The following updates has been released for Debian 7 LTS:
[DLA 451-1] openjdk-7 security update
[DLA 452-1] smarty3 security update
[DLA 451-1] openjdk-7 security update
[DLA 452-1] smarty3 security update
[DLA 451-1] openjdk-7 security update
Package : openjdk-7
Version : 7u101-2.6.6-2~deb7u1
CVE ID : CVE-2016-0636 CVE-2016-0686 CVE-2016-0687
CVE-2016-0695 CVE-2016-3425 CVE-2016-3426 CVE-2016-3427
Several vulnerabilities have been discovered in OpenJDK, an
implementation of the Oracle Java platform, resulting in breakouts of
the Java sandbox, denial of service or information disclosure.
For Debian 7 "Wheezy", these problems have been fixed in version
7u101-2.6.6-2~deb7u1.
We recommend that you upgrade your openjdk-7 packages.
Please note that OpenJDK 7 will be made the new default Java
implementation on 26 June 2016. For further information please refer to
https://wiki.debian.org/LTS/Wheezy
[DLA 452-1] smarty3 security update
Package : smarty3
Version : 3.1.10-2+deb7u1
CVE ID : CVE-2014-8350
Debian Bug : 765920
Smarty3, a template engine for PHP, allowed remote attackers to bypass
the secure mode restrictions and execute arbitrary PHP code as
demonstrated by "{literal}" in a
template.
For Debian 7 "Wheezy", these problems have been fixed in version
3.1.10-2+deb7u1.
We recommend that you upgrade your smarty3 packages.