[SECURITY] [DLA 2140-1] firefox-esr security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: firefox-esr Version: 68.6.0esr-1~deb8u1 CVE ID : CVE-2019-20503 CVE-2020-6805 CVE-2020-6806 CVE-2020-6807 CVE-2020-6811 CVE-2020-6812 CVE-2020-6814 Multiple security issues have been found in the Moz

[SECURITY] [DLA 2139-1] dojo security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: dojo Version: 1.10.2+dfsg-1+deb8u3 CVE ID : CVE-2020-5258 CVE-2020-5259 Debian Bug : 953585 953587 The following CVEs were reported against dojo: CVE-2020-5258 In affected versions of dojo, the deepCopy me

[SECURITY] [DLA 2137-1] sleuthkit security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: sleuthkit Version: 4.1.3-4+deb8u2 CVE ID : CVE-2020-10232 In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is a stack buffer overflow vulnerability in the YAFFS file timestamp parsing logic in yaffsfs_ist

[SECURITY] [DLA 2138-1] wpa security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Package: wpa Version: 2.3-1+deb8u10 CVE ID : CVE-2019-10064 Similar to CVE-2016-10743 the host access point daemon, hostapd, in EAP mode used a low quality pseudorandom number generator that leads to insufficient entropy. The