[SECURITY] [DLA 2486-1] xorg-server security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-2486-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort December 09, 2020

[SECURITY] [DLA 2479-1] thunderbird security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-2479-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort December 04, 2020

[SECURITY] [DLA 2478-1] postgresql-9.6 security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-2478-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort December 02, 2020

[SECURITY] [DLA 2466-1] drupal7 security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-2466-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort November 27, 2020

[SECURITY] [DLA 2464-1] thunderbird security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-2464-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort November 23, 2020

[SECURITY] [DLA 2458-1] drupal7 security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-2458-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort November 19, 2020

[SECURITY] [DLA 2457-1] firefox-esr security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-2457-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort November 19, 2020

[SECURITY] [DLA 2450-1] libproxy security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-2450-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort November 13, 2020

[SECURITY] [DLA 2449-1] thunderbird security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-2449-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort November 13, 2020

[SECURITY] [DLA 2412-1] openjdk-8 security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-2412-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort October 23, 2020

[SECURITY] [DLA 2416-1] thunderbird security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-2416-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort October 27, 2020

[SECURITY] [DLA 2411-1] firefox-esr security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-2411-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort October 21, 2020

[SECURITY] [DLA 2409-1] mariadb-10.1 security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-2409-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort October 21, 2020

[SECURITY] [DLA 2408-1] thunderbird security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-2408-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort October 17, 2020

[SECURITY] [DLA 2387-2] firefox-esr regression update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-2387-2debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort September 29, 2020

[SECURITY] [DLA 2387-1] firefox-esr security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-2387-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort September 28, 2020

[SECURITY] [DLA 2361-1] libx11 security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-2361-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort September 01, 2020

[SECURITY] [DLA 2346-1] firefox-esr security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-2346-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort August 27, 2020

[SECURITY] [DLA 2325-1] openjdk-8 security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-2325-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort August 13, 2020

[SECURITY] [DLA 2315-1] gupnp security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-2315-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort August 06, 2020

[SECURITY] [DLA 2314-1] clamav security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-2314-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort August 06, 2020

[SECURITY] [DLA 2312-1] libx11 security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-2312-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort August 04, 2020

[SECURITY] [DLA 2310-1] thunderbird security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-2310-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort August 02, 2020

[SECURITY] [DLA 2301-1] json-c security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-2301-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort July 30, 2020

[SECURITY] [DLA 2297-1] firefox-esr security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-2297-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort July 29, 2020

[SECURITY] [DLA 2287-1] poppler security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-2287-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort July 23, 2020

[SECURITY] [DLA 2285-1] librsvg security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-2285-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort July 22, 2020

[SECURITY] [DLA 2281-1] evolution-data-server security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-2281-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort July 16, 2020

[SECURITY] [DLA 2272-1] Debian 8 Long Term Support reaching end-of-life

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 The Debian Long Term Support (LTS) Team hereby announces that Debian 8 jessie support has reached its end-of-life on June 30, 2020, five years after its initial release on April 26, 2015. Debian will not provide further security updates for Debian

[SECURITY] [DLA 2172-1] thunderbird security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: thunderbird Version: 1:68.7.0-1~deb8u1 CVE ID : CVE-2020-6819 CVE-2020-6820 CVE-2020-6821 CVE-2020-6822 CVE-2020-6825 Multiple security issues have been found in Thunderbird which could result in

[SECURITY] [DLA 2170-1] firefox-esr security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: firefox-esr Version: 68.7.0esr-1~deb8u1 CVE ID : CVE-2020-6819 CVE-2020-6820 CVE-2020-6821 CVE-2020-6822 CVE-2020-6825 Multiple security issues have been found in the Mozilla Firefox web browser,

[SECURITY] [DLA 2151-1] icu security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: icu Version: 52.1-8+deb8u8 CVE ID : CVE-2020-10531 Debian Bug : 953747 It was discovered that an integer overflow in the International Components for Unicode (ICU) library could result in denial of service and

[SECURITY] [DLA 2150-1] thunderbird security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: thunderbird Version: 1:68.6.0-1~deb8u1 CVE ID : CVE-2019-20503 CVE-2020-6805 CVE-2020-6806 CVE-2020-6807. CVE-2020-6811 CVE-2020-6812 CVE-2020-6814 Multiple security issues have been found in

