Debian 10228 Published by

The following updates has been released for Debian:

[DLA 886-1] tzdata new upstream version
[DLA 887-1] libdatetime-timezone-perl new upstream version
[DLA 888-1] logback security update
[DSA 3827-1] jasper security update



[DLA 886-1] tzdata new upstream version

Package : tzdata
Version : 2017b-0+deb7u1

This update includes the changes in tzdata 2017b. Notable
changes are:
- Haiti resumed observance of DST in 2017.

For Debian 7 "Wheezy", these problems have been fixed in version
2017b-0+deb7u1.

We recommend that you upgrade your tzdata packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

[DLA 887-1] libdatetime-timezone-perl new upstream version

Package : libdatetime-timezone-perl
Version : 1:1.58-1+2017b

This update includes the changes in tzdata 2017b for the
Perl bindings. For the list of changes, see DLA-886-1.

For Debian 7 "Wheezy", these problems have been fixed in version
1:1.58-1+2017b.

We recommend that you upgrade your libdatetime-timezone-perl packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

[DLA 888-1] logback security update

Package : logback
Version : 1:1.0.4-1+deb7u1
CVE ID : CVE-2017-5929
Debian Bug : 857343

It was discovered that logback, a flexible logging library for Java,
would deserialize data from untrusted sockets which may lead to the
execution of arbitrary code. This issue has been resolved by adding a
whitelist to use only trusted classes.

For Debian 7 "Wheezy", these problems have been fixed in version
1:1.0.4-1+deb7u1.

We recommend that you upgrade your logback packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

[DSA 3827-1] jasper security update

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3827-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
April 07, 2017 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : jasper
CVE ID : CVE-2016-9591 CVE-2016-10249 CVE-2016-10251

Multiple vulnerabilities have been discovered in the JasPer library for
processing JPEG-2000 images, which may result in denial of service or
the execution of arbitrary code if a malformed image is processed.

For the stable distribution (jessie), these problems have been fixed in
version 1.900.1-debian1-2.4+deb8u3.

We recommend that you upgrade your jasper packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/