[20 Jan 2022] DSA-5049-1 flatpak - security update {CVE-2021-43860 CVE-2022-21682} [bullseye] - flatpak 1.10.7-0+deb11u1 [15 Jan 2022] DSA-5048-1 libreswan - security update {CVE-2022-23094} [bullseye] - libreswan 4.3-1+deb11u1 [15 Jan 2022] DSA-5047-1 prosody - security update {CVE-2022-0217} [buster] - prosody 0.11.2-1+deb10u3 [bullseye] - prosody 0.11.9-2+deb11u1 [14 Jan 2022] DSA-5046-1 chromium - security update {CVE-2021-4052 CVE-2021-4053 CVE-2021-4054 CVE-2021-4055 CVE-2021-4056 CVE-2021-4057 CVE-2021-4058 CVE-2021-4059 CVE-2021-4061 CVE-2021-4062 CVE-2021-4063 CVE-2021-4064 CVE-2021-4065 CVE-2021-4066 CVE-2021-4067 CVE-2021-4068 CVE-2021-4078 CVE-2021-4079 CVE-2021-4098 CVE-2021-4099 CVE-2021-4100 CVE-2021-4101 CVE-2021-4102 CVE-2021-37956 CVE-2021-37957 CVE-2021-37958 CVE-2021-37959 CVE-2021-37961 CVE-2021-37962 CVE-2021-37963 CVE-2021-37964 CVE-2021-37965 CVE-2021-37966 CVE-2021-37967 CVE-2021-37968 CVE-2021-37969 CVE-2021-37970 CVE-2021-37971 CVE-2021-37972 CVE-2021-37973 CVE-2021-37974 CVE-2021-37975 CVE-2021-37976 CVE-2021-37977 CVE-2021-37978 CVE-2021-37979 CVE-2021-37980 CVE-2021-37981 CVE-2021-37982 CVE-2021-37983 CVE-2021-37984 CVE-2021-37985 CVE-2021-37986 CVE-2021-37987 CVE-2021-37988 CVE-2021-37989 CVE-2021-37990 CVE-2021-37991 CVE-2021-37992 CVE-2021-37993 CVE-2021-37994 CVE-2021-37995 CVE-2021-37996 CVE-2021-37997 CVE-2021-37998 CVE-2021-37999 CVE-2021-38000 CVE-2021-38001 CVE-2021-38002 CVE-2021-38003 CVE-2021-38004 CVE-2021-38005 CVE-2021-38006 CVE-2021-38007 CVE-2021-38008 CVE-2021-38009 CVE-2021-38010 CVE-2021-38011 CVE-2021-38012 CVE-2021-38013 CVE-2021-38014 CVE-2021-38015 CVE-2021-38016 CVE-2021-38017 CVE-2021-38018 CVE-2021-38019 CVE-2021-38020 CVE-2021-38021 CVE-2021-38022 CVE-2022-0096 CVE-2022-0097 CVE-2022-0098 CVE-2022-0099 CVE-2022-0100 CVE-2022-0101 CVE-2022-0102 CVE-2022-0103 CVE-2022-0104 CVE-2022-0105 CVE-2022-0106 CVE-2022-0107 CVE-2022-0108 CVE-2022-0109 CVE-2022-0110 CVE-2022-0111 CVE-2022-0112 CVE-2022-0113 CVE-2022-0114 CVE-2022-0115 CVE-2022-0116 CVE-2022-0117 CVE-2022-0118 CVE-2022-0120} [bullseye] - chromium 97.0.4692.71-0.1~deb11u1 [14 Jan 2022] DSA-5045-1 thunderbird - security update {CVE-2021-4140 CVE-2022-22737 CVE-2022-22738 CVE-2022-22739 CVE-2022-22740 CVE-2022-22741 CVE-2022-22742 CVE-2022-22743 CVE-2022-22745 CVE-2022-22747 CVE-2022-22748 CVE-2022-22751} [buster] - thunderbird 1:91.5.0-2~deb10u1 [bullseye] - thunderbird 1:91.5.0-2~deb11u1 [13 Jan 2022] DSA-5044-1 firefox-esr - security update {CVE-2021-4140 CVE-2022-22737 CVE-2022-22738 CVE-2022-22739 CVE-2022-22740 CVE-2022-22741 CVE-2022-22742 CVE-2022-22743 CVE-2022-22745 CVE-2022-22747 CVE-2022-22748 CVE-2022-22751} [buster] - firefox-esr 91.5.0esr-1~deb10u1 [bullseye] - firefox-esr 91.5.0esr-1~deb11u1 [12 Jan 2022] DSA-5043-1 lxml - security update {CVE-2021-43818} [buster] - lxml 4.3.2-1+deb10u4 [bullseye] - lxml 4.6.3+dfsg-0.1+deb11u1 [12 Jan 2022] DSA-5042-1 epiphany-browser - security update {CVE-2021-45085 CVE-2021-45086 CVE-2021-45087 CVE-2021-45088} [bullseye] - epiphany-browser 3.38.2-1+deb11u1 [11 Jan 2022] DSA-5041-1 cfrpki - security update {CVE-2021-3761 CVE-2021-3907 CVE-2021-3908 CVE-2021-3909 CVE-2021-3910 CVE-2021-3911 CVE-2021-3912 CVE-2021-43173 CVE-2021-43174} [bullseye] - cfrpki 1.4.2-1~deb11u1 [11 Jan 2022] DSA-5040-1 lighttpd - security update {CVE-2022-22707} [buster] - lighttpd 1.4.53-4+deb10u2 [bullseye] - lighttpd 1.4.59-1+deb11u1 [11 Jan 2022] DSA-5039-1 wordpress - security update {CVE-2022-21661 CVE-2022-21662 CVE-2022-21663 CVE-2022-21664} [buster] - wordpress 5.0.15+dfsg1-0+deb10u1 [bullseye] - wordpress 5.7.5+dfsg1-0+deb11u1 [08 Jan 2022] DSA-5038-1 ghostscript - security update {CVE-2021-45944 CVE-2021-45949} [buster] - ghostscript 9.27~dfsg-2+deb10u5 [bullseye] - ghostscript 9.53.3~dfsg-7+deb11u2 [08 Jan 2022] DSA-5037-1 roundcube - security update {CVE-2021-46144} [buster] - roundcube 1.3.17+dfsg.1-1~deb10u2 [bullseye] - roundcube 1.4.13+dfsg.1-1~deb11u1 [06 Jan 2022] DSA-5036-1 sphinxsearch - security update {CVE-2020-29050} [buster] - sphinxsearch 2.2.11-2+deb10u1 [04 Jan 2022] DSA-5035-1 apache2 - security update {CVE-2021-44224 CVE-2021-44790} [buster] - apache2 2.4.38-3+deb10u7 [bullseye] - apache2 2.4.52-1~deb11u2 [02 Jan 2022] DSA-5034-1 thunderbird - security update {CVE-2021-4126 CVE-2021-38496 CVE-2021-38500 CVE-2021-38502 CVE-2021-38503 CVE-2021-38504 CVE-2021-38506 CVE-2021-38507 CVE-2021-38508 CVE-2021-38509 CVE-2021-43528 CVE-2021-43529 CVE-2021-43534 CVE-2021-43535 CVE-2021-43536 CVE-2021-43537 CVE-2021-43538 CVE-2021-43539 CVE-2021-43541 CVE-2021-43542 CVE-2021-43543 CVE-2021-43545 CVE-2021-43546 CVE-2021-44538} [buster] - thunderbird 1:91.4.1-1~deb10u1 [bullseye] - thunderbird 1:91.4.1-1~deb11u1 [30 Dec 2021] DSA-5033-1 fort-validator - security update {CVE-2021-3907 CVE-2021-3909 CVE-2021-43173 CVE-2021-43114} [bullseye] - fort-validator 1.5.3-1~deb11u1 [28 Dec 2021] DSA-5032-1 djvulibre - security update {CVE-2019-15142 CVE-2019-15143 CVE-2019-15144 CVE-2019-15145 CVE-2019-18804 CVE-2021-3500 CVE-2021-3630 CVE-2021-32490 CVE-2021-32491 CVE-2021-32492 CVE-2021-32493} [buster] - djvulibre 3.5.27.1-10+deb10u1 [23 Dec 2021] DSA-5031-1 wpewebkit - security update {CVE-2021-30887 CVE-2021-30890} [bullseye] - wpewebkit 2.34.3-1~deb11u1 [23 Dec 2021] DSA-5030-1 webkit2gtk - security update {CVE-2021-30887 CVE-2021-30890} [buster] - webkit2gtk 2.34.3-1~deb10u1 [bullseye] - webkit2gtk 2.34.3-1~deb11u1 [22 Dec 2021] DSA-5000-2 openjdk-11 - security update {CVE-2021-35550 CVE-2021-35556 CVE-2021-35559 CVE-2021-35561 CVE-2021-35564 CVE-2021-35565 CVE-2021-35567 CVE-2021-35578 CVE-2021-35586 CVE-2021-35603} [buster] - openjdk-11 11.0.13+8-1~deb10u1 [22 Dec 2021] DSA-5029-1 sogo - security update {CVE-2021-33054} [buster] - sogo 4.0.7-1+deb10u2 [bullseye] - sogo 5.0.1-4+deb11u1 [22 Dec 2021] DSA-5028-1 spip - security update [buster] - spip 3.2.4-1+deb10u5 [bullseye] - spip 3.2.11-3+deb11u1 [21 Dec 2021] DSA-5027-1 xorg-server - security update {CVE-2021-4008 CVE-2021-4009 CVE-2021-4010 CVE-2021-4011} [buster] - xorg-server 2:1.20.4-1+deb10u4 [bullseye] - xorg-server 2:1.20.11-1+deb11u1 [19 Dec 2021] DSA-5026-1 firefox-esr - security update {CVE-2021-43546 CVE-2021-43545 CVE-2021-43543 CVE-2021-43542 CVE-2021-43541 CVE-2021-43539 CVE-2021-43538 CVE-2021-43537 CVE-2021-43536 CVE-2021-43535 CVE-2021-43534 CVE-2021-38509 CVE-2021-38508 CVE-2021-38507 CVE-2021-38506 CVE-2021-38504 CVE-2021-38503} [bullseye] - firefox-esr 91.4.1esr-1~deb11u1 [19 Dec 2021] DSA-5025-1 tang - security update {CVE-2021-4076} [bullseye] - tang 8-3+deb11u1 [18 Dec 2021] DSA-5024-1 apache-log4j2 - security update {CVE-2021-45105} [buster] - apache-log4j2 2.17.0-1~deb10u1 [bullseye] - apache-log4j2 2.17.0-1~deb11u1 [18 Dec 2021] DSA-5023-1 modsecurity-apache - security update {CVE-2021-42717} [buster] - modsecurity-apache 2.9.3-1+deb10u1 [bullseye] - modsecurity-apache 2.9.3-3+deb11u1 [16 Dec 2021] DSA-5022-1 apache-log4j2 - security update {CVE-2021-45046} [buster] - apache-log4j2 2.16.0-1~deb10u1 [bullseye] - apache-log4j2 2.16.0-1~deb11u1 [15 Dec 2021] DSA-5021-1 mediawiki - security update {CVE-2021-44857 CVE-2021-44858 CVE-2021-45038} [bullseye] - mediawiki 1:1.35.4-1+deb11u2 [11 Dec 2021] DSA-5020-1 apache-log4j2 - security update {CVE-2021-44228} [buster] - apache-log4j2 2.15.0-1~deb10u1 [bullseye] - apache-log4j2 2.15.0-1~deb11u1 [10 Dec 2021] DSA-5019-1 wireshark - security update {CVE-2021-22207 CVE-2021-22222 CVE-2021-22235 CVE-2021-39920 CVE-2021-39921 CVE-2021-39922 CVE-2021-39923 CVE-2021-39924 CVE-2021-39925 CVE-2021-39926 CVE-2021-39928 CVE-2021-39929} [bullseye] - wireshark 3.4.10-0+deb11u1 [09 Dec 2021] DSA-5018-1 python-babel - security update {CVE-2021-42771} [buster] - python-babel 2.6.0+dfsg.1-1+deb10u1 [05 Dec 2021] DSA-5017-1 xen - security update {CVE-2021-28702 CVE-2021-28704 CVE-2021-28705 CVE-2021-28706 CVE-2021-28707 CVE-2021-28708 CVE-2021-28709} [bullseye] - xen 4.14.3+32-g9de3671772-1~deb11u1 [01 Dec 2021] DSA-5016-1 nss - security update {CVE-2021-43527} [buster] - nss 2:3.42.1-1+deb10u4 [bullseye] - nss 2:3.61-1+deb11u1 [30 Nov 2021] DSA-5015-1 samba - security update {CVE-2020-25717} [buster] - samba 2:4.9.5+dfsg-5+deb10u2 [28 Nov 2021] DSA-5014-1 icu - security update {CVE-2020-21913} [buster] - icu 63.1-6+deb10u2 [27 Nov 2021] DSA-5013-1 roundcube - security update {CVE-2021-44025 CVE-2021-44026} [buster] - roundcube 1.3.17+dfsg.1-1~deb10u1 [bullseye] - roundcube 1.4.12+dfsg.1-1~deb11u1 [23 Nov 2021] DSA-5012-1 openjdk-17 - security update {CVE-2021-35556 CVE-2021-35559 CVE-2021-35561 CVE-2021-35564 CVE-2021-35567 CVE-2021-35578 CVE-2021-35586 CVE-2021-35603} [bullseye] - openjdk-17 17.0.1+12-1+deb11u2 [19 Nov 2021] DSA-5011-1 salt - security update {CVE-2021-21996} [buster] - salt 2018.3.4+dfsg1-6+deb10u3 [bullseye] - salt 3002.6+dfsg1-4+deb11u1 [15 Nov 2021] DSA-5010-1 libxml-security-java - security update {CVE-2021-40690} [buster] - libxml-security-java 2.0.10-2+deb10u1 [bullseye] - libxml-security-java 2.0.10-2+deb11u1 [12 Nov 2021] DSA-5009-1 tomcat9 - security update {CVE-2021-42340} [bullseye] - tomcat9 9.0.43-2~deb11u3 [11 Nov 2021] DSA-5008-1 node-tar - security update {CVE-2021-37701 CVE-2021-37712} [bullseye] - node-tar 6.0.5+ds1+~cs11.3.9-1+deb11u2 [11 Nov 2021] DSA-5007-1 postgresql-13 - security update {CVE-2021-23214 CVE-2021-23222} [bullseye] - postgresql-13 13.5-0+deb11u1 [11 Nov 2021] DSA-5006-1 postgresql-11 - security update {CVE-2021-23214 CVE-2021-23222} [buster] - postgresql-11 11.14-0+deb10u1 [10 Nov 2021] DSA-5005-1 ruby-kaminari - security update {CVE-2020-11082} [buster] - ruby-kaminari 1.0.1-4+deb10u1 [10 Nov 2021] DSA-5004-1 libxstream-java - security update {CVE-2021-39139 CVE-2021-39140 CVE-2021-39141 CVE-2021-39144 CVE-2021-39145 CVE-2021-39146 CVE-2021-39147 CVE-2021-39148 CVE-2021-39149 CVE-2021-39150 CVE-2021-39151 CVE-2021-39152 CVE-2021-39153 CVE-2021-39154} [buster] - libxstream-java 1.4.11.1-1+deb10u3 [bullseye] - libxstream-java 1.4.15-3+deb11u1 [09 Nov 2021] DSA-5003-1 samba - security update {CVE-2016-2124 CVE-2020-25717 CVE-2020-25718 CVE-2020-25719 CVE-2020-25721 CVE-2020-25722 CVE-2021-3738 CVE-2021-23192} [bullseye] - samba 2:4.13.13+dfsg-1~deb11u2 [06 Nov 2021] DSA-5002-1 containerd - security update {CVE-2021-41103} [bullseye] - containerd 1.4.5~ds1-2+deb11u1 [05 Nov 2021] DSA-5001-1 redis - security update {CVE-2021-32626 CVE-2021-32627 CVE-2021-32628 CVE-2021-32672 CVE-2021-32675 CVE-2021-32687 CVE-2021-32762 CVE-2021-41099} [buster] - redis 5:5.0.14-1+deb10u1 [bullseye] - redis 5:6.0.16-1+deb11u1 [01 Nov 2021] DSA-5000-1 openjdk-11 - security update {CVE-2021-35550 CVE-2021-35556 CVE-2021-35559 CVE-2021-35561 CVE-2021-35564 CVE-2021-35565 CVE-2021-35567 CVE-2021-35578 CVE-2021-35586 CVE-2021-35603} [bullseye] - openjdk-11 11.0.13+8-1~deb11u1 [01 Nov 2021] DSA-4999-1 asterisk - security update {CVE-2021-32558 CVE-2021-32686} [bullseye] - asterisk 1:16.16.1~dfsg-1+deb11u1 [31 Oct 2021] DSA-4998-1 ffmpeg - security update {CVE-2020-20446 CVE-2020-20450 CVE-2020-20453 CVE-2020-22037 CVE-2020-22042 CVE-2021-38114 CVE-2021-38171 CVE-2021-38291 CVE-2020-21697 CVE-2020-21688 CVE-2020-20445} [bullseye] - ffmpeg 7:4.3.3-0+deb11u1 [31 Oct 2021] DSA-4997-1 tiff - security update {CVE-2020-19143} [buster] - tiff 4.1.0+git191117-2~deb10u3 [29 Oct 2021] DSA-4996-1 wpewebkit - security update {CVE-2021-30818 CVE-2021-30823 CVE-2021-30846 CVE-2021-30851 CVE-2021-30884 CVE-2021-30888 CVE-2021-30889 CVE-2021-42762 CVE-2021-45481 CVE-2021-45483} [bullseye] - wpewebkit 2.34.1-1~deb11u1 [29 Oct 2021] DSA-4995-1 webkit2gtk - security update {CVE-2021-30818 CVE-2021-30823 CVE-2021-30846 CVE-2021-30851 CVE-2021-30884 CVE-2021-30888 CVE-2021-30889 CVE-2021-42762 CVE-2021-45481 CVE-2021-45483} [buster] - webkit2gtk 2.34.1-1~deb10u1 [bullseye] - webkit2gtk 2.34.1-1~deb11u1 [28 Oct 2021] DSA-4994-1 bind9 - security update {CVE-2021-25219} [buster] - bind9 1:9.11.5.P4+dfsg-5.1+deb10u6 [bullseye] - bind9 1:9.16.22-1~deb11u1 [25 Oct 2021] DSA-4993-1 php7.3 - security update {CVE-2021-21703} [buster] - php7.3 7.3.31-1~deb10u1 [25 Oct 2021] DSA-4992-1 php7.4 - security update {CVE-2021-21703} [bullseye] - php7.4 7.4.25-1+deb11u1 [22 Oct 2021] DSA-4991-1 mailman - security update {CVE-2020-12108 CVE-2020-15011 CVE-2021-42096 CVE-2021-42097} [buster] - mailman 1:2.1.29-1+deb10u2 [19 Oct 2021] DSA-4990-1 ffmpeg - security update {CVE-2020-20445 CVE-2020-20446 CVE-2020-20453 CVE-2020-21041 CVE-2020-22015 CVE-2020-22016 CVE-2020-22017 CVE-2020-22019 CVE-2020-22020 CVE-2020-22021 CVE-2020-22022 CVE-2020-22023 CVE-2020-22025 CVE-2020-22026 CVE-2020-22027 CVE-2020-22028 CVE-2020-22029 CVE-2020-22030 CVE-2020-22031 CVE-2020-22032 CVE-2020-22033 CVE-2020-22034 CVE-2020-22035 CVE-2020-22036 CVE-2020-22037 CVE-2020-22049 CVE-2020-22054 CVE-2020-35965 CVE-2021-38114 CVE-2021-38171 CVE-2021-38291} [buster] - ffmpeg 7:4.1.8-0+deb10u1 [18 Oct 2021] DSA-4989-1 strongswan - security update {CVE-2021-41990 CVE-2021-41991} [buster] - strongswan 5.7.2-1+deb10u1 [bullseye] - strongswan 5.9.1-1+deb11u1 [16 Oct 2021] DSA-4988-1 libreoffice - security update {CVE-2021-25633 CVE-2021-25634} [bullseye] - libreoffice 1:7.0.4-4+deb11u1 [15 Oct 2021] DSA-4987-1 squashfs-tools - security update {CVE-2021-41072} [buster] - squashfs-tools 1:4.3-12+deb10u2 [bullseye] - squashfs-tools 1:4.4-2+deb11u2 [14 Oct 2021] DSA-4986-1 tomcat9 - security update {CVE-2021-41079} [buster] - tomcat9 9.0.31-1~deb10u6 [bullseye] - tomcat9 9.0.43-2~deb11u2 [14 Oct 2021] DSA-4985-1 wordpress - security update {CVE-2021-39201} [buster] - wordpress 5.0.14+dfsg1-0+deb10u1 [bullseye] - wordpress 5.7.3+dfsg1-0+deb11u1 [12 Oct 2021] DSA-4984-1 flatpak - security update {CVE-2021-41133} [bullseye] - flatpak 1.10.5-0+deb11u1 [10 Oct 2021] DSA-4983-1 neutron - security update {CVE-2021-40085} [buster] - neutron 2:13.0.7+git.2021.09.27.bace3d1890-0+deb10u1 [bullseye] - neutron 2:17.2.1-0+deb11u1 [08 Oct 2021] DSA-4982-1 apache2 - security update {CVE-2021-34798 CVE-2021-36160 CVE-2021-39275 CVE-2021-40438} [buster] - apache2 2.4.38-3+deb10u6 [bullseye] - apache2 2.4.51-1~deb11u1 [06 Oct 2021] DSA-4981-1 firefox-esr - security update {CVE-2021-38496 CVE-2021-38500} [buster] - firefox-esr 78.15.0esr-1~deb10u1 [bullseye] - firefox-esr 78.15.0esr-1~deb11u1 [03 Oct 2021] DSA-4980-1 qemu - security update {CVE-2021-3544 CVE-2021-3545 CVE-2021-3546 CVE-2021-3638 CVE-2021-3682 CVE-2021-3713 CVE-2021-3748} [bullseye] - qemu 1:5.2+dfsg-11+deb11u1 [01 Oct 2021] DSA-4979-1 mediawiki - security update {CVE-2021-35197 CVE-2021-41798 CVE-2021-41799 CVE-2021-41800 CVE-2021-41801} [buster] - mediawiki 1:1.31.16-1~deb10u1 [bullseye] - mediawiki 1:1.35.4-1~deb11u1 [25 Sep 2021] DSA-4978-1 linux - security update {CVE-2020-3702 CVE-2020-16119 CVE-2021-3653 CVE-2021-3656 CVE-2021-3679 CVE-2021-3732 CVE-2021-3739 CVE-2021-3743 CVE-2021-3753 CVE-2021-37576 CVE-2021-38160 CVE-2021-38166 CVE-2021-38199 CVE-2021-40490 CVE-2021-41073} [bullseye] - linux 5.10.46-5 [20 Sep 2021] DSA-4977-1 xen - security update {CVE-2021-28694 CVE-2021-28695 CVE-2021-28696 CVE-2021-28697 CVE-2021-28698 CVE-2021-28699 CVE-2021-28700 CVE-2021-28701} [bullseye] - xen 4.14.3-1~deb11u1 [20 Sep 2021] DSA-4976-1 wpewebkit - security update {CVE-2021-30809 CVE-2021-30836 CVE-2021-30848 CVE-2021-30849 CVE-2021-30858 CVE-2021-45482} [bullseye] - wpewebkit 2.32.4-1~deb11u1 [20 Sep 2021] DSA-4975-1 webkit2gtk - security update {CVE-2021-30809 CVE-2021-30836 CVE-2021-30848 CVE-2021-30849 CVE-2021-30858 CVE-2021-45482} [buster] - webkit2gtk 2.32.4-1~deb10u1 [bullseye] - webkit2gtk 2.32.4-1~deb11u1 [19 Sep 2021] DSA-4974-1 nextcloud-desktop - security update {CVE-2021-22895 CVE-2021-32728} [buster] - nextcloud-desktop 2.5.1-3+deb10u2 [bullseye] - nextcloud-desktop 3.1.1-2+deb11u1 [10 Sep 2021] DSA-4973-1 thunderbird - security update {CVE-2021-38493} [buster] - thunderbird 1:78.14.0-1~deb10u1 [bullseye] - thunderbird 1:78.14.0-1~deb11u1 [10 Sep 2021] DSA-4972-1 ghostscript - security update {CVE-2021-3781} [bullseye] - ghostscript 9.53.3~dfsg-7+deb11u1 [09 Sep 2021] DSA-4971-1 ntfs-3g - security update {CVE-2021-33285 CVE-2021-33286 CVE-2021-33287 CVE-2021-33289 CVE-2021-35266 CVE-2021-35267 CVE-2021-35268 CVE-2021-35269 CVE-2021-39251 CVE-2021-39252 CVE-2021-39253 CVE-2021-39254 CVE-2021-39255 CVE-2021-39256 CVE-2021-39257 CVE-2021-39258 CVE-2021-39259 CVE-2021-39260 CVE-2021-39261 CVE-2021-39262 CVE-2021-39263} [buster] - ntfs-3g 1:2017.3.23AR.3-3+deb10u1 [bullseye] - ntfs-3g 1:2017.3.23AR.3-4+deb11u1 [09 Sep 2021] DSA-4970-1 postorius - security update {CVE-2021-40347} [buster] - postorius 1.2.4-1+deb10u1 [bullseye] - postorius 1.3.4-2+deb11u1 [09 Sep 2021] DSA-4969-1 firefox-esr - security update {CVE-2021-38493} [buster] - firefox-esr 78.14.0esr-1~deb10u1 [bullseye] - firefox-esr 78.14.0esr-1~deb11u1 [07 Sep 2021] DSA-4968-1 haproxy - security update {CVE-2021-40346} [bullseye] - haproxy 2.2.9-2+deb11u2 [04 Sep 2021] DSA-4967-1 squashfs-tools - security update {CVE-2021-40153} [buster] - squashfs-tools 1:4.3-12+deb10u1 [bullseye] - squashfs-tools 1:4.4-2+deb11u1 [31 Aug 2021] DSA-4966-1 gpac - security update {CVE-2021-21834 CVE-2021-21836 CVE-2021-21837 CVE-2021-21838 CVE-2021-21839 CVE-2021-21840 CVE-2021-21841 CVE-2021-21842 CVE-2021-21843 CVE-2021-21844 CVE-2021-21845 CVE-2021-21846 CVE-2021-21847 CVE-2021-21848 CVE-2021-21849 CVE-2021-21850 CVE-2021-21853 CVE-2021-21854 CVE-2021-21855 CVE-2021-21857 CVE-2021-21858 CVE-2021-21859 CVE-2021-21860 CVE-2021-21861} [bullseye] - gpac 1.0.1+dfsg1-4+deb11u1 [31 Aug 2021] DSA-4965-1 libssh - security update {CVE-2021-3634} [bullseye] - libssh 0.9.5-1+deb11u1 [31 Aug 2021] DSA-4962-2 ledgersmb - regression update [buster] - ledgersmb 1.6.9+ds-1+deb10u3 [bullseye] - ledgersmb 1.6.9+ds-2+deb11u3 [27 Aug 2021] DSA-4964-1 grilo - security update {CVE-2021-39365} [buster] - grilo 0.3.7-1+deb10u1 [bullseye] - grilo 0.3.13-1+deb11u1 [24 Aug 2021] DSA-4963-1 openssl - security update {CVE-2021-3711 CVE-2021-3712} [buster] - openssl 1.1.1d-0+deb10u7 [bullseye] - openssl 1.1.1k-1+deb11u1 [23 Aug 2021] DSA-4962-1 ledgersmb - security update {CVE-2021-3731 CVE-2021-3693 CVE-2021-3694} [buster] - ledgersmb 1.6.9+ds-1+deb10u2 [bullseye] - ledgersmb 1.6.9+ds-2+deb11u2 [23 Aug 2021] DSA-4961-1 tor - security update {CVE-2021-38385} [buster] - tor 0.3.5.16-1 [bullseye] - tor 0.4.5.10-1~deb11u1 [17 Aug 2021] DSA-4960-1 haproxy - security update {CVE-2021-39240 CVE-2021-39241 CVE-2021-39242} [bullseye] - haproxy 2.2.9-2+deb11u1 [15 Aug 2021] DSA-4959-1 thunderbird - security update {CVE-2021-29980 CVE-2021-29984 CVE-2021-29985 CVE-2021-29986 CVE-2021-29988 CVE-2021-29989} [bullseye] - thunderbird 1:78.13.0-1~deb11u1 [buster] - thunderbird 1:78.13.0-1~deb10u1 [13 Aug 2021] DSA-4958-1 exiv2 - security update {CVE-2019-20421 CVE-2021-3482 CVE-2021-29457 CVE-2021-29473 CVE-2021-31292} [buster] - exiv2 0.25-4+deb10u2 [13 Aug 2021] DSA-4957-1 trafficserver - security update {CVE-2021-27577 CVE-2021-32565 CVE-2021-32566 CVE-2021-32567 CVE-2021-35474} [buster] - trafficserver 8.0.2+ds-1+deb10u5 [11 Aug 2021] DSA-4956-1 firefox-esr - security update {CVE-2021-29980 CVE-2021-29984 CVE-2021-29985 CVE-2021-29986 CVE-2021-29988 CVE-2021-29989} [bullseye] - firefox-esr 78.13.0esr-1~deb11u1 [buster] - firefox-esr 78.13.0esr-1~deb10u1 [11 Aug 2021] DSA-4955-1 libspf2 - security update {CVE-2021-20314} [buster] - libspf2 1.2.10-7.1~deb10u1 [10 Aug 2021] DSA-4954-1 c-ares - security update {CVE-2021-3672} [buster] - c-ares 1.14.0-1+deb10u1 [10 Aug 2021] DSA-4953-1 lynx - security update {CVE-2021-38165} [buster] - lynx 2.8.9rel.1-3+deb10u1 [09 Aug 2021] DSA-4952-1 tomcat9 - security update {CVE-2021-30640 CVE-2021-33037} [buster] - tomcat9 9.0.31-1~deb10u5 [07 Aug 2021] DSA-4951-1 bluez - security update {CVE-2020-26558 CVE-2020-27153 CVE-2021-0129} [buster] - bluez 5.50-1.2~deb10u2 [07 Aug 2021] DSA-4950-1 ansible - security update {CVE-2019-10156 CVE-2019-10206 CVE-2019-14846 CVE-2019-14864 CVE-2019-14904 CVE-2020-1733 CVE-2020-1735 CVE-2020-1739 CVE-2020-1740 CVE-2020-1746 CVE-2020-1753 CVE-2020-10684 CVE-2020-10685 CVE-2020-10729 CVE-2020-14330 CVE-2020-14332 CVE-2020-14365 CVE-2021-20228} [buster] - ansible 2.7.7+dfsg-1+deb10u1 [05 Aug 2021] DSA-4949-1 jetty9 - security update {CVE-2019-10241 CVE-2019-10247 CVE-2020-27216 CVE-2020-27223 CVE-2021-28165 CVE-2021-28169 CVE-2021-34428} [buster] - jetty9 9.4.16-0+deb10u1 [01 Aug 2021] DSA-4948-1 aspell - security update {CVE-2019-17544 CVE-2019-25051} [buster] - aspell 0.60.7~20110707-6+deb10u1 [30 Jul 2021] DSA-4947-1 libsndfile - security update {CVE-2021-3246} [buster] - libsndfile 1.0.28-6+deb10u1 [29 Jul 2021] DSA-4946-1 openjdk-11 - security update {CVE-2021-2341 CVE-2021-2369 CVE-2021-2388} [buster] - openjdk-11 11.0.12+7-2~deb10u1 [28 Jul 2021] DSA-4945-1 webkit2gtk - security update {CVE-2021-21775 CVE-2021-21779 CVE-2021-30663 CVE-2021-30665 CVE-2021-30689 CVE-2021-30720 CVE-2021-30734 CVE-2021-30744 CVE-2021-30749 CVE-2021-30758 CVE-2021-30795 CVE-2021-30797 CVE-2021-30799} [buster] - webkit2gtk 2.32.3-1~deb10u1 [25 Jul 2021] DSA-4944-1 krb5 - security update {CVE-2021-36222} [buster] - krb5 1.17-3+deb10u2 [23 Jul 2021] DSA-4943-1 lemonldap-ng - security update {CVE-2021-35472} [buster] - lemonldap-ng 2.0.2+ds-7+deb10u6 [20 Jul 2021] DSA-4942-1 systemd - security update {CVE-2021-33910} [buster] - systemd 241-7~deb10u8 [20 Jul 2021] DSA-4941-1 linux - security update {CVE-2020-36311 CVE-2021-3609 CVE-2021-33909 CVE-2021-34693} [buster] - linux 4.19.194-3 [18 Jul 2021] DSA-4940-1 thunderbird - security update {CVE-2021-29969 CVE-2021-29970 CVE-2021-29976 CVE-2021-30547} [buster] - thunderbird 1:78.12.0-1~deb10u1 [14 Jul 2021] DSA-4939-1 firefox-esr - security update {CVE-2021-29970 CVE-2021-29976 CVE-2021-30547} [buster] - firefox-esr 78.12.0esr-1~deb10u1 [13 Jul 2021] DSA-4938-1 linuxptp - security update {CVE-2021-3570} [buster] - linuxptp 1.9.2-1+deb10u1 [08 Jul 2021] DSA-4937-1 apache2 - security update {CVE-2020-35452 CVE-2021-26690 CVE-2021-26691 CVE-2021-30641 CVE-2021-31618} [buster] - apache2 2.4.38-3+deb10u5 [05 Jul 2021] DSA-4936-1 libuv1 - security update {CVE-2021-22918} [buster] - libuv1 1.24.1-1+deb10u1 [05 Jul 2021] DSA-4935-1 php7.3 - security update {CVE-2021-21704 CVE-2021-21705} [buster] - php7.3 7.3.29-1~deb10u1 [26 Jun 2021] DSA-4934-1 intel-microcode - security update {CVE-2020-24489 CVE-2020-24511 CVE-2020-24512 CVE-2020-24513} [buster] - intel-microcode 3.20210608.2~deb10u1 [18 Jun 2021] DSA-4933-1 nettle - security update {CVE-2021-3580 CVE-2021-20305} [buster] - nettle 3.4.1-1+deb10u1 [18 Jun 2021] DSA-4932-1 tor - security update {CVE-2021-34548 CVE-2021-34549 CVE-2021-34550} [buster] - tor 0.3.5.15-1 [15 Jun 2021] DSA-4931-1 xen - security update {CVE-2021-0089 CVE-2021-26313 CVE-2021-28690 CVE-2021-28692} [buster] - xen 4.11.4+107-gef32c7afa2-1 [10 Jun 2021] DSA-4930-1 libwebp - security update {CVE-2018-25009 CVE-2018-25010 CVE-2018-25011 CVE-2018-25012 CVE-2018-25013 CVE-2018-25014 CVE-2020-36328 CVE-2020-36329 CVE-2020-36330 CVE-2020-36331 CVE-2020-36332 } [buster] - libwebp 0.6.1-2+deb10u1 [09 Jun 2021] DSA-4929-1 rails - security update {CVE-2021-22880 CVE-2021-22885 CVE-2021-22904} [buster] - rails 2:5.2.2.1+dfsg-1+deb10u3 [09 Jun 2021] DSA-4928-1 htmldoc - security update {CVE-2021-23158 CVE-2021-23165 CVE-2021-23180 CVE-2021-23191 CVE-2021-23206 CVE-2021-26252 CVE-2021-26259 CVE-2021-26948} [buster] - htmldoc 1.9.3-1+deb10u2 [05 Jun 2021] DSA-4927-1 thunderbird - security update {CVE-2021-29956 CVE-2021-29957 CVE-2021-29967} [buster] - thunderbird 1:78.11.0-1~deb10u1 [03 Jun 2021] DSA-4926-1 lasso - security update {CVE-2021-28091} [buster] - lasso 2.6.0-2+deb10u1 [02 Jun 2021] DSA-4925-1 firefox-esr - security update {CVE-2021-29967} [buster] - firefox-esr 78.11.0esr-1~deb10u1 [01 Jun 2021] DSA-4924-1 squid - security update {CVE-2021-28651 CVE-2021-28652 CVE-2021-28662 CVE-2021-31806 CVE-2021-31807 CVE-2021-31808 CVE-2021-33620} [buster] - squid 4.6-1+deb10u6 [30 May 2021] DSA-4923-1 webkit2gtk - security update {CVE-2021-1788 CVE-2021-1844 CVE-2021-1871 CVE-2021-30682} [buster] - webkit2gtk 2.32.1-1~deb10u1 [29 May 2021] DSA-4922-1 hyperkitty - security update {CVE-2021-33038} [buster] - hyperkitty 1.2.2-1+deb10u1 [28 May 2021] DSA-4921-1 nginx - security update {CVE-2021-23017} [buster] - nginx 1.14.2-2+deb10u4 [24 May 2021] DSA-4920-1 libx11 - security update {CVE-2021-31535} [buster] - libx11 2:1.6.7-1+deb10u2 [21 May 2021] DSA-4916-2 prosody - regression update [buster] - prosody 0.11.2-1+deb10u2 [21 May 2021] DSA-4919-1 lz4 - security update {CVE-2021-3520} [buster] - lz4 1.8.3-1+deb10u1 [18 May 2021] DSA-4918-1 ruby-rack-cors - security update {CVE-2019-18978} [buster] - ruby-rack-cors 1.0.2-1+deb10u1 [18 May 2021] DSA-4917-1 chromium - security update {CVE-2021-30506 CVE-2021-30507 CVE-2021-30508 CVE-2021-30509 CVE-2021-30510 CVE-2021-30511 CVE-2021-30512 CVE-2021-30513 CVE-2021-30514 CVE-2021-30515 CVE-2021-30516 CVE-2021-30517 CVE-2021-30518 CVE-2021-30519 CVE-2021-30520} [buster] - chromium 90.0.4430.212-1~deb10u1 [17 May 2021] DSA-4916-1 prosody - security update {CVE-2021-32917 CVE-2021-32918 CVE-2021-32919 CVE-2021-32920 CVE-2021-32921} [buster] - prosody 0.11.2-1+deb10u1 [13 May 2021] DSA-4915-1 postgresql-11 - security update {CVE-2021-32027 CVE-2021-32028 CVE-2021-32029} [buster] - postgresql-11 11.12-0+deb10u1 [12 May 2021] DSA-4914-1 graphviz - security update {CVE-2020-18032} [buster] - graphviz 2.40.1-6+deb10u1 [10 May 2021] DSA-4913-1 hivex - security update {CVE-2021-3504} [buster] - hivex 1.3.18-1+deb10u1 [04 May 2021] DSA-4912-1 exim4 - security update {CVE-2020-28007 CVE-2020-28008 CVE-2020-28009 CVE-2020-28010 CVE-2020-28011 CVE-2020-28012 CVE-2020-28013 CVE-2020-28014 CVE-2020-28015 CVE-2020-28017 CVE-2020-28019 CVE-2020-28021 CVE-2020-28022 CVE-2020-28023 CVE-2020-28024 CVE-2020-28025 CVE-2020-28026} [buster] - exim4 4.92-8+deb10u6 [03 May 2021] DSA-4911-1 chromium - security update {CVE-2021-21227 CVE-2021-21228 CVE-2021-21229 CVE-2021-21230 CVE-2021-21231 CVE-2021-21232 CVE-2021-21233} [buster] - chromium 90.0.4430.93-1~deb10u1 [02 May 2021] DSA-4910-1 libimage-exiftool-perl - security update {CVE-2021-22204} [buster] - libimage-exiftool-perl 11.16-1+deb10u1 [01 May 2021] DSA-4909-1 bind9 - security update {CVE-2021-25214 CVE-2021-25215 CVE-2021-25216} [buster] - bind9 1:9.11.5.P4+dfsg-5.1+deb10u5 [29 Apr 2021] DSA-4908-1 libhibernate3-java - security update {CVE-2020-25638} [buster] - libhibernate3-java 3.6.10.Final-9+deb10u1 [29 Apr 2021] DSA-4907-1 composer - security update {CVE-2021-29472} [buster] - composer 1.8.4-1+deb10u1 [27 Apr 2021] DSA-4906-1 chromium - security update {CVE-2021-21201 CVE-2021-21202 CVE-2021-21203 CVE-2021-21204 CVE-2021-21205 CVE-2021-21207 CVE-2021-21208 CVE-2021-21209 CVE-2021-21210 CVE-2021-21211 CVE-2021-21212 CVE-2021-21213 CVE-2021-21214 CVE-2021-21215 CVE-2021-21216 CVE-2021-21217 CVE-2021-21218 CVE-2021-21219 CVE-2021-21221 CVE-2021-21222 CVE-2021-21223 CVE-2021-21224 CVE-2021-21225 CVE-2021-21226} [buster] - chromium 90.0.4430.85-1~deb10u1 [27 Apr 2021] DSA-4905-1 shibboleth-sp - security update {CVE-2021-31826} [buster] - shibboleth-sp 3.0.4+dfsg1-1+deb10u2 [24 Apr 2021] DSA-4904-1 gst-plugins-ugly1.0 - security update [buster] - gst-plugins-ugly1.0 1.14.4-1+deb10u1 [24 Apr 2021] DSA-4903-1 gst-plugins-base1.0 - security update {CVE-2021-3522} [buster] - gst-plugins-base1.0 1.14.4-2+deb10u1 [24 Apr 2021] DSA-4902-1 gst-plugins-bad1.0 - security update [buster] - gst-plugins-bad1.0 1.14.4-1+deb10u2 [24 Apr 2021] DSA-4901-1 gst-libav1.0 - security update [buster] - gst-libav1.0 1.15.0.1+git20180723+db823502-2+deb10u1 [24 Apr 2021] DSA-4900-1 gst-plugins-good1.0 - security update {CVE-2021-3497 CVE-2021-3498} [buster] - gst-plugins-good1.0 1.14.4-1+deb10u1 [23 Apr 2021] DSA-4899-1 openjdk-11 - security update {CVE-2021-2163} [buster] - openjdk-11 11.0.11+9-1~deb10u1 [22 Apr 2021] DSA-4898-1 wpa - security update {CVE-2020-12695 CVE-2021-0326 CVE-2021-27803} [buster] - wpa 2:2.7+git20190128+0c1e29f-6+deb10u3 [22 Apr 2021] DSA-4897-1 thunderbird - security update {CVE-2021-23961 CVE-2021-23991 CVE-2021-23992 CVE-2021-23993 CVE-2021-23994 CVE-2021-23995 CVE-2021-23998 CVE-2021-23999 CVE-2021-24002 CVE-2021-29945 CVE-2021-29946 CVE-2021-29948 CVE-2021-29949} [buster] - thunderbird 1:78.10.0-1~deb10u1 [22 Apr 2021] DSA-4896-1 wordpress - security update {CVE-2021-29447 CVE-2021-29450} [buster] - wordpress 5.0.12+dfsg1-0+deb10u1 [20 Apr 2021] DSA-4895-1 firefox-esr - security update {CVE-2021-23961 CVE-2021-23994 CVE-2021-23995 CVE-2021-23998 CVE-2021-23999 CVE-2021-24002 CVE-2021-29945 CVE-2021-29946} [buster] - firefox-esr 78.10.0esr-1~deb10u1 [20 Apr 2021] DSA-4894-1 php-pear - security update {CVE-2020-36193} [buster] - php-pear 1:1.10.6+submodules+notgz-1.1+deb10u2 [19 Apr 2021] DSA-4893-1 xorg-server - security update {CVE-2021-3472} [buster] - xorg-server 2:1.20.4-1+deb10u3 [18 Apr 2021] DSA-4892-1 python-bleach - security update {CVE-2021-23980} [buster] - python-bleach 3.1.2-0+deb10u2 [13 Apr 2021] DSA-4891-1 tomcat9 - security update {CVE-2021-25122 CVE-2021-25329} [buster] - tomcat9 9.0.31-1~deb10u4 [12 Apr 2021] DSA-4890-1 ruby-kramdown - security update {CVE-2021-28834} [buster] - ruby-kramdown 1.17.0-1+deb10u2 [10 Apr 2021] DSA-4889-1 mediawiki - security update {CVE-2021-20270 CVE-2021-27291 CVE-2021-30152 CVE-2021-30154 CVE-2021-30155 CVE-2021-30157 CVE-2021-30158 CVE-2021-30159} [buster] - mediawiki 1:1.31.14-1~deb10u1 [10 Apr 2021] DSA-4888-1 xen - security update {CVE-2021-26933 CVE-2021-27379} [buster] - xen 4.11.4+99-g8bce4698f6-1 [08 Apr 2021] DSA-4887-1 lib3mf - security update {CVE-2021-21772} [buster] - lib3mf 1.8.1+ds-3+deb10u1 [06 Apr 2021] DSA-4886-1 chromium - security update {CVE-2021-21159 CVE-2021-21160 CVE-2021-21161 CVE-2021-21162 CVE-2021-21163 CVE-2021-21165 CVE-2021-21166 CVE-2021-21167 CVE-2021-21168 CVE-2021-21169 CVE-2021-21170 CVE-2021-21171 CVE-2021-21172 CVE-2021-21173 CVE-2021-21174 CVE-2021-21175 CVE-2021-21176 CVE-2021-21177 CVE-2021-21178 CVE-2021-21179 CVE-2021-21180 CVE-2021-21181 CVE-2021-21182 CVE-2021-21183 CVE-2021-21184 CVE-2021-21185 CVE-2021-21186 CVE-2021-21187 CVE-2021-21188 CVE-2021-21189 CVE-2021-21190 CVE-2021-21191 CVE-2021-21192 CVE-2021-21193 CVE-2021-21194 CVE-2021-21195 CVE-2021-21196 CVE-2021-21197 CVE-2021-21198 CVE-2021-21199} [buster] - chromium 89.0.4389.114-1~deb10u1 [05 Apr 2021] DSA-4885-1 netty - security update {CVE-2019-20444 CVE-2019-20445 CVE-2020-7238 CVE-2020-11612 CVE-2021-21290 CVE-2021-21295 CVE-2021-21409} [buster] - netty 1:4.1.33-1+deb10u2 [02 Apr 2021] DSA-4884-1 ldb - security update {CVE-2020-10730 CVE-2020-27840 CVE-2021-20277} [buster] - ldb 2:1.5.1+really1.4.6-3+deb10u1 [01 Apr 2021] DSA-4883-1 underscore - security update {CVE-2021-23358} [buster] - underscore 1.9.1~dfsg-1+deb10u1 [01 Apr 2021] DSA-4882-1 openjpeg2 - security update {CVE-2020-6851 CVE-2020-8112 CVE-2020-15389 CVE-2020-27814 CVE-2020-27823 CVE-2020-27824 CVE-2020-27841 CVE-2020-27842 CVE-2020-27843 CVE-2020-27845} [buster] - openjpeg2 2.3.0-2+deb10u2 [30 Mar 2021] DSA-4881-1 curl - security update {CVE-2020-8169 CVE-2020-8177 CVE-2020-8231 CVE-2020-8284 CVE-2020-8285 CVE-2020-8286 CVE-2021-22876 CVE-2021-22890} [buster] - curl 7.64.0-4+deb10u2 [29 Mar 2021] DSA-4880-1 lxml - security update {CVE-2021-28957} [buster] - lxml 4.3.2-1+deb10u3 [27 Mar 2021] DSA-4879-1 spamassassin - security update {CVE-2020-1946} [buster] - spamassassin 3.4.2-1+deb10u3 [27 Mar 2021] DSA-4878-1 pygments - security update {CVE-2021-27291} [buster] - pygments 2.3.1+dfsg-1+deb10u2 [27 Mar 2021] DSA-4877-1 webkit2gtk - security update {CVE-2020-27918 CVE-2020-29623 CVE-2021-1765 CVE-2021-1789 CVE-2021-1799 CVE-2021-1801 CVE-2021-1870 CVE-2021-21806} [buster] - webkit2gtk 2.30.6-1~deb10u1 [25 Mar 2021] DSA-4876-1 thunderbird - security update {CVE-2021-23981 CVE-2021-23982 CVE-2021-23984 CVE-2021-23987 CVE-2021-29950} [buster] - thunderbird 1:78.9.0-1~deb10u1 [25 Mar 2021] DSA-4875-1 openssl - security update {CVE-2021-3449} [buster] - openssl 1.1.1d-0+deb10u6 [24 Mar 2021] DSA-4874-1 firefox-esr - security update {CVE-2021-23981 CVE-2021-23982 CVE-2021-23984 CVE-2021-23987 CVE-2021-29955} [buster] - firefox-esr 78.9.0esr-1~deb10u1 [23 Mar 2021] DSA-4873-1 squid - security update {CVE-2020-25097} [buster] - squid 4.6-1+deb10u5 [18 Mar 2021] DSA-4872-1 shibboleth-sp - security update {CVE-2021-28963} [buster] - shibboleth-sp 3.0.4+dfsg1-1+deb10u1 [16 Mar 2021] DSA-4871-1 tor - security update {CVE-2021-28089 CVE-2021-28090} [buster] - tor 0.3.5.14-1 [12 Mar 2021] DSA-4870-1 pygments - security update {CVE-2021-20270} [buster] - pygments 2.3.1+dfsg-1+deb10u1 [12 Mar 2021] DSA-4869-1 tiff - security update {CVE-2020-35523 CVE-2020-35524} [buster] - tiff 4.1.0+git191117-2~deb10u2 [12 Mar 2021] DSA-4868-1 flatpak - security update {CVE-2021-21381} [buster] - flatpak 1.2.5-0+deb10u4 [02 Mar 2021] DSA-4867-1 grub2 - security update {CVE-2020-14372 CVE-2020-25632 CVE-2020-25647 CVE-2020-27749 CVE-2020-27779 CVE-2021-20225 CVE-2021-20233} [buster] - grub2 2.02+dfsg1-20+deb10u4 [28 Feb 2021] DSA-4866-1 thunderbird - security update {CVE-2021-23968 CVE-2021-23969 CVE-2021-23973 CVE-2021-23978} [buster] - thunderbird 1:78.8.0-1~deb10u1 [27 Feb 2021] DSA-4865-1 docker.io - security update {CVE-2020-15157 CVE-2020-15257 CVE-2021-21284 CVE-2021-21285} [buster] - docker.io 18.09.1+dfsg1-7.1+deb10u3 [27 Feb 2021] DSA-4864-1 python-aiohttp - security update {CVE-2021-21330} [buster] - python-aiohttp 3.5.1-1+deb10u1 [24 Feb 2021] DSA-4863-1 nodejs - security update {CVE-2021-22883 CVE-2021-22884} [buster] - nodejs 10.24.0~dfsg-1~deb10u1 [24 Feb 2021] DSA-4862-1 firefox-esr - security update {CVE-2021-23968 CVE-2021-23969 CVE-2021-23973 CVE-2021-23978} [buster] - firefox-esr 78.8.0esr-1~deb10u1 [21 Feb 2021] DSA-4861-1 screen - security update {CVE-2021-26937} [buster] - screen 4.6.2-3+deb10u1 [20 Feb 2021] DSA-4860-1 openldap - security update {CVE-2021-27212} [buster] - openldap 2.4.47+dfsg-3+deb10u6 [20 Feb 2021] DSA-4859-1 libzstd - security update {CVE-2021-24032} [buster] - libzstd 1.3.8+dfsg-3+deb10u2 [19 Feb 2021] DSA-4858-1 chromium - security update {CVE-2021-21148 CVE-2021-21149 CVE-2021-21150 CVE-2021-21151 CVE-2021-21152 CVE-2021-21153 CVE-2021-21154 CVE-2021-21155 CVE-2021-21156 CVE-2021-21157} [buster] - chromium 88.0.4324.182-1~deb10u1 [18 Feb 2021] DSA-4857-1 bind9 - security update {CVE-2020-8625} [buster] - bind9 1:9.11.5.P4+dfsg-5.1+deb10u3 [17 Feb 2021] DSA-4856-1 php7.3 - security update {CVE-2020-7068 CVE-2020-7069 CVE-2020-7070 CVE-2020-7071 CVE-2021-21702} [buster] - php7.3 7.3.27-1~deb10u1 [17 Feb 2021] DSA-4855-1 openssl - security update {CVE-2019-1551 CVE-2021-23840 CVE-2021-23841} [buster] - openssl 1.1.1d-0+deb10u5 [17 Feb 2021] DSA-4854-1 webkit2gtk - security update {CVE-2020-13558} [buster] - webkit2gtk 2.30.5-1~deb10u1 [16 Feb 2021] DSA-4853-1 spip - security update [buster] - spip 3.2.4-1+deb10u4 [15 Feb 2021] DSA-4852-1 openvswitch - security update {CVE-2020-35498} [buster] - openvswitch 2.10.7+ds1-0+deb10u1 [13 Feb 2021] DSA-4851-1 subversion - security update {CVE-2020-17525} [buster] - subversion 1.10.4-1+deb10u2 [10 Feb 2021] DSA-4850-1 libzstd - security update {CVE-2021-24031} [buster] - libzstd 1.3.8+dfsg-3+deb10u1 [09 Feb 2021] DSA-4849-1 firejail - security update {CVE-2021-26910} [buster] - firejail 0.9.58.2-2+deb10u2 [08 Feb 2021] DSA-4848-1 golang-1.11 - security update {CVE-2020-7919 CVE-2020-15586 CVE-2020-16845 CVE-2021-3114} [buster] - golang-1.11 1.11.6-1+deb10u4 [08 Feb 2021] DSA-4847-1 connman - security update {CVE-2021-26675 CVE-2021-26676} [buster] - connman 1.36-2.1~deb10u1 [07 Feb 2021] DSA-4846-1 chromium - security update {CVE-2020-16044 CVE-2021-21117 CVE-2021-21118 CVE-2021-21119 CVE-2021-21120 CVE-2021-21121 CVE-2021-21122 CVE-2021-21123 CVE-2021-21124 CVE-2021-21125 CVE-2021-21126 CVE-2021-21127 CVE-2021-21128 CVE-2021-21129 CVE-2021-21130 CVE-2021-21131 CVE-2021-21132 CVE-2021-21133 CVE-2021-21134 CVE-2021-21135 CVE-2021-21136 CVE-2021-21137 CVE-2021-21138 CVE-2021-21139 CVE-2021-21140 CVE-2021-21141 CVE-2021-21142 CVE-2021-21143 CVE-2021-21144 CVE-2021-21145 CVE-2021-21146 CVE-2021-21147} [buster] - chromium 88.0.4324.146-1~deb10u1 [03 Feb 2021] DSA-4845-1 openldap - security update {CVE-2020-36221 CVE-2020-36222 CVE-2020-36223 CVE-2020-36224 CVE-2020-36225 CVE-2020-36226 CVE-2020-36227 CVE-2020-36228 CVE-2020-36229 CVE-2020-36230} [buster] - openldap 2.4.47+dfsg-3+deb10u5 [02 Feb 2021] DSA-4844-1 dnsmasq - security update {CVE-2020-25681 CVE-2020-25682 CVE-2020-25683 CVE-2020-25684 CVE-2020-25685 CVE-2020-25686 CVE-2020-25687} [buster] - dnsmasq 2.80-1+deb10u1 [01 Feb 2021] DSA-4843-1 linux - security update {CVE-2020-27815 CVE-2020-27825 CVE-2020-27830 CVE-2020-28374 CVE-2020-29568 CVE-2020-29569 CVE-2020-29660 CVE-2020-29661 CVE-2020-36158 CVE-2021-3347 CVE-2021-20177} [buster] - linux 4.19.171-2 [31 Jan 2021] DSA-4842-1 thunderbird - security update {CVE-2020-15685 CVE-2020-16044 CVE-2020-26976 CVE-2021-23953 CVE-2021-23954 CVE-2021-23960 CVE-2021-23964} [buster] - thunderbird 1:78.7.0-1~deb10u1 [27 Jan 2021] DSA-4841-1 slurm-llnl - security update {CVE-2019-19728 CVE-2020-12693 CVE-2020-27745 CVE-2020-27746} [buster] - slurm-llnl 18.08.5.2-1+deb10u2 [27 Jan 2021] DSA-4840-1 firefox-esr - security update {CVE-2020-26976 CVE-2021-23953 CVE-2021-23954 CVE-2021-23960 CVE-2021-23964} [buster] - firefox-esr 78.7.0esr-1~deb10u1 [26 Jan 2021] DSA-4839-1 sudo - security update {CVE-2021-3156} [buster] - sudo 1.8.27-1+deb10u3 [25 Jan 2021] DSA-4838-1 mutt - security update {CVE-2021-3181} [buster] - mutt 1.10.1-2.1+deb10u5 [24 Jan 2021] DSA-4833-2 gst-plugins-bad1.0 - regression update [buster] - gst-plugins-bad1.0 1.14.4-1+deb10u1 [24 Jan 2021] DSA-4837-1 salt - security update {CVE-2020-16846 CVE-2020-17490 CVE-2020-25592} [buster] - salt 2018.3.4+dfsg1-6+deb10u2 [22 Jan 2021] DSA-4830-2 flatpak - regression update [buster] - flatpak 1.2.5-0+deb10u3 [22 Jan 2021] DSA-4836-1 openvswitch - security update {CVE-2015-8011 CVE-2020-27827} [buster] - openvswitch 2.10.6+ds1-0+deb10u1 [22 Jan 2021] DSA-4835-1 tomcat9 - security update {CVE-2020-13943 CVE-2020-17527} [buster] - tomcat9 9.0.31-1~deb10u3 [22 Jan 2021] DSA-4834-1 vlc - security update {CVE-2020-26664 CVE-2021-25801 CVE-2021-25802 CVE-2021-25803 CVE-2021-25804} [buster] - vlc 3.0.12-0+deb10u1 [18 Jan 2021] DSA-4833-1 gst-plugins-bad1.0 - security update {CVE-2021-3185} [buster] - gst-plugins-bad1.0 1.14.4-1deb10u1 [16 Jan 2021] DSA-4832-1 chromium - security update {CVE-2020-15995 CVE-2020-16043 CVE-2021-21106 CVE-2021-21107 CVE-2021-21108 CVE-2021-21109 CVE-2021-21110 CVE-2021-21111 CVE-2021-21112 CVE-2021-21113 CVE-2021-21114 CVE-2021-21115 CVE-2021-21116} [buster] - chromium 87.0.4280.141-0.1~deb10u1 [15 Jan 2021] DSA-4831-1 ruby-redcarpet - security update {CVE-2020-26298} [buster] - ruby-redcarpet 3.4.0-4+deb10u1 [14 Jan 2021] DSA-4830-1 flatpak - security update {CVE-2021-21261} [buster] - flatpak 1.2.5-0+deb10u2 [11 Jan 2021] DSA-4829-1 coturn - security update {CVE-2020-26262} [buster] - coturn 4.5.1.1-1.1+deb10u2 [07 Jan 2021] DSA-4828-1 libxstream-java - security update {CVE-2020-26258 CVE-2020-26259} [buster] - libxstream-java 1.4.11.1-1+deb10u2 [07 Jan 2021] DSA-4827-1 firefox-esr - security update {CVE-2020-16044} [buster] - firefox-esr 78.6.1esr-1~deb10u1 [06 Jan 2021] DSA-4826-1 nodejs - security update {CVE-2020-8265 CVE-2020-8287} [buster] - nodejs 10.23.1~dfsg-1~deb10u1 [05 Jan 2021] DSA-4806-2 minidlna - regression update [buster] - minidlna 1.2.1+dfsg-2+deb10u2 [04 Jan 2021] DSA-4825-1 dovecot - security update {CVE-2020-24386 CVE-2020-25275} [buster] - dovecot 1:2.3.4.1-5+deb10u5 [01 Jan 2021] DSA-4824-1 chromium - security update {CVE-2020-6510 CVE-2020-6511 CVE-2020-6512 CVE-2020-6513 CVE-2020-6514 CVE-2020-6515 CVE-2020-6516 CVE-2020-6517 CVE-2020-6518 CVE-2020-6519 CVE-2020-6520 CVE-2020-6521 CVE-2020-6522 CVE-2020-6523 CVE-2020-6524 CVE-2020-6525 CVE-2020-6526 CVE-2020-6527 CVE-2020-6528 CVE-2020-6529 CVE-2020-6530 CVE-2020-6531 CVE-2020-6532 CVE-2020-6533 CVE-2020-6534 CVE-2020-6535 CVE-2020-6536 CVE-2020-6537 CVE-2020-6538 CVE-2020-6539 CVE-2020-6540 CVE-2020-6541 CVE-2020-6542 CVE-2020-6543 CVE-2020-6544 CVE-2020-6545 CVE-2020-6547 CVE-2020-6548 CVE-2020-6549 CVE-2020-6550 CVE-2020-6551 CVE-2020-6552 CVE-2020-6553 CVE-2020-6554 CVE-2020-6555 CVE-2020-6556 CVE-2020-6557 CVE-2020-6559 CVE-2020-6560 CVE-2020-6561 CVE-2020-6562 CVE-2020-6563 CVE-2020-6564 CVE-2020-6565 CVE-2020-6566 CVE-2020-6567 CVE-2020-6568 CVE-2020-6569 CVE-2020-6570 CVE-2020-6571 CVE-2020-6573 CVE-2020-6575 CVE-2020-6576 CVE-2020-15959 CVE-2020-15960 CVE-2020-15961 CVE-2020-15962 CVE-2020-15963 CVE-2020-15964 CVE-2020-15965 CVE-2020-15966 CVE-2020-15967 CVE-2020-15968 CVE-2020-15969 CVE-2020-15970 CVE-2020-15971 CVE-2020-15972 CVE-2020-15973 CVE-2020-15974 CVE-2020-15975 CVE-2020-15976 CVE-2020-15977 CVE-2020-15978 CVE-2020-15979 CVE-2020-15980 CVE-2020-15981 CVE-2020-15982 CVE-2020-15983 CVE-2020-15984 CVE-2020-15985 CVE-2020-15986 CVE-2020-15987 CVE-2020-15988 CVE-2020-15989 CVE-2020-15990 CVE-2020-15991 CVE-2020-15992 CVE-2020-15999 CVE-2020-16000 CVE-2020-16001 CVE-2020-16002 CVE-2020-16003 CVE-2020-16004 CVE-2020-16005 CVE-2020-16006 CVE-2020-16008 CVE-2020-16009 CVE-2020-16011 CVE-2020-16012 CVE-2020-16013 CVE-2020-16014 CVE-2020-16015 CVE-2020-16016 CVE-2020-16017 CVE-2020-16018 CVE-2020-16019 CVE-2020-16020 CVE-2020-16021 CVE-2020-16022 CVE-2020-16023 CVE-2020-16024 CVE-2020-16025 CVE-2020-16026 CVE-2020-16027 CVE-2020-16028 CVE-2020-16029 CVE-2020-16030 CVE-2020-16031 CVE-2020-16032 CVE-2020-16033 CVE-2020-16034 CVE-2020-16035 CVE-2020-16036 CVE-2020-16037 CVE-2020-16038 CVE-2020-16039 CVE-2020-16040 CVE-2020-16041 CVE-2020-16042} [buster] - chromium 87.0.4280.88-0.4~deb10u1 [01 Jan 2021] DSA-4823-1 influxdb - security update {CVE-2019-20933} [buster] - influxdb 1.6.4-1+deb10u1 [01 Jan 2021] DSA-4822-1 p11-kit - security update {CVE-2020-29361 CVE-2020-29362 CVE-2020-29363} [buster] - p11-kit 0.23.15-2+deb10u1 [28 Dec 2020] DSA-4821-1 roundcube - security update {CVE-2020-35730} [buster] - roundcube 1.3.16+dfsg.1-1~deb10u1 [27 Dec 2020] DSA-4820-1 horizon - security update {CVE-2020-29565} [buster] - horizon 3:14.0.2-3+deb10u2 [27 Dec 2020] DSA-4809-2 python-apt - regression update [buster] - python-apt 1.8.4.3 [26 Dec 2020] DSA-4819-1 kitty - security update {CVE-2020-35605} [buster] - kitty 0.13.3-1+deb10u1 [23 Dec 2020] DSA-4818-1 sympa - security update {CVE-2020-9369 CVE-2020-10936 CVE-2020-26932 CVE-2020-29668} [buster] - sympa 6.2.40~dfsg-1+deb10u1 [22 Dec 2020] DSA-4797-2 webkit2gtk - regression update [buster] - webkit2gtk 2.30.4-1~deb10u1 [19 Dec 2020] DSA-4817-1 php-pear - security update {CVE-2020-28948 CVE-2020-28949} [buster] - php-pear 1:1.10.6+submodules+notgz-1.1+deb10u1 [19 Dec 2020] DSA-4810-2 lxml - regression update [buster] - lxml 4.3.2-1+deb10u2 [18 Dec 2020] DSA-4816-1 mediawiki - security update {CVE-2020-35475 CVE-2020-35477 CVE-2020-35479 CVE-2020-35480} [buster] - mediawiki 1:1.31.12-1~deb10u1 [17 Dec 2020] DSA-4815-1 thunderbird - security update {CVE-2020-16042 CVE-2020-26971 CVE-2020-26973 CVE-2020-26974 CVE-2020-26978 CVE-2020-35111 CVE-2020-35113} [buster] - thunderbird 1:78.6.0-1~deb10u1 [17 Dec 2020] DSA-4814-1 xerces-c - security update {CVE-2018-1311} [buster] - xerces-c 3.2.2+debian-1+deb10u1 [16 Dec 2020] DSA-4813-1 firefox-esr - security update {CVE-2020-16042 CVE-2020-26971 CVE-2020-26973 CVE-2020-26974 CVE-2020-26978 CVE-2020-35111 CVE-2020-35113} [buster] - firefox-esr 78.6.0esr-1~deb10u1 [15 Dec 2020] DSA-4812-1 xen - security update {CVE-2020-29479 CVE-2020-29480 CVE-2020-29481 CVE-2020-29482 CVE-2020-29483 CVE-2020-29484 CVE-2020-29485 CVE-2020-29486 CVE-2020-29566 CVE-2020-29570 CVE-2020-29571} [buster] - xen 4.11.4+57-g41a822c392-2 [15 Dec 2020] DSA-4811-1 libxstream-java - security update {CVE-2020-26217} [buster] - libxstream-java 1.4.11.1-1+deb10u1 [13 Dec 2020] DSA-4810-1 lxml - security update {CVE-2020-27783} [buster] - lxml 4.3.2-1+deb10u1 [09 Dec 2020] DSA-4809-1 python-apt - security update {CVE-2020-27351} [buster] - python-apt 1.8.4.2 [09 Dec 2020] DSA-4808-1 apt - security update {CVE-2020-27350} [buster] - apt 1.8.2.2 [08 Dec 2020] DSA-4807-1 openssl - security update {CVE-2020-1971} [buster] - openssl 1.1.1d-0+deb10u4 [07 Dec 2020] DSA-4806-1 minidlna - security update {CVE-2020-12695 CVE-2020-28926} [buster] - minidlna 1.2.1+dfsg-2+deb10u1 [07 Dec 2020] DSA-4805-1 trafficserver - security update {CVE-2020-17508 CVE-2020-17509} [buster] - trafficserver 8.0.2+ds-1+deb10u4 [04 Dec 2020] DSA-4804-1 xen - security update {CVE-2020-27670 CVE-2020-27671 CVE-2020-27672 CVE-2020-27674 CVE-2020-28368} [buster] - xen 4.11.4+57-g41a822c392-1 [04 Dec 2020] DSA-4803-1 xorg-server - security update {CVE-2020-14360 CVE-2020-25712} [buster] - xorg-server 2:1.20.4-1+deb10u2 [03 Dec 2020] DSA-4802-1 thunderbird - security update {CVE-2020-26970} [buster] - thunderbird 1:78.5.1-1~deb10u1 [01 Dec 2020] DSA-4801-1 brotli - security update {CVE-2020-8927} [buster] - brotli 1.0.7-2+deb10u1 [28 Nov 2020] DSA-4800-1 libproxy - security update {CVE-2020-25219 CVE-2020-26154} [buster] - libproxy 0.4.15-5+deb10u1 [28 Nov 2020] DSA-4799-1 x11vnc - security update {CVE-2020-29074} [buster] - x11vnc 0.9.13-6+deb10u1 [25 Nov 2020] DSA-4798-1 spip - security update {CVE-2020-28984} [buster] - spip 3.2.4-1+deb10u3 [23 Nov 2020] DSA-4797-1 webkit2gtk - security update {CVE-2020-9947 CVE-2020-9948 CVE-2020-9951 CVE-2020-9983 CVE-2020-13543 CVE-2020-13584 CVE-2021-1817 CVE-2021-1820 CVE-2021-1825 CVE-2021-1826 CVE-2021-30661} [buster] - webkit2gtk 2.30.3-1~deb10u1 [21 Nov 2020] DSA-4796-1 thunderbird - security update {CVE-2020-16012 CVE-2020-26951 CVE-2020-26953 CVE-2020-26956 CVE-2020-26958 CVE-2020-26959 CVE-2020-26960 CVE-2020-26961 CVE-2020-26965 CVE-2020-26968} [buster] - thunderbird 1:78.5.0-1~deb10u1 [21 Nov 2020] DSA-4795-1 krb5 - security update {CVE-2020-28196} [buster] - krb5 1.17-3+deb10u1 [21 Nov 2020] DSA-4794-1 mupdf - security update {CVE-2020-26519} [buster] - mupdf 1.14.0+ds1-4+deb10u2 [18 Nov 2020] DSA-4793-1 firefox-esr - security update {CVE-2020-16012 CVE-2020-26951 CVE-2020-26953 CVE-2020-26956 CVE-2020-26958 CVE-2020-26959 CVE-2020-26960 CVE-2020-26961 CVE-2020-26965 CVE-2020-26968} [buster] - firefox-esr 78.5.0esr-1~deb10u1 [17 Nov 2020] DSA-4792-1 openldap - security update {CVE-2020-25709 CVE-2020-25710} [buster] - openldap 2.4.47+dfsg-3+deb10u4 [13 Nov 2020] DSA-4791-1 pacemaker - security update {CVE-2020-25654} [buster] - pacemaker 2.0.1-5+deb10u1 [12 Nov 2020] DSA-4790-1 thunderbird - security update {CVE-2020-26950} [buster] - thunderbird 1:78.4.2-1~deb10u1 [12 Nov 2020] DSA-4789-1 codemirror-js - security update {CVE-2020-7760} [buster] - codemirror-js 5.43.0-1+deb10u1 [10 Nov 2020] DSA-4788-1 firefox-esr - security update {CVE-2020-26950} [buster] - firefox-esr 78.4.1esr-1~deb10u1 [09 Nov 2020] DSA-4787-1 moin - security update {CVE-2020-15275 CVE-2020-25074} [buster] - moin 1.9.9-1+deb10u1 [08 Nov 2020] DSA-4786-1 libexif - security update {CVE-2020-0452} [buster] - libexif 0.6.21-5.1+deb10u5 [07 Nov 2020] DSA-4785-1 raptor2 - security update {CVE-2017-18926} [buster] - raptor2 2.0.14-1.1~deb10u1 [06 Nov 2020] DSA-4784-1 wordpress - security update {CVE-2020-28032 CVE-2020-28033 CVE-2020-28034 CVE-2020-28035 CVE-2020-28036 CVE-2020-28037 CVE-2020-28038 CVE-2020-28039 CVE-2020-28040} [buster] - wordpress 5.0.11+dfsg1-0+deb10u1 [05 Nov 2020] DSA-4783-1 sddm - security update {CVE-2020-28049} [buster] - sddm 0.18.0-1+deb10u1 [30 Oct 2020] DSA-4782-1 openldap - security update {CVE-2020-25692} [buster] - openldap 2.4.47+dfsg-3+deb10u3 [27 Oct 2020] DSA-4781-1 blueman - security update {CVE-2020-15238} [buster] - blueman 2.0.8-1+deb10u1 [25 Oct 2020] DSA-4780-1 thunderbird - security update {CVE-2020-15683 CVE-2020-15969} [buster] - thunderbird 1:78.4.0-1~deb10u1 [25 Oct 2020] DSA-4779-1 openjdk-11 - security update {CVE-2020-14779 CVE-2020-14781 CVE-2020-14782 CVE-2020-14792 CVE-2020-14796 CVE-2020-14797 CVE-2020-14798 CVE-2020-14803} [buster] - openjdk-11 11.0.9+11-1~deb10u1 [21 Oct 2020] DSA-4778-1 firefox-esr - security update {CVE-2020-15683 CVE-2020-15969} [buster] - firefox-esr 78.4.0esr-1~deb10u2 [21 Oct 2020] DSA-4777-1 freetype - security update {CVE-2020-15999} [buster] - freetype 2.9.1-3+deb10u2 [20 Oct 2020] DSA-4776-1 mariadb-10.3 - security update {CVE-2020-15180} [buster] - mariadb-10.3 1:10.3.25-0+deb10u1 [19 Oct 2020] DSA-4775-1 python-flask-cors - security update {CVE-2020-25032} [buster] - python-flask-cors 3.0.7-1+deb10u1 [19 Oct 2020] DSA-4774-1 linux - security update {CVE-2020-12351 CVE-2020-12352 CVE-2020-25211 CVE-2020-25643 CVE-2020-25645} [buster] - linux 4.19.152-1 [16 Oct 2020] DSA-4773-1 yaws - security update {CVE-2020-24379 CVE-2020-24916} [buster] - yaws 2.0.6+dfsg-1+deb10u1 [14 Oct 2020] DSA-4772-1 httpcomponents-client - security update {CVE-2020-13956} [buster] - httpcomponents-client 4.5.7-1+deb10u1 [11 Oct 2020] DSA-4771-1 spice - security update {CVE-2020-14355} [buster] - spice 0.14.0-1.3+deb10u1 [06 Oct 2020] DSA-4770-1 thunderbird - security update {CVE-2020-15673 CVE-2020-15676 CVE-2020-15677 CVE-2020-15678} [buster] - thunderbird 1:78.3.1-2~deb10u2 [02 Oct 2020] DSA-4769-1 xen - security update {CVE-2020-25595 CVE-2020-25596 CVE-2020-25597 CVE-2020-25599 CVE-2020-25600 CVE-2020-25601 CVE-2020-25602 CVE-2020-25603 CVE-2020-25604} [buster] - xen 4.11.4+37-g3263f257ca-1 [28 Sep 2020] DSA-4768-1 firefox-esr - security update {CVE-2020-15673 CVE-2020-15676 CVE-2020-15677 CVE-2020-15678} [buster] - firefox-esr 78.3.0esr-1~deb10u1 [25 Sep 2020] DSA-4767-1 mediawiki - security update {CVE-2020-15005 CVE-2020-17367 CVE-2020-17368 CVE-2020-25812 CVE-2020-25813 CVE-2020-25814 CVE-2020-25827 CVE-2020-25828} [buster] - mediawiki 1:1.31.10-1~deb10u1 [24 Sep 2020] DSA-4766-1 rails - security update {CVE-2020-8162 CVE-2020-8164 CVE-2020-8165 CVE-2020-8166 CVE-2020-8167 CVE-2020-15169} [buster] - rails 2:5.2.2.1+dfsg-1+deb10u2 [18 Sep 2020] DSA-4765-1 modsecurity - security update {CVE-2020-15598} [buster] - modsecurity 3.0.3-1+deb10u2 [18 Sep 2020] DSA-4764-1 inspircd - security update {CVE-2019-20917 CVE-2020-25269} [buster] - inspircd 2.0.27-1+deb10u1 [14 Sep 2020] DSA-4763-1 teeworlds - security update {CVE-2020-12066} [buster] - teeworlds 0.7.2-5+deb10u1 [07 Sep 2020] DSA-4762-1 lemonldap-ng - security update {CVE-2020-24660} [buster] - lemonldap-ng 2.0.2+ds-7+deb10u5 [07 Sep 2020] DSA-4761-1 zeromq3 - security update {CVE-2020-15166} [buster] - zeromq3 4.3.1-4+deb10u2 [06 Sep 2020] DSA-4760-1 qemu - security update {CVE-2020-12829 CVE-2020-14364 CVE-2020-15863 CVE-2020-16092} [buster] - qemu 1:3.1+dfsg-8+deb10u8 [04 Sep 2020] DSA-4759-1 ark - security update {CVE-2020-24654} [buster] - ark 4:18.08.3-1+deb10u2 [04 Sep 2020] DSA-4758-1 xorg-server - security update {CVE-2020-14345 CVE-2020-14346 CVE-2020-14347 CVE-2020-14361 CVE-2020-14362} [buster] - xorg-server 2:1.20.4-1+deb10u1 [31 Aug 2020] DSA-4757-1 apache2 - security update {CVE-2020-1927 CVE-2020-1934 CVE-2020-9490 CVE-2020-11984 CVE-2020-11993} [buster] - apache2 2.4.38-3+deb10u4 [29 Aug 2020] DSA-4756-1 lilypond - security update {CVE-2020-17353} [buster] - lilypond 2.19.81+really-2.18.2-13+deb10u1 [29 Aug 2020] DSA-4755-1 openexr - security update {CVE-2017-9111 CVE-2017-9113 CVE-2017-9115 CVE-2018-18444 CVE-2020-11758 CVE-2020-11759 CVE-2020-11760 CVE-2020-11761 CVE-2020-11762 CVE-2020-11763 CVE-2020-11764 CVE-2020-11765 CVE-2020-15305 CVE-2020-15306} [buster] - openexr 2.2.1-4.1+deb10u1 [29 Aug 2020] DSA-4754-1 thunderbird - security update {CVE-2020-15664 CVE-2020-15669} [buster] - thunderbird 1:68.12.0-1~deb10u1 [29 Aug 2020] DSA-4753-1 mupdf - security update {CVE-2019-13290} [buster] - mupdf 1.14.0+ds1-4+deb10u1 [27 Aug 2020] DSA-4752-1 bind9 - security update {CVE-2020-8619 CVE-2020-8622 CVE-2020-8623 CVE-2020-8624} [buster] - bind9 1:9.11.5.P4+dfsg-5.1+deb10u2 [27 Aug 2020] DSA-4751-1 squid - security update {CVE-2020-15810 CVE-2020-15811 CVE-2020-24606} [buster] - squid 4.6-1+deb10u4 [26 Aug 2020] DSA-4750-1 nginx - security update {CVE-2020-11724} [buster] - nginx 1.14.2-2+deb10u3 [26 Aug 2020] DSA-4749-1 firefox-esr - security update {CVE-2020-15664 CVE-2020-15669} [buster] - firefox-esr 68.12.0esr-1~deb10u1 [25 Aug 2020] DSA-4748-1 ghostscript - security update {CVE-2020-16287 CVE-2020-16288 CVE-2020-16289 CVE-2020-16290 CVE-2020-16291 CVE-2020-16292 CVE-2020-16293 CVE-2020-16294 CVE-2020-16295 CVE-2020-16296 CVE-2020-16297 CVE-2020-16298 CVE-2020-16299 CVE-2020-16300 CVE-2020-16301 CVE-2020-16302 CVE-2020-16303 CVE-2020-16304 CVE-2020-16305 CVE-2020-16306 CVE-2020-16307 CVE-2020-16308 CVE-2020-16309 CVE-2020-16310 CVE-2020-17538} [buster] - ghostscript 9.27~dfsg-2+deb10u4 [23 Aug 2020] DSA-4747-1 