[SECURITY] [DLA 590-1] python-django security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: python-django Version: 1.4.22-1 The release team recently approved rebasing jessie on latest python-django 1.7.x (see #807654). For similiar reasons, it makes sense to rebase wheezy on latest 1.4.x, especially since 1.4.x is an LTS version. Django 1.4.22-1 has been uploaded to wheezy-security to address this. - -- Brian May -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBCAAGBQJXqZaWAAoJEBeEV3+BH26sIeIP/Rm1Elye+47k1ZKknY83oZOQ ysmeMG73Cr8QPUhog+fhmVDWMOBtggUfOBZwmnFr7sSNjX9XTotmCKiMbzN/xyN3 04fItQ69P0pmfLtnI0zNUsNdbBorhdDuZucBOz/YM9twM3ck/4/r5IdmKGs7lXvh 0ljXFiss6Yq3Jg/lJdyFYl7RfE88rCb4Shg//8pKVvddVMYw95G9elCJEcf0U76z hepzLB3Xd0FXIxz+leFimlvQ1eHAMfRPfD4kKAlQLNcbBj71gB8TLmk5L+5heHIj isu6XJdmI0AyawYmHIALmMq9CZ2AEGxrsdEyBfUkS5XWbSbSWnXTYSwVnoydVVE5 8yM/rzGtMu4aBEBg9//uHzD8cLYR60NPcG4CH8mFjzh2gmZh8vqz8+tDDw/f0WTW wiF8ZsNIXzlr6e56loBXsyBY74nOdSExxh9We/Aefm9aIjrT3hz+bn6g2KeF+QD0 qD3rzb6h0lmCKJ05PUYN/EHo3EoZyrP4UWVlJwr4zORB5anj+j66hbYBH62hb3if ppKz7rKi1fpSI9Ilfg/7WYyj9zOz0OA0+jhhd6MDmn+GxPskTJhuDWM9q0DomRwx OV8JayiM2N3YjswTKTXgyCGBy6wgjUWHv5f1RhZfzJHeLNOJbs3q2RBVZap6K1bq xwV+y/mDe7wquvgeZ1I4 =jCaa -END PGP SIGNATURE-
[SECURITY] [DLA 591-1] libreoffice security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: libreoffice Version: 3.5.4+dfsg2-0+deb7u8 CVE ID : CVE-2016-1513 An OpenDocument Presentation .ODP or Presentation Template .OTP file can contain invalid presentation elements that lead to memory corruption when the document is loaded in LibreOffice Impress. The defect may cause the document to appear as corrupted and LibreOffice may crash in a recovery-stuck mode requiring manual intervention. A crafted exploitation of the defect can allow an attacker to cause denial of service (memory corruption and application crash) and possible execution of arbitrary code. For Debian 7 "Wheezy", this problem have been fixed in version 3.5.4+dfsg2-0+deb7u8. We recommend that you upgrade your libreoffice packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBCAAGBQJXqbyXAAoJEPZk0la0aRp9UWcP/Al22F5NbfIONEjvWxGl1LgG zRhIGsINBTrl/1PVyZ87L/KMPbUxev4KNazLoiKjYoqlxlb8GOUCf6n+azpMH+bl IrLenoUrUncaf/dQyg/ftGbsgofPbAgmRP0Fw4GNcMR6PTzuaCZ12OVoDbGTO/Jo YwHOERGS/p1s0oqPzFsag5WQx+/41eFgj44kQCQGPhCpbTwDDoO7aeOp6wlV7y4S Dr3ObfCaHREtEBUJWBmgUqpggoYlKjfSmh3Lp+QCD1OLiP+kjAmrUyilhtWnp32E q8Pg20wNFH5t9SFQI4E4LOnIvnyVZglH/FjpDjpSs5ljuqKw798MAEmKAa/btbbG YjDS3vKSTARpza072uYmfK7UNVQctKzB29e69DRTlVQLZLv6/Ada1/u/E1qDez/p 6/5uu0t/FX0ewXrksCPgVLNUq1HzNyobXbs+dMFFcYKMeONfLpbK8OC2k4IcRexK /ZNjx6Z0SNwq9Q/1iiAljvgORx/PLPjTBfx/zAQelSC0kIFSxdEw2rQVvH6QnGU7 RSCMsc6/ewWVweRHckEf3YB12agxvECmDof3XMkq1rhsYlffim+yZjkmm4FjfIWF kM5WCZVDUHYTpxY2rQfvFmijnEvckwTNvgaClio98imOD1B4hy1TUxhwv5Ti2kJb dec6ZMtwjvS7nlJA/8ZC =qvnG -END PGP SIGNATURE-
