Package: libreoffice
Version: 1:4.3.3-2+deb8u12
CVE ID : CVE-2018-16858
Alex Infuehr discovered a directory traversal vulnerability which could
result in the execution of Python script code when opening a malformed
document.
For Debian 8 "Jessie", this problem has been
Package: netmask
Version: 2.3.12+deb8u1
Debian Bug : 921565
A buffer overflow was found in netmask which would crash when called
with arbitrarily long inputs.
For Debian 8 "Jessie", this problem has been fixed in version
2.3.12+deb8u1.
We recommend that you upgrade your
Package: rssh
Version: 2.3.4-4+deb8u2
CVE ID : CVE-2019-3463 CVE-2019-3464
More vulnerabilities were found by Nick Cleaton in the rssh code that
could lead to arbitrary code execution under certain circumstances.
CVE-2019-3463
reject rsync --daemon and --config
Package: debian-security-support
Version: 2019.02.01~deb8u1
debian-security-support, the Debian security support coverage checker,
has been updated in jessie.
This marks the end of life of the Enigmail package in jessie. After many
months of work to try backporting the various
Package: systemd
Version: 215-17+deb8u9
CVE ID : CVE-2018-16864 CVE-2018-16865
Debian Bug : 918841 918848
Multiple vulnerabilities were found in the journald component of
systemd which can lead to a crash or code execution.
CVE-2018-16864
An allocation of memory
Package: systemd
Version: 215-17+deb8u8
CVE ID : CVE-2018-1049 CVE-2018-15686 CVE-2018-15688
Debian Bug : 912005 912008
systemd was found to suffer from multiple security vulnerabilities
ranging from denial of service attacks to possible root privilege
escalation.
Package: spamassassin
Version: 3.4.2-0+deb8u1
CVE ID : CVE-2016-1238 CVE-2017-15705 CVE-2018-11780 CVE-2018-11781
Debian Bug : 784023 865924 883775 889501 891041 908969 908970 908971 913571
Multiple vulnerabilities were found in Spamassassin, which could lead
to Remote
Package: phpldapadmin
Version: 1.2.2-5.2+deb8u1
CVE ID : CVE-2017-11107
Debian Bug : 867719
It was discovered that there was a cross-site scripting (XSS) vulnerability in
phpldapadmin, a web-based interface for administering LDAP servers.
For Debian 8 "Jessie", this
Package: gnutls28
Version: 3.3.30-0+deb8u1
CVE ID : CVE-2018-10844 CVE-2018-10845 CVE-2018-10846
A set of vulnerabilities was discovered in GnuTLS which allowed
attackers to do plain text recovery on TLS connections with certain
cipher types.
CVE-2018-10844
It was
Package: python3.4
Version: 3.4.2-1+deb8u1
CVE ID : CVE-2017-1000158 CVE-2018-1060 CVE-2018-1061 CVE-2018-1000802
Multiple vulnerabilities were found in the CPython interpreter which
can cause denial of service, information gain, and arbitrary code
execution.
Package: python2.7
Version: 2.7.9-2+deb8u2
CVE ID : CVE-2017-1000158 CVE-2018-1060 CVE-2018-1061 CVE-2018-1000802
Multiple vulnerabilities were found in the CPython interpreter which
can cause denial of service, information gain, and arbitrary code
execution.
Package: git-annex
Version: 5.20141125+oops-1+deb8u2
CVE ID : CVE-2017-12976 CVE-2018-10857 CVE-2018-10859
Debian Bug : 873088
The git-annex package was found to have multiple vulnerabilities when
operating on untrusted data that could lead to arbitrary command
Package: twitter-bootstrap3
Version: 3.2.0+dfsg-1+deb7u1
CVE ID : CVE-2018-14040
Debian Bug : 907414
The Bootstrap framework was found to have cross-site scripting
vulnerabilities in the "collapse" plugin.
For Debian 8 "Jessie", this problem has been fixed in version
Package: mercurial
Version: 3.1.2-2+deb8u5
CVE ID : CVE-2017-9462 CVE-2017-17458 CVE-2018-1000132
Debian Bug : 861243 892964 901050
Some security vulnerabilities were found in Mercurial which allow
authenticated users to trigger arbitrary code execution and
Package: dokuwiki
Version: 0.0.20140505.a+dfsg-4+deb8u1
CVE ID : CVE-2017-18123
Debian Bug : 889281
The call parameter of /lib/exe/ajax.php in DokuWiki through
2017-02-19e does not properly encode user input, which leads to a
reflected file download vulnerability, and
Package: opencv
Version: 2.3.1-11+deb7u4
CVE ID : CVE-2018-5268 CVE-2018-5269
Debian Bug : 886674 886675
Two vulnerabilities were found in OpenCV, the "Open Computer Vision
Library".
