Debian 10225 Published by

The following updates has been released for Debian 7 LTS:

[DLA 746-2] tomcat6 regression update
[DLA 752-1] icedove security update



[DLA 746-2] tomcat6 regression update

Package : tomcat6
Version : 6.0.45+dfsg-1~deb7u5
Debian Bug : 848492

The last security update introduced a regression due to the use of
StringManager in the ResourceLinkFactory class. The code was removed
again since it is not strictly required to resolve CVE-2016-6797.

For Debian 7 "Wheezy", these problems have been fixed in version
6.0.45+dfsg-1~deb7u5.

We recommend that you upgrade your tomcat6 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

[DLA 752-1] icedove security update

Package : icedove
Version : 45.5.1-1~deb7u1
CVE ID : CVE-2016-5290 CVE-2016-5291 CVE-2016-5296 CVE-2016-5297
CVE-2016-9066 CVE-2016-9074 CVE-2016-9079

Multiple security issues have been found in Icedove, Debian's version of
the Mozilla Thunderbird mail client: Multiple memory safety errors,
same-origin policy bypass issues, integer overflows, buffer overflows
and use-after-frees may lead to the execution of arbitrary code or
denial of service.

For Debian 7 "Wheezy", these problems have been fixed in version
45.5.1-1~deb7u1.

We recommend that you upgrade your icedove packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS