[SECURITY] [DLA 3042-1] clamav security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-3042-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort June 03, 2022 https://wiki.debian.org/LTS - - Package: clamav Version: 0.103.6+dfsg-0+deb9u1 CVE ID : CVE-2022-20770 CVE-2022-20771 CVE-2022-20785 CVE-2022-20792 CVE-2022-20796 Several vulnerabilities have been found in the ClamAV antivirus toolkit, that could result in denial of service or other unspecified impact. For Debian 9 stretch, these problems have been fixed in version 0.103.6+dfsg-0+deb9u1. We recommend that you upgrade your clamav packages. For the detailed security status of clamav please refer to its security tracker page at: https://security-tracker.debian.org/tracker/clamav Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAmKaPQgACgkQnUbEiOQ2 gwKwiw/+KCy4DmXTCQY6QqXJZtg3sznR1mTPGKtvTWHu78LCRx30ypmJ3AQwcwup gUFkqeipam8zJppqvihmlBbNrJTnG2gbxZNJD6Hzz+wvWhDw0uOL00Xw7t1Mr3FJ iTyWnz/f7wflAsM62XC7telvgELKZkE+aGrLg41tI3QmAyk88pCqJDgDBvp7vZ28 rte4wVDFr+uz7ZyJbF0ffZpD9PBfp5OzRw6So3bfRDhMSDMlYa3yLSPifI1MGsuu sVABXxiF/can2huPIz/tKI7jAxC56g/6onLcoH3vlQ0DtfjDV9lhCWmD8UvcqIGV MCFik8kPRR5M7IghRAEfyuvm2U1tBF2WvZXD5TtgC4qL81N1dbX1WuLuAGk3iubz boGNPGZzWW08eDRXxqcalvBXMQZ2leHrHwSUJK9HC0rvr5Cb5KhSaIQN7CiapeXp noPUAFNpR6hPGL01RKbpz/WrJdJbLfHhtJz4d1ZrzKhmjuwOlSr29J+ptAyC7toQ qGcR4l7P4GECWNpJzu2KCmBU79hkC1YAPl2itZgI2Kn6UeZ1DTtFxJt7bOwMwirN jeAQQafZO9e0E7fN7mEi/68Q2u+l+RT7mLjyYnPqaZEFA9a9voGNkAegMjTjsFqC OEKqmKT8gBkli2WnDIjrI+PqVLovrn4HBybylC0VRu/kBzQD3pI= =p5aG -END PGP SIGNATURE-
[SECURITY] [DLA 3041-1] thunderbird security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-3041-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort June 03, 2022 https://wiki.debian.org/LTS - - Package: thunderbird Version: 1:91.10.0-1~deb9u1 CVE ID : CVE-2022-1529 CVE-2022-1802 CVE-2022-1834 CVE-2022-31736 CVE-2022-31737 CVE-2022-31738 CVE-2022-31740 CVE-2022-31741 CVE-2022-31742 CVE-2022-31747 Multiple security issues have been found in Thunderbird, which could potentially result in the execution of arbitrary code, information disclosure or spoofing. For Debian 9 stretch, these problems have been fixed in version 1:91.10.0-1~deb9u1. We recommend that you upgrade your thunderbird packages. For the detailed security status of thunderbird please refer to its security tracker page at: https://security-tracker.debian.org/tracker/thunderbird Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAmKaOscACgkQnUbEiOQ2 gwIeZRAArB8Ft7+s4KLRvcoQQW2C1nURJwi31JMsztayQfdxXWbQKiNOYUnd4GYI K1mbjETG6GcrY/gPLGaMI0Zud184xDW8XTmfQ6oTFX3+TU8WP+djgbo5hzW5snJq qtSJ+yr5LJ7TmiloZGO5lO39WNBFyGpBmVdmQEu9LDfBHmLQ69e0lzjk6aPqp+tN 8lRuT0buveXri7KopaYUD1FEYeiQvHm3hP4VgjeFqY2RYY+tFc1oGnoBqVL2bMIn uQ2K7uzj7u03PnfRsRDcrvyrtBtR5ekSnWLc1je5IH3Iw8e9AG/USnEQidGvnXAp 