[SECURITY] [DLA 587-1] fontconfig security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: fontconfig Version: 2.9.0-7.1+deb7u1 CVE ID : CVE-2016-5384 Debian Bug : 833570 A possible double free vulnerability was found in fontconfig. The problem was due to insufficient validation when parsing the cache file. For Debian 7 "Wheezy", these problems have been fixed in version 2.9.0-7.1+deb7u1. We recommend that you upgrade your fontconfig packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBCAAGBQJXqfH3AAoJEJ1GxIjkNoMConEQAIHXwS0ecHrK2P8aBYGoQQIS p7+ScducLEE24ryWdp/fwHaU9dLDmfTCjy0nAAm3W5WAd87EwOH8HdHmnhPbHDAp zrhSW5DwaQufxXi8yYnBIstntehu49nOuHW8Q8aeBw3haV7dhXU5+Bv93vNQeFTh 5RCAdUtvFgUargVcmQIq7YH8RkS4y4UCk7GBzC8ckROmGlxS+73Mtp8ot5lKPnXw msMj2TLti+a0CqJXO7PXCnszeS7qXGUnMxR8U2UEl//J9K1vXoZ7g3Yw0IHovIVu Dgq/weC4yt9QCdQhCGqNhd1+Ufxa0KiTcjNZjJNb+rmYbqbz3c6cM5UTPjx7R9tP Z5kwQlqSAoR726QK/mvlYbmIhLOMHr2Yci2oDk/yJ5fCkpw5A7U314yCO2mgc2W5 h8B3zErLrMohe+ux9Z4PzpR29MInbsDo6C9WjMyu3bJK1edg7cO4jBrTpbPZAmS7 iKq22i9UUcs0/C9HGo/1qOBuln0dF3S5o8+togP3LcitVbaiXPgrIx1TEJ2sNVkc G+sPzcymHCs/kDBVeBtFRI33s0qWYJgpYd9cn7M/WNU25aJZZM1kLCY24uLpwj1z aoKNZ516Z5xp5Hd26qGxE8NaooUrRDHmDqygICjq4xCq2PnxdxSZGxhFk0upLzBe HrXIeHfkVyOBvXBI8HY8 =HHN8 -END PGP SIGNATURE-
[SECURITY] [DLA 588-2] mongodb security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: mongodb Version: 2.0.6-1+deb7u1 CVE ID : CVE-2016-6494 Debian Bug : 832908, 833087 This is an update of DLA-558-1. The previous build had revision number that was considered lower than the one in wheezy and was therefore not installed at upgrade. The text for DLA-558-1 is included here for reference (with some improvement). Two security related problems have been found in the mongodb package, both related to logging. CVE-2016-6494 World-readable .dbshell history file Debian Bug 833087 Bruteforcable challenge responses in unprotected logfile For Debian 7 "Wheezy", these problems have been fixed in version 2.0.6-1.1+deb7u1. We recommend that you upgrade your mongodb packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - -- - Ola Lundqvist --- / o...@debian.org Folkebogatan 26 \ | o...@inguza.com 654 68 KARLSTAD | | http://inguza.com/ +46 (0)70-332 1551 | \ gpg/f.p.: 22F2 32C6 B1E0 F4BF 2B26 0A6A 5E90 DCFA 9426 876F / --- -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCAAGBQJXqjqGAAoJEF6Q3PqUJodvFS0P/0EgWrSsCACt/vHc0H5fpfh8 kmINtfQjHXp3bTd5UqFHdHnB+gfPyNkK2jKQg35eXKofqfzHhaTExfFEYS5g/6eh w4mCrIhhf90zVPh/I2VPbX3INZKPF2dbRx/9TlvrIGCk8pTi3ik+Od8WpXU/yd+d x+oLk+KYSy+i9zshQ/hUoGdoe9+Bom2PokPnue+a7QDItYx9NC1RTfjRi2UOJUoy n/tFRieERY1n1mHYQh/RJQicoHLYioH6N0z0s2cDhpLTbpqIxFQKV8w7jASuO/7K fCvx4o6OTgK+8nOrh21lxCyRCTNPj+VATBAxr1e6Am4+sEuwPpviTQJ0pljYuCY9 AmTV/ZnrtEHJ7T5DlB+GTNU0AtwjlFGAGy6adQ9lrGd5Fj4P3InqBCfLYfLqcFzz 7RDjBo3hJybzjTzG4+dgpIqzT0fdmSW8am49Uo/C3UHWnPM7OUk5RYdYABuO8h/z Ae+wvii6XC9SLsfXahxSJtU73GD8YEtvxGT3p0Aw3dPWWhS9ZcPFtmRI7H1g1pMN TRErfL5NztnVRx1rDus+XFiqYJhENcdn8wY4cr6THvVzkrgGDQY7YdJaawbjDk2g i/MGtFfukeRMEBaEkjT60vHrXyoGKWFYE15irm1bnP3QtgYWpCs4shmc6HHWYKZ3 wr3B3W/2P/d4uO+WbkFo =p0ii -END PGP SIGNATURE-