMtEYJFztnoZL/xemUjTNFSUgy6I40DD1MC7MYEXJzF5XUk80v73R1 YxmJdht0W3bDbRy7KsUVtYWKExL+2GCPapbZZ3iMOmCma1Q9jvOqdTV1BOHfoINy AUIEG+jPGhyDaTAETkcUAVKPZr6BrIm9ifplxJ4RVpQLLCnwr5Zrrt8H93bk9o/h X1F0YP3wkb51Kbo1/CPKhuWxSgR90hEyxRisajshFbcvVy1E3NYThpiU5QNQyFiM jQCn/tX0ezK+ZF/GsH3jR3EyYMcNeVpYSt/YedAp0QzSzAP1tYXuJsG8K/AEunhp EmX8NwraNI5kIoVuVM1EZg3Gk7Hv2xXKal5ROdZU6OPrZXiA3HQ= =LiQQ -END PGP SIGNATURE-
[SECURITY] [DLA 1652-1] libvncserver security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: libvncserver Version: 0.9.9+dfsg2-6.1+deb8u5 CVE ID : CVE-2018-15126 CVE-2018-20748 CVE-2018-20749 CVE-2018-20750 A vulnerability was found by Kaspersky Lab in libvncserver, a C library to implement VNC server/client functionalities. In addition, some of the vulnerabilities addressed in DLA 1617-1 were found to have incomplete fixes, and have been addressed in this update. CVE-2018-15126 An attacker can cause denial of service or remote code execution via a heap use-after-free issue in the tightvnc-filetransfer extension. CVE-2018-20748 CVE-2018-20749 CVE-2018-20750 Some of the out of bound heap write fixes for CVE-2018-20019 and CVE-2018-15127 were incomplete. These CVEs address those issues. For Debian 8 "Jessie", these problems have been fixed in version 0.9.9+dfsg2-6.1+deb8u5. We recommend that you upgrade your libvncserver packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAlxTCM0ACgkQnUbEiOQ2 gwJP1A//Tp4+3c+CrteN1xP+FrgpM+Va9i5hKfD2MroA5BeWltYf5QPVomdJzdAg ZTV2Q3jz+0bn+FwrDcXhBkAyJo1Axfj2U9fcCaHVs0ncZj/wTs9kYqt7ltqmP01q JkdKZXbfdMjRB1WsU9zQ6KApUMoTRWvaUmC1UNjWNnAsivBmbv9WEm0o3x0en9nF 3oZUeJrl1BX93PGy1niH6AA3sa5KTca9MgXrefxU/U24bmTshwNs4oAPGZIJIxYJ B/TB9UGwCf4704aQYJMmf7BanrnZ42dkjmrBcRbHoPuVZ4fPX4dsCrmHUPMRHkj9 fKV3jC/gfTm8n7kYJLyO0M6Bq6rOZr+VAf9nnxsryMDKr4XPIRonI7rkkwanAXNW qQ3OYkSvusEyU1GHjZh5MKLgw1oSjObqT/Hjd8rcl+O23IZrliZ0PGTU5wRxf8pZ WJs0Oh8xWT3RsVOVQ1/NpivPfYWa3rYwRKKMHACDkyUdGs0Sk8gqn8ItSaOe2cdi wBnnTyx5/C4zGetk1jbsPkSl6JNM9oHcVfll7BN3teq5hOrf1CtNZKBQKBhzuwS0 ja9m439cZJE0Su72ehFPdq6iaT+aOnFiCIQthHt1nR5hdZ4cLaj9j6UzFLtM30nS xIkvfpC0qysCnlJC4uMHDOjms/CpEik4tK5kFSl1VdQ+u91wPOI= =T7CP -END PGP SIGNATURE-
[SECURITY] [DLA 1649-1] spice security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: spice Version: 0.12.5-1+deb8u7 CVE ID : CVE-2019-3813 Debian Bug : 920762 Christophe Fergeau discovered an out-of-bounds read vulnerability in spice, a SPICE protocol client and server library, which might result in denial of service (spice server crash), or possibly, execution of arbitrary code. For Debian 8 "Jessie", this problem has been fixed in version 0.12.5-1+deb8u7. We recommend that you upgrade your spice packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAlxR0KMACgkQnUbEiOQ2 gwIcvQ/8CTN3oXVpYlP4S3M5RDw6hODVs4mVybrfhtejODuDx0GxMjg2Iv9m8jv0 KjIIaiTKc9cDFeRoc0mi5vA4ZBqCY98OFX7BQfNBhEdVbaAUjxeTCXR6Mddg2VwZ Zg9YfVWACCovmcDszmzGzheD7a/x3aWTZlZuwiTC2+aORqWHGsWQhrsovM1aSDoQ VXrAvuuzrtFks3FoYG2Y8RqBT9FZsUfBq4BVBtN7WJm7xsEebFxjhQEgb37vNhFB 9qQtHJ0L6mstkY9Dmb+jLz2iPh0qn1Lxin67P8FOnRGfEYgYmKjqhxDyl2W3TFiX TCksBGdz+Xyfw8fV+thMFKJmUZwfmv550mqD4yKItrxztS06Bi0S3PHU1PMLRhSq VRZzCTY4is672amqPYMuwpQpa4DlpVh6S30enH8IyD0LPwZJqyi+kwgLUJe0OcT+ 2qGGcRpwTAffL/rFlznUBhCQdDYfOCvCoJ+om4E5+rnxFKJrRrXPaNAC5rDzRi7B cjH/JaMx1GEUxGIXx5YCKVXbsGxMvYIiqN8Q3hPed6wDv0iY3uTi77NPsYz8igWk RqWblmYba8NFsfpYPGIRn04Djk1YUsvmMPo0MzrMGBtX5i8Pr5ox28mo7xrQ7ZZV TNqYKCrMYafOsBLrSnjhpKgfvALrnuVHzweVFByvHPfY2QkoaCI= =u/JL -END PGP SIGNATURE-
[SECURITY] [DLA 1648-1] firefox-esr security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: firefox-esr Version: 60.5.0esr-1~deb8u1 CVE ID : CVE-2018-18500 CVE-2018-18501 CVE-2018-18505 Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or privilege escalation. For Debian 8 "Jessie", these problems have been fixed in version 60.5.0esr-1~deb8u1. We recommend that you upgrade your firefox-esr packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAlxRz6sACgkQnUbEiOQ2 gwJ2ZRAAou1WfhL+oguez7MhYY6bKoBKxu1hWf2nbHX9k3l43eV/IuW5Y219+Bxq 9Fx2HS8ljIGkwIFan9hyIZVPJWJQFLvHLtO08a/eXA5HPTXBgl4ElNnVKtDYS6wb JU+sP9ELTuVFoZjRG0qhty4wil4FKpq+tSxpP5zNxd06K9U+uuI6hpErnSJmkr+v 3ncDWNtQDqpwjYib0KuV+mf/jRO1v9aGJWjepqlKqR9vXr/ZnnwGpAzpnL58wNA8 lHRBIVO2eVCysx53qPmDuO+rqXV2InkR/fJOf11PK2ejcb6iGlCIzXHWeTWhLWWQ rSTezod6r2nifn6hQELPaTVsD18q4G98qN4x/e90gDHPrkckIpqmCoikH6Y4Cp6y qCy+BsLVLfA9nitWCNpLgtd1iFuTKenDSUPTbonmzjNuKFTx82f9g2DNLMDBKFFc Fm+yiUOtQ4vr9fZONLNwnJBOI+GEbqJ9nwXxNeSScQyirYuZw+Y6rPSkCtCOgzd2 cGzILhowwjf7FAXqKjjA/8sPM+6UPOjJzlss9JoCMR6yfpMawLpe7UYjih77jsex zH2S091wu2KX8PMJnGZCkxFjCRrzb48Er9aXT3i+gAc0whADVuEc8Ya6SGfSx/5Q dx9P1qwb7GqzGNebNj4+C6fIjynELFFRtWeW5D2II9+Jy1nC9LM= =GVnC -END PGP SIGNATURE-
[SECURITY] [DLA 1644-1] policykit-1 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: policykit-1 Version: 0.105-15~deb8u4 CVE ID : CVE-2018-19788 CVE-2019-6133 Two vulnerabilities were found in Policykit, a framework for managing administrative policies and privileges: CVE-2018-19788 It was discovered that incorrect processing of very high UIDs in Policykit could result in authentication bypass. CVE-2019-6133 Jann Horn of Google found that Policykit doesn't properly check if a process is already authenticated, which can lead to an authentication reuse by a different user. For Debian 8 "Jessie", these problems have been fixed in version 0.105-15~deb8u4. We