The following two updates are available for Debian 6 LTS:
[DLA 256-1] t1utils security update
[DLA 257-1] libwmf security update
[DLA 256-1] t1utils security update
[DLA 257-1] libwmf security update
[DLA 256-1] t1utils security update
Package : t1utils
Version : 1.36-1+deb6u1
CVE ID : CVE-2015-3905
Debian Bug : 779274
Jakub Wilk found a vulnerability in the Type 1 font manipulation
programs, t1utils:
CVE-2015-3905
Buffer overflow in the set_cs_start function in t1disasm.c in t1utils
before 1.39 allows remote attackers to cause a denial of service (crash)
and possibly execute arbitrary code via a crafted font file.
For Debian 6 "Squeeze", this issue has been fixed in t1utils version
1.36-1+deb6u1.
[DLA 257-1] libwmf security update
Package : libwmf
Version : 0.2.8.4-6.2+deb6u2
CVE ID : CVE-2015-4695 CVE-2015-4696
Debian Bug : 784192 784205
libwmf is vulnerable to two denial of service due to invalid read
operations when processing specially crafted WMF files.
CVE-2015-4695
Heap buffer overread in libwmf
CVE-2015-4696
Read after free() in wmf2gd/wmf2eps
For the squeeze distribution, those issues have been fixed in libwmf
0.2.8.4-6.2+deb6u2. We recommend that you upgrade your libwmf packages.