Debian 10225 Published by

The following updates has been released for Debian GNU/Linux

Debian GNU/Linux 7 Extended LTS:
ELA-70-1 tzdata new upstream version
ELA-71-1 libdatetime-timezone-perl new upstream version

Debian GNU/Linux 8 LTS:
DLA 1624-1: thunderbird security update
DLA 1625-1: tzdata new upstream version
DLA 1626-1: libdatetime-timezone-perl new upstream version
DLA 1628-1: jasper security update



ELA-70-1 tzdata new upstream version

Package: tzdata
Version: 2018i-0+deb7u1

This update brings the timezone changes from the upstream 2018i release.

For Debian 7 Wheezy, these problems have been fixed in version 2018i-0+deb7u1.

We recommend that you upgrade your tzdata packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/

ELA-71-1 libdatetime-timezone-perl new upstream version


Package: libdatetime-timezone-perl
Version: 1:1.58-1+2018i

This update brings the Olson database changes from the 2018i version to the Perl bindings.

For Debian 7 Wheezy, these problems have been fixed in version 1:1.58-1+2018i.

We recommend that you upgrade your libdatetime-timezone-perl packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/

DLA 1624-1: thunderbird security update




Package : thunderbird
Version : 1:60.4.0-1~deb8u1
CVE ID : not yet available

Multiple security issues have been found in Thunderbird, which may lead
to the execution of arbitrary code or denial of service.

For Debian 8 "Jessie", this problem has been fixed in version
1:60.4.0-1~deb8u1.

We recommend that you upgrade your thunderbird packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


DLA 1625-1: tzdata new upstream version




Package : tzdata
Version : 2018i-0+deb8u1

This update includes the changes in tzdata 2018i. Notable
changes are:

- Qyzylorda, Kazakhstan moved from +06 to +05 on 2018-12-21. A new
zone Asia/Qostanay has been added, because Qostanay, Kazakhstan
didn't move.
- Metlakatla, Alaska observes PST this winter only.
- São TomÃ:copyright: and Príncipe switched from +01 to +00 on 2019-01-01.

For Debian 8 "Jessie", this problem has been fixed in version
2018i-0+deb8u1.

We recommend that you upgrade your tzdata packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


DLA 1626-1: libdatetime-timezone-perl new upstream version




Package : libdatetime-timezone-perl
Version : 1:1.75-2+2018i

This update includes the changes in tzdata 2018i for the
Perl bindings. For the list of changes, see DLA-1625-1.

For Debian 8 "Jessie", this problem has been fixed in version
1:1.75-2+2018i.

We recommend that you upgrade your libdatetime-timezone-perl packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


DLA 1628-1: jasper security update




Package : jasper
Version : 1.900.1-debian1-2.4+deb8u5
CVE ID : CVE-2018-18873 CVE-2018-19139 CVE-2018-19539
CVE-2018-19540 CVE-2018-19541 CVE-2018-19542
CVE-2018-20570 CVE-2018-20584 CVE-2018-20622

Multiple issues were found in the JasPer JPEG-2000 library that could
lead to a denial-of-service (application crash), memory leaks and
potentially the execution of arbitrary code if a malformed image file
is processed.

For Debian 8 "Jessie", these problems have been fixed in version
1.900.1-debian1-2.4+deb8u5.

We recommend that you upgrade your jasper packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS