Debian 10225 Published by

The following updates has been released for Debian GNU/Linux:

[DLA 684-2] libx11 regression update
[DLA 761-2] python-bottle regression update
[DLA 784-1] gcc-mozilla new package
[DLA 785-1] wireless-regdb new upstream version
[DLA 786-1] botan1.10 security update
[DSA 3743-2] python-bottle regression update
[DSA 3765-1] icoutils security update



[DLA 684-2] libx11 regression update

Package : libx11
Version : 2:1.5.0-1+deb7u4

A possible invalid free was introduced in libx11 2:1.5.0-1+deb7u3,
which could lead to application crashes or other issues.

For Debian 7 "Wheezy", these problems have been fixed in version
2:1.5.0-1+deb7u4.

We recommend that you upgrade your libx11 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

[DLA 761-2] python-bottle regression update

Package : python-bottle
Version : 0.10.11-1+deb7u3
Debian Bug : 850176

The update for python-bottle issued as DLA 761-1 would cause a crash
if a unicode string was used in a header. Updated packages are now
available to correct this issue.

For Debian 7 "Wheezy", these problems have been fixed in version
0.10.11-1+deb7u3.

We recommend that you upgrade your python-bottle packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

[DLA 784-1] gcc-mozilla new package

Package : gcc-mozilla
Version : 4.8.4-0deb7u1

GCC 4.8 has been packaged as gcc-mozilla for Debian 7. This package
will be needed for future updates to firefox-esr and icedove, and
possibly other packages that require new versions of GCC.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

[DLA 785-1] wireless-regdb new upstream version

Package : wireless-regdb
Version : 2016.06.10-1~deb7u1

This update includes the changes in wireless-regdb 2016.06.10,
reflecting changes to radio regulations in many countries and adding
information about additional countries.

For Debian 7 "Wheezy", the update is available as version
2016.06.10-1~deb7u1. For Debian 8 "Jessie", it is available as
version 2016.06.10-1~deb8u1.

We recommend that you upgrade your wireless-regdb packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

[DLA 786-1] botan1.10 security update

Package : botan1.10
Version : 1.10.5-1+deb7u2
CVE ID : CVE-2016-9132

It was discovered that there was an integer overflow vulnerability
in botan, a cryptography library. This could occur while parsing
untrusted inputs such as X.509 certificates.

For Debian 7 "Wheezy", this problem has been fixed in version
1.10.5-1+deb7u2.

We recommend that you upgrade your botan1.10 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

[DSA 3743-2] python-bottle regression update

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3743-2 security@debian.org
https://www.debian.org/security/ Sebastien Delafond
January 15, 2017 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : python-bottle
Debian Bug : 850176

The update for python-bottle issued as DSA-3743-1 would cause a crash
if a unicode string was used as a header. Updated packages are now
available to correct this issue.

For the stable distribution (jessie), this problem has been fixed in
version 0.12.7-1+deb8u2.

We recommend that you upgrade your python-bottle packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

[DSA 3765-1] icoutils security update

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3765-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
January 14, 2017 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : icoutils
CVE ID : CVE-2017-5331 CVE-2017-5332 CVE-2017-5333

Several programming errors in the wrestool tool of icoutils, a suite
of tools to create and extract MS Windows icons and cursors, allow
denial of service or the execution of arbitrary code if a malformed
binary is parsed.

For the stable distribution (jessie), these problems have been fixed in
version 0.31.0-2+deb8u2.

For the testing distribution (stretch), these problems have been fixed
in version 0.31.1-1.

For the unstable distribution (sid), these problems have been fixed in
version 0.31.1-1.

We recommend that you upgrade your icoutils packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/