[DLA 631-1] unadf security update

Package : unadf
Version : 0.7.11a-3+deb7u1
CVE IDs : CVE-2016-1243 CVE-2016-1244
Debian Bug : #838248

It was discovered that there were two vulnerabilities in unadf, a tool to
extract files from an Amiga Disk File dump (.adf):

- - CVE-2016-1243: stack buffer overflow caused by blindly trusting on
pathname lengths of archived files.

Stack allocated buffer sysbuf was filled with sprintf() without any
bounds checking in extracTree() function.

- - CVE-2016-1244: execution of unsanitized input

Shell command used for creating directory paths was constructed by
concatenating names of archived files to the end of the command
string.

For Debian 7 "Wheezy", this issue has been fixed in unadf version
0.7.11a-3+deb7u1.

We recommend that you upgrade your unadf packages.

[DSA 3671-1] mutt security update

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3671-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
September 20, 2016 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : wireshark
CVE ID : CVE-2016-7176 CVE-2016-7177 CVE-2016-7178 CVE-2016-7179
CVE-2016-7180

Multiple vulnerabilities were discovered in the dissectors for H.225,
Catapult DCT2000, UMTS FP and IPMI, which could result in denial of
service or the execution of arbitrary code.

For the stable distribution (jessie), these problems have been fixed in
version 1.12.1+g01b65bf-4+deb8u9.

For the testing distribution (stretch), these problems have been fixed
in version 2.2.0+g5368c50-1.

For the unstable distribution (sid), these problems have been fixed in
version 2.2.0+g5368c50-1.

We recommend that you upgrade your wireshark packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/