-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: radicale
Version: 0.3-2+deb6u1
CVE ID : CVE-2015-8747 CVE-2015-8748
Debian Bug : 809920
Several issues have been discovered by Unrud in Radicale, a calendar
and addressbook server. A remote attacker could exploit
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: openjdk-6
Version: 6b38-1.13.10-1~deb6u1
CVE ID : CVE-2015-7575 CVE-2015-8126 CVE-2015-8472
CVE-2016-0402 CVE-2016-0448 CVE-2016-0466
CVE-2016-0483 CVE-2016-0494
Several vulnerabili
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: wordpress
Version: 3.6.1+dfsg-1~deb6u9
CVE ID : CVE-2016-2221 CVE-2016-
Debian Bug : 813697
WordPress versions 4.4.1 and earlier are affected by two security
issues: a possible Side Request Forgery Vulnerabil
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: python-imaging
Version: 1.1.7-2+deb6u2
CVE ID : CVE-2016-0775
Debian Bug : 813909
Two buffer overflows were discovered in python-imaging, a Python
library for loading and manipulating image files, which may lead
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: tomcat6
Version: 6.0.45-1~deb6u1
CVE ID : CVE-2015-5174 CVE-2015-5345 CVE-2015-5351
CVE-2016-0706 CVE-2016-0714 CVE-2016-0763
Tomcat 6, an implementation of the Java Servlet and the JavaServer
Pages
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: pcre3
Version: 8.02-1.1+deb6u1
Debian Bug : 815921
HP's Zero Day Initiative has identified a vulnerability affecting the
pcre3 package. It was assigned ZDI id ZDI-CAN-3542. A CVE identifier has
not been assigned yet.
PC
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: bsh
Version: 2.0b4-12+deb6u1
CVE ID : CVE-2016-2510
A remote code execution vulnerability was found in BeanShell, an
embeddable Java source interpreter with object scripting language
features.
CVE-2016-2510:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
The Debian Long Term Support (LTS) Team hereby announces that Debian 6
("Squeeze") support has reached its end-of-life on February 29, 2016,
five years after its initial release on February 6, 2011.
There will be no further security support for Debi
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
As of 25 April, one year after the release of Debian 8, alias "Jessie",
and nearly three years after the release of Debian 7, alias "Wheezy",
regular security support for Wheezy comes to an end. The Debian Long
Term Support (LTS) Team will take over
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: botan1.10
Version: 1.10.5-1+deb7u1
CVE ID : CVE-2014-9742 CVE-2015-5726 CVE-2015-5727
CVE-2015-7827 CVE-2016-2194 CVE-2016-2195
CVE-2016-2849
Several security vulnerabilities were fo
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: gdk-pixbuf
Version: 2.26.1-1+deb7u4
CVE ID : CVE-2015-7552 CVE-2015-7674
A heap-based buffer overflow has been discovered in gdk-pixbuf, a
library for image loading and saving facilities, fast scaling and
compositing
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: openjdk-7
Version: 7u101-2.6.6-2~deb7u1
CVE ID : CVE-2016-0636 CVE-2016-0686 CVE-2016-0687
CVE-2016-0695 CVE-2016-3425 CVE-2016-3426 CVE-2016-3427
Several vulnerabilities have been discovered in Open
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: smarty3
Version: 3.1.10-2+deb7u1
CVE ID : CVE-2014-8350
Debian Bug : 765920
Smarty3, a template engine for PHP, allowed remote attackers to bypass
the secure mode restrictions and execute arbitrary PHP code as
de
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: java-common
Version: 0.47+deb7u1
In preparation for the upcoming default-java switch to OpenJDK 7 on 26
June 2016, the java-common package was updated to inform users about
the intended change. The news will be automaticall
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: file
Version: 5.11-2+deb7u9
CVE ID : CVE-2015-8865
A malformed magic file could trigger a segmentation fault and thus crash
applications due to a buffer over-write in the file_check_mem function.
