-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: unbound
Version: 1.4.17-3+deb7u3
CVE ID : CVE-2017-15105
Debian Bug : 887733
Ralph Dolmans and Karst Koymans found a flaw in the way unbound
validated wildcard-synthesized NSEC records. An improperly validated
Maintainer: Robert S. Edmonds <edmo...@debian.org>
Changed-By: Markus Koschany <a...@debian.org>
Description:
libunbound-dev - static library, header files, and docs for libunbound
libunbound2 - library implementing DNS resolution and validation
python-unbound - library impl
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: krb5
Version: 1.10.1+dfsg-5+deb7u9
CVE ID : CVE-2013-1418 CVE-2014-5351 CVE-2014-5353
CVE-2014-5355 CVE-2016-3119 CVE-2016-3120
Debian Bug : 728845 762479 773226 778647 819468 832572
Kerberos, a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Mon, 12 Feb 2018 22:32:32 +0100
Source: pound
Binary: pound
Architecture: source amd64
Version: 2.6-2+deb7u2
Distribution: wheezy-security
Urgency: high
Maintainer: Brett Parker <idu...@sommitrealweird.co.uk>
Changed-By:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: pound
Version: 2.6-2+deb7u2
CVE ID : CVE-2016-10711
Debian Bug : 888786
A request smuggling vulnerability was discovered in pound that may allow
attackers to send a specially crafted http request to a web server
+dfsg-5+deb7u2
Distribution: wheezy-security
Urgency: high
Maintainer: Janos Guljas <ja...@resenje.org>
Changed-By: Markus Koschany <a...@debian.org>
Description:
libapache2-mod-ruwsgi - uwsgi module for Apache2 (mod_Ruwsgi)
libapache2-mod-ruwsgi-dbg - debugging symbols for Apache
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: tomcat-native
Version: 1.1.24-1+deb7u1
CVE ID : CVE-2017-15698
Jonas Klempel discovered that, when parsing the AIA-Extension field of
a client certificate, Apache Tomcat Native did not correctly handle
fields longer
ain...@lists.alioth.debian.org>
Changed-By: Markus Koschany <a...@debian.org>
Description:
libtcnative-1 - Tomcat native library using the apache portable runtime
Changes:
tomcat-native (1.1.24-1+deb7u1) wheezy-security; urgency=high
.
* Non-maintainer upload by the LTS team.
*
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: uwsgi
Version: 1.2.3+dfsg-5+deb7u2
CVE ID : CVE-2018-6758
Debian Bug : 889753
It was discovered that the uwsgi_expand_path function in utils.c in
Unbit uWSGI, an application container server, has a stack-based
Hi,
Am 11.02.2018 um 23:08 schrieb Santiago R.R.:
> El 11/02/18 a las 18:16, Markus Koschany escribió:
>> Markus Koschany pushed to branch master at Debian Security Tracker /
>> security-tracker
>>
>> Commits:
>>
>> • f8aa9d3d
>> by Markus Koscha
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Tue, 13 Feb 2018 14:28:04 +0100
Source: advancecomp
Binary: advancecomp
Architecture: source amd64
Version: 1.15-1+deb7u1
Distribution: wheezy-security
Urgency: high
Maintainer: Piotr Ozarowski <oza...@gmail.com>
Changed-By:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: advancecomp
Version: 1.15-1+deb7u1
CVE ID : CVE-2018-1056
Debian Bug : 889270
Joonun Jang discovered that the advzip tool in advancecomp, a
collection of recompression utilities, was prone to a heap-based
buffer
Am 20.02.2018 um 18:10 schrieb Raphael Hertzog:
> (this reply on debian-lts, not on debian-devel)
>
> On Tue, 20 Feb 2018, Raphael Hertzog wrote:
>> some of the LTS sponsors are looking to extend the support period of
>> Debian 7 Wheezy (from a few months up to a full year).i
>
> FWIW, I
Am 16.02.2018 um 15:47 schrieb Antoine Beaupré:
> Hi!
>
> Markus reminded me today that I was frontdesk for the week: I had
> completely forgotten. :( For some reason, I hadn't noted this down in my
> agenda which means the event simply doesn't exist in this case. I have
> reviewed my other
Am 20.02.2018 um 18:39 schrieb Vincent Bernat:
> ❦ 20 février 2018 18:10 +0100, Raphael Hertzog :
>
>>> some of the LTS sponsors are looking to extend the support period of
>>> Debian 7 Wheezy (from a few months up to a full year).i
>>
>> FWIW, I published a blog post with
Am 21.12.2017 um 22:42 schrieb Salvatore Bonaccorso:
[...]
> Don't worry anymore. It was as well not about all the timeline, I'm
> aware when you did the initial ping, but rather on the "we think it
> needs a change on security tracker and want this information exposed
> ... I want to do the
Am 22.12.2017 um 13:24 schrieb Emilio Pozuelo Monfort:
> On 22/12/17 09:49, Chris Lamb wrote:
>> Dear maintainer(s),
>>
>> The Debian LTS team would like to fix the security issues which are
>> currently open in the Wheezy version of irssi:
>>
cul...@debian.org>
Changed-By: Markus Koschany <a...@debian.org>
Description:
wordpress - weblog manager
wordpress-l10n - weblog manager - language files
Changes:
wordpress (3.6.1+dfsg-1~deb7u20) wheezy-security; urgency=high
.
* Non-maintainer upload by the LTS team.
* Backport securit
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: wordpress
Version: 3.6.1+dfsg-1~deb7u20
CVE ID : CVE-2017-17091 CVE-2017-17092 CVE-2017-17093
CVE-2017-17094
Debian Bug : 883314
Several vulnerabilities were discovered in wordpress, a web
Hey,
Am 22.06.2018 um 00:00 schrieb Chris Lamb:
> Dear Thorsten,
>
> I claimed libidn in data/dla-needed.txt early this morning but somehow
> failed to push this to the repository. I note that you subsequently
> claimed the package.
>
> I discovered the above just now after preparing a package.
: high
Maintainer: Debian OpenSSL Team
Changed-By: Markus Koschany
Description:
libcrypto1.0.0-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb)
libssl-dev - Secure Sockets Layer toolkit - development files
libssl-doc - Secure Sockets Layer toolkit - development documentation
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: openssl
Version: 1.0.1t-1+deb8u9
CVE ID : CVE-2018-0732 CVE-2018-0737
Debian Bug : 895844
Two issues were discovered in OpenSSL, the Secure Sockets Layer toolkit.
CVE-2018-0732
Denial of service by a
Maintainer: Debian Install System Team
Changed-By: Markus Koschany
Description:
busybox- Tiny utilities for small and embedded systems
busybox-static - Standalone rescue shell with tons of builtin utilities
busybox-syslogd - Provides syslogd and klogd using busybox
busybox-udeb - Tiny utilities
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: busybox
Version: 1:1.22.0-9+deb8u4
It was found that the security update of busybox announced as
DLA-1445-1 to prevent the exploitation of CVE-2011-5325, a symlinking
attack, was too strict in case of cpio archives. This
Am 31.07.2018 um 04:01 schrieb jhcha54008:
> Hi,
>
> Is it the right place to report a possible regression bug against
> busybox-static version 1:1.22.0-9+deb8u2 ?
It is. Thank you for contacting us.
> 1) It seems it can't gunzip large files.
>
> $ dpkg -l busybox-static
> ...
> ii
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: wordpress
Version: 4.1+dfsg-1+deb8u18
CVE ID : CVE-2016-5836 CVE-2018-12895
Debian Bug : 902876
Two vulnerabilities were discovered in wordpress, a web blogging
tool. The Common Vulnerabilities and Exposures
: 7.0.56-3+really7.0.90-1
Distribution: jessie-security
Urgency: high
Maintainer: Debian Java Maintainers
Changed-By: Markus Koschany
Description:
libservlet3.0-java - Servlet 3.0 and JSP 2.2 Java API classes
libservlet3.0-java-doc - Servlet 3.0 and JSP 2.2 Java API documentation
libtomcat7-java
Distribution: jessie-security
Urgency: high
Maintainer: Craig Small
Changed-By: Markus Koschany
Description:
wordpress - weblog manager
wordpress-l10n - weblog manager - language files
wordpress-theme-twentyfifteen - weblog manager - twentytfifteen theme files
wordpress-theme-twentyfourteen
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: tomcat7
Version: 7.0.56-3+really7.0.90-1
CVE ID : CVE-2018-8034
The host name verification in Tomcat when using TLS with the WebSocket
client was missing. It is now enabled by default.