icingaweb2 - security update {CVE-2020-24368} [buster] - icingaweb2 2.6.2-3+deb10u1 [15 Aug 2020] DSA-4746-1 net-snmp - security update {CVE-2020-15861 CVE-2020-15862} [buster] - net-snmp 5.7.3+dfsg-5+deb10u1 [12 Aug 2020] DSA-4745-1 dovecot - security update {CVE-2020-12100 CVE-2020-12673 CVE-2020-12674} [buster] - dovecot 1:2.3.4.1-5+deb10u3 [12 Aug 2020] DSA-4744-1 roundcube - security update {CVE-2020-16145} [buster] - roundcube 1.3.15+dfsg.1-1~deb10u1 [10 Aug 2020] DSA-4743-1 ruby-kramdown - security update {CVE-2020-14001} [buster] - ruby-kramdown 1.17.0-1+deb10u1 [06 Aug 2020] DSA-4742-1 firejail - security update {CVE-2020-17367 CVE-2020-17368} [buster] - firejail 0.9.58.2-2+deb10u1 [05 Aug 2020] DSA-4741-1 json-c - security update {CVE-2020-12762} [buster] - json-c 0.12.1+ds-2+deb10u1 [02 Aug 2020] DSA-4740-1 thunderbird - security update {CVE-2020-6463 CVE-2020-6514 CVE-2020-15652 CVE-2020-15659} [buster] - thunderbird 1:68.11.0-1~deb10u1 [03 Aug 2020] DSA-4739-1 webkit2gtk - security update {CVE-2020-9862 CVE-2020-9893 CVE-2020-9894 CVE-2020-9895 CVE-2020-9915 CVE-2020-9925 CVE-2020-9952} [buster] - webkit2gtk 2.28.4-1~deb10u1 [31 Jul 2020] DSA-4738-1 ark - security update {CVE-2020-16116} [buster] - ark 4:18.08.3-1+deb10u1 [30 Jul 2020] DSA-4735-2 grub2 - regression update [buster] - grub2 2.02+dfsg1-20+deb10u2 [29 Jul 2020] DSA-4737-1 xrdp - security update {CVE-2020-4044} [buster] - xrdp 0.9.9-1+deb10u1 [29 Jul 2020] DSA-4736-1 firefox-esr - security update {CVE-2020-6463 CVE-2020-6514 CVE-2020-15652 CVE-2020-15659} [buster] - firefox-esr 68.11.0esr-1~deb10u1 [29 Jul 2020] DSA-4735-1 grub2 - security update {CVE-2020-10713 CVE-2020-14308 CVE-2020-14309 CVE-2020-14310 CVE-2020-14311 CVE-2020-15706 CVE-2020-15707} [buster] - grub2 2.02+dfsg1-20+deb10u1 [26 Jul 2020] DSA-4734-1 openjdk-11 - security update {CVE-2020-14556 CVE-2020-14562 CVE-2020-14573 CVE-2020-14577 CVE-2020-14578 CVE-2020-14579 CVE-2020-14581 CVE-2020-14583 CVE-2020-14593 CVE-2020-14621} [buster] - openjdk-11 11.0.8+10-1~deb10u1 [24 Jul 2020] DSA-4733-1 qemu - security update {CVE-2020-8608} [buster] - qemu 1:3.1+dfsg-8+deb10u7 [21 Jul 2020] DSA-4732-1 squid - security update {CVE-2019-18860 CVE-2020-15049} [buster] - squid 4.6-1+deb10u3 [19 Jul 2020] DSA-4731-1 redis - security update {CVE-2020-14147} [buster] - redis 5:5.0.3-4+deb10u2 [19 Jul 2020] DSA-4730-1 ruby-sanitize - security update {CVE-2020-4054} [buster] - ruby-sanitize 4.6.6-2.1~deb10u1 [19 Jul 2020] DSA-4729-1 libopenmpt - security update {CVE-2019-14380 CVE-2019-17113} [buster] - libopenmpt 0.4.3-1+deb10u1 [19 Jul 2020] DSA-4728-1 qemu - security update {CVE-2020-10756 CVE-2020-13361 CVE-2020-13362 CVE-2020-13659 CVE-2020-13754 CVE-2020-13765} [buster] - qemu 1:3.1+dfsg-8+deb10u6 [17 Jul 2020] DSA-4727-1 tomcat9 - security update {CVE-2020-9484 CVE-2020-11996 CVE-2020-13934 CVE-2020-13935} [buster] - tomcat9 9.0.31-1~deb10u2 [17 Jul 2020] DSA-4726-1 nss - security update {CVE-2019-17006 CVE-2019-17023 CVE-2020-12399 CVE-2020-12402} [buster] - nss 2:3.42.1-1+deb10u3 [15 Jul 2020] DSA-4725-1 evolution-data-server - security update {CVE-2020-14928} [buster] - evolution-data-server 3.30.5-1+deb10u1 [15 Jul 2020] DSA-4724-1 webkit2gtk - security update {CVE-2020-9802 CVE-2020-9803 CVE-2020-9805 CVE-2020-9806 CVE-2020-9807 CVE-2020-9843 CVE-2020-9850 CVE-2020-13753} [buster] - webkit2gtk 2.28.3-2~deb10u1 [13 Jul 2020] DSA-4714-3 chromium - regression update [buster] - chromium 83.0.4103.116-1~deb10u3 [12 Jul 2020] DSA-4723-1 xen - security update {CVE-2020-11739 CVE-2020-11740 CVE-2020-11741 CVE-2020-11742 CVE-2020-11743 CVE-2020-15563 CVE-2020-15564 CVE-2020-15565 CVE-2020-15566 CVE-2020-15567} [buster] - xen 4.11.4+24-gddaaccbbab-1~deb10u1 [08 Jul 2020] DSA-4722-1 ffmpeg - security update {CVE-2019-13390 CVE-2019-17539 CVE-2019-17542 CVE-2020-12284 CVE-2020-13904 CVE-2020-20902 CVE-2020-20448} [buster] - ffmpeg 7:4.1.6-1~deb10u1 [08 Jul 2020] DSA-4721-1 ruby2.5 - security update {CVE-2020-10663 CVE-2020-10933} [buster] - ruby2.5 2.5.5-3+deb10u2 [08 Jul 2020] DSA-4720-1 roundcube - security update {CVE-2020-15562} [buster] - roundcube 1.3.14+dfsg.1-1~deb10u1 [06 Jul 2020] DSA-4719-1 php7.3 - security update {CVE-2019-11048 CVE-2020-7062 CVE-2020-7063 CVE-2020-7064 CVE-2020-7065 CVE-2020-7066 CVE-2020-7067} [buster] - php7.3 7.3.19-1~deb10u1 [05 Jul 2020] DSA-4718-1 thunderbird - security update {CVE-2020-12417 CVE-2020-12418 CVE-2020-12419 CVE-2020-12420 CVE-2020-12421 CVE-2020-15646} [stretch] - thunderbird 1:68.10.0-1~deb9u1 [buster] - thunderbird 1:68.10.0-1~deb10u1 [05 Jul 2020] DSA-4717-1 php7.0 - security update {CVE-2019-11048 CVE-2020-7062 CVE-2020-7063 CVE-2020-7064 CVE-2020-7066 CVE-2020-7067} [stretch] - php7.0 7.0.33-0+deb9u8 [04 Jul 2020] DSA-4714-2 chromium - regression update [buster] - chromium 83.0.4103.116-1~deb10u2 [02 Jul 2020] DSA-4716-1 docker.io - security update {CVE-2020-13401} [buster] - docker.io 18.09.1+dfsg1-7.1+deb10u2 [02 Jul 2020] DSA-4715-1 imagemagick - security update {CVE-2019-13300 CVE-2019-13304 CVE-2019-13305 CVE-2019-13306 CVE-2019-13307 CVE-2019-15140 CVE-2019-19948} [stretch] - imagemagick 8:6.9.7.4+dfsg-11+deb9u8 [01 Jul 2020] DSA-4714-1 chromium - security update {CVE-2020-6423 CVE-2020-6430 CVE-2020-6431 CVE-2020-6432 CVE-2020-6433 CVE-2020-6434 CVE-2020-6435 CVE-2020-6436 CVE-2020-6437 CVE-2020-6438 CVE-2020-6439 CVE-2020-6440 CVE-2020-6441 CVE-2020-6442 CVE-2020-6443 CVE-2020-6444 CVE-2020-6445 CVE-2020-6446 CVE-2020-6447 CVE-2020-6448 CVE-2020-6454 CVE-2020-6455 CVE-2020-6456 CVE-2020-6457 CVE-2020-6458 CVE-2020-6459 CVE-2020-6460 CVE-2020-6461 CVE-2020-6462 CVE-2020-6463 CVE-2020-6464 CVE-2020-6465 CVE-2020-6466 CVE-2020-6467 CVE-2020-6468 CVE-2020-6469 CVE-2020-6470 CVE-2020-6471 CVE-2020-6472 CVE-2020-6473 CVE-2020-6474 CVE-2020-6475 CVE-2020-6476 CVE-2020-6478 CVE-2020-6479 CVE-2020-6480 CVE-2020-6481 CVE-2020-6482 CVE-2020-6483 CVE-2020-6484 CVE-2020-6485 CVE-2020-6486 CVE-2020-6487 CVE-2020-6488 CVE-2020-6489 CVE-2020-6490 CVE-2020-6491 CVE-2020-6492 CVE-2020-6493 CVE-2020-6494 CVE-2020-6495 CVE-2020-6496 CVE-2020-6497 CVE-2020-6498 CVE-2020-6505 CVE-2020-6506 CVE-2020-6507 CVE-2020-6509 CVE-2020-6831} [buster] - chromium 83.0.4103.116-1~deb10u1 [01 Jul 2020] DSA-4713-1 firefox-esr - security update {CVE-2020-12417 CVE-2020-12418 CVE-2020-12419 CVE-2020-12420 CVE-2020-12421} [stretch] - firefox-esr 68.10.0esr-1~deb9u1 [buster] - firefox-esr 68.10.0esr-1~deb10u1 [30 Jun 2020] DSA-4712-1 imagemagick - security update {CVE-2019-7175 CVE-2019-7395 CVE-2019-7396 CVE-2019-7397 CVE-2019-7398 CVE-2019-10649 CVE-2019-11470 CVE-2019-11472 CVE-2019-11597 CVE-2019-11598 CVE-2019-12974 CVE-2019-12975 CVE-2019-12976 CVE-2019-12977 CVE-2019-12978 CVE-2019-12979 CVE-2019-13135 CVE-2019-13137 CVE-2019-13295 CVE-2019-13297 CVE-2019-13300 CVE-2019-13301 CVE-2019-13304 CVE-2019-13305 CVE-2019-13306 CVE-2019-13307 CVE-2019-13308 CVE-2019-13309 CVE-2019-13311 CVE-2019-13454 CVE-2019-14981 CVE-2019-15139 CVE-2019-15140 CVE-2019-16708 CVE-2019-16710 CVE-2019-16711 CVE-2019-16713 CVE-2019-19948 CVE-2019-19949 CVE-2019-13391 CVE-2019-16712} [buster] - imagemagick 8:6.9.10.23+dfsg-2.1+deb10u1 [29 Jun 2020] DSA-4711-1 coturn - security update {CVE-2020-4067 CVE-2020-6061 CVE-2020-6062} [stretch] - coturn 4.5.0.5-1+deb9u2 [buster] - coturn 4.5.1.1-1.1+deb10u1 [27 Jun 2020] DSA-4710-1 trafficserver - security update {CVE-2020-9494} [buster] - trafficserver 8.0.2+ds-1+deb10u3 [23 Jun 2020] DSA-4709-1 wordpress - security update {CVE-2020-4047 CVE-2020-4048 CVE-2020-4049 CVE-2020-4050 CVE-2020-25286} [buster] - wordpress 5.0.10+dfsg1-0+deb10u1 [21 Jun 2020] DSA-4708-1 neomutt - security update {CVE-2020-14093 CVE-2020-14954} [buster] - neomutt 20180716+dfsg.1-1+deb10u1 [19 Jun 2020] DSA-4707-1 mutt - security update {CVE-2020-14093 CVE-2020-14954} [stretch] - mutt 1.7.2-1+deb9u3 [buster] - mutt 1.10.1-2.1+deb10u2 [18 Jun 2020] DSA-4706-1 drupal7 - security update {CVE-2020-13663} [stretch] - drupal7 7.52-2+deb9u11 [18 Jun 2020] DSA-4705-1 python-django - security update {CVE-2020-13254 CVE-2020-13596} [stretch] - python-django 1:1.10.7-2+deb9u9 [buster] - python-django 1:1.11.29-1~deb10u1 [16 Jun 2020] DSA-4704-1 vlc - security update {CVE-2020-13428} [stretch] - vlc 3.0.11-0+deb9u1 [buster] - vlc 3.0.11-0+deb10u1 [11 Jun 2020] DSA-4703-1 mysql-connector-java - security update {CVE-2020-2875 CVE-2020-2933 CVE-2020-2934} [stretch] - mysql-connector-java 5.1.49-0+deb9u1 [11 Jun 2020] DSA-4702-1 thunderbird - security update {CVE-2020-12410 CVE-2020-12406 CVE-2020-12405 CVE-2020-12399 CVE-2020-12398} [stretch] - thunderbird 1:68.9.0-1~deb9u1 [buster] - thunderbird 1:68.9.0-1~deb10u1 [11 Jun 2020] DSA-4701-1 intel-microcode - security update {CVE-2020-0543 CVE-2020-0548 CVE-2020-0549} [stretch] - intel-microcode 3.20200609.2~deb9u1 [buster] - intel-microcode 3.20200609.2~deb10u1 [11 Jun 2020] DSA-4700-1 roundcube - security update {CVE-2020-13964 CVE-2020-13965} [stretch] - roundcube 1.2.3+dfsg.1-4+deb9u5 [buster] - roundcube 1.3.13+dfsg.1-1~deb10u1 [09 Jun 2020] DSA-4699-1 linux - security update {CVE-2019-3016 CVE-2019-19462 CVE-2020-0543 CVE-2020-10711 CVE-2020-10732 CVE-2020-10751 CVE-2020-10757 CVE-2020-12114 CVE-2020-12464 CVE-2020-12768 CVE-2020-12770 CVE-2020-13143} [buster] - linux 4.19.118-2+deb10u1 [09 Jun 2020] DSA-4698-1 linux - security update {CVE-2019-2182 CVE-2019-5108 CVE-2019-19319 CVE-2019-19462 CVE-2019-19768 CVE-2019-20806 CVE-2019-20811 CVE-2020-0543 CVE-2020-2732 CVE-2020-8428 CVE-2020-8647 CVE-2020-8648 CVE-2020-8649 CVE-2020-9383 CVE-2020-10711 CVE-2020-10732 CVE-2020-10751 CVE-2020-10757 CVE-2020-10942 CVE-2020-11494 CVE-2020-11565 CVE-2020-11608 CVE-2020-11609 CVE-2020-11668 CVE-2020-12114 CVE-2020-12464 CVE-2020-12652 CVE-2020-12653 CVE-2020-12654 CVE-2020-12770 CVE-2020-13143} [stretch] - linux 4.9.210-1+deb9u1 [06 Jun 2020] DSA-4697-1 gnutls28 - security update {CVE-2020-13777} [buster] - gnutls28 3.6.7-4+deb10u4 [06 Jun 2020] DSA-4696-1 nodejs - security update {CVE-2020-8174 CVE-2020-11080} [buster] - nodejs 10.21.0~dfsg-1~deb10u1 [03 Jun 2020] DSA-4695-1 firefox-esr - security update {CVE-2020-12399 CVE-2020-12405 CVE-2020-12406 CVE-2020-12410} [stretch] - firefox-esr 68.9.0esr-1~deb9u1 [buster] - firefox-esr 68.9.0esr-1~deb10u1 [26 May 2020] DSA-4694-1 unbound - security update {CVE-2020-12662 CVE-2020-12663} [buster] - unbound 1.9.0-2+deb10u2 [26 May 2020] DSA-4693-1 drupal7 - security update {CVE-2020-11022 CVE-2020-11023 CVE-2020-13662} [stretch] - drupal7 7.52-2+deb9u10 [24 May 2020] DSA-4692-1 netqmail - security update {CVE-2005-1513 CVE-2005-1514 CVE-2005-1515 CVE-2020-3811 CVE-2020-3812} [stretch] - netqmail 1.06-6.2~deb9u1 [buster] - netqmail 1.06-6.2~deb10u1 [21 May 2020] DSA-4691-1 pdns-recursor - security update {CVE-2020-10995 CVE-2020-12244} [buster] - pdns-recursor 4.1.11-1+deb10u1 [20 May 2020] DSA-4690-1 dovecot - security update {CVE-2020-10957 CVE-2020-10958 CVE-2020-10967} [buster] - dovecot 1:2.3.4.1-5+deb10u2 [19 May 2020] DSA-4689-1 bind9 - security update {CVE-2020-8616 CVE-2020-8617} [stretch] - bind9 1:9.10.3.dfsg.P4-12.3+deb9u6 [buster] - bind9 1:9.11.5.P4+dfsg-5.1+deb10u1 [18 May 2020] DSA-4688-1 dpdk - security update {CVE-2020-10722} [stretch] - dpdk 16.11.11-1+deb9u2 [buster] - dpdk 18.11.6-1~deb10u2 [16 May 2020] DSA-4687-1 exim4 - security update {CVE-2020-12783} [stretch] - exim4 4.89-2+deb9u7 [buster] - exim4 4.92-8+deb10u4 [16 May 2020] DSA-4686-1 apache-log4j1.2 - security update {CVE-2019-17571} [stretch] - apache-log4j1.2 1.2.17-7+deb9u1 [buster] - apache-log4j1.2 1.2.17-8+deb10u1 [14 May 2020] DSA-4685-1 apt - security update {CVE-2020-3810} [stretch] - apt 1.4.10 [buster] - apt 1.8.2.1 [13 May 2020] DSA-4684-1 libreswan - security update {CVE-2020-1763} [buster] - libreswan 3.27-6+deb10u1 [08 May 2020] DSA-4683-1 thunderbird - security update {CVE-2020-6831 CVE-2020-12387 CVE-2020-12392 CVE-2020-12395 CVE-2020-12397} [stretch] - thunderbird 1:68.8.0-1~deb9u1 [buster] - thunderbird 1:68.8.0-1~deb10u1 [08 May 2020] DSA-4682-1 squid - security update {CVE-2019-12519 CVE-2019-12520 CVE-2019-12521 CVE-2019-12523 CVE-2019-12524 CVE-2019-12526 CVE-2019-12528 CVE-2019-18676 CVE-2019-18677 CVE-2019-18678 CVE-2019-18679 CVE-2020-8449 CVE-2020-8450 CVE-2020-11945} [buster] - squid 4.6-1+deb10u2 [07 May 2020] DSA-4676-2 salt - security update {CVE-2020-11651 CVE-2020-11652} [stretch] - salt 2016.11.2+ds-1+deb9u4 [07 May 2020] DSA-4681-1 webkit2gtk - security update {CVE-2020-3885 CVE-2020-3894 CVE-2020-3895 CVE-2020-3897 CVE-2020-3899 CVE-2020-3900 CVE-2020-3901 CVE-2020-3902 CVE-2021-30762} [buster] - webkit2gtk 2.28.2-2~deb10u1 [06 May 2020] DSA-4680-1 tomcat9 - security update {CVE-2019-10072 CVE-2019-12418 CVE-2019-17563 CVE-2019-17569 CVE-2020-1935 CVE-2020-1938} [buster] - tomcat9 9.0.31-1~deb10u1 [06 May 2020] DSA-4679-1 keystone - security update {CVE-2020-12689 CVE-2020-12690 CVE-2020-12691 CVE-2020-12692} [buster] - keystone 2:14.2.0-0+deb10u1 [06 May 2020] DSA-4678-1 firefox-esr - security update {CVE-2020-6831 CVE-2020-12387 CVE-2020-12392 CVE-2020-12395} [stretch] - firefox-esr 68.8.0esr-1~deb9u1 [buster] - firefox-esr 68.8.0esr-1~deb10u1 [06 May 2020] DSA-4677-1 wordpress - security update {CVE-2020-11025 CVE-2020-11026 CVE-2020-11027 CVE-2020-11028 CVE-2020-11029} [stretch] - wordpress 4.7.5+dfsg-2+deb9u6 [buster] - wordpress 5.0.4+dfsg1-1+deb10u2 [06 May 2020] DSA-4676-1 salt - security update {CVE-2019-17361 CVE-2020-11651 CVE-2020-11652} [stretch] - salt 2016.11.2+ds-1+deb9u3 [buster] - salt 2018.3.4+dfsg1-6+deb10u1 [05 May 2020] DSA-4675-1 graphicsmagick - security update {CVE-2019-12921 CVE-2020-10938} [stretch] - graphicsmagick 1.3.30+hg15796-1~deb9u4 [buster] - graphicsmagick 1.4+really1.3.35-1~deb10u1 [05 May 2020] DSA-4674-1 roundcube - security update {CVE-2020-12625 CVE-2020-12626} [stretch] - roundcube 1.2.3+dfsg.1-4+deb9u4 [buster] - roundcube 1.3.11+dfsg.1-1~deb10u1 [03 May 2020] DSA-4673-1 tomcat8 - security update {CVE-2019-17569 CVE-2020-1935 CVE-2020-1938} [stretch] - tomcat8 8.5.54-0+deb9u1 [01 May 2020] DSA-4672-1 trafficserver - security update {CVE-2019-17559 CVE-2019-17565 CVE-2020-1944 CVE-2020-9481} [buster] - trafficserver 8.0.2+ds-1+deb10u2 [30 Apr 2020] DSA-4671-1 vlc - security update {CVE-2020-6071 CVE-2020-6072 CVE-2020-6073 CVE-2020-6077 CVE-2020-6078 CVE-2020-6079 CVE-2020-6080 CVE-2019-19721} [stretch] - vlc 3.0.10-0+deb9u1 [buster] - vlc 3.0.10-0+deb10u1 [29 Apr 2020] DSA-4670-1 tiff - security update {CVE-2018-12900 CVE-2018-17000 CVE-2018-17100 CVE-2018-19210 CVE-2019-7663 CVE-2019-14973 CVE-2019-17546} [stretch] - tiff 4.0.8-2+deb9u5 [29 Apr 2020] DSA-4669-1 nodejs - security update {CVE-2019-9511 CVE-2019-9513 CVE-2019-9514 CVE-2019-15604 CVE-2019-15605 CVE-2019-15606} [buster] - nodejs 10.19.0~dfsg1-1 [28 Apr 2020] DSA-4668-1 openjdk-8 - security update {CVE-2020-2754 CVE-2020-2755 CVE-2020-2756 CVE-2020-2757 CVE-2020-2773 CVE-2020-2781 CVE-2020-2800 CVE-2020-2803 CVE-2020-2805 CVE-2020-2830} [stretch] - openjdk-8 8u252-b09-1~deb9u1 [28 Apr 2020] DSA-4667-1 linux - security update {CVE-2020-2732 CVE-2020-8428 CVE-2020-10942 CVE-2020-11565 CVE-2020-11884} [buster] - linux 4.19.98-1+deb10u1 [28 Apr 2020] DSA-4666-1 openldap - security update {CVE-2020-12243} [stretch] - openldap 2.4.44+dfsg-5+deb9u4 [buster] - openldap 2.4.47+dfsg-3+deb10u2 [27 Apr 2020] DSA-4665-1 qemu - security update {CVE-2019-12068 CVE-2019-15034 CVE-2019-20382 CVE-2020-1983 CVE-2020-11947} [buster] - qemu 1:3.1+dfsg-8+deb10u5 [26 Apr 2020] DSA-4664-1 mailman - security update {CVE-2020-12137} [stretch] - mailman 1:2.1.23-1+deb9u5 [buster] - mailman 1:2.1.29-1+deb10u1 [25 Apr 2020] DSA-4663-1 python-reportlab - security update {CVE-2019-17626} [stretch] - python-reportlab 3.3.0-2+deb9u1 [buster] - python-reportlab 3.5.13-1+deb10u1 [24 Apr 2020] DSA-4662-1 openjdk-11 - security update {CVE-2020-2754 CVE-2020-2755 CVE-2020-2756 CVE-2020-2757 CVE-2020-2767 CVE-2020-2773 CVE-2020-2778 CVE-2020-2781 CVE-2020-2800 CVE-2020-2803 CVE-2020-2805 CVE-2020-2816 CVE-2020-2830} [buster] - openjdk-11 11.0.7+10-3~deb10u1 [21 Apr 2020] DSA-4661-1 openssl - security update {CVE-2020-1967} [buster] - openssl 1.1.1d-0+deb10u3 [21 Apr 2020] DSA-4660-1 awl - security update {CVE-2020-11728 CVE-2020-11729} [stretch] - awl 0.57-1+deb9u1 [buster] - awl 0.60-1+deb10u1 [20 Apr 2020] DSA-4659-1 git - security update {CVE-2020-11008} [stretch] - git 1:2.11.0-3+deb9u7 [buster] - git 1:2.20.1-2+deb10u3 [16 Apr 2020] DSA-4658-1 webkit2gtk - security update {CVE-2020-11793} [buster] - webkit2gtk 2.26.4-1~deb10u3 [14 Apr 2020] DSA-4657-1 git - security update {CVE-2020-5260} [stretch] - git 1:2.11.0-3+deb9u6 [buster] - git 1:2.20.1-2+deb10u2 [13 Apr 2020] DSA-4656-1 thunderbird - security update {CVE-2020-6819 CVE-2020-6820 CVE-2020-6821 CVE-2020-6822 CVE-2020-6825} [stretch] - thunderbird 1:68.7.0-1~deb9u1 [buster] - thunderbird 1:68.7.0-1~deb10u1 [08 Apr 2020] DSA-4655-1 firefox-esr - security update {CVE-2020-6821 CVE-2020-6822 CVE-2020-6825} [stretch] - firefox-esr 68.7.0esr-1~deb9u1 [buster] - firefox-esr 68.7.0esr-1~deb10u1 [07 Apr 2020] DSA-4654-1 chromium - security update {CVE-2020-6453 CVE-2020-6450 CVE-2020-6451 CVE-2020-6452} [buster] - chromium 80.0.3987.162-1~deb10u1 [04 Apr 2020] DSA-4653-1 firefox-esr - security update {CVE-2020-6819 CVE-2020-6820} [stretch] - firefox-esr 68.6.1esr-1~deb9u1 [buster] - firefox-esr 68.6.1esr-1~deb10u1 [04 Apr 2020] DSA-4652-1 gnutls28 - security update {CVE-2020-11501} [buster] - gnutls28 3.6.7-4+deb10u3 [02 Apr 2020] DSA-4651-1 mediawiki - security update {CVE-2020-10960} [buster] - mediawiki 1:1.31.7-1~deb10u1 [02 Apr 2020] DSA-4650-1 qbittorrent - security update {CVE-2019-13640} [stretch] - qbittorrent 3.3.7-3+deb9u1 [buster] - qbittorrent 4.1.5-1+deb10u1 [02 Apr 2020] DSA-4649-1 haproxy - security update {CVE-2020-11100} [buster] - haproxy 1.8.19-1+deb10u2 [31 Mar 2020] DSA-4648-1 libpam-krb5 - security update {CVE-2020-10595} [stretch] - libpam-krb5 4.7-4+deb9u1 [buster] - libpam-krb5 4.8-2+deb10u1 [26 Mar 2020] DSA-4647-1 bluez - security update {CVE-2020-0556} [stretch] - bluez 5.43-2+deb9u2 [buster] - bluez 5.50-1.2~deb10u1 [25 Mar 2020] DSA-4646-1 icu - security update {CVE-2020-10531} [stretch] - icu 57.1-6+deb9u4 [buster] - icu 63.1-6+deb10u1 [22 Mar 2020] DSA-4645-1 chromium - security update {CVE-2019-20503 CVE-2020-6422 CVE-2020-6424 CVE-2020-6425 CVE-2020-6426 CVE-2020-6427 CVE-2020-6428 CVE-2020-6429 CVE-2020-6449} [buster] - chromium 80.0.3987.149-1~deb10u1 [20 Mar 2020] DSA-4644-1 tor - security update {CVE-2020-10592} [buster] - tor 0.3.5.10-1 [20 Mar 2020] DSA-4643-1 python-bleach - security update {CVE-2020-6816} [buster] - python-bleach 3.1.2-0+deb10u1 [19 Mar 2020] DSA-4642-1 thunderbird - security update {CVE-2019-20503 CVE-2020-6805 CVE-2020-6806 CVE-2020-6807 CVE-2020-6811 CVE-2020-6812 CVE-2020-6814} [stretch] - thunderbird 1:68.6.0-1~deb9u1 [buster] - thunderbird 1:68.6.0-1~deb10u1 [16 Mar 2020] DSA-4641-1 webkit2gtk - security update {CVE-2020-10018} [buster] - webkit2gtk 2.26.4-1~deb10u2 [15 Mar 2020] DSA-4640-1 graphicsmagick - security update {CVE-2019-19950 CVE-2019-19951 CVE-2019-19953} [stretch] - graphicsmagick 1.3.30+hg15796-1~deb9u3 [buster] - graphicsmagick 1.4~hg15978-1+deb10u1 [11 Mar 2020] DSA-4639-1 firefox-esr - security update {CVE-2019-20503 CVE-2020-6805 CVE-2020-6806 CVE-2020-6807 CVE-2020-6811 CVE-2020-6812 CVE-2020-6814} [stretch] - firefox-esr 68.6.0esr-1~deb9u1 [buster] - firefox-esr 68.6.0esr-1~deb10u1 [10 Mar 2020] DSA-4638-1 chromium - security update {CVE-2019-19880 CVE-2019-19923 CVE-2019-19925 CVE-2019-19926 CVE-2020-6381 CVE-2020-6382 CVE-2020-6383 CVE-2020-6384 CVE-2020-6385 CVE-2020-6386 CVE-2020-6387 CVE-2020-6388 CVE-2020-6389 CVE-2020-6390 CVE-2020-6391 CVE-2020-6392 CVE-2020-6393 CVE-2020-6394 CVE-2020-6395 CVE-2020-6396 CVE-2020-6397 CVE-2020-6398 CVE-2020-6399 CVE-2020-6400 CVE-2020-6401 CVE-2020-6402 CVE-2020-6403 CVE-2020-6404 CVE-2020-6405 CVE-2020-6406 CVE-2020-6407 CVE-2020-6408 CVE-2020-6409 CVE-2020-6410 CVE-2020-6411 CVE-2020-6412 CVE-2020-6413 CVE-2020-6414 CVE-2020-6415 CVE-2020-6416 CVE-2020-6418 CVE-2020-6420 CVE-2020-6499 CVE-2020-6500 CVE-2020-6501 CVE-2020-6502} [buster] - chromium 80.0.3987.132-1~deb10u1 [09 Mar 2020] DSA-4637-1 network-manager-ssh - security update {CVE-2020-9355} [stretch] - network-manager-ssh 1.2.1-1+deb9u1 [buster] - network-manager-ssh 1.2.10-1+deb10u1 [28 Feb 2020] DSA-4636-1 python-bleach - security update {CVE-2020-6802} [buster] - python-bleach 3.1.1-0+deb10u1 [26 Feb 2020] DSA-4635-1 proftpd-dfsg - security update {CVE-2020-9273} [stretch] - proftpd-dfsg 1.3.5b-4+deb9u4 [buster] - proftpd-dfsg 1.3.6-4+deb10u4 [26 Feb 2020] DSA-4634-1 opensmtpd - security update {CVE-2020-8794} [stretch] - opensmtpd 6.0.2p1-2+deb9u3 [buster] - opensmtpd 6.0.3p1-5+deb10u4 [24 Feb 2020] DSA-4633-1 curl - security update {CVE-2019-5481 CVE-2019-5482} [stretch] - curl 7.52.1-5+deb9u10 [buster] - curl 7.64.0-4+deb10u1 [22 Feb 2020] DSA-4632-1 ppp - security update {CVE-2020-8597} [stretch] - ppp 2.4.7-1+4+deb9u1 [buster] - ppp 2.4.7-2+4.1+deb10u1 [21 Feb 2020] DSA-4631-1 pillow - security update {CVE-2019-19911 CVE-2020-5312 CVE-2020-5313} [stretch] - pillow 4.0.0-4+deb9u1 [buster] - pillow 5.4.1-2+deb10u1 [21 Feb 2020] DSA-4630-1 python-pysaml2 - security update {CVE-2020-5390} [stretch] - python-pysaml2 3.0.0-5+deb9u1 [buster] - python-pysaml2 4.5.0-4+deb10u1 [19 Feb 2020] DSA-4629-1 python-django - security update {CVE-2020-7471} [stretch] - python-django 1:1.10.7-2+deb9u8 [buster] - python-django 1:1.11.28-1~deb10u1 [18 Feb 2020] DSA-4628-1 php7.0 - security update {CVE-2019-11045 CVE-2019-11046 CVE-2019-11047 CVE-2019-11050 CVE-2020-7059 CVE-2020-7060} [stretch] - php7.0 7.0.33-0+deb9u7 [17 Feb 2020] DSA-4627-1 webkit2gtk - security update {CVE-2020-3862 CVE-2020-3864 CVE-2020-3865 CVE-2020-3867 CVE-2020-3868} [buster] - webkit2gtk 2.26.4-1~deb10u1 [17 Feb 2020] DSA-4626-1 php7.3 - security update {CVE-2019-11045 CVE-2019-11046 CVE-2019-11047 CVE-2019-11050 CVE-2020-7059 CVE-2020-7060} [buster] - php7.3 7.3.14-1~deb10u1 [15 Feb 2020] DSA-4625-1 thunderbird - security update {CVE-2020-6792 CVE-2020-6793 CVE-2020-6794 CVE-2020-6795 CVE-2020-6798 CVE-2020-6800} [stretch] - thunderbird 1:68.5.0-1~deb9u1 [buster] - thunderbird 1:68.5.0-1~deb10u1 [14 Feb 2020] DSA-4624-1 evince - security update {CVE-2017-1000159 CVE-2019-11459 CVE-2019-1010006} [stretch] - evince 3.22.1-3+deb9u2 [13 Feb 2020] DSA-4623-1 postgresql-11 - security update {CVE-2020-1720} [buster] - postgresql-11 11.7-0+deb10u1 [13 Feb 2020] DSA-4622-1 postgresql-9.6 - security update {CVE-2020-1720} [stretch] - postgresql-9.6 9.6.17-0+deb9u1 [12 Feb 2020] DSA-4621-1 openjdk-8 - security update {CVE-2020-2583 CVE-2020-2590 CVE-2020-2593 CVE-2020-2601 CVE-2020-2604 CVE-2020-2654 CVE-2020-2659} [stretch] - openjdk-8 8u242-b08-1~deb9u1 [12 Feb 2020] DSA-4620-1 firefox-esr - security update {CVE-2020-6796 CVE-2020-6798 CVE-2020-6800} [stretch] - firefox-esr 68.5.0esr-1~deb9u1 [buster] - firefox-esr 68.5.0esr-1~deb10u1 [06 Feb 2020] DSA-4619-1 libxmlrpc3-java - security update {CVE-2019-17570} [stretch] - libxmlrpc3-java 3.1.3-8+deb9u1 [buster] - libxmlrpc3-java 3.1.3-9+deb10u1 [06 Feb 2020] DSA-4618-1 libexif - security update {CVE-2019-9278 CVE-2020-0181} [stretch] - libexif 0.6.21-2+deb9u1 [buster] - libexif 0.6.21-5.1+deb10u1 [03 Feb 2020] DSA-4617-1 qtbase-opensource-src - security update {CVE-2020-0569 CVE-2020-24742} [stretch] - qtbase-opensource-src 5.7.1+dfsg-3+deb9u2 [buster] - qtbase-opensource-src 5.11.3+dfsg1-1+deb10u3 [02 Feb 2020] DSA-4616-1 qemu - security update {CVE-2019-15890 CVE-2020-7039} [stretch] - qemu 1:2.8+dfsg-6+deb9u9 [buster] - qemu 1:3.1+dfsg-8+deb10u4 [01 Feb 2020] DSA-4615-1 spamassassin - security update {CVE-2020-1930 CVE-2020-1931} [stretch] - spamassassin 3.4.2-1~deb9u3 [buster] - spamassassin 3.4.2-1+deb10u2 [01 Feb 2020] DSA-4614-1 sudo - security update {CVE-2019-18634} [stretch] - sudo 1.8.19p1-2.1+deb9u2 [01 Feb 2020] DSA-4613-1 libidn2 - security update {CVE-2019-18224} [buster] - libidn2 2.0.5-1+deb10u1 [31 Jan 2020] DSA-4612-1 prosody-modules - security update {CVE-2020-8086} [stretch] - prosody-modules 0.0~hg20170123.3ed504b944e5+dfsg-1+deb9u1 [buster] - prosody-modules 0.0~hg20190203.b54e98d5c4a1+dfsg-1+deb10u1 [29 Jan 2020] DSA-4611-1 opensmtpd - security update {CVE-2020-7247} [stretch] - opensmtpd 6.0.2p1-2+deb9u2 [buster] - opensmtpd 6.0.3p1-5+deb10u3 [29 Jan 2020] DSA-4610-1 webkit2gtk - security update {CVE-2019-8835 CVE-2019-8844 CVE-2019-8846} [buster] - webkit2gtk 2.26.3-1~deb10u1 [23 Jan 2020] DSA-4609-1 python-apt - security update {CVE-2019-15795 CVE-2019-15796} [stretch] - python-apt 1.4.1 [buster] - python-apt 1.8.4.1 [21 Jan 2020] DSA-4608-1 tiff - security update {CVE-2019-14973 CVE-2019-17546} [buster] - tiff 4.1.0+git191117-2~deb10u1 [20 Jan 2020] DSA-4607-1 openconnect - security update {CVE-2019-16239} [stretch] - openconnect 7.08-1+deb9u1 [buster] - openconnect 8.02-1+deb10u1 [20 Jan 2020] DSA-4606-1 chromium - security update {CVE-2019-13725 CVE-2019-13726 CVE-2019-13727 CVE-2019-13728 CVE-2019-13729 CVE-2019-13730 CVE-2019-13732 CVE-2019-13734 CVE-2019-13735 CVE-2019-13736 CVE-2019-13737 CVE-2019-13738 CVE-2019-13739 CVE-2019-13740 CVE-2019-13741 CVE-2019-13742 CVE-2019-13743 CVE-2019-13744 CVE-2019-13745 CVE-2019-13746 CVE-2019-13747 CVE-2019-13748 CVE-2019-13749 CVE-2019-13750 CVE-2019-13751 CVE-2019-13752 CVE-2019-13753 CVE-2019-13754 CVE-2019-13755 CVE-2019-13756 CVE-2019-13757 CVE-2019-13758 CVE-2019-13759 CVE-2019-13761 CVE-2019-13762 CVE-2019-13763 CVE-2019-13764 CVE-2019-13767 CVE-2020-6377 CVE-2020-6378 CVE-2020-6379 CVE-2020-6380} [buster] - chromium 79.0.3945.130-1~deb10u1 [19 Jan 2020] DSA-4605-1 openjdk-11 - security update {CVE-2020-2583 CVE-2020-2590 CVE-2020-2593 CVE-2020-2601 CVE-2020-2604 CVE-2020-2654 CVE-2020-2655} [buster] - openjdk-11 11.0.6+10-1~deb10u1 [19 Jan 2020] DSA-4604-1 cacti - security update {CVE-2019-17358} [stretch] - cacti 0.8.8h+ds1-10+deb9u1 [buster] - cacti 1.2.2+ds1-2+deb10u2 [17 Jan 2020] DSA-4603-1 thunderbird - security update {CVE-2019-17016 CVE-2019-17017 CVE-2019-17022 CVE-2019-17024 CVE-2019-17026} [stretch] - thunderbird 1:68.4.1-1~deb9u1 [buster] - thunderbird 1:68.4.1-1~deb10u1 [13 Jan 2020] DSA-4602-1 xen - security update {CVE-2019-17349 CVE-2019-17350 CVE-2019-18420 CVE-2019-18421 CVE-2019-18422 CVE-2019-18423 CVE-2019-18424 CVE-2019-18425 CVE-2019-19577 CVE-2019-19578 CVE-2019-19579 CVE-2019-19580 CVE-2019-19581 CVE-2019-19582 CVE-2019-19583 CVE-2019-11135 CVE-2018-12207} [stretch] - xen 4.8.5.final+shim4.10.4-1+deb9u12 [buster] - xen 4.11.3+24-g14b62ab3e5-1~deb10u1 [09 Jan 2020] DSA-4601-1 ldm - security update {CVE-2019-20373} [stretch] - ldm 2:2.2.18-2+deb9u1 [buster] - ldm 2:2.18.06-1+deb10u1 [09 Jan 2020] DSA-4600-1 firefox-esr - security update {CVE-2019-17026 CVE-2019-17024 CVE-2019-17022 CVE-2019-17017 CVE-2019-17016} [stretch] - firefox-esr 68.4.1esr-1~deb9u1 [buster] - firefox-esr 68.4.1esr-1~deb10u1 [08 Jan 2020] DSA-4599-1 wordpress - security update {CVE-2019-16217 CVE-2019-16218 CVE-2019-16219 CVE-2019-16220 CVE-2019-16221 CVE-2019-16222 CVE-2019-16223 CVE-2019-16780 CVE-2019-16781 CVE-2019-17669 CVE-2019-17671 CVE-2019-17672 CVE-2019-17673 CVE-2019-17674 CVE-2019-17675 CVE-2019-20041 CVE-2019-20042 CVE-2019-20043} [buster] - wordpress 5.0.4+dfsg1-1+deb10u1 [07 Jan 2020] DSA-4598-1 python-django - security update {CVE-2019-19844} [stretch] - python-django 1:1.10.7-2+deb9u7 [buster] - python-django 1:1.11.27-1~deb10u1 [03 Jan 2020] DSA-4597-1 netty - security update {CVE-2019-16869} [stretch] - netty 1:4.1.7-2+deb9u1 [buster] - netty 1:4.1.33-1+deb10u1 [27 Dec 2019] DSA-4596-1 tomcat8 - security update {CVE-2018-8014 CVE-2018-11784 CVE-2019-0199 CVE-2019-0221 CVE-2019-12418 CVE-2019-17563} [stretch] - tomcat8 8.5.50-0+deb9u1 [27 Dec 2019] DSA-4595-1 debian-lan-config - security update {CVE-2019-3467} [stretch] - debian-lan-config 0.23+deb9u1 [buster] - debian-lan-config 0.25+deb10u1 [27 Dec 2019] DSA-4594-1 openssl1.0 - security update {CVE-2019-1551} [stretch] - openssl1.0 1.0.2u-1~deb9u1 [27 Dec 2019] DSA-4593-1 freeimage - security update {CVE-2019-12211 CVE-2019-12213} [stretch] - freeimage 3.17.0+ds1-5+deb9u1 [buster] - freeimage 3.18.0+ds2-1+deb10u1 [26 Dec 2019] DSA-4592-1 mediawiki - security update {CVE-2019-19709} [stretch] - mediawiki 1:1.27.7-1~deb9u3 [buster] - mediawiki 1:1.31.6-1~deb10u1 [20 Dec 2019] DSA-4591-1 cyrus-sasl2 - security update {CVE-2019-19906} [stretch] - cyrus-sasl2 2.1.27~101-g0780600+dfsg-3+deb9u1 [buster] - cyrus-sasl2 2.1.27+dfsg-1+deb10u1 [19 Dec 2019] DSA-4590-1 cyrus-imapd - security update {CVE-2019-19783} [stretch] - cyrus-imapd 2.5.10-3+deb9u2 [buster] - cyrus-imapd 3.0.8-6+deb10u3 [18 Dec 2019] DSA-4589-1 debian-edu-config - security update {CVE-2019-3467} [stretch] - debian-edu-config 1.929+deb9u4 [buster] - debian-edu-config 2.10.65+deb10u3 [17 Dec 2019] DSA-4588-1 python-ecdsa - security update {CVE-2019-14853 CVE-2019-14859} [stretch] - python-ecdsa 0.13-2+deb9u1 [buster] - python-ecdsa 0.13-3+deb10u1 [17 Dec 2019] DSA-4587-1 ruby2.3 - security update {CVE-2019-15845 CVE-2019-16201 CVE-2019-16254 CVE-2019-16255} [stretch] - ruby2.3 2.3.3-1+deb9u7 [17 Dec 2019] DSA-4586-1 ruby2.5 - security update {CVE-2019-15845 CVE-2019-16201 CVE-2019-16254 CVE-2019-16255} [buster] - ruby2.5 2.5.5-3+deb10u1 [15 Dec 2019] DSA-4585-1 thunderbird - security update {CVE-2019-17005 CVE-2019-17008 CVE-2019-17010 CVE-2019-17011 CVE-2019-17012} [stretch] - thunderbird 1:68.3.0-2~deb9u1 [buster] - thunderbird 1:68.3.0-2~deb10u1 [14 Dec 2019] DSA-4584-1 spamassassin - security update {CVE-2018-11805 CVE-2019-12420} [stretch] - spamassassin 3.4.2-1~deb9u2 [buster] - spamassassin 3.4.2-1+deb10u1 [13 Dec 2019] DSA-4565-2 intel-microcode - security update {CVE-2019-14607} [stretch] - intel-microcode 3.20191115.2~deb9u1 [buster] - intel-microcode 3.20191115.2~deb10u1 [13 Dec 2019] DSA-4583-1 spip - security update {CVE-2019-19830} [buster] - spip 3.2.4-1+deb10u2 [13 Dec 2019] DSA-4582-1 davical - security update {CVE-2019-18345 CVE-2019-18346 CVE-2019-18347} [stretch] - davical 1.1.5-1+deb9u1 [buster] - davical 1.1.8-1+deb10u1 [10 Dec 2019] DSA-4581-1 git - security update {CVE-2019-1348 CVE-2019-1349 CVE-2019-1352 CVE-2019-1353 CVE-2019-1387} [stretch] - git 1:2.11.0-3+deb9u5 [buster] - git 1:2.20.1-2+deb10u1 [09 Dec 2019] DSA-4580-1 firefox-esr - security update {CVE-2019-17005 CVE-2019-17008 CVE-2019-17010 CVE-2019-17011 CVE-2019-17012} [stretch] - firefox-esr 68.3.0esr-1~deb9u1 [buster] - firefox-esr 68.3.0esr-1~deb10u1 [06 Dec 2019] DSA-4579-1 nss - security update {CVE-2019-11745 CVE-2019-17007} [buster] - nss 2:3.42.1-1+deb10u2 [28 Nov 2019] DSA-4578-1 libvpx - security update {CVE-2019-9232 CVE-2019-9325 CVE-2019-9433} [stretch] - libvpx 1.6.1-3+deb9u2 [buster] - libvpx 1.7.0-3+deb10u1 [28 Nov 2019] DSA-4577-1 haproxy - security update {CVE-2019-19330} [buster] - haproxy 1.8.19-1+deb10u1 [25 Nov 2019] DSA-4576-1 php-imagick - security update {CVE-2019-11037} [stretch] - php-imagick 3.4.3~rc2-2+deb9u1 [24 Nov 2019] DSA-4575-1 chromium - security update {CVE-2019-13723 CVE-2019-13724} [buster] - chromium 78.0.3904.108-1~deb10u1 [19 Nov 2019] DSA-4574-1 redmine - security update {CVE-2019-17427 CVE-2019-18890} [stretch] - redmine 3.3.1-4+deb9u3 [18 Nov 2019] DSA-4573-1 symfony - security update {CVE-2019-18887 CVE-2019-18888} [stretch] - symfony 2.8.7+dfsg-1.3+deb9u3 [buster] - symfony 3.4.22+dfsg-2+deb10u1 [18 Nov 2019] DSA-4572-1 slurm-llnl - security update {CVE-2019-12838} [buster] - slurm-llnl 18.08.5.2-1+deb10u1 [17 Nov 2019] DSA-4571-1 thunderbird - security update {CVE-2019-15903 CVE-2019-11764 CVE-2019-11763 CVE-2019-11762 CVE-2019-11761 CVE-2019-11760 CVE-2019-11759 CVE-2019-11757 CVE-2019-11755} [stretch] - thunderbird 1:68.2.2-1~deb9u1 [buster] - thunderbird 1:68.2.2-1~deb10u1 [17 Nov 2019] DSA-4570-1 mosquitto - security update {CVE-2019-11779} [buster] - mosquitto 1.5.7-1+deb10u1 [14 Nov 2019] DSA-4569-1 ghostscript - security update {CVE-2019-14869} [stretch] - ghostscript 9.26a~dfsg-0+deb9u6 [buster] - ghostscript 9.27~dfsg-2+deb10u3 [14 Nov 2019] DSA-4568-1 postgresql-common - security update {CVE-2019-3466} [stretch] - postgresql-common 181+deb9u3 [buster] - postgresql-common 200+deb10u3 [12 Nov 2019] DSA-4567-1 dpdk - security update {CVE-2019-14818} [stretch] - dpdk 16.11.9-1+deb9u2 [buster] - dpdk 18.11.2-2+deb10u2 [12 Nov 2019] DSA-4566-1 qemu - security update [buster] - qemu 1:3.1+dfsg-8+deb10u3 [13 Nov 2019] DSA-4565-1 intel-microcode - security update {CVE-2019-11135 CVE-2019-11139} [stretch] - intel-microcode 3.20191112.1~deb9u1 [buster] - intel-microcode 3.20191112.1~deb10u1 [12 Nov 2019] DSA-4564-1 linux - security update {CVE-2018-12207 CVE-2019-0154 CVE-2019-0155 CVE-2019-11135} [stretch] - linux 4.9.189-3+deb9u2 [buster] - linux 4.19.67-2+deb10u2 [12 Nov 2019] DSA-4563-1 webkit2gtk - security update {CVE-2019-8812 CVE-2019-8814} [buster] - webkit2gtk 2.26.2-1~deb10+1 [10 Nov 2019] DSA-4562-1 chromium - security update {CVE-2019-5869 CVE-2019-5870 CVE-2019-5871 CVE-2019-5872 CVE-2019-5874 CVE-2019-5875 CVE-2019-5876 CVE-2019-5877 CVE-2019-5878 CVE-2019-5879 CVE-2019-5880 CVE-2019-13659 CVE-2019-13660 CVE-2019-13661 CVE-2019-13662 CVE-2019-13663 CVE-2019-13664 CVE-2019-13665 CVE-2019-13666 CVE-2019-13667 CVE-2019-13668 CVE-2019-13669 CVE-2019-13670 CVE-2019-13671 CVE-2019-13673 CVE-2019-13674 CVE-2019-13675 CVE-2019-13676 CVE-2019-13677 CVE-2019-13678 CVE-2019-13679 CVE-2019-13680 CVE-2019-13681 CVE-2019-13682 CVE-2019-13683 CVE-2019-13685 CVE-2019-13686 CVE-2019-13687 CVE-2019-13688 CVE-2019-13691 CVE-2019-13692 CVE-2019-13693 CVE-2019-13694 CVE-2019-13695 CVE-2019-13696 CVE-2019-13697 CVE-2019-13699 CVE-2019-13700 CVE-2019-13701 CVE-2019-13703 CVE-2019-13704 CVE-2019-13705 CVE-2019-13706 CVE-2019-13707 CVE-2019-13708 CVE-2019-13709 CVE-2019-13710 CVE-2019-13711 CVE-2019-13713 CVE-2019-13714 CVE-2019-13715 CVE-2019-13716 CVE-2019-13717 CVE-2019-13718 CVE-2019-13719 CVE-2019-13720 CVE-2019-13721 CVE-2019-13672 CVE-2019-13765 CVE-2019-13766} [buster] - chromium 78.0.3904.97-1~deb10u1 [08 Nov 2019] DSA-4561-1 fribidi - security update {CVE-2019-18397} [buster] - fribidi 1.0.5-3.1+deb10u1 [06 Nov 2019] DSA-4560-1 simplesamlphp - security update {CVE-2019-3465} [stretch] - simplesamlphp 1.14.11-1+deb9u2 [buster] - simplesamlphp 1.16.3-1+deb10u1 [05 Nov 2019] DSA-4559-1 proftpd-dfsg - security update {CVE-2019-18217} [stretch] - proftpd-dfsg 1.3.5b-4+deb9u2 [buster] - proftpd-dfsg 1.3.6-4+deb10u2 [04 Nov 2019] DSA-4558-1 webkit2gtk - security update {CVE-2019-8625 CVE-2019-8720 CVE-2019-8769 CVE-2019-8771 CVE-2019-8710 CVE-2019-8743 CVE-2019-8764 CVE-2019-8766 CVE-2019-8782 CVE-2019-8808 CVE-2019-8815 CVE-2019-8783 CVE-2019-8811 CVE-2019-8813 CVE-2019-8816 CVE-2019-8819 CVE-2019-8820 CVE-2019-8823 CVE-2021-30666 CVE-2021-30761} [buster] - webkit2gtk 2.26.1-3~deb10u1 [31 Oct 2019] DSA-4557-1 libarchive - security update {CVE-2019-18408} [stretch] - libarchive 3.2.2-2+deb9u2 [buster] - libarchive 3.3.3-4+deb10u1 [31 Oct 2019] DSA-4556-1 qtbase-opensource-src - security update {CVE-2019-18281} [buster] - qtbase-opensource-src 5.11.3+dfsg1-1+deb10u1 [29 Oct 2019] DSA-4555-1 pam-python - security update {CVE-2019-16729} [stretch] - pam-python 1.0.6-1.1+deb9u1 [buster] - pam-python 1.0.6-1.1+deb10u1 [28 Oct 2019] DSA-4554-1 ruby-loofah - security update {CVE-2019-15587} [stretch] - ruby-loofah 2.0.3-2+deb9u3 [buster] - ruby-loofah 2.2.3-1+deb10u1 [28 Oct 2019] DSA-4553-1 php7.3 - security update {CVE-2019-11043} [buster] - php7.3 7.3.11-1~deb10u1 [28 Oct 2019] DSA-4552-1 php7.0 - security update {CVE-2019-11043} [stretch] - php7.0 7.0.33-0+deb9u6 [25 Oct 2019] DSA-4551-1 golang-1.11 - security update {CVE-2019-17596} [buster] - golang-1.11 1.11.6-1+deb10u3 [25 Oct 2019] DSA-4550-1 file - security update {CVE-2019-18218} [stretch] - file 1:5.30-1+deb9u3 [buster] - file 1:5.35-4+deb10u1 [24 Oct 2019] DSA-4549-1 firefox-esr - security update {CVE-2019-11757 CVE-2019-11759 CVE-2019-11760 CVE-2019-11761 CVE-2019-11762 CVE-2019-11763 CVE-2019-11764 CVE-2019-15903} [buster] - firefox-esr 68.2.0esr-1~deb10u1 [stretch] - firefox-esr 68.2.0esr-1~deb9u2 [21 Oct 2019] DSA-4548-1 openjdk-8 - security update {CVE-2019-2894 CVE-2019-2945 CVE-2019-2949 CVE-2019-2962 CVE-2019-2964 CVE-2019-2973 CVE-2019-2975 CVE-2019-2978 CVE-2019-2981 CVE-2019-2983 CVE-2019-2987 CVE-2019-2988 CVE-2019-2989 CVE-2019-2992 CVE-2019-2999} [stretch] - openjdk-8 8u232-b09-1~deb9u1 [21 Oct 2019] DSA-4547-1 tcpdump - security update {CVE-2018-10103 CVE-2018-10105 CVE-2018-14461 CVE-2018-14462 CVE-2018-14463 CVE-2018-14464 CVE-2018-14465 CVE-2018-14466 CVE-2018-14467 CVE-2018-14468 CVE-2018-14469 CVE-2018-14470 CVE-2018-14879 CVE-2018-14880 CVE-2018-14881 CVE-2018-14882 CVE-2018-16227 CVE-2018-16228 CVE-2018-16229 CVE-2018-16230 CVE-2018-16300 CVE-2018-16451 CVE-2018-16452 CVE-2019-15166} [stretch] - tcpdump 4.9.3-1~deb9u1 [buster] - tcpdump 4.9.3-1~deb10u1 [20 Oct 2019] DSA-4546-1 openjdk-11 - security update {CVE-2019-2894 CVE-2019-2945 CVE-2019-2949 CVE-2019-2962 CVE-2019-2964 CVE-2019-2973 CVE-2019-2975 CVE-2019-2977 CVE-2019-2978 CVE-2019-2981 CVE-2019-2983 CVE-2019-2987 CVE-2019-2988 CVE-2019-2989 CVE-2019-2992 CVE-2019-2999} [buster] - openjdk-11 11.0.5+10-1~deb10u1 [18 Oct 2019] DSA-4545-1 mediawiki - security update {CVE-2019-16738} [stretch] - mediawiki 1:1.27.7-1~deb9u2 [buster] - mediawiki 1:1.31.4-1~deb10u1 [16 Oct 2019] DSA-4544-1 unbound - security update {CVE-2019-16866} [buster] - unbound 1.9.0-2+deb10u1 [15 Oct 2019] DSA-4509-3 apache2 - security update {CVE-2019-10092} [stretch] - apache2 2.4.25-3+deb9u9 [buster] - apache2 2.4.38-3+deb10u3 [14 Oct 2019] DSA-4543-1 sudo - security update {CVE-2019-14287} [stretch] - sudo 1.8.19p1-2.1+deb9u1 [buster] - sudo 1.8.27-1+deb10u1 [13 Oct 2019] DSA-4539-3 openssl - regression update [buster] - openssl 1.1.1d-0+deb10u2 [07 Oct 2019] DSA-4539-2 openssh - regression update [buster] - openssh 1:7.9p1-10+deb10u1 [06 Oct 2019] DSA-4542-1 jackson-databind - security update {CVE-2019-14379 CVE-2019-14439 CVE-2019-14540 CVE-2019-16335 CVE-2019-16942 CVE-2019-16943} [stretch] - jackson-databind 2.8.6-1+deb9u6 [buster] - jackson-databind 2.9.8-3+deb10u1 [04 Oct 2019] DSA-4541-1 libapreq2 - security update {CVE-2019-12412} [stretch] - libapreq2 2.13-7~deb9u1 [buster] - libapreq2 2.13-7~deb10u1 [02 Oct 2019] DSA-4509-2 subversion - update [stretch] - subversion 1.9.5-1+deb9u5 [01 Oct 2019] DSA-4540-1 openssl1.0 - security update {CVE-2019-1547 CVE-2019-1563} [stretch] - openssl1.0 1.0.2t-1~deb9u1 [01 Oct 2019] DSA-4539-1 openssl - security update {CVE-2019-1547 CVE-2019-1563} [stretch] - openssl 1.1.0l-1~deb9u1 [buster] - openssl 1.1.1d-0+deb10u1 [29 Sep 2019] DSA-4538-1 wpa - security update {CVE-2019-13377 CVE-2019-16275} [buster] - wpa 2:2.7+git20190128+0c1e29f-6+deb10u1 [28 Sep 2019] DSA-4537-1 file-roller - security update {CVE-2019-16680} [stretch] - file-roller 3.22.3-1+deb9u1 [28 Sep 2019] DSA-4536-1 exim4 - security update {CVE-2019-16928} [buster] - exim4 4.92-8+deb10u3 [27 Sep 2019] DSA-4535-1 e2fsprogs - security update {CVE-2019-5094} [stretch] - e2fsprogs 1.43.4-2+deb9u1 [buster] - e2fsprogs 1.44.5-1+deb10u2 [27 Sep 2019] DSA-4534-1 golang-1.11 - security update {CVE-2019-16276} [buster] - golang-1.11 1.11.6-1+deb10u2 [25 Sep 2019] DSA-4533-1 lemonldap-ng - security update {CVE-2019-15941} [buster] - lemonldap-ng 2.0.2+ds-7+deb10u2 [25 Sep 2019] DSA-4532-1 spip - security update {CVE-2019-16391 CVE-2019-16392 CVE-2019-16393 CVE-2019-16394} [stretch] - spip 3.1.4-4~deb9u3 [buster] - spip 3.2.4-1+deb10u1 [25 Sep 2019] DSA-4531-1 linux - security update {CVE-2019-14821 CVE-2019-14835 CVE-2019-15117 CVE-2019-15118 CVE-2019-15902} [stretch] - linux 4.9.189-3+deb9u1 [buster] - linux 4.19.67-2+deb10u1 [22 Sep 2019] DSA-4530-1 expat - security update {CVE-2019-15903} [stretch] - expat 2.2.0-2+deb9u3 [buster] - expat 2.2.6-2+deb10u1 [20 Sep 2019] DSA-4529-1 php7.0 - security update {CVE-2019-11034 CVE-2019-11035 CVE-2019-11036 CVE-2019-11038 CVE-2019-11039 CVE-2019-11040 CVE-2019-11041 CVE-2019-11042 CVE-2019-13224} [stretch] - php7.0 7.0.33-0+deb9u5 [19 Sep 2019] DSA-4528-1 bird - security update [stretch] - bird 1.6.3-2+deb9u1 [buster] - bird 1.6.6-1+deb10u1 [19 Sep 2019] DSA-4527-1 php7.3 - security update {CVE-2019-11036 CVE-2019-11039 CVE-2019-11040 CVE-2019-11041 CVE-2019-11042 CVE-2019-13224} [buster] - php7.3 7.3.9-1~deb10u1 [19 Sep 2019] DSA-4526-1 opendmarc - security update {CVE-2019-16378} [stretch] - opendmarc 1.3.2-2+deb9u2 [buster] - opendmarc 1.3.2-6+deb10u1 [18 Sep 2019] DSA-4525-1 ibus - security update {CVE-2019-14822} [stretch] - ibus 1.5.14-3+deb9u2 [buster] - ibus 1.5.19-4+deb10u1 [16 Sep 2019] DSA-4524-1 dino-im - security update {CVE-2019-16235 CVE-2019-16236 CVE-2019-16237} [buster] - dino-im 0.0.git20181129-1+deb10u1 [15 Sep 2019] DSA-4523-1 thunderbird - security update {CVE-2019-11739 CVE-2019-11740 CVE-2019-11742 CVE-2019-11743 CVE-2019-11744 CVE-2019-11746 CVE-2019-11752} [stretch] - thunderbird 1:60.9.0-1~deb9u1 [buster] - thunderbird 1:60.9.0-1~deb10u1 [15 Sep 2019] DSA-4522-1 faad2 - security update {CVE-2018-19502 CVE-2018-19503 CVE-2018-19504 CVE-2018-20194 CVE-2018-20195 CVE-2018-20197 CVE-2018-20198 CVE-2018-20357 CVE-2018-20358 CVE-2018-20359 CVE-2018-20361 CVE-2018-20362 CVE-2019-15296} [stretch] - faad2 2.8.0~cvs20161113-1+deb9u2 [09 Sep 2019] DSA-4521-1 docker.io - security update {CVE-2019-13139 CVE-2019-13509 CVE-2019-14271} [buster] - docker.io 18.09.1+dfsg1-7.1+deb10u1 [09 Sep 2019] DSA-4520-1 trafficserver - security update {CVE-2019-9512 CVE-2019-9514 CVE-2019-9515 CVE-2019-9518 CVE-2019-10079} [buster] - trafficserver 8.0.2+ds-1+deb10u1 [08 Sep 2019] DSA-4519-1 libreoffice - security update {CVE-2019-9854} [stretch] - libreoffice 1:5.2.7-1+deb9u11 [buster] - libreoffice 1:6.1.5-3+deb10u4 [07 Sep 2019] DSA-4518-1 ghostscript - security update {CVE-2019-14811 CVE-2019-14812 CVE-2019-14813 CVE-2019-14817} [stretch] - ghostscript 9.26a~dfsg-0+deb9u5 [buster] - ghostscript 9.27~dfsg-2+deb10u2 [06 Sep 2019] DSA-4517-1 exim4 - security update {CVE-2019-15846} [stretch] - exim4 4.89-2+deb9u6 [buster] - exim4 4.92-8+deb10u2 [05 Sep 2019] DSA-4516-1 firefox-esr - security update {CVE-2019-9812 CVE-2019-11740 CVE-2019-11742 CVE-2019-11743 CVE-2019-11744 CVE-2019-11746 CVE-2019-11752} [stretch] - firefox-esr 60.9.0esr-1~deb9u1 [buster] - firefox-esr 60.9.0esr-1~deb10u1 [04 Sep 2019] DSA-4515-1 webkit2gtk - security update {CVE-2019-8644 CVE-2019-8649 CVE-2019-8658 CVE-2019-8666 CVE-2019-8669 CVE-2019-8671 CVE-2019-8672 CVE-2019-8673 CVE-2019-8676 CVE-2019-8677 CVE-2019-8678 CVE-2019-8679 CVE-2019-8680 CVE-2019-8681 CVE-2019-8683 CVE-2019-8684 CVE-2019-8686 CVE-2019-8687 CVE-2019-8688 CVE-2019-8689 CVE-2019-8690 CVE-2019-8763 CVE-2019-8733 CVE-2019-8719 CVE-2019-8707 CVE-2019-8674 CVE-2019-8765 CVE-2019-8821 CVE-2019-8822} [buster] - webkit2gtk 2.24.4-1~deb10u1 [04 Sep 2019] DSA-4514-1 varnish - security update {CVE-2019-15892} [buster] - varnish 6.1.1-1+deb10u1 [03 Sep 2019] DSA-4513-1 samba - security update {CVE-2019-10197} [buster] - samba 2:4.9.5+dfsg-5+deb10u1 [02 Sep 2019] DSA-4512-1 qemu - security update {CVE-2019-13164 CVE-2019-14378} [buster] - qemu 1:3.1+dfsg-8+deb10u2 [01 Sep 2019] DSA-4511-1 nghttp2 - security update {CVE-2019-9511 CVE-2019-9513} [stretch] - nghttp2 1.18.1-1+deb9u1 [buster] - nghttp2 1.36.0-2+deb10u1 [28 Aug 2019] DSA-4510-1 dovecot - security update {CVE-2019-11500} [stretch] - dovecot 1:2.2.27-3+deb9u5 [buster] - dovecot 1:2.3.4.1-5+deb10u1 [26 Aug 2019] DSA-4509-1 apache2 - security update {CVE-2019-9517 CVE-2019-10081 CVE-2019-10082 CVE-2019-10092 CVE-2019-10098} [stretch] - apache2 2.4.25-3+deb9u8 [buster] - apache2 2.4.38-3+deb10u1 [24 Aug 2019] DSA-4508-1 h2o - security update {CVE-2019-9512 CVE-2019-9514 CVE-2019-9515} [buster] - h2o 2.2.5+dfsg2-2+deb10u1 [24 Aug 2019] DSA-4507-1 squid - security update {CVE-2019-12525 CVE-2019-12527 CVE-2019-12529 CVE-2019-12854 CVE-2019-13345} [buster] - squid 4.6-1+deb10u1 [24 Aug 2019] DSA-4506-1 qemu - security update {CVE-2018-20815 CVE-2019-13164 CVE-2019-14378} [stretch] - qemu 1:2.8+dfsg-6+deb9u8 [22 Aug 2019] DSA-4505-1 nginx - security update {CVE-2019-9511 CVE-2019-9513 CVE-2019-9516} [stretch] - nginx 1.10.3-1+deb9u3 [buster] - nginx 1.14.2-2+deb10u1 [20 Aug 2019] DSA-4504-1 vlc - security update {CVE-2019-13602 CVE-2019-13962 CVE-2019-14437 CVE-2019-14438 CVE-2019-14498 CVE-2019-14533 CVE-2019-14534 CVE-2019-14535 CVE-2019-14776 CVE-2019-14777 CVE-2019-14778 CVE-2019-14970} [stretch] - vlc 3.0.8-0+deb9u1 [buster] - vlc 3.0.8-0+deb10u1 [18 Aug 2019] DSA-4503-1 golang-1.11 - security update {CVE-2019-9512 CVE-2019-9514 CVE-2019-14809} [buster] - golang-1.11 1.11.6-1+deb10u1 [16 Aug 2019] DSA-4502-1 ffmpeg - security update {CVE-2019-12730} [buster] - ffmpeg 7:4.1.4-1~deb10u1 [15 Aug 2019] DSA-4501-1 libreoffice - security update {CVE-2019-9850 CVE-2019-9851 CVE-2019-9852 CVE-2019-9853} [stretch] - libreoffice 1:5.2.7-1+deb9u10 [buster] - libreoffice 1:6.1.5-3+deb10u3 [12 Aug 2019] DSA-4500-1 chromium - security update {CVE-2019-5805 CVE-2019-5806 CVE-2019-5807 CVE-2019-5808 CVE-2019-5809 CVE-2019-5810 CVE-2019-5811 CVE-2019-5813 CVE-2019-5814 CVE-2019-5815 CVE-2019-5818 CVE-2019-5819 CVE-2019-5820 CVE-2019-5821 CVE-2019-5822 CVE-2019-5823 CVE-2019-5824 CVE-2019-5825 CVE-2019-5826 CVE-2019-5827 CVE-2019-5828 CVE-2019-5829 CVE-2019-5830 CVE-2019-5831 CVE-2019-5832 CVE-2019-5833 CVE-2019-5834 CVE-2019-5836 CVE-2019-5837 CVE-2019-5838 CVE-2019-5839 CVE-2019-5840 CVE-2019-5841 CVE-2019-5842 CVE-2019-5843 CVE-2019-5847 CVE-2019-5848 CVE-2019-5849 CVE-2019-5850 CVE-2019-5851 CVE-2019-5852 CVE-2019-5853 CVE-2019-5854 CVE-2019-5855 CVE-2019-5856 CVE-2019-5857 CVE-2019-5858 CVE-2019-5859 CVE-2019-5860 CVE-2019-5861 CVE-2019-5862 CVE-2019-5864 CVE-2019-5865 CVE-2019-5867 CVE-2019-5868 CVE-2019-13698 CVE-2020-6503 CVE-2020-6504} [buster] - chromium 76.0.3809.100-1~deb10u1 [12 Aug 2019] DSA-4499-1 ghostscript - security update {CVE-2019-10216} [stretch] - ghostscript 9.26a~dfsg-0+deb9u4 [buster] - ghostscript 9.27~dfsg-2+deb10u1 [12 Aug 2019] DSA-4498-1 python-django - security update {CVE-2019-14232 CVE-2019-14233 CVE-2019-14234 CVE-2019-14235} [stretch] - python-django 1:1.10.7-2+deb9u6 [buster] - python-django 1:1.11.23-1~deb10u1 [13 Aug 2019] DSA-4497-1 linux - security update {CVE-2015-8553 CVE-2017-18509 CVE-2018-5995 CVE-2018-20836 CVE-2018-20856 CVE-2019-1125 CVE-2019-3882 CVE-2019-3900 CVE-2019-10207 CVE-2019-10638 CVE-2019-10639 CVE-2019-13631 CVE-2019-13648 CVE-2019-14283 CVE-2019-14284 CVE-2019-15239} [stretch] - linux 4.9.168-1+deb9u5 [11 Aug 2019] DSA-4496-1 pango1.0 - security update {CVE-2019-1010238} [buster] - pango1.0 1.42.4-7~deb10u1 [10 Aug 2019] DSA-4495-1 linux - security update {CVE-2018-20836 CVE-2019-1125 CVE-2019-1999 CVE-2019-10207 CVE-2019-10638 CVE-2019-12817 CVE-2019-12984 CVE-2019-13233 CVE-2019-13631 CVE-2019-13648 CVE-2019-14283 CVE-2019-14284} [buster] - linux 4.19.37-5+deb10u2 [09 Aug 2019] DSA-4494-1 kconfig - security update {CVE-2019-14744} [stretch] - kconfig 5.28.0-2+deb9u1 [buster] - kconfig 5.54.0-1+deb10u1 [08 Aug 2019] DSA-4493-1 postgresql-11 - security update {CVE-2019-10208 CVE-2019-10209} [buster] - postgresql-11 11.5-1+deb10u1 [08 Aug 2019] DSA-4492-1 postgresql-9.6 - security update {CVE-2019-10208} [stretch] - postgresql-9.6 9.6.15-0+deb9u1 [04 Aug 2019] DSA-4491-1 proftpd-dfsg - security update {CVE-2019-12815} [stretch] - proftpd-dfsg 1.3.5b-4+deb9u1 [buster] - proftpd-dfsg 1.3.6-4+deb10u1 [01 Aug 2019] DSA-4490-1 subversion - security update {CVE-2018-11782 CVE-2019-0203} [stretch] - subversion 1.9.5-1+deb9u4 [buster] - subversion 1.10.4-1+deb10u1 [27 Jul 2019] DSA-4489-1 patch - security update {CVE-2018-20969 CVE-2019-13636 CVE-2019-13638} [stretch] - patch 2.7.5-1+deb9u2 [buster] - patch 2.7.6-3+deb10u1 [25 Jul 2019] DSA-4488-1 exim4 - security update {CVE-2019-13917} [stretch] - exim4 4.89-2+deb9u5 [buster] - exim4 4.92-8+deb10u1 [23 Jul 2019] DSA-4487-1 neovim - security update {CVE-2019-12735} [stretch] - neovim 0.1.7-4+deb9u1 [21 Jul 2019] DSA-4486-1 openjdk-11 - security update {CVE-2019-2745 CVE-2019-2762 CVE-2019-2769 CVE-2019-2786 CVE-2019-2816 CVE-2019-2818 CVE-2019-2821} [buster] - openjdk-11 11.0.4+11-1~deb10u1 [21 Jul 2019] DSA-4485-1 openjdk-8 - security update {CVE-2019-2745 CVE-2019-2762 CVE-2019-2769 CVE-2019-2786 CVE-2019-2816 CVE-2019-2842} [stretch] - openjdk-8 8u222-b10-1~deb9u1 [20 Jul 2019] DSA-4484-1 linux - security update {CVE-2019-13272} [stretch] - linux 4.9.168-1+deb9u4 [buster] - linux 4.19.37-5+deb10u1 [16 Jul 2019] DSA-4483-1 libreoffice - security update {CVE-2019-9848 CVE-2019-9849} [stretch] - libreoffice 1:5.2.7-1+deb9u9 [buster] - libreoffice 1:6.1.5-3+deb10u2 [14 Jul 2019] DSA-4482-1 thunderbird - security update {CVE-2019-9811 CVE-2019-11709 CVE-2019-11711 CVE-2019-11712 CVE-2019-11713 CVE-2019-11715 CVE-2019-11717 CVE-2019-11730} [stretch] - thunderbird 1:60.8.0-1~deb9u1 [buster] - thunderbird 1:60.8.0-1~deb10u1 [13 Jul 2019] DSA-4481-1 ruby-mini-magick - security update {CVE-2019-13574} [stretch] - ruby-mini-magick 4.5.1-1+deb9u1 [buster] - ruby-mini-magick 4.9.2-1+deb10u1 [11 Jul 2019] DSA-4480-1 redis - security update {CVE-2019-10192 CVE-2019-10193} [stretch] - redis 3:3.2.6-3+deb9u3 [buster] - redis 5:5.0.3-4+deb10u1 [11 Jul 2019] DSA-4479-1 firefox-esr - security update {CVE-2019-9811 CVE-2019-11709 CVE-2019-11711 CVE-2019-11712 CVE-2019-11713 CVE-2019-11715 CVE-2019-11717 CVE-2019-11730} [stretch] - firefox-esr 60.8.0esr-1~deb9u1 [buster] - firefox-esr 60.8.0esr-1~deb10u1 [10 Jul 2019] DSA-4478-1 dosbox - security update {CVE-2019-7165 CVE-2019-12594} [stretch] - dosbox 0.74-4.2+deb9u2 [buster] - dosbox 0.74-2-3+deb10u1 [08 Jul 2019] DSA-4477-1 zeromq3 - security update {CVE-2019-13132} [stretch] - zeromq3 4.2.1-4+deb9u2 [buster] - zeromq3 4.3.1-4+deb10u1 [05 Jul 2019] DSA-4476-1 python-django - security update {CVE-2019-6975 CVE-2019-12308 CVE-2019-12781} [stretch] - python-django 1:1.10.7-2+deb9u5 [01 Jul 2019] DSA-4475-1 openssl - security update {CVE-2019-1543} [stretch] - openssl 1.1.0k-1~deb9u1 [01 Jul 2019] DSA-4474-1 firefox-esr - security update {CVE-2019-11708} [stretch] - firefox-esr 60.7.2esr-1~deb9u1 [28 Jun 2019] DSA-4473-1 rdesktop - security update {CVE-2019-15682} [stretch] - rdesktop 1.8.6-2~deb9u1 [28 Jun 2019] DSA-4472-1 expat - security update {CVE-2018-20843} [stretch] - expat 2.2.0-2+deb9u2 [24 Jun 2019] DSA-4471-1 thunderbird - security update {CVE-2019-11707 CVE-2019-11708} [stretch] - thunderbird 1:60.7.2-1~deb9u1 [18 Jun 2019] DSA-4467-2 vim - regression update [stretch] - vim 2:8.0.0197-4+deb9u3 [23 Jun 2019] DSA-4470-1 pdns - security update {CVE-2019-10162 CVE-2019-10163} [stretch] - pdns 4.0.3-1+deb9u5 [22 Jun 2019] DSA-4469-1 libvirt - security update {CVE-2019-10161 CVE-2019-10167} [stretch] - libvirt 3.0.0-4+deb9u4 [21 Jun 2019] DSA-4468-1 php-horde-form - security update {CVE-2019-9858} [stretch] - php-horde-form 2.0.15-1+deb9u1 [20 Jun 2019] DSA-4447-2 intel-microcode - security update [stretch] - intel-microcode 3.20190618.1~deb9u1 [18 Jun 2019] DSA-4467-1 vim - security update {CVE-2019-12735} [stretch] - vim 2:8.0.0197-4+deb9u2 [18 Jun 2019] DSA-4466-1 firefox-esr - security update {CVE-2019-11707} [stretch] - firefox-esr 60.7.1esr-1~deb9u1 [17 Jun 2019] DSA-4465-1 linux - security update {CVE-2019-3846 CVE-2019-5489 CVE-2019-9500 CVE-2019-9503 CVE-2019-10126 CVE-2019-11477 CVE-2019-11478 CVE-2019-11479 CVE-2019-11486 CVE-2019-11599 CVE-2019-11815 CVE-2019-11833 CVE-2019-11884} [stretch] - linux 4.9.168-1+deb9u3 [15 Jun 2019] DSA-4464-1 thunderbird - security update {CVE-2019-11703 CVE-2019-11704 CVE-2019-11705 CVE-2019-11706} [stretch] - thunderbird 1:60.7.1-1~deb9u1 [14 Jun 2019] DSA-4463-1 znc - security update {CVE-2019-9917 CVE-2019-12816} [stretch] - znc 1.6.5-1+deb9u2 [13 Jun 2019] DSA-4462-1 dbus - security update {CVE-2019-12749} [stretch] - dbus 1.10.28-0+deb9u1 [12 Jun 2019] DSA-4461-1 zookeeper - security update {CVE-2019-0201} [stretch] - zookeeper 3.4.9-3+deb9u2 [12 Jun 2019] DSA-4460-1 mediawiki - security update {CVE-2019-11358 CVE-2019-12466 CVE-2019-12467 CVE-2019-12468 CVE-2019-12469 CVE-2019-12470 CVE-2019-12471 CVE-2019-12472 CVE-2019-12473 CVE-2019-12474} [stretch] - mediawiki 1:1.27.7-1~deb9u1 [12 Jun 2019] DSA-4459-1 vlc - security update {CVE-2019-5439 CVE-2019-5459 CVE-2019-5460 CVE-2019-12874} [stretch] - vlc 3.0.7-0+deb9u1 [08 Jun 2019] DSA-4458-1 cyrus-imapd - security update {CVE-2019-11356} [stretch] - cyrus-imapd 2.5.10-3+deb9u1 [07 Jun 2019] DSA-4457-1 evolution - security update {CVE-2018-15587} [stretch] - evolution 3.22.6-1+deb9u2 [06 Jun 2019] DSA-4454-2 qemu - regression update [stretch] - qemu 1:2.8+dfsg-6+deb9u7 [05 Jun 2019] DSA-4456-1 exim4 - security