Package: dulwich
Version: 0.6.1-1+deb6u1
CVE ID : CVE-2015-0838
Ivan Fratric of the Google Security Team has found a buffer overflow in
the C implementation of the apply_delta() function, used when accessing
Git objects in pack files. An attacker could take advantage of thi
Package: mercurial
Version: 1.6.4-1+deb6u1
CVE ID : CVE-2014-9390 CVE-2014-9462
CVE-2014-9462
Jesse Hertz of Matasano Security discovered that Mercurial, a
distributed version control system, is prone to a command injection
vulnerability via a crafted repositor
Package: libwmf
Version: 0.2.8.4-6.2+deb6u1
CVE ID : CVE-2015-0848 CVE-2015-4588
Debian Bug : #787644
The following vulnerabilities were discovered in the Windows Metafile
conversion library when reading BMP images embedded into WMF files:
CVE-2015-0848
A heap ove
Package: librack-ruby
Version: 1.1.0-4+squeeze3
CVE ID : CVE-2015-3225
There is a potential denial of service vulnerability in Rack, a modular
Ruby webserver interface.
Carefully crafted requests can cause a `SystemStackError` and cause a
denial of service attack by exploi
Package: lighttpd
Version: 1.4.28-2+squeeze1.7
CVE ID : CVE-2014-3566
Debian Bug : #765702
This update allows to disable SSLv3 in lighttpd in order to protect
against the POODLE attack. SSLv3 is now disabled by default and can be
reenabled (if needed) using the ssl.use-
Package: wordpress
Version: 3.6.1+dfsg-1~deb6u7
CVE ID : CVE-2015-2213 CVE-2015-5622 CVE-2015-5731 CVE-2015-5732
CVE-2015-5734
Several vulnerabilities have been fixed in Wordpress, the popular
blogging engine.
CVE-2015-2213
SQL Injection allowed a re
Package: pykerberos
Version: 1.1+svn4895-1+deb6u2
CVE ID : CVE-2015-3206
It was discovered that the original fix did not disable KDC
verification support by default and changed checkPassowrd()'s
signature. This update corrects this.
This was the text of the original advisi
Package: nss
Version: 3.12.8-1+squeeze12
CVE ID : CVE-2015-2721 CVE-2015-2730
Several vulnerabilities have been discovered in nss, the Mozilla Network
Security Service library. The Common Vulnerabilities and Exposures project
identifies the following problems:
CVE-2015-272
Package: eglibc
Version: 2.11.3-4+deb6u7
CVE ID : CVE-2014-8121
Bug-Reference : 779587
Several vulnerabilities have been discovered in eglibc that
may lead to a privilege escalation or denial of service.
Glibc pointer guarding weakness
A weakness in the dynamic loader
Package: krb5
Version: 1.8.3+dfsg-4squeeze10
CVE ID : CVE-2015-2695 CVE-2015-2697
Several vulnerabilities were discovered in krb5, the MIT implementation
of Kerberos. The Common Vulnerabilities and Exposures project identifies
the following problems:
CVE-2015-2695
Package: nss
Version: 3.12.8-1+squeeze13
CVE ID : CVE-2015-7181 CVE-2015-7182
Debian Bug :
Several vulnerabilities have been discovered in nss, the Mozilla Network
Security Service library. The Common Vulnerabilities and Exposures project
identifies the following probl
Package: giflib
Version: 4.1.6-9+deb6u1
CVE ID : CVE-2015-7555
Debian Bug : 808704
It was discovered that a maliciously crafted GIF can crash the giffix
utility which is part of giflib-tools.
We recommend that you upgrade your giflib-tools package to version
4.1.6-9+de
Package: nss
Version: 3.12.8-1+squeeze14
CVE ID : CVE-2016-1938
The s_mp_div function in Mozilla Network Security Services (NSS) before
3.21, improperly divides numbers, which might make it easier for remote
attackers to defeat cryptographic protection mechanisms by leverag
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Package: icedove
Version: 31.8.0-1~deb7u1.1
CVE ID : CVE-2016-1979 CVE-2016-2805 CVE-2016-2807
Debian Bug : #823430
The security update for icedove did not build on armhf. This is resolved
by this upload.