recommend that you upgrade your policykit-1 packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAlxO/fwACgkQnUbEiOQ2 gwJcUg//fmu03pDkHkhW6dXIDiMsdBhP/17aVNQqgo+SRUKeHVE4WG1V4pP34cs6 gYyk38oS6NOIEZ2gs0uOeXmvupuFnf56bhIX4ZN2ndRoLep1pC2e3nHbmrG1Ivrd v16EkxCqerOjSizPlo03MzzgJg3e0745o1StObNEdbk2PHJ8rahc7D9ZaaGO/2Zq apoP0byB6unsnTTW6UVke4ou1c/OY1B7E7ZGtbdPEcZyheM89m5Hu2GODb7xqwIx GRSFa7s56ulKLfiDaFW5P0+PSg0RGqZm8W/kxOK+Ku4Q6LF352K7rOSWBHF+z0pz JUDmZbcZ570VmyfFy7pwRkO2RSr78WI4BIfIlBEMvw0fPzgRbVPegcbF9aJVJU+r PjRK05P3fLC6odl7aAupSv4M/SN/K+nxw0rUr95JHa/XQTfx7djHDhh7WodpI1bt fNCyr1Lew7A3351GJU5Y4vcrs/GGyHSS6yL/+x+kD4jKFGYw7vCYFEWL+m1pHg3Y jcTyvRopkuffZ7wv7nWPbyaf3uOYr1qb9DFqS+HkmV2qMIxdkO5wbE9+jvie6Gsu q8neH1Q5gGpRDq3C6nkWHlDnIAuS7tQEnnBpRhu0lPaYSO5CECH6d/NaFQw0Dyal abwI1rSiOeDOWReoSF62Fy+hIIY4GV1pinaV+hSHjyj/Wydw4/I= =APCW -END PGP SIGNATURE-
[SECURITY] [DLA 1626-1] libdatetime-timezone-perl new upstream version
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: libdatetime-timezone-perl Version: 1:1.75-2+2018i This update includes the changes in tzdata 2018i for the Perl bindings. For the list of changes, see DLA-1625-1. For Debian 8 "Jessie", this problem has been fixed in version 1:1.75-2+2018i. We recommend that you upgrade your libdatetime-timezone-perl packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAlws9RsACgkQnUbEiOQ2 gwLmSg//bKrSJxibPV0DdMoT+WYXuWcyabNFiTJ+QphaTRqFURQ6wl9O0jAJj9Bm yl9vpHOjMH8syLSkynoU2mnKCuxXxWJAzw6vC1WoYFYUgEUhaVgb0KhjF/aBvUNn kS5HhyG6yuheHFKOdSu5VTOTpSzLxQeBw+PiVQDIYd4jnNxG97JK/1DVFsX1fW4D YzF8bVt5e/SKjZFNW/8uS1vCE9x+7W3UJvJQ4aqg4NcV9WLkM5FkfQxpdMvYz9w6 8iSQ8nhIj4WysvazMfv8Z0rS6p9wJDXRD6SdPdz9EZy2UBOXL9N9uMXvYjzxMBlJ jnAnS1BxUyn2ak9NoKXHQQ0Q5xFneeVaaOMB13nOrcfGbS+s8tqsMOSeLNdv2U2M FWxVNMI2OxlWJe1PgvACiE1e/C/xQD9JmUseygEq8A9Vum7q8sJba0tOF95XNRWu kiIXNGW1qeu2kpWHEtWOSHJOPbTp1+NYSAKizRE8beNA0XfEMhbuUeyllgF9LmYV fJ8qzFidX7SWbZKWN26crK6CLwGi0NdBiqfSvws9WnS+RrOV8F99Dduahhfrx3y3 tHMsJZgYDZM9XciyOoZhP3VZLzLlmZjWmmRE137erVWLyLtqG1xyKMXK+zDgqg+Q osMKZ1p4knhRi6Xbq2t89q2l06KSlRXXMgUp+7OI/4PUSPyI9Nw= =BKKe -END PGP SIGNATURE-
[SECURITY] [DLA 1624-1] thunderbird security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: thunderbird Version: 1:60.4.0-1~deb8u1 CVE ID : not yet available Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code or denial of service. For Debian 8 "Jessie", this problem has been fixed in version 1:60.4.0-1~deb8u1. We recommend that you upgrade your thunderbird packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAlws8kkACgkQnUbEiOQ2 gwIs0RAAumtzhhGmJn/wXD2UcgQ/YYDP4iOcmD4zyp8er/C9VyQL+Alz7ZnXPrzF xExFV806XhDItS+wEqPmjeK8fhJxcdWcda9DNBYeYIaHfKRspbAb8zyETyDAuRnV