Debian 10260 Published by

The following security advisories has been published for Debian GNU/Linux 7 LTS:

DLA 1263-1: curl security update
DLA 1263-1: debian-security-support update



DLA 1263-1: curl security update




Package : curl
Version : 7.26.0-1+wheezy24
CVE ID : CVE-2018-1000007


Craig de Stigter discovered that authentication data might be leaked to
third parties when following HTTP redirects.


For Debian 7 "Wheezy", these problems have been fixed in version
7.26.0-1+wheezy24.

We recommend that you upgrade your curl packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS



DLA 1263-1: debian-security-support update

Package : debian-security-support
Version : 2018.01.29~deb7u1

This update marks several packages as no longer supported by wheezy-lts:

teamspeak-server, teamspeak-client, libstruts1.2-java, nvidia-graphics-drivers,
glassfish, jbossas4, libnet-ping-external-perl, mp3gain, tor,
jasperreports.

For the reasoning please see the links provided in

/usr/share/debian-security-support/security-support-ended.deb8

Furthermore it marks swftools as only safe to use for trusted input.

For Debian 7 "Wheezy", these problems have been fixed in version
2018.01.29~deb7u1.

We recommend that you upgrade your debian-security-support packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS