[SECURITY] [DLA 644-1] libav security update

2016-10-04 Thread Hugo Lefeuvre
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Package: libav Version: 6:0.8.18-0+deb7u1 CVE ID : CVE-2015-1872 CVE-2015-5479 CVE-2016-7393 Multiple vulnerabilities have been found in libav: CVE-2015-1872 The ff_mjpeg_decode_sof function in libavcodec/mjpegdec.c in

[SECURITY] [DLA 652-1] qemu security update

2016-10-11 Thread Hugo Lefeuvre
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Package: qemu Version: 1.1.2+dfsg-6+deb7u16 CVE ID : CVE-2016-7161 CVE-2016-7170 CVE-2016-7908 Multiple vulnerabilities have been found in QEMU: CVE-2016-7161 Heap-based buffer overflow in the .receive callback of

[SECURITY] [DLA 660-1] libxrandr security update

2016-10-17 Thread Hugo Lefeuvre
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Package: libxrandr Version: 2:1.3.2-2+deb7u2 CVE ID : CVE-2016-7947 CVE-2016-7948 Debian Bug : 840441 Insufficient validation of data from the X server in libxrandr before v1.5.0 can cause out of boundary memory writes

[SECURITY] [DLA 780-1] libav security update

2017-01-12 Thread Hugo Lefeuvre
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Package: libav Version: 6:0.8.19-0+deb7u1 CVE ID : CVE-2016-7424 Multiple vulnerabilities have been found in libav: CVE-2016-7424 The put_no_rnd_pixels8_xy2_mmx function in x86/rnd_template.c in libav 11.7 and

[SECURITY] [DLA 765-1] qemu-kvm security update

2016-12-26 Thread Hugo Lefeuvre
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Package: qemu-kvm Version: 1.1.2+dfsg-6+deb7u19 CVE ID : CVE-2016-9911 CVE-2016-9921 CVE-2016-9922 Multiple vulnerabilities have been found in qemu-kvm: CVE-2016-9911 qemu-kvm built with the USB EHCI Emulation support

[SECURITY] [DLA 764-1] qemu security update

2016-12-26 Thread Hugo Lefeuvre
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Package: qemu Version: 1.1.2+dfsg-6+deb7u19 CVE ID : CVE-2016-9911 CVE-2016-9921 CVE-2016-9922 Multiple vulnerabilities have been found in QEMU: CVE-2016-9911 Quick Emulator (Qemu) built with the USB EHCI Emulation

[SECURITY] [DLA 889-1] potrace security update

2017-04-09 Thread Hugo Lefeuvre
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: potrace Version: 1.10-1+deb7u2 CVE ID : CVE-2016-8685 Debian Bug : 843861 It was discovered that potrace, an utility to transform bitmaps into vector graphics, was affected by an integer overflow in the

[SECURITY] [DLA 981-1] apng2gif security update

2017-06-07 Thread Hugo Lefeuvre
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: apng2gif Version: 1.5-1+deb7u1 CVE ID : CVE-2017-6960 Debian Bug : #854367 It was discovered that apng2gif was vulnerable to an integer overflow resulting in a heap-based buffer over-read/write. A remote

[SECURITY] [DLA 1105-1] clamav security update

2017-09-22 Thread Hugo Lefeuvre
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: clamav Version: 0.99.2+dfsg-0+deb7u3 CVE ID : CVE-2017-6418 CVE-2017-6420 clamav is vulnerable to multiple issues that can lead to denial of service when processing untrusted content. CVE-2017-6418

[SECURITY] [DLA 1152-1] quagga security update

2017-10-31 Thread Hugo Lefeuvre
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Package: quagga Version: quagga_0.99.22.4-1+wheezy3+deb7u2 CVE ID : CVE-2017-16227 Debian Bug : 879474 It was discovered that the bgpd daemon in the Quagga routing suite does not properly calculate the length of

[SECURITY] [DLA 1377-1] tiff security update

2018-05-13 Thread Hugo Lefeuvre
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Package: tiff Version: 4.0.2-6+deb7u20 CVE ID : CVE-2018-8905 Debian Bug : 893806 A heap-based buffer overflow was discovered in the LZWDecodeCompat function in tif_lzw.c (LibTIFF 4.0.9 and earlier). This vulnerability

[SECURITY] [DLA 1378-1] tiff3 security update

2018-05-13 Thread Hugo Lefeuvre
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Package: tiff3 Version: 3.9.6-11+deb7u11 CVE ID : CVE-2018-8905 Debian Bug : 893806 A heap-based buffer overflow was discovered in the LZWDecodeCompat function in tif_lzw.c (LibTIFF 4.0.9 and earlier). This vulnerability

[SECURITY] [DLA 1386-1] ming security update

2018-05-25 Thread Hugo Lefeuvre
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Package: ming Version: 1:0.4.4-1.1+deb7u9 CVE ID : CVE-2018-7866 CVE-2018-7873 CVE-2018-7876 CVE-2018-9009 CVE-2018-9132 Multiple vulnerabilities have been discovered in Ming: CVE-2018-7866 NULL

[SECURITY] [DLA 1240-1] ming security update

2018-01-11 Thread Hugo Lefeuvre
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Package: ming Version: 1:0.4.4-1.1+deb7u6 CVE ID : CVE-2017-11732 CVE-2017-16883 CVE-2017-16898 Multiple vulnerabilities have been discovered in Ming: CVE-2017-11732 heap-based buffer overflow vulnerability in the

[SECURITY] [DLA 1305-1] ming security update

2018-03-11 Thread Hugo Lefeuvre
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Package: ming Version: 0.4.4-1.1+deb7u7 CVE ID : CVE-2018-5251 CVE-2018-5294 CVE-2018-6315 CVE-2018-6359 Multiple vulnerabilities have been discovered in Ming: CVE-2018-5251 Integer signedness error vulnerability (left

[SECURITY] [DLA 1343-1] ming security update

2018-04-09 Thread Hugo Lefeuvre
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Package: ming Version: 0.4.4-1.1+deb7u8 CVE ID : CVE-2018-6358 CVE-2018-7867 CVE-2018-7868 CVE-2018-7870 CVE-2018-7871 CVE-2018-7872 CVE-2018-7875 CVE-2018-9165 Multiple vulnerabilities have been discovered

[SECURITY] [DLA 1347-1] tiff3 security update

2018-04-15 Thread Hugo Lefeuvre
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Package: tiff3 Version: 3.9.6-11+deb7u10 CVE ID : CVE-2018-7456 Debian Bug : 891288 A NULL Pointer Dereference was discovered in the TIFFPrintDirectory function (tif_print.c) when using the tiffinfo tool to print

[SECURITY] [DLA 1346-1] tiff security update

2018-04-15 Thread Hugo Lefeuvre
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Package: tiff Version: 4.0.2-6+deb7u19 CVE ID : CVE-2018-7456 Debian Bug : 891288 A NULL Pointer Dereference was discovered in the TIFFPrintDirectory function (tif_print.c) when using the tiffinfo tool to print crafted

[SECURITY] [DLA 1554-2] 389-ds-base regression update

2018-10-25 Thread Hugo Lefeuvre
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Package: 389-ds-base Version: 1.3.3.5-4+deb8u5 A regression was found in the recent security update for 389-ds-base (the 389 Directory Server), announced as DLA-1554-2, caused by an incomplete fix for CVE-2018-14648. The regression

[SECURITY] [DLA 1554-1] 389-ds-base security update

2018-10-25 Thread Hugo Lefeuvre
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Package: 389-ds-base Version: 1.3.3.5-4+deb8u4 CVE ID : CVE-2018-14648 It was discovered that 389-ds-base (the 389 Directory Server) is vulnerable to search queries with malformed values in the do_search() function

[SECURITY] [DLA 1526-1] 389-ds-base security update

2018-09-29 Thread Hugo Lefeuvre
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Package: 389-ds-base Version: 1.3.3.5-4+deb8u3 CVE ID : CVE-2018-14624 It was discovered that the emergency logging system in 389-ds-base (the 389 Directory Server) is affected by a race condition caused by the invalidation

[SECURITY] [DLA 1610-1] sleuthkit security update

2018-12-17 Thread Hugo Lefeuvre
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Package: sleuthkit Version: 4.1.3-4+deb8u1 CVE ID : CVE-2018-19497 Debian Bug : 914796 It was discovered that the Sleuth Kit (TSK) through version 4.6.4 is affected by a buffer over-read vulnerability. The tsk_getu16

[SECURITY] [DLA 1614-1] openjpeg2 security update

2018-12-22 Thread Hugo Lefeuvre
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Package: openjpeg2 Version: 2.1.0-2+deb8u6 CVE ID : CVE-2018-6616 CVE-2018-14423 Debian Bug : 904873, 889683 Multiple vulnerabilities have been discovered in openjpeg2, the open-source JPEG 2000 codec. CVE-2018-6616

[SECURITY] [DLA 1618-1] libsndfile security update

2018-12-26 Thread Hugo Lefeuvre
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Package: libsndfile Version: 1.0.25-9.1+deb8u2 CVE ID : CVE-2017-8361 CVE-2017-8362 CVE-2017-8363 CVE-2017-8365 CVE-2017-14245 CVE-2017-14246 CVE-2017-14634 CVE-2017-17456 CVE-2017-17457

[SECURITY] [DLA 1619-1] graphicsmagick security update

2018-12-27 Thread Hugo Lefeuvre
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Package: graphicsmagick Version: 1.3.20-3+deb8u5 CVE ID : CVE-2018-20184 CVE-2018-20185 CVE-2018-20189 Debian Bug : 916752 916719 916721 Multiple vulnerabilities have been found in GraphicsMagick, the image processing

[SECURITY] [DLA 1582-1] liblivemedia security update

2018-11-20 Thread Hugo Lefeuvre
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Package: liblivemedia Version: 2014.01.13-1+deb8u1 CVE ID : CVE-2018-4013 A stack based buffer overflow vulnerability was found in liblivemedia, the LIVE555 RTSP server library. This issue might be leveraged by remote

[SECURITY] [DLA 1579-1] openjpeg2 security update

2018-11-20 Thread Hugo Lefeuvre
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Package: openjpeg2 Version: 2.1.0-2+deb8u5 CVE ID : CVE-2017-17480 CVE-2018-18088 Multiple vulnerabilities have been discovered in openjpeg2, the open-source JPEG 2000 codec. CVE-2017-17480 Write stack buffer overflow

[SECURITY] [DLA 1632-1] libsndfile security update

2019-01-10 Thread Hugo Lefeuvre
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Package: libsndfile Version: 1.0.25-9.1+deb8u3 CVE ID : CVE-2018-19758 Debian Bug : 917416 A heap-buffer-overflow vulnerability was discovered in libsndfile, the library for reading and writing files containing sampled

[SECURITY] [DLA 1640-1] tmpreaper security update

2019-01-24 Thread Hugo Lefeuvre
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Package: tmpreaper Version: 1.6.13+nmu1+deb8u1 CVE ID : CVE-2019-3461 Debian Bug : 918956 It was discovered that tmpreaper, a program that cleans up files in directories based on their age, is vulnerable to a race

[SECURITY] [DLA 1690-1] liblivemedia security update

2019-02-26 Thread Hugo Lefeuvre
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Package: liblivemedia Version: 2014.01.13-1+deb8u2 CVE ID : CVE-2019-6256 CVE-2019-7314 Debian Bug : 919529 Multiple vulnerabilities have been discovered in liblivemedia, the LIVE555 RTSP server library: CVE-2019-6256

