Debian 10260 Published by

The following updates has been released for Debian 7 LTS:

[DLA 451-1] openjdk-7 security update
[DLA 452-1] smarty3 security update



[DLA 451-1] openjdk-7 security update

Package : openjdk-7
Version : 7u101-2.6.6-2~deb7u1
CVE ID : CVE-2016-0636 CVE-2016-0686 CVE-2016-0687
CVE-2016-0695 CVE-2016-3425 CVE-2016-3426 CVE-2016-3427

Several vulnerabilities have been discovered in OpenJDK, an
implementation of the Oracle Java platform, resulting in breakouts of
the Java sandbox, denial of service or information disclosure.

For Debian 7 "Wheezy", these problems have been fixed in version
7u101-2.6.6-2~deb7u1.

We recommend that you upgrade your openjdk-7 packages.

Please note that OpenJDK 7 will be made the new default Java
implementation on 26 June 2016. For further information please refer to

https://wiki.debian.org/LTS/Wheezy

[DLA 452-1] smarty3 security update

Package : smarty3
Version : 3.1.10-2+deb7u1
CVE ID : CVE-2014-8350
Debian Bug : 765920

Smarty3, a template engine for PHP, allowed remote attackers to bypass
the secure mode restrictions and execute arbitrary PHP code as
demonstrated by "{literal}" in a
template.

For Debian 7 "Wheezy", these problems have been fixed in version
3.1.10-2+deb7u1.

We recommend that you upgrade your smarty3 packages.