[SECURITY] [DLA 393-1] srtp security update

2016-01-18 Thread Thorsten Alteholz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Package: srtp Version: 1.4.4~dfsg-6+deb6u2 CVE ID : CVE-2015-6360 Prevent potential DoS attack due to lack of bounds checking on RTP header CSRC count and extension header length. Credit goes to Randell Jesup and the

[SECURITY] [DLA 394-1] passenger security update

2016-01-18 Thread Thorsten Alteholz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Package: passenger Version: 2.2.11debian-2+deb6u1 CVE ID : CVE-2015-7519 agent/Core/Controller/SendRequest.cpp in Phusion Passenger before 4.0.60 and 5.0.x before 5.0.22, when used in Apache integration mode or in

[SECURITY] [DLA 385-2] isc-dhcp regression update

2016-01-18 Thread Mike Gabriel
Package: isc-dhcp Version: 4.1.1-P1-15+squeeze10 CVE ID : CVE-2015-8605 Debian Bug : #810875 With the previous upload of the isc-dhcp package to Debian Squeeze LTS two issues got introduced into LTS that are resolved by this upload. (1) CVE-2015-8605 had only been