The following updates has been released for Debian GNU/Linux
Debian GNU/Linux 7 Extended LTS:
ELA-70-1 tzdata new upstream version
ELA-71-1 libdatetime-timezone-perl new upstream version
Debian GNU/Linux 8 LTS:
DLA 1624-1: thunderbird security update
DLA 1625-1: tzdata new upstream version
DLA 1626-1: libdatetime-timezone-perl new upstream version
DLA 1628-1: jasper security update
Debian GNU/Linux 7 Extended LTS:
ELA-70-1 tzdata new upstream version
ELA-71-1 libdatetime-timezone-perl new upstream version
Debian GNU/Linux 8 LTS:
DLA 1624-1: thunderbird security update
DLA 1625-1: tzdata new upstream version
DLA 1626-1: libdatetime-timezone-perl new upstream version
DLA 1628-1: jasper security update
ELA-70-1 tzdata new upstream version
Package: tzdata
Version: 2018i-0+deb7u1
This update brings the timezone changes from the upstream 2018i release.
For Debian 7 Wheezy, these problems have been fixed in version 2018i-0+deb7u1.
We recommend that you upgrade your tzdata packages.
Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/
ELA-71-1 libdatetime-timezone-perl new upstream version
Package: libdatetime-timezone-perl
Version: 1:1.58-1+2018i
This update brings the Olson database changes from the 2018i version to the Perl bindings.
For Debian 7 Wheezy, these problems have been fixed in version 1:1.58-1+2018i.
We recommend that you upgrade your libdatetime-timezone-perl packages.
Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/
DLA 1624-1: thunderbird security update
Package : thunderbird
Version : 1:60.4.0-1~deb8u1
CVE ID : not yet available
Multiple security issues have been found in Thunderbird, which may lead
to the execution of arbitrary code or denial of service.
For Debian 8 "Jessie", this problem has been fixed in version
1:60.4.0-1~deb8u1.
We recommend that you upgrade your thunderbird packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
DLA 1625-1: tzdata new upstream version
Package : tzdata
Version : 2018i-0+deb8u1
This update includes the changes in tzdata 2018i. Notable
changes are:
- Qyzylorda, Kazakhstan moved from +06 to +05 on 2018-12-21. A new
zone Asia/Qostanay has been added, because Qostanay, Kazakhstan
didn't move.
- Metlakatla, Alaska observes PST this winter only.
- São Tomà and PrÃncipe switched from +01 to +00 on 2019-01-01.
For Debian 8 "Jessie", this problem has been fixed in version
2018i-0+deb8u1.
We recommend that you upgrade your tzdata packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
DLA 1626-1: libdatetime-timezone-perl new upstream version
Package : libdatetime-timezone-perl
Version : 1:1.75-2+2018i
This update includes the changes in tzdata 2018i for the
Perl bindings. For the list of changes, see DLA-1625-1.
For Debian 8 "Jessie", this problem has been fixed in version
1:1.75-2+2018i.
We recommend that you upgrade your libdatetime-timezone-perl packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
DLA 1628-1: jasper security update
Package : jasper
Version : 1.900.1-debian1-2.4+deb8u5
CVE ID : CVE-2018-18873 CVE-2018-19139 CVE-2018-19539
CVE-2018-19540 CVE-2018-19541 CVE-2018-19542
CVE-2018-20570 CVE-2018-20584 CVE-2018-20622
Multiple issues were found in the JasPer JPEG-2000 library that could
lead to a denial-of-service (application crash), memory leaks and
potentially the execution of arbitrary code if a malformed image file
is processed.
For Debian 8 "Jessie", these problems have been fixed in version
1.900.1-debian1-2.4+deb8u5.
We recommend that you upgrade your jasper packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS