The following Debian updates has been released:
[DLA 243-1] libraw security update
[DLA 241-1] wireshark security update
[DLA 243-1] libraw security update
[DLA 241-1] wireshark security update
[DLA 243-1] libraw security update
Package : libraw
Version : 0.9.1-1+deb6u1
CVE ID : CVE-2015-3885
Debian Bug : 786788
CVE-2015-3885:
Integer overflow in the ljpeg_start function in dcraw 7.00 and earlier
allows remote attackers to cause a denial of service (crash) via a
crafted image, which triggers a buffer overflow, related to the len
variable.
We recommend that you upgrade your libraw packages.
[DLA 241-1] wireshark security update
Package : wireshark
Version : 1.8.2-5wheezy16~deb6u1
CVE ID : CVE-2015-3811
The following vulnerabilities were discovered in the Squeeze LTS's
prior Wireshark version:
CVE-2015-3811 The WCP dissector could crash while decompressing data.