Debian 10265 Published by

The following updates are available for Debian:

[DLA 466-1] ocaml security update
[DSA 3565-2] monotone ovito pdns qtcreator softhsm regression update



[DLA 466-1] ocaml security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package : ocaml
Version : 3.12.1-4+deb7u1
CVE ID : CVE-2015-8869

OCaml versions 4.02.3 and earlier have a runtime bug that,
on 64-bit platforms, causes sizes arguments to an internal
memmove call to be sign-extended from 32 to 64-bits before
being passed to the memmove function.
This leads arguments between 2GiB and 4GiB to be interpreted
as larger than they are (specifically, a bit below 2^64),
causing a buffer overflow.
Arguments between 4GiB and 6GiB are interpreted as 4GiB smaller
than they should be, causing a possible information leak.

[DSA 3565-2] monotone ovito pdns qtcreator softhsm regression update

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3565-2 security@debian.org
https://www.debian.org/security/ Sebastien Delafond
May 11, 2016 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : monotone ovito pdns qtcreator softhsm
Debian Bug : 823823

This updates fixes a regression introduced in botan1.10 by DSA-3565-1:
packages depending on libbotan1.10 needed to be rebuilt against the
latest version to function properly.

For the stable distribution (jessie), this problem has been fixed in
the following versions:

monotone : 1.1-4+deb8u1
ovito : 2.3.3-3+deb8u1
pdns : 3.4.1-4+deb8u5
qtcreator : 3.2.1+dfsg-7+deb8u1
softhsm : 1.3.7-2+deb8u1

We recommend that you upgrade those packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/