Package: debian-security-support
Version: 2018.01.29~deb7u1
This update marks several packages as no longer supported by wheezy-lts:
teamspeak-server, teamspeak-client, libstruts1.2-java, nvidia-graphics-drivers,
glassfish, jbossas4, libnet-ping-external-perl, mp3gain, tor,
Package: thunderbird
Version: 1:52.6.0-1~deb7u1
CVE ID : CVE-2018-5089 CVE-2018-5095 CVE-2018-5096 CVE-2018-5097
CVE-2018-5098 CVE-2018-5099 CVE-2018-5102 CVE-2018-5103
CVE-2018-5104 CVE-2018-5117
Debian Bug : 885157 885158 887766
Package: thunderbird
Version: 1:52.5.2-1~deb7u1
CVE ID : CVE-2017-7829 CVE-2017-7846 CVE-2017-7847 CVE-2017-7848
Multiple security issues have been found in the Mozilla Thunderbird mail
client including information leaks, unintended JavaScript execution and
sender address
Package: ruby1.9.1
Version: 1.9.3.194-8.1+deb7u7
CVE ID : CVE-2017-17405 CVE-2017-17790
Several vulnerabilities have been discovered in the interpreter for the
Ruby language. The Common Vulnerabilities and Exposures project
identifies the following problems:
Package: ruby1.8
Version: 1.8.7.358-7.1+deb7u5
CVE ID : CVE-2017-17405 CVE-2017-17790
Several vulnerabilities have been discovered in the interpreter for the
Ruby language. The Common Vulnerabilities and Exposures project
identifies the following problems:
CVE-2017-17405
Package: thunderbird
Version: 1:52.5.0-1~deb7u1
CVE ID : CVE-2017-7826 CVE-2017-7828 CVE-2017-7830
Multiple security issues have been found in the Mozilla Thunderbird mail
client: Multiple memory safety errors, use after free and other
implementation errors may lead to
Package: debsecan
Version: 0.4.16+nmu1+deb7u1
Debian Bug : 842428
Debsecan in Wheezy in its default configuration currently fails to
download recent vulnerability data due to an URL change.
For Debian 7 "Wheezy", these problems have been fixed in version
0.4.16+nmu1+deb7u1.
Package: samba
Version: 2:3.6.6-6+deb7u14
CVE ID : CVE-2017-12150 CVE-2017-12163
CVE-2017-12150
Stefan Metzmacher discovered multiple code paths where SMB signing
was not enforced.
CVE-2017-12163
Yihan Lian and Zhibin Hu discovered that insufficient range
Package: tcpdump
Version: 4.9.2-1~deb7u1
CVE ID : CVE-2017-12894 CVE-2017-12895 CVE-2017-12896 CVE-2017-12897
CVE-2017-12898 CVE-2017-12899 CVE-2017-12900 CVE-2017-12901
CVE-2017-12902 CVE-2017-12985 CVE-2017-12986 CVE-2017-12987
Package: tcpdump
Version: 4.9.0-1~deb7u2
CVE ID : CVE-2017-11108 CVE-2017-11541 CVE-2017-11542 CVE-2017-11543
Several vulnerabilities have been discovered in tcpdump, a command-line
network traffic analyzer. These vulnerabilities might result in denial
of service
Package: gnupg
Version: 1.4.12-7+deb7u9
CVE ID : CVE-2017-7526
Daniel J. Bernstein, Joachim Breitner, Daniel Genkin, Leon Groot
Bruinderink, Nadia Heninger, Tanja Lange, Christine van Vredendaal and
Yuval Yarom discovered that gnupg is prone to a local side-channel
attack
Package: qemu-kvm
Version: 1.1.2+dfsg-6+deb7u23
CVE ID : CVE-2017-6505 CVE-2017-8309 CVE-2017-10664 CVE-2017-11434
Multiple vulnerabilities were discovered in qemu-kvm, a full
virtualization solution for Linux hosts on x86 hardware with x86 guests
based on the Quick
Package: qemu
Version: 1.1.2+dfsg-6+deb7u22
CVE ID : CVE-2016-9602 CVE-2016-9603 CVE-2017-7377 CVE-2017-7471
CVE-2017-7493 CVE-2017-7718 CVE-2017-7980 CVE-2017-8086
Several vulnerabilities were discovered in qemu, a fast processor
emulator. The Common
Package: heimdal
Version: 1.6~git20120403+dfsg1-2+deb7u1
CVE ID : CVE-2017-11103
Debian Bug : 868208
Jeffrey Altman, Viktor Duchovni and Nico Williams identified a mutual
authentication bypass vulnerability in Heimdal Kerberos. Also known as
Orpheus' Lyre, this
Package: icedove
Version: 1:52.2.1-1~deb7u1
CVE ID : CVE-2017-5470 CVE-2017-5472 CVE-2017-7749 CVE-2017-7750
CVE-2017-7751 CVE-2017-7752 CVE-2017-7754 CVE-2017-7756
CVE-2017-7757 CVE-2017-7758 CVE-2017-7764 CVE-2017-7771
Package: debian-security-support
Version: 2017.06.02+deb7u1
Besides bringing the package up to date regarding translations this
update marks several packages as no longer supported by wheezy-lts:
autotrace, inspircd, ioquake3, kfreebsd-8, kfreebsd-9, matrixssl,
teeworlds and trn
Package: qemu-kvm
Version: 1.1.2+dfsg-6+deb7u22
CVE ID : CVE-2016-9602 CVE-2017-7377 CVE-2017-7471 CVE-2017-7493
CVE-2017-8086
Several vulnerabilities were discovered in qemu-kvm, a full
virtualization solution for Linux hosts on x86 hardware with x86
Package: qemu-kvm
Version: 1.1.2+dfsg-6+deb7u21
CVE ID : CVE-2016-9603 CVE-2017-7718 CVE-2017-7980
Multiple vulnerabilities have been discovered in qemu-kvm, a full
virtualization solution on x86 hardware based on Quick
Emulator(Qemu). The Common Vulnerabilities and
Package: uzbek-wordlist
Version: 0.6-3.2+deb7u1
The dictionary provided by this package had an unnecessary unversioned
conflict against the thunderbird package which recently got reintroduced
into Wheezy.
For Debian 7 "Wheezy", this problem has been fixed in version
Package: icedove
Version: 1:45.8.0-3~deb7u1
CVE ID : CVE-2017-5373 CVE-2017-5375 CVE-2017-5376 CVE-2017-5378
CVE-2017-5380 CVE-2017-5383 CVE-2017-5390 CVE-2017-5396
CVE-2017-5398 CVE-2017-5400 CVE-2017-5401 CVE-2017-5402
Package: ejabberd
Version: 2.1.10-4+deb7u2
CVE ID : CVE-2014-8760
Debian Bug : 767521 767535
It was found that ejabberd does not enforce the starttls_required
setting when compression is used, which causes clients to establish
connections without encryption.
For
Package: qemu
Version: 1.1.2+dfsg-6+deb7u20
CVE ID : CVE-2017-2615 CVE-2017-2620 CVE-2017-5898 CVE-2017-5973
Debian Bug :
Several vulnerabilities were discovered in qemu, a fast processor
emulator. The Common Vulnerabilities and Exposures project identifies
the
Package: imagemagick
Version: 8:6.7.7.10-5+deb7u11
CVE ID : CVE-2016-10144 CVE-2016-10145 CVE-2016-10146 CVE-2017-5506
CVE-2017-5507 CVE-2017-5508 CVE-2017-5510 CVE-2017-5511
Debian Bug : #851485, #851483, #851380, #851383, #851382, #851381,
Package: xen
Version: 4.1.6.lts1-5
CVE ID : CVE-2016-10013 CVE-2016-10024
Multiple vulnerabilities have been discovered in the Xen hypervisor. The
Common Vulnerabilities and Exposures project identifies the following
problems:
CVE-2016-10013 (xsa-204)
Xen mishandles
Package: icedove
Version: 45.5.1-1~deb7u1
CVE ID : CVE-2016-5290 CVE-2016-5291 CVE-2016-5296 CVE-2016-5297
CVE-2016-9066 CVE-2016-9074 CVE-2016-9079
Multiple security issues have been found in Icedove, Debian's version of
the Mozilla Thunderbird mail
Package: qemu
Version: 1.1.2+dfsg-6+deb7u18
CVE ID : CVE-2016-7909 CVE-2016-8909 CVE-2016-8910 CVE-2016-9101
CVE-2016-9102 CVE-2016-9103 CVE-2016-9104 CVE-2016-9105 CVE-2016-9106