For Debian 7 "Whee
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: nagios3
Version: 3.4.1-3+deb7u2
CVE ID : CVE-2014-1878
A stack-based buffer overflow in the cmd_submitf function in cgi/cmd.c
in Nagios, a monitoring and management system for hosts, services and
networks, allowed r
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: ikiwiki
Version: 3.20120629.2+deb7u1
CVE ID : CVE-2016-4561
Simon McVittie discovered a cross-site scripting vulnerability in the
error reporting of Ikiwiki, a wiki compiler. This update also hardens
ikiwiki's use of
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: botan1.10
Version: 1.10.5-1+deb7u1
Debian Bug : 823297
The security update for botan1.10 caused a regression in monotone due
to a ABI change. In order to fix this issue all reverse-dependencies
of botan1.10 have been re
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: libuser
Version: 1:0.56.9.dfsg.1-1.2+deb7u1
CVE ID : CVE-2015-3245 CVE-2015-3246
Debian Bug : 793465
Two security vulnerabilities were discovered in libuser, a library
that implements a standardized interface for
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: jansson
Version: 2.3.1-2+deb7u1
CVE ID : CVE-2016-4425
Debian Bug : 823238
Applications that depend on Jansson, a C library for encoding,
decoding and manipulating JSON data, could crash due to stack
exhaustion
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: icedove
Version: 38.8.0-1~deb7u1
CVE ID : CVE-2016-1979 CVE-2016-2805 CVE-2016-2807
Multiple security issues have been found in Icedove, Debian's version of
the Mozilla Thunderbird mail client. Multiple memory safety
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: wpa
Version: 1.0-3+deb7u4
CVE ID : CVE-2016-4476 CVE-2016-4477
Debian Bug : 823411
A vulnerability was found in how hostapd and wpa_supplicant writes the
configuration file update for the WPA/WPA2 passphrase para
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: python-tornado
Version: 2.3-2+deb7u1
CVE ID : CVE-2014-9720
It was discovered that python-tornado, a Python web framework and
asynchronous networking library, was susceptible for the BREACH attack.
The XSRF token is
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: expat
Version: 2.1.0-1+deb7u3
CVE ID : CVE-2016-0718
Gustavo Grieco discovered that Expat, a XML parsing C library, does not
properly handle certain kinds of malformed input documents, resulting in
buffer overflows d
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Version: 1.3.16-1.1+deb7u1
CVE ID : CVE-2015-8808 CVE-2016-2317 CVE-2016-2318
CVE-2016-3714 CVE-2016-3715 CVE-2016-3716
CVE-2016-3717 CVE-2016-3718
Debian Bug : 814732
Several security vulnerabil
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: xymon
Version: 4.3.0~beta2.dfsg-9.1+deb7u1
CVE ID : CVE-2016-2054 CVE-2016-2055 CVE-2016-2056 CVE-2016-2058
Markus Krell discovered that Xymon (formerly known as Hobbit), a
network- and applications-monitoring syste
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: bozohttpd
Version: 2018-1+deb7u1
CVE ID : CVE-2014-5015 CVE-2015-8212
Debian Bug : 755197
Two security vulnerabilities have been discovered in bozohttpd, a small
HTTP server.
CVE-2014-5015
Bozotic HTTP
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: gdk-pixbuf
Version: 2.26.1-1+deb7u5
CVE ID : CVE-2015-7552
It was discovered that the original fix for CVE-2015-7552 (DLA-450-1)
was incomplete.
A heap-based buffer overflow in gdk-pixbuf, a library for image
loadi
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Debian Long Term Support (LTS) is a project created to extend the life
of all Debian stable releases to (at least) 5 years.
Thanks to the LTS sponsors, Debian's buildd maintainers and the Debian
FTP Team are excited to announce that two new architec
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: graphicsmagick
Version: 1.3.16-1.1+deb7u2
CVE ID : CVE-2016-5118
Debian Bug : 825800
Bob Friesenhahn discovered a command injection vulnerability in
Graphicsmagick, a program suite for image manipulation. An atta
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: libxstream-java
Version: 1.4.2-1+deb7u1
CVE ID : CVE-2016-3674
Debian Bug : 819455
It was discovered that XStream, a Java library to serialize objects to
XML and back again, was susceptible to XML External Entity
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: libpdfbox-java
Version: 1:1.7.0+dfsg-4+deb7u1
CVE ID : CVE-2016-2175
Apache PDFBox did not properly initialize the XML parsers, which
allows context-dependent attackers to conduct XML External Entity
(XXE) attacks v
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: expat
Version: 2.1.0-1+deb7u4
CVE ID : CVE-2012-6702 CVE-2016-5300
Two related issues have been discovered in Expat, a C library for
parsing XML.
CVE-2012-6702
This issue was introduced when CVE-2012-0876 was
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: libtorrent-rasterbar
Version: 0.15.10-1+deb7u1
CVE ID : CVE-2016-5301
Debian Bug : 826380
A specially crafted HTTP response from a tracker (or potentially a UPnP
broadcast) can crash libtorrent in the parse_chun
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: mysql-connector-java
Version: 5.1.39-1~deb7u1
CVE ID : CVE-2015-2575
A vulnerability in the MySQL Connectors component of Oracle MySQL
(subcomponent: Connector/J) has been discovered that may result in
unauthorized
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: libcommons-fileupload-java
Version: 1.2.2-1+deb7u3
CVE ID : CVE-2016-3092
A denial of service vulnerability was identified in Commons FileUpload
that occurred when the length of the multipart boundary was just below
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: tomcat7
Version: 7.0.28-4+deb7u5
CVE ID : CVE-2016-3092
A denial of service vulnerability was identified in Commons FileUpload
that occurred when the length of the multipart boundary was just below
the size of the b
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: java-common
Version: 0.47+deb7u2
As previously announced [1][2], the default Java implementation has
been switched from OpenJDK 6 to OpenJDK 7. We strongly recommend to
remove the unsupported OpenJDK 6 packages which will r
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: roundcube
Version: 0.7.2-9+deb7u3
CVE ID : CVE-2015-8864
Roundcube, a webmail solution for IMAP servers, was susceptible to
cross-site-scripting (XSS) vulnerabilities when handling SVG images.
When right-clicking on
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: libarchive
Version: 3.0.4-3+wheezy2
CVE ID : CVE-2015-8917 CVE-2015-8919 CVE-2015-8920
CVE-2015-8921 CVE-2015-8922 CVE-2015-8923
CVE-2015-8924 CVE-2015-8925 CVE-2015-8926
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: python-django
Version: 1.4.5-1+deb7u17
CVE ID : CVE-2016-6186
Debian Bug : 831799
It was discovered that Django, a high-level Python web development
framework, is prone to a cross-site scripting vulnerability in
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: uclibc
Version: 0.9.32-1+deb7u1
CVE ID : CVE-2016-2224 CVE-2016-2225 CVE-2016-6264
Several vulnerabilities have been discovered in uClibc, an
implementation of the standard C library that is much smaller than
glibc,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: gosa
Version: 2.7.4-4.3~deb7u3
CVE ID : CVE-2015-8771
GOsa² is a combination of system-administrator and end-user web
interface, designed to handle LDAP based setups.
A code injection vulnerability in the Samba plu
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: wordpress
Version: 3.6.1+dfsg-1~deb7u11
CVE ID : CVE-2016-5387 CVE-2016-5832 CVE-2016-5834
CVE-2016-5835 CVE-2016-5838 CVE-2016-5839
Debian Bug : 828225
Several vulnerabilities were discovered i
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: libdbd-mysql-perl
Version: 4.021-1+deb7u1
CVE ID : CVE-2014-9906 CVE-2015-8949
Two use-after-free vulnerabilities were discovered in DBD::mysql, a Perl
DBI driver for the MySQL database server. A remote attacker can
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: firefox-esr
Version: 45.3.0esr-1~deb7u1
CVE ID : CVE-2016-2830 CVE-2016-2836 CVE-2016-2837
CVE-2016-2838 CVE-2016-5252 CVE-2016-5254
CVE-2016-5258 CVE-2016-5259 CVE-2016-5262
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: curl
Version: 7.26.0-1+wheezy14
CVE ID : CVE-2016-5419 CVE-2016-5420
CVE-2016-5419
Bru Rom discovered that libcurl would attempt to resume a TLS
session even if the client certificate had changed.
