Debian 10261 Published by

The follow updates has been released for Debian 6 LTS:

[DLA 127-1] pyyaml security update
[DLA 128-1] sox security update
[DLA 129-1] polarssl security update



[DLA 127-1] pyyaml security update

Package : pyyaml
Version : 3.09-5+deb6u1
CVE ID : CVE-2014-9130
Debian Bug : 772815

Jonathan Gray and Stanislaw Pitucha found an assertion failure in the
way wrapped strings are parsed in Python-YAML, a YAML parser and emitter
for Python. An attacker able to load specially crafted YAML input into an
application using python-yaml could cause the application to crash.

[DLA 128-1] sox security update

Package : sox
Version : 14.3.1-1+deb6u1
CVE ID : CVE-2014-8145
Debian Bug : 773720

Michele Spagnuolo of the Google Security Team dicovered two heap-based
buffer overflows in SoX, the Swiss Army knife of sound processing
programs. A specially crafted wav file could cause an application using
SoX to crash or, possibly, execute arbitrary code.

[DLA 129-1] polarssl security update

Package : polarssl
Version : 1.2.9-1~deb6u3
CVE ID : CVE-2014-8628

It was discovered that a memory leak in parsing X.509 certificates may
result in denial of service.