Debian 10225 Published by

The following updates has been released for Debian GNU/Linux 8 LTS:

DLA 1976-1: imapfilter security update
DLA 1977-1: libvncserver security update



DLA 1976-1: imapfilter security update

Package : imapfilter
Version : 1:2.5.2-2+deb8u1
CVE ID : CVE-2016-10937
Debian Bug : 939702


The imapfilter tool, a utility for scripting IMAP operations in lua,
lacked server name / certificate peer hostname validation support.

For Debian 8 "Jessie", this problem has been fixed in version
1:2.5.2-2+deb8u1.

We recommend that you upgrade your imapfilter packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

DLA 1977-1: libvncserver security update

Package : libvncserver
Version : 0.9.9+dfsg2-6.1+deb8u6
CVE ID : CVE-2019-15681
Debian Bug : 943793


LibVNC contained a memory leak (CWE-655) in VNC server code, which
allowed an attacker to read stack memory and could be abused for
information disclosure.

For Debian 8 "Jessie", this problem has been fixed in version
0.9.9+dfsg2-6.1+deb8u6.

We recommend that you upgrade your libvncserver packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS