-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Mon, 16 Jan 2017 19:53:53 +0100
Source: pdns-recursor
Binary: pdns-recursor pdns-recursor-dbg
Architecture: source amd64
Version: 3.3-3+deb7u2
Distribution: wheezy-security
Urgency: high
Maintainer: Debian PowerDNS Maintainers
Hi Diego,
> I just released libav 0.8.20 with some more fixes, changelog below.
>
> Diego
>
> version 0.8.20:
>
> - mpegvideo: Fix undefined negative shifts in mpeg_motion_internal (Bug-Id:
> 980, CVE-2016-9820)
> - mpegvideo: Fix undefined negative shifts in ff_init_block_index (Bug-Id:
>
On Fri, Jan 06, 2017 at 11:32:49AM +0100, Hugo Lefeuvre wrote:
>
> Could you summarize us the status of your work on the 0.8 branch ?
>
> I've had a look at the new CVEs reported for libav. I managed to
> reproduce CVE-2016-98{21,22} (avconv crashes with segfault), but
> cherry picking the
Hi,
I've looked at updating the graphicsmagick (GM) update to fix the issues
outlined in a [recent discussion][1]. The fix to CVE-2016-5240.patch is
trivial. I can also confirm the current GM version in wheezy-security
segfaults with the POC.
I've had difficulties fixing the pending
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Mon, 16 Jan 2017 13:45:17 +0100
Source: otrs2
Binary: otrs2 otrs
Architecture: source all
Version: 3.1.7+dfsg1-8+deb7u6
Distribution: wheezy-security
Urgency: high
Maintainer: Patrick Matthäi
Changed-By:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Package: otrs2
Version: 3.1.7+dfsg1-8+deb7u6
CVE ID : CVE-2016-9139
Debian Bug : 843091
A cross-site sripting vulnerability (XSS) was discovered in OTRS, a
ticket requesting system for the web. An attacker could trick
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Thu, 12 Jan 2017 16:38:50 +0100
Source: botan1.10
Binary: botan1.10-dbg libbotan-1.10-0 libbotan1.10-dev
Architecture: source amd64
Version: 1.10.5-1+deb7u2
Distribution: wheezy-security
Urgency: high
Maintainer: Ondřej Surý