For Debian 8 "Jessie", this
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: mailman
Version: 1:2.1.18-2+deb8u4
Debian Bug : 904680
The security update of mailman announced as DLA-1442-1 introduced a
regression due to an incomplete fix for CVE-2018-13796 that broke the
admin and listinfo
Maintainer: Debian Install System Team
Changed-By: Markus Koschany
Description:
busybox- Tiny utilities for small and embedded systems
busybox-static - Standalone rescue shell with tons of builtin utilities
busybox-syslogd - Provides syslogd and klogd using busybox
busybox-udeb - Tiny utilities
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Fri, 27 Jul 2018 05:49:39 +0200
Source: mailman
Binary: mailman
Architecture: source amd64
Version: 1:2.1.18-2+deb8u4
Distribution: jessie-security
Urgency: high
Maintainer: Mailman for Debian
Changed-By: Markus Koschany
-By: Markus Koschany
Description:
intel-microcode - Processor microcode firmware for Intel CPUs
Changes:
intel-microcode (3.20180703.2~deb8u1) jessie-security; urgency=high
.
* Non-maintainer upload by the LTS team.
* Rebuild for jessie-security (no changes)
Checksums-Sha1
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: busybox
Version: 1:1.22.0-9+deb8u3
The security update of busybox announced as DLA-1445-1 introduced a
regression due to an incomplete fix for CVE-2015-9261. It was no
longer possible to decompress gzip archives which
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: ruby-zip
Version: 1.1.6-1+deb8u2
CVE ID : CVE-2018-1000544
Debian Bug : 902720
It was found that rubyzip, a Ruby module for reading and writing zip
files, contained a Directory Traversal vulnerability that can
Hello Stefan,
I am currently investigating CVE-2016-4975 for Apache2. The issue is
already two years old but was only made public yesterday. [1] I skimmed
through old commit messages but I could not isolate the fixing commit.
However I found this changelog entry [2] from December 13th, 2016 and
Hi Stefan,
Am 16.08.2018 um 21:13 schrieb Stefan Fritsch:
[...]
> In jessie this has been included in 2.4.10-10+deb8u8 and Antoine did the
> heroic backport to wheezy. So, there should not be anything to to fix in
> Debian.
Excellent. Thank you very much for your confirmation.
Best,
Markus
Hello Lee,
at the moment we only support four architectures, amd64, i386, armel and
armhf because these are the ones which were requested by users and
sponsors of Debian's Long Term support project. I believe we would all
love to support even more architectures in the future but this mostly
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: blender
Version: 2.72.b+dfsg0-3+deb8u1
CVE ID : CVE-2017-2899 CVE-2017-2900 CVE-2017-2901 CVE-2017-2902
CVE-2017-2903 CVE-2017-2904 CVE-2017-2905 CVE-2017-2906
CVE-2017-2907
Maintainers
Changed-By: Markus Koschany
Description:
blender- Very fast and versatile 3D modeller/renderer
blender-data - Very fast and versatile 3D modeller/renderer - data package
blender-dbg - debug symbols for Blender
Changes:
blender (2.72.b+dfsg0-3+deb8u1) jessie-security; urgency=high
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: libcgroup
Version: 0.41-6+deb8u1
CVE ID : CVE-2018-14348
Debian Bug : 906308
The cgrulesengd daemon in libcgroup creates log files with world
readable and writable permissions due to a reset of the file mode
Hi Bertrand,
Am 20.08.2018 um 21:32 schrieb Bertrand Marc:
[...]
> I'll prepare source package this week-end, but if it's fine with you
> I'll let you take care of the LTS workflow as I am a bit busy these days.
Thanks for your reply. It seems Chris Lamb is interested in fixing those
issues. I
Hello Chris,
the Debian LTS team would like to fix CVE-2018-14424, gdm3 in Jessie. We
have prepared a patch [1] based on your work which you have attached to
the Gnome issue tracker. [2] We have noticed [3] that it is still
possible to "crash" gdm3 in Jessie with your POC although we cannot get
a
the updated package before it gets released.
