Debian 10203 Published by

The following updates has been released for Debian GNU/Linux 7 LTS:

DLA 1317-1: net-snmp security update
DLA 1318-1: irssi security update



DLA 1317-1: net-snmp security update




Package : net-snmp
Version : 5.7.2.1+dfsg-1+deb8u1
CVE ID : CVE-2018-1000116
Debian Bug : #894110

It was discovered that there was a heap corruption vulnerability in the
net-snmp framework which exchanges server management information in a
network.

For Debian 7 "Wheezy", this issue has been fixed in net-snmp version
5.7.2.1+dfsg-1+deb8u1.

We recommend that you upgrade your net-snmp packages.




DLA 1318-1: irssi security update




Package : irssi
Version : 0.8.15-5+deb7u6
CVE ID : CVE-2018-7051
Debian Bug : #890677

It was discovered that there was an issue in the irssi IRC client where
certain nick names could result in out-of-bounds access when printing
theme strings.

For Debian 7 "Wheezy", this issue has been fixed in irssi version
0.8.15-5+deb7u6. It was incorrectly missing from the upload of
0.8.15-5+deb7u5 announced as part of DLA-1289-1. Thanks to Ben Hutchings
and Matus Uhlhar.

We recommend that you upgrade your irssi packages.