The text of the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Package: pdns
Version: 3.1-4.1+deb7u1
CVE ID : CVE-2014-7210
It was discovered that the maintainer scripts of pdns-backend-mysql
grant too wide database permissions for the pdns user. Other backends
are not affected.
For Deb
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Package: ruby-activemodel-3.2
Version: 3.2_3.2.6-3+deb7u1
CVE ID : CVE-2016-0753
Active Model in Ruby on Rails 4.1.x before 4.1.14.1, 4.2.x before
4.2.5.1, and 5.x before 5.0.0.beta1.1 supports the use of instance-level
write
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Package: mozilla-devscripts
Version: 0.32+deb7u1
Debian Bug : 825508
In preparation of the upcoming switch to Icedove 45 the
mozilla-devscripts package was updated to generate correct
dependencies for rebuilt extensions.
For Deb
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Package: firefox-esr
Version: 45.2.0esr-1~deb7u1
CVE ID : CVE-2016-2818 CVE-2016-2819 CVE-2016-2821 CVE-2016-2822
CVE-2016-2828 CVE-2016-2831
Multiple security issues have been found in the Mozilla Firefox w
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Package: icedove
Version: 45.1.0-1~deb7u1
CVE ID : CVE-2016-2806
Multiple security issues have been found in Icedove, Debian's version of
the Mozilla Thunderbird mail client: Multiple memory safety errors may
lead to the exec
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Package: enigmail
Version: 1.8.2-4~deb7u2
This uploads corrects the dependencies of the enigmail
extension so it becomes installable again together with
Icedove 45.
For Debian 7 "Wheezy", these problems have been fixed in version
1.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Package: qemu-kvm
Version: 1.1.2+dfsg-6+deb7u13
CVE ID : CVE-2016-3710 CVE-2016-3712
Several vulnerabilities were discovered in qemu-kvm, a full
virtualization solution for Linux hosts on x86 hardware with x86 guests.
CVE-20
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Package: qemu
Version: 1.1.2+dfsg-6a+deb7u13
CVE ID : CVE-2016-3710 CVE-2016-3712
Debian Bug : 823830
Several vulnerabilities were discovered in qemu, a fast processor
emulator.
CVE-2016-3710
Wei Xiao and Qinghao Ta
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Package: xen
Version: 4.1.6.lts1-1
CVE ID : CVE-2014-3672 CVE-2016-3158 CVE-2016-3159 CVE-2016-3710
CVE-2016-3712 CVE-2016-3960 CVE-2016-4480 CVE-2016-6258
Debian Bug :
Multiple vulnerabilities have bee
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Package: qemu
Version: 1.1.2+dfsg-6+deb7u14
CVE ID : CVE-2015-5239 CVE-2016-2857 CVE-2016-4020 CVE-2016-4439
CVE-2016-5403 CVE-2016-6351
Multiple vulnerabilities have been discovered in QEMU, a fast processo
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Package: qemu-kvm
Version: 1.1.2+dfsg-6+deb7u14
CVE ID : CVE-2015-5239 CVE-2016-2857 CVE-2016-4020 CVE-2016-4439
CVE-2016-5403 CVE-2016-6351
Multiple vulnerabilities have been discovered in qemu-kvm, a full
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Package: icedove
Version: 1:45.2.0-2~deb7u1
CVE ID : CVE-2016-2818
Multiple security issues have been found in Icedove, Debian's version of
the Mozilla Thunderbird mail client: Multiple memory safety errors may
lead to the ex
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Package: ruby-activesupport-3.2
Version: 3.2.6-6+deb7u2
CVE ID : CVE-2015-3227
The support and utility classes used by the Rails 3.2 framework allow
remote attackers to cause a denial of service (SystemStackError) via a
large
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Package: ruby-actionpack-3.2
Version: 3.2.6-6+deb7u3
CVE ID : CVE-2015-7576 CVE-2016-0751 CVE-2016-0752 CVE-2016-2097
CVE-2016-2098 CVE-2016-6316
Multiple vulnerabilities have been discovered in ruby-actionp
Package: icedove
Version: 1:45.3.0-1~deb7u1
CVE ID : CVE-2016-2836
Multiple security issues have been found in Icedove, Debian's version of
the Mozilla Thunderbird mail client: Multiple memory safety errors may
lead to the execution of arbitrary code or denial of service.