You can also opt-out from receiving future similar emails in your
answer and then the LTS Team will take care of squirrelmail updates
for the LTS releases.
Thank you very much.
Markus Koschany,
on behalf of the Debian LTS team.
PS: A member of the LTS
us know whether you would
like to review and/or test the updated package before it gets released.
You can also opt-out from receiving future similar emails in your
answer and then the LTS Team will take care of libextractor updates
for the LTS releases.
Thank you very much.
Markus Koschany
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: tomcat-native
Version: 1.1.32~repack-2+deb8u2
CVE ID : CVE-2018-8019 CVE-2018-8020
When using an OCSP responder Tomcat Native did not correctly handle
invalid responses. This allowed for revoked client certificates
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: otrs2
Version: 3.3.18-1+deb8u5
CVE ID : CVE-2018-14593
Francesco Sirocco discovered a privilege escalation flaw in otrs2, the
Open Ticket Request System. An attacker who is logged into OTRS as a
user may escalate
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Tue, 21 Aug 2018 13:30:48 +0200
Source: otrs2
Binary: otrs2 otrs
Architecture: source all
Version: 3.3.18-1+deb8u5
Distribution: jessie-security
Urgency: high
Maintainer: Patrick Matthäi
Changed-By: Markus Koschany
Description
Hello Christoph,
I just noticed that we ship two versions of PostgreSQL in Jessie, 9.1
and 9.4. Do you plan to release future security updates for 9.1 as well?
Do you prefer that we take care of it or shall we mark 9.1 as EOL and
recommend to upgrade to 9.4 instead?
Regards,
Markus
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Tue, 24 Jul 2018 21:14:39 +0200
Source: sympa
Binary: sympa
Architecture: source amd64
Version: 6.1.23~dfsg-2+deb8u2
Distribution: jessie-security
Urgency: high
Maintainer: Debian Sympa team
Changed-By: Markus Koschany
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Tue, 24 Jul 2018 21:08:04 +0200
Source: libarchive-zip-perl
Binary: libarchive-zip-perl
Architecture: source all
Version: 1.39-1+deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: Debian Perl Group
Changed-By: Markus
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Tue, 24 Jul 2018 22:02:16 +0200
Source: mailman
Binary: mailman
Architecture: source amd64
Version: 1:2.1.18-2+deb8u3
Distribution: jessie-security
Urgency: high
Maintainer: Mailman for Debian
Changed-By: Markus Koschany
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: libarchive-zip-perl
Version: 1.39-1+deb8u1
CVE ID : CVE-2018-10860
Debian Bug : 902882
The libarchive-zip-perl package is vulnerable to a directory traversal
attack in Archive::Zip. It was found that the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: sympa
Version: 6.1.23~dfsg-2+deb8u2
CVE ID : CVE-2018-1000550
A vulnerability has been discovered in Sympa, a modern mailing list
manager, that allows write access to files on the server filesystem.
This flaw allows
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: discount
Version: 2.1.7-1+deb8u1
CVE ID : CVE-2018-11468 CVE-2018-11503 CVE-2018-11504
CVE-2018-12495
Debian Bug : 901912
Several heap-based buffer over-reads were found in discount, an
Ghedini
Changed-By: Markus Koschany
Description:
discount - implementation of the Markdown markup language in C
libmarkdown2 - implementation of the Markdown markup language in C (library)
libmarkdown2-dbg - implementation of Markdown markup language in C (debug)
libmarkdown2-dev
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: libx11
Version: 2:1.6.2-3+deb8u2
CVE ID : CVE-2018-14598 CVE-2018-14599 CVE-2018-14600
Several issues were discovered in libx11, the client interface to the
X Windows System. The functions XGetFontPath,
: 1.49+dfsg-3+deb8u3
Distribution: jessie-security
Urgency: high
Maintainer: Debian Java Maintainers
Changed-By: Markus Koschany
Description:
libbcmail-java - Bouncy Castle generators/processors for S/MIME and CMS
libbcmail-java-doc - Bouncy Castle generators/processors for S/MIME and CMS
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: bouncycastle
Version: 1.49+dfsg-3+deb8u3
CVE ID : CVE-2016-1000338 CVE-2016-1000339 CVE-2016-1000341
CVE-2016-1000342 CVE-2016-1000343 CVE-2016-1000345
CVE-2016-1000346
Several
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Sun, 21 Jan 2018 13:27:35 +0100
Source: openocd
Binary: openocd
Architecture: source amd64
Version: 0.5.0-1+deb7u1
Distribution: wheezy-security
Urgency: high
Maintainer: Uwe Hermann <u...@debian.org>
Changed-By: Markus Ko
Hi,
Am 22.01.2018 um 13:42 schrieb Lars Tangvald:
> Hi,
>
> First off, thanks for handling the 5.5.59 update for Wheezy. I had the
> security announcement date mixed up so picked it up too late, sorry.
>
> MySQL 5.5 is expected to be EOL in December (it was first released
> December 15, 2010,
Am 23.01.2018 um 11:41 schrieb Lars Tangvald:
> Hi,
>
> On 01/22/2018 04:35 PM, Markus Koschany wrote:
[...]
>> I also think it makes sense to take a smaller step and upgrade from 5.5
>> to 5.6. Are there any known issues with 5.6 or can you share any
>> information
maintainers
<pkg-sdl-maintain...@lists.alioth.debian.org>
Changed-By: Markus Koschany <a...@debian.org>
Description:
libsdl-image1.2 - Image loading library for Simple DirectMedia Layer 1.2,
libraries
libsdl-image1.2-dev - Image loading library for Simple DirectMedia Layer 1.2,
devel
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: sam2p
Version: 0.49.1-1+deb7u3
CVE ID : CVE-2018-7487 CVE-2018-7551 CVE-2018-7552
CVE-2018-7553 CVE-2018-7554
Multiple invalid frees and buffer-overflow vulnerabilities were
discovered in sam2p, a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: sdl-image1.2
Version: 1.2.12-2+deb7u2
CVE ID : CVE-2017-12122 CVE-2017-14440 CVE-2017-14441
CVE-2017-14442 CVE-2017-14448 CVE-2017-14450
Lilith of Cisco Talos discovered several buffer overflow
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: psensor
Version: 0.6.2.17-2+deb7u1
CVE ID : CVE-2014-10073
Debian Bug : 896195
It was discovered that psensor, a server for monitoring hardware
sensors remotely, was prone to a directory traversal vulnerability
<jea...@gmail.com>
Changed-By: Markus Koschany <a...@debian.org>
Description:
psensor- display graphs for monitoring hardware temperature
psensor-common - common files for Psensor and Psensor server
psensor-server - Psensor server for monitoring hardware sensors remotely
Closes: 89
ain...@lists.alioth.debian.org>
Changed-By: Markus Koschany <a...@debian.org>
Description:
jruby - 100% pure-Java implementation of Ruby
Changes:
jruby (1.5.6-5+deb7u2) wheezy-security; urgency=high
.
* Non-maintainer upload by the LTS team.
* Fix CVE-2018-174: possible Unsafe Object Des
Am 27.03.2018 um 21:12 schrieb Adrian Zaugg:
>
> Dear LTS Team
>
> The Drupal Security Team announced a patch for Drupal 7 and 8 for March,
> 28th. The security hole is classified as "highly critical" [1]. They
> state that "because exploits might be developed within hours or days"
> one should
pkg-zsh-de...@lists.alioth.debian.org>
Changed-By: Markus Koschany <a...@debian.org>
Description:
zsh- shell with lots of features
zsh-dbg- shell with lots of features (debugging symbols)
zsh-dev- shell with lots of features (development files)
zsh-doc- zsh document
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: zsh
Version: 4.3.17-1+deb7u2
CVE ID : CVE-2018-1071 CVE-2018-1083
Debian Bug : 894044 894043
Two security vulnerabilities were discovered in the Z shell.
CVE-2018-1071
Stack-based buffer overflow in the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: drupal7
Version: 7.14-2+deb7u18
CVE ID : CVE-2018-7600
Jasper Mattsson found a remote code execution vulnerability in the
Drupal content management system. This potentially allows attackers to
exploit multiple
Hi!