[SECURITY] [DLA 1695-1] sox security update

2019-02-28 Thread Hugo Lefeuvre
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Package: sox Version: 14.4.1-5+deb8u2 CVE ID : CVE-2017-15370 CVE-2017-15372 CVE-2017-15642 CVE-2017-18189 Debian Bug : 878808, 878810, 882144, 881121 Multiple vulnerabilities have been discovered in SoX (Sound

[SECURITY] [DLA 1705-1] sox security update

2019-03-05 Thread Hugo Lefeuvre
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Package: sox Version: 14.4.1-5+deb8u3 CVE ID : CVE-2017-11332 CVE-2017-11358 CVE-2017-11359 CVE-2017-15371 Debian Bug : 878809 870328 Multiple vulnerabilities have been discovered in SoX (Sound eXchange), a sound

[SECURITY] [DLA 1694-1] qemu security update

2019-02-28 Thread Hugo Lefeuvre
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Package: qemu Version: 1:2.1+dfsg-12+deb8u10 CVE ID : CVE-2018-12617 CVE-2018-16872 CVE-2019-6778 Debian Bug : 916397, 902725, 921525 Several vulnerabilities were found in QEMU, a fast processor emulator: CVE-2018-12617

[SECURITY] [DLA 1720-1] liblivemedia security update

2019-03-18 Thread Hugo Lefeuvre
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Package: liblivemedia Version: 2014.01.13-1+deb8u3 CVE ID : CVE-2019-9215 Debian Bug : 924655 It was discovered that liblivemedia, the LIVE555 RTSP server library, is vulnerable to an invalid memory access when

[SECURITY] [DLA 1646-1] qemu security update

2019-01-29 Thread Hugo Lefeuvre
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Package: qemu Version: 1:2.1+dfsg-12+deb8u9 CVE ID : CVE-2018-17958 CVE-2018-19364 CVE-2018-19489 Several vulnerabilities were found in QEMU, a fast processor emulator: CVE-2018-17958 The rtl8139 emulator is affected

[SECURITY] [DLA 1802-1] wireshark security update

2019-05-24 Thread Hugo Lefeuvre
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Package: wireshark Version: 1.12.1+g01b65bf-4+deb8u19 CVE ID : CVE-2019-10894 CVE-2019-10895 CVE-2019-10899 CVE-2019-10901 CVE-2019-10903 Debian Bug : 926718 Several vulnerabilities have been found in

[SECURITY] [DLA 1791-1] faad2 security update

2019-05-19 Thread Hugo Lefeuvre
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Package: faad2 Version: 2.7-8+deb8u2 CVE ID : CVE-2018-20194 CVE-2018-20197 CVE-2018-20198 CVE-2018-20362 Multiple vulnerabilities have been found in faad2, the Freeware Advanced Audio Coder: CVE-2018-20194 CVE-2018-20197

[SECURITY] [DLA 1795-1] graphicsmagick security update

2019-05-20 Thread Hugo Lefeuvre
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Package: graphicsmagick Version: 1.3.20-3+deb8u7 CVE ID : CVE-2019-11473 CVE-2019-11474 CVE-2019-11505 CVE-2019-11506 Multiple vulnerabilities have been discovered in graphicsmagick, the image processing toolkit:

[SECURITY] [DLA 1888-1] imagemagick security update

2019-08-16 Thread Hugo Lefeuvre
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Package: imagemagick Version: 8:6.8.9.9-5+deb8u17 CVE ID : CVE-2019-12974 CVE-2019-13135 CVE-2019-13295 CVE-2019-13297 CVE-2019-13304 CVE-2019-13305 CVE-2019-13306 Multiple vulnerabilities have been found

[SECURITY] [DLA 1899-1] faad2 security update

2019-08-28 Thread Hugo Lefeuvre
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Package: faad2 Version: 2.7-8+deb8u3 CVE ID : CVE-2018-19502 CVE-2018-20196 CVE-2018-20199 CVE-2018-20360 CVE-2019-6956 CVE-2019-15296 Debian Bug : 914641 Multiple vulnerabilities have been discovered

