Debian 10225 Published by

The following updates has been released for Debian GNU/Linux 7 LTS:

DLA 1290-1: libvpx security update
DLA 1291-1: tzdata new upstream version
DLA 1292-1: libdatetime-timezone-perl new upstream version
DLA 1293-1: imagemagick security update



DLA 1290-1: libvpx security update



Package : libvpx
Version : 1.1.0-1+deb7u1
CVE ID : CVE-2017-13194


CVE-2017-13194
Fix for a flaw in libvpx related to odd frame width, which may lead
to a denial of service.


For Debian 7 "Wheezy", these problems have been fixed in version
1.1.0-1+deb7u1.

We recommend that you upgrade your libvpx packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS



DLA 1291-1: tzdata new upstream version



Package : tzdata
Version : 2018c-0+deb7u1

This update includes the changes in tzdata 2018c. Notable
changes are:
- São TomÃ:copyright: and Príncipe switched from +00 to +01.
- Brazil's DST will now start on November's first Sunday.

For Debian 7 "Wheezy", these problems have been fixed in version
2018c-0+deb7u1.

We recommend that you upgrade your tzdata packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


DLA 1292-1: libdatetime-timezone-perl new upstream version



Package : libdatetime-timezone-perl
Version : 1:1.58-1+2018c

This update includes the changes in tzdata 2018c for the
Perl bindings. For the list of changes, see DLA-1291-1.

For Debian 7 "Wheezy", these problems have been fixed in version
1:1.58-1+2018c.

We recommend that you upgrade your libdatetime-timezone-perl packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


DLA 1293-1: imagemagick security update




Package : imagemagick
Version : 8:6.7.7.10-5+deb7u21
CVE ID : CVE-2018-7443
Debian Bug : #891291

It was discovered that there was a remote denial of service
vulnerability in the imagemagick graphics library via a specially-
crafted TIFF file.

For Debian 7 "Wheezy", this issue has been fixed in imagemagick
version 8:6.7.7.10-5+deb7u21.

We recommend that you upgrade your imagemagick packages.