The following updates has been released for Debian 7 LTS:
[DLA 512-1] mantis security update
[DLA 513-1] nspr security update
[DLA 512-1] mantis security update
[DLA 513-1] nspr security update
[DLA 512-1] mantis security update
Package : mantis
Version : 1.2.18-1+deb7u1
CVE ID : CVE-2016-5364
It was discovered that there was an XSS vulnerability in custom
field management in mantis, a web-based bug tracking system.
For Debian 7 "Wheezy", this issue has been fixed in mantis version
1.2.18-1+deb7u1.
We recommend that you upgrade your mantis packages.
[DLA 513-1] nspr security update
Package : nspr
Version : 2:4.9.2-1+deb7u4
CVE ID : CVE-2016-1951
It was discovered that there was a buffer overflow in a sprintf
utility within nspr, the NetScape Portable Runtime library.
For Debian 7 "Wheezy", this issue has been fixed in nspr version
2:4.9.2-1+deb7u4.
We recommend that you upgrade your nspr packages.
