The following updates has been released for Debian:
[DLA 886-1] tzdata new upstream version
[DLA 887-1] libdatetime-timezone-perl new upstream version
[DLA 888-1] logback security update
[DSA 3827-1] jasper security update
[DLA 886-1] tzdata new upstream version
[DLA 887-1] libdatetime-timezone-perl new upstream version
[DLA 888-1] logback security update
[DSA 3827-1] jasper security update
[DLA 886-1] tzdata new upstream version
Package : tzdata
Version : 2017b-0+deb7u1
This update includes the changes in tzdata 2017b. Notable
changes are:
- Haiti resumed observance of DST in 2017.
For Debian 7 "Wheezy", these problems have been fixed in version
2017b-0+deb7u1.
We recommend that you upgrade your tzdata packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
[DLA 887-1] libdatetime-timezone-perl new upstream version
Package : libdatetime-timezone-perl
Version : 1:1.58-1+2017b
This update includes the changes in tzdata 2017b for the
Perl bindings. For the list of changes, see DLA-886-1.
For Debian 7 "Wheezy", these problems have been fixed in version
1:1.58-1+2017b.
We recommend that you upgrade your libdatetime-timezone-perl packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
[DLA 888-1] logback security update
Package : logback
Version : 1:1.0.4-1+deb7u1
CVE ID : CVE-2017-5929
Debian Bug : 857343
It was discovered that logback, a flexible logging library for Java,
would deserialize data from untrusted sockets which may lead to the
execution of arbitrary code. This issue has been resolved by adding a
whitelist to use only trusted classes.
For Debian 7 "Wheezy", these problems have been fixed in version
1:1.0.4-1+deb7u1.
We recommend that you upgrade your logback packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
[DSA 3827-1] jasper security update
- -------------------------------------------------------------------------
Debian Security Advisory DSA-3827-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
April 07, 2017 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : jasper
CVE ID : CVE-2016-9591 CVE-2016-10249 CVE-2016-10251
Multiple vulnerabilities have been discovered in the JasPer library for
processing JPEG-2000 images, which may result in denial of service or
the execution of arbitrary code if a malformed image is processed.
For the stable distribution (jessie), these problems have been fixed in
version 1.900.1-debian1-2.4+deb8u3.
We recommend that you upgrade your jasper packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/