[SECURITY] [DLA 670-1] linux security update

2016-10-19 Thread Ben Hutchings
Package: linux Version: 3.2.82-1 CVE ID : CVE-2015-8956 CVE-2016-5195 CVE-2016-7042 CVE-2016-7425 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2015-8956 It was

[SECURITY] [DLA 671-1] libxvmc security update

2016-10-19 Thread Thorsten Alteholz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Package: libxvmc Version: 2:1.0.7-1+deb7u3 CVE ID : CVE-2016-7953 CVE-2016-7953 If an empty string is received from an x-server, do not underrun the buffer by accessing "rep.nameLen - 1" unconditionally, which

September report

2016-10-19 Thread Emilio Pozuelo Monfort
Hi, September was a bad month for me, and I only managed to spend 1h out of 12.30h, working on the libarchive update. I am returning the rest of the time to the pool so it can be allocated among the contributors next month. Sorry for that and for the delay in the report, I should be back to

Accepted dwarfutils 20120410-2+deb7u2 (source amd64) into oldstable

2016-10-19 Thread Daniel Stender
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 19 Oct 2016 00:29:41 +0200 Source: dwarfutils Binary: dwarfdump libdwarf-dev Architecture: source amd64 Version: 20120410-2+deb7u2 Distribution: wheezy-security Urgency: high Maintainer: Fabian Wolff

Accepted libass 0.10.0-3+deb7u1 (source amd64) into oldstable

2016-10-19 Thread Markus Koschany
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 19 Oct 2016 11:37:16 +0200 Source: libass Binary: libass-dev libass4 Architecture: source amd64 Version: 0.10.0-3+deb7u1 Distribution: wheezy-security Urgency: high Maintainer: Debian Multimedia Maintainers

[SECURITY] [DLA 667-1] libxv security update

2016-10-19 Thread Markus Koschany
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Package: libxv Version: 2:1.0.7-1+deb7u2 CVE ID : CVE-2016-5407 Debian Bug : 840438 Tobias Stoeckmann from the OpenBSD project has discovered a number of issues in the way various X client libraries handle the responses

Accepted libxv 2:1.0.7-1+deb7u2 (source amd64) into oldstable

2016-10-19 Thread Markus Koschany
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 19 Oct 2016 10:52:08 +0200 Source: libxv Binary: libxv1 libxv1-dbg libxv-dev Architecture: source amd64 Version: 2:1.0.7-1+deb7u2 Distribution: wheezy-security Urgency: high Maintainer: Debian X Strike Force