[SECURITY] [DLA 661-1] libarchive security update

2016-10-17 Thread Jonas Meurer 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Package: libarchive
Version: 3.0.4-3+wheezy5
CVE ID : CVE-2016-8687 CVE-2016-8688 CVE-2016-8689
Debian Bug : 840934 840935 840936


Agostino Sarubbo of Gentoo discovered several security vulnerabilities
in libarchive, a multi-format archive and compression library. An
attacker could take advantage of these flaws to cause a buffer overflow
or an out of bounds read using a carefully crafted input file.

CVE-2016-8687

Agostino Sarubbo of Gentoo discovered a possible stack-based buffer
overflow when printing a filename in bsdtar_expand_char() of util.c.

CVE-2016-8688

Agostino Sarubbo of Gentoo discovered a possible out of bounds read
when parsing multiple long lines in bid_entry() and detect_form() of
archive_read_support_format_mtree.c.

CVE-2016-8689

Agostino Sarubbo of Gentoo discovered a possible heap-based buffer
overflow when reading corrupted 7z files in read_Header() of
archive_read_support_format_7zip.c.

For Debian 7 "Wheezy", these problems have been fixed in version
3.0.4-3+wheezy5.

We recommend that you upgrade your libarchive packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


- -- 
Jonas Meurer

-BEGIN PGP SIGNATURE-

iQItBAEBCAAXBQJYBToPEBxtZWpvQGRlYmlhbi5vcmcACgkQUmLn/0kQSf5+9Q/+
LvvEStOEJs+IpRUWZ6GwhSH4Bd4JtqaOsEKy3X32dpJjKbnLEfOWjHM0McGQBPxb
nW2L6TemP0dNQHOGkHFKJo0R+4qaOqyLx5krtcxh55BzQOSvIjum1/ebwiR3U5QQ
inuESm0pEl0Z+9kVXamVoNHOjtWW+LDim+yQ7bP/9Ajvx7wyuV0rcAqXqebNqvaS
RCnFp+63ML0K/TuYCnlyoJRqAVX7G5RKmsveqLtBdD/fBLvFb6BIMEXA6UEhW1OH
rLkuMRxPSB5u19rJFIbme8CqoXqrYx9YKB+6n9++whNuLQVMcuCuue5LtwvqTIbP
BzIn5r7ex03AK8j4R7AQF49goG7EEO+TFcgtS4RNrarT6HRPS6FQLMCPGCvEpSS3
gomdvjTEOK5PXX9bf3k65USDyg0Jf+Sx3p6yUiArp5Sh8pIyA3BaiscrxAlUh2cL
mJ0tJ/A2izR2HJc8tCAH5pTKVjrwf8FtpkoMrkWpCz4NuYaIZvCsMZbtyxhc6tlt
FINHAkkC31+Wy5T3sG29SK8jV56cmfnS2yDnaX1lqXZCkrHX3sQw19WoBQF38a3A
54RlAl0P2IosAfdLRM35b9ZqIr9nOPq9iGOojK1lQw+QGLeEiBiA531s90L+wgPh
iUVVsmj2m4MP7oL6FdPrWHIJXwj4oxhz/Heq39MT9kI=
=OjHJ
-END PGP SIGNATURE-

[SECURITY] [DLA 660-1] libxrandr security update

2016-10-17 Thread Hugo Lefeuvre 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Package: libxrandr
Version: 2:1.3.2-2+deb7u2
CVE ID : CVE-2016-7947 CVE-2016-7948
Debian Bug : 840441 

Insufficient validation of data from the X server in libxrandr
before v1.5.0 can cause out of boundary memory writes and integer
overflows.

For Debian 7 "Wheezy", these problems have been fixed in version
2:1.3.2-2+deb7u2.

We recommend that you upgrade your libxrandr packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJYBSUVAAoJEKyQrD7FJAZe4TwQAL2w4Pr7h1X6kLcbvCF/3rKr
56vXDIAGra4IQv2UqpC2jMcly7A7rlsBM+rOuxQ62HyQ6j0Vg7PGZRzFzJpzXkc6
a3dGoWnuEORgWK1TarolelaRGURX57RteK4Q1yw6eKO8aYNRMXHXMnyXf8GVTdXf
5vXYvlbFg+cGGW8/vHhqSckLmZhmEUjhuooGCVHKVw6bs4W9xpJDfp6n/lWL0oOC
Tinc/Pll2rZ2uVcud+x9XsXc4aemtr0Gen6oGm6i9OCsKkR3ztznRqnt0Jxt6BZ4
rSsp80QcG1eD73Jg46PV2Z9NFgZwQRtP8IAXeEekrJ/X39e87uG3M50pm4nmRBgY
YHjcSWqsRHa8mhnaMJVSm2F0PcvLP1r4AgnsWnZUhjbhf+BRxkzaY4JKWmrtd0l2
gcTUUmoQtBdjpg2H52Oirn/AqPOw9GAdAlt/qkH8lSgU26QHP2D9VIXHbonWmx9r
ZMxDcJZD4lTmZsK7SGJz34/PdIVMcZQd0Pt/t3DI1EYIza2Fz3xPlaxWhU9SesuW
3hDoyR5/pvY5q4pcPbnmODPqWV6UtdshBQh0aZH2P/4MG4JOxr+hJA2mIS7HJFgk
pFxySigoY0bSfdmfhs3V+xjePxdiIYzqTWVCsZ5GqA+g87hugH74E8pr906QLCQ1
QW09ghHqt0/bvcFWTi+2
=wVBC
-END PGP SIGNATURE-