Debian 10225 Published by

The following updates has been released for Debian GNU/Linux:

Debian GNU/Linux 8 LTS:
DLA 1738-1: gpsd security update

Debian GNU/Linux 9:
DSA 4420-1: thunderbird security update



DLA 1738-1: gpsd security update




Package : gpsd
Version : 3.11-3+deb8u1
CVE ID : CVE-2018-17937
Debian Bug : 925327

A security vulnerability was discovered in gpsd, the Global Positioning
System daemon. A stack-based buffer overflow may allow remote attackers
to execute arbitrary code via traffic on port 2947/TCP or crafted JSON
inputs.

For Debian 8 "Jessie", this problem has been fixed in version
3.11-3+deb8u1.

We recommend that you upgrade your gpsd packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


DSA 4420-1: thunderbird security update




- -------------------------------------------------------------------------
Debian Security Advisory DSA-4420-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
March 30, 2019 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : thunderbird
CVE ID : CVE-2018-18506 CVE-2019-9788 CVE-2019-9790 CVE-2019-9791
CVE-2019-9792 CVE-2019-9793 CVE-2019-9795 CVE-2019-9796

Multiple security issues have been found in the Thunderbird mail client,
which could lead to the execution of arbitrary code or denial of service.

For the stable distribution (stretch), these problems have been fixed in
version 1:60.6.1-1~deb9u1.

We recommend that you upgrade your thunderbird packages.

For the detailed security status of thunderbird please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/thunderbird

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/