CVE-2018-5268
In OpenCV 3.3.1, a heap-based buffer overflow happens in
Package: qemu
Version: 1.1.2+dfsg-6+deb7u25
CVE ID : CVE-2018-7550
Debian Bug : 892041
The load_multiboot function in hw/i386/multiboot.c in Quick Emulator
(aka QEMU) allows local guest OS users to execute arbitrary code on
the QEMU host via a mh_load_end_addr value
Package: mercurial
Version: 2.2.2-4+deb7u7
CVE ID : CVE-2018-1000132
Debian Bug : 892964
Mercurial version 4.5 and earlier contains a Incorrect Access Control
(CWE-285) vulnerability in Protocol server that can result in
Unauthorized data access. This attack appear to
Package: openssl
Version: 1.0.1t-1+deb7u4
CVE ID : CVE-2018-0739
It was discovered that constructed ASN.1 types with a recursive
definition could exceed the stack, potentially leading to a denial of
service.
Details can be found in the upstream advisory:
Package: memcached
Version: 1.4.13-0.2+deb7u4
CVE ID : CVE-2018-1000127
Debian Bug : #894404
memcached version prior to 1.4.37 contains an Integer Overflow
vulnerability that can result in data corruption and deadlocks. This
attack is exploitable via network
Package: p7zip
Version: 9.20.1~dfsg.1-4+deb7u3
CVE ID : CVE-2017-17969
Debian Bug : 888297
The p7zip package has a heap-based buffer overflow in the
NCompress::NShrink::CDecoder::CodeReal method in 7-Zip which allows
remote attackers to cause a denial of service
Package: openssh
Version: 1:6.0p1-4+deb7u7
CVE ID : CVE-2016-10708
OpenSSH was found to be vulnerable to out of order NEWKEYS messages
which could crash the daemon, resulting in a denial of service attack.
For Debian 7 "Wheezy", these problems have been fixed in version
Package: graphicsmagick
Version: 1.3.16-1.1+deb7u12
CVE ID : CVE-2017-14103 CVE-2017-14314 CVE-2017-14504
CVE-2017-14733 CVE-2017-14994 CVE-2017-14997
CVE-2017-15930
Debian Bug : 87
Multiple vulnerabilities were found in
Package: wpa
Version: 1.0-3+deb7u5
CVE ID : CVE-2017-13077 CVE-2017-13078 CVE-2017-13079 CVE-2017-13080
CVE-2017-13081 CVE-2017-13082 CVE-2017-13086 CVE-2017-13087
CVE-2017-13088
A vulnerability was found in how WPA code can be triggered
Package: git-annex
Version: 3.20120629+deb7u1
CVE ID : CVE-2017-12976
Debian Bug : 873088
git-annex before 6.20170818 allows remote attackers to execute arbitrary
commands via an ssh URL with an initial dash character in the hostname,
as demonstrated by an
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Package: ruby1.8
Version: 1.8.7.358-7.1+deb7u4
CVE ID : CVE-2017-0898 CVE-2017-10784
Debian Bug : 875931 875936
Some vulnerabilities were found in the Ruby 1.8 package that affects
the LTS distribution.
CVE-2017-0898
Package: apache2
Version: 2.2.22-13+deb7u11
CVE ID : CVE-2015-0253 CVE-2016-8743
Debian Bug : 858373
The fix for CVE-2016-8743 introduced a regression which would segfault
apache workers under certain conditions (#858373), an issue similar to
previously fixed
Package: unattended-upgrades
Version: 0.79.5+wheezy3
Debian Bug : 867169
Since the release of the last Debian stable release ("stretch"),
Debian LTS ("wheezy") has been renamed "oldoldstable", which broke
the unattended-upgrades package as described in bug #867169. Updates
Package: libmtp
Version: 1.1.3-35-g0ece104-5+deb7u1
CVE ID : CVE-2017-9831 CVE-2017-9832
libmtp, a library for communicating with MTP aware devices (like
cellular phones and audio players), was found to be vulnerable to
several integer overflow vulnerabilities, which
Package: sudo
Version: 1.8.5p2-1+nmu3+deb7u4
CVE ID : CVE-2017-1000368
Debian Bug : 863897
Todd Miller's sudo version 1.8.20p1 and earlier is vulnerable to an
input validation (embedded newlines) in the get_process_ttyname()
function resulting in information disclosure
Package: puppet
Version: 2.7.23-1~deb7u4
CVE ID : CVE-2017-2295
Debian Bug : 863212
Versions of Puppet prior to 4.10.1 will deserialize data off the wire
(from the agent to the server, in this case) with a attacker-specified
format. This could be used to force YAML
Package: mercurial
Version: 2.2.2-4+deb7u4
CVE ID : CVE-2017-9462
Debian Bug : 861243
In Mercurial before 4.1.3, "hg serve --stdio" allows remote
authenticated users to launch the Python debugger, and consequently
execute arbitrary code, by using --debugger as a
Package: libsndfile
Version: 1.0.25-9.1+deb7u1
CVE ID : CVE-2015-7805 CVE-2017-7585 CVE-2017-7586 CVE-2017-7741
CVE-2017-7742
Debian Bug : 860255
Multiple vulnerabilities were found in libsndfile, a popular library
for reading/writing audio files.
Package: batik
Version: 1.7+dfsg-3+deb7u2
CVE ID : CVE-2017-5662
Debian Bug : 860566
In Apache Batik before 1.9, files lying on the filesystem of the server
which uses batik can be revealed to arbitrary users who send maliciously
formed SVG files. The file types that
Package: firebird2.5
Version: 2.5.2.26540.ds4-1~deb7u3
CVE ID : CVE-2017-6369
Debian Bug : 858641
George Noseevich discovered that firebird2.5, a relational database
system, did not properly check User-Defined Functions (UDF), thus
allowing remote authenticated users
Package: graphicsmagick
Version: 1.3.16-1.1+deb7u6
CVE ID : CVE-2016-5240
Debian Bug : N/A
The fix for CVE-2016-5240 was improperly applied which resulted in
GraphicsMagick crashing instead of entering an infinite loop with the
given proof of concept.
Furthermore, the
Package: apache2
Version: 2.2.22-13+deb7u8
CVE ID : CVE-2016-8743
This upload fixes a security vulnerability in the header parsing code.
David Dennerline, of IBM Security's X-Force Researchers, and Régis
Leroy discovered problems in the way Apache handled a broad pattern
Package: tiff
Version: 4.0.2-6+deb7u9
CVE ID : CVE-2016-3622 CVE-2016-3623 CVE-2016-3624 CVE-2016-3945
CVE-2016-3990 CVE-2016-9533 CVE-2016-9534 CVE-2016-9535
CVE-2016-9536 CVE-2016-9537 CVE-2016-9538 CVE-2016-9540
Package: imagemagick
Version: 8:6.7.7.10-5+deb7u10
CVE ID : CVE-2016-7799 CVE-2016-8707 CVE-2016-8862 CVE-2016-8866
CVE-2016-9556
Debian Bug : 840437 845206 848139 845634 845242 845243 845195 845196
845198 845202 845212 845213 845241
Package: tre
Version: 0.8.0-3+deb7u1
CVE ID : CVE-2016-8859
Debian Bug : 842169
A vulnerability has been found in the tre package that could allow an
attacker to perform controlled heap corruption.
For Debian 7 "Wheezy", these problems have been fixed in version
Package: nss
Version: 3.14.5-1+deb7u6
CVE ID : CVE-2015-7181 CVE-2015-7182 CVE-2016-1938 CVE-2016-1950
CVE-2016-1978 CVE-2016-1979
This security update fixes serious security issues in NSS including
arbitrary code execution and remote denial service
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Package: phpmyadmin
Version: 4:3.3.7-11
CVE ID : CVE-2016-2039 CVE-2016-2041
Several flaws were discovered in the CSRF authentication code of
phpMyAdmin.
CVE-2016-2039
The XSRF/CSRF token is generated with a weak
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Package: prosody
Version: 0.7.0-1squeeze1+deb6u2
CVE ID : CVE-2016-0756
The flaw allows a malicious server to impersonate the vulnerable domain
to any XMPP domain whose domain name includes the attacker's domain as a
suffix.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
- -BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Package: smokeping
Version: 2.3.6-5+squeeze2
CVE ID : CVE-2013-4168
CVE-2013-4168
Minor XSS issue resolved in the upstream 2.6.9, discovered by Steven
Chamberlain
44 matches
Mail list logo