[SECURITY] [DLA 2231-1] sane-backends security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Package: sane-backends Version: 1.0.24-8+deb8u3 CVE ID : CVE-2020-12867 Debian Bug : 961302 Remote denial of service and several memory management issues were fixed in the epson2 driver. For Debian 8 "Jessie", this problem has been fixed in version 1.0.24-8+deb8u3. We recommend that you upgrade your sane-backends packages if you are using the epson2 driver. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAl7UH5cACgkQiNJCh6LY mLE+ShAAiNchtUfRPx7fQUCvC/imHHRAYBit3MXWNBVoAyK/K08TkUs8biCVBdI4 UeNG5DjSPDlk0XcWL7hjIeC9BzMzJfOR3ZK2kXkCwIB9irk+RroYelEoYe31Nm/G Aae/ZPL8No/xgduGHKAF+hRrfP/qa/Z4RLPYximPIgd5Tltu9wYuSd5Vow12rdxb B2Lg5sy2BdnPB8qXxsGoKN8Mc5f8evFbLUpdOPdj4fdGaGA7A0DF2xKxL/KKXZVv t0BHdTubPdCPQk6HW9rUkZOOOycQY46NE+FHJX5aQStSIXp+fMXQVWqS+kgntUai 5lmc9eG9UaSa2iZzye3W8A4gxwnFmYqn4nxGQnEow4vUtLcYKxiveAHn0+sz6XMn XGtOscRoo00PecNv1LJGe0gnOsfwMFsXbkKDWHXmTRfnqjS0HZefHB6Z8pcDJSku 0FyxpX8sLAW8xMQtDhn/CYAGEdIn/KfSuH3kBShmPteF8dPI+x05sbjQ9aCm7o9G cG0mnqmeyl+YWB/a22ZcQIeTsHv3/6KLVhxLzwRMcmWw54CouwU5mA8JdYJYCFb+ h/egLzMhkVLCXl77zC2sArhkzUnixjE9HPSnO+Koqy8ajhh7CLbtTzuszlQkt70r COuLxTDLGf7kTznzv79w0R66Y3Y+DBaMXws7STyLkm3SJVGmw4s= =hRkM -END PGP SIGNATURE-
[SECURITY] [DLA 2230-1] php-horde security update
Package: php-horde Version: 5.2.1+debian0-2+deb8u6 CVE ID : CVE-2020-8035 The image view functionality in Horde Groupware Webmail Edition was affected by a stored Cross-Site Scripting (XSS) vulnerability via an SVG image upload containing a JavaScript payload. An attacker could have obtained access to a victim's webmail account by making them visit a malicious URL. For Debian 8 "Jessie", this problem has been fixed in version 5.2.1+debian0-2+deb8u6. We recommend that you upgrade your php-horde packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -- mike gabriel aka sunweaver (Debian Developer) fon: +49 (1520) 1976 148 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: sunwea...@debian.org, http://sunweavers.net signature.asc Description: PGP signature
[SECURITY] [DLA 2229-1] php-horde-gollem security update
Package: php-horde-gollem Version: 3.0.3-2+deb8u1 CVE ID : CVE-2020-8034 Debian Bug : 961649 Gollem, as used in Horde Groupware Webmail Edition and other products, had been affected by a reflected Cross-Site Scripting (XSS) vulnerability via the HTTP GET dir parameter in the browser functionality, affecting breadcrumb output. An attacker could have obtained access to a victim's webmail account by making them visit a malicious URL. For Debian 8 "Jessie", this problem has been fixed in version 3.0.3-2+deb8u1. We recommend that you upgrade your php-horde-gollem packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -- mike gabriel aka sunweaver (Debian Developer) fon: +49 (1520) 1976 148 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: sunwea...@debian.org, http://sunweavers.net signature.asc Description: PGP signature
[SECURITY] [DLA 2228-1] json-c security update
Package: json-c Version: 0.11-4+deb8u1 CVE ID : CVE-2020-12762 Debian Bug : 960326 The json-c shared library had an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend. For Debian 8 "Jessie", this problem has been fixed in version 0.11-4+deb8u1. We recommend that you upgrade your json-c packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -- mike gabriel aka sunweaver (Debian Developer) fon: +49 (1520) 1976 148 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: sunwea...@debian.org, http://sunweavers.net signature.asc Description: PGP signature