Debian 10225 Published by

The following Debian updates has been released:

[DLA 243-1] libraw security update
[DLA 241-1] wireshark security update



[DLA 243-1] libraw security update

Package : libraw
Version : 0.9.1-1+deb6u1
CVE ID : CVE-2015-3885
Debian Bug : 786788

CVE-2015-3885:
Integer overflow in the ljpeg_start function in dcraw 7.00 and earlier
allows remote attackers to cause a denial of service (crash) via a
crafted image, which triggers a buffer overflow, related to the len
variable.

We recommend that you upgrade your libraw packages.

[DLA 241-1] wireshark security update

Package : wireshark
Version : 1.8.2-5wheezy16~deb6u1
CVE ID : CVE-2015-3811


The following vulnerabilities were discovered in the Squeeze LTS's
prior Wireshark version:

CVE-2015-3811 The WCP dissector could crash while decompressing data.