Debian 10260 Published by

The following updates has been released for Debian 7 LTS:

[DLA 587-1] fontconfig security update
[DLA 590-1] python-django security update
[DLA 591-1] libreoffice security update



[DLA 587-1] fontconfig security update

Package : fontconfig
Version : 2.9.0-7.1+deb7u1
CVE ID : CVE-2016-5384
Debian Bug : 833570


A possible double free vulnerability was found in fontconfig. The
problem was due to insufficient validation when parsing the cache
file.

For Debian 7 "Wheezy", these problems have been fixed in version
2.9.0-7.1+deb7u1.

We recommend that you upgrade your fontconfig packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

[DLA 590-1] python-django security update

Package : python-django
Version : 1.4.22-1

The release team recently approved rebasing jessie on latest
python-django 1.7.x (see #807654). For similiar reasons, it makes sense
to rebase wheezy on latest 1.4.x, especially since 1.4.x is an LTS
version.

Django 1.4.22-1 has been uploaded to wheezy-security to address this.

[DLA 591-1] libreoffice security update

Package : libreoffice
Version : 3.5.4+dfsg2-0+deb7u8
CVE ID : CVE-2016-1513


An OpenDocument Presentation .ODP or Presentation Template .OTP file
can contain invalid presentation elements that lead to memory
corruption when the document is loaded in LibreOffice Impress. The
defect may cause the document to appear as corrupted and LibreOffice
may crash in a recovery-stuck mode requiring manual intervention. A
crafted exploitation of the defect can allow an attacker to cause
denial of service (memory corruption and application crash) and
possible execution of arbitrary code.

For Debian 7 "Wheezy", this problem have been fixed in version
3.5.4+dfsg2-0+deb7u8.

We recommend that you upgrade your libreoffice packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS