The following updates has been released for Debian:
[DLA 819-1] mysql-5.5 security update
[DLA 820-1] viewvc security update
[DSA 3784-1] viewvc security update
[DSA 3785-1] jasper security update
[DLA 819-1] mysql-5.5 security update
[DLA 820-1] viewvc security update
[DSA 3784-1] viewvc security update
[DSA 3785-1] jasper security update
[DLA 819-1] mysql-5.5 security update
Package : mysql-5.5
Version : 5.5.47-0+deb7u2
CVE ID :
Debian Bug : #854713
It has been found that the C client library for MySQL
(libmysqlclient.so) has use-after-free vulnerability which
can cause crash of applications using that MySQL client.
For Debian 7 "Wheezy", these problems have been fixed in version
5.5.47-0+deb7u2.
We recommend that you upgrade your mysql-5.5 packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
[DLA 820-1] viewvc security update
Package : viewvc
Version : 1.1.5-1.4+deb7u1
CVE ID : CVE-2017-5938
Debian Bug : 854681
Thomas Gerbet discovered that viewvc, a web interface for CVS and
Subversion repositories, did not properly sanitize user input. This
issue resulted in a potential Cross-Site Scripting vulnerability.
For Debian 7 "Wheezy", these problems have been fixed in version
1.1.5-1.4+deb7u1.
We recommend that you upgrade your viewvc packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
[DSA 3784-1] viewvc security update
- -------------------------------------------------------------------------
Debian Security Advisory DSA-3784-1 security@debian.org
https://www.debian.org/security/ Sebastien Delafond
February 09, 2017 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : viewvc
CVE ID : CVE-2017-5938
Debian Bug : 854681
Thomas Gerbet discovered that viewvc, a web interface for CVS and
Subversion repositories, did not properly sanitize user input. This
problem resulted in a potential Cross-Site Scripting vulnerability.
For the stable distribution (jessie), this problem has been fixed in
version 1.1.22-1+deb8u1.
For the unstable distribution (sid), this problem has been fixed in
version 1.1.26-1.
We recommend that you upgrade your viewvc packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
[DSA 3785-1] jasper security update
- -------------------------------------------------------------------------
Debian Security Advisory DSA-3785-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
February 09, 2017 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : jasper
CVE ID : CVE-2016-1867 CVE-2016-8654 CVE-2016-8691 CVE-2016-8692
CVE-2016-8693 CVE-2016-8882 CVE-2016-9560
Multiple vulnerabilities have been discovered in the JasPer library
for processing JPEG-2000 images, which may result in denial of service
or the execution of arbitrary code if a malformed image is processed.
For the stable distribution (jessie), these problems have been fixed in
version 1.900.1-debian1-2.4+deb8u2.
We recommend that you upgrade your jasper packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