CVE-2016-
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: tiff3
Version: 3.9.6-11+deb7u1
CVE ID : CVE-2010-2596 CVE-2013-1961 CVE-2014-8128
CVE-2014-8129 CVE-2014-9655 CVE-2015-1547
CVE-2015-8665 CVE-2015-8683 CVE-2016-3186
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: tomcat6
Version: 6.0.45+dfsg-1~deb7u2
CVE ID : CVE-2016-1240
Dawid Golunski from legalhackers.com discovered that Debian's version
of Tomcat 6 was vulnerable to a local privilege escalation. Local
attackers who hav
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: tomcat7
Version: 7.0.28-4+deb7u6
CVE ID : CVE-2016-1240
Dawid Golunski from legalhackers.com discovered that Debian's version
of Tomcat 7 was vulnerable to a local privilege escalation. Local
attackers who have gain
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: jackrabbit
Version: 2.3.6-1+deb7u2
CVE ID : CVE-2016-6801
Debian Bug : 838204
Lukas Reschke discovered that Apache Jackrabbit, a content repository
implementation for Java, was vulnerable to Cross-Site-Request-F
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: zookeeper
Version: 3.3.5+dfsg1-2+deb7u1
CVE ID : CVE-2016-5017
Lyon Yang discovered that the C client shells cli_st and cli_mt of
Apache Zookeeper, a high-performance coordination service for
distributed application
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: wordpress
Version: 3.6.1+dfsg-1~deb7u12
CVE ID : CVE-2015-8834 CVE-2016-4029 CVE-2016-5836
CVE-2016-6634 CVE-2016-6635 CVE-2016-7168
CVE-2016-7169
Several vulnerabilities were discov
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: c-ares
Version: 1.9.1-3+deb7u1
CVE ID : CVE-2016-5180
Debian Bug : 839151
Gzob Qq discovered that the query-building functions in c-ares, an
asynchronous DNS request library would not correctly process crafted
q
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: libxrender
Version: 1:0.9.7-1+deb7u3
CVE ID : CVE-2016-7949 CVE-2016-7950
Debian Bug : 840443
Tobias Stoeckmann from the OpenBSD project has discovered a number of
issues in the way various X client libraries ha
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: guile-2.0
Version: 2.0.5+1-3+deb7u1
CVE ID : CVE-2016-8605 CVE-2016-8606
Debian Bug : 840555 840556
Several vulnerabilities were discovered in GNU Guile, an
implementation of the Scheme programming language. The
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: libxv
Version: 2:1.0.7-1+deb7u2
CVE ID : CVE-2016-5407
Debian Bug : 840438
Tobias Stoeckmann from the OpenBSD project has discovered a number of
issues in the way various X client libraries handle the responses
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: libass
Version: 0.10.0-3+deb7u1
CVE ID : CVE-2016-7969 CVE-2016-7972
Several vulnerabilities were discovered in libass, a library for
manipulating the SubStation Alpha (SSA) subtitle file format. The Common
Vulnerab
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: kdepimlibs
Version: 4:4.8.4-2+deb7u1
CVE ID : CVE-2016-7966
Debian Bug : 840546
Roland Tapken discovered that insufficient input sanitizing in KMail's
plain text viewer allowed attackers the injection of HTML co
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: drupal7
Version: 7.14-2+deb7u15
CVE ID : CVE-2016-9449 CVE-2016-9451
Multiple vulnerabilities have been found in the Drupal content
management framework. For additional information, please refer to the
upstream advis
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: moin
Version: 1.9.4-8+deb7u3
CVE ID : CVE-2016-7146 CVE-2016-9119
Debian Bug : 844338 844340
Several cross-site scripting vulnerabilities were discovered in moin, a
Python clone of WikiWiki. A remote attacker can
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: tomcat6
Version: 6.0.45+dfsg-1~deb7u3
CVE ID : CVE-2016-0762 CVE-2016-5018 CVE-2016-6794
CVE-2016-6796 CVE-2016-6797 CVE-2016-6816
CVE-2016-8735
Debian Bug : 841655 842662 842663
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: tomcat7
Version: 7.0.28-4+deb7u7
CVE ID : CVE-2016-0762 CVE-2016-5018 CVE-2016-6794
CVE-2016-6796 CVE-2016-6797 CVE-2016-6816
CVE-2016-8735
Debian Bug : 841655 842662 842663 84266
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: chrony
Version: 1.24-3.1+deb7u4
CVE ID : CVE-2016-1567
Debian Bug : 812923 568492
It was discovered that Chrony, a versatile implementation of the
Network Time Protocol, did not verify peer associations of symmet
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: most
Version: 5.0.0a-2.2
CVE ID : CVE-2016-1253
Debian Bug : 848132
The most pager can automatically open files compressed with gzip,
bzip2 and (in Debian) LZMA. Alberto Garcia discovered that Debian's
version of
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: tomcat6
Version: 6.0.45+dfsg-1~deb7u4
CVE ID : CVE-2016-9774
Debian Bug : 845393 845425 846298
Paul Szabo discovered a potential privilege escalation that could be
exploited in the situation envisaged in DLA-622-
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: libupnp
Version: 1:1.6.17-1.2+deb7u2
CVE ID : CVE-2016-8863
Debian Bug : 842093
Scott Tenaglia discovered a heap-based buffer overflow in libupnp, a
portable SDK for UPnP Devices. That can lead to denial of servi
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: libupnp4
Version: 1.8.0~svn20100507-1.2+deb7u1
CVE ID : CVE-2016-8863
Scott Tenaglia discovered a heap-based buffer overflow in libupnp4, a
portable SDK for UPnP Devices. That can lead to denial of service or
remote
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: tomcat6
Version: 6.0.45+dfsg-1~deb7u5
Debian Bug : 848492
The last security update introduced a regression due to the use of
StringManager in the ResourceLinkFactory class. The code was removed
again since it is not stri
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: tomcat7
Version: 7.0.28-4+deb7u8
CVE ID : CVE-2016-9774
Debian Bug : 845393 845425 846298
Paul Szabo discovered a potential privilege escalation that could be
exploited in the situation envisaged in DLA-622-1. Th
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: python-bottle
Version: 0.10.11-1+deb7u2
CVE ID : CVE-2016-9964
Debian Bug : 848392
It was discovered that bottle, a WSGI-framework for the Python
programming language, did not properly filter "\r\n" sequences whe
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: squid3
Version: 3.1.20-2.2+deb7u7
CVE ID : CVE-2016-10002
Debian Bug : 848493
Saulius Lapinskas from Lithuanian State Social Insurance Fund Board
discovered that Squid3, a fully featured web proxy cache, does not
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: libcrypto++
Version: 5.6.1-6+deb7u3
CVE ID : CVE-2016-9939
Debian Bug : 848009
Gergely Gábor Nagy from Tresorit discovered that libcrypto++, a C++
cryptographic library, contained a bug in several ASN.1 parsing
r
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: tomcat7
Version: 7.0.28-4+deb7u9
CVE ID : CVE-2016-8745
Debian Bug : 849949
A bug in the error handling of the send file code for the NIO HTTP
connector resulted in the current Processor object being added to the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: asterisk
Version: 1:1.8.13.1~dfsg1-3+deb7u5
CVE ID : CVE-2014-2287 CVE-2016-7551
Debian Bug : 838832 741313
Two security vulnerabilities were discovered in Asterisk, an Open
Source PBX and telephony toolkit.
CVE
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: python-bottle
Version: 0.10.11-1+deb7u3
Debian Bug : 850176
The update for python-bottle issued as DLA 761-1 would cause a crash
if a unicode string was used in a header. Updated packages are now
available to correct thi
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: libphp-swiftmailer
Version: 4.1.5-1+deb7u1
CVE ID : CVE-2016-10074
Debian Bug : 849626
Dawid Golunski from legalhackers-com [1] discovered that the mail
transport in Swift Mailer allowed remote attackers to pass
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: opus
Version: 0.9.14+20120615-1+nmu1+deb7u1
CVE ID : CVE-2017-0381
Debian Bug : 851612
A remote code execution vulnerability was discovered in opus, an audio
codec, that could enable an attacker using a specially
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: groovy
Version: 1.8.6-1+deb7u2
CVE ID : CVE-2016-6814
Debian Bug : 851408
It was found that a flaw in Apache Groovy, a dynamic language for the
Java Virtual Machine, allows remote code execution wherever
deserial
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: mysql-5.5
Version: 5.5.54-0+deb7u1
CVE ID : CVE-2017-3238 CVE-2017-3243 CVE-2017-3244
CVE-2017-3258 CVE-2017-3265 CVE-2017-3291
CVE-2017-3312 CVE-2017-3313 CVE-2017-3317
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: asterisk
Version: 1:1.8.13.1~dfsg1-3+deb7u6
CVE ID : CVE-2014-2287
Brad Barnett found that the recent security update of Asterisk could
cause immediate SIP termination due to an incomplete fix for
CVE-2014-2287.
For
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: wordpress
Version: 3.6.1+dfsg-1~deb7u13
CVE ID : CVE-2017-5488 CVE-2017-5489 CVE-2017-5490
CVE-2017-5491 CVE-2017-5492 CVE-2017-5493
CVE-2017-5610 CVE-2017-5611 CVE-2017-5612
Debian B
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: viewvc
Version: 1.1.5-1.4+deb7u1
CVE ID : CVE-2017-5938
Debian Bug : 854681
Thomas Gerbet discovered that viewvc, a web interface for CVS and
Subversion repositories, did not properly sanitize user input. This
is
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: tomcat7
Version: 7.0.28-4+deb7u10
CVE ID : not yet available
Debian Bug : 854551
It was discovered that a programming error in the processing of HTTPS
requests in the Apache Tomcat servlet and JSP engine may resu
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: spice
Version: 0.11.0-1+deb7u4
CVE ID : CVE-2016-9577 CVE-2016-9578
Debian Bug : 854336
Several vulnerabilities were discovered in spice, a SPICE protocol
client and server library. The Common Vulnerabilities and
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: tomcat7
Version: 7.0.28-4+deb7u11
CVE ID : CVE-2017-6056
Debian Bug : 854551
The update for tomcat7 issued as DLA-823-1 caused that the server could
return HTTP 400 errors under certain circumstances. Updated pac
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: phpmyadmin
Version: 4:3.4.11.1-2+deb7u8
CVE ID : CVE-2016-6621
A server-side request forgery vulnerability was reported for the setup
script in phpmyadmin, a MYSQL web administration tool. This flaw may
allow an unau
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: cakephp
Version: 1.3.15-1+deb7u2
CVE ID : CVE-2016-4793
Dawid Golunski from legalhackers.com discovered that cakephp, an
application development framework for PHP, contains a vulnerability
that allows attackers to sp
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: libplist
Version: 1.8-1+deb7u2
CVE ID : CVE-2017-5834 CVE-2017-5835
Debian Bug : 854000
Several vulnerabilities were discovered in libplist, a library for
reading and writing the Apple binary and XML property lis
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: libzip-ruby
Version: 0.9.4-1+deb7u1
CVE ID : CVE-2017-5946
Debian Bug : 856269
It was discovered that libzip-ruby, a Ruby module for reading and
writing zip files, is prone to a directory traversal vulnerability.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: pidgin
Version: 2.10.10-1~deb7u3
CVE ID : CVE-2017-2640
It was discovered that an invalid XML file can trigger an out-of-bound
memory access in Pidgin, a multi-protocol instant messaging client,
when it is sent by a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: roundcube
Version: 0.7.2-9+deb7u6
CVE ID : CVE-2017-6820
Debian Bug : 857473
Roundcube, a webmail solution for IMAP servers, was susceptible to
a cross-site-scripting (XSS) vulnerability via a crafted Cascading
S
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: wordpress
Version: 3.6.1+dfsg-1~deb7u14
CVE ID : CVE-2017-6814 CVE-2017-6815 CVE-2017-6816
Debian Bug : 857026
Several vulnerabilities were discovered in wordpress, a web blogging
tool. The Common Vulnerabilities
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: libplist
Version: 1.8-1+deb7u3
CVE ID : CVE-2017-6435 CVE-2017-6436 CVE-2017-6439
More vulnerabilities were discovered in libplist, a library for
reading and writing the Apple binary and XML property lists format.
A
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: xrdp
Version: 0.5.0-2+deb7u1
CVE ID : CVE-2017-6967
Debian Bug : 858143
It was discovered that xrdp, a Remote Desktop Protocol (RDP) server,
calls the PAM function auth_start_session() in an incorrect location,
l
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: php5
Version: 5.4.45-0+deb7u8
CVE ID : CVE-2016-7478 CVE-2016-7479 CVE-2017-7272
Several issues have been discovered in PHP (recursive acronym for PHP:
Hypertext Preprocessor), a widely-used open source general-purpo
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: logback
Version: 1:1.0.4-1+deb7u1
CVE ID : CVE-2017-5929
Debian Bug : 857343
It was discovered that logback, a flexible logging library for Java,
would deserialize data from untrusted sockets which may lead to th
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: bouncycastle
Version: 1.44+dfsg-3.1+deb7u2
CVE ID : CVE-2015-6644
An information disclosure vulnerability was discovered in Bouncy
Castle, a Java library which consists of various cryptographic
algorithms. The Galois
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: feh
Version: 2.3-2+deb7u1
CVE ID : CVE-2017-7875
Debian Bug : 860367
Tobias Stoeckmann discovered it was possible to trigger an
out-of-boundary heap write with the image viewer feh while receiving
an IPC message.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: freetype
Version: 2.4.9-1.1+deb7u5
CVE ID : CVE-2016-10328
Debian Bug : 860303
The Freetype 2 font engine was vulnerable to an out-of-bounds write
caused by a heap-based buffer overflow in the cff_parser_run func
1 - 100 of 565 matches
Mail list logo