[SECURITY] [DLA 1861-1] libsdl2-image security update

2019-07-22 Thread Hugo Lefeuvre
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Package: libsdl2-image Version: 2.0.0+dfsg-3+deb8u2 CVE ID : CVE-2018-3977 CVE-2019-5052 CVE-2019-7635 CVE-2019-12216 CVE-2019-12217 CVE-2019-12218 CVE-2019-12219 CVE-2019-12220

[SECURITY] [DLA 2000-1] pam-python security update

2019-11-23 Thread Hugo Lefeuvre
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Package: pam-python Version: 1.0.4-1.1+deb8u1 CVE ID : CVE-2019-16729 Debian Bug : 942514 It was discovered that pam-python, a PAM Module that runs the Python interpreter, has an issue in regard to the default

[SECURITY] [DLA 2031-1] freeimage security update

2019-12-10 Thread Hugo Lefeuvre
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Package: freeimage Version: 3.15.4-4.2+deb8u2 CVE ID : CVE-2019-12211 CVE-2019-12213 Debian Bug : 929597 It was found that freeimage, a graphics library, was affected by the following two security issues: CVE-2019-12211

[SECURITY] [DLA 1968-1] imagemagick security update

2019-10-21 Thread Hugo Lefeuvre
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Package: imagemagick Version: 8:6.8.9.9-5+deb8u18 CVE ID : CVE-2019-11470 CVE-2019-14981 CVE-2019-15139 CVE-2019-15140 Multiple vulnerabilities have been found in imagemagick, an image processing toolkit. CVE-2019-11470

[SECURITY] [DLA 1713-2] libsdl1.2 regression update

2019-10-17 Thread Hugo Lefeuvre
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Package: libsdl1.2 Version: 1.2.15-10+deb8u2 CVE ID : CVE-2019-7572 CVE-2019-7573 CVE-2019-7574 CVE-2019-7575 CVE-2019-7576 CVE-2019-7577 CVE-2019-7578 CVE-2019-7635 CVE-2019-7636

[SECURITY] [DLA 1714-2] libsdl2 regression update

2019-10-17 Thread Hugo Lefeuvre
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Package: libsdl2 Version: 2.0.2+dfsg1-6+deb8u2 CVE ID : CVE-2019-7572 CVE-2019-7573 CVE-2019-7574 CVE-2019-7575 CVE-2019-7576 CVE-2019-7577 CVE-2019-7578 CVE-2019-7635 CVE-2019-7636

[SECURITY] [DLA 1950-1] openjpeg2 security update

2019-10-08 Thread Hugo Lefeuvre
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Package: openjpeg2 Version: 2.1.0-2+deb8u8 CVE ID : CVE-2018-21010 Debian Bug : 939553 A heap buffer overflow vulnerability was discovered in openjpeg2, the open-source JPEG 2000 codec. This vulnerability is caused by

[SECURITY] [DLA 1953-2] clamav regression update

2019-10-14 Thread Hugo Lefeuvre
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Package: clamav Version: 0.101.4+dfsg-0+deb8u2 CVE ID : CVE-2019-12625 CVE-2019-12900 Debian Bug : 942172 The update of clamav released as DLA 1953-1 led to permission issues on /var/run/clamav. This caused several users

[SECURITY] [DLA 2100-1] libexif security update

2020-02-10 Thread Hugo Lefeuvre
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Package: libexif Version: 0.6.21-2+deb8u1 CVE ID : CVE-2019-9278 Debian Bug : 945948 an out-of-bounds write vulnerability due to an integer overflow was reported in libexif, a library to parse exif files. This flaw might

[SECURITY] [DLA 2049-1] imagemagick security update

2019-12-29 Thread Hugo Lefeuvre
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Package: imagemagick Version: 8:6.8.9.9-5+deb8u19 CVE ID : CVE-2019-19948 CVE-2019-19949 Debian Bug : 947309 947308 Multiple vulnerabilities have been found in imagemagick, an image processing toolkit. CVE-2019-19948