Package: ruby-activesupport-3.2
Version: 3.2_3.2.6-6+deb7u3
CVE ID : CVE-2016-0753
Active Support in Ruby on Rails 4.1.x before 4.1.14.1, 4.2.x before
4.2.5.1, and 5.x before 5.0.0.beta1.1 supports the use of instance-level
writers for class accessors, which allows remote a
Package: ruby-activerecord-3.2
Version: 3.2.6-5+deb7u3
CVE ID : CVE-2016-0753
Active Record in Ruby on Rails 4.1.x before 4.1.14.1, 4.2.x before
4.2.5.1, and 5.x before 5.0.0.beta1.1 supports the use of instance-level
writers for class accessors, which allows remote attacke
Package: icedove
Version: 45.4.0-1~deb7u1
CVE ID : CVE-2016-5278, CVE-2016-5270, CVE-2016-5272, CVE-2016-5276,
CVE-2016-5277, CVE-2016-5280, CVE-2016-5281, CVE-2016-5284, CVE-2016-5250,
CVE-2016-5261, CVE-2016-5257
Multiple security issues have been found in Icedove, Debi
Package: qemu-kvm
Version: 1.1.2+dfsg-6+deb7u18
CVE ID : CVE-2016-7909 CVE-2016-8909 CVE-2016-8910
Debian Bug : 839834 841950 841955 842455 842463
Multiple vulnerabilities have been discovered in qemu-kvm, a full
virtualization solution on x86 hardware based on Quick
Em
Package: qemu
Version: 1.1.2+dfsg-6+deb7u18
CVE ID : CVE-2016-7909 CVE-2016-8909 CVE-2016-8910 CVE-2016-9101
CVE-2016-9102 CVE-2016-9103 CVE-2016-9104 CVE-2016-9105 CVE-2016-9106
Debian Bug : 839834 841950 841955 842455 842463
Several vulnerabilities were discovered in
Package: xen
Version: 4.1.6.lts1-3
CVE ID : CVE-2016-
Xen does not properly honor CR0.TS and CR0.EM, which allows local x86
HVM guest OS users to read or modify FPU, MMX, or XMM register state
information belonging to arbitrary tasks on the guest by modifying an
instruc
Package: icedove
Version: 45.5.1-1~deb7u1
CVE ID : CVE-2016-5290 CVE-2016-5291 CVE-2016-5296 CVE-2016-5297
CVE-2016-9066 CVE-2016-9074 CVE-2016-9079
Multiple security issues have been found in Icedove, Debian's version of
the Mozilla Thunderbird mail clien
Package: samba
Version: 2:3.6.6-6+deb7u11
CVE ID : CVE-2016-2125
Simo Sorce of Red Hat discovered that the Samba client code always
requests a forwardable ticket when using Kerberos authentication. A
target server, which must be in the current or trusted domain/realm,
is gi
Package: xen
Version: 4.1.6.lts1-5
CVE ID : CVE-2016-10013 CVE-2016-10024
Multiple vulnerabilities have been discovered in the Xen hypervisor. The
Common Vulnerabilities and Exposures project identifies the following
problems:
CVE-2016-10013 (xsa-204)
Xen mishandles SYS
Package: icedove
Version: 45.6.0-2
CVE ID : CVE-2016-9893 CVE-2016-9895 CVE-2016-9897 CVE-2016-9898
CVE-2016-9899 CVE-2016-9900 CVE-2016-9904 CVE-2016-9905
Multiple security issues have been found in Icedove, Debian's version of
the Mozilla Thunderbird mai
Package: imagemagick
Version: 8:6.7.7.10-5+deb7u11
CVE ID : CVE-2016-10144 CVE-2016-10145 CVE-2016-10146 CVE-2017-5506
CVE-2017-5507 CVE-2017-5508 CVE-2017-5510 CVE-2017-5511
Debian Bug : #851485, #851483, #851380, #851383, #851382, #851381, #85
Package: qemu-kvm
Version: 1.1.2+dfsg-6+deb7u20
CVE ID : CVE-2017-2615 CVE-2017-2620 CVE-2017-5898 CVE-2017-5973
Several vulnerabilities were discovered in qemu-kvm, a full
virtualization solution for Linux hosts on x86 hardware with x86 guests.
