[SECURITY] [DLA 1141-1] mysql-5.5 security update

2017-10-19 Thread Emilio Pozuelo Monfort
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: mysql-5.5 Version: 5.5.58-0+deb7u1 CVE ID : CVE-2017-10268 CVE-2017-10378 CVE-2017-10379 CVE-2017-10384 Debian Bug : 878402 Several issues have been discovered in the MySQL database server. The vulnerabilities

Accepted mysql-5.5 5.5.58-0+deb7u1 (source all amd64) into oldoldstable

2017-10-19 Thread Lars Tangvald
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Tue, 17 Oct 2017 10:24:21 +0200 Source: mysql-5.5 Binary: libmysqlclient18 libmysqld-pic libmysqld-dev libmysqlclient-dev mysql-common mysql-client-5.5 mysql-server-core-5.5 mysql-server-5.5 mysql-server mysql-client

Re: [debian-mysql] Bug#878402: Bug#878402: Security fixes from the October 2017 CPU

2017-10-19 Thread Salvatore Bonaccorso
Hi Lars, On Thu, Oct 19, 2017 at 10:23:15AM +0200, Lars Tangvald wrote: > > > On 10/19/2017 10:09 AM, Emilio Pozuelo Monfort wrote: > > On 18/10/17 20:46, Salvatore Bonaccorso wrote: > > > Hi lars, > > > > > > On Wed, Oct 18, 2017 at 03:51:26PM +0200, Lars Tangvald wrote: > > > > Hi, > > > >

[SECURITY] [DLA 1139-1] imagemagick security update

2017-10-19 Thread Roberto C . Sánchez
Package: imagemagick Version: 8:6.7.7.10-5+deb7u18 CVE ID : CVE-2017-15277 CVE-2017-15281 Debian Bug : 878578 878579 This update fixes two vulnerabilities in ImageMagick: CVE-2017-15277 An uninitialized data structure could lead to information disclosure

[SECURITY] [DLA 1138-1] nss security update

2017-10-19 Thread Roberto C . Sánchez
Package: nss Version: 2:3.26-1+debu7u5 CVE ID : CVE-2017-7805 Martin Thomson discovered that nss, the Mozilla Network Security Service library, is prone to a use-after-free vulnerability in the TLS 1.2 implementation when handshake hashes are generated. A remote attacker

Re: [debian-mysql] Bug#878402: Bug#878402: Security fixes from the October 2017 CPU

2017-10-19 Thread Lars Tangvald
On 10/19/2017 10:09 AM, Emilio Pozuelo Monfort wrote: On 18/10/17 20:46, Salvatore Bonaccorso wrote: Hi lars, On Wed, Oct 18, 2017 at 03:51:26PM +0200, Lars Tangvald wrote: Hi, 5.5.58 packages for Debian 7 and 8 are built, and pass the test suite. Attached are debdiff files for Wheezy and

Re: [debian-mysql] Bug#878402: Bug#878402: Security fixes from the October 2017 CPU

2017-10-19 Thread Emilio Pozuelo Monfort
On 18/10/17 20:46, Salvatore Bonaccorso wrote: > Hi lars, > > On Wed, Oct 18, 2017 at 03:51:26PM +0200, Lars Tangvald wrote: >> Hi, >> >> 5.5.58 packages for Debian 7 and 8 are built, and pass the test suite. >> Attached are debdiff files for Wheezy and Jessie (source is also pushed to >>

[SECURITY] [DLA 1140-1] graphicsmagick security update

2017-10-19 Thread Brian May
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: graphicsmagick Version: 1.3.16-1.1+deb7u11 CVE ID : CVE-2017-13737 CVE-2017-15277 Immediately after the previous update to graphicsmagick, two more security issues were identified. These updates are included here.

Accepted graphicsmagick 1.3.16-1.1+deb7u11 (source amd64 all) into oldoldstable

2017-10-19 Thread Brian May
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Mon, 16 Oct 2017 15:21:09 +1100 Source: graphicsmagick Binary: graphicsmagick libgraphicsmagick3 libgraphicsmagick1-dev libgraphicsmagick++3 libgraphicsmagick++1-dev libgraphics-magick-perl graphicsmagick-imagemagick-compat