[SECURITY] [DLA 331-1] polarssl security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Package: polarssl Version: 1.2.9-1~deb6u5 CVE ID : CVE-2015-5291 A flaw was found in PolarSSl and mbed TLS: When the client creates its ClientHello message, due to insufficient bounds checking it can overflow the

[SECURITY] [DLA 332-1] optipng security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: optipng Version: 0.6.4-1+deb6u11 CVE ID : CVE-2015-7801 Gustavo Grieco discovered a use-after-free causing an invalid/double free in optipng 0.6.4. For Debian 6 Squeeze, this issue has been fixed in optipng version

[SECURITY] [DLA 330-1] unzip security update

Package: unzip Version: 6.0-4+deb6u3 CVE ID : CVE-2015-7696 CVE-2015-7697 Debian Bug : 802160 802162 Gustavo Grieco discovered with a fuzzer that unzip was vulnerable to a heap overflow and to a denial of service with specially crafted password-protected ZIP archives.