The following updates has been released for Debian GNU/Linux 7 LTS:
DLA 1290-1: libvpx security update
DLA 1291-1: tzdata new upstream version
DLA 1292-1: libdatetime-timezone-perl new upstream version
DLA 1293-1: imagemagick security update
DLA 1290-1: libvpx security update
DLA 1291-1: tzdata new upstream version
DLA 1292-1: libdatetime-timezone-perl new upstream version
DLA 1293-1: imagemagick security update
DLA 1290-1: libvpx security update
Package : libvpx
Version : 1.1.0-1+deb7u1
CVE ID : CVE-2017-13194
CVE-2017-13194
Fix for a flaw in libvpx related to odd frame width, which may lead
to a denial of service.
For Debian 7 "Wheezy", these problems have been fixed in version
1.1.0-1+deb7u1.
We recommend that you upgrade your libvpx packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
DLA 1291-1: tzdata new upstream version
Package : tzdata
Version : 2018c-0+deb7u1
This update includes the changes in tzdata 2018c. Notable
changes are:
- São Tomà and PrÃncipe switched from +00 to +01.
- Brazil's DST will now start on November's first Sunday.
For Debian 7 "Wheezy", these problems have been fixed in version
2018c-0+deb7u1.
We recommend that you upgrade your tzdata packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
DLA 1292-1: libdatetime-timezone-perl new upstream version
Package : libdatetime-timezone-perl
Version : 1:1.58-1+2018c
This update includes the changes in tzdata 2018c for the
Perl bindings. For the list of changes, see DLA-1291-1.
For Debian 7 "Wheezy", these problems have been fixed in version
1:1.58-1+2018c.
We recommend that you upgrade your libdatetime-timezone-perl packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
DLA 1293-1: imagemagick security update
Package : imagemagick
Version : 8:6.7.7.10-5+deb7u21
CVE ID : CVE-2018-7443
Debian Bug : #891291
It was discovered that there was a remote denial of service
vulnerability in the imagemagick graphics library via a specially-
crafted TIFF file.
For Debian 7 "Wheezy", this issue has been fixed in imagemagick
version 8:6.7.7.10-5+deb7u21.
We recommend that you upgrade your imagemagick packages.