-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Thu, 23 Mar 2017 21:59:37 -0400
Source: imagemagick
Binary: imagemagick imagemagick-dbg imagemagick-common imagemagick-doc
libmagickcore5 libmagickcore5-extra libmagickcore-dev libmagickwand5
libmagickwand-dev libmagick++5
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Package: audiofile
Version: 0.3.4-2+deb7u1
CVE ID : CVE-2017-6829 CVE-2017-6830 CVE-2017-6831 CVE-2017-6832
CVE-2017-6833 CVE-2017-6834 CVE-2017-6835 CVE-2017-6836
CVE-2017-6837
Hello dear maintainer(s),
the Debian LTS team would like to fix the security issues which are
currently open in the Wheezy version of libvpx:
https://security-tracker.debian.org/tracker/CVE-2017-0393
https://security-tracker.debian.org/tracker/CVE-2017-6711
Would you like to take care of this
Package: libxslt
Version: 1.1.26-14.1+deb7u3
CVE ID : CVE-2017-5029
Debian Bug : 858546
libxslt is vulnerable to an integer overflow in the xsltAddTextString
function that can be exploited to trigger an out of bounds write on 64-bit
systems.
For Debian 7 "Wheezy",
Hi,
I have prepared a security update for php5 which addresses CVE-2016-7478
and CVE-2016-7479. Please give it a try and tell me about any issues you
encounter. Prebuilt binary packages for amd64 and the debdiff, if you prefer
to build from source, are available at:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Thu, 23 Mar 2017 12:13:25 +0100
Source: libxslt
Binary: libxslt1.1 libxslt1-dev libxslt1-dbg xsltproc python-libxslt1
python-libxslt1-dbg
Architecture: source amd64
Version: 1.1.26-14.1+deb7u3
Distribution: wheezy-security
Hi Mathieu
Thank you for this information. The LTS team will handle this. If nobody
else step up I will do it myself.
For the LTS team: I will add this to the dla-needed.txt file later today
but feel free to add that and claim yourself to this update.
Best regards
// Ola
On 23 March 2017 at
Hi,
On Tue, 21 Mar 2017, Raphael Hertzog wrote:
> I tried to checkout https://github.com/njhartwell/pw3nage while having
> bash-completion loaded and with a PS1 containing $(__git_ps1 2>/dev/null)
> or $(__git_ps1 " (%s)") and was unable to get any code execution.
>
> I'm not sure when the
Hi,
Today samba has released a security fix for a symlink race (leading to
information disclosure).
Salvatore will take care of the jessie upload, I have uploaded for
sid, but we have not done anything on the wheezy side.
See attached the backported patches for 3.6 (those are from the samba
Hello Moritz,
On Thu, 23 Mar 2017, Moritz Mühlenhoff wrote:
> > Please find packages for Jessie here:
> > https://people.debian.org/~hertzog/packages/jbig2dec_0.13-4~deb8u1_amd64.changes
[...]
> > Can I upload the jessie packages to security-master?
>
> Thanks, please upload.
Done.
Uploading
On Tue, Mar 21, 2017 at 10:53:05AM +0100, Raphael Hertzog wrote:
> Hello Moritz,
>
> On Sun, 12 Mar 2017, Moritz Mühlenhoff wrote:
> > > So as long as we ensure that we don't break Ghostscript and MuPDF I think
> > > we are good enough.
> > >
> > > Shall I go ahead and prepare some test
11 matches
Mail list logo
