The following three updates are available for Debian 6 LTS:
[DLA 100-1] mutt security update
[DLA 101-1] jasper security update
[DLA 99-1] flac security update
[DLA 100-1] mutt security update
[DLA 101-1] jasper security update
[DLA 99-1] flac security update
[DLA 100-1] mutt security update
Package : mutt
Version : 1.5.20-9+squeeze4
CVE ID : CVE-2014-0467
Debian Bug : 771125
A flaw was discovered in mutt, a text-based mailreader. A specially
crafted mail header could cause mutt to crash, leading to a denial of
service condition.
[DLA 101-1] jasper security update
Package : jasper
Version : 1.900.1-7+squeeze2
CVE ID : CVE-2014-9029
Josh Duart of the Google Security Team discovered heap-based buffer
overflow flaws in JasPer, a library for manipulating JPEG-2000 files,
which could lead to denial of service (application crash) or the
execution of arbitrary code.
[DLA 99-1] flac security update
Package : flac
Version : 1.2.1-2+deb6u1
CVE ID : CVE-2014-8962 CVE-2014-9028
Michele Spagnuolo, of Google Security Team, and Miroslav Lichvar, of
Red Hat, discovered two issues in flac, a library handling Free
Lossless Audio Codec media: by providing a specially crafted FLAC
file, an attacker could execute arbitrary code.
CVE-2014-8962
heap-based buffer overflow in stream_decoder.c, allowing
remote attackers to execute arbitrary code via a specially
crafted .flac file.
CVE-2014-9028
stack-based buffer overflow in stream_decoder.c, allowing
remote attackers to execute arbitrary code via a specially
crafted .flac file.