[SECURITY] [DLA 2117-1] zsh security update
Package: zsh Version: 5.0.7-5+deb8u1 CVE ID : CVE-2019-20044 Debian Bug : 951458 A privilege escalation vulnerability was discovered in zsh, a shell with lots of features, whereby a user could regain a formerly elevated privelege level even when such an action should not be permitted. For Debian 8 "Jessie", this problem has been fixed in version 5.0.7-5+deb8u1. We recommend that you upgrade your zsh packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS signature.asc Description: PGP signature
[SECURITY] [DLA 2131-2] rrdtool regression update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: rrdtool Version: 1.4.8-1.2+deb8u2 CVE ID : CVE-2014-6262 Debian Bug : 952958 It was discovered that there was a regression in a previous fix, which resulted in the following error: ERROR: cannot compile regular expression: Error while compiling regular expression ^(?:[^%]+|%%)*%[+- 0#]?[0-9]*([.][0-9]+)?l[eEfF](?:[^%]+|%%)*%s(?:[^%]+|%%)*$ at char 18: range out of order in character class (^(?:[^%]+|%%)*%[+- 0#]?[0-9]*([.][0-9]+)?l[eEfF](?:[^%]+|%%)*%s(?:[^%]+|%%)*$) For Debian 8 "Jessie", this problem has been fixed in version 1.4.8-1.2+deb8u2. We recommend that you upgrade your rrdtool packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS Best, Utkarsh -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAl5dVz8ACgkQgj6WdgbD S5atbRAArNMYrRewmc20kFoTOPiRep7MNYKC4yL1wNhvcdZidoCjVfy2W2aFg/4Y xBTDkoO5px3KMBFaNjO/s1EevQkP8iP2mTDwt+jySRAK6szBApUy1OHp52nomkpf tsvAXGDtGiURwN/XTEJo5KZQ2KrhdOCNK9Kh1Eh7fVtINvqd5bzByvrFENrmEHPy NZ+rr9UwF2H224wjc6qFGgqmsW+m8UJ8fkKaLEGDzviE2ysfN+VSrzqAskPEOYpX 9ESqh4S4qUQqvwUoHRThUDyyA5LiCiwixSoetUF/etPdupctVX0hFodPsbn3dzgZ J1Ay+Ve8fCMfHwiu1n7lD91coVE4abLJrzRpj8NUIC+UX+4yHEOTiErgx6k0Bgw4 /eqhK43gL1+7N7FyfUF6LAGbWrH4L0xoPO8EhM2dhy5CGryxMDHw749vV+a+Oe7R mu8munlgfU9edN3g/icnp5hnebkWluCAp4SyA47Fqm13JoRcsos/xE0e4UmcGrUD sxoK2Ij77MQi3jGolcg7kyLUbcVBlzaGYUoYkF+pt4A7pk7ix5ijrEBgcGBsa7XD bzVjzELc3lDI3VjXQhZgLal+SmF2f6170+uedZn/S8fp1LxrtdwadySQoJIdEYrn EAvXs0/4yxf7QIPc4ZQ/8u+b/G1FVZIKbg9etjPAOtjGlte1Qbw= =CxF2 -END PGP SIGNATURE-
[SECURITY] [DLA 2115-2] proftpd-dfsg regression update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: proftpd-dfsg Version: 1.3.5e+r1.3.5-2+deb8u7 CVE ID : CVE-2020-9273 It was discovered that there was a regression in a previous fix for a use-after-free vulnerability in the proftpd-dfsg FTP server. Exploitation of the original vulnerability within the memory pool handling could have allowed a remote attacker to execute arbitrary code on the affected system. However, the fix that was released in proftpd-dfsg version 1.3.5e+r1.3.5-2+deb8u6 had a regression around the handling of log formatting. For more information, please see: https://github.com/proftpd/proftpd/issues/903 For Debian 8 "Jessie", this issue has been fixed in proftpd-dfsg version 1.3.5e+r1.3.5-2+deb8u7. We recommend that you upgrade your proftpd-dfsg packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS Regards, - -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `- -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAl5dT6MACgkQHpU+J9Qx Hlg12RAAxjvWQ2MCsU7DIIkVujp4pFA3gbXglaQtj7GPgnvOD7+E/CbIpS5h4ChQ elFscK6MNCWqeU0F0qbjmE0R55PDiCuTiLGgYHg+j3mPkFHsS31BJEQ+jXORIVPK pXcJWSYIpQhi3zwbeQMkeN/K4Cm+NI++iXNUCELVOMLBX4N1Wix+2zkERMb3pXsw ZODRIKRpi0NpMrP1xYxOxK1vVSMVbxu97SLT0DsyFPG7jmjcm7c/xlPyjR2mKnij KA1zNWE/rFQuuEacLVMI/B68I3hnRgGjt1oexmitxTU8AjqAsnt60wsHQcDR2NF+ olHglbca8V8jjs07gjnWEvE8zVvcFCUNXGsb4UYtrGSvL3unhI5ogi4Tp/jw/mfL ReFi4iLyW5GpqlE1BSAMEpATotlk+jSS0sUDuGVG0T1ybA9Sn64lF7wxUcr3IZw1 FK772xh+C76VjU7VmSTVDSXyO9OjJ13edh3ZCu5DFbVEpd1SBLYrkhdPH3pDoLj+ ApC6G4uOQ51iO/grMEmKkk4AEdMUCnr2o2CUYZg8iNGeAegEOkohr/p2m+x3Cn+8 v1BICuxjegq8XEz4/+mfKfLRnimHvgloEG2QfIANiREBEH4DQ8Wc3vG+fbo4KT7+ UdLudt2L4rLXaPLXq7aMX2oxdbBgrfqpYlE665boHGmkA06NYo4= =K8+l -END PGP SIGNATURE-