Mmv9GF0ep13BiHxNffP0jLVLyJHPznRfcX3mBew67lpAsniBagyrVH9IqBColacm HSc7B6WKGN7H3ATm1Y7603+zGNIX2b7IObTDYOIq7VRCQfWnezgk5QH8qepuieB0 fSSzlRC0ejdX01YtHeeEdXOg5R8P+GiUs+TSrMjmj4yYrpTEQFGE+Xo4sow9TnEh hdfNaVX5FU5JAxBCVb6wi6TCW1ayZULy4CZLn7OCFr3HRSA2/ciKqO7m6vuB+RuN +j0ukXqpLrpYuY40c+PyExO0Et7IS+WnLudDGPLryGCba8lQa+7ct4PiNdRawv8u dwS10Z/FikqyVluCmQRqMyiWoseKv7THFTOrHlJ4Tp3ibGrFj3n7hkpmAnJlR81p hEnm9POJgXuTXqwZ2ZqYjEJyXxDByi42y1e7v1zcTx/NN0VqVEWfX2GdwnPbgN7a JTOZmTPucJeGU7cv958w2CijIItOgnMCyCHVrUp7UtqmIwFJ9Uy526hHtpYmXvb5 BI14fWmciI0S3Mfp+CCB0D24dawRXaVZvDoVXNOLSrP/5skj5q8= =8qN5 -END PGP SIGNATURE-
[SECURITY] [DLA 1607-1] samba security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: samba Version: 2:4.2.14+dfsg-0+deb8u11 CVE ID : CVE-2018-14629 CVE-2018-16851 Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2018-14629 Florian Stuelpner discovered that Samba is vulnerable to infinite query recursion caused by CNAME loops, resulting in denial of service. CVE-2018-16851 Garming Sam of the Samba Team and Catalyst discovered a NULL pointer dereference vulnerability in the Samba AD DC LDAP server allowing a user able to read more than 256MB of LDAP entries to crash the Samba AD DC's LDAP server. For Debian 8 "Jessie", these problems have been fixed in version 2:4.2.14+dfsg-0+deb8u11. We recommend that you upgrade your samba packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAlwU1JUACgkQnUbEiOQ2 gwLibw//ShDYbgo91SJUABxsdui88iTr0tUlQ0GrU4HaUy4jgUOzu15MTNfUQyF6 bD4plPOxzY0hR2mulDKr/yrRWPv23o+SNBu2TBAZu2J+Z2SAuuL94T8mKX0dOVpR Y14f5wemPhAKlghcHU/dNK9IZKwhuZdsurRoOra/g8vnX2igUmg2GDBUjs1pLirW Rk8QI6RHT+bIovXLAKHGLP9Tcv2RsZCVKh3Ftc+lAlWWkM9yV/5STsyi06On3e8k 1M9akanoO19IJfy3vnbqnU1XKg5yqXILJKQVR19wYdcpYtY1FAmvMHU7+3O6VyMZ pmrRZ1Gh1gv0tsFG4lLnvAHaP3YrjjWfUZXZcFo9IZg9u26cUyyHs+txX6kRcEj4 ztmREltbNJ1QoI+BQ11tWIAXhYfNNEF/h/PkWId47h2jmL7/B5egmOSTdJuP6AUv CAKlWY7hGpJteIUZUSWCljcWS7Dt41VGUkj85q+jpq4E/fy1DjmQDmTajILCt7dH JE9Q5iW25lOWju/xP3XfZYfo2bZWFI9TPylu6irmc+BQkWHPW/PgoGxlH1zHR6Gg tTkbZ82Ms/jg2BMJNytxCud+X+aw3BthYMaLqzBjfAvgwchGqsk5T6Js57YTCp4i swoEGcxZQrGpWupxU2OMeIMyr/KUm4tFyngmYRHyBrptCRG3whQ= =pn0a -END PGP SIGNATURE-
[SECURITY] [DLA 1606-1] gcc-4.9 bugfix update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: gcc-4.9 Version: 4.9.2-10+deb8u2 Debian Bug : 727621 This update fixes libstdc++ std::future support on armel, which is necessary to get firefox-esr and thunderbird updates built on that architecture. For Debian 8 "Jessie", this problem has been fixed in version 4.9.2-10+deb8u2. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAlwTgIkACgkQnUbEiOQ2 gwJZvA/+NRDPy8WY9cLsyL4VUtXZmQUiGmMjuXm1Ejs32ds70gseqpBhrhRN2Lfm 5WHqKmsBsP0G5IJX5kW4vAvdeH/LKHTJxTMLbRHiIOhfBKRZEpKnzWCBxL3/UdsJ AWepCVIikeETpfaG6oo+76FjPHT6/ehr2CWoNKGCF0Xshu4DJkTlkGz5E0Pyex9E FAOOO/wDS6rJYzZhTGKc3GDxR+g7qZZp5B3+/ZfaQRZKKkYxY918cV/mTdkDHZSC 6VJsIe/X3IBN7GcChZEHZJ7UdbVxPibTjXoOMsIXPE9YuoTaUos5wk/oUe1j5roC xppD964oxxwb0SJtp2gBhAZZALfMBow02xTLSSP5Q8OOH7x1JCkkpHVf/DbtgXTV AHfCf/YlHqr5JkxnXrYVISAPufL72TwISZNGYYL7SZ6h3mQCfWNZ6RV1EoAgx3TL m1xIuRti7cSqT3QFgk4C+ZGJtNIA2DuWfKB0jTSUg5BiusX/clrQLNgewbmLZ6Ln 83uVaPup0PWOOcUInbH+KItjVVAPnP5EPvzvXKHjHUTwC2lhlnUXegVoYN3L3ixl GyNqyVYxif7oIsEan9LGBSIZMULr4zSp6RNfzYWuUF1Wkf+0YoRPHX2hbvUGzkrO aqhDjfeFJlRuskd/Eu+dZJ+6kIgOkHNiiwl+MqWK78uaQbJV+Yk= =5LPq -END PGP SIGNATURE-
[SECURITY] [DLA 1605-1] firefox-esr security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: firefox-esr Version: 60.4.0esr-1~deb8u1 CVE ID : CVE-2018-12405 CVE-2018-17466 CVE-2018-18492 CVE-2018-18493 CVE-2018-18494 CVE-2018-18498 Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or bypass of the same-origin policy. For Debian 8 "Jessie", these problems have been fixed in version 60.4.0esr-1~deb8u1. We recommend that you upgrade your firefox-esr packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAlwSImAACgkQnUbEiOQ2 gwLlMBAAwo1B3o7wxJrtVCeyANxISuXGTkgZtaapwrjAk+8290hO5JiTEpxHZ+FO h2LBOEXnlThi7aC6POu0VWZNd3rtNYFWoFZjmrFxCnXcbi8mJ/xCAstDtPzYf1Gb C5VWD59ncmjXTr882/BwmSmA8IEV1XlJuTSLYrMwByx6PyumZCAyf71OBIO4QFCT 9rQMs2YgSNeeS0xCOAKjQtpRCkXc9QMHfybMicrrJGF7uwwHeSvb8qdm4oTqDqr1 88Bf5FSxh+0Sn/CdFBuQJnLsr/yM8uBbAvMVVygjE+Cndp3C5qZ4fO8rZLJGvAE1 kH7jT7OesjZG9nuC2M22g9x6Me3hyOkBtVC1stjjAjTPWnsGXthmmkPxJMagMTGb r678Msvwese/nvnZjiykLJZoEK4QwX1/0DI8HfGqc0DcJy26aXo+GXK90bOWAxgl uQhQGbBiOFew06XPltzvRVukGx30Zr/uTnQ1SS6gcMnTThxpvzgYlWG9lGFdcsvr 9c2a2L5IvYHP3sPYaDgGEIU4d9VI1q2gwrK+vzMRW6zozkag1Jt1VTTuoSEPTmB+ 6Gd/HosYSgOJCccb1R0bZu32fsq2jRvIc8UuV6hI5ZJeORFuYVB8Ni8x4gThqrH2 u5rpoZOEEqqSuzeR1IOiDSePLy3pOBx/NqOZhffEsSS7os/Dml0= =DJrV -END PGP SIGNATURE-
[SECURITY] [DLA 1590-1] openjdk-7 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: openjdk-7 Version: 7u181-2.6.14-2~deb8u1 CVE ID : CVE-2018-2952 CVE-2018-3136 CVE-2018-3139 CVE-2018-3149 CVE-2018-3169 CVE-2018-3180 CVE-2018-3214 Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in denial of service, sandbox bypass, incomplete TLS identity verification, information disclosure or the execution of arbitrary code. For Debian 8 "Jessie", these problems have been fixed in version 7u181-2.6.14-2~deb8u1. We recommend that you upgrade your openjdk-7 packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAlv3Kj0ACgkQnUbEiOQ2 gwJbGxAAsVBkVzBCDVXLIFQ0l9ZBCxaYnSxh1oNME5byy5E1mTklwsF7ATG4GtZo fEGYMw5V2yYNukN1BvBqnrE3vRrJEil6DdrOaHc0wnnagIWk/D11Dcr24S/UN5fQ +0LdvsSXfY+4U/VGF0qXTKbuOV9h2cp8vBGJ9bamRL7zLT3hc9OrAe/TKIpvp2tO rnCZqQOtiuGmJ86sHtRDNl8puFQJ5DQZTtywE+ROHG7hsUVym4X0yIokpXL5xUJa pxr4KXwq54QxD+7ieZVzAyZ24FpJf6GxDwHeVYa74vQXr+bExX8hr6PQheCYZncL WtEaKpjmomTIv3MQXgAmYM8q6UnjCM/cjQlHgUZ5GTTsP0NumiUPEBrGMkYL6Lk5 eYWJNai6OZnWwVzisDPy+eYM3JeZsGiRkRKGFAtu92Jujll0itGj7J0y9nSQUvNa soTxiaT/JVbvYEEEBzEqnLrPk+39YT+cLYyD3m0Fag+g0PVZ8Hrtt4EcUMPkssnh 21MUIQUUqfZkuD4B441EJhLF+pMqDmYtKfPrU8xuSylZju1NMZiEyTJXxBLZ 7v75TdP6lWCTYvlgE/ZtW1NZ4qKoSNVYxyGk+pSyClmUrOrvDoIt5sNjKV+DCrw8 iBUAOpY6H7pdvrfj0Vcap3VGU6eMB77lGbcQ/CQvhqUJ306XwSY= =bK1u -END PGP SIGNATURE-
[SECURITY] [DLA 1575-1] thunderbird security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: thunderbird Version: 1:60.3.0-1~deb8u1 CVE ID : CVE-2017-16541 CVE-2018-5156 CVE-2018-5187 CVE-2018-12361 CVE-2018-12367 CVE-2018-12371 CVE-2018-12376 CVE-2018-12377 CVE-2018-12378 CVE-2018-12379 CVE-2018-12383 CVE-2018-12385 CVE-2018-12389 CVE-2018-12390 CVE-2018-12392 CVE-2018-12393 Multiple security issues have been found in Thunderbird: Multiple memory safety errors and use-after-frees may lead to the execution of arbitrary code or denial of service. Debian follows the Thunderbird upstream releases. Support for the 52.x series has ended, so starting with this update we're now following the 60.x releases. Between 52.x and 60.x, Thunderbird has undergone significant internal updates, which makes it incompatible with a number of extensions. For more information please refer to https://support.mozilla.org/en-US/kb/new-thunderbird-60 For Debian 8 "Jessie", these problems have been fixed in version 1:60.3.0-1~deb8u1. We recommend that you upgrade your thunderbird packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAlvpSBYACgkQnUbEiOQ2 gwLbkRAAsy6YWmnMQsw2XsmLShkkOVFUa8Y0wuYAUNer1QRcWKkWsaLTCc6ytg2U joxfwCGTdbalUaCj7Xsqa/+S9NFACZVjqZY1FYyuPPMNIIcG5i82IWUg+GKCDaGI 4S3gK9o/fHYki7Rnfj363SEGaRWhaLqnaIPbXiI8zYcFZ+6T1MgHEWcyN06RQ9fH 5BUVh8Om233+2Z0tIw8RTjdAPKyW+q442lWt5jcvKrlp7X8LXqYpiVM2382ss5VA kC1RhaXI3M59wjntwZSx3dEKacrNVhvFQN+pfcAhW9u814XR06Uvtvl4/nVcq8aN mIwU6f3870TgvpR7oNVb4laHFgA5RdjHOAtv1ZY5+PJ85v6apoqTDnmED/Cz6UsJ Q8pK1b0+On6RjYwHX+sWGnv+QGxwC+XJ1nkb/oQIhy7GUXlKLpJGdvCFIY2zH24t U8jsoTIUL48DaBg3541l7vJFb0gt81pBReYgzHL3rPxBpr2bKuLXfZ5OxAvvSLEy zddjoXezi0ZNMDPA1mbZel3g06rzzCu9LmwIm9LcIfbqdg9dI/MsNDS0cRYdvNQI YPK2hlekKlnp6bjrFj48c98ITxgLl1oHFPW6DsqWbXPy5lmwRM6p7SEee8/l/28D LXHXGBH9xOqJN21YPdkm/mKPEZjSmz8WMUh258TRq710CU9dUpI= =j+64 -END PGP SIGNATURE-
[SECURITY] [DLA 1569-2] libdatetime-timezone-perl regression update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 From: Emilio Pozuelo Monfort To: debian-lts-announce@lists.debian.org Subject: [SECURITY] [DLA 1569-2] libdatetime-timezone-perl regression update Package: libdatetime-timezone-perl Version: 1:1.75-2+2018g.1 The previous update of libdatetime-timezone-perl to tzdata version 2018g was incomplete due to a newly introduced rule type that this version of libdatetime-timezone-perl could not parse. For Debian 8 "Jessie", this problem has been fixed in version 1:1.75-2+2018g.1. We recommend that you upgrade your libdatetime-timezone-perl packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAlvjU+sACgkQnUbEiOQ2 gwJRHA/+OruVTesS0tKScFyc2n+FxV76UcFBfwvtenL1a+e7AoibR+8r/g9peqwl yUhG7NY3a2Wee9bfuGzI58EEzvGVCNrBpzHhZ7qRHecvKkBWQSaJI9wVwjzC45gI XKU8mv4bW9u7VWdX90kLzKtGVK9zq7RlTJcC5HVoSyjmkS33xOItjekqWux/0PbS CPSsZ+9mpPlWEm3WQ9+vkmKH9IaqnUWMdNXwJw6IodUcBnTbMqF28GbFpBLciyLJ /tnckA2baMLRjavLgyn9Zwgk1u0WO/LT1e+nSnMfmABbqf7HuPDqGLamKJX81TL/ wiRfm6WnrnaQeXDz8SSyl7X1UEHdWZrVHhhGq3yVKvrUwnASTsfz7gzEVAcfSvqo ptDH3CIbV9cw+TdYUoJk9YhbQkKl/D3nQUNtoz375n8eOsNcVMy/ttBirBWLT6bz iYtO835p31e+T2kH7k8J3B4kSzX/EcWY70/38b4DTyw40iTF/+5aaD3D18CLSnlt 2naZqdTxu0AahqC8fIrCYIQu7et8YGduI0VeNSfI6BzxQpRMYCVanYo9lQ8WfxgB 0+4V6Ae3luARE7KKOzUkSRl+TUt6F/qNVyrJz1EhYCCrWYXVKsD1vpPW71xgsDNc sKtfA5q/m5UOD0XvqydgQrFF8n9lo8whRvdjGgBljTWq5aeMYdE= =hwA1 -END PGP SIGNATURE-
[SECURITY] [DLA 1571-1] firefox-esr security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: firefox-esr Version: 60.3.0esr-1~deb8u1 CVE ID : CVE-2018-12389 CVE-2018-12390 CVE-2018-12392 CVE-2018-12393 CVE-2018-12395 CVE-2018-12396 CVE-2018-12397 Multiple security issues have been found in the Mozilla Firefox web browser, which could result in the execution of arbitrary code, privilege escalation or information disclosure. For Debian 8 "Jessie", these problems have been fixed in version 60.3.0esr-1~deb8u1. We recommend that you upgrade your firefox-esr packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAlvjU5IACgkQnUbEiOQ2 gwJ9hA//Z348eHhMaWesgQuBY6G6kQB4NxFAnTn6wJErpBnOBbGPHXV39RBk+uuO DYXwdfuFRvCRds/mnNv5iEHizvBbih/d8hEH2nM9j1L1Wxw4Xa+TFMJCSwU8zPM4 e1ILFkvC+PDKDLTfzdZdSr6aX/v2KqZJPQ2K9kKgFHHqi/jPDgzcIkEBtfQ9jXF4 m6bC0N8IyKtmjxOFe4yQtsMagDiQ9M37CRAQlZ6lyBRnLx+LifF+cx1y9ooYq3mG MXCOM18i2pA4BXhThu4Xj7/LcSBJMRvLlGh67XdHhrHn4Fa4lw34hkvv7DYJTv+X G//fzhfy+awC3wlQR+zAzEBmPlmS7AMl6wyNp8iXNYGHSMzQV9wNMeqEddb+nudF oAUXXSHoKHElZ+nvRSltHsMR+W9QA8Aywgf+fnKsISt8Z33MTABqdCQPIUj6UUYP DYh7HPdym/nXNTyeF2lvlXfe1dC/NHBp8cPJ66qSEmbF9x7onug2DYoSEvT/GAoD eUGsBfggWPt+HjC8cNqcAC9ypAOs6iYWVLmp8VCWYjsU4CL+tTZg6KV9mjz3xNii Wg+wkDoYVCnr0qB1vNdNgoX9kdpI4ZD3XI3tUwsKNIDWub/F/7TifLVUspYQX7Le iEEMk/MgnH9PzHeU9ZGNiHT8MpV/LUWljObBqs/qj6O9zI7MeQo= =Ud8S -END PGP SIGNATURE-