CVE-2017-2615
The Cir
Package: qemu
Version: 1.1.2+dfsg-6+deb7u20
CVE ID : CVE-2017-2615 CVE-2017-2620 CVE-2017-5898 CVE-2017-5973
Debian Bug :
Several vulnerabilities were discovered in qemu, a fast processor
emulator. The Common Vulnerabilities and Exposures project identifies
the followi
Package: ejabberd
Version: 2.1.10-4+deb7u2
CVE ID : CVE-2014-8760
Debian Bug : 767521 767535
It was found that ejabberd does not enforce the starttls_required
setting when compression is used, which causes clients to establish
connections without encryption.
For Debian
Package: openoffice.org-dictionaries
Version: 3.3.0~rc10-4+deb7u1
Debian Bug : #646693
The dictionaries provided by this package had an unversioned conflict
against the thunderbird package (which so far was not part of wheezy).
Since the next update of Icedove introduces a thu
Package: icedove
Version: 1:45.8.0-3~deb7u1
CVE ID : CVE-2017-5373 CVE-2017-5375 CVE-2017-5376 CVE-2017-5378
CVE-2017-5380 CVE-2017-5383 CVE-2017-5390 CVE-2017-5396
CVE-2017-5398 CVE-2017-5400 CVE-2017-5401 CVE-2017-5402
Package: hunspell-en-us
Version: 20070829-6+deb7u1
The dictionary provided by this package had an unnecessary unversioned
conflict against the thunderbird package which recently got reintroduced
into Wheezy.
For Debian 7 "Wheezy", this problem has been fixed in version
20070829-6+
Package: uzbek-wordlist
Version: 0.6-3.2+deb7u1
The dictionary provided by this package had an unnecessary unversioned
conflict against the thunderbird package which recently got reintroduced
into Wheezy.
For Debian 7 "Wheezy", this problem has been fixed in version
0.6-3.2+deb7u1
Package: qemu-kvm
Version: 1.1.2+dfsg-6+deb7u21
CVE ID : CVE-2016-9603 CVE-2017-7718 CVE-2017-7980
Multiple vulnerabilities have been discovered in qemu-kvm, a full
virtualization solution on x86 hardware based on Quick
Emulator(Qemu). The Common Vulnerabilities and Exposur
Package: qemu-kvm
Version: 1.1.2+dfsg-6+deb7u22
CVE ID : CVE-2016-9602 CVE-2017-7377 CVE-2017-7471 CVE-2017-7493
CVE-2017-8086
Several vulnerabilities were discovered in qemu-kvm, a full
virtualization solution for Linux hosts on x86 hardware with x86 gues
Package: debian-security-support
Version: 2017.06.02+deb7u1
Besides bringing the package up to date regarding translations this
update marks several packages as no longer supported by wheezy-lts:
autotrace, inspircd, ioquake3, kfreebsd-8, kfreebsd-9, matrixssl,
teeworlds and trn
Package: icedove
Version: 1:52.2.1-1~deb7u1
CVE ID : CVE-2017-5470 CVE-2017-5472 CVE-2017-7749 CVE-2017-7750
CVE-2017-7751 CVE-2017-7752 CVE-2017-7754 CVE-2017-7756
CVE-2017-7757 CVE-2017-7758 CVE-2017-7764 CVE-2017-7771
Package: heimdal
Version: 1.6~git20120403+dfsg1-2+deb7u1
CVE ID : CVE-2017-11103
Debian Bug : 868208
Jeffrey Altman, Viktor Duchovni and Nico Williams identified a mutual
authentication bypass vulnerability in Heimdal Kerberos. Also known as
Orpheus' Lyre, this vulnerab
Package: qemu
Version: 1.1.2+dfsg-6+deb7u22
CVE ID : CVE-2016-9602 CVE-2016-9603 CVE-2017-7377 CVE-2017-7471
CVE-2017-7493 CVE-2017-7718 CVE-2017-7980 CVE-2017-8086
Several vulnerabilities were discovered in qemu, a fast processor
emulator. The Common Vuln
Package: qemu-kvm
Version: 1.1.2+dfsg-6+deb7u23
CVE ID : CVE-2017-6505 CVE-2017-8309 CVE-2017-10664 CVE-2017-11434
Multiple vulnerabilities were discovered in qemu-kvm, a full
virtualization solution for Linux hosts on x86 hardware with x86 guests
based on the Quick Emulato
Package: qemu
Version: 1.1.2+dfsg-6+deb7u23
CVE ID : CVE-2017-6505 CVE-2017-8309 CVE-2017-10664 CVE-2017-11434
Multiple vulnerabilities were discovered in qemu, a fast processor
emulator. The Common Vulnerabilities and Exposures project identifies
the following problems:
C
Package: gnupg
Version: 1.4.12-7+deb7u9
CVE ID : CVE-2017-7526
Daniel J. Bernstein, Joachim Breitner, Daniel Genkin, Leon Groot
Bruinderink, Nadia Heninger, Tanja Lange, Christine van Vredendaal and
Yuval Yarom discovered that gnupg is prone to a local side-channel
attack a
Package: enigmail
Version: 2:1.9.8.1-1~deb7u1
In DLA 1007-1 Thunderbird was upgraded to the latest ESR series. This
update upgrades Enigmail, the OpenPGP extention for Thunderbird, to
version 1.9.8.1 to restore full compatibility.
For Debian 7 "Wheezy", these problems have been fi
Package: icedove
Version: 1:52.3.0-4~deb7u1
CVE ID : CVE-2017-7753 CVE-2017-7779 CVE-2017-7784 CVE-2017-7785
CVE-2017-7786 CVE-2017-7787 CVE-2017-7791 CVE-2017-7792
CVE-2017-7800 CVE-2017-7801 CVE-2017-7802 CVE-2017-7803
CVE
Package: tcpdump
Version: 4.9.0-1~deb7u2
CVE ID : CVE-2017-11108 CVE-2017-11541 CVE-2017-11542 CVE-2017-11543
Several vulnerabilities have been discovered in tcpdump, a command-line
network traffic analyzer. These vulnerabilities might result in denial
of service (applicati
Package: icedove
Version: 1:52.3.0-4~deb7u2
The update for icedove/thunderbird issued as DLA-1087-1 did not build on
i386. This update corrects this. For reference, the original advisory
text follows.