Am 28.03.2018 um 21:50 schrieb Ola Lundqvist:
> Hi Markus
>
> Upstream have now released more information.
>
> Best regards
>
> // Ola
I have just uploaded a security update for Drupal 7 which will address
CVE-2018-7600. The update should be available on the mirrors soon. An
announcement
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Wed, 28 Mar 2018 22:47:59 +0200
Source: drupal7
Binary: drupal7
Architecture: source all
Version: 7.14-2+deb7u18
Distribution: wheezy-security
Urgency: high
Maintainer: Luigi Gangitano <lu...@debian.org>
Changed-By: Markus Ko
: Debian PHP Maintainers <pkg-php-ma...@lists.alioth.debian.org>
Changed-By: Markus Koschany <a...@debian.org>
Description:
libapache2-mod-php5 - server-side, HTML-embedded scripting language (Apache 2
module)
libapache2-mod-php5filter - server-side, HTML-embedded scripting languag
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: xerces-c
Version: 3.1.1-3+deb7u5
CVE ID : CVE-2017-12627
Debian Bug : 894050
Alberto Garcia, Francisco Oca and Suleman Ali of Offensive Research
discovered that the Xerces-C XML parser mishandles certain kinds
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: php5
Version: 5.4.45-0+deb7u13
CVE ID : CVE-2018-7584
Wei Lei and Liu Yang of Nanyang Technological University discovered a
stack-based buffer overflow in PHP5 when parsing a malformed HTTP
response which can be
Maintainer: Jay Berkenbilt <q...@debian.org>
Changed-By: Markus Koschany <a...@debian.org>
Description:
libxerces-c-dev - validating XML parser library for C++ (development files)
libxerces-c-doc - validating XML parser library for C++ (documentation)
libxerces-c-samples - validating XML pa
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: freeplane
Version: 1.1.3-2+deb7u1
CVE ID : CVE-2018-169
Debian Bug : 893663
Wojciech Reguła discovered that Freeplane, a program for working with
mind maps, was affected by a XML External Entity (XXE)
Maintainer: Debian Libvirt Maintainers
<pkg-libvirt-maintain...@lists.alioth.debian.org>
Changed-By: Markus Koschany <a...@debian.org>
Description:
libvirt-bin - programs for the libvirt library
libvirt-dev - development files for the libvirt library
libvirt-doc - documentation for
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: libvirt
Version: 0.9.12.3-1+deb7u3
CVE ID : CVE-2018-1064 CVE-2018-5748
Debian Bug : 887700
Daniel P. Berrange and Peter Krempa of Red Hat discovered a flaw in
libvirt, a virtualization API. A lack of
pkg-java-maintain...@lists.alioth.debian.org>
Changed-By: Markus Koschany <a...@debian.org>
Description:
freeplane - Java program to create and edit mind maps.
libjortho-freeplane-java - Java spell-checking library.
Changes:
freeplane (1.1.3-2+deb7u1) wheezy-security; urgency=high
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: graphicsmagick
Version: 1.3.16-1.1+deb7u19
CVE ID : CVE-2017-18219 CVE-2017-18220 CVE-2017-18229
CVE-2017-18230 CVE-2017-18231 CVE-2018-9018
Various security issues were discovered in
graphicsmagick-libmagick-dev-compat
graphicsmagick-dbg
Architecture: source amd64 all
Version: 1.3.16-1.1+deb7u19
Distribution: wheezy-security
Urgency: high
Maintainer: Daniel Kobras <kob...@debian.org>
Changed-By: Markus Koschany <a...@debian.org>
Description:
graphicsmagick - collect
Hi,
Am 19.03.2018 um 16:23 schrieb Rene Engelhard:
> On Sun, Mar 18, 2018 at 11:39:57AM +0530, Abhijith PA wrote:
>> I prepared LTS security update for graphite2[1]. Debdiff is attached.
>> All tests ran successfully. Please review.