update {CVE-2019-10149} [stretch] - exim4 4.89-2+deb9u4 [03 Jun 2019] DSA-4455-1 heimdal - security update {CVE-2018-16860 CVE-2019-12098} [stretch] - heimdal 7.1.0+dfsg-13+deb9u3 [30 May 2019] DSA-4454-1 qemu - security update {CVE-2018-11806 CVE-2018-12617 CVE-2018-16872 CVE-2018-17958 CVE-2018-18849 CVE-2018-18954 CVE-2018-19364 CVE-2018-19489 CVE-2019-3812 CVE-2019-6778 CVE-2019-9824 CVE-2019-12155} [stretch] - qemu 1:2.8+dfsg-6+deb9u6 [29 May 2019] DSA-4453-1 openjdk-8 - security update {CVE-2019-2602 CVE-2019-2684 CVE-2019-2698} [stretch] - openjdk-8 8u212-b03-2~deb9u1 [24 May 2019] DSA-4452-1 jackson-databind - security update {CVE-2018-11307 CVE-2018-12022 CVE-2018-12023 CVE-2018-14718 CVE-2018-14719 CVE-2018-14720 CVE-2018-14721 CVE-2018-19360 CVE-2018-19361 CVE-2018-19362 CVE-2019-12086} [stretch] - jackson-databind 2.8.6-1+deb9u5 [24 May 2019] DSA-4451-1 thunderbird - security update {CVE-2018-18511 CVE-2019-5798 CVE-2019-7317 CVE-2019-9797 CVE-2019-9800 CVE-2019-9816 CVE-2019-9817 CVE-2019-9819 CVE-2019-9820 CVE-2019-11691 CVE-2019-11692 CVE-2019-11693 CVE-2019-11698} [stretch] - thunderbird 1:60.7.0-1~deb9u1 [24 May 2019] DSA-4450-1 wpa - security update {CVE-2019-11555} [stretch] - wpa 2:2.4-1+deb9u4 [22 May 2019] DSA-4449-1 ffmpeg - security update {CVE-2018-15822 CVE-2018-1999011 CVE-2019-9718 CVE-2019-11338 CVE-2019-12730} [stretch] - ffmpeg 7:3.2.14-1~deb9u1 [22 May 2019] DSA-4448-1 firefox-esr - security update {CVE-2018-18511 CVE-2019-5798 CVE-2019-7317 CVE-2019-9797 CVE-2019-9800 CVE-2019-9816 CVE-2019-9817 CVE-2019-9819 CVE-2019-9820 CVE-2019-11691 CVE-2019-11692 CVE-2019-11693 CVE-2019-11698} [stretch] - firefox-esr 60.7.0esr-1~deb9u1 [15 May 2019] DSA-4447-1 intel-microcode - security update {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091} [stretch] - intel-microcode 3.20190514.1~deb9u1 [14 May 2019] DSA-4446-1 lemonldap-ng - security update {CVE-2019-12046} [stretch] - lemonldap-ng 1.9.7-3+deb9u1 [14 May 2019] DSA-4445-1 drupal7 - security update {CVE-2019-11831} [stretch] - drupal7 7.52-2+deb9u9 [14 May 2019] DSA-4444-1 linux - security update {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091} [stretch] - linux 4.9.168-1+deb9u2 [14 May 2019] DSA-4443-1 samba - security update {CVE-2018-16860} [stretch] - samba 2:4.5.16+dfsg-1+deb9u2 [13 May 2019] DSA-4442-2 cups-filters - regression update [stretch] - cups-filters 1.11.6-3+deb9u1 [12 May 2019] DSA-4442-1 ghostscript - security update {CVE-2019-3839} [stretch] - ghostscript 9.26a~dfsg-0+deb9u3 [10 May 2019] DSA-4441-1 symfony - security update {CVE-2018-14773 CVE-2018-19789 CVE-2018-19790 CVE-2019-10909 CVE-2019-10910 CVE-2019-10911 CVE-2019-10912 CVE-2019-10913} [stretch] - symfony 2.8.7+dfsg-1.3+deb9u2 [09 May 2019] DSA-4440-1 bind9 - security update {CVE-2018-5743 CVE-2018-5745 CVE-2019-6465} [stretch] - bind9 1:9.10.3.dfsg.P4-12.3+deb9u5 [09 May 2019] DSA-4439-1 postgresql-9.6 - security update {CVE-2019-10130} [stretch] - postgresql-9.6 9.6.13-0+deb9u1 [07 May 2019] DSA-4438-1 atftp - security update {CVE-2019-11365 CVE-2019-11366} [stretch] - atftp 0.7.git20120829-3.1~deb9u1 [29 Apr 2019] DSA-4437-1 gst-plugins-base1.0 - security update {CVE-2019-9928} [stretch] - gst-plugins-base1.0 1.10.4-1+deb9u1 [28 Apr 2019] DSA-4436-1 imagemagick - security update {CVE-2019-9956 CVE-2019-10650} [stretch] - imagemagick 8:6.9.7.4+dfsg-11+deb9u7 [27 Apr 2019] DSA-4435-1 libpng1.6 - security update {CVE-2019-7317} [stretch] - libpng1.6 1.6.28-1+deb9u1 [20 Apr 2019] DSA-4434-1 drupal7 - security update {CVE-2019-11358} [stretch] - drupal7 7.52-2+deb9u8 [16 Apr 2019] DSA-4433-1 ruby2.3 - security update {CVE-2019-8320 CVE-2019-8321 CVE-2019-8322 CVE-2019-8323 CVE-2019-8324 CVE-2019-8325} [stretch] - ruby2.3 2.3.3-1+deb9u6 [16 Apr 2019] DSA-4432-1 ghostscript - security update {CVE-2019-3835 CVE-2019-3838} [stretch] - ghostscript 9.26a~dfsg-0+deb9u2 [13 Apr 2019] DSA-4431-1 libssh2 - security update {CVE-2019-3855 CVE-2019-3856 CVE-2019-3857 CVE-2019-3858 CVE-2019-3859 CVE-2019-3860 CVE-2019-3861 CVE-2019-3862 CVE-2019-3863} [stretch] - libssh2 1.7.0-1+deb9u1 [10 Apr 2019] DSA-4430-1 wpa - security update {CVE-2019-9495 CVE-2019-9497 CVE-2019-9498 CVE-2019-9499} [stretch] - wpa 2:2.4-1+deb9u3 [10 Apr 2019] DSA-4429-1 spip - security update {CVE-2019-11071} [stretch] - spip 3.1.4-4~deb9u2 [08 Apr 2019] DSA-4428-1 systemd - security update {CVE-2019-3842} [stretch] - systemd 232-25+deb9u11 [08 Apr 2019] DSA-4427-1 samba - security update {CVE-2019-3880} [stretch] - samba 2:4.5.16+dfsg-1+deb9u1 [07 Apr 2019] DSA-4426-1 tryton-server - security update {CVE-2019-10868} [stretch] - tryton-server 4.2.1-2+deb9u1 [05 Apr 2019] DSA-4425-1 wget - security update {CVE-2019-5953} [stretch] - wget 1.18-5+deb9u3 [04 Apr 2019] DSA-4424-1 pdns - security update {CVE-2019-3871} [stretch] - pdns 4.0.3-1+deb9u4 [03 Apr 2019] DSA-4423-1 putty - security update {CVE-2019-9894 CVE-2019-9895 CVE-2019-9897 CVE-2019-9898} [stretch] - putty 0.67-3+deb9u1 [03 Apr 2019] DSA-4422-1 apache2 - security update {CVE-2018-17189 CVE-2018-17199 CVE-2019-0196 CVE-2019-0211 CVE-2019-0217 CVE-2019-0220} [stretch] - apache2 2.4.25-3+deb9u7 [31 Mar 2019] DSA-4421-1 chromium - security update {CVE-2019-5787 CVE-2019-5788 CVE-2019-5789 CVE-2019-5790 CVE-2019-5791 CVE-2019-5792 CVE-2019-5793 CVE-2019-5794 CVE-2019-5795 CVE-2019-5796 CVE-2019-5797 CVE-2019-5798 CVE-2019-5799 CVE-2019-5800 CVE-2019-5802 CVE-2019-5803 CVE-2019-5844 CVE-2019-5845 CVE-2019-5846} [stretch] - chromium 73.0.3683.75-1~deb9u1 [30 Mar 2019] DSA-4420-1 thunderbird - security update {CVE-2018-18506 CVE-2019-9788 CVE-2019-9790 CVE-2019-9791 CVE-2019-9792 CVE-2019-9793 CVE-2019-9795 CVE-2019-9796} [stretch] - thunderbird 1:60.6.1-1~deb9u1 [29 Mar 2019] DSA-4419-1 twig - security update {CVE-2019-9942} [stretch] - twig 1.24.0-2+deb9u1 [28 Mar 2019] DSA-4418-1 dovecot - security update {CVE-2019-7524} [stretch] - dovecot 1:2.2.27-3+deb9u4 [24 Mar 2019] DSA-4417-1 firefox-esr - security update {CVE-2019-9810 CVE-2019-9813} [stretch] - firefox-esr 60.6.1esr-1~deb9u1 [24 Mar 2019] DSA-4416-1 wireshark - security update {CVE-2019-5716 CVE-2019-5717 CVE-2019-5718 CVE-2019-5719 CVE-2019-9208 CVE-2019-9209 CVE-2019-9214} [stretch] - wireshark 2.6.7-1~deb9u1 [24 Mar 2019] DSA-4415-1 passenger - security update {CVE-2017-16355} [stretch] - passenger 5.0.30-1+deb9u1 [23 Mar 2019] DSA-4414-1 libapache2-mod-auth-mellon - security update {CVE-2019-3877 CVE-2019-3878} [stretch] - libapache2-mod-auth-mellon 0.12.0-2+deb9u1 [21 Mar 2019] DSA-4413-1 ntfs-3g - security update {CVE-2019-9755} [stretch] - ntfs-3g 1:2016.2.22AR.1+dfsg-1+deb9u1 [20 Mar 2019] DSA-4412-1 drupal7 - security update {CVE-2019-6341} [stretch] - drupal7 7.52-2+deb9u7 [20 Mar 2019] DSA-4411-1 firefox-esr - security update {CVE-2018-18506 CVE-2019-9788 CVE-2019-9790 CVE-2019-9791 CVE-2019-9792 CVE-2019-9793 CVE-2019-9795 CVE-2019-9796} [stretch] - firefox-esr 60.6.0esr-1~deb9u1 [20 Mar 2019] DSA-4410-1 openjdk-8 - security update {CVE-2019-2422} [stretch] - openjdk-8 8u212-b01-1~deb9u1 [18 Mar 2019] DSA-4409-1 neutron - security update {CVE-2019-9735} [stretch] - neutron 2:9.1.1-3+deb9u1 [17 Mar 2019] DSA-4408-1 liblivemedia - security update {CVE-2019-6256 CVE-2019-7314 CVE-2019-9215} [stretch] - liblivemedia 2016.11.28-1+deb9u2 [12 Mar 2019] DSA-4407-1 xmltooling - security update {CVE-2019-9628} [stretch] - xmltooling 1.6.0-4+deb9u2 [12 Mar 2019] DSA-4406-1 waagent - security update {CVE-2019-0804} [stretch] - waagent 2.2.18-3~deb9u2 [10 Mar 2019] DSA-4405-1 openjpeg2 - security update {CVE-2017-17480 CVE-2018-5785 CVE-2018-6616 CVE-2018-14423 CVE-2018-18088} [stretch] - openjpeg2 2.1.2-1.1+deb9u3 [09 Mar 2019] DSA-4404-1 chromium - security update {CVE-2019-5786} [stretch] - chromium 72.0.3626.122-1~deb9u1 [08 Mar 2019] DSA-4403-1 php7.0 - security update {CVE-2019-9637 CVE-2019-9638 CVE-2019-9639 CVE-2019-9640 CVE-2019-9641 CVE-2019-9675} [stretch] - php7.0 7.0.33-0+deb9u3 [05 Mar 2019] DSA-4402-1 mumble - security update {CVE-2018-20743} [stretch] - mumble 1.2.18-1+deb9u1 [02 Mar 2019] DSA-4387-2 openssh - security update {CVE-2019-6111} [stretch] - openssh 1:7.4p1-10+deb9u6 [01 Mar 2019] DSA-4401-1 wordpress - security update {CVE-2018-20147 CVE-2018-20148 CVE-2018-20149 CVE-2018-20150 CVE-2018-20151 CVE-2018-20152 CVE-2018-20153 CVE-2019-8942} [stretch] - wordpress 4.7.5+dfsg-2+deb9u5 [28 Feb 2019] DSA-4400-1 openssl1.0 - security update {CVE-2019-1559} [stretch] - openssl1.0 1.0.2r-1~deb9u1 [28 Feb 2019] DSA-4399-1 ikiwiki - security update {CVE-2019-9187} [stretch] - ikiwiki 3.20170111.1 [28 Feb 2019] DSA-4398-1 php7.0 - security update {CVE-2019-9020 CVE-2019-9021 CVE-2019-9022 CVE-2019-9023 CVE-2019-9024} [stretch] - php7.0 7.0.33-0+deb9u2 [28 Feb 2019] DSA-4397-1 ldb - security update {CVE-2019-3824} [stretch] - ldb 2:1.1.27-1+deb9u1 [26 Feb 2019] DSA-4395-2 chromium - regression update [stretch] - chromium 72.0.3626.96-1~deb9u2 [22 Feb 2019] DSA-4377-3 rssh - regression update [stretch] - rssh 2.3.4-5+deb9u4 [19 Feb 2019] DSA-4396-1 ansible - security update {CVE-2018-10855 CVE-2018-10875 CVE-2018-16837 CVE-2018-16876 CVE-2019-3828} [stretch] - ansible 2.2.1.0-2+deb9u1 [18 Feb 2019] DSA-4395-1 chromium - security update {CVE-2018-17481 CVE-2018-20073 CVE-2019-5754 CVE-2019-5755 CVE-2019-5756 CVE-2019-5757 CVE-2019-5758 CVE-2019-5759 CVE-2019-5760 CVE-2019-5762 CVE-2019-5763 CVE-2019-5764 CVE-2019-5765 CVE-2019-5766 CVE-2019-5767 CVE-2019-5768 CVE-2019-5769 CVE-2019-5770 CVE-2019-5772 CVE-2019-5773 CVE-2019-5774 CVE-2019-5775 CVE-2019-5776 CVE-2019-5777 CVE-2019-5778 CVE-2019-5779 CVE-2019-5780 CVE-2019-5781 CVE-2019-5782 CVE-2019-5783 CVE-2019-5784 CVE-2019-13684} [stretch] - chromium 72.0.3626.96-1~deb9u1 [18 Feb 2019] DSA-4394-1 rdesktop - security update {CVE-2018-8791 CVE-2018-8792 CVE-2018-8793 CVE-2018-8794 CVE-2018-8795 CVE-2018-8796 CVE-2018-8797 CVE-2018-8798 CVE-2018-8799 CVE-2018-8800 CVE-2018-20174 CVE-2018-20175 CVE-2018-20176 CVE-2018-20177 CVE-2018-20178 CVE-2018-20179 CVE-2018-20180 CVE-2018-20181 CVE-2018-20182} [stretch] - rdesktop 1.8.4-1~deb9u1 [18 Feb 2019] DSA-4393-1 systemd - security update {CVE-2019-6454} [stretch] - systemd 232-25+deb9u9 [17 Feb 2019] DSA-4388-2 mosquitto - regression update [stretch] - mosquitto 1.4.10-3+deb9u4 [16 Feb 2019] DSA-4392-1 thunderbird - security update {CVE-2018-18356 CVE-2018-18500 CVE-2018-18501 CVE-2018-18505 CVE-2018-18509 CVE-2018-18512 CVE-2018-18513 CVE-2019-5785} [stretch] - thunderbird 1:60.5.1-1~deb9u1 [14 Feb 2019] DSA-4391-1 firefox-esr - security update {CVE-2018-18356 CVE-2019-5785} [stretch] - firefox-esr 60.5.1esr-1~deb9u1 [12 Feb 2019] DSA-4390-1 flatpak - security update {CVE-2019-8308} [stretch] - flatpak 0.8.9-0+deb9u2 [11 Feb 2019] DSA-4377-2 rssh - regression update [stretch] - rssh 2.3.4-5+deb9u3 [11 Feb 2019] DSA-4389-1 libu2f-host - security update {CVE-2018-20340} [stretch] - libu2f-host 1.1.2-2+deb9u1 [10 Feb 2019] DSA-4388-1 mosquitto - security update {CVE-2018-12546 CVE-2018-12550 CVE-2018-12551} [stretch] - mosquitto 1.4.10-3+deb9u3 [09 Feb 2019] DSA-4387-1 openssh - security update {CVE-2018-20685 CVE-2019-6109 CVE-2019-6111} [stretch] - openssh 1:7.4p1-10+deb9u5 [06 Feb 2019] DSA-4386-1 curl - security update {CVE-2018-16890 CVE-2019-3822 CVE-2019-3823} [stretch] - curl 7.52.1-5+deb9u9 [05 Feb 2019] DSA-4385-1 dovecot - security update {CVE-2019-3814} [stretch] - dovecot 1:2.2.27-3+deb9u3 [04 Feb 2019] DSA-4384-1 libgd2 - security update {CVE-2019-6977 CVE-2019-6978} [stretch] - libgd2 2.2.4-2+deb9u4 [03 Feb 2019] DSA-4383-1 libvncserver - security update {CVE-2018-6307 CVE-2018-15126 CVE-2018-15127 CVE-2018-20019 CVE-2018-20020 CVE-2018-20021 CVE-2018-20022 CVE-2018-20023 CVE-2018-20024 CVE-2018-21247} [stretch] - libvncserver 0.9.11+dfsg-1.3~deb9u1 [02 Feb 2019] DSA-4382-1 rssh - security update {CVE-2019-3463 CVE-2019-3464} [stretch] - rssh 2.3.4-5+deb9u2 [02 Feb 2019] DSA-4381-1 libreoffice - security update {CVE-2018-16858} [stretch] - libreoffice 1:5.2.7-1+deb9u5 [01 Feb 2019] DSA-4380-1 golang-1.8 - security update {CVE-2018-6574 CVE-2018-7187 CVE-2019-6486} [stretch] - golang-1.8 1.8.1-1+deb9u1 [01 Feb 2019] DSA-4379-1 golang-1.7 - security update {CVE-2018-7187 CVE-2019-6486} [stretch] - golang-1.7 1.7.4-2+deb9u1 [30 Jan 2019] DSA-4378-1 php-pear - security update {CVE-2018-1000888} [stretch] - php-pear 1:1.10.1+submodules+notgz-9+deb9u1 [30 Jan 2019] DSA-4377-1 rssh - security update {CVE-2019-1000018} [stretch] - rssh 2.3.4-5+deb9u1 [30 Jan 2019] DSA-4376-1 firefox-esr - security update {CVE-2018-18500 CVE-2018-18501 CVE-2018-18505} [stretch] - firefox-esr 60.5.0esr-1~deb9u1 [29 Jan 2019] DSA-4375-1 spice - security update {CVE-2019-3813} [stretch] - spice 0.12.8-2.1+deb9u3 [28 Jan 2019] DSA-4374-1 qtbase-opensource-src - security update {CVE-2018-15518 CVE-2018-19870 CVE-2018-19873} [stretch] - qtbase-opensource-src 5.7.1+dfsg-3+deb9u1 [28 Jan 2019] DSA-4373-1 coturn - security update {CVE-2018-4056 CVE-2018-4058 CVE-2018-4059} [stretch] - coturn 4.5.0.5-1+deb9u1 [26 Jan 2019] DSA-4372-1 ghostscript - security update {CVE-2019-6116} [stretch] - ghostscript 9.26a~dfsg-0+deb9u1 [22 Jan 2019] DSA-4371-1 apt - security update {CVE-2019-3462} [stretch] - apt 1.4.9 [17 Jan 2019] DSA-4370-1 drupal7 - security update {CVE-2019-6338 CVE-2019-6339} [stretch] - drupal7 7.52-2+deb9u6 [15 Jan 2019] DSA-4367-2 systemd - regression update [stretch] - systemd 232-25+deb9u8 [14 Jan 2019] DSA-4369-1 xen - security update {CVE-2018-19961 CVE-2018-19962 CVE-2018-19965 CVE-2018-19966 CVE-2018-19967} [stretch] - xen 4.8.5+shim4.10.2+xsa282-1+deb9u11 [14 Jan 2019] DSA-4368-1 zeromq3 - security update {CVE-2019-6250} [stretch] - zeromq3 4.2.1-4+deb9u1 [13 Jan 2019] DSA-4367-1 systemd - security update {CVE-2018-16864 CVE-2018-16865 CVE-2018-16866} [stretch] - systemd 232-25+deb9u7 [12 Jan 2019] DSA-4366-1 vlc - security update {CVE-2018-19857} [stretch] - vlc 3.0.6-0+deb9u1 [10 Jan 2019] DSA-4365-1 tmpreaper - security update {CVE-2019-3461} [stretch] - tmpreaper 1.6.13+nmu1+deb9u1 [08 Jan 2019] DSA-4364-1 ruby-loofah - security update {CVE-2018-16468} [stretch] - ruby-loofah 2.0.3-2+deb9u2 [08 Jan 2019] DSA-4363-1 python-django - security update {CVE-2019-3498} [stretch] - python-django 1:1.10.7-2+deb9u4 [01 Jan 2019] DSA-4362-1 thunderbird - security update {CVE-2018-18498 CVE-2018-18494 CVE-2018-18493 CVE-2018-18492 CVE-2018-17466 CVE-2018-12405} [stretch] - thunderbird 1:60.4.0-1~deb9u1 [28 Dec 2018] DSA-4361-1 libextractor - security update {CVE-2018-20430 CVE-2018-20431} [stretch] - libextractor 1:1.3-4+deb9u3 [27 Dec 2018] DSA-4360-1 libarchive - security update {CVE-2016-10209 CVE-2016-10349 CVE-2016-10350 CVE-2017-14166 CVE-2017-14501 CVE-2017-14502 CVE-2017-14503 CVE-2018-1000877 CVE-2018-1000878 CVE-2018-1000880} [stretch] - libarchive 3.2.2-2+deb9u1 [27 Dec 2018] DSA-4359-1 wireshark - security update {CVE-2018-12086 CVE-2018-18225 CVE-2018-18226 CVE-2018-18227 CVE-2018-19622 CVE-2018-19623 CVE-2018-19624 CVE-2018-19625 CVE-2018-19626 CVE-2018-19627 CVE-2018-19628} [stretch] - wireshark 2.6.5-1~deb9u1 [27 Dec 2018] DSA-4358-1 ruby-sanitize - security update {CVE-2018-3740} [stretch] - ruby-sanitize 2.1.0-2+deb9u1 [23 Dec 2018] DSA-4346-2 ghostscript - regression update [stretch] - ghostscript 9.26~dfsg-0+deb9u2 [20 Dec 2018] DSA-4357-1 libapache-mod-jk - security update {CVE-2018-11759} [stretch] - libapache-mod-jk 1:1.2.46-0+deb9u1 [20 Dec 2018] DSA-4356-1 netatalk - security update {CVE-2018-1160} [stretch] - netatalk 2.2.5-2+deb9u1 [19 Dec 2018] DSA-4355-1 openssl1.0 - security update {CVE-2018-0732 CVE-2018-0734 CVE-2018-0737 CVE-2018-5407} [stretch] - openssl1.0 1.0.2q-1~deb9u1 [12 Dec 2018] DSA-4354-1 firefox-esr - security update {CVE-2018-12405 CVE-2018-17466 CVE-2018-18492 CVE-2018-18493 CVE-2018-18494 CVE-2018-18498} [stretch] - firefox-esr 60.4.0esr-1~deb9u1 [10 Dec 2018] DSA-4353-1 php7.0 - security update {CVE-2018-14851 CVE-2018-14883 CVE-2018-17082 CVE-2018-19518 CVE-2018-19935 CVE-2018-20783} [stretch] - php7.0 7.0.33-0+deb9u1 [07 Dec 2018] DSA-4352-1 chromium-browser - security update {CVE-2018-17480 CVE-2018-17481 CVE-2018-18335 CVE-2018-18336 CVE-2018-18337 CVE-2018-18338 CVE-2018-18339 CVE-2018-18340 CVE-2018-18341 CVE-2018-18342 CVE-2018-18343 CVE-2018-18344 CVE-2018-18345 CVE-2018-18346 CVE-2018-18347 CVE-2018-18348 CVE-2018-18349 CVE-2018-18350 CVE-2018-18351 CVE-2018-18352 CVE-2018-18353 CVE-2018-18354 CVE-2018-18355 CVE-2018-18356 CVE-2018-18357 CVE-2018-18358 CVE-2018-18359 CVE-2018-20346 CVE-2018-20070 CVE-2018-20068 CVE-2018-20067 CVE-2018-20066 CVE-2018-20065} [stretch] - chromium-browser 71.0.3578.80-1~deb9u1 [07 Dec 2018] DSA-4351-1 libphp-phpmailer - security update {CVE-2018-19296} [stretch] - libphp-phpmailer 5.2.14+dfsg-2.3+deb9u1 [06 Dec 2018] DSA-4350-1 policykit-1 - security update {CVE-2018-19788} [stretch] - policykit-1 0.105-18+deb9u1 [30 Nov 2018] DSA-4349-1 tiff - security update {CVE-2017-11613 CVE-2017-17095 CVE-2018-5784 CVE-2018-7456 CVE-2018-8905 CVE-2018-10963 CVE-2018-17101 CVE-2018-18557 CVE-2018-15209 CVE-2018-16335} [stretch] - tiff 4.0.8-2+deb9u4 [30 Nov 2018] DSA-4348-1 openssl - security update {CVE-2018-0732 CVE-2018-0734 CVE-2018-0735 CVE-2018-0737 CVE-2018-5407} [stretch] - openssl 1.1.0j-1~deb9u1 [29 Nov 2018] DSA-4347-1 perl - security update {CVE-2018-18311 CVE-2018-18312 CVE-2018-18313 CVE-2018-18314} [stretch] - perl 5.24.1-3+deb9u5 [27 Nov 2018] DSA-4346-1 ghostscript - security update {CVE-2018-19134 CVE-2018-19409 CVE-2018-19475 CVE-2018-19476 CVE-2018-19477 CVE-2018-19478} [stretch] - ghostscript 9.26~dfsg-0+deb9u1 [27 Nov 2018] DSA-4345-1 samba - security update {CVE-2018-14629 CVE-2018-16841 CVE-2018-16851} [stretch] - samba 2:4.5.12+dfsg-2+deb9u4 [24 Nov 2018] DSA-4344-1 roundcube - security update {CVE-2018-19206} [stretch] - roundcube 1.2.3+dfsg.1-4+deb9u3 [23 Nov 2018] DSA-4343-1 liblivemedia - security update {CVE-2018-4013} [stretch] - liblivemedia 2016.11.28-1+deb9u1 [21 Nov 2018] DSA-4339-2 ceph - regression update [stretch] - ceph 10.2.11-2 [21 Nov 2018] DSA-4342-1 chromium-browser - security update {CVE-2018-17479} [stretch] - chromium-browser 70.0.3538.110-1~deb9u1 [19 Nov 2018] DSA-4341-1 mariadb-10.1 - security update {CVE-2017-10268 CVE-2017-10378 CVE-2017-15365 CVE-2018-2562 CVE-2018-2612 CVE-2018-2622 CVE-2018-2640 CVE-2018-2665 CVE-2018-2668 CVE-2018-2755 CVE-2018-2761 CVE-2018-2766 CVE-2018-2767 CVE-2018-2771 CVE-2018-2781 CVE-2018-2782 CVE-2018-2784 CVE-2018-2787 CVE-2018-2813 CVE-2018-2817 CVE-2018-2819 CVE-2018-3058 CVE-2018-3063 CVE-2018-3064 CVE-2018-3066 CVE-2018-3081 CVE-2018-3143 CVE-2018-3156 CVE-2018-3174 CVE-2018-3251 CVE-2018-3282 CVE-2019-2503} [stretch] - mariadb-10.1 10.1.37-0+deb9u1 [18 Nov 2018] DSA-4340-1 chromium-browser - security update {CVE-2018-17478} [stretch] - chromium-browser 70.0.3538.102-1~deb9u1 [13 Nov 2018] DSA-4339-1 ceph - security update {CVE-2017-7519 CVE-2018-10861 CVE-2018-1128 CVE-2018-1129} [stretch] - ceph 10.2.11-1 [11 Nov 2018] DSA-4338-1 qemu - security update {CVE-2018-10839 CVE-2018-17962 CVE-2018-17963} [stretch] - qemu 1:2.8+dfsg-6+deb9u5 [10 Nov 2018] DSA-4337-1 thunderbird - security update {CVE-2018-12389 CVE-2018-12390 CVE-2018-12392 CVE-2018-12393} [stretch] - thunderbird 1:60.3.0-1~deb9u1 [10 Nov 2018] DSA-4336-1 ghostscript - security update {CVE-2018-11645 CVE-2018-17961 CVE-2018-18073 CVE-2018-18284} [stretch] - ghostscript 9.25~dfsg-0+deb9u1 [08 Nov 2018] DSA-4335-1 nginx - security update {CVE-2018-16843 CVE-2018-16844 CVE-2018-16845} [stretch] - nginx 1.10.3-1+deb9u2 [04 Nov 2018] DSA-4334-1 mupdf - security update {CVE-2017-17866 CVE-2018-5686 CVE-2018-6187 CVE-2018-6192 CVE-2018-1000037 CVE-2018-1000040} [stretch] - mupdf 1.9a+ds1-4+deb9u4 [04 Nov 2018] DSA-4333-1 icecast2 - security update {CVE-2018-18820} [stretch] - icecast2 2.4.2-1+deb9u1 [03 Nov 2018] DSA-4332-1 ruby2.3 - security update {CVE-2018-16395 CVE-2018-16396} [stretch] - ruby2.3 2.3.3-1+deb9u4 [02 Nov 2018] DSA-4331-1 curl - security update {CVE-2018-16839 CVE-2018-16842} [stretch] - curl 7.52.1-5+deb9u8 [02 Nov 2018] DSA-4330-1 chromium-browser - security update {CVE-2018-5179 CVE-2018-17462 CVE-2018-17463 CVE-2018-17464 CVE-2018-17465 CVE-2018-17466 CVE-2018-17467 CVE-2018-17468 CVE-2018-17469 CVE-2018-17470 CVE-2018-17471 CVE-2018-17472 CVE-2018-17473 CVE-2018-17474 CVE-2018-17475 CVE-2018-17476 CVE-2018-17477 CVE-2018-20071} [stretch] - chromium-browser 70.0.3538.67-1~deb9u1 [28 Oct 2018] DSA-4329-1 teeworlds - security update {CVE-2018-18541} [stretch] - teeworlds 0.6.5+dfsg-1~deb9u1 [25 Oct 2018] DSA-4328-1 xorg-server - security update {CVE-2018-14665} [stretch] - xorg-server 2:1.19.2-1+deb9u4 [25 Oct 2018] DSA-4327-1 thunderbird - security update {CVE-2017-16541 CVE-2018-12376 CVE-2018-12377 CVE-2018-12378 CVE-2018-12379 CVE-2018-12383 CVE-2018-12385 CVE-2018-18499} [stretch] - thunderbird 1:60.2.1-2~deb9u1 [25 Oct 2018] DSA-4326-1 openjdk-8 - security update {CVE-2018-3136 CVE-2018-3139 CVE-2018-3149 CVE-2018-3169 CVE-2018-3180 CVE-2018-3183 CVE-2018-3214} [stretch] - openjdk-8 8u181-b13-2~deb9u1 [25 Oct 2018] DSA-4325-1 mosquitto - security update {CVE-2017-7651 CVE-2017-7652 CVE-2017-7653 CVE-2017-7654} [stretch] - mosquitto 1.4.10-3+deb9u2 [24 Oct 2018] DSA-4324-1 firefox-esr - security update {CVE-2018-12389 CVE-2018-12390 CVE-2018-12392 CVE-2018-12393 CVE-2018-12395 CVE-2018-12396 CVE-2018-12397} [stretch] - firefox-esr 60.3.0esr-1~deb9u1 [18 Oct 2018] DSA-4323-1 drupal7 - security update [stretch] - drupal7 7.52-2+deb9u5 [17 Oct 2018] DSA-4322-1 libssh - security update {CVE-2018-10933} [stretch] - libssh 0.7.3-2+deb9u1 [16 Oct 2018] DSA-4321-1 graphicsmagick - security update {CVE-2017-10794 CVE-2017-10799 CVE-2017-10800 CVE-2017-11102 CVE-2017-11139 CVE-2017-11140 CVE-2017-11403 CVE-2017-11636 CVE-2017-11637 CVE-2017-11638 CVE-2017-11641 CVE-2017-11642 CVE-2017-11643 CVE-2017-11722 CVE-2017-12935 CVE-2017-12936 CVE-2017-12937 CVE-2017-13063 CVE-2017-13064 CVE-2017-13065 CVE-2017-13134 CVE-2017-13737 CVE-2017-13775 CVE-2017-13776 CVE-2017-13777 CVE-2017-14314 CVE-2017-14504 CVE-2017-14733 CVE-2017-14994 CVE-2017-14997 CVE-2017-15238 CVE-2017-15277 CVE-2017-15930 CVE-2017-16352 CVE-2017-16353 CVE-2017-16545 CVE-2017-16547 CVE-2017-16669 CVE-2017-17498 CVE-2017-17500 CVE-2017-17501 CVE-2017-17502 CVE-2017-17503 CVE-2017-17782 CVE-2017-17783 CVE-2017-17912 CVE-2017-17913 CVE-2017-17915 CVE-2017-18219 CVE-2017-18220 CVE-2017-18229 CVE-2017-18230 CVE-2017-18231 CVE-2018-5685 CVE-2018-6799 CVE-2018-9018} [stretch] - graphicsmagick 1.3.30+hg15796-1~deb9u1 [16 Oct 2018] DSA-4320-1 asterisk - security update {CVE-2018-7284 CVE-2018-7286 CVE-2018-12227 CVE-2018-17281} [stretch] - asterisk 1:13.14.1~dfsg-2+deb9u4 [15 Oct 2018] DSA-4319-1 spice - security update {CVE-2018-10873} [stretch] - spice 0.12.8-2.1+deb9u2 [15 Oct 2018] DSA-4318-1 moin - security update {CVE-2017-5934} [stretch] - moin 1.9.9-1+deb9u1 [14 Oct 2018] DSA-4317-1 otrs2 - security update {CVE-2018-14593 CVE-2018-16586 CVE-2018-16587} [stretch] - otrs2 5.0.16-1+deb9u6 [12 Oct 2018] DSA-4316-1 imagemagick - security update {CVE-2018-16412 CVE-2018-16413 CVE-2018-16642 CVE-2018-16644 CVE-2018-16645} [stretch] - imagemagick 8:6.9.7.4+dfsg-11+deb9u6 [12 Oct 2018] DSA-4315-1 wireshark - security update {CVE-2018-16056 CVE-2018-16057 CVE-2018-16058} [stretch] - wireshark 2.6.3-1~deb9u1 [11 Oct 2018] DSA-4314-1 net-snmp - security update {CVE-2018-18065} [stretch] - net-snmp 5.7.3+dfsg-1.7+deb9u1 [08 Oct 2018] DSA-4313-1 linux - security update {CVE-2018-15471 CVE-2018-18021} [stretch] - linux 4.9.110-3+deb9u6 [08 Oct 2018] DSA-4312-1 tinc - security update {CVE-2018-16738 CVE-2018-16758} [stretch] - tinc 1.0.31-1+deb9u1 [05 Oct 2018] DSA-4311-1 git - security update {CVE-2018-17456} [stretch] - git 1:2.11.0-3+deb9u4 [03 Oct 2018] DSA-4310-1 firefox-esr - security update {CVE-2018-12386 CVE-2018-12387} [stretch] - firefox-esr 60.2.2esr-1~deb9u1 [01 Oct 2018] DSA-4309-1 strongswan - security update {CVE-2018-17540} [stretch] - strongswan 5.5.1-4+deb9u4 [01 Oct 2018] DSA-4308-1 linux - security update {CVE-2018-6554 CVE-2018-6555 CVE-2018-7755 CVE-2018-9363 CVE-2018-9516 CVE-2018-10902 CVE-2018-10938 CVE-2018-13099 CVE-2018-14609 CVE-2018-14617 CVE-2018-14633 CVE-2018-14678 CVE-2018-14734 CVE-2018-15572 CVE-2018-15594 CVE-2018-16276 CVE-2018-16658 CVE-2018-17182} [stretch] - linux 4.9.110-3+deb9u5 [28 Sep 2018] DSA-4307-1 python3.5 - security update {CVE-2017-1000158 CVE-2018-1060 CVE-2018-1061 CVE-2018-14647} [stretch] - python3.5 3.5.3-1+deb9u1 [27 Sep 2018] DSA-4306-1 python2.7 - security update {CVE-2018-1060 CVE-2018-1061 CVE-2018-14647 CVE-2018-1000802} [stretch] - python2.7 2.7.13-2+deb9u3 [24 Sep 2018] DSA-4305-1 strongswan - security update {CVE-2018-16151 CVE-2018-16152} [stretch] - strongswan 5.5.1-4+deb9u3 [23 Sep 2018] DSA-4304-1 firefox-esr - security update {CVE-2018-12383 CVE-2018-12385} [stretch] - firefox-esr 60.2.1esr-1~deb9u1 [23 Sep 2018] DSA-4303-1 okular - security update {CVE-2018-1000801} [stretch] - okular 4:16.08.2-1+deb9u1 [23 Sep 2018] DSA-4302-1 openafs - security update {CVE-2018-16947 CVE-2018-16948 CVE-2018-16949} [stretch] - openafs 1.6.20-2+deb9u2 [22 Sep 2018] DSA-4301-1 mediawiki - security update {CVE-2018-0503 CVE-2018-0504 CVE-2018-0505} [stretch] - mediawiki 1:1.27.5-1~deb9u1 [22 Sep 2018] DSA-4300-1 libarchive-zip-perl - security update {CVE-2018-10860} [stretch] - libarchive-zip-perl 1.59-1+deb9u1 [21 Sep 2018] DSA-4299-1 texlive-bin - security update {CVE-2018-17407} [stretch] - texlive-bin 2016.20160513.41080.dfsg-2+deb9u1 [20 Sep 2018] DSA-4298-1 hylafax - security update {CVE-2018-17141} [stretch] - hylafax 3:6.0.6-7+deb9u1 [19 Sep 2018] DSA-4297-1 chromium-browser - security update {CVE-2018-17458 CVE-2018-17459} [stretch] - chromium-browser 69.0.3497.92-1~deb9u1 [16 Sep 2018] DSA-4296-1 mbedtls - security update {CVE-2018-0497 CVE-2018-0498} [stretch] - mbedtls 2.4.2-1+deb9u3 [16 Sep 2018] DSA-4295-1 thunderbird - security update {CVE-2018-5156 CVE-2018-5187 CVE-2018-12361 CVE-2018-12367 CVE-2018-12371} [stretch] - thunderbird 1:60.0-3~deb9u1 [16 Sep 2018] DSA-4273-2 intel-microcode - security update {CVE-2018-3639 CVE-2018-3640} [stretch] - intel-microcode 3.20180807a.1~deb9u1 [16 Sep 2018] DSA-4294-1 ghostscript - security update {CVE-2018-16509 CVE-2018-16802 CVE-2018-17183} [stretch] - ghostscript 9.20~dfsg-3.2+deb9u5 [14 Sep 2018] DSA-4293-1 discount - security update {CVE-2018-11468 CVE-2018-11503 CVE-2018-11504 CVE-2018-12495} [stretch] - discount 2.2.2-1+deb9u1 [11 Sep 2018] DSA-4292-1 kamailio - security update {CVE-2018-16657} [stretch] - kamailio 4.4.4-2+deb9u3 [11 Sep 2018] DSA-4291-1 mgetty - security update {CVE-2018-16741} [stretch] - mgetty 1.1.36-3+deb9u1 [10 Sep 2018] DSA-4290-1 libextractor - security update {CVE-2018-14346 CVE-2018-14347 CVE-2018-16430} [stretch] - libextractor 1:1.3-4+deb9u2 [07 Sep 2018] DSA-4289-1 chromium-browser - security update {CVE-2018-16065 CVE-2018-16066 CVE-2018-16067 CVE-2018-16068 CVE-2018-16069 CVE-2018-16070 CVE-2018-16071 CVE-2018-16073 CVE-2018-16074 CVE-2018-16075 CVE-2018-16076 CVE-2018-16077 CVE-2018-16078 CVE-2018-16079 CVE-2018-16080 CVE-2018-16081 CVE-2018-16082 CVE-2018-16083 CVE-2018-16084 CVE-2018-16085 CVE-2018-16435 CVE-2018-16086 CVE-2018-16087 CVE-2018-16088 CVE-2018-17457} [stretch] - chromium-browser 69.0.3497.81-1~deb9u1 [07 Sep 2018] DSA-4288-1 ghostscript - security update {CVE-2018-15908 CVE-2018-15910 CVE-2018-15911 CVE-2018-16511 CVE-2018-16513 CVE-2018-16539 CVE-2018-16540 CVE-2018-16541 CVE-2018-16542 CVE-2018-16543 CVE-2018-16585 CVE-2018-15909} [stretch] - ghostscript 9.20~dfsg-3.2+deb9u4 [07 Sep 2018] DSA-4287-1 firefox-esr - security update {CVE-2018-12376 CVE-2018-12377 CVE-2018-12378 CVE-2018-18499} [stretch] - firefox-esr 60.2.0esr-1~deb9u2 [05 Sep 2018] DSA-4286-1 curl - security update {CVE-2018-14618} [stretch] - curl 7.52.1-5+deb9u7 [05 Sep 2018] DSA-4285-1 sympa - security update {CVE-2018-1000550} [stretch] - sympa 6.2.16~dfsg-3+deb9u1 [04 Sep 2018] DSA-4284-1 lcms2 - security update {CVE-2018-16435} [stretch] - lcms2 2.8-4+deb9u1 [31 Aug 2018] DSA-4283-1 ruby-json-jwt - security update {CVE-2018-1000539} [stretch] - ruby-json-jwt 1.6.2-1+deb9u1 [31 Aug 2018] DSA-4282-1 trafficserver - security update {CVE-2018-1318 CVE-2018-8004 CVE-2018-8005 CVE-2018-8040} [stretch] - trafficserver 7.0.0-6+deb9u2 [29 Aug 2018] DSA-4281-1 tomcat8 - security update {CVE-2018-1304 CVE-2018-1305 CVE-2018-1336 CVE-2018-8034 CVE-2018-8037} [stretch] - tomcat8 8.5.14-1+deb9u3 [22 Aug 2018] DSA-4279-2 linux - regression update [stretch] - linux 4.9.110-3+deb9u4 [22 Aug 2018] DSA-4280-1 openssh - security update {CVE-2018-15473} [stretch] - openssh 1:7.4p1-10+deb9u4 [20 Aug 2018] DSA-4279-1 linux - security update {CVE-2018-3620 CVE-2018-3646} [stretch] - linux 4.9.110-3+deb9u3 [19 Aug 2018] DSA-4278-1 jetty9 - security update {CVE-2017-7656 CVE-2017-7657 CVE-2017-7658} [stretch] - jetty9 9.2.21-1+deb9u1 [17 Aug 2018] DSA-4277-1 mutt - security update {CVE-2018-14349 CVE-2018-14350 CVE-2018-14351 CVE-2018-14352 CVE-2018-14353 CVE-2018-14354 CVE-2018-14355 CVE-2018-14356 CVE-2018-14357 CVE-2018-14358 CVE-2018-14359 CVE-2018-14360 CVE-2018-14361 CVE-2018-14362 CVE-2018-14363} [stretch] - mutt 1.7.2-1+deb9u1 [17 Aug 2018] DSA-4276-1 php-horde-image - security update {CVE-2017-9773 CVE-2017-9774 CVE-2017-14650} [stretch] - php-horde-image 2.3.6-1+deb9u1 [16 Aug 2018] DSA-4275-1 keystone - security update {CVE-2018-14432} [stretch] - keystone 2:10.0.0-9+deb9u1 [16 Aug 2018] DSA-4274-1 xen - security update {CVE-2018-3620 CVE-2018-3646 CVE-2018-15468 CVE-2018-15469 CVE-2018-15470} [stretch] - xen 4.8.4+xsa273+shim4.10.1+xsa273-1+deb9u10 [16 Aug 2018] DSA-4273-1 intel-microcode - security update {CVE-2018-3639 CVE-2018-3640} [stretch] - intel-microcode 3.20180703.2~deb9u1 [14 Aug 2018] DSA-4272-1 linux - security update {CVE-2018-5391} [stretch] - linux 4.9.110-3+deb9u2 [14 Aug 2018] DSA-4271-1 samba - security update {CVE-2018-10858 CVE-2018-10919} [stretch] - samba 2:4.5.12+dfsg-2+deb9u3 [13 Aug 2018] DSA-4270-1 gdm3 - security update {CVE-2018-14424} [stretch] - gdm3 3.22.3-3+deb9u2 [10 Aug 2018] DSA-4269-1 postgresql-9.6 - security update {CVE-2018-10915 CVE-2018-10925} [stretch] - postgresql-9.6 9.6.10-0+deb9u1 [10 Aug 2018] DSA-4268-1 openjdk-8 - security update {CVE-2018-2952} [stretch] - openjdk-8 8u181-b13-1~deb9u1 [08 Aug 2018] DSA-4267-1 kamailio - security update {CVE-2018-14767} [stretch] - kamailio 4.4.4-2+deb9u2 [06 Aug 2018] DSA-4266-1 linux - security update {CVE-2018-5390 CVE-2018-13405} [stretch] - linux 4.9.110-3+deb9u1 [05 Aug 2018] DSA-4265-1 xml-security-c - security update [stretch] - xml-security-c 1.7.3-4+deb9u1 [05 Aug 2018] DSA-4264-1 python-django - security update {CVE-2018-14574} [stretch] - python-django 1:1.10.7-2+deb9u2 [04 Aug 2018] DSA-4263-1 cgit - security update {CVE-2018-14912} [stretch] - cgit 1.1+git2.10.2-3+deb9u1 [03 Aug 2018] DSA-4262-1 symfony - security update {CVE-2016-2403 CVE-2017-16652 CVE-2017-16653 CVE-2017-16654 CVE-2017-16790 CVE-2018-11385 CVE-2018-11386 CVE-2018-11406} [stretch] - symfony 2.8.7+dfsg-1.3+deb9u1 [03 Aug 2018] DSA-4261-1 vim-syntastic - security update {CVE-2018-11319} [stretch] - vim-syntastic 3.7.0-1+deb9u2 [02 Aug 2018] DSA-4260-1 libmspack - security update {CVE-2018-14679 CVE-2018-14680 CVE-2018-14681 CVE-2018-14682} [stretch] - libmspack 0.5-1+deb9u2 [31 Jul 2018] DSA-4259-1 ruby2.3 - security update {CVE-2017-17405 CVE-2017-17742 CVE-2017-17790 CVE-2018-6914 CVE-2018-8777 CVE-2018-8778 CVE-2018-8779 CVE-2018-8780 CVE-2018-1000073 CVE-2018-1000074 CVE-2018-1000075 CVE-2018-1000076 CVE-2018-1000077 CVE-2018-1000078 CVE-2018-1000079} [stretch] - ruby2.3 2.3.3-1+deb9u3 [29 Jul 2018] DSA-4258-1 ffmpeg - security update {CVE-2018-14395} [stretch] - ffmpeg 7:3.2.12-1~deb9u1 [28 Jul 2018] DSA-4257-1 fuse - security update {CVE-2018-10906} [stretch] - fuse 2.9.7-1+deb9u1 [26 Jul 2018] DSA-4256-1 chromium-browser - security update {CVE-2018-4117 CVE-2018-6150 CVE-2018-6151 CVE-2018-6152 CVE-2018-6153 CVE-2018-6154 CVE-2018-6155 CVE-2018-6156 CVE-2018-6157 CVE-2018-6158 CVE-2018-6159 CVE-2018-6161 CVE-2018-6162 CVE-2018-6163 CVE-2018-6164 CVE-2018-6165 CVE-2018-6166 CVE-2018-6167 CVE-2018-6168 CVE-2018-6169 CVE-2018-6170 CVE-2018-6171 CVE-2018-6172 CVE-2018-6173 CVE-2018-6174 CVE-2018-6175 CVE-2018-6176 CVE-2018-6177 CVE-2018-6178 CVE-2018-6179 CVE-2018-17461 CVE-2018-17460 CVE-2018-16064} [stretch] - chromium-browser 68.0.3440.75-1~deb9u1 [24 Jul 2018] DSA-4255-1 ant - security update {CVE-2018-10886} [stretch] - ant 1.9.9-1+deb9u1 [24 Jul 2018] DSA-4254-1 slurm-llnl - security update {CVE-2018-7033 CVE-2018-10995} [stretch] - slurm-llnl 16.05.9-1+deb9u2 [23 Jul 2018] DSA-4253-1 network-manager-vpnc - security update {CVE-2018-10900} [stretch] - network-manager-vpnc 1.2.4-4+deb9u1 [18 Jul 2018] DSA-4252-1 znc - security update {CVE-2018-14055 CVE-2018-14056} [stretch] - znc 1.6.5-1+deb9u1 [18 Jul 2018] DSA-4251-1 vlc - security update {CVE-2018-11529} [stretch] - vlc 3.0.3-1-0+deb9u1 [18 Jul 2018] DSA-4250-1 wordpress - security update {CVE-2018-12895} [stretch] - wordpress 4.7.5+dfsg-2+deb9u4 [17 Jul 2018] DSA-4249-1 ffmpeg - security update {CVE-2018-6392 CVE-2018-6621 CVE-2018-7557 CVE-2018-10001 CVE-2018-12458 CVE-2018-13300 CVE-2018-13302 CVE-2018-1999013 CVE-2018-1999012 CVE-2018-1999010 CVE-2018-14394} [stretch] - ffmpeg 7:3.2.11-1~deb9u1 [17 Jul 2018] DSA-4248-1 blender - security update {CVE-2017-2899 CVE-2017-2900 CVE-2017-2901 CVE-2017-2902 CVE-2017-2903 CVE-2017-2904 CVE-2017-2905 CVE-2017-2906 CVE-2017-2907 CVE-2017-2908 CVE-2017-2918 CVE-2017-12081 CVE-2017-12082 CVE-2017-12086 CVE-2017-12099 CVE-2017-12100 CVE-2017-12101 CVE-2017-12102 CVE-2017-12103 CVE-2017-12104 CVE-2017-12105} [stretch] - blender 2.79.b+dfsg0-1~deb9u1 [16 Jul 2018] DSA-4247-1 ruby-rack-protection - security update {CVE-2018-1000119} [stretch] - ruby-rack-protection 1.5.3-2+deb9u1 [15 Jul 2018] DSA-4246-1 mailman - security update {CVE-2018-0618} [stretch] - mailman 1:2.1.23-1+deb9u3 [14 Jul 2018] DSA-4245-1 imagemagick - security update {CVE-2018-5248 CVE-2018-11251 CVE-2018-12599 CVE-2018-12600} [stretch] - imagemagick 8:6.9.7.4+dfsg-11+deb9u5 [13 Jul 2018] DSA-4244-1 thunderbird - security update {CVE-2018-5188 CVE-2018-12359 CVE-2018-12360 CVE-2018-12362 CVE-2018-12363 CVE-2018-12364 CVE-2018-12365 CVE-2018-12366 CVE-2018-12372 CVE-2018-12373 CVE-2018-12374} [stretch] - thunderbird 1:52.9.1-1~deb9u1 [11 Jul 2018] DSA-4243-1 cups - security update {CVE-2017-15400 CVE-2018-4180 CVE-2018-4181 CVE-2018-6553} [stretch] - cups 2.2.1-8+deb9u2 [09 Jul 2018] DSA-4242-1 ruby-sprockets - security update {CVE-2018-3760} [stretch] - ruby-sprockets 3.7.0-1+deb9u1 [05 Jul 2018] DSA-4241-1 libsoup2.4 - security update {CVE-2018-12910} [stretch] - libsoup2.4 2.56.0-2+deb9u2 [05 Jul 2018] DSA-4240-1 php7.0 - security update {CVE-2018-7584 CVE-2018-10545 CVE-2018-10546 CVE-2018-10547 CVE-2018-10548 CVE-2018-10549} [stretch] - php7.0 7.0.30-0+deb9u1 [03 Jul 2018] DSA-4239-1 gosa - security update {CVE-2018-1000528} [stretch] - gosa 2.7.4+reloaded2-13+deb9u1 [03 Jul 2018] DSA-4238-1 exiv2 - security update {CVE-2018-10958 CVE-2018-10998 CVE-2018-10999 CVE-2018-11531 CVE-2018-12264 CVE-2018-12265} [stretch] - exiv2 0.25-3.1+deb9u1 [30 Jun 2018] DSA-4237-1 chromium-browser - security update {CVE-2018-6118 CVE-2018-6120 CVE-2018-6121 CVE-2018-6122 CVE-2018-6123 CVE-2018-6124 CVE-2018-6125 CVE-2018-6126 CVE-2018-6127 CVE-2018-6129 CVE-2018-6130 CVE-2018-6131 CVE-2018-6132 CVE-2018-6133 CVE-2018-6134 CVE-2018-6135 CVE-2018-6136 CVE-2018-6137 CVE-2018-6138 CVE-2018-6139 CVE-2018-6140 CVE-2018-6141 CVE-2018-6142 CVE-2018-6143 CVE-2018-6144 CVE-2018-6145 CVE-2018-6147 CVE-2018-6148 CVE-2018-6149} [stretch] - chromium-browser 67.0.3396.87-1~deb9u1 [27 Jun 2018] DSA-4236-1 xen - security update {CVE-2018-12891 CVE-2018-12892 CVE-2018-12893} [stretch] - xen 4.8.3+xsa267+shim4.10.1+xsa267-1+deb9u9 [27 Jun 2018] DSA-4235-1 firefox-esr - security update {CVE-2018-5156 CVE-2018-5188 CVE-2018-12359 CVE-2018-12360 CVE-2018-12362 CVE-2018-12363 CVE-2018-12364 CVE-2018-12365 CVE-2018-12366} [stretch] - firefox-esr 52.9.0esr-1~deb9u1 [22 Jun 2018] DSA-4234-1 lava-server - security update {CVE-2018-12564 CVE-2018-12565} [stretch] - lava-server 2016.12-3 [22 Jun 2018] DSA-4233-1 bouncycastle - security update {CVE-2018-1000180} [stretch] - bouncycastle 1.56-1+deb9u2 [20 Jun 2018] DSA-4232-1 xen - security update {CVE-2018-3665} [stretch] - xen 4.8.3+xsa267+shim4.10.1+xsa267-1+deb9u8 [17 Jun 2018] DSA-4231-1 libgcrypt20 - security update {CVE-2018-0495} [stretch] - libgcrypt20 1.7.6-2+deb9u3 [17 Jun 2018] DSA-4230-1 redis - security update {CVE-2018-11218 CVE-2018-11219 CVE-2018-12326} [stretch] - redis 3:3.2.6-3+deb9u1 [14 Jun 2018] DSA-4229-1 strongswan - security update {CVE-2018-5388 CVE-2018-10811} [jessie] - strongswan 5.2.1-6+deb8u6 [stretch] - strongswan 5.5.1-4+deb9u2 [14 Jun 2018] DSA-4228-1 spip - security update {CVE-2017-15736} [jessie] - spip 3.0.17-2+deb8u4 [stretch] - spip 3.1.4-4~deb9u1 [12 Jun 2018] DSA-4227-1 plexus-archiver - security update {CVE-2018-1002200} [jessie] - plexus-archiver 1.2-1+deb8u1 [stretch] - plexus-archiver 2.2-1+deb9u1 [12 Jun 2018] DSA-4226-1 perl - security update {CVE-2018-12015} [jessie] - perl 5.20.2-3+deb8u11 [stretch] - perl 5.24.1-3+deb9u4 [10 Jun 2018] DSA-4225-1 openjdk-7 - security update {CVE-2018-2790 CVE-2018-2794 CVE-2018-2795 CVE-2018-2796 CVE-2018-2797 CVE-2018-2798 CVE-2018-2799 CVE-2018-2800 CVE-2018-2814 CVE-2018-2815} [jessie] - openjdk-7 7u181-2.6.14-1~deb8u1 [08 Jun 2018] DSA-4224-1 gnupg - security update {CVE-2018-12020} [jessie] - gnupg 1.4.18-7+deb8u5 [08 Jun 2018] DSA-4223-1 gnupg1 - security update {CVE-2018-12020} [stretch] - gnupg1 1.4.21-4+deb9u1 [08 Jun 2018] DSA-4222-1 gnupg2 - security update {CVE-2018-12020} [jessie] - gnupg2 2.0.26-6+deb8u2 [stretch] - gnupg2 2.1.18-8~deb9u2 [08 Jun 2018] DSA-4221-1 libvncserver - security update {CVE-2018-7225} [jessie] - libvncserver 0.9.9+dfsg2-6.1+deb8u3 [stretch] - libvncserver 0.9.11+dfsg-1+deb9u1 [08 Jun 2018] DSA-4220-1 firefox-esr - security update {CVE-2018-6126} [jessie] - firefox-esr 52.8.1esr-1~deb8u1 [stretch] - firefox-esr 52.8.1esr-1~deb9u1 [08 Jun 2018] DSA-4219-1 jruby - security update {CVE-2018-1000073 CVE-2018-1000074 CVE-2018-1000075 CVE-2018-1000076 CVE-2018-1000077 CVE-2018-1000078 CVE-2018-1000079} [stretch] - jruby 1.7.26-1+deb9u1 [06 Jun 2018] DSA-4218-1 memcached - security update {CVE-2017-9951 CVE-2018-1000115 CVE-2018-1000127} [jessie] - memcached 1.4.21-1.1+deb8u2 [stretch] - memcached 1.4.33-1+deb9u1 [03 Jun 2018] DSA-4217-1 wireshark - security update {CVE-2018-7334 CVE-2018-7335 CVE-2018-7419 CVE-2018-9261 CVE-2018-11358 CVE-2018-11362} [jessie] - wireshark 1.12.1+g01b65bf-4+deb8u14 [stretch] - wireshark 2.2.6+g32dac6a-2+deb9u3 [03 Jun 2018] DSA-4191-2 redmine - regression update [stretch] - redmine 3.3.1-4+deb9u2 [02 Jun 2018] DSA-4216-1 prosody - security update {CVE-2018-10847} [jessie] - prosody 0.9.7-2+deb8u4 [stretch] - prosody 0.9.12-2+deb9u2 [02 Jun 2018] DSA-4215-1 batik - security update {CVE-2017-5662 CVE-2018-8013} [jessie] - batik 1.7+dfsg-5+deb8u1 [stretch] - batik 1.8-4+deb9u1 [01 Jun 2018] DSA-4214-1 zookeeper - security update {CVE-2018-8012} [jessie] - zookeeper 3.4.9-3+deb8u1 [stretch] - zookeeper 3.4.9-3+deb9u1 [29 May 2018] DSA-4213-1 qemu - security update {CVE-2017-5715 CVE-2017-15038 CVE-2017-15119 CVE-2017-15124 CVE-2017-15268 CVE-2017-15289 CVE-2017-16845 CVE-2017-17381 CVE-2017-18043 CVE-2018-5683 CVE-2018-7550} [stretch] - qemu 1:2.8+dfsg-6+deb9u4 [29 May 2018] DSA-4212-1 git - security update {CVE-2018-11235} [jessie] - git 1:2.1.4-2.1+deb8u6 [stretch] - git 1:2.11.0-3+deb9u3 [26 May 2018] DSA-4206-2 gitlab - regression update [stretch] - gitlab 8.13.11+dfsg1-8+deb9u3 [25 May 2018] DSA-4211-1 xdg-utils - security update {CVE-2017-18266} [jessie] - xdg-utils 1.1.0~rc1+git20111210-7.4+deb8u1 [stretch] - xdg-utils 1.1.1-1+deb9u1 [25 May 2018] DSA-4210-1 xen - security update {CVE-2018-3639} [stretch] - xen 4.8.3+xsa262+shim4.10.0+comet3-1+deb9u7 [25 May 2018] DSA-4209-1 thunderbird - security update {CVE-2018-5150 CVE-2018-5154 CVE-2018-5155 CVE-2018-5159 CVE-2018-5161 CVE-2018-5162 CVE-2018-5168 CVE-2018-5170 CVE-2018-5178 CVE-2018-5183 CVE-2018-5184 CVE-2018-5185} [jessie] - thunderbird 1:52.8.0-1~deb8u1 [stretch] - thunderbird 1:52.8.0-1~deb9u1 [22 May 2018] DSA-4208-1 procps - security update {CVE-2018-1122 CVE-2018-1123 CVE-2018-1124 CVE-2018-1125 CVE-2018-1126} [jessie] - procps 2:3.3.9-9+deb8u1 [stretch] - procps 2:3.3.12-3+deb9u1 [22 May 2018] DSA-4207-1 packagekit - security update {CVE-2018-1106} [stretch] - packagekit 1.1.5-2+deb9u1 [21 May 2018] DSA-4206-1 gitlab - security update {CVE-2017-0920 CVE-2018-8971} [stretch] - gitlab 8.13.11+dfsg1-8+deb9u2 [18 Apr 2018] DSA-4205-1 jessie end-of-life NOTE: end of security support for jessie [18 May 2018] DSA-4204-1 imagemagick - security update {CVE-2017-10995 CVE-2017-11533 CVE-2017-11535 CVE-2017-11639 CVE-2017-13143 CVE-2017-17504 CVE-2017-17879 CVE-2018-5248} [jessie] - imagemagick 8:6.8.9.9-5+deb8u12 [17 May 2018] DSA-4203-1 vlc - security update {CVE-2017-17670} [stretch] - vlc 3.0.2-0+deb9u1 [16 May 2018] DSA-4202-1 curl - security update {CVE-2018-1000301} [jessie] - curl 7.38.0-4+deb8u11 [stretch] - curl 7.52.1-5+deb9u6 [15 May 2018] DSA-4201-1 xen - security update {CVE-2018-8897 CVE-2018-10471 CVE-2018-10472 CVE-2018-10981 CVE-2018-10982 CVE-2017-5715} [stretch] - xen 4.8.3+xsa262+shim4.10.0+comet3-1+deb9u6 [14 May 2018] DSA-4200-1 kwallet-pam - security update {CVE-2018-10380} [stretch] - kwallet-pam 5.8.4-1+deb9u2 [10 May 2018] DSA-4199-1 firefox-esr - security update {CVE-2018-5150 CVE-2018-5154 CVE-2018-5155 CVE-2018-5157 CVE-2018-5158 CVE-2018-5159 CVE-2018-5168 CVE-2018-5178 CVE-2018-5183} [jessie] - firefox-esr 52.8.0esr-1~deb8u1 [stretch] - firefox-esr 52.8.0esr-1~deb9u1 [09 May 2018] DSA-4198-1 prosody - security update {CVE-2017-18265} [stretch] - prosody 0.9.12-2+deb9u1 [09 May 2018] DSA-4197-1 wavpack - security update {CVE-2018-10536 CVE-2018-10537 CVE-2018-10538 CVE-2018-10539 CVE-2018-10540} [stretch] - wavpack 5.0.0-2+deb9u2 [08 May 2018] DSA-4196-1 linux - security update {CVE-2018-1087 CVE-2018-8897} [jessie] - linux 3.16.56-1+deb8u1 [stretch] - linux 4.9.88-1+deb9u1 [08 May 2018] DSA-4195-1 wget - security update {CVE-2018-0494} [jessie] - wget 1.16-1+deb8u5 [stretch] - wget 1.18-5+deb9u2 [06 May 2018] DSA-4194-1 lucene-solr - security update {CVE-2018-1308} [jessie] - lucene-solr 3.6.2+dfsg-5+deb8u2 [stretch] - lucene-solr 3.6.2+dfsg-10+deb9u2 [05 May 2018] DSA-4193-1 wordpress - security update {CVE-2018-10100 CVE-2018-10102} [jessie] - wordpress 4.1+dfsg-1+deb8u17 [stretch] - wordpress 4.7.5+dfsg-2+deb9u3 [04 May 2018] DSA-4192-1 libmad - security update {CVE-2017-8372 CVE-2017-8373 CVE-2017-8374} [jessie] - libmad 0.15.1b-8+deb8u1 [stretch] - libmad 0.15.1b-8+deb9u1 [03 May 2018] DSA-4191-1 redmine - security update {CVE-2017-15568 CVE-2017-15569 CVE-2017-15570 CVE-2017-15571 CVE-2017-15572 CVE-2017-15573 CVE-2017-15574 CVE-2017-15575 CVE-2017-15576 CVE-2017-15577 CVE-2017-16804 CVE-2017-18026} [stretch] - redmine 3.3.1-4+deb9u1 [03 May 2018] DSA-4190-1 jackson-databind - security update {CVE-2018-7489} [jessie] - jackson-databind 2.4.2-2+deb8u4 [stretch] - jackson-databind 2.8.6-1+deb9u4 [02 May 2018] DSA-4189-1 quassel - security update {CVE-2018-1000178 CVE-2018-1000179} [jessie] - quassel 1:0.10.0-2.3+deb8u4 [stretch] - quassel 1:0.12.4-2+deb9u1 [01 May 2018] DSA-4188-1 linux - security update {CVE-2017-5715 CVE-2017-5753 CVE-2017-17975 CVE-2017-18193 CVE-2017-18216 CVE-2017-18218 CVE-2017-18222 CVE-2017-18224 CVE-2017-18241 CVE-2017-18257 CVE-2018-1065 CVE-2018-1066 CVE-2018-1068 CVE-2018-1092 CVE-2018-1093 CVE-2018-5803 CVE-2018-7480 CVE-2018-7566 CVE-2018-7740 CVE-2018-7757 CVE-2018-7995 CVE-2018-8087 CVE-2018-8781 CVE-2018-8822 CVE-2018-10323 CVE-2018-1000199} [stretch] - linux 4.9.88-1 [01 May 2018] DSA-4187-1 linux - security update {CVE-2015-9016 CVE-2017-0861 CVE-2017-5715 CVE-2017-5753 CVE-2017-13166 CVE-2017-13220 CVE-2017-16526 CVE-2017-16911 CVE-2017-16912 CVE-2017-16913 CVE-2017-16914 CVE-2017-18017 CVE-2017-18203 CVE-2017-18216 CVE-2017-18232 CVE-2017-18241 CVE-2018-1066 CVE-2018-1068 CVE-2018-1092 CVE-2018-5332 CVE-2018-5333 CVE-2018-5750 CVE-2018-5803 CVE-2018-6927 CVE-2018-7492 CVE-2018-7566 CVE-2018-7740 CVE-2018-7757 CVE-2018-7995 CVE-2018-8781 CVE-2018-8822 CVE-2018-1000004 CVE-2018-1000199} [jessie] - linux 3.16.56-1 [28 Apr 2018] DSA-4186-1 gunicorn - security update {CVE-2018-1000164} [jessie] - gunicorn 19.0-1+deb8u1 [28 Apr 2018] DSA-4185-1 openjdk-8 - security update {CVE-2018-2790 CVE-2018-2794 CVE-2018-2795 CVE-2018-2796 CVE-2018-2797 CVE-2018-2798 CVE-2018-2799 CVE-2018-2800 CVE-2018-2814 CVE-2018-2815} [stretch] - openjdk-8 8u171-b11-1~deb9u1 [28 Apr 2018] DSA-4184-1 sdl-image1.2 - security update {CVE-2017-2887 CVE-2017-12122 CVE-2017-14440 CVE-2017-14441 CVE-2017-14442 CVE-2017-14448 CVE-2017-14450 CVE-2018-3837 CVE-2018-3838 CVE-2018-3839} [jessie] - sdl-image1.2 1.2.12-5+deb8u1 [stretch] - sdl-image1.2 1.2.12-5+deb9u1 [28 Apr 2018] DSA-4183-1 tor - security update {CVE-2018-0490} [stretch] - tor 0.2.9.15-1 [28 Apr 2018] DSA-4182-1 chromium-browser - security update {CVE-2018-6056 CVE-2018-6057 CVE-2018-6060 CVE-2018-6061 CVE-2018-6062 CVE-2018-6063 CVE-2018-6064 CVE-2018-6065 CVE-2018-6066 CVE-2018-6067 CVE-2018-6068 CVE-2018-6069 CVE-2018-6070 CVE-2018-6071 CVE-2018-6072 CVE-2018-6073 CVE-2018-6074 CVE-2018-6075 CVE-2018-6076 CVE-2018-6077 CVE-2018-6078 CVE-2018-6079 CVE-2018-6080 CVE-2018-6081 CVE-2018-6082 CVE-2018-6083 CVE-2018-6085 CVE-2018-6086 CVE-2018-6087 CVE-2018-6088 CVE-2018-6089 CVE-2018-6090 CVE-2018-6091 CVE-2018-6092 CVE-2018-6093 CVE-2018-6094 CVE-2018-6095 CVE-2018-6096 CVE-2018-6097 CVE-2018-6098 CVE-2018-6099 CVE-2018-6100 CVE-2018-6101 CVE-2018-6102 CVE-2018-6103 CVE-2018-6104 CVE-2018-6105 CVE-2018-6106 CVE-2018-6107 CVE-2018-6108 CVE-2018-6109 CVE-2018-6110 CVE-2018-6111 CVE-2018-6112 CVE-2018-6113 CVE-2018-6114 CVE-2018-6116 CVE-2018-6117} [stretch] - chromium-browser 66.0.3359.117-1~deb9u1 [28 Apr 2018] DSA-4181-1 roundcube - security update {CVE-2018-9846} [stretch] - roundcube 1.2.3+dfsg.1-4+deb9u2 [25 Apr 2018] DSA-4180-1 drupal7 - security update {CVE-2018-7602} [jessie] - drupal7 7.32-1+deb8u12 [stretch] - drupal7 7.52-2+deb9u4 [24 Apr 2018] DSA-4179-1 linux-tools - security update [jessie] - linux-tools 3.16.56-1 [20 Apr 2018] DSA-4178-1 libreoffice - security update {CVE-2018-10119 CVE-2018-10120} [jessie] - libreoffice 1:4.3.3-2+deb8u11 [stretch] - libreoffice 1:5.2.7-1+deb9u4 [20 Apr 2018] DSA-4177-1 libsdl2-image - security update {CVE-2017-2887 CVE-2017-12122 CVE-2017-14440 CVE-2017-14441 CVE-2017-14442 CVE-2017-14448 CVE-2017-14449 CVE-2017-14450 CVE-2018-3837 CVE-2018-3838 CVE-2018-3839} [jessie] - libsdl2-image 2.0.0+dfsg-3+deb8u1 [stretch] - libsdl2-image 2.0.1+dfsg-2+deb9u1 [20 Apr 2018] DSA-4176-1 mysql-5.5 - security update {CVE-2018-2755 CVE-2018-2761 CVE-2018-2771 CVE-2018-2773 CVE-2018-2781 CVE-2018-2813 CVE-2018-2817 CVE-2018-2818 CVE-2018-2819} [jessie] - mysql-5.5 5.5.60-0+deb8u1 [18 Apr 2018] DSA-4175-1 freeplane - security update {CVE-2018-1000069} [jessie] - freeplane 1.3.12-1+deb8u1 [stretch] - freeplane 1.5.18-1+deb9u1 [17 Apr 2018] DSA-4174-1 corosync - security update {CVE-2018-1084} [stretch] - corosync 2.4.2-3+deb9u1 [16 Apr 2018] DSA-4173-1 r-cran-readxl - security update {CVE-2017-2896 CVE-2017-2897 CVE-2017-2919 CVE-2017-12108 CVE-2017-12109 CVE-2017-12110 CVE-2017-12111} [stretch] - r-cran-readxl 0.1.1-1+deb9u1 [14 Apr 2018] DSA-4172-1 perl - security update {CVE-2018-6913} [jessie] - perl 5.20.2-3+deb8u10 [stretch] - perl 5.24.1-3+deb9u3 [13 Apr 2018] DSA-4171-1 ruby-loofah - security update {CVE-2018-8048} [stretch] - ruby-loofah 2.0.3-2+deb9u1 [12 Apr 2018] DSA-4079-2 poppler - regression update {CVE-2017-9776} [jessie] - poppler 0.26.5-2+deb8u4 [09 Apr 2018] DSA-4170-1 pjproject - security update {CVE-2017-16872 CVE-2017-16875 CVE-2018-1000098 CVE-2018-1000099} [stretch] - pjproject 2.5.5~dfsg-6+deb9u1 [09 Apr 2018] DSA-4169-1 pcs - security update {CVE-2018-1086} [stretch] - pcs 0.9.155+dfsg-2+deb9u1 [08 Apr 2018] DSA-4168-1 squirrelmail - security update {CVE-2018-8741} [jessie] - squirrelmail 2:1.4.23~svn20120406-2+deb8u2 [05 Apr 2018] DSA-4167-1 sharutils - security update {CVE-2018-1000097} [jessie] - sharutils 1:4.14-2+deb8u1 [stretch] - sharutils 1:4.15.2-2+deb9u1 [04 Apr 2018] DSA-4166-1 openjdk-7 - security update {CVE-2018-2579 CVE-2018-2588 CVE-2018-2599 CVE-2018-2602 CVE-2018-2603 CVE-2018-2618 CVE-2018-2629 CVE-2018-2633 CVE-2018-2634 CVE-2018-2637 CVE-2018-2641 CVE-2018-2663 CVE-2018-2677 CVE-2018-2678} [jessie] - openjdk-7 7u171-2.6.13-1~deb8u1 [03 Apr 2018] DSA-4165-1 ldap-account-manager - security update {CVE-2018-8763} [jessie] - ldap-account-manager 4.7.1-1+deb8u1 [stretch] - ldap-account-manager 5.5-1+deb9u1 [03 Apr 2018] DSA-4164-1 apache2 - security update {CVE-2017-15710 CVE-2017-15715 CVE-2018-1283 CVE-2018-1301 CVE-2018-1303 CVE-2018-1312} [jessie] - apache2 2.4.10-10+deb8u12 [stretch] - apache2 2.4.25-3+deb9u4 [02 Apr 2018] DSA-4163-1 beep - security update {CVE-2018-0492} [jessie] - beep 1.3-3+deb8u1 [stretch] - beep 1.3-4+deb9u1 [01 Apr 2018] DSA-4162-1 irssi - security update {CVE-2018-5205 CVE-2018-5206 CVE-2018-5207 CVE-2018-5208 CVE-2018-7050 CVE-2018-7051 CVE-2018-7052 CVE-2018-7053 CVE-2018-7054} [stretch] - irssi 1.0.7-1~deb9u1 [01 Apr 2018] DSA-4161-1 python-django - security update {CVE-2018-7536 CVE-2018-7537} [jessie] - python-django 1.7.11-1+deb8u3 [stretch] - python-django 1:1.10.7-2+deb9u1 [01 Apr 2018] DSA-4160-1 libevt - security update {CVE-2018-8754} [stretch] - libevt 20170120-1+deb9u1 [01 Apr 2018] DSA-4159-1 remctl - security update {CVE-2018-0493} [stretch] - remctl 3.13-1+deb9u1 [29 Mar 2018] DSA-4158-1 openssl1.0 - security update {CVE-2018-0739} [stretch] - openssl1.0 1.0.2l-2+deb9u3 [29 Mar 2018] DSA-4157-1 openssl - security update {CVE-2018-0739} [jessie] - openssl 1.0.1t-1+deb8u8 [stretch] - openssl 1.1.0f-3+deb9u2 [29 Mar 2018] DSA-4156-1 drupal7 - security update {CVE-2018-7600} [jessie] - drupal7 7.32-1+deb8u11 [stretch] - drupal7 7.52-2+deb9u3 [28 Mar 2018] DSA-4155-1 thunderbird - security update {CVE-2018-5125 CVE-2018-5127 CVE-2018-5129 CVE-2018-5144 CVE-2018-5145 CVE-2018-5146} [jessie] - thunderbird 1:52.7.0-1~deb8u1 [stretch] - thunderbird 1:52.7.0-1~deb9u1 [28 Mar 2018] DSA-4154-1 net-snmp - security update {CVE-2015-5621 CVE-2018-1000116} [jessie] - net-snmp 5.7.2.1+dfsg-1+deb8u1 [27 Mar 2018] DSA-4153-1 firefox-esr - security update {CVE-2018-5148} [stretch] - firefox-esr 52.7.3esr-1~deb9u1 [jessie] - firefox-esr 52.7.3esr-1~deb8u1 [27 Mar 2018] DSA-4152-1 mupdf - security update {CVE-2018-6544 CVE-2018-1000051} [jessie] - mupdf 1.5-1+deb8u4 [stretch] - mupdf 1.9a+ds1-4+deb9u3 [26 Mar 2018] DSA-4151-1 librelp - security update {CVE-2018-1000140} [jessie] - librelp 1.2.7-2+deb8u1 [stretch] - librelp 1.2.12-1+deb9u1 [23 Mar 2018] DSA-4150-1 icu - security update {CVE-2017-15422} [jessie] - icu 52.1-8+deb8u7 [stretch] - icu 57.1-6+deb9u2 [22 Mar 2018] DSA-4149-1 plexus-utils2 - security update {CVE-2017-1000487} [jessie] - plexus-utils2 3.0.15-1+deb8u1 [22 Mar 2018] DSA-4148-1 kamailio - security update {CVE-2018-8828} [jessie] - kamailio 4.2.0-2+deb8u3 [stretch] - kamailio 4.4.4-2+deb9u1 [21 Mar 2018] DSA-4147-1 polarssl - security update {CVE-2017-18187 CVE-2018-0487 CVE-2018-0488} [jessie] - polarssl 1.3.9-2.1+deb8u3 [20 Mar 2018] DSA-4146-1 plexus-utils - security update {CVE-2017-1000487} [jessie] - plexus-utils 1:1.5.15-4+deb8u1 [stretch] - plexus-utils 1:1.5.15-4+deb9u1 [18 Mar 2018] DSA-4145-1 gitlab - security update {CVE-2017-0915 CVE-2017-0916 CVE-2017-0917 CVE-2017-0918 CVE-2017-0925 CVE-2017-0926 CVE-2018-3710} [stretch] - gitlab 8.13.11+dfsg1-8+deb9u1 [17 Mar 2018] DSA-4144-1 openjdk-8 - security update {CVE-2018-2579 CVE-2018-2582 CVE-2018-2588 CVE-2018-2599 CVE-2018-2602 CVE-2018-2603 CVE-2018-2618 CVE-2018-2629 CVE-2018-2633 CVE-2018-2634 CVE-2018-2637 CVE-2018-2641 CVE-2018-2663 CVE-2018-2677 CVE-2018-2678} [stretch] - openjdk-8 8u162-b12-1~deb9u1 [17 Mar 2018] DSA-4143-1 firefox-esr - security update {CVE-2018-5146 CVE-2018-5147} [jessie] - firefox-esr 52.7.2esr-1~deb8u1 [stretch] - firefox-esr 52.7.2esr-1~deb9u1 [17 Mar 2018] DSA-4142-1 uwsgi - security update {CVE-2018-7490} [jessie] - uwsgi 2.0.7-1+deb8u2 [stretch] - uwsgi 2.0.14+20161117-3+deb9u2 [16 Mar 2018] DSA-4141-1 libvorbisidec - security update {CVE-2018-5147} [jessie] - libvorbisidec 1.0.2+svn18153-1~deb8u2 [stretch] - libvorbisidec 1.0.2+svn18153-1+deb9u1 [16 Mar 2018] DSA-4140-1 libvorbis - security update {CVE-2018-5146} [jessie] - libvorbis 1.3.4-2+deb8u1 [stretch] - libvorbis 1.3.5-4+deb9u2 [15 Mar 2018] DSA-4139-1 firefox-esr - security-update {CVE-2018-5125 CVE-2018-5127 CVE-2018-5129 CVE-2018-5130 CVE-2018-5131 CVE-2018-5144 CVE-2018-5145} [jessie] - firefox-esr 52.7.1esr-1~deb8u1 [stretch] - firefox-esr 52.7.1esr-1~deb9u1 [15 Mar 2018] DSA-4138-1 mbedtls - security update {CVE-2017-18187 CVE-2018-0487 CVE-2018-0488} [stretch] - mbedtls 2.4.2-1+deb9u2 [14 Mar 2018] DSA-4137-1 libvirt - security update {CVE-2018-1064} [jessie] - libvirt 1.2.9-9+deb8u5 [stretch] - libvirt 3.0.0-4+deb9u3 [14 Mar 2018] DSA-4136-1 curl - security update {CVE-2018-1000120 CVE-2018-1000121 CVE-2018-1000122} [jessie] - curl 7.38.0-4+deb8u10 [stretch] - curl 7.52.1-5+deb9u5 [13 Mar 2018] DSA-4135-1 samba - security update {CVE-2018-1050 CVE-2018-1057} [stretch] - samba 2:4.5.12+dfsg-2+deb9u2 [10 Mar 2018] DSA-4134-1 util-linux - security update {CVE-2018-7738} [stretch] - util-linux 2.29.2-1+deb9u1 [07 Mar 2018] DSA-4133-1 isc-dhcp - security update {CVE-2017-3144 CVE-2018-5732 CVE-2018-5733} [jessie] - isc-dhcp 4.3.1-6+deb8u3 [stretch] - isc-dhcp 4.3.5-3+deb9u1 [04 Mar 2018] DSA-4132-1 libvpx - security update {CVE-2017-13194} [jessie] - libvpx 1.3.0-3+deb8u1 [stretch] - libvpx 1.6.1-3+deb9u1 [04 Mar 2018] DSA-4131-1 xen - security update {CVE-2018-7540 CVE-2018-7541 CVE-2018-7542} [stretch] - xen 4.8.3+comet2+shim4.10.0+comet3-1+deb9u5 [03 Mar 2018] DSA-4120-2 linux - regression update [stretch] - linux 4.9.82-1+deb9u3 [02 Mar 2018] DSA-4130-1 dovecot - security update {CVE-2017-14461 CVE-2017-15130 CVE-2017-15132} [jessie] - dovecot 1:2.2.13-12~deb8u4 [stretch] - dovecot 1:2.2.27-3+deb9u2 [02 Mar 2018] DSA-4129-1 freexl - security update {CVE-2018-7435 CVE-2018-7436 CVE-2018-7437 CVE-2018-7438 CVE-2018-7439} [jessie] - freexl 1.0.0g-1+deb8u5 [stretch] - freexl 1.0.2-2+deb9u2 [02 Mar 2018] DSA-4128-1 trafficserver - security update {CVE-2017-5660 CVE-2017-7671} [stretch] - trafficserver 7.0.0-6+deb9u1 [02 Mar 2018] DSA-4127-1 simplesamlphp - security update {CVE-2017-12867 CVE-2017-12869 CVE-2017-12873 CVE-2017-12874 CVE-2017-18121 CVE-2017-18122 CVE-2018-6519 CVE-2018-6521 CVE-2018-7644} [jessie] - simplesamlphp 1.13.1-2+deb8u1 [stretch] - simplesamlphp 1.14.11-1+deb9u1 [27 Feb 2018] DSA-4126-1 xmltooling - security update {CVE-2018-0489} [jessie] - xmltooling 1.5.3-2+deb8u3 [stretch] - xmltooling 1.6.0-4+deb9u1 [27 Feb 2018] DSA-4125-1 wavpack - security update {CVE-2018-6767 CVE-2018-7253 CVE-2018-7254} [stretch] - wavpack 5.0.0-2+deb9u1 [27 Feb 2018] DSA-4124-1 lucene-solr - security update {CVE-2017-3163 CVE-2017-12629} [jessie] - lucene-solr 3.6.2+dfsg-5+deb8u1 [stretch] - lucene-solr 3.6.2+dfsg-10+deb9u1 [24 Feb 2018] DSA-4123-1 drupal7 - security update {CVE-2017-6927 CVE-2017-6928 CVE-2017-6929 CVE-2017-6932} [jessie] - drupal7 7.32-1+deb8u10 [stretch] - drupal7 7.52-2+deb9u2 [23 Feb 2018] DSA-4122-1 squid3 - security update {CVE-2018-1000024 CVE-2018-1000027} [jessie] - squid3 3.4.8-6+deb8u5 [stretch] - squid3 3.5.23-5+deb9u1 [22 Feb 2018] DSA-4121-1 gcc-6 - update [stretch] - gcc-6 6.3.0-18+deb9u1 [22 Feb 2018] DSA-4120-1 linux - security update {CVE-2017-5754 CVE-2017-13166 CVE-2018-5750} [stretch] - linux 4.9.82-1+deb9u2 [19 Feb 2018] DSA-4119-1 libav - security update {CVE-2017-16803} [jessie] - libav 6:11.12-1~deb8u1 [17 Feb 2018] DSA-4118-1 tomcat-native - security update {CVE-2017-15698} [jessie] - tomcat-native 1.1.32~repack-2+deb8u1 [stretch] - tomcat-native 1.2.12-2+deb9u1 [17 Feb 2018] DSA-4117-1 gcc-4.9 - update [jessie] - gcc-4.9 4.9.2-10+deb8u1 [16 Feb 2018] DSA-4116-1 plasma-workspace - security update {CVE-2018-6791} [stretch] - plasma-workspace 4:5.8.6-2.1+deb9u1 [15 Feb 2018] DSA-4115-1 quagga - security update {CVE-2018-5379 CVE-2018-5380 CVE-2018-5381} [jessie] - quagga 0.99.23.1-1+deb8u5 [stretch] - quagga 1.1.1-3+deb9u2 [15 Feb 2018] DSA-4114-1 jackson-databind - security update {CVE-2017-17485 CVE-2018-5968} [jessie] - jackson-databind 2.4.2-2+deb8u3 [stretch] - jackson-databind 2.8.6-1+deb9u3 [14 Feb 2018] DSA-4113-1 libvorbis - security update {CVE-2017-11333 CVE-2017-14632 CVE-2017-14633} [stretch] - libvorbis 1.3.5-4+deb9u1 [14 Feb 2018] DSA-4112-1 xen - security update {CVE-2017-17563 CVE-2017-17564 CVE-2017-17565 CVE-2017-17566} [stretch] - xen 4.8.3+comet2+shim4.10.0+comet3-1+deb9u4.1 [12 Feb 2018] DSA-4111-2 libreoffice - security update {CVE-2018-6871} [jessie] - libreoffice 1:4.3.3-2+deb8u10 [11 Feb 2018] DSA-4111-1 libreoffice - security update {CVE-2018-6871} [stretch] - libreoffice 1:5.2.7-1+deb9u2 [10 Feb 2018] DSA-4110-1 exim4 - security update {CVE-2018-6789} [jessie] - exim4 4.84.2-2+deb8u5 [stretch] - exim4 4.89-2+deb9u3 [09 Feb 2018] DSA-4109-1 ruby-omniauth - security update {CVE-2017-18076} [jessie] - ruby-omniauth 1.2.1-1+deb8u1 [stretch] - ruby-omniauth 1.3.1-1+deb9u1 [09 Feb 2018] DSA-4108-1 mailman - security update {CVE-2018-5950} [jessie] - mailman 1:2.1.18-2+deb8u2 [stretch] - mailman 1:2.1.23-1+deb9u2 [09 Feb 2018] DSA-4105-2 mpv - regression update [stretch] - mpv 0.23.0-2+deb9u2 [07 Feb 2018] DSA-4107-1 django-anymail - security update {CVE-2018-6596} [stretch] - django-anymail 0.8-2+deb9u1 [07 Feb 2018] DSA-4106-1 libtasn1-6 - security update {CVE-2017-10790 CVE-2018-6003} [stretch] - libtasn1-6 4.10-1.1+deb9u1 [06 Feb 2018] DSA-4105-1 mpv - security update {CVE-2018-6360} [stretch] - mpv 0.23.0-2+deb9u1 [04 Feb 2018] DSA-4104-1 p7zip - security update {CVE-2017-17969} [jessie] - p7zip 9.20.1~dfsg.1-4.1+deb8u3 [stretch] - p7zip 16.02+dfsg-3+deb9u1 [31 Jan 2018] DSA-4103-1 chromium-browser - security update {CVE-2017-15420 CVE-2017-15429 CVE-2018-6031 CVE-2018-6032 CVE-2018-6033 CVE-2018-6034 CVE-2018-6035 CVE-2018-6036 CVE-2018-6037 CVE-2018-6038 CVE-2018-6039 CVE-2018-6040 CVE-2018-6041 CVE-2018-6042 CVE-2018-6043 CVE-2018-6045 CVE-2018-6046 CVE-2018-6047 CVE-2018-6048 CVE-2018-6049 CVE-2018-6050 CVE-2018-6051 CVE-2018-6052 CVE-2018-6053 CVE-2018-6054 CVE-2018-6119 CVE-2018-6055} [stretch] - chromium-browser 64.0.3282.119-1~deb9u1 [30 Jan 2018] DSA-4102-1 thunderbird - security update {CVE-2018-5089 CVE-2018-5095 CVE-2018-5096 CVE-2018-5097 CVE-2018-5098 CVE-2018-5099 CVE-2018-5102 CVE-2018-5103 CVE-2018-5104 CVE-2018-5117} [jessie] - thunderbird 1:52.6.0-1~deb8u1 [stretch] - thunderbird 1:52.6.0-1~deb9u1 [30 Jan 2018] DSA-4094-2 smarty3 - regression update [jessie] - smarty3 3.1.21-1+deb8u2 [28 Jan 2018] DSA-4101-1 wireshark - security update {CVE-2018-5334 CVE-2018-5335 CVE-2018-5336} [jessie] - wireshark 1.12.1+g01b65bf-4+deb8u13 [stretch] - wireshark 2.2.6+g32dac6a-2+deb9u2 [27 Jan 2018] DSA-4100-1 tiff - security update {CVE-2017-9935 CVE-2017-11335 CVE-2017-12944 CVE-2017-13726 CVE-2017-13727 CVE-2017-18013} [jessie] - tiff 4.0.3-12.3+deb8u5 [stretch] - tiff 4.0.8-2+deb9u2 [27 Jan 2018] DSA-4099-1 ffmpeg - security update {CVE-2017-17081} [stretch] - ffmpeg 7:3.2.10-1~deb9u1 [26 Jan 2018] DSA-4098-1 curl - security update {CVE-2018-1000007} [jessie] - curl 7.38.0-4+deb8u9 [stretch] - curl 7.52.1-5+deb9u4 [25 Jan 2018] DSA-4097-1 poppler - security update {CVE-2017-1000456} [jessie] - poppler 0.26.5-2+deb8u3 [stretch] - poppler 0.48.0-2+deb9u2 [25 Jan 2018] DSA-4096-1 firefox-esr - security update {CVE-2018-5089 CVE-2018-5091 CVE-2018-5095 CVE-2018-5096 CVE-2018-5097 CVE-2018-5098 CVE-2018-5099 CVE-2018-5102 CVE-2018-5103 CVE-2018-5104 CVE-2018-5117} [jessie] - firefox-esr 52.6.0esr-1~deb8u1 [stretch] - firefox-esr 52.6.0esr-1~deb9u1 [24 Jan 2018] DSA-4095-1 gcab - security update {CVE-2018-5345} [stretch] - gcab 0.7-2+deb9u1 [22 Jan 2018] DSA-4094-1 smarty3 - security update {CVE-2017-1000480} [jessie] - smarty3 3.1.21-1+deb8u1 [stretch] - smarty3 3.1.31+20161214.1.c7d42e4+selfpack1-2+deb9u1 [21 Jan 2018] DSA-4093-1 openocd - security update {CVE-2018-5704} [jessie] - openocd 0.8.0-4+deb7u1 [stretch] - openocd 0.9.0-1+deb8u1 [19 Jan 2018] DSA-4092-1 awstats - security update {CVE-2017-1000501} [jessie] - awstats 7.2+dfsg-1+deb8u1 [stretch] - awstats 7.6+dfsg-1+deb9u1 [18 Jan 2018] DSA-4091-1 mysql-5.5 - security update {CVE-2018-2562 CVE-2018-2622 CVE-2018-2640 CVE-2018-2665 CVE-2018-2668} [jessie] - mysql-5.5 5.5.59-0+deb8u1 [17 Jan 2018] DSA-4090-1 wordpress - security update {CVE-2017-16510 CVE-2017-17091 CVE-2017-17092 CVE-2017-17093 CVE-2017-17094} [jessie] - wordpress 4.1+dfsg-1+deb8u16 [stretch] - wordpress 4.7.5+dfsg-2+deb9u2 [16 Jan 2018] DSA-4089-1 bind9 - security update {CVE-2017-3145} [jessie] - bind9 1:9.9.5.dfsg-9+deb8u15 [stretch] - bind9 1:9.10.3.dfsg.P4-12.3+deb9u4 [15 Jan 2018] DSA-4088-1 gdk-pixbuf - security update {CVE-2017-1000422} [jessie] - gdk-pixbuf 2.31.1-2+deb8u7 [stretch] - gdk-pixbuf 2.36.5-2+deb9u2 [14 Jan 2018] DSA-4087-1 transmission - security update {CVE-2018-5702} [jessie] - transmission 2.84-0.2+deb8u1 [stretch] - transmission 2.92-2+deb9u1 [13 Jan 2018] DSA-4086-1 libxml2 - security update {CVE-2017-15412} [jessie] - libxml2 2.9.1+dfsg1-5+deb8u6 [stretch] - libxml2 2.9.4+dfsg1-2.2+deb9u2 [12 Jan 2018] DSA-4085-1 xmltooling - security update {CVE-2018-0486} [jessie] - xmltooling 1.5.3-2+deb8u2 [12 Jan 2018] DSA-4084-1 gifsicle - security update {CVE-2017-1000421} [jessie] - gifsicle 1.86-1+deb8u1 [stretch] - gifsicle 1.88-3+deb9u1 [11 Jan 2018] DSA-4083-1 poco - security update {CVE-2017-1000472} [jessie] - poco 1.3.6p1-5+deb8u1 [stretch] - poco 1.7.6+dfsg1-5+deb9u1 [09 Jan 2018] DSA-4082-1 linux - security update {CVE-2017-5754 CVE-2017-8824 CVE-2017-15868 CVE-2017-16538 CVE-2017-16939 CVE-2017-17448 CVE-2017-17449 CVE-2017-17450 CVE-2017-17558 CVE-2017-17741 CVE-2017-17805 CVE-2017-17806 CVE-2017-17807 CVE-2017-1000407 CVE-2017-1000410} [jessie] - linux 3.16.51-3+deb8u1 [08 Jan 2018] DSA-4081-1 php5 - security update {CVE-2017-11142 CVE-2017-11143 CVE-2017-11144 CVE-2017-11145 CVE-2017-11628 CVE-2017-12933 CVE-2017-16642 CVE-2018-5711 CVE-2018-5712} [jessie] - php5 5.6.33+dfsg-0+deb8u1 [08 Jan 2018] DSA-4080-1 php7.0 - security update {CVE-2017-11144 CVE-2017-11145 CVE-2017-11628 CVE-2017-12932 CVE-2017-12933 CVE-2017-12934 CVE-2017-16642 CVE-2018-5711 CVE-2018-5712} [stretch] - php7.0 7.0.27-0+deb9u1 [07 Jan 2018] DSA-4079-1 poppler - security update {CVE-2017-9406 CVE-2017-9408 CVE-2017-9775 CVE-2017-9776 CVE-2017-9865 CVE-2017-14517 CVE-2017-14518 CVE-2017-14519 CVE-2017-14520 CVE-2017-14975 CVE-2017-14976 CVE-2017-14977 CVE-2017-15565} [jessie] - poppler 0.26.5-2+deb8u2 [stretch] - poppler 0.48.0-2+deb9u1 [04 Jan 2018] DSA-4078-1 linux - security update {CVE-2017-5754} [stretch] - linux 4.9.65-3+deb9u2 [30 Dec 2017] DSA-4077-1 gimp - security update {CVE-2017-17784 CVE-2017-17785 CVE-2017-17786 CVE-2017-17787 CVE-2017-17788 CVE-2017-17789} [jessie] - gimp 2.8.14-1+deb8u2 [stretch] - gimp 2.8.18-1+deb9u1 [30 Dec 2017] DSA-4076-1 asterisk - security update {CVE-2017-17090} [jessie] - asterisk 1:11.13.1~dfsg-2+deb8u5 [stretch] - asterisk 1:13.14.1~dfsg-2+deb9u3 [29 Dec 2017] DSA-4075-1 thunderbird - security update {CVE-2017-7826 CVE-2017-7828 CVE-2017-7829 CVE-2017-7830 CVE-2017-7846 CVE-2017-7847 CVE-2017-7848} [jessie] - thunderbird 1:52.5.2-2~deb8u1 [stretch] - thunderbird 1:52.5.2-2~deb9u1 [28 Dec 2017] DSA-4074-1 imagemagick - security update {CVE-2017-12877 CVE-2017-16546 CVE-2017-17499 CVE-2017-17504 CVE-2017-17879} [stretch] - imagemagick 8:6.9.7.4+dfsg-11+deb9u4 [23 Dec 2017] DSA-4073-1 linux - security update {CVE-2017-8824 CVE-2017-16538 CVE-2017-16644 CVE-2017-16995 CVE-2017-17448 CVE-2017-17449 CVE-2017-17450 CVE-2017-17558 CVE-2017-17712 CVE-2017-17741 CVE-2017-17805 CVE-2017-17806 CVE-2017-17807 CVE-2017-17862 CVE-2017-17863 CVE-2017-17864 CVE-2017-1000407 CVE-2017-1000410} [stretch] - linux 4.9.65-3+deb9u1 [21 Dec 2017] DSA-4072-1 bouncycastle - security update {CVE-2017-13098} [stretch] - bouncycastle 1.56-1+deb9u1 [21 Dec 2017] DSA-4071-1 sensible-utils - security update {CVE-2017-17512} [jessie] - sensible-utils 0.0.9+deb8u1 [stretch] - sensible-utils 0.0.9+deb9u1 [21 Dec 2017] DSA-4070-1 enigmail - security update {CVE-2017-17843 CVE-2017-17844 CVE-2017-17845 CVE-2017-17846 CVE-2017-17847 CVE-2017-17848} [jessie] - enigmail 2:1.9.9-1~deb8u1 [stretch] - enigmail 2:1.9.9-1~deb9u1 [20 Dec 2017] DSA-4069-1 otrs2 - security update {CVE-2017-17476} [jessie] - otrs2 3.3.18-1+deb8u4 [stretch] - otrs2 5.0.16-1+deb9u5 [17 Dec 2017] DSA-4068-1 rsync - security update {CVE-2017-16548 CVE-2017-17433 CVE-2017-17434} [jessie] - rsync 3.1.1-3+deb8u1 [stretch] - rsync 3.1.2-1+deb9u1 [17 Dec 2017] DSA-4067-1 openafs - security update {CVE-2017-17432} [stretch] - openafs 1.6.20-2+deb9u1 [jessie] - openafs 1.6.9-2+deb8u6 [17 Dec 2017] DSA-4066-1 otrs2 - security update {CVE-2017-16854 CVE-2017-16921} [jessie] - otrs2 3.3.18-1+deb8u3 [stretch] - otrs2 5.0.16-1+deb9u4 [17 Dec 2017] DSA-4065-1 openssl1.0 - security update {CVE-2017-3737 CVE-2017-3738} [stretch] - openssl1.0 1.0.2l-2+deb9u2 [12 Dec 2017] DSA-4064-1 chromium-browser - security update {CVE-2017-15407 CVE-2017-15408 CVE-2017-15409 CVE-2017-15410 CVE-2017-15411 CVE-2017-15413 CVE-2017-15415 CVE-2017-15416 CVE-2017-15417 CVE-2017-15418 CVE-2017-15419 CVE-2017-15420 CVE-2017-15423 CVE-2017-15424 CVE-2017-15425 CVE-2017-15426 CVE-2017-15427 CVE-2017-15428} [stretch] - chromium-browser 63.0.3239.84-1~deb9u1 [11 Dec 2017] DSA-4063-1 pdns-recursor - security update {CVE-2017-15120} [stretch] - pdns-recursor 4.0.4-1+deb9u3 [10 Dec 2017] DSA-4062-1 firefox-esr - security update {CVE-2017-7843} [jessie] - firefox-esr 52.5.2esr-1~deb8u1 [stretch] - firefox-esr 52.5.2esr-1~deb9u1 [10 Dec 2017] DSA-4061-1 thunderbird - security update {CVE-2017-7826 CVE-2017-7828 CVE-2017-7830} [jessie] - thunderbird 1:52.5.0-1~deb8u1 [stretch] - thunderbird 1:52.5.0-1~deb9u1 [09 Dec 2017] DSA-4060-1 wireshark - security update {CVE-2017-11408 CVE-2017-17083 CVE-2017-17084 CVE-2017-17085} [jessie] - wireshark 1.12.1+g01b65bf-4+deb8u12 [stretch] - wireshark 2.2.6+g32dac6a-2+deb9u1 [08 Dec 2017] DSA-4059-1 libxcursor - security update {CVE-2017-16612} [jessie] - libxcursor 1:1.1.14-1+deb8u1 [stretch] - libxcursor 1:1.1.14-1+deb9u1 [08 Dec 2017] DSA-4058-1 optipng - security update {CVE-2017-16938 CVE-2017-1000229} [jessie] - optipng 0.7.5-1+deb8u2 [stretch] - optipng 0.7.6-1+deb9u1 [08 Dec 2017] DSA-4057-1 erlang - security update {CVE-2017-1000385} [jessie] - erlang 1:17.3-dfsg-4+deb8u2 [stretch] - erlang 1:19.2.1+dfsg-2+deb9u1 [07 Dec 2017] DSA-4056-1 nova - security update {CVE-2017-16239} [stretch] - nova 2:14.0.0-4+deb9u1 [07 Dec 2017] DSA-4055-1 heimdal - security update {CVE-2017-17439} [stretch] - heimdal 7.1.0+dfsg-13+deb9u2 [03 Dec 2017] DSA-4054-1 tor - security update {CVE-2017-8819 CVE-2017-8820 CVE-2017-8821 CVE-2017-8822 CVE-2017-8823} [jessie] - tor 0.2.5.16-1 [stretch] - tor 0.2.9.14-1 [30 Nov 2017] DSA-4053-1 exim4 - security update {CVE-2017-16943 CVE-2017-16944} [stretch] - exim4 4.89-2+deb9u2 [29 Nov 2017] DSA-4052-1 bzr - security update {CVE-2017-14176} [jessie] - bzr 2.6.0+bzr6595-6+deb8u1 [stretch] - bzr 2.7.0+bzr6619-7+deb9u1 [29 Nov 2017] DSA-4051-1 curl - security update {CVE-2017-8816 CVE-2017-8817} [jessie] - curl 7.38.0-4+deb8u8 [stretch] - curl 7.52.1-5+deb9u3 [28 Nov 2017] DSA-4050-1 xen - security update {CVE-2017-14316 CVE-2017-14317 CVE-2017-14318 CVE-2017-14319 CVE-2017-15588 CVE-2017-15589 CVE-2017-15590 CVE-2017-15591 CVE-2017-15592 CVE-2017-15593 CVE-2017-15594 CVE-2017-15595 CVE-2017-15597 CVE-2017-17044 CVE-2017-17045 CVE-2017-17046} [stretch] - xen 4.8.2+xsa245-0+deb9u1 [27 Nov 2017] DSA-4049-1 ffmpeg - security update {CVE-2017-15186 CVE-2017-15672 CVE-2017-16840} [stretch] - ffmpeg 7:3.2.9-1~deb9u1 [23 Nov 2017] DSA-4048-1 openjdk-7 - security update {CVE-2017-10274 CVE-2017-10281 CVE-2017-10285 CVE-2017-10295 CVE-2017-10345 CVE-2017-10346 CVE-2017-10347 CVE-2017-10348 CVE-2017-10349 CVE-2017-10350 CVE-2017-10355 CVE-2017-10356 CVE-2017-10357 CVE-2017-10388} [jessie] - openjdk-7 7u151-2.6.11-2~deb8u1 [23 Nov 2017] DSA-4047-1 otrs2 - security update {CVE-2017-16664} [jessie] - otrs2 3.3.18-1+deb8u2 [stretch] - otrs2 5.0.16-1+deb9u3 [22 Nov 2017] DSA-4046-1 libspring-ldap-java - security update {CVE-2017-8028} [jessie] - libspring-ldap-java 1.3.1.RELEASE-5+deb8u1 [21 Nov 2017] DSA-4045-1 vlc - security update {CVE-2017-9300 CVE-2017-10699} [jessie] - vlc 2.2.7-1~deb8u1 [stretch] - vlc 2.2.7-1~deb9u1 [21 Nov 2017] DSA-4044-1 swauth - security update {CVE-2017-16613} [stretch] - swauth 1.2.0-2+deb9u1 [21 Nov 2017] DSA-4043-1 samba - security update {CVE-2017-14746 CVE-2017-15275} [jessie] - samba 2:4.2.14+dfsg-0+deb8u9 [stretch] - samba 2:4.5.12+dfsg-2+deb9u1 [19 Nov 2017] DSA-4042-1 libxml-libxml-perl - security update {CVE-2017-10672} [jessie] - libxml-libxml-perl 2.0116+dfsg-1+deb8u2 [stretch] - libxml-libxml-perl 2.0128+dfsg-1+deb9u1 [19 Nov 2017] DSA-4041-1 procmail - security update {CVE-2017-16844} [jessie] - procmail 3.22-24+deb8u1 [stretch] - procmail 3.22-25+deb9u1 [17 Nov 2017] DSA-4040-1 imagemagick - security update {CVE-2017-11352 CVE-2017-11640 CVE-2017-12431 CVE-2017-12640 CVE-2017-12877 CVE-2017-12983 CVE-2017-13134 CVE-2017-13139 CVE-2017-13144 CVE-2017-13758 CVE-2017-13769 CVE-2017-14224 CVE-2017-14607 CVE-2017-14682 CVE-2017-14989 CVE-2017-15277 CVE-2017-16546} [jessie] - imagemagick 8:6.8.9.9-5+deb8u11 [16 Nov 2017] DSA-4039-1 opensaml2 - security update {CVE-2017-16853} [jessie] - opensaml2 2.5.3-2+deb8u2 [stretch] - opensaml2 2.6.0-4+deb9u1 [16 Nov 2017] DSA-4038-1 shibboleth-sp2 - security update {CVE-2017-16852} [jessie] - shibboleth-sp2 2.5.3+dfsg-2+deb8u1 [stretch] - shibboleth-sp2 2.6.0+dfsg1-4+deb9u1 [16 Nov 2017] DSA-4037-1 jackson-databind - security update {CVE-2017-15095} [jessie] - jackson-databind 2.4.2-2+deb8u2 [stretch] - jackson-databind 2.8.6-1+deb9u2 [15 Nov 2017] DSA-4036-1 mediawiki - security update {CVE-2017-8808 CVE-2017-8809 CVE-2017-8810 CVE-2017-8811 CVE-2017-8812 CVE-2017-8814 CVE-2017-8815} [stretch] - mediawiki 1:1.27.4-1~deb9u1 [15 Nov 2017] DSA-4035-1 firefox-esr - security update {CVE-2017-7826 CVE-2017-7828 CVE-2017-7830} [jessie] - firefox-esr 52.5.0esr-1~deb8u1 [stretch] - firefox-esr 52.5.0esr-1~deb9u1 [15 Nov 2017] DSA-4034-1 varnish - security update {CVE-2017-8807} [stretch] - varnish 5.0.0-7+deb9u2 [13 Nov 2017] DSA-4033-1 konversation - security update {CVE-2017-15923} [jessie] - konversation 1.5-2+deb8u1 [stretch] - konversation 1.6.2-2+deb9u1 [12 Nov 2017] DSA-4032-1 imagemagick - security update {CVE-2017-12983 CVE-2017-13134 CVE-2017-13758 CVE-2017-13769 CVE-2017-14224 CVE-2017-14607 CVE-2017-14682 CVE-2017-14989 CVE-2017-15277} [stretch] - imagemagick 8:6.9.7.4+dfsg-11+deb9u3 [11 Nov 2017] DSA-4031-1 ruby2.3 - security update {CVE-2017-0898 CVE-2017-0903 CVE-2017-10784 CVE-2017-14033} [stretch] - ruby2.3 2.3.3-1+deb9u2 [10 Nov 2017] DSA-4006-2 mupdf - security update {CVE-2017-15587} [jessie] - mupdf 1.5-1+deb8u3 [stretch] - mupdf 1.9a+ds1-4+deb9u2 [09 Nov 2017] DSA-4030-1 roundcube - security update {CVE-2017-16651} [stretch] - roundcube 1.2.3+dfsg.1-4+deb9u1 [09 Nov 2017] DSA-4029-1 postgresql-common - security update {CVE-2017-8806} [jessie] - postgresql-common 165+deb8u3 [stretch] - postgresql-common 181+deb9u1 [09 Nov 2017] DSA-4028-1 postgresql-9.6 - security update {CVE-2017-15098 CVE-2017-15099} [stretch] - postgresql-9.6 9.6.6-0+deb9u1 [09 Nov 2017] DSA-4027-1 postgresql-9.4 - security update {CVE-2017-15098} [jessie] - postgresql-9.4 9.4.15-0+deb8u1 [09 Nov 2017] DSA-4026-1 bchunk - security update {CVE-2017-15953 CVE-2017-15954 CVE-2017-15955} [jessie] - bchunk 1.2.0-12+deb8u1 [stretch] - bchunk 1.2.0-12+deb9u1 [08 Nov 2017] DSA-4025-1 libpam4j - security update {CVE-2017-12197} [jessie] - libpam4j 1.4-2+deb8u1 [stretch] - libpam4j 1.4-2+deb9u1 [08 Nov 2017] DSA-4024-1 chromium-browser - security update {CVE-2017-15398 CVE-2017-15399} [stretch] - chromium-browser 62.0.3202.89-1~deb9u1 [07 Nov 2017] DSA-4023-1 slurm-llnl - security update {CVE-2017-15566} [stretch] - slurm-llnl 16.05.9-1+deb9u1 [07 Nov 2017] DSA-4022-1 libreoffice - security update {CVE-2017-12607 CVE-2017-12608} [jessie] - libreoffice 1:4.3.3-2+deb8u9 [07 Nov 2017] DSA-4021-1 otrs2 - security update {CVE-2017-14635} [jessie] - otrs2 3.3.18-1+deb8u1 [stretch] - otrs2 5.0.16-1+deb9u2 [05 Nov 2017] DSA-4020-1 chromium-browser - security update {CVE-2017-5124 CVE-2017-5125 CVE-2017-5126 CVE-2017-5127 CVE-2017-5128 CVE-2017-5129 CVE-2017-5131 CVE-2017-5132 CVE-2017-5133 CVE-2017-15386 CVE-2017-15387 CVE-2017-15388 CVE-2017-15389 CVE-2017-15390 CVE-2017-15391 CVE-2017-15392 CVE-2017-15393 CVE-2017-15394 CVE-2017-15395 CVE-2017-15396 CVE-2017-15406} [stretch] - chromium-browser 62.0.3202.75-1~deb9u1 [05 Nov 2017] DSA-4019-1 imagemagick - security update {CVE-2017-9500 CVE-2017-11446 CVE-2017-11523 CVE-2017-11533 CVE-2017-11535 CVE-2017-11537 CVE-2017-11639 CVE-2017-11640 CVE-2017-12428 CVE-2017-12431 CVE-2017-12432 CVE-2017-12434 CVE-2017-12587 CVE-2017-12640 CVE-2017-12671 CVE-2017-13139 CVE-2017-13140 CVE-2017-13141 CVE-2017-13142 CVE-2017-13143 CVE-2017-13144 CVE-2017-13145} [stretch] - imagemagick 8:6.9.7.4+dfsg-11+deb9u2 [04 Nov 2017] DSA-4018-1 openssl - security update {CVE-2017-3735} [jessie] - openssl 1.0.1t-1+deb8u7 [stretch] - openssl 1.1.0f-3+deb9u1 [03 Nov 2017] DSA-4017-1 openssl1.0 - security update {CVE-2017-3735 CVE-2017-3736} [stretch] - openssl1.0 1.0.2l-2+deb9u1 [03 Nov 2017] DSA-4016-1 irssi - security update {CVE-2017-15227 CVE-2017-15228 CVE-2017-15721 CVE-2017-15722 CVE-2017-15723} [jessie] - irssi 0.8.17-1+deb8u5 [stretch] - irssi 1.0.2-1+deb9u3 [02 Nov 2017] DSA-4015-1 openjdk-8 - security update {CVE-2017-10274 CVE-2017-10281 CVE-2017-10285 CVE-2017-10295 CVE-2017-10345 CVE-2017-10346 CVE-2017-10347 CVE-2017-10348 CVE-2017-10349 CVE-2017-10350 CVE-2017-10355 CVE-2017-10356 CVE-2017-10357 CVE-2017-10388} [stretch] - openjdk-8 8u151-b12-1~deb9u1 [01 Nov 2017] DSA-4014-1 thunderbird - security update {CVE-2017-7793 CVE-2017-7805 CVE-2017-7810 CVE-2017-7814 CVE-2017-7818 CVE-2017-7819 CVE-2017-7823 CVE-2017-7824} [jessie] - thunderbird 1:52.4.0-1~deb8u1 [stretch] - thunderbird 1:52.4.0-1~deb9u1 [31 Oct 2017] DSA-4013-1 openjpeg2 - security update {CVE-2016-1626 CVE-2016-1628 CVE-2016-5152 CVE-2016-9118 CVE-2017-14039 CVE-2017-14040 CVE-2017-14041 CVE-2017-14152} [jessie] - openjpeg2 2.1.0-2+deb8u3 [stretch] - openjpeg2 2.1.2-1.1+deb9u2 [31 Oct 2017] DSA-4012-1 libav - security update {CVE-2015-8365 CVE-2017-7208 CVE-2017-7862 CVE-2017-9992} [jessie] - libav 6:11.11-1~deb8u1 [30 Oct 2017] DSA-4011-1 quagga - security update {CVE-2017-16227} [jessie] - quagga 0.99.23.1-1+deb8u4 [stretch] - quagga 1.1.1-3+deb9u1 [30 Oct 2017] DSA-4010-1 git-annex - security update {CVE-2017-12976} [jessie] - git-annex 5.20141125+deb8u1 [stretch] - git-annex 6.20170101-1+deb9u1 [29 Oct 2017] DSA-4009-1 shadowsocks-libev - security update {CVE-2017-15924} [stretch] - shadowsocks-libev 2.6.3+ds-3+deb9u1 [28 Oct 2017] DSA-4008-1 wget - security update {CVE-2017-13089 CVE-2017-13090} [jessie] - wget 1.16-1+deb8u4 [stretch] - wget 1.18-5+deb9u1 [27 Oct 2017] DSA-4007-1 curl - security update {CVE-2017-1000257} [jessie] - curl 7.38.0-4+deb8u7 [stretch] - curl 7.52.1-5+deb9u2 [24 Oct 2017] DSA-4006-1 mupdf - security update {CVE-2017-14685 CVE-2017-14686 CVE-2017-14687 CVE-2017-15587} [stretch] - mupdf 1.9a+ds1-4+deb9u1 [20 Oct 2017] DSA-4005-1 openjfx - security update {CVE-2017-10086 CVE-2017-10114} [stretch] - openjfx 8u141-b14-3~deb9u1 [20 Oct 2017] DSA-4004-1 jackson-databind - security update {CVE-2017-7525} [jessie] - jackson-databind 2.4.2-2+deb8u1 [stretch] - jackson-databind 2.8.6-1+deb9u1 [19 Oct 2017] DSA-4003-1 libvirt - security update {CVE-2017-1000256} [stretch] - libvirt 3.0.0-4+deb9u1 [19 Oct 2017] DSA-4002-1 mysql-5.5 - security update {CVE-2017-10268 CVE-2017-10378 CVE-2017-10379 CVE-2017-10384} [jessie] - mysql-5.5 5.5.58-0+deb8u1 [19 Oct 2017] DSA-4001-1 yadifa - security update {CVE-2017-14339} [stretch] - yadifa 2.2.3-1+deb9u1 [17 Oct 2017] DSA-4000-1 xorg-server - security update {CVE-2017-12176 CVE-2017-12177 CVE-2017-12178 CVE-2017-12179 CVE-2017-12180 CVE-2017-12181 CVE-2017-12182 CVE-2017-12183 CVE-2017-12184 CVE-2017-12185 CVE-2017-12186 CVE-2017-12187 CVE-2017-13721 CVE-2017-13723} [jessie] - xorg-server 2:1.16.4-1+deb8u2 [stretch] - xorg-server 2:1.19.2-1+deb9u2 [16 Oct 2017] DSA-3999-1 wpa - security update {CVE-2017-13077 CVE-2017-13078 CVE-2017-13079 CVE-2017-13080 CVE-2017-13081 CVE-2017-13082 CVE-2017-13086 CVE-2017-13087 CVE-2017-13088} [jessie] - wpa 2.3-1+deb8u5 [stretch] - wpa 2:2.4-1+deb9u1 [11 Oct 2017] DSA-3998-1 nss - security update {CVE-2017-7805} [jessie] - nss 2:3.26-1+debu8u3 [stretch] - nss 2:3.26.2-1.1+deb9u1 [10 Oct 2017] DSA-3997-1 wordpress - security update {CVE-2017-14718 CVE-2017-14719 CVE-2017-14720 CVE-2017-14721 CVE-2017-14722 CVE-2017-14723 CVE-2017-14725 CVE-2017-14726 CVE-2017-14990} [jessie] - wordpress 4.1+dfsg-1+deb8u15 [stretch] - wordpress 4.7.5+dfsg-2+deb9u1 [10 Oct 2017] DSA-3996-1 ffmpeg - security update {CVE-2017-14054 CVE-2017-14055 CVE-2017-14056 CVE-2017-14057 CVE-2017-14058 CVE-2017-14059 CVE-2017-14169 CVE-2017-14170 CVE-2017-14171 CVE-2017-14222 CVE-2017-14223 CVE-2017-14225 CVE-2017-14767} [stretch] - ffmpeg 7:3.2.8-1~deb9u1 [10 Oct 2017] DSA-3995-1 libxfont - security update {CVE-2017-13720 CVE-2017-13722} [jessie] - libxfont 1:1.5.1-1+deb8u1 [stretch] - libxfont 1:2.0.1-3+deb9u1 [07 Oct 2017] DSA-3994-1 nautilus - security update {CVE-2017-14604} [stretch] - nautilus 3.22.3-1+deb9u1 [06 Oct 2017] DSA-3993-1 tor - security update {CVE-2017-0380} [stretch] - tor 0.2.9.12-1 [06 Oct 2017] DSA-3992-1 curl - security update {CVE-2017-1000100 CVE-2017-1000101 CVE-2017-1000254} [jessie] - curl 7.38.0-4+deb8u6 [stretch] - curl 7.52.1-5+deb9u1 [03 Oct 2017] DSA-3991-1 qemu - security update {CVE-2017-9375 CVE-2017-12809 CVE-2017-13672 CVE-2017-13711 CVE-2017-14167} [stretch] - qemu 1:2.8+dfsg-6+deb9u3 [03 Oct 2017] DSA-3990-1 asterisk - security update {CVE-2017-14603} [jessie] - asterisk 1:11.13.1~dfsg-2+deb8u4 [stretch] - asterisk 1:13.14.1~dfsg-2+deb9u2 [02 Oct 2017] DSA-3989-1 dnsmasq - security update {CVE-2017-14491 CVE-2017-14492 CVE-2017-14493 CVE-2017-14494} [jessie] - dnsmasq 2.72-3+deb8u2 [stretch] - dnsmasq 2.76-5+deb9u1 [30 Sep 2017] DSA-3988-1 libidn2-0 - security update {CVE-2017-14062} [jessie] - libidn2-0 0.10-2+deb8u1 [stretch] - libidn2-0 0.16-1+deb9u1 [29 Sep 2017] DSA-3987-1 firefox-esr - security update {CVE-2017-7793 CVE-2017-7805 CVE-2017-7810 CVE-2017-7814 CVE-2017-7818 CVE-2017-7819 CVE-2017-7823 CVE-2017-7824} [jessie] - firefox-esr 