Debian 10260 Published by

The following updates has been released for Debian:

[DLA 705-1] python-imaging security update
[DSA 3707-1] openjdk-7 security update
[DSA 3708-1] mat security update



[DLA 705-1] python-imaging security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package : python-imaging
Version : 1.1.7-4+deb7u3
CVE IDs : CVE-2016-9189 CVE-2016-9190

It was discovered that there were a number of memory overflow issues in in
python-imaging, a Python image manipulation library.

For Debian 7 "Wheezy", this issue has been fixed in python-imaging version
1.1.7-4+deb7u3.

We recommend that you upgrade your python-imaging packages.

[DSA 3707-1] openjdk-7 security update

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3707-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
November 07, 2016 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : openjdk-7
CVE ID : CVE-2016-5542 CVE-2016-5554 CVE-2016-5573 CVE-2016-5582
CVE-2016-5597

Several vulnerabilities have been discovered in OpenJDK, an
implementation of the Oracle Java platform, resulting in breakouts
of the Java sandbox or denial of service.

For the stable distribution (jessie), this problem has been fixed in
version 7u111-2.6.7-2~deb8u1.

We recommend that you upgrade your openjdk-7 packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

[DSA 3708-1] mat security update

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3708-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
November 07, 2016 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : mat
CVE ID : not yet available
Debian Bug : 826101

Hartmut Goebel discovered that MAT, a toolkit to anonymise/remove
metadata from files did not remove metadata from images embededed in PDF
documents.

For the stable distribution (jessie), this problem has been fixed in
version 0.5.2-3+deb8u1. This update disables PDF support in MAT
entirely.

We recommend that you upgrade your mat packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/