Debian Bug : 839834 841950 841955 842455 842463
Several vulnerabilities were discovered
Package: ruby-activesupport-3.2
Version: 3.2_3.2.6-6+deb7u3
CVE ID : CVE-2016-0753
Active Support in Ruby on Rails 4.1.x before 4.1.14.1, 4.2.x before
4.2.5.1, and 5.x before 5.0.0.beta1.1 supports the use of instance-level
writers for class accessors, which allows remote
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Package: ruby-actionpack-3.2
Version: 3.2.6-6+deb7u3
CVE ID : CVE-2015-7576 CVE-2016-0751 CVE-2016-0752 CVE-2016-2097
CVE-2016-2098 CVE-2016-6316
Multiple vulnerabilities have been discovered in
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Package: xen
Version: 4.1.6.lts1-1
CVE ID : CVE-2014-3672 CVE-2016-3158 CVE-2016-3159 CVE-2016-3710
CVE-2016-3712 CVE-2016-3960 CVE-2016-4480 CVE-2016-6258
Debian Bug :
Multiple vulnerabilities have
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Package: mozilla-devscripts
Version: 0.32+deb7u1
Debian Bug : 825508
In preparation of the upcoming switch to Icedove 45 the
mozilla-devscripts package was updated to generate correct
dependencies for rebuilt extensions.
For
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Package: icedove
Version: 31.8.0-1~deb7u1.1
CVE ID : CVE-2016-1979 CVE-2016-2805 CVE-2016-2807
Debian Bug : #823430
The security update for icedove did not build on armhf. This is resolved
by this upload.
The text of
Package: krb5
Version: 1.8.3+dfsg-4squeeze10
CVE ID : CVE-2015-2695 CVE-2015-2697
Several vulnerabilities were discovered in krb5, the MIT implementation
of Kerberos. The Common Vulnerabilities and Exposures project identifies
the following problems:
CVE-2015-2695
Package: nss
Version: 3.12.8-1+squeeze12
CVE ID : CVE-2015-2721 CVE-2015-2730
Several vulnerabilities have been discovered in nss, the Mozilla Network
Security Service library. The Common Vulnerabilities and Exposures project
identifies the following problems:
Package: eglibc
Version: 2.11.3-4+deb6u7
CVE ID : CVE-2014-8121
Bug-Reference : 779587
Several vulnerabilities have been discovered in eglibc that
may lead to a privilege escalation or denial of service.
Glibc pointer guarding weakness
A weakness in the dynamic
Package: lighttpd
Version: 1.4.28-2+squeeze1.7
CVE ID : CVE-2014-3566
Debian Bug : #765702
This update allows to disable SSLv3 in lighttpd in order to protect
against the POODLE attack. SSLv3 is now disabled by default and can be
reenabled (if needed) using the
Package: libwmf
Version: 0.2.8.4-6.2+deb6u1
CVE ID : CVE-2015-0848 CVE-2015-4588
Debian Bug : #787644
The following vulnerabilities were discovered in the Windows Metafile
conversion library when reading BMP images embedded into WMF files:
CVE-2015-0848
A heap
Package: librack-ruby
Version: 1.1.0-4+squeeze3
CVE ID : CVE-2015-3225
There is a potential denial of service vulnerability in Rack, a modular
Ruby webserver interface.
Carefully crafted requests can cause a `SystemStackError` and cause a
denial of service attack by
Package: mercurial
Version: 1.6.4-1+deb6u1
CVE ID : CVE-2014-9390 CVE-2014-9462
CVE-2014-9462
Jesse Hertz of Matasano Security discovered that Mercurial, a
distributed version control system, is prone to a command injection
vulnerability via a crafted
38 matches
Mail list logo
