-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: polarssl
Version: 1.2.9-1~deb6u5
CVE ID : CVE-2015-5291
A flaw was found in PolarSSl and mbed TLS:
When the client creates its ClientHello message, due to insufficient
bounds checking it can overflow the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Package: optipng
Version: 0.6.4-1+deb6u11
CVE ID : CVE-2015-7801
Gustavo Grieco discovered a use-after-free causing an invalid/double
free in optipng 0.6.4.
For Debian 6 Squeeze, this issue has been fixed in optipng version
Package: unzip
Version: 6.0-4+deb6u3
CVE ID : CVE-2015-7696 CVE-2015-7697
Debian Bug : 802160 802162
Gustavo Grieco discovered with a fuzzer that unzip was vulnerable to a
heap overflow and to a denial of service with specially crafted
password-protected ZIP archives.