[SECURITY] [DLA 1020-1] jetty security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Package: jetty Version: 6.1.26-1+deb7u1 CVE ID : CVE-2017-9735 Debian Bug : 864898 It was discovered that Jetty, a Java servlet engine and webserver, was vulnerable to a timing attack which might reveal cryptographic credentials such as passwords to a local user. For Debian 7 "Wheezy", these problems have been fixed in version 6.1.26-1+deb7u1. We recommend that you upgrade your jetty packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAllisxNfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeSdDBAAg9C8yZ3mV3MzN1MLoPuJkTg+a8lsQ0hRYsC+nPk8YfGsNVbFJOdPkejh w4rzB7bXsjZML/M/koYbNRrEKyPxnz23mqXbrcYBBnvxIMC4NxQXgmHnvf+ZRBgO 6AHL+oj0sAX9CWwq+kf4qs4ChTNbUY7s7ywD7bP2zC0mfEzjmjxtNWy8vRAzaCv4 w7Z3N+Z2LeohrlMx+gyawgnLKvmxIvA1ugfyvJJM5mNqGSo8qDzMO+bUtf6Zl0O9 gZ8dcXNmj7NtZN+GaCUBNB/M5dRzlXF4QcfkDsMRt5N0/a+hO9cHUqB9mQ0ZidQt 3B65yXoS11qYaUVdgXSKl8fjOmll4MNpSlqJkmrajRFaprA7mEA50Sccap9iQ/HL RkI3qCagWMo2Rt+Bz29CZEvXlxyo6z0E0M9jpz0gdGXbAcya83jxgSY9dQR1UqJa yVI58DILzsRO9h5/wNuFfHRXVUOZMZg8ZWZdvN6EHip01gDGNy932WYvXlwvYkRL GWRBlGQon2wzoafPhfbqSEXbUsKN3C2Z9JhalHRm6qItEK6iuhy0Nj66VhQoZUZA jo1UbXDaPY9344Kz84Y4Y0MiUtE+bBm6GO+YAuuGFgsv1cu1ikgCQKX9xxJDAl9V s/cLj5xqxvQDVAF9x69uM1eSSVWr1wu6uH1L+ncIGiDuyERA1rc= =56ID -END PGP SIGNATURE-
[SECURITY] [DLA 1019-1] phpldapadmin security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: phpldapadmin Version: 1.2.2-5+deb7u1 CVE ID : CVE-2017-11107 Debian Bug : #867719 It was discovered that there was a cross-site scripting (XSS) vulnerability in phpldapadmin, a web-based interface for administering LDAP servers. For Debian 7 "Wheezy", this issue has been fixed in phpldapadmin version 1.2.2-5+deb7u1. We recommend that you upgrade your phpldapadmin packages. Regards, - -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `- -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlliPI4ACgkQHpU+J9Qx HlgRJg//YISMVxvLr2jpbOS11D5bm4Bkafk9iEjVUfN6EAuj7+vApY7TBwvUIsi8 eXEL1pXuFjiXk0tl7fAtXGhu7qDP3VT8/V0f5duBkLH7lBUXSIMpyKAbjgqyc1ua Vo/LH9ClcCryeukeTHse6Wcd1zmOWztXkdI7g2o4slMb8ZWivfVuinZnWCPiWYbs MhqPYqbDg3zzKtkhtwup22+7kmYrDtyi2Io5kexXL14ED3IbY189175LvLaZ4fhH Aqsiuxd3RfrFtmbUqqhQ2Y7pDp1KjJ0uoRKp8ttJp+/PxaFcvIdTeAHpQcrreiJO jXNqc+MumP4Ao7JnyTRMsvGgJdkIRWM8XFYcNzfr1OpaRhxvvidbSR8LqVnBoGVj 3T4WZIkp9omKlzUKBdTnQBqSO+om8gFoQ9N3bpLsE77mhJYB5ZO3AI3a9HjwnxOw psRkqLlECsHYWAdBc+g+oz614jjCpufvJvEAlNNV89omgdem8Ii2cn/1d4R8qSwL lv2qcB4gLCcJ5VNF//x0ZweCF2PkJEXmjm0qbvbY8jZlvdgjP//Bies+OOX1WsOj PrDSiB7Z5N0nPeH2Sm2YqjpFmcK/fDBzQuEnbKWb322h9y1Ff9sL1r5Ln/0tR1ki huFitrWUxzjX25zgwZxjxlJpMfIk0/CT9hTlF5DDo9uzGPTenWs= =ExFZ -END PGP SIGNATURE-
[SECURITY] [DLA 1018-1] sqlite3 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: sqlite3 Version: 3.7.13-1+deb7u4 CVE ID : CVE-2017-10989 Debian Bug : #867618 It was discovered that there was a heap-based buffer over-read vulnerability in SQLite, a lightweight database engine. The getNodeSize function in ext/rtree/rtree.c mishandled undersized RTree blobs in a specially-crafted database, For Debian 7 "Wheezy", this issue has been fixed in sqlite3 version 3.7.13-1+deb7u4. We recommend that you upgrade your sqlite3 packages. Regards, - -- ,''`. : :' : Chris Lamb, Debian Project Leader `. `'` la...@debian.org / chris-lamb.co.uk `- -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAllh4+4ACgkQHpU+J9Qx HlgKmQ/+MZMc/wZyHf/j79ZpuRNfT9zqBelTfoPbsJljo7EWPfRSiHPWCQOSmh/H GumupH0AXwjYbke50d9fGwnU9caBOfRuLJhFy18ZJ1X5CZBTTKdo/aaU/AcdKObY IdQkC9c0QsQCnTR8u6taadnXeyk2hB1DR1+VLltrHOdeDo4sv3wDQxKNKqprWESt oDPiC9+fhw563NQ3UjIMV+ra27BwzVNyPRAroDNvK5xijW8mDFm5jZi2+WoIKAJJ 4PFAvwXEdg2/9yl0+/zmOwB1/XLKz5rqtFrcMhiuF1pHZnZqKBLDIHaEiTg/peRb 6m4uySkn10Hus6nvS72AHE0Il8uqIieUPctJRzzHUw2znQaL9FemH2ajFRjun3Fx HVoMXEU3DMbCZA5C1kesuf2SfLyMP3iphJh7+oDbH5YPxYa4katK/fqrP1yVymlA a+TsFRg8glC5rHegotttq2TUIonbGzh/zFSwIqDErNk6+B+pT5ZRAr2ouHpEFRjQ nvIy695FpZstErt5v1mptWfw2Ngx2R5BlpN8FLOGsE/+vWy/A0oeoOW/T8li5w3j DRZXS8cjevhTYzzR7NXgBTqIFmuNRoaD1kRIKklobjbRc+MdXrZVJLVW9SR7HeYT 7Hjm6LoUrq/kuOqsDk5fkG1f/v2FzVmRY0k0dwnJ3jjCGMVr5qo= =cyJg -END PGP SIGNATURE-