>
> Why would we need one given for jessie and stretch it is
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: exempi
Version: 2.2.0-1+deb7u1
CVE ID : CVE-2017-18233 CVE-2017-18234 CVE-2017-18236
CVE-2017-18238 CVE-2018-7728 CVE-2018-7730
Various issues were discovered in exempi, a library to parse XMP
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: drupal7
Version: 7.14-2+deb7u17
CVE ID : CVE-2017-6927 CVE-2017-6928 CVE-2017-6929
CVE-2017-6932
Debian Bug : 891152 891150 891153 891154
Multiple vulnerabilities have been found in the Drupal
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: tomcat7
Version: 7.0.28-4+deb7u18
CVE ID : CVE-2018-1304 CVE-2018-1305
Two security vulnerabilities have been discovered in the Tomcat
servlet and JSP engine.
CVE-2018-1304
The URL pattern of "" (the empty
: 7.0.28-4+deb7u18
Distribution: wheezy-security
Urgency: high
Maintainer: Debian Java Maintainers
<pkg-java-maintain...@lists.alioth.debian.org>
Changed-By: Markus Koschany <a...@debian.org>
Description:
libservlet3.0-java - Servlet 3.0 and JSP 2.2 Java API classes
libservlet3.0-java-d
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: ghostscript
Version: 9.05~dfsg-6.3+deb7u8
CVE ID : CVE-2018-10194
Debian Bug : 896069
It was discovered that the set_text_distance function in
base/gdevpdts.c in the pdfwrite component in Ghostscript does not
Am 27.09.18 um 04:52 schrieb Antoine Beaupré:
[...]
> Enigmail's work, then, might be better targeted at helping the folks in
> stretch, although I do wonder how we could possibly upgrade GnuPG 2
> (required to get a new version of Enigmail compatible with TB 60) in
> jessie without causing all
Am 27.09.18 um 17:12 schrieb Antoine Beaupré:
[...]
> I wonder what that was all about...
>
> Was the solution for stretch finally to remove enigmail from stable and
> use backports?
AFAIK he hasn't made a decision yet and I doubt he will use backports
because it's not for fixing bugs in
Hello,
Am 27.09.18 um 22:58 schrieb Nye Liu:
> This patch might be broken:
>
> https://bugs.launchpad.net/ubuntu/+source/monit/+bug/1786910
>
> Please consider addressing it.
I think you have reported this issue to the wrong list. The bug is only
present in Ubuntu. This issue is no-dsa in
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: asterisk
Version: 1:11.13.1~dfsg-2+deb8u6
CVE ID : CVE-2018-17281
Debian Bug : 909554
Sean Bright discovered that Asterisk, a PBX and telephony toolkit,
contained a stack overflow vulnerability in the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Sun, 07 Oct 2018 23:06:04 +0200
Source: php-horde-kronolith
Binary: php-horde-kronolith
Architecture: source all
Version: 4.2.2-4+deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: Horde Maintainers
Changed-By: Markus
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: php-horde-core
Version: 2.15.0+debian0-1+deb8u2
CVE ID : CVE-2017-16907
Debian Bug : 909800
It was discovered that the Horde Application Framework written in PHP
was affected by a Cross-site scripting
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: php-horde
Version: 5.2.1+debian0-2+deb8u4
CVE ID : CVE-2017-16907
Debian Bug : 909739
It was discovered that the Horde Application Framework written in PHP
was affected by a Cross-site scripting vulnerability
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Mon, 15 Oct 2018 19:23:10 +0200
Source: moin
Binary: python-moinmoin
Architecture: source all
Version: 1.9.8-1+deb8u2
Distribution: jessie-security
Urgency: high
Maintainer: Steve McIntyre <93...@debian.org>
Changed-By:
: 7.0.56-3+really7.0.91-1
Distribution: jessie-security
Urgency: high
Maintainer: Debian Java Maintainers
Changed-By: Markus Koschany
Description:
libservlet3.0-java - Servlet 3.0 and JSP 2.2 Java API classes
libservlet3.0-java-doc - Servlet 3.0 and JSP 2.2 Java API documentation
libtomcat7-java
-security
Urgency: high
Maintainer: Debian Printing Team
Changed-By: Markus Koschany
Description:
ghostscript - interpreter for the PostScript language and for PDF
ghostscript-dbg - interpreter for the PostScript language and for PDF - Debug
symbo
ghostscript-doc - interpreter
401 - 500 of 1029 matches
Mail list logo