6BkL0oA4GtG9TcR9HYk2r2L66OC6/3y0EnhJwChTHI1mCuI22eqkSC1v95WgEtbp Uf7eZmVlVhHz861AyO9DsAUx+LAnOafn+5zdcp9egXq/4/w9Z1T4oWbAVpa6MJ9b Cvizl2eCiGDc0v5RbnZdGf+Io/9AfiTLA5Yp5zVXFRDtO3TRLqZxChasVppWHDDK A1gpdC1NaQSMRJTCvHRJF6iifeWhTN2d2pB16vN24+kGaK1XvhwYbrYgForx6KuP rtBiIH6hUPBmSFEwP5gqYmLJCOgyD5XQgaGIrAT9CDwMAgmAd2CaCUOnBzJ+UqPK znbtTaZcJRCokjGIuLwIeSieWb+P3ojHApBLuvxZ4fjFeS8cE84= =vemd -END PGP SIGNATURE-
[SECURITY] [DLA 3040-1] firefox-esr security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-3040-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort June 03, 2022 https://wiki.debian.org/LTS - - Package: firefox-esr Version: 91.10.0esr-1~deb9u1 CVE ID : CVE-2022-31736 CVE-2022-31737 CVE-2022-31738 CVE-2022-31740 CVE-2022-31741 CVE-2022-31742 CVE-2022-31747 Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, information disclosure or spoofing. For Debian 9 stretch, these problems have been fixed in version 91.10.0esr-1~deb9u1. We recommend that you upgrade your firefox-esr packages. For the detailed security status of firefox-esr please refer to its security tracker page at: https://security-tracker.debian.org/tracker/firefox-esr Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAmKaOJkACgkQnUbEiOQ2 gwKYFQ/+JrWCoz939IgovCntKHOOIyYOFuQwDZ0hc1OZ6q5N522RjX5Ycszm40cJ I0piLQHwP2BeKtQi45v9GLNGB1w2cAQLu/kb+H+xbTn923QggG/K/s1gjbThTvP3 szhTkebW2aHnB5M0Ay+9qLNqJWwkYuInFf69OzP+zotbni5tp/VRvCOy3zDbPUCF ms7JiRK9MEP22++we5bERkijLENMi5X1vV9rgwAJB7ygl2SG2vwoq/11xNVH7DfV bHJnNlAR/zjEwmLxBQqZY4FOlB4eFdF48JyJkzLQzkzXBUuweRkuankkBnOS3bpZ YFoiLFey1xVIlF+xaEF5JS6lKD4ZTYJ2KNJk2vmOLjOZmZW15k+aHMuuoKF2SZ6D W3z9ke2j6Lt5NNYArmkbljg42BYVZEgphbYpg5UdTRXWh0UYyFJCIvbhWRcU4ZPv Hb6j1AMGrfknJzo4ivLDG/4VMEyBstWHJP7UuOPuW6Od35lCYIxVIDPswWP5iV8H 4ngok21oJqBvzo01agCrE0u4VjlBYaadvH9/KFpVaOFwm8FaIM2zPsepGETnDXw7 JNJeOLP6jR30J5JBnSGfHYD5tzOZMLjooygSgXr6Fm1EquA+RJBejRi9ac5JgTIX FO6ZfcbAXj3GJBqzuHoch6V/JRBKreWEpnW1zw2pXDbXUU7iNa4= =cGdM -END PGP SIGNATURE-
[SECURITY] [DLA 3039-1] pypdf2 security update
- Debian LTS Advisory DLA-3039-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Markus Koschany June 03, 2022 https://wiki.debian.org/LTS - Package: pypdf2 Version: 1.26.0-2+deb9u1 CVE ID : CVE-2022-24859 Debian Bug : 1009879 Sebastian Krause discovered that manipulated inline images can force PyPDF2, a pure Python PDF library, into an infinite loop, if a maliciously crafted PDF file is processed. For Debian 9 stretch, this problem has been fixed in version 1.26.0-2+deb9u1. We recommend that you upgrade your pypdf2 packages. For the detailed security status of pypdf2 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/pypdf2 Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS signature.asc Description: This is a digitally signed message part
