Package: lighttpd
Version: 1.4.28-2+squeeze1.7
CVE ID : CVE-2014-3566
Debian Bug : #765702
This update allows to disable SSLv3 in lighttpd in order to protect
against the POODLE attack. SSLv3 is now disabled by default and can be
reenabled (if needed) using the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: expat
Version: 2.0.1-7+squeeze2
CVE ID : CVE-2015-1283
Multiple integer overflows in the XML_GetBuffer function in Expat
through 2.1.0, as used in Google Chrome before 44.0.2403.89 and
other products, allow
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: ghostscript
Version: 8.71~dfsg2-9+squeeze2
CVE ID : CVE-2015-3228
Debian Bug : 793489
In gs_heap_alloc_bytes(), add a sanity check to ensure we don't
overflow the variable holding the actual number of bytes