[SECURITY] [DLA 810-1] libarchive security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: libarchive Version: 3.0.4-3+wheezy5+deb7u1 CVE ID : CVE-2017-5601 Debian Bug : #853278 It was discovered that there was a heap buffer overflow in libarchive, a multi-format archive and compression library. For

Re: Accepted openjdk-7 7u121-2.6.8-1~deb7u1 (source all amd64) into oldstable

On 27/01/17 22:18, Ola Lundqvist wrote: > Hi Emilio > > I saw that you have uploaded a new openjdk-7 package. Were that > package supposed to fix the current issues reported for openjdk-7 or > was that corrections for earlier version? It doesn't fix the latest round of CVEs. > I'm asking

Re: Accepted tcpdump 4.9.0-1~deb7u1 (amd64 source) into oldstable

On 30/01/17 22:19, Ola Lundqvist wrote: > Hi > > Will you send the DLA or do you want me to do that? Adding Romain to Cc. Cheers, Emilio > > // Ola > > On 30 January 2017 at 19:40, Romain Francoise wrote: > Format: 1.8 > Date: Sun, 29 Jan 2017 22:17:21 +0100 > Source:

[SECURITY] [DLA 809-1] tcpdump security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: tcpdump Version: 4.9.0-1~deb7u1 CVE ID : CVE-2016-7922 CVE-2016-7923 CVE-2016-7924 CVE-2016-7925 CVE-2016-7926 CVE-2016-7927 CVE-2016-7928 CVE-2016-7929 CVE-2016-7930 CVE-2016-7931

Re: Accepted tcpdump 4.9.0-1~deb7u1 (amd64 source) into oldstable

Hi Will you send the DLA or do you want me to do that? // Ola On 30 January 2017 at 19:40, Romain Francoise wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Format: 1.8 > Date: Sun, 29 Jan 2017 22:17:21 +0100 > Source: tcpdump > Binary: tcpdump >

Re: possible regressing in tiff4/libtiff3 update (deb7u1)

On Fri, 27 Jan 2017, Matthias Geerdsen wrote: > > The full upload is available: > > $ dget > > https://people.debian.org/~hertzog/packages/tiff3_3.9.6-11+deb7u3_amd64.changes > > I took your patched libtiff4 and tested several images and compression > schemes using ImageMagick and GraphicsMagick

Re: Anyone having more information about the tcpdump security CVEs?

On Mon, Jan 30, 2017 at 07:34:59PM +0100, Romain Francoise wrote: > On Sun, Jan 29, 2017 at 05:14:33PM +0100, Romain Francoise wrote: > > Ok, I will prepare the package and upload it next week. > > Done! I didn't include the upstream tarball as I already uploaded it to > jessie-security and IIUC

Re: Anyone having more information about the tcpdump security CVEs?

On Sun, Jan 29, 2017 at 05:14:33PM +0100, Romain Francoise wrote: > Ok, I will prepare the package and upload it next week. Done! I didn't include the upstream tarball as I already uploaded it to jessie-security and IIUC it's the same archive, but I'm not absolutely certain this is right--if the

[SECURITY] [DLA 610-2] tiff3 regression update

Package: tiff3 Version: 3.9.6-11+deb7u3 Debian Bug : 852610 Version 3.9.6-11+deb7u1 and 3.9.6-11+deb7u2 introduced changes that resulted in libtiff writing out invalid tiff files when the compression scheme in use relies on codec-specific TIFF tags embedded in the image. For

[SECURITY] [DLA 807-1] imagemagick security update

Package: imagemagick Version: 8:6.7.7.10-5+deb7u11 CVE ID : CVE-2016-10144 CVE-2016-10145 CVE-2016-10146 CVE-2017-5506 CVE-2017-5507 CVE-2017-5508 CVE-2017-5510 CVE-2017-5511 Debian Bug : #851485, #851483, #851380, #851383, #851382, #851381,