[SECURITY] [DLA 858-1] wireshark security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: wireshark Version: 1.12.1+g01b65bf-4+deb8u6~deb7u7 CVE ID : CVE-2017-5596 CVE-2017-5597 CVE-2017-6467 CVE-2017-6468 CVE-2017-6469 CVE-2017-6470 CVE-2017-6471 CVE-2017-6472

[SECURITY] [DLA 844-1] libquicktime security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: libquicktime Version: 2:1.2.4-3+deb7u1 CVE ID : CVE-2016-2399 Debian Bug : 855099 Marco 'nemux' Romano discovered that an integer overflow in the quicktime_read_pascal function in libquicktime 1.2.4 and earlier

[SECURITY] [DLA 838-1] shadow security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: shadow Version: 4.1.5.1-1+deb7u1 CVE ID : CVE-2017-2616 Debian Bug : 855943 Tobias Stoeckmann discovered that su does not properly handle clearing a child PID. A local attacker can take advantage of this flaw

[SECURITY] [DLA 819-2] mysql-5.5 version number correction

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: mysql-5.5 Version: 5.5.54-0+deb7u2 CVE ID : Debian Bug : #854713 This is a correction of DLA 819-1 that mentioned that mysql-5.5 5.5.47-0+deb7u2 was corrected. The corrected package version was 5.5.54-0+deb7u2.

[SECURITY] [DLA 819-1] mysql-5.5 security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: mysql-5.5 Version: 5.5.47-0+deb7u2 CVE ID : Debian Bug : #854713 It has been found that the C client library for MySQL (libmysqlclient.so) has use-after-free vulnerability which can cause crash of applications

[SECURITY] [DLA 804-1] libgd2 security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: libgd2 Version: 2.0.36~rc1~dfsg-6.1+deb7u8 CVE ID : CVE-2016-9317 CVE-2016-10167 CVE-2016-10168 Multiple security issues have been found in the GD Graphics Library. They may lead to the execution of arbitrary code

[SECURITY] [DLA 755-1] dcmtk security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: dcmtk Version: 3.6.0-12+deb7u1 CVE ID : CVE-2015-8979 Debian Bug : 848830 At several places in the code a wrong length of ACSE data structures received over the network can cause overflows or underflows when

[SECURITY] [DLA 707-1] sudo security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: sudo Version: 1.8.5p2-1+nmu3+deb7u2 CVE ID : CVE-2016-7032 CVE-2016-7076 Debian Bug : 842507 It was discovered that the sudo noexec restriction could have been bypassed if application run via sudo executed

[SECURITY] [DLA 694-1] libwmf security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: libwmf Version: 0.2.8.4-10.3+deb7u2 CVE ID : CVE-2016-9011 Debian Bug : 842090 Agostino Sarubbo from Gentoo discovered a flaw in libwmf's Windows Metafile Format (WMF) parser which caused allocation of excessive

[SECURITY] [DLA 636-2] firefox-esr regression update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: firefox-esr Version: 45.4.0esr-1~deb7u2 The update of firefox-esr to 45.4.0esr-1~deb7u1 caused build failure on armel and armhf architectures. For Debian 7 "Wheezy", these problems have been fixed in version

[SECURITY] [DLA 643-1] chicken security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: chicken Version: 4.7.0-1+deb7u1 CVE ID : CVE-2016-6830 CVE-2016-6831 Multiple vulnerabilities have been found in the CHICKEN Scheme compiler: CVE-2016-6830 Buffer overrun in CHICKEN Scheme's "process-execute"

[SECURITY] [DLA 636-1] firefox-esr security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: firefox-esr Version: 45.4.0esr-1~deb7u1 CVE ID : CVE-2016-5250 CVE-2016-5257 CVE-2016-5261 CVE-2016-5270 CVE-2016-5272 CVE-2016-5274 CVE-2016-5276 CVE-2016-5277 CVE-2016-5278

[SECURITY] [DLA 605-1] eog security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: eog Version: 3.4.2-1+build1+deb7u1 CVE ID : CVE-2016-6855 It was discovered that Eye of GNOME incorrectly handled certain invalid UTF-8 strings. If a user were tricked into opening a specially-crafted image, a

[SECURITY] [DLA 595-1] wireshark security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: wireshark Version: 1.12.1+g01b65bf-4+deb8u6~deb7u3 CVE ID : CVE-2016-6504 CVE-2016-6505 CVE-2016-6506 CVE-2016-6507 CVE-2016-6508 CVE-2016-6509 CVE-2016-6510 CVE-2016-6511 Multiple

[SECURITY] [DLA 591-1] libreoffice security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: libreoffice Version: 3.5.4+dfsg2-0+deb7u8 CVE ID : CVE-2016-1513 An OpenDocument Presentation .ODP or Presentation Template .OTP file can contain invalid presentation elements that lead to memory corruption when

[SECURITY] [REGRESSION] [DLA -] graphite2 regression update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: graphite2 Version: 1.3.6-1~deb7u2 The previous upload of graphite2 (on 2016-04-26) included a .shlib file which did not match the shipped shared libraries preventing packages build-depending on graphite2 libraries to build.

[SECURITY] [DLA 570-1] kde4libs security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: kde4libs Version: 4:4.8.4-4+deb7u2 CVE ID : CVE-2016-6232 Debian Bug : 832620 It was possible to trick kde4libs's KArchiveDirectory::copyTo() function to extract files to arbitrary system locations from a

[SECURITY] [DLA 566-1] cakephp security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: cakephp Version: 1.3.15-1+deb7u1 Debian Bug : 832283 CakePHP, an open-source web application framework for PHP, was vulnerable to SSRF (Server Side Request Forgery) attacks. Remote attacker can utilize it for at least

[SECURITY] [DLA 497-1] wireshark security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: wireshark Version: 1.12.1+g01b65bf-4+deb8u6~deb7u1 CVE ID : CVE-2012-6052 CVE-2012-6053 CVE-2012-6054 CVE-2012-6055 CVE-2012-6056 CVE-2012-6057 CVE-2012-6058 CVE-2012-6059