The following updates has been released for Debian 7 LTS:
[DLA 746-2] tomcat6 regression update
[DLA 752-1] icedove security update
[DLA 746-2] tomcat6 regression update
[DLA 752-1] icedove security update
[DLA 746-2] tomcat6 regression update
Package : tomcat6
Version : 6.0.45+dfsg-1~deb7u5
Debian Bug : 848492
The last security update introduced a regression due to the use of
StringManager in the ResourceLinkFactory class. The code was removed
again since it is not strictly required to resolve CVE-2016-6797.
For Debian 7 "Wheezy", these problems have been fixed in version
6.0.45+dfsg-1~deb7u5.
We recommend that you upgrade your tomcat6 packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
[DLA 752-1] icedove security update
Package : icedove
Version : 45.5.1-1~deb7u1
CVE ID : CVE-2016-5290 CVE-2016-5291 CVE-2016-5296 CVE-2016-5297
CVE-2016-9066 CVE-2016-9074 CVE-2016-9079
Multiple security issues have been found in Icedove, Debian's version of
the Mozilla Thunderbird mail client: Multiple memory safety errors,
same-origin policy bypass issues, integer overflows, buffer overflows
and use-after-frees may lead to the execution of arbitrary code or
denial of service.
For Debian 7 "Wheezy", these problems have been fixed in version
45.5.1-1~deb7u1.
We recommend that you upgrade your icedove packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