[SECURITY] [DLA 1570-1] mariadb-10.0 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: mariadb-10.0 Version: 10.0.37-0+deb8u1 CVE ID : CVE-2018-3143 CVE-2018-3156 CVE-2018-3174 CVE-2018-3251 CVE-2018-3282 Several issues have been discovered in the MariaDB database server. The vulnerabilities are addressed by upgrading MariaDB to the new upstream version 10.0.37. Please see the MariaDB 10.0 Release Notes for further details: https://mariadb.com/kb/en/mariadb/mariadb-10037-release-notes/ For Debian 8 "Jessie", these problems have been fixed in version 10.0.37-0+deb8u1. We recommend that you upgrade your mariadb-10.0 packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAlvjKdwACgkQnUbEiOQ2 gwIWKw//SWZ4mSZQT50RDitct3VW/SlxFWrfHs0cp5xTwd3gBASLt/XeRaepcI2C OF0Go14+c/w+FJZDsq8IkxCA+zNGZM67nHBuW1IRJpQwHJun0vWJitkbQTLmf1eD FmIZJLmInevwQ8ORSJwmLGdlWxRAHWIX3ZxFH3lt2f3sTH3RCZ7gy/jd3Y8zBIw6 G4yJWhE8VnWpwsP0ELXaxQMkxXcYlpbcx2X8stGdgPpZHSuebOU9BwLgBEvhQWRF aF8+PmjfaDi3oMVwrWSB6J4yakny+OhMq7uQoNNabo5uz+rjpPoQkHnoVCdtwY5K V1ypFaV6cGc/oNzt50xEL9LNv5dSxh5OFK1N0AGN+iXLvjVs2lLmWxBKK41+ZPMn 6yrdKGlvX6NHeerOyC6/Qegt+dokl2qKqHt6+pTqI7cb+U+xfyrzzIe1OIyiX/wu VCyr2k7jQI9t6g38UiMEwn6cLPmU2Fp9MNA1CJq5o+F1mLfE6/tfSzAcr5Xkzwpu Kbevz9wYVZMFYormsYpdqyjEOzSFjd6HdpLKYoHQ/M1X93ntHMqOstdTcBTlHf99 7D/GDxtC6Wa1l7pkJJZ5cUdawTyH/FuR9DimtLg7fIZsz4xvuLTwuIKdBlbpUF2a FN8xMV42WKWevUbCu7a/1i+9KCodsxPvRtEKHWFaPPaVo3JMX3M= =ZpBN -END PGP SIGNATURE-
[SECURITY] [DLA 1569-1] libdatetime-timezone-perl new upstream release
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: libdatetime-timezone-perl Version: 1:1.75-2+2018g This update includes the changes in tzdata 2018g for the Perl bindings. For the list of changes, see DLA-1363-1. For Debian 8 "Jessie", this problem has been fixed in version 1:1.75-2+2018g. We recommend that you upgrade your libdatetime-timezone-perl packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAlvjJXQACgkQnUbEiOQ2 gwIsAw/+KoFDu0NOk5MCqDo8HqTmVWfj/xCoe2WtGAa0iWZV7ZpFxcSq2E4XrsUV Sa0Bogdk+wTypEDYpEruaVFdcWzSsHjeiHLM8CZBlmPoj2T3iPo7vywtxVgBBFhh an3JCuw0yXDQwO7S+rK77c+XLFDjY2Nh/CGS3NHFSaSfQGDu1VG9HbEMzC9VmIpJ Ze/JgJcxJ8vpQoyu2Y+0mIiyLemvVR6pDAaYhal2ybrbHaBrlt6wYzK7MfF8fTGi FnEEXrHKH3HQKPLeLsBoSpPLfVKujobLwzDfJQh49lvo9yEvkluag9d9m4qzQqxG QrZ+9pf8Djo64vvZxku5STy+o7LseEXZyrhDrEc9oqMGH9iFaQJ7AacLw3xzWaGv BI/3r3iv58EmySPQlAKVXPjpWQzaAF46rE3vs0EbpuQI4aDyjo4fcJmZSZgqJrYz l99If8osiryVexRFzP+PLAZhnoxvvJ1jM2nWm/+SFgRuC8Rffbzf/4GYxmTOIzyz uWlpTQpnBId31Bi5Rorz/ZCqfPTkTSnSW7KvDLuGdjakwUgNei9awNoIkS7AYq4t NM2cRt7IOFKR5ivRndC80WTEnBBL4tG09c9BD+xo5Rj0ojjRcK8aoZ1wrzMEk2sw beawNgKMk+tUvv3FKiONCzJ6F2Fzw+T0N+vHuBNNLEw4LNfX2L0= =7RW6 -END PGP SIGNATURE-
