The following updates has been released for Debian 6 LTS:
[DLA 356-1] libsndfile security update
[DLA 357-1] libphp-snoopy security update
[DLA 356-1] libsndfile security update
[DLA 357-1] libphp-snoopy security update
[DLA 356-1] libsndfile security update
Package : libsndfile
Version : 1.0.21-3+squeeze2
CVE ID : CVE-2014-9496 CVE-2014-9756 CVE-2015-7805
Debian Bug : 774162 804445 804447
CVE-2014-9496
The sd2_parse_rsrc_fork function in sd2.c in libsndfile allows
attackers to have unspecified impact via vectors related to a (1) map
offset or (2) rsrc marker, which triggers an out-of-bounds read.
CVE-2014-9756
The psf_fwrite function in file_io.c in libsndfile allows attackers to
cause a denial of service (divide-by-zero error and application crash)
via unspecified vectors related to the headindex variable.
CVE-2015-7805
Heap-based buffer overflow in libsndfile 1.0.25 allows remote
attackers to have unspecified impact via the headindex value in the
header in an AIFF file.
[DLA 357-1] libphp-snoopy security update
Package : libphp-snoopy
Version : 2.0.0-1~deb6u1
CVE ID : CVE-2008-7313 CVE-2014-5008
Debian Bug : 778634
It was discovered that missing input sanitizing in Snoopy, a PHP class that
simulates a web browser may result in the execution of arbitrary
commands.
For the oldoldstable distribution (squeeze-lts), this problem has been fixed
in version 2.0.0-1~deb6u1.
We recommend that you upgrade your libphp-snoopy packages.