The following updates has been released for Debian GNU/Linux 8 LTS:
DLA 1840-1: golang-go.crypto security update
DLA 1841-1: gpac security update
DLA 1840-1: golang-go.crypto security update
DLA 1841-1: gpac security update
DLA 1840-1: golang-go.crypto security update
Package : golang-go.crypto
Version : 0.0~hg190-1+deb8u1
CVE ID : CVE-2019-11840
A flaw was found in the amd64 implementation of salsa20. If more
than 256 GiB of keystream is generated, or if the counter otherwise
grows greater than 32 bits, the amd64 implementation will first generate
incorrect output, and then cycle back to previously generated keystream.
For Debian 8 "Jessie", this problem has been fixed in version
0.0~hg190-1+deb8u1.
obfs4proxy has been rebuilt as version 0.0.3-2+deb8u1.
We recommend that you upgrade your golang-golang-x-crypto-dev
and obfs4proxy packages, and rebuild any software using
golang-golang-x-crypto-dev.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
DLA 1841-1: gpac security update
Package : gpac
Version : 0.5.0+svn5324~dfsg1-1+deb8u4
CVE ID : CVE-2019-12481 CVE-2019-12482 CVE-2019-12483
Three issues have been found for gpac, an Open Source multimedia
framework.
Two of them are NULL pointer dereferences and one of them is a heap-based
buffer overflow.
For Debian 8 "Jessie", these problems have been fixed in version
0.5.0+svn5324~dfsg1-1+deb8u4.
We recommend that you upgrade your gpac packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
