Package: libreoffice
Version: 1:4.3.3-2+deb8u12
CVE ID : CVE-2018-16858
Alex Infuehr discovered a directory traversal vulnerability which could
result in the execution of Python script code when opening a malformed
document.
For Debian 8 "Jessie", this problem has been fix
Package: libarchive
Version: 3.1.2-11+deb8u7
CVE ID : CVE-2019-119 CVE-2019-120
Fuzzing found two further file-format specific issues in libarchive, a
read-only segfault in 7z, and an infinite loop in ISO9660.
CVE-2019-119
Out-of-bounds Read vulnerability
Package: netmask
Version: 2.3.12+deb8u1
Debian Bug : 921565
A buffer overflow was found in netmask which would crash when called
with arbitrarily long inputs.
For Debian 8 "Jessie", this problem has been fixed in version
2.3.12+deb8u1.
We recommend that you upgrade your netma
Package: rssh
Version: 2.3.4-4+deb8u2
CVE ID : CVE-2019-3463 CVE-2019-3464
More vulnerabilities were found by Nick Cleaton in the rssh code that
could lead to arbitrary code execution under certain circumstances.
CVE-2019-3463
reject rsync --daemon and --config comman
Package: debian-security-support
Version: 2019.02.01~deb8u1
debian-security-support, the Debian security support coverage checker,
has been updated in jessie.
This marks the end of life of the Enigmail package in jessie. After many
months of work to try backporting the various cha
Package: systemd
Version: 215-17+deb8u9
CVE ID : CVE-2018-16864 CVE-2018-16865
Debian Bug : 918841 918848
Multiple vulnerabilities were found in the journald component of
systemd which can lead to a crash or code execution.
CVE-2018-16864
An allocation of memory w
Package: systemd
Version: 215-17+deb8u8
CVE ID : CVE-2018-1049 CVE-2018-15686 CVE-2018-15688
Debian Bug : 912005 912008
systemd was found to suffer from multiple security vulnerabilities
ranging from denial of service attacks to possible root privilege
escalation.
CVE-
Package: spamassassin
Version: 3.4.2-0+deb8u1
CVE ID : CVE-2016-1238 CVE-2017-15705 CVE-2018-11780 CVE-2018-11781
Debian Bug : 784023 865924 883775 889501 891041 908969 908970 908971 913571
Multiple vulnerabilities were found in Spamassassin, which could lead
to Remote
Package: phpldapadmin
Version: 1.2.2-5.2+deb8u1
CVE ID : CVE-2017-11107
Debian Bug : 867719
It was discovered that there was a cross-site scripting (XSS) vulnerability in
phpldapadmin, a web-based interface for administering LDAP servers.
For Debian 8 "Jessie", this pr
Package: gnutls28
Version: 3.3.30-0+deb8u1
CVE ID : CVE-2018-10844 CVE-2018-10845 CVE-2018-10846
A set of vulnerabilities was discovered in GnuTLS which allowed
attackers to do plain text recovery on TLS connections with certain
cipher types.
CVE-2018-10844
It was fou
Package: python3.4
Version: 3.4.2-1+deb8u1
CVE ID : CVE-2017-1000158 CVE-2018-1060 CVE-2018-1061 CVE-2018-1000802
Multiple vulnerabilities were found in the CPython interpreter which
can cause denial of service, information gain, and arbitrary code
execution.
CVE-2017-1000
Package: python2.7
Version: 2.7.9-2+deb8u2
CVE ID : CVE-2017-1000158 CVE-2018-1060 CVE-2018-1061 CVE-2018-1000802
Multiple vulnerabilities were found in the CPython interpreter which
can cause denial of service, information gain, and arbitrary code
execution.
CVE-2017-1000
Package: git-annex
Version: 5.20141125+oops-1+deb8u2
CVE ID : CVE-2017-12976 CVE-2018-10857 CVE-2018-10859
Debian Bug : 873088
The git-annex package was found to have multiple vulnerabilities when
operating on untrusted data that could lead to arbitrary command
executio
Package: gdm3
Version: 3.14.1-7+deb8u1
CVE ID : CVE-2018-14424
The daemon in GDM does not properly unexport display objects from its
D-Bus interface when they are destroyed, which allows a local attacker
to trigger a use-after-free via a specially crafted sequence of D-Bus
Package: ruby2.1
Version: 2.1.5-2+deb8u5
CVE ID : CVE-2016-2337 CVE-2018-173 CVE-2018-174
Debian Bug : 895778 851161
Several vulnerabilities were discovered in Ruby 2.1.
CVE-2016-2337
Type confusion exists in _cancel_eval Ruby's TclTkIp class
method. A
Package: twitter-bootstrap3
Version: 3.2.0+dfsg-1+deb7u1
CVE ID : CVE-2018-14040
Debian Bug : 907414
The Bootstrap framework was found to have cross-site scripting
vulnerabilities in the "collapse" plugin.
For Debian 8 "Jessie", this problem has been fixed in version
3
Package: mercurial
Version: 3.1.2-2+deb8u6
CVE ID : CVE-2017-17458
The fix for arbitrary code execution documented in CVE-2017-17458 was
incomplete in the previous upload. A more exhaustive change was
implemented upstream and completely disables non-Mercurial
subrepositorie
Package: mercurial
Version: 3.1.2-2+deb8u5
CVE ID : CVE-2017-9462 CVE-2017-17458 CVE-2018-1000132
Debian Bug : 861243 892964 901050
Some security vulnerabilities were found in Mercurial which allow
authenticated users to trigger arbitrary code execution and
unauthorized
Package: dokuwiki
Version: 0.0.20140505.a+dfsg-4+deb8u1
CVE ID : CVE-2017-18123
Debian Bug : 889281
The call parameter of /lib/exe/ajax.php in DokuWiki through
2017-02-19e does not properly encode user input, which leads to a
reflected file download vulnerability, and a
Package: cups
Version: 1.7.5-11+deb8u3
CVE ID : CVE-2017-18190 CVE-2017-18248
Two vulnerabilities affecting the cups printing server were found
which can lead to arbitrary IPP command execution and denial of
service.
CVE-2017-18190
A localhost.localdomain whitelist en
Package: libvorbis
Version: 1.3.2-1.3+deb7u1
CVE ID : CVE-2017-11333 CVE-2017-14632 CVE-2017-14633 CVE-2018-5146
Serious vulnerabilities were found in the libvorbis library, commonly
used to encode and decode audio in OGG containers.
2017-14633
In Xiph.Org libvorbis
Package: opencv
Version: 2.3.1-11+deb7u4
CVE ID : CVE-2018-5268 CVE-2018-5269
Debian Bug : 886674 886675
Two vulnerabilities were found in OpenCV, the "Open Computer Vision
Library".
CVE-2018-5268
In OpenCV 3.3.1, a heap-based buffer overflow happens in
cv::Jp
Package: qemu
Version: 1.1.2+dfsg-6+deb7u25
CVE ID : CVE-2018-7550
Debian Bug : 892041
The load_multiboot function in hw/i386/multiboot.c in Quick Emulator
(aka QEMU) allows local guest OS users to execute arbitrary code on
the QEMU host via a mh_load_end_addr value gre
Package: qemu-kvm
Version: 1.1.2+dfsg-6+deb7u25
CVE ID : CVE-2018-7550
Debian Bug : 892041
The load_multiboot function in hw/i386/multiboot.c in Quick Emulator
(aka QEMU) allows local guest OS users to execute arbitrary code on
the QEMU host via a mh_load_end_addr value
Package: mercurial
Version: 2.2.2-4+deb7u7
CVE ID : CVE-2018-1000132
Debian Bug : 892964
Mercurial version 4.5 and earlier contains a Incorrect Access Control
(CWE-285) vulnerability in Protocol server that can result in
Unauthorized data access. This attack appear to b
Package: openssl
Version: 1.0.1t-1+deb7u4
CVE ID : CVE-2018-0739
It was discovered that constructed ASN.1 types with a recursive
definition could exceed the stack, potentially leading to a denial of
service.