Multiple security issues have been found in the Mozilla Thunderbird mail
client
Package: tcpdump
Version: 4.9.2-1~deb7u1
CVE ID : CVE-2017-12894 CVE-2017-12895 CVE-2017-12896 CVE-2017-12897
CVE-2017-12898 CVE-2017-12899 CVE-2017-12900 CVE-2017-12901
CVE-2017-12902 CVE-2017-12985 CVE-2017-12986 CVE-2017-12987
Package: samba
Version: 2:3.6.6-6+deb7u14
CVE ID : CVE-2017-12150 CVE-2017-12163
CVE-2017-12150
Stefan Metzmacher discovered multiple code paths where SMB signing
was not enforced.
CVE-2017-12163
Yihan Lian and Zhibin Hu discovered that insufficient range che
Package: debsecan
Version: 0.4.16+nmu1+deb7u1
Debian Bug : 842428
Debsecan in Wheezy in its default configuration currently fails to
download recent vulnerability data due to an URL change.
For Debian 7 "Wheezy", these problems have been fixed in version
0.4.16+nmu1+deb7u1.
W
Package: qemu-kvm
Version: 1.1.2+dfsg-6+deb7u24
CVE ID : CVE-2017-14167 CVE-2017-15038
Multiple vulnerabilities were discovered in qemu-kvm, a full
virtualization solution for Linux hosts on x86 hardware with x86 guests
based on the Quick Emulator(Qemu).
CVE-2017-14167
Package: qemu
Version: 1.1.2+dfsg-6+deb7u24
CVE ID : CVE-2017-14167 CVE-2017-15038
Multiple vulnerabilities were discovered in qemu, a fast processor
emulator. The Common Vulnerabilities and Exposures project identifies
the following problems:
CVE-2017-14167
Incorrec
Package: thunderbird
Version: 1:52.4.0-1~deb7u1
CVE ID : CVE-2017-7793 CVE-2017-7805 CVE-2017-7810 CVE-2017-7814
CVE-2017-7818 CVE-2017-7819 CVE-2017-7823 CVE-2017-7824
CVE-2017-7825
Multiple security issues have been found in the Mozilla
Package: thunderbird
Version: 1:52.5.0-1~deb7u1
CVE ID : CVE-2017-7826 CVE-2017-7828 CVE-2017-7830
Multiple security issues have been found in the Mozilla Thunderbird mail
client: Multiple memory safety errors, use after free and other
implementation errors may lead to cras
Package: ruby1.8
Version: 1.8.7.358-7.1+deb7u5
CVE ID : CVE-2017-17405 CVE-2017-17790
Several vulnerabilities have been discovered in the interpreter for the
Ruby language. The Common Vulnerabilities and Exposures project
identifies the following problems:
CVE-2017-17405
Package: ruby1.9.1
Version: 1.9.3.194-8.1+deb7u7
CVE ID : CVE-2017-17405 CVE-2017-17790
Several vulnerabilities have been discovered in the interpreter for the
Ruby language. The Common Vulnerabilities and Exposures project
identifies the following problems:
CVE-2017-17405
Package: thunderbird
Version: 1:52.5.2-1~deb7u1
CVE ID : CVE-2017-7829 CVE-2017-7846 CVE-2017-7847 CVE-2017-7848
Multiple security issues have been found in the Mozilla Thunderbird mail
client including information leaks, unintended JavaScript execution and
sender address s
Package: thunderbird
Version: 1:52.6.0-1~deb7u1
CVE ID : CVE-2018-5089 CVE-2018-5095 CVE-2018-5096 CVE-2018-5097
CVE-2018-5098 CVE-2018-5099 CVE-2018-5102 CVE-2018-5103
CVE-2018-5104 CVE-2018-5117
Debian Bug : 885157 885158 887766
Mul
Package: debian-security-support
Version: 2018.01.29~deb7u1
This update marks several packages as no longer supported by wheezy-lts:
teamspeak-server, teamspeak-client, libstruts1.2-java, nvidia-graphics-drivers,
glassfish, jbossas4, libnet-ping-external-perl, mp3gain, tor,
jasper
72 matches
Mail list logo