[SECURITY] [DLA 2144-1] qemu security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: qemu Version: 1:2.1+dfsg-12+deb8u14 CVE ID : CVE-2020-1711 CVE-2020-8608 Two out-of-bounds heap buffer accesses were found in QEMU, a fast processor emulator, which could result in denial of service or abitrary code

[SECURITY] [DLA 2140-1] firefox-esr security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: firefox-esr Version: 68.6.0esr-1~deb8u1 CVE ID : CVE-2019-20503 CVE-2020-6805 CVE-2020-6806 CVE-2020-6807 CVE-2020-6811 CVE-2020-6812 CVE-2020-6814 Multiple security issues have been found in the

[SECURITY] [DLA 2128-1] openjdk-7 security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: openjdk-7 Version: 7u251-2.6.21-1~deb8u1 CVE ID : CVE-2020-2583 CVE-2020-2590 CVE-2020-2593 CVE-2020-2601 CVE-2020-2604 CVE-2020-2654 CVE-2020-2659 Several vulnerabilities have been discovered in

[SECURITY] [DLA 2119-1] python-pysaml2 security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: python-pysaml2 Version: 2.0.0-1+deb8u3 CVE ID : CVE-2020-5390 Debian Bug : 949322 It was discovered that pysaml2, a Python implementation of SAML to be used in a WSGI environment, was susceptible to XML

[SECURITY] [DLA 2111-1] jackson-databind security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: jackson-databind Version: 2.4.2-2+deb8u11 CVE ID : CVE-2019-20330 CVE-2020-8840 It was found that jackson-databind, a Java library used to parse JSON and other data formats, could deserialize data without proper

[SECURITY] [DLA 2112-1] python-reportlab security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: python-reportlab Version: 3.1.8-3+deb8u2 CVE ID : CVE-2019-17626 Debian Bug : 942763 It was found that ReportLab, a Python library to create PDF documents, did not properly parse color strings, allowing an

[SECURITY] [DLA 2108-1] clamav security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: clamav Version: 0.101.5+dfsg-0+deb8u1 CVE ID : CVE-2019-15961 Debian Bug : 945265 It was found that ClamAV, an antivirus software, was susceptible to a denial of service attack by unauthenticated users via

[SECURITY] [DLA 2107-1] spamassassin security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: spamassassin Version: 3.4.2-0+deb8u3 CVE ID : CVE-2020-1930 CVE-2020-1931 Debian Bug : 950258 Two vulnerabilities were discovered in spamassassin, a Perl-based spam filter using text analysis. Malicious rule or

[SECURITY] [DLA 2104-1] thunderbird security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: thunderbird Version: 1:68.5.0-1~deb8u1 CVE ID : CVE-2020-6792 CVE-2020-6793 CVE-2020-6794 CVE-2020-6795 CVE-2020-6798 CVE-2020-6800 Multiple security issues have been found in Thunderbird, which may

[SECURITY] [DLA 2102-1] firefox-esr security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: firefox-esr Version: 68.5.0esr-1~deb8u1 CVE ID : CVE-2020-6796 CVE-2020-6798 CVE-2020-6800 Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution

[SECURITY] [DLA 2093-1] firefox-esr security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: firefox-esr Version: 68.4.1esr-1~deb8u1 CVE ID : CVE-2019-17026 An issue was found in the IonMonkey JIT compiler of the Mozilla Firefox web browser which could lead to arbitrary code execution. For Debian 8

[SECURITY] [DLA 2038-1] libssh security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: libssh Version: 0.6.3-4+deb8u4 CVE ID : CVE-2019-14889 Debian Bug : 946548 It was found that libssh, a tiny C SSH library, does not sufficiently sanitize path parameters provided to the server, allowing an

[SECURITY] [DLA 2036-1] thunderbird security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: thunderbird Version: 1:68.3.0-2~deb8u1 CVE ID : CVE-2019-17005 CVE-2019-17008 CVE-2019-17010 CVE-2019-17011 CVE-2019-17012 Multiple security issues have been found in Thunderbird which could

[SECURITY] [DLA 2029-1] firefox-esr security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: firefox-esr Version: 68.3.0esr-1~deb8u1 CVE ID : CVE-2019-17005 CVE-2019-17008 CVE-2019-17010 CVE-2019-17011 CVE-2019-17012 Multiple security issues have been found in the Mozilla Firefox web

[SECURITY] [DLA 1997-1] thunderbird security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: thunderbird Version: 1:68.2.2-1~deb8u1 CVE ID : CVE-2019-11755 CVE-2019-11757 CVE-2019-11759 CVE-2019-11760 CVE-2019-11761 CVE-2019-11762 CVE-2019-11763 CVE-2019-11764 CVE-2019-15903

[SECURITY] [DLA 1987-1] firefox-esr security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: firefox-esr Version: 68.2.0esr-1~deb8u1 CVE ID : CVE-2019-11757 CVE-2019-11759 CVE-2019-11760 CVE-2019-11761 CVE-2019-11762 CVE-2019-11763 CVE-2019-11764 CVE-2019-15903 Multiple security issues have

[SECURITY] [DLA 1958-1] libdatetime-timezone-perl new upstream version

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: libdatetime-timezone-perl Version: 1:1.75-2+2019c This update includes the changes in tzdata 2019c for the Perl bindings. For the list of changes, see DLA-1957-1. For Debian 8 "Jessie", this problem has been fixed in

[SECURITY] [DLA 1957-1] tzdata new upstream version

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: tzdata Version: 2019c-0+deb8u1 This update includes the changes in tzdata 2018c. Notable changes are: - Brazil has canceled DST and will stay on standard time indefinitely. - Fiji's next DST transitions will be

[SECURITY] [DLA 1926-1] thunderbird security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: thunderbird Version: 1:60.9.0-1~deb8u1 CVE ID : CVE-2019-11739 CVE-2019-11740 CVE-2019-11742 CVE-2019-11743 CVE-2019-11744 CVE-2019-11746 CVE-2019-11752 Multiple security issues have been found in

[SECURITY] [DLA 1910-1] firefox-esr security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: firefox-esr Version: 60.9.0esr-1~deb8u1 CVE ID : CVE-2019-9812 CVE-2019-11740 CVE-2019-11742 CVE-2019-11743 CVE-2019-11744 CVE-2019-11746 CVE-2019-11752 Multiple security issues have been found in

[SECURITY] [DLA 1882-1] atril security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: atril Version: 1.8.1+dfsg1-4+deb8u2 CVE ID : CVE-2017-1000159 CVE-2019-11459 CVE-2019-1010006 A few issues were found in Atril, the MATE document viewer. CVE-2017-1000159 When printing from DVI to PDF, the

[SECURITY] [DLA 1880-1] ghostscript security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: ghostscript Version: 9.26a~dfsg-0+deb8u4 CVE ID : CVE-2019-10216 Debian Bug : 934638 Netanel reported that the .buildfont1 procedure in Ghostscript, the GPL PostScript/PDF interpreter, does not properly restrict

[SECURITY] [DLA 1878-1] php5 security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: php5 Version: 5.6.40+dfsg-0+deb8u5 CVE ID : CVE-2019-11041 CVE-2019-11042 Two heap buffer overflows were found in the EXIF parsing code of PHP, a widely-used open source general purpose scripting language. For

[SECURITY] [DLA 1870-1] thunderbird security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: thunderbird Version: 1:60.8.0-1~deb8u1 CVE ID : CVE-2019-9811 CVE-2019-11709 CVE-2019-11711 CVE-2019-11712 CVE-2019-11713 CVE-2019-11715 CVE-2019-11717 CVE-2019-11730 Multiple security issues have

[SECURITY] [DLA 1869-1] firefox-esr security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: firefox-esr Version: 60.8.0esr-1~deb8u1 CVE ID : CVE-2019-9811 CVE-2019-11709 CVE-2019-11711 CVE-2019-11712 CVE-2019-11713 CVE-2019-11715 CVE-2019-11717 CVE-2019-11730 Multiple security issues have

[SECURITY] [DLA 1836-1] thunderbird security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: thunderbird Version: 1:60.7.2-1~deb8u1 CVE ID : CVE-2019-11707 CVE-2019-11708 Multiple security issues have been found in Thunderbird which may lead to the execution of arbitrary code if malformed email messages are

[SECURITY] [DLA 1829-1] firefox-esr security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: firefox-esr Version: 60.7.1esr-1~deb8u1 CVE ID : CVE-2019-11707 Samuel Gross discovered a type confusion bug in the JavaScript engine of the Mozilla Firefox web browser, which could result in the execution of

[SECURITY] [DLA 1820-1] thunderbird security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: thunderbird Version: 1:60.7.1-1~deb8u1 CVE ID : CVE-2019-11703 CVE-2019-11704 CVE-2019-11705 CVE-2019-11706 Multiple security issues have been found in Thunderbird which may lead to the execution of arbitrary code

[SECURITY] [DLA 1815-1] poppler security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: poppler Version: 0.26.5-2+deb8u10 CVE ID : CVE-2019-10872 CVE-2019-12293 CVE-2019-12360 Several vulnerabilities have been found in the poppler PDF rendering library, which could result in denial of service or

[SECURITY] [DLA 1813-1] php5 security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: php5 Version: 5.6.40+dfsg-0+deb8u4 CVE ID : CVE-2019-11039 CVE-2019-11040 Two vulnerabilities were found in PHP, a widely-used open source general purpose scripting language. CVE-2019-11039 An integer

[SECURITY] [DLA 1808-1] sox security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: sox Version: 14.4.1-5+deb8u4 CVE ID : CVE-2019-8354 CVE-2019-8355 CVE-2019-8356 CVE-2019-8357 Debian Bug : 927906 Several issues were found in SoX, the Swiss army knife of sound processing programs, that could

[SECURITY] [DLA 1806-1] thunderbird security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: thunderbird Version: 1:60.7.0-1~deb8u1 CVE ID : CVE-2018-18511 CVE-2019-5798 CVE-2019-7317 CVE-2019-9797 CVE-2019-9800 CVE-2019-9816 CVE-2019-9817 CVE-2019-9819 CVE-2019-9820

[SECURITY] [DLA 1800-1] firefox-esr security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: firefox-esr Version: 60.7.0esr-1~deb8u1 CVE ID : CVE-2018-18511 CVE-2019-5798 CVE-2019-7317 CVE-2019-9797 CVE-2019-9800 CVE-2019-9816 CVE-2019-9817 CVE-2019-9819 CVE-2019-9820

[SECURITY] [DLA 1788-1] samba security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: samba Version: 2:4.2.14+dfsg-0+deb8u13 CVE ID : CVE-2018-16860 Isaac Boukris and Andrew Bartlett discovered that the S4U2Self Kerberos extension used in Samba's Active Directory support was susceptible to

[SECURITY] [DLA 1781-1] qemu security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: qemu Version: 1:2.1+dfsg-12+deb8u11 CVE ID : CVE-2018-11806 CVE-2018-18849 CVE-2018-20815 CVE-2019-9824 Debian Bug : 901017 912535 Several vulnerabilities were found in QEMU, a fast processor emulator:

[SECURITY] [DLA 1746-1] drupal7 security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: drupal7 Version: 7.32-1+deb8u16 CVE ID : CVE-2019-6341 It was discovered that missing input sanitising in the file module of Drupal, a fully-featured content management framework, could result in cross-site

[SECURITY] [DLA 1745-1] libdatetime-timezone-perl new upstream version

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: libdatetime-timezone-perl Version: 1:1.75-2+2019a This update includes the changes in tzdata 2019a for the Perl bindings. For the list of changes, see DLA-1744-1. For Debian 8 "Jessie", this problem has been fixed in

[SECURITY] [DLA 1744-1] tzdata new upstream version

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: tzdata Version: 2019a-0+deb8u1 This update includes the changes in tzdata 2019a. Notable changes are: - Palestine started DST on 2019-03-30, instead of 2019-03-23 as previously predicted. - Metlakatla ended its

[SECURITY] [DLA 1743-1] thunderbird security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: thunderbird Version: 1:60.6.1-1~deb8u1 CVE ID : CVE-2018-18506 CVE-2019-9788 CVE-2019-9790 CVE-2019-9791 CVE-2019-9792 CVE-2019-9793 CVE-2019-9795 CVE-2019-9796 Multiple security issues have been

[SECURITY] [DLA 1732-1] openjdk-7 security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: openjdk-7 Version: 7u211-2.6.17-1~deb8u1 CVE ID : CVE-2019-2422 A memory disclosure vulnerability was discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in information disclosure or

[SECURITY] [DLA 1726-1] bash security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: bash Version: 4.3-11+deb8u2 CVE ID : CVE-2016-9401 CVE-2019-9924 Two issues have been fixed in bash, the GNU Bourne-Again Shell: CVE-2016-9401 The popd builtin segfaulted when called with negative out of range

[SECURITY] [DLA 1724-1] ntfs-3g security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: ntfs-3g Version: 1:2014.2.15AR.2-1+deb8u4 CVE ID : CVE-2019-9755 A heap-based buffer overflow was discovered in NTFS-3G, a read-write NTFS driver for FUSE. A local user can take advantage of this flaw for local root

[SECURITY] [DLA 1722-1] firefox-esr security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: firefox-esr Version: 60.6.0esr-1~deb8u1 CVE ID : CVE-2018-18506 CVE-2019-9788 CVE-2019-9790 CVE-2019-9791 CVE-2019-9792 CVE-2019-9793 CVE-2019-9795 CVE-2019-9796 Multiple security

[SECURITY] [DLA 1712-1] libsndfile security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: libsndfile Version: 1.0.25-9.1+deb8u4 CVE ID : CVE-2019-3832 It was found that the fix for CVE-2018-19758 was incomplete. That has been addressed in this update. The description for CVE-2018-19758 follows: A

[SECURITY] [DLA 1684-1] systemd security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: systemd Version: 215-17+deb8u10 CVE ID : CVE-2019-6454 Chris Coulson discovered a flaw in systemd leading to denial of service. An unprivileged user could take advantage of this issue to crash PID1 by sending a

[SECURITY] [DLA 1683-1] rdesktop security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: rdesktop Version: 1.8.4-0+deb8u1 CVE ID : CVE-2018-8791 CVE-2018-8792 CVE-2018-8793 CVE-2018-8794 CVE-2018-8795 CVE-2018-8796 CVE-2018-8797 CVE-2018-8798 CVE-2018-8799 CVE-2018-8800

[SECURITY] [DLA 1678-1] thunderbird security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: thunderbird Version: 1:60.5.1-1~deb8u1 CVE ID : CVE-2018-18356 CVE-2018-18500 CVE-2018-18501 CVE-2018-18505. CVE-2018-18509 CVE-2019-5785 Multiple security issues have been found in the Thunderbird

[SECURITY] [DLA 1677-1] firefox-esr security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: firefox-esr Version: 60.5.1esr-1~deb8u1 CVE ID : CVE-2018-18356 CVE-2019-5785 Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary

[SECURITY] [DLA 1670-1] ghostscript security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: ghostscript Version: 9.26a~dfsg-0+deb8u1 CVE ID : CVE-2019-6116 Tavis Ormandy discovered a vulnerability in Ghostscript, the GPL PostScript/PDF interpreter, which may result in denial of service or the execution of

[SECURITY] [DLA 1655-1] mariadb-10.0 security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: mariadb-10.0 Version: 10.0.38-0+deb8u1 CVE ID : CVE-2019-2529 CVE-2019-2537 Several issues have been discovered in the MariaDB database server. The vulnerabilities are addressed by upgrading MariaDB to the new

[SECURITY] [DLA 1653-1] postgis security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: postgis Version: 2.1.4+dfsg-3+deb8u1 CVE ID : CVE-2017-18359 It was found that the function ST_AsX3D in PostGIS, a module that adds spatial objects to the PostgreSQL object-relational database, did not handle empty

[SECURITY] [DLA 1652-1] libvncserver security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: libvncserver Version: 0.9.9+dfsg2-6.1+deb8u5 CVE ID : CVE-2018-15126 CVE-2018-20748 CVE-2018-20749 CVE-2018-20750 A vulnerability was found by Kaspersky Lab in libvncserver, a C library to implement VNC

[SECURITY] [DLA 1649-1] spice security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: spice Version: 0.12.5-1+deb8u7 CVE ID : CVE-2019-3813 Debian Bug : 920762 Christophe Fergeau discovered an out-of-bounds read vulnerability in spice, a SPICE protocol client and server library, which might

[SECURITY] [DLA 1648-1] firefox-esr security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: firefox-esr Version: 60.5.0esr-1~deb8u1 CVE ID : CVE-2018-18500 CVE-2018-18501 CVE-2018-18505 Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the

[SECURITY] [DLA 1644-1] policykit-1 security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: policykit-1 Version: 0.105-15~deb8u4 CVE ID : CVE-2018-19788 CVE-2019-6133 Two vulnerabilities were found in Policykit, a framework for managing administrative policies and privileges: CVE-2018-19788 It was

[SECURITY] [DLA 1626-1] libdatetime-timezone-perl new upstream version

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: libdatetime-timezone-perl Version: 1:1.75-2+2018i This update includes the changes in tzdata 2018i for the Perl bindings. For the list of changes, see DLA-1625-1. For Debian 8 "Jessie", this problem has been fixed in

[SECURITY] [DLA 1624-1] thunderbird security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: thunderbird Version: 1:60.4.0-1~deb8u1 CVE ID : not yet available Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code or denial of service. For Debian 8

[SECURITY] [DLA 1607-1] samba security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: samba Version: 2:4.2.14+dfsg-0+deb8u11 CVE ID : CVE-2018-14629 CVE-2018-16851 Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix. The Common Vulnerabilities and

[SECURITY] [DLA 1606-1] gcc-4.9 bugfix update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: gcc-4.9 Version: 4.9.2-10+deb8u2 Debian Bug : 727621 This update fixes libstdc++ std::future support on armel, which is necessary to get firefox-esr and thunderbird updates built on that architecture. For Debian 8

[SECURITY] [DLA 1605-1] firefox-esr security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: firefox-esr Version: 60.4.0esr-1~deb8u1 CVE ID : CVE-2018-12405 CVE-2018-17466 CVE-2018-18492 CVE-2018-18493 CVE-2018-18494 CVE-2018-18498 Multiple security issues have been found in the Mozilla

[SECURITY] [DLA 1590-1] openjdk-7 security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: openjdk-7 Version: 7u181-2.6.14-2~deb8u1 CVE ID : CVE-2018-2952 CVE-2018-3136 CVE-2018-3139 CVE-2018-3149 CVE-2018-3169 CVE-2018-3180 CVE-2018-3214 Several vulnerabilities have been discovered in

[SECURITY] [DLA 1575-1] thunderbird security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: thunderbird Version: 1:60.3.0-1~deb8u1 CVE ID : CVE-2017-16541 CVE-2018-5156 CVE-2018-5187 CVE-2018-12361 CVE-2018-12367 CVE-2018-12371 CVE-2018-12376 CVE-2018-12377 CVE-2018-12378

[SECURITY] [DLA 1569-2] libdatetime-timezone-perl regression update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 From: Emilio Pozuelo Monfort To: debian-lts-announce@lists.debian.org Subject: [SECURITY] [DLA 1569-2] libdatetime-timezone-perl regression update Package: libdatetime-timezone-perl Version: 1:1.75-2+2018g.1 The previous update

[SECURITY] [DLA 1571-1] firefox-esr security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: firefox-esr Version: 60.3.0esr-1~deb8u1 CVE ID : CVE-2018-12389 CVE-2018-12390 CVE-2018-12392 CVE-2018-12393 CVE-2018-12395 CVE-2018-12396 CVE-2018-12397 Multiple security issues have been found in

[SECURITY] [DLA 1570-1] mariadb-10.0 security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: mariadb-10.0 Version: 10.0.37-0+deb8u1 CVE ID : CVE-2018-3143 CVE-2018-3156 CVE-2018-3174 CVE-2018-3251 CVE-2018-3282 Several issues have been discovered in the MariaDB database server. The

[SECURITY] [DLA 1569-1] libdatetime-timezone-perl new upstream release

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: libdatetime-timezone-perl Version: 1:1.75-2+2018g This update includes the changes in tzdata 2018g for the Perl bindings. For the list of changes, see DLA-1363-1. For Debian 8 "Jessie", this problem has been fixed in

[SECURITY] [DLA 1435-1] dnsmasq regression update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: dnsmasq Version: 2.72-3+deb8u3 Debian Bug : 860064 The dns-root-data update to 2017072601~deb8u2 broke dnsmasq's init script, making dnsmasq no longer start when dns-root-data was installed. This update fixes dnsmasq's

<    1   2   3   4   >