Details can be found in the upstream advisory:
https://www.opens
Package: memcached
Version: 1.4.13-0.2+deb7u4
CVE ID : CVE-2018-1000127
Debian Bug : #894404
memcached version prior to 1.4.37 contains an Integer Overflow
vulnerability that can result in data corruption and deadlocks. This
attack is exploitable via network connectivit
Package: p7zip
Version: 9.20.1~dfsg.1-4+deb7u3
CVE ID : CVE-2017-17969
Debian Bug : 888297
The p7zip package has a heap-based buffer overflow in the
NCompress::NShrink::CDecoder::CodeReal method in 7-Zip which allows
remote attackers to cause a denial of service (out-of
Package: openssh
Version: 1:6.0p1-4+deb7u7
CVE ID : CVE-2016-10708
OpenSSH was found to be vulnerable to out of order NEWKEYS messages
which could crash the daemon, resulting in a denial of service attack.
For Debian 7 "Wheezy", these problems have been fixed in version
1:
Package: optipng
Version: 0.6.4-1+deb7u4
CVE ID : CVE-2017-16938
Debian Bug : 878839
optipng, an advanced PNG (Portable Network Graphics) optimizer, has
been found vulnerable to a buffer overflow which allows remote
attackers to cause a denial-of-service attack or other
Package: graphicsmagick
Version: 1.3.16-1.1+deb7u12
CVE ID : CVE-2017-14103 CVE-2017-14314 CVE-2017-14504
CVE-2017-14733 CVE-2017-14994 CVE-2017-14997
CVE-2017-15930
Debian Bug : 87
Multiple vulnerabilities were found in graphicsmag
Package: wpa
Version: 1.0-3+deb7u5
CVE ID : CVE-2017-13077 CVE-2017-13078 CVE-2017-13079 CVE-2017-13080
CVE-2017-13081 CVE-2017-13082 CVE-2017-13086 CVE-2017-13087
CVE-2017-13088
A vulnerability was found in how WPA code can be triggered
Package: golang
Version: 2:1.0.2-1.1+deb7u2
CVE ID : CVE-2017-15041
Go before 1.8.4 and 1.9.x before 1.9.1 allows "go get" remote command
execution. Using custom domains, it is possible to arrange things so
that example.com/pkg1 points to a Subversion repository but
example
Package: git-annex
Version: 3.20120629+deb7u1
CVE ID : CVE-2017-12976
Debian Bug : 873088
git-annex before 6.20170818 allows remote attackers to execute arbitrary
commands via an ssh URL with an initial dash character in the hostname,
as demonstrated by an ssh://-eProxy
Package: git
Version: 1:1.7.10.4-1+wheezy6
CVE ID : CVE-2017-14867
Debian Bug : 876854
joernchen discovered that the git-cvsserver subcommand of Git, a
distributed version control system, suffers from a shell command
injection vulnerability due to unsafe use of the Perl
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Package: rubygems
Version: 1.8.24-1+deb7u1
CVE ID : CVE-2017-0900 CVE-2017-0901
Debian Bug : 873802
Some vulnerabilities were found in the Rubygems package that affects
the LTS distribution.
CVE-2017-0900
DOS vulern
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Package: ruby1.8
Version: 1.8.7.358-7.1+deb7u4
CVE ID : CVE-2017-0898 CVE-2017-10784
Debian Bug : 875931 875936
Some vulnerabilities were found in the Ruby 1.8 package that affects
the LTS distribution.
CVE-2017-0898
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Package: ruby1.9.1
Version: 1.9.3.194-8.1+deb7u6
CVE ID : CVE-2017-0898 CVE-2017-0899 CVE-2017-0900 CVE-2017-0901
CVE-2017-10784 CVE-2017-14033 CVE-2017-14064
Debian Bug : 873802 873906 875928 875931 8759
Package: apache2
Version: 2.2.22-13+deb7u11
CVE ID : CVE-2015-0253 CVE-2016-8743
Debian Bug : 858373
The fix for CVE-2016-8743 introduced a regression which would segfault
apache workers under certain conditions (#858373), an issue similar to
previously fixed CVE-2015-0
Package: unattended-upgrades
Version: 0.79.5+wheezy3
Debian Bug : 867169
Since the release of the last Debian stable release ("stretch"),
Debian LTS ("wheezy") has been renamed "oldoldstable", which broke
the unattended-upgrades package as described in bug #867169. Updates
woul
Package: libmtp
Version: 1.1.3-35-g0ece104-5+deb7u1
CVE ID : CVE-2017-9831 CVE-2017-9832
libmtp, a library for communicating with MTP aware devices (like
cellular phones and audio players), was found to be vulnerable to
several integer overflow vulnerabilities, which allowe
Package: sudo
Version: 1.8.5p2-1+nmu3+deb7u4
CVE ID : CVE-2017-1000368
Debian Bug : 863897
Todd Miller's sudo version 1.8.20p1 and earlier is vulnerable to an
input validation (embedded newlines) in the get_process_ttyname()
function resulting in information disclosure
Package: puppet
Version: 2.7.23-1~deb7u4
CVE ID : CVE-2017-2295
Debian Bug : 863212
Versions of Puppet prior to 4.10.1 will deserialize data off the wire
(from the agent to the server, in this case) with a attacker-specified
format. This could be used to force YAML dese
Package: mercurial
Version: 2.2.2-4+deb7u4
CVE ID : CVE-2017-9462
Debian Bug : 861243
In Mercurial before 4.1.3, "hg serve --stdio" allows remote
authenticated users to launch the Python debugger, and consequently
execute arbitrary code, by using --debugger as a reposit
Package: libsndfile
Version: 1.0.25-9.1+deb7u1
CVE ID : CVE-2015-7805 CVE-2017-7585 CVE-2017-7586 CVE-2017-7741
CVE-2017-7742
Debian Bug : 860255
Multiple vulnerabilities were found in libsndfile, a popular library
for reading/writing audio files.
CVE
Package: fop
Version: 1:1.0.dfsg2-6+deb7u1
CVE ID : CVE-2017-5661
Debian Bug : 860567
In Apache FOP before 2.2, files lying on the filesystem of the server
which uses FOP can be revealed to arbitrary users who send maliciously
formed SVG files. The file types that can b
Package: kedpm
Version: 0.5.0-4+deb7u1
CVE ID : CVE-2017-8296
Debian Bug : 860817
An information disclosure vulnerability was found in kedpm, a password
manager compatible with the figaro password manager file format. The
history file can reveal the master password if i
Package: batik
Version: 1.7+dfsg-3+deb7u2
CVE ID : CVE-2017-5662
Debian Bug : 860566
In Apache Batik before 1.9, files lying on the filesystem of the server
which uses batik can be revealed to arbitrary users who send maliciously
formed SVG files. The file types that ca
Package: firebird2.5
Version: 2.5.2.26540.ds4-1~deb7u3
CVE ID : CVE-2017-6369
Debian Bug : 858641
George Noseevich discovered that firebird2.5, a relational database
system, did not properly check User-Defined Functions (UDF), thus
allowing remote authenticated users to
Package: graphicsmagick
Version: 1.3.16-1.1+deb7u6
CVE ID : CVE-2016-5240
Debian Bug : N/A
The fix for CVE-2016-5240 was improperly applied which resulted in
GraphicsMagick crashing instead of entering an infinite loop with the
given proof of concept.
Furthermore, the
Package: apache2
Version: 2.2.22-13+deb7u8
CVE ID : CVE-2016-8743
This upload fixes a security vulnerability in the header parsing code.
David Dennerline, of IBM Security's X-Force Researchers, and Régis
Leroy discovered problems in the way Apache handled a broad pattern o
Package: tiff
Version: 4.0.2-6+deb7u9
CVE ID : CVE-2016-3622 CVE-2016-3623 CVE-2016-3624 CVE-2016-3945
CVE-2016-3990 CVE-2016-9533 CVE-2016-9534 CVE-2016-9535
CVE-2016-9536 CVE-2016-9537 CVE-2016-9538 CVE-2016-9540
CVE-20
Package: imagemagick
Version: 8:6.7.7.10-5+deb7u10
CVE ID : CVE-2016-7799 CVE-2016-8707 CVE-2016-8862 CVE-2016-8866
CVE-2016-9556
Debian Bug : 840437 845206 848139 845634 845242 845243 845195 845196
845198 845202 845212 845213 845241 84
Package: nagios3
Version: 3.4.1-3+deb7u3
CVE ID : CVE-2016-9565 CVE-2016-9566
Nagios was found to be vulnerable to two security issues that, when
combined, lead to a remote root code execution vulnerability.
Fortunately, the hardened permissions of the Debian package limit
Package: tar
Version: 1.26+dfsg-0.1+deb7u1
CVE ID : CVE-2016-6321
Debian Bug : 842339
A vulnerability has been discovered in the tar package that could allow
an attacker to overwrite arbitrary files through crafted files.
For Debian 7 "Wheezy", these problems have been
Package: tre
Version: 0.8.0-3+deb7u1
CVE ID : CVE-2016-8859
Debian Bug : 842169
A vulnerability has been found in the tre package that could allow an
attacker to perform controlled heap corruption.
For Debian 7 "Wheezy", these problems have been fixed in version
0.8.0-
Package: graphicsmagick
Version: 1.3.16-1.1+deb7u5
CVE ID : CVE-2016-7448 CVE-2016-7996 CVE-2016-7997 CVE-2016-8682
CVE-2016-8683 CVE-2016-8684
Several vulnerabilities have been found in the graphicsmagick package
that may lead to denial of service through
Package: phpmyadmin
Version: 4:3.4.11.1-2+deb7u4
CVE ID : CVE-2016-1927 CVE-2016-2038 CVE-2016-2039 CVE-2016-2040
CVE-2016-2041 CVE-2016-2045 CVE-2016-2560
Debian Bug : 825301
The previous security upload broke the search pages in phpMyAdmin. This
was
Package: phpmyadmin
Version: 4:3.4.11.1-2+deb7u3
CVE ID : CVE-2016-1927 CVE-2016-2038 CVE-2016-2039 CVE-2016-2040
CVE-2016-2041 CVE-2016-2045 CVE-2016-2560
This security update fixes a number of security issues in
phpMyAdmin. We recommend you upgrade your
Package: nss
Version: 3.14.5-1+deb7u6
CVE ID : CVE-2015-7181 CVE-2015-7182 CVE-2016-1938 CVE-2016-1950
CVE-2016-1978 CVE-2016-1979
This security update fixes serious security issues in NSS including
arbitrary code execution and remote denial service attack
Package: chrony
Version: 1.24-3+squeeze3
CVE ID : CVE-2016-1567
Debian Bug : 812923
chrony before 1.31.2 and 2.x before 2.2.1 do not verify peer
associations of symmetric keys when authenticating packets, which might
allow remote attackers to conduct impersonation attac
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Package: phpmyadmin
Version: 4:3.3.7-11
CVE ID : CVE-2016-2039 CVE-2016-2041
Several flaws were discovered in the CSRF authentication code of
phpMyAdmin.
CVE-2016-2039
The XSRF/CSRF token is generated with a weak algori
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Package: prosody
Version: 0.7.0-1squeeze1+deb6u2
CVE ID : CVE-2016-0756
The flaw allows a malicious server to impersonate the vulnerable domain
to any XMPP domain whose domain name includes the attacker's domain as a
suffix.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
- -BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Package: smokeping
Version: 2.3.6-5+squeeze2
CVE ID : CVE-2013-4168
CVE-2013-4168
Minor XSS issue resolved in the upstream 2.6.9, discovered by Steven
Chamberlain a
64 matches
Mail list logo