52.4.0esr-1~deb8u1 [stretch] - firefox-esr 52.4.0esr-1~deb9u1 [29 Sep 2017] DSA-3986-1 ghostscript - security update {CVE-2017-9611 CVE-2017-9612 CVE-2017-9726 CVE-2017-9727 CVE-2017-9739 CVE-2017-9835 CVE-2017-11714} [jessie] - ghostscript 9.06~dfsg-2+deb8u6 [stretch] - ghostscript 9.20~dfsg-3.2+deb9u1 [28 Sep 2017] DSA-3985-1 chromium-browser - security update {CVE-2017-5111 CVE-2017-5112 CVE-2017-5113 CVE-2017-5114 CVE-2017-5115 CVE-2017-5116 CVE-2017-5117 CVE-2017-5118 CVE-2017-5119 CVE-2017-5120 CVE-2017-5121 CVE-2017-5122} [stretch] - chromium-browser 61.0.3163.100-1~deb9u1 [26 Sep 2017] DSA-3984-1 git - security update {CVE-2017-14867} [jessie] - git 1:2.1.4-2.1+deb8u5 [stretch] - git 1:2.11.0-3+deb9u2 [22 Sep 2017] DSA-3983-1 samba - security update {CVE-2017-12150 CVE-2017-12151 CVE-2017-12163} [jessie] - samba 2:4.2.14+dfsg-0+deb8u8 [stretch] - samba 2:4.5.8+dfsg-2+deb9u2 [21 Sep 2017] DSA-3982-1 perl - security update {CVE-2017-12837 CVE-2017-12883} [jessie] - perl 5.20.2-3+deb8u9 [stretch] - perl 5.24.1-3+deb9u2 [20 Sep 2017] DSA-3981-1 linux - security update {CVE-2017-7518 CVE-2017-11600 CVE-2017-12134 CVE-2017-12153 CVE-2017-12154 CVE-2017-14106 CVE-2017-14140 CVE-2017-14156 CVE-2017-14340 CVE-2017-14489 CVE-2017-1000111 CVE-2017-1000112 CVE-2017-1000251 CVE-2017-1000370 CVE-2017-1000371 CVE-2017-1000380} [jessie] - linux 3.16.43-2+deb8u5 [stretch] - linux 4.9.30-2+deb9u5 [20 Sep 2017] DSA-3980-1 apache2 - security update {CVE-2017-9798} [jessie] - apache2 2.4.10-10+deb8u11 [stretch] - apache2 2.4.25-3+deb9u3 [19 Sep 2017] DSA-3979-1 pyjwt - security update {CVE-2017-11424} [jessie] - pyjwt 0.2.1-1+deb8u2 [stretch] - pyjwt 1.4.2-1+deb9u1 [18 Sep 2017] DSA-3978-1 gdk-pixbuf - security update {CVE-2017-2862} [jessie] - gdk-pixbuf 2.31.1-2+deb8u6 [stretch] - gdk-pixbuf 2.36.5-2+deb9u1 [18 Sep 2017] DSA-3977-1 newsbeuter - security update {CVE-2017-14500} [jessie] - newsbeuter 2.8-2+deb8u2 [stretch] - newsbeuter 2.9-5+deb9u2 [17 Sep 2017] DSA-3976-1 freexl - security update {CVE-2017-2923 CVE-2017-2924} [jessie] - freexl 1.0.0g-1+deb8u4 [stretch] - freexl 1.0.2-2+deb9u1 [15 Sep 2017] DSA-3975-1 emacs25 - security update {CVE-2017-14482} [stretch] - emacs25 25.1+1-4+deb9u1 [15 Sep 2017] DSA-3974-1 tomcat8 - security update {CVE-2017-7674} [jessie] - tomcat8 8.0.14-1+deb8u11 [stretch] - tomcat8 8.5.14-1+deb9u2 [14 Sep 2017] DSA-3973-1 wordpress-shibboleth - security update {CVE-2017-14313} [jessie] - wordpress-shibboleth 1.4-2+deb8u1 [stretch] - wordpress-shibboleth 1.4-2+deb9u1 [13 Sep 2017] DSA-3972-1 bluez - security update {CVE-2017-1000250} [jessie] - bluez 5.23-2+deb8u1 [stretch] - bluez 5.43-2+deb9u1 [13 Sep 2017] DSA-3971-1 tcpdump - security update {CVE-2017-11108 CVE-2017-11541 CVE-2017-11542 CVE-2017-11543 CVE-2017-12893 CVE-2017-12894 CVE-2017-12895 CVE-2017-12896 CVE-2017-12897 CVE-2017-12898 CVE-2017-12899 CVE-2017-12900 CVE-2017-12901 CVE-2017-12902 CVE-2017-12985 CVE-2017-12986 CVE-2017-12987 CVE-2017-12988 CVE-2017-12989 CVE-2017-12990 CVE-2017-12991 CVE-2017-12992 CVE-2017-12993 CVE-2017-12994 CVE-2017-12995 CVE-2017-12996 CVE-2017-12997 CVE-2017-12998 CVE-2017-12999 CVE-2017-13000 CVE-2017-13001 CVE-2017-13002 CVE-2017-13003 CVE-2017-13004 CVE-2017-13005 CVE-2017-13006 CVE-2017-13007 CVE-2017-13008 CVE-2017-13009 CVE-2017-13010 CVE-2017-13011 CVE-2017-13012 CVE-2017-13013 CVE-2017-13014 CVE-2017-13015 CVE-2017-13016 CVE-2017-13017 CVE-2017-13018 CVE-2017-13019 CVE-2017-13020 CVE-2017-13021 CVE-2017-13022 CVE-2017-13023 CVE-2017-13024 CVE-2017-13025 CVE-2017-13026 CVE-2017-13027 CVE-2017-13028 CVE-2017-13029 CVE-2017-13030 CVE-2017-13031 CVE-2017-13032 CVE-2017-13033 CVE-2017-13034 CVE-2017-13035 CVE-2017-13036 CVE-2017-13037 CVE-2017-13038 CVE-2017-13039 CVE-2017-13040 CVE-2017-13041 CVE-2017-13042 CVE-2017-13043 CVE-2017-13044 CVE-2017-13045 CVE-2017-13046 CVE-2017-13047 CVE-2017-13048 CVE-2017-13049 CVE-2017-13050 CVE-2017-13051 CVE-2017-13052 CVE-2017-13053 CVE-2017-13054 CVE-2017-13055 CVE-2017-13687 CVE-2017-13688 CVE-2017-13689 CVE-2017-13690 CVE-2017-13725} [jessie] - tcpdump 4.9.2-1~deb8u1 [stretch] - tcpdump 4.9.2-1~deb9u1 [12 Sep 2017] DSA-3970-1 emacs24 - security update {CVE-2017-14482} [jessie] - emacs24 24.4+1-5+deb8u1 [stretch] - emacs24 24.5+1-11+deb9u1 [12 Sep 2017] DSA-3969-1 xen - security update {CVE-2017-10912 CVE-2017-10913 CVE-2017-10914 CVE-2017-10915 CVE-2017-10917 CVE-2017-10918 CVE-2017-10920 CVE-2017-10921 CVE-2017-10922 CVE-2017-12135 CVE-2017-12137 CVE-2017-12855 CVE-2017-15596} [jessie] - xen 4.4.1-9+deb8u10 [stretch] - xen 4.8.1-1+deb9u3 [11 Sep 2017] DSA-3968-1 icedove - security update {CVE-2017-7753 CVE-2017-7779 CVE-2017-7784 CVE-2017-7785 CVE-2017-7786 CVE-2017-7787 CVE-2017-7791 CVE-2017-7792 CVE-2017-7800 CVE-2017-7801 CVE-2017-7802 CVE-2017-7803 CVE-2017-7807 CVE-2017-7809} [jessie] - icedove 1:52.3.0-4~deb8u2 [stretch] - icedove 1:52.3.0-4~deb9u1 [08 Sep 2017] DSA-3967-1 mbedtls - security update {CVE-2017-14032} [stretch] - mbedtls 2.4.2-1+deb9u1 [05 Sep 2017] DSA-3966-1 ruby2.3 - security update {CVE-2015-9096 CVE-2016-7798 CVE-2017-0899 CVE-2017-0900 CVE-2017-0901 CVE-2017-0902 CVE-2017-14064} [stretch] - ruby2.3 2.3.3-1+deb9u1 [05 Sep 2017] DSA-3965-1 file - security update {CVE-2017-1000249} [stretch] - file 1:5.30-1+deb9u1 [04 Sep 2017] DSA-3964-1 asterisk - security update {CVE-2017-14099 CVE-2017-14100} [jessie] - asterisk 1:11.13.1~dfsg-2+deb8u3 [stretch] - asterisk 1:13.14.1~dfsg-2+deb9u1 [04 Sep 2017] DSA-3963-1 mercurial - security update {CVE-2017-1000115 CVE-2017-1000116} [jessie] - mercurial 3.1.2-2+deb8u4 [stretch] - mercurial 4.0-1+deb9u1 [03 Sep 2017] DSA-3962-1 strongswan - security update {CVE-2017-11185} [jessie] - strongswan 5.2.1-6+deb8u5 [stretch] - strongswan 5.5.1-4+deb9u1 [03 Sep 2017] DSA-3961-1 libgd2 - security update {CVE-2017-6362} [jessie] - libgd2 2.1.0-5+deb8u11 [stretch] - libgd2 2.2.4-2+deb9u2 [01 Sep 2017] DSA-3960-1 gnupg - security update {CVE-2017-7526} [jessie] - gnupg 1.4.18-7+deb8u4 [29 Aug 2017] DSA-3959-1 libgcrypt20 - security update {CVE-2017-0379} [stretch] - libgcrypt20 1.7.6-2+deb9u2 [29 Aug 2017] DSA-3958-1 fontforge - security update {CVE-2017-11568 CVE-2017-11569 CVE-2017-11571 CVE-2017-11572 CVE-2017-11574 CVE-2017-11575 CVE-2017-11576 CVE-2017-11577} [jessie] - fontforge 20120731.b-5+deb8u1 [stretch] - fontforge 1:20161005~dfsg-4+deb9u1 [28 Aug 2017] DSA-3957-1 ffmpeg - security update {CVE-2017-9608 CVE-2017-9993 CVE-2017-11399 CVE-2017-11665 CVE-2017-11719} [stretch] - ffmpeg 7:3.2.7-1~deb9u1 [27 Aug 2017] DSA-3956-1 connman - security update {CVE-2017-12865} [jessie] - connman 1.21-1.2+deb8u1 [stretch] - connman 1.33-3+deb9u1 [26 Aug 2017] DSA-3955-1 mariadb-10.1 - security update {CVE-2017-3636 CVE-2017-3641 CVE-2017-3653} [stretch] - mariadb-10.1 10.1.26-0+deb9u1 [25 Aug 2017] DSA-3954-1 openjdk-7 - security update {CVE-2017-10053 CVE-2017-10067 CVE-2017-10074 CVE-2017-10081 CVE-2017-10087 CVE-2017-10089 CVE-2017-10090 CVE-2017-10096 CVE-2017-10101 CVE-2017-10102 CVE-2017-10107 CVE-2017-10108 CVE-2017-10109 CVE-2017-10110 CVE-2017-10115 CVE-2017-10116 CVE-2017-10118 CVE-2017-10135 CVE-2017-10176 CVE-2017-10193 CVE-2017-10198 CVE-2017-10243} [jessie] - openjdk-7 7u151-2.6.11-1~deb8u1 [23 Aug 2017] DSA-3953-1 aodh - security update {CVE-2017-12440} [stretch] - aodh 3.0.0-4+deb9u1 [23 Aug 2017] DSA-3952-1 libxml2 - security update {CVE-2017-0663 CVE-2017-7375 CVE-2017-7376 CVE-2017-9047 CVE-2017-9048 CVE-2017-9049 CVE-2017-9050} [jessie] - libxml2 2.9.1+dfsg1-5+deb8u5 [stretch] - libxml2 2.9.4+dfsg1-2.2+deb9u1 [22 Aug 2017] DSA-3951-1 smb4k - security update {CVE-2017-8849} [jessie] - smb4k 1.2.1-2~deb8u1 [21 Aug 2017] DSA-3950-1 libraw - security update {CVE-2017-6886 CVE-2017-6887} [jessie] - libraw 0.16.0-9+deb8u3 [stretch] - libraw 0.17.2-6+deb9u1 [21 Aug 2017] DSA-3949-1 augeas - security update {CVE-2017-7555} [jessie] - augeas 1.2.0-0.2+deb8u2 [stretch] - augeas 1.8.0-1+deb9u1 [19 Aug 2017] DSA-3948-1 ioquake3 - security update {CVE-2017-11721} [jessie] - ioquake3 1.36+u20140802+gca9eebb-2+deb8u2 [stretch] - ioquake3 1.36+u20161101+dfsg1-2+deb9u1 [18 Aug 2017] DSA-3947-1 newsbeuter - security update {CVE-2017-12904} [jessie] - newsbeuter 2.8-2+deb8u1 [stretch] - newsbeuter 2.9-5+deb9u1 [18 Aug 2017] DSA-3946-1 libmspack - security update {CVE-2017-6419 CVE-2017-11423} [jessie] - libmspack 0.5-1+deb8u1 [stretch] - libmspack 0.5-1+deb9u1 [17 Aug 2017] DSA-3945-1 linux - security update {CVE-2014-9940 CVE-2017-7346 CVE-2017-7482 CVE-2017-7533 CVE-2017-7541 CVE-2017-7542 CVE-2017-7889 CVE-2017-9605 CVE-2017-10911 CVE-2017-11176 CVE-2017-1000363 CVE-2017-1000365} [jessie] - linux 3.16.43-2+deb8u3 [17 Aug 2017] DSA-3944-1 mariadb-10.0 - security update {CVE-2017-3308 CVE-2017-3309 CVE-2017-3453 CVE-2017-3456 CVE-2017-3464 CVE-2017-3636 CVE-2017-3641 CVE-2017-3653 CVE-2017-10286 CVE-2017-10379 CVE-2017-10384} [jessie] - mariadb-10.0 10.0.32-0+deb8u1 [14 Aug 2017] DSA-3943-1 gajim - security update {CVE-2016-10376} [jessie] - gajim 0.16-1+deb8u2 [13 Aug 2017] DSA-3942-1 supervisor - security update {CVE-2017-11610} [jessie] - supervisor 3.0r1-1+deb8u1 [stretch] - supervisor 3.3.1-1+deb9u1 [13 Aug 2017] DSA-3941-1 iortcw - security update {CVE-2017-11721} [stretch] - iortcw 1.50a+dfsg1-3+deb9u1 [13 Aug 2017] DSA-3940-1 cvs - security update {CVE-2017-12836} [jessie] - cvs 2:1.12.13+real-15+deb8u1 [stretch] - cvs 2:1.12.13+real-22+deb9u1 [12 Aug 2017] DSA-3939-1 botan1.10 - security update {CVE-2017-2801} [jessie] - botan1.10 1.10.8-2+deb8u2 [12 Aug 2017] DSA-3938-1 libgd2 - security update {CVE-2017-7890} [jessie] - libgd2 2.1.0-5+deb8u10 [stretch] - libgd2 2.2.4-2+deb9u1 [12 Aug 2017] DSA-3937-1 zabbix - security update {CVE-2017-2824 CVE-2017-2825} [jessie] - zabbix 1:2.2.7+dfsg-2+deb8u3 [10 Aug 2017] DSA-3936-1 postgresql-9.6 - security update {CVE-2017-7546 CVE-2017-7547 CVE-2017-7548} [stretch] - postgresql-9.6 9.6.4-0+deb9u1 [10 Aug 2017] DSA-3935-1 postgresql-9.4 - security update {CVE-2017-7546 CVE-2017-7547 CVE-2017-7548} [jessie] - postgresql-9.4 9.4.13-0+deb8u1 [10 Aug 2017] DSA-3934-1 git - security update {CVE-2017-1000117} [jessie] - git 1:2.1.4-2.1+deb8u4 [stretch] - git 1:2.11.0-3+deb9u1 [10 Aug 2017] DSA-3933-1 pjproject - security update {CVE-2017-9359 CVE-2017-9372} [jessie] - pjproject 2.1.0.0.ast20130823-1+deb8u1 [10 Aug 2017] DSA-3932-1 subversion - security update {CVE-2017-9800} [jessie] - subversion 1.8.10-6+deb8u5 [stretch] - subversion 1.9.5-1+deb9u1 [10 Aug 2017] DSA-3931-1 ruby-rack-cors - security update {CVE-2017-11173} [stretch] - ruby-rack-cors 0.4.0-1+deb9u1 [10 Aug 2017] DSA-3930-1 freeradius - security update {CVE-2017-10978 CVE-2017-10983} [jessie] - freeradius 2.2.5+dfsg-0.2+deb8u1 [stretch] - freeradius 3.0.12+dfsg-5+deb9u1 [10 Aug 2017] DSA-3929-1 libsoup2.4 - security update {CVE-2017-2885} [jessie] - libsoup2.4 2.48.0-1+deb8u1 [stretch] - libsoup2.4 2.56.0-2+deb9u1 [10 Aug 2017] DSA-3928-1 firefox-esr - security update {CVE-2017-7753 CVE-2017-7779 CVE-2017-7784 CVE-2017-7785 CVE-2017-7786 CVE-2017-7787 CVE-2017-7791 CVE-2017-7792 CVE-2017-7798 CVE-2017-7800 CVE-2017-7801 CVE-2017-7802 CVE-2017-7803 CVE-2017-7807 CVE-2017-7809} [jessie] - firefox-esr 52.3.0esr-1~deb8u2 [stretch] - firefox-esr 52.3.0esr-1~deb9u1 [07 Aug 2017] DSA-3927-1 linux - security update {CVE-2017-7346 CVE-2017-7482 CVE-2017-7533 CVE-2017-7541 CVE-2017-7542 CVE-2017-9605 CVE-2017-10810 CVE-2017-10911 CVE-2017-11176 CVE-2017-1000365} [stretch] - linux 4.9.30-2+deb9u3 [04 Aug 2017] DSA-3926-1 chromium-browser - security update {CVE-2017-5087 CVE-2017-5088 CVE-2017-5089 CVE-2017-5091 CVE-2017-5092 CVE-2017-5093 CVE-2017-5094 CVE-2017-5095 CVE-2017-5097 CVE-2017-5098 CVE-2017-5099 CVE-2017-5100 CVE-2017-5101 CVE-2017-5102 CVE-2017-5103 CVE-2017-5104 CVE-2017-5105 CVE-2017-5106 CVE-2017-5107 CVE-2017-5108 CVE-2017-5109 CVE-2017-5110 CVE-2017-7000} [stretch] - chromium-browser 60.0.3112.78-1~deb9u1 [04 Aug 2017] DSA-3925-1 qemu - security update {CVE-2017-9524 CVE-2017-10806 CVE-2017-11334 CVE-2017-11434} [stretch] - qemu 1:2.8+dfsg-6+deb9u2 [02 Aug 2017] DSA-3924-1 varnish - security update {CVE-2017-12425} [jessie] - varnish 4.0.2-1+deb8u1 [stretch] - varnish 5.0.0-7+deb9u1 [01 Aug 2017] DSA-3923-1 freerdp - security update {CVE-2017-2834 CVE-2017-2835 CVE-2017-2836 CVE-2017-2837 CVE-2017-2838 CVE-2017-2839} [jessie] - freerdp 1.1.0~git20140921.1.440916e+dfsg1-4+deb8u1 [stretch] - freerdp 1.1.0~git20140921.1.440916e+dfsg1-13+deb9u1 [28 Jul 2017] DSA-3922-1 mysql-5.5 - security update {CVE-2017-3635 CVE-2017-3636 CVE-2017-3641 CVE-2017-3648 CVE-2017-3651 CVE-2017-3652 CVE-2017-3653} [jessie] - mysql-5.5 5.5.57-0+deb8u1 [28 Jul 2017] DSA-3921-1 enigmail - update [jessie] - enigmail 2:1.9.8.1-1~deb8u1 [stretch] - enigmail 2:1.9.8.1-1~deb9u1 [25 Jul 2017] DSA-3920-1 qemu - security update {CVE-2017-9310 CVE-2017-9330 CVE-2017-9373 CVE-2017-9374 CVE-2017-10664 CVE-2017-10911} [stretch] - qemu 1:2.8+dfsg-6+deb9u1 [25 Jul 2017] DSA-3919-1 openjdk-8 - security update {CVE-2017-10053 CVE-2017-10067 CVE-2017-10074 CVE-2017-10078 CVE-2017-10081 CVE-2017-10087 CVE-2017-10089 CVE-2017-10090 CVE-2017-10096 CVE-2017-10101 CVE-2017-10102 CVE-2017-10107 CVE-2017-10108 CVE-2017-10109 CVE-2017-10110 CVE-2017-10111 CVE-2017-10115 CVE-2017-10116 CVE-2017-10118 CVE-2017-10135 CVE-2017-10176 CVE-2017-10193 CVE-2017-10198 CVE-2017-10243} [stretch] - openjdk-8 8u141-b15-1~deb9u1 [25 Jul 2017] DSA-3918-1 icedove - security update {CVE-2017-5470 CVE-2017-5472 CVE-2017-7749 CVE-2017-7750 CVE-2017-7751 CVE-2017-7752 CVE-2017-7754 CVE-2017-7756 CVE-2017-7757 CVE-2017-7758 CVE-2017-7764 CVE-2017-7771 CVE-2017-7772 CVE-2017-7773 CVE-2017-7774 CVE-2017-7776 CVE-2017-7777 CVE-2017-7778} [jessie] - icedove 1:52.2.1-4~deb8u1 [stretch] - icedove 1:52.2.1-4~deb9u1 [23 Jul 2017] DSA-3904-2 bind9 - regression update [jessie] - bind9 1:9.9.5.dfsg-9+deb8u13 [stretch] - bind9 1:9.10.3.dfsg.P4-12.3+deb9u2 [23 Jul 2017] DSA-3917-1 catdoc - security update {CVE-2017-11110} [jessie] - catdoc 0.94.4-1.1+deb8u1 [stretch] - catdoc 1:0.94.3~git20160113.dbc9ec6+dfsg-1+deb9u1 [21 Jul 2017] DSA-3916-1 atril - security update {CVE-2017-1000083} [jessie] - atril 1.8.1+dfsg1-4+deb8u1 [stretch] - atril 1.16.1-2+deb9u1 [20 Jul 2017] DSA-3915-1 ruby-mixlib-archive - security update {CVE-2017-1000026} [stretch] - ruby-mixlib-archive 0.2.0-1+deb9u1 [18 Jul 2017] DSA-3914-1 imagemagick - security update {CVE-2017-9439 CVE-2017-9440 CVE-2017-9501 CVE-2017-10928 CVE-2017-11141 CVE-2017-11170 CVE-2017-11188 CVE-2017-11360 CVE-2017-11449 CVE-2017-11448 CVE-2017-11447 CVE-2017-11450 CVE-2017-11478 CVE-2017-11505 CVE-2017-11524 CVE-2017-11525 CVE-2017-11526 CVE-2017-11527 CVE-2017-11528 CVE-2017-11529 CVE-2017-11530} [jessie] - imagemagick 8:6.8.9.9-5+deb8u10 [stretch] - imagemagick 8:6.9.7.4+dfsg-11+deb9u1 [18 Jul 2017] DSA-3913-1 apache2 - security update {CVE-2017-9788} [jessie] - apache2 2.4.10-10+deb8u10 [stretch] - apache2 2.4.25-3+deb9u2 [16 Jul 2017] DSA-3912-1 heimdal - security update {CVE-2017-11103} [jessie] - heimdal 1.6~rc2+dfsg-9+deb8u1 [stretch] - heimdal 7.1.0+dfsg-13+deb9u1 [14 Jul 2017] DSA-3911-1 evince - security update {CVE-2017-1000083} [jessie] - evince 3.14.1-2+deb8u2 [stretch] - evince 3.22.1-3+deb9u1 [14 Jul 2017] DSA-3910-1 knot - security update {CVE-2017-11104} [jessie] - knot 1.6.0-1+deb8u1 [stretch] - knot 2.4.0-3+deb9u1 [14 Jul 2017] DSA-3909-1 samba - security update {CVE-2017-11103} [jessie] - samba 2:4.2.14+dfsg-0+deb8u7 [stretch] - samba 2:4.5.8+dfsg-2+deb9u1 [12 Jul 2017] DSA-3908-1 nginx - security update {CVE-2017-7529} [jessie] - nginx 1.6.2-5+deb8u5 [stretch] - nginx 1.10.3-1+deb9u1 [11 Jul 2017] DSA-3907-1 spice - security update {CVE-2017-7506} [jessie] - spice 0.12.5-1+deb8u5 [stretch] - spice 0.12.8-2.1+deb9u1 [11 Jul 2017] DSA-3906-1 undertow - security update {CVE-2017-2666 CVE-2017-2670} [stretch] - undertow 1.4.8-1+deb9u1 [09 Jul 2017] DSA-3905-1 xorg-server - security update {CVE-2017-10971 CVE-2017-10972} [jessie] - xorg-server 2:1.16.4-1+deb8u1 [stretch] - xorg-server 2:1.19.2-1+deb9u1 [08 Jul 2017] DSA-3904-1 bind9 - security update {CVE-2017-3142 CVE-2017-3143} [jessie] - bind9 1:9.9.5.dfsg-9+deb8u12 [stretch] - bind9 1:9.10.3.dfsg.P4-12.3+deb9u1 [05 Jul 2017] DSA-3903-1 tiff - security update {CVE-2017-9936 CVE-2017-10688} [jessie] - tiff 4.0.3-12.3+deb8u4 [stretch] - tiff 4.0.8-2+deb9u1 [05 Jul 2017] DSA-3902-1 jabberd2 - security update {CVE-2017-10807} [stretch] - jabberd2 2.4.0-3+deb9u1 [02 Jul 2017] DSA-3901-1 libgcrypt20 - security update {CVE-2017-7526} [jessie] - libgcrypt20 1.6.3-2+deb8u4 [stretch] - libgcrypt20 1.7.6-2+deb9u1 [27 Jun 2017] DSA-3900-1 openvpn - security update {CVE-2017-7508 CVE-2017-7520 CVE-2017-7521} [jessie] - openvpn 2.3.4-5+deb8u2 [stretch] - openvpn 2.4.0-6+deb9u1 [27 Jun 2017] DSA-3886-2 linux - regression update [jessie] - linux 3.16.43-2+deb8u2 [stretch] - linux 4.9.30-2+deb9u2 [27 Jun 2017] DSA-3899-1 vlc - security update {CVE-2017-8310 CVE-2017-8311 CVE-2017-8312 CVE-2017-8313} [jessie] - vlc 2.2.6-1~deb8u1 [25 Jun 2017] DSA-3898-1 expat - security update {CVE-2017-9233} [jessie] - expat 2.1.0-6+deb8u4 [stretch] - expat 2.2.0-2+deb9u1 [24 Jun 2017] DSA-3897-1 drupal7 - security update {CVE-2017-6922} [jessie] - drupal7 7.32-1+deb8u9 [stretch] - drupal7 7.52-2+deb9u1 [22 Jun 2017] DSA-3896-1 apache2 - security update {CVE-2017-3167 CVE-2017-3169 CVE-2017-7668 CVE-2017-7679} [jessie] - apache2 2.4.10-10+deb8u9 [stretch] - apache2 2.4.25-3+deb9u1 [22 Jun 2017] DSA-3895-1 flatpak - security update {CVE-2017-9780} [stretch] - flatpak 0.8.5-2+deb9u1 [22 Jun 2017] DSA-3894-1 graphite2 - security update {CVE-2017-7771 CVE-2017-7772 CVE-2017-7773 CVE-2017-7774 CVE-2017-7776 CVE-2017-7777 CVE-2017-7778} [jessie] - graphite2 1.3.10-1~deb8u1 [22 Jun 2017] DSA-3893-1 jython - security update {CVE-2016-4000} [jessie] - jython 2.5.3-3+deb8u1 [stretch] - jython 2.5.3-16+deb9u1 [22 Jun 2017] DSA-3892-1 tomcat7 - security update {CVE-2017-5664} [jessie] - tomcat7 7.0.56-3+deb8u11 [22 Jun 2017] DSA-3891-1 tomcat8 - security update {CVE-2017-5664} [jessie] - tomcat8 8.0.14-1+deb8u10 [stretch] - tomcat8 8.5.14-1+deb9u1 [21 Jun 2017] DSA-3890-1 spip - security update {CVE-2017-9736} [stretch] - spip 3.1.4-3~deb9u1 [19 Jun 2017] DSA-3889-1 libffi - security update {CVE-2017-1000376} [jessie] - libffi 3.1-2+deb8u1 [19 Jun 2017] DSA-3888-1 exim4 - security update {CVE-2017-1000369} [jessie] - exim4 4.84.2-2+deb8u4 [stretch] - exim4 4.89-2+deb9u1 [19 Jun 2017] DSA-3887-1 glibc - security update {CVE-2017-1000366} [jessie] - glibc 2.19-18+deb8u10 [stretch] - glibc 2.24-11+deb9u1 [19 Jun 2017] DSA-3886-1 linux - security update {CVE-2017-7487 CVE-2017-7645 CVE-2017-7895 CVE-2017-8064 CVE-2017-8890 CVE-2017-8924 CVE-2017-8925 CVE-2017-9074 CVE-2017-9075 CVE-2017-9076 CVE-2017-9077 CVE-2017-9242 CVE-2017-1000364} [jessie] - linux 3.16.43-2+deb8u1 [18 Jun 2017] DSA-3885-1 irssi - security update {CVE-2017-9468 CVE-2017-9469} [jessie] - irssi 0.8.17-1+deb8u4 [stretch] - irssi 1.0.2-1+deb9u1 [16 Jun 2017] DSA-3884-1 gnutls28 - security update {CVE-2017-7507} [stretch] - gnutls28 3.5.8-5+deb9u1 [jessie] - gnutls28 3.3.8-6+deb8u6 [15 Jun 2017] DSA-3883-1 rt-authen-externalauth - security update {CVE-2017-5361} [jessie] - rt-authen-externalauth 0.25-1+deb8u1 [15 Jun 2017] DSA-3882-1 request-tracker4 - security update {CVE-2016-6127 CVE-2017-5361 CVE-2017-5943 CVE-2017-5944} [stretch] - request-tracker4 4.4.1-3+deb9u1 [jessie] - request-tracker4 4.2.8-3+deb8u2 [14 Jun 2017] DSA-3881-1 firefox-esr - security update {CVE-2017-5470 CVE-2017-5472 CVE-2017-7749 CVE-2017-7750 CVE-2017-7751 CVE-2017-7752 CVE-2017-7754 CVE-2017-7756 CVE-2017-7757 CVE-2017-7758 CVE-2017-7764 CVE-2017-7771 CVE-2017-7772 CVE-2017-7773 CVE-2017-7774 CVE-2017-7776 CVE-2017-7777 CVE-2017-7778} [stretch] - firefox-esr 52.2.0esr-1~deb9u1 [jessie] - firefox-esr 52.2.0esr-1~deb8u1 [14 Jun 2017] DSA-3880-1 libgcrypt20 - security update {CVE-2017-9526} [jessie] - libgcrypt20 1.6.3-2+deb8u3 [13 Jun 2017] DSA-3879-1 libosip2 - security update {CVE-2016-10324 CVE-2016-10325 CVE-2016-10326 CVE-2017-7853} [jessie] - libosip2 4.1.0-2+deb8u1 [12 Jun 2017] DSA-3878-1 zziplib - security update {CVE-2017-5974 CVE-2017-5975 CVE-2017-5976 CVE-2017-5977 CVE-2017-5978 CVE-2017-5979 CVE-2017-5980 CVE-2017-5981} [jessie] - zziplib 0.13.62-3+deb8u1 [10 Jun 2017] DSA-3877-1 tor - security update {CVE-2017-0376} [jessie] - tor 0.2.5.14-1 [stretch] - tor 0.2.9.11-1~deb9u1 [09 Jun 2017] DSA-3876-1 otrs2 - security update {CVE-2017-9324} [jessie] - otrs2 3.3.9-3+deb8u1 [09 Jun 2017] DSA-3875-1 libmwaw - security update {CVE-2017-9433} [jessie] - libmwaw 0.3.1-2+deb8u1 [09 Jun 2017] DSA-3874-1 ettercap - security update {CVE-2017-6430 CVE-2017-8366} [jessie] - ettercap 1:0.8.1-3+deb8u1 [05 Jun 2017] DSA-3873-1 perl - security update {CVE-2017-6512} [jessie] - perl 5.20.2-3+deb8u7 [01 Jun 2017] DSA-3872-1 nss - security update {CVE-2017-5461 CVE-2017-5462 CVE-2017-7502} [jessie] - nss 2:3.26-1+debu8u2 [01 Jun 2017] DSA-3871-1 zookeeper - security update {CVE-2017-5637} [jessie] - zookeeper 3.4.5+dfsg-2+deb8u2 [01 Jun 2017] DSA-3870-1 wordpress - security update {CVE-2017-8295 CVE-2017-9061 CVE-2017-9062 CVE-2017-9063 CVE-2017-9064 CVE-2017-9065} [jessie] - wordpress 4.1+dfsg-1+deb8u14 [01 Jun 2017] DSA-3869-1 tnef - security update {CVE-2017-8911} [jessie] - tnef 1.4.9-1+deb8u3 [30 May 2017] DSA-3868-1 openldap - security update {CVE-2017-9287} [jessie] - openldap 2.4.40+dfsg-1+deb8u3 [30 May 2017] DSA-3867-1 sudo - security update {CVE-2017-1000367} [jessie] - sudo 1.8.10p3-1+deb8u4 [30 May 2017] DSA-3866-1 strongswan - security update {CVE-2017-9022 CVE-2017-9023} [jessie] - strongswan 5.2.1-6+deb8u3 [29 May 2017] DSA-3865-1 mosquitto - security update {CVE-2017-7650} [jessie] - mosquitto 1.3.4-2+deb8u1 [27 May 2017] DSA-3864-1 fop - security update {CVE-2017-5661} [jessie] - fop 1:1.1.dfsg2-1+deb8u1 [25 May 2017] DSA-3863-1 imagemagick - security update {CVE-2017-7606 CVE-2017-7619 CVE-2017-7941 CVE-2017-7943 CVE-2017-8343 CVE-2017-8344 CVE-2017-8345 CVE-2017-8346 CVE-2017-8347 CVE-2017-8348 CVE-2017-8349 CVE-2017-8350 CVE-2017-8351 CVE-2017-8352 CVE-2017-8353 CVE-2017-8354 CVE-2017-8355 CVE-2017-8356 CVE-2017-8357 CVE-2017-8765 CVE-2017-8830 CVE-2017-9098 CVE-2017-9141 CVE-2017-9142 CVE-2017-9143 CVE-2017-9144} [jessie] - imagemagick 8:6.8.9.9-5+deb8u9 [25 May 2017] DSA-3862-1 puppet - security update {CVE-2017-2295} [jessie] - puppet 3.7.2-4+deb8u1 [24 May 2017] DSA-3861-1 libtasn1-6 - security update {CVE-2017-6891} [jessie] - libtasn1-6 4.2-3+deb8u3 [24 May 2017] DSA-3860-1 samba - security update {CVE-2017-7494} [jessie] - samba 2:4.2.14+dfsg-0+deb8u6 [19 May 2017] DSA-3859-1 dropbear - security update {CVE-2017-9078 CVE-2017-9079} [jessie] - dropbear 2014.65-1+deb8u2 [19 May 2017] DSA-3858-1 openjdk-7 - security update {CVE-2017-3509 CVE-2017-3511 CVE-2017-3526 CVE-2017-3533 CVE-2017-3539 CVE-2017-3544} [jessie] - openjdk-7 7u131-2.6.9-2~deb8u1 [18 May 2017] DSA-3857-1 mysql-connector-java - security update {CVE-2017-3586 CVE-2017-3589} [jessie] - mysql-connector-java 5.1.42-1~deb8u1 [18 May 2017] DSA-3856-1 deluge - security update {CVE-2017-7178 CVE-2017-9031} [jessie] - deluge 1.3.10-3+deb8u1 [18 May 2017] DSA-3855-1 jbig2dec - security update {CVE-2017-7885 CVE-2017-7975 CVE-2017-7976} [jessie] - jbig2dec 0.13-4~deb8u2 [17 May 2017] DSA-3793-2 shadow - regression update [jessie] - shadow 1:4.2-3+deb8u4 [14 May 2017] DSA-3854-1 bind9 - security update {CVE-2017-3136 CVE-2017-3137 CVE-2017-3138} [jessie] - bind9 1:9.9.5.dfsg-9+deb8u11 [14 May 2017] DSA-3853-1 bitlbee - security update {CVE-2016-10188 CVE-2016-10189} [jessie] - bitlbee 3.2.2-2+deb8u1 [13 May 2017] DSA-3852-1 squirrelmail - security update {CVE-2017-7692} [jessie] - squirrelmail 2:1.4.23~svn20120406-2+deb8u1 [12 May 2017] DSA-3851-1 postgresql-9.4 - security update {CVE-2017-7484 CVE-2017-7485 CVE-2017-7486} [jessie] - postgresql-9.4 9.4.12-0+deb8u1 [12 May 2017] DSA-3850-1 rtmpdump - security update {CVE-2015-8270 CVE-2015-8271 CVE-2015-8272} [jessie] - rtmpdump 2.4+20150115.gita107cef-1+deb8u1 [12 May 2017] DSA-3849-1 kde4libs - security update {CVE-2017-6410 CVE-2017-8422} [jessie] - kde4libs 4:4.14.2-5+deb8u2 [10 May 2017] DSA-3848-1 git - security update {CVE-2017-8386} [jessie] - git 1:2.1.4-2.1+deb8u3 [09 May 2017] DSA-3847-1 xen - security update {CVE-2016-9932 CVE-2016-10013 CVE-2016-10024 CVE-2017-7228 CVE-2017-8903 CVE-2017-8904 CVE-2017-8905} [jessie] - xen 4.4.1-9+deb8u9 [09 May 2017] DSA-3846-1 libytnef - security update {CVE-2017-6298 CVE-2017-6299 CVE-2017-6300 CVE-2017-6301 CVE-2017-6302 CVE-2017-6303 CVE-2017-6304 CVE-2017-6305 CVE-2017-6306 CVE-2017-6800 CVE-2017-6801 CVE-2017-6802} [jessie] - libytnef 1.5-6+deb8u1 [08 May 2017] DSA-3845-1 libtirpc - security update {CVE-2017-8779} [jessie] - libtirpc 0.2.5-1+deb8u1 [jessie] - rpcbind 0.2.1-6+deb8u2 [03 May 2017] DSA-3844-1 tiff - security update {CVE-2016-3658 CVE-2016-9535 CVE-2016-10266 CVE-2016-10267 CVE-2016-10269 CVE-2016-10270 CVE-2017-5225 CVE-2017-7592 CVE-2017-7593 CVE-2017-7594 CVE-2017-7595 CVE-2017-7596 CVE-2017-7597 CVE-2017-7598 CVE-2017-7599 CVE-2017-7600 CVE-2017-7601 CVE-2017-7602} [jessie] - tiff 4.0.3-12.3+deb8u3 [03 May 2017] DSA-3843-1 tomcat8 - security update {CVE-2017-5647 CVE-2017-5648} [jessie] - tomcat8 8.0.14-1+deb8u9 [03 May 2017] DSA-3842-1 tomcat7 - security update {CVE-2017-5647 CVE-2017-5648} [jessie] - tomcat7 7.0.56-3+deb8u10 [02 May 2017] DSA-3841-1 libxstream-java - security update {CVE-2017-7957} [jessie] - libxstream-java 1.4.7-2+deb8u2 [02 May 2017] DSA-3840-1 mysql-connector-java - security update {CVE-2017-3523} [jessie] - mysql-connector-java 5.1.41-1~deb8u1 [28 Apr 2017] DSA-3839-1 freetype - security update {CVE-2016-10244 CVE-2017-8105 CVE-2017-8287} [jessie] - freetype 2.5.2-3+deb8u2 [28 Apr 2017] DSA-3838-1 ghostscript - security update {CVE-2016-10219 CVE-2016-10220 CVE-2017-5951 CVE-2017-7207 CVE-2017-8291} [jessie] - ghostscript 9.06~dfsg-2+deb8u5 [27 Apr 2017] DSA-3837-1 libreoffice - security update {CVE-2017-7870} [jessie] - libreoffice 1:4.3.3-2+deb8u7 [27 Apr 2017] DSA-3836-1 weechat - security update {CVE-2017-8073} [jessie] - weechat 1.0.1-1+deb8u1 [26 Apr 2017] DSA-3835-1 python-django - security update {CVE-2016-9013 CVE-2016-9014 CVE-2017-7233 CVE-2017-7234} [jessie] - python-django 1.7.11-1+deb8u2 [25 Apr 2017] DSA-3834-1 mysql-5.5 - security update {CVE-2017-3302 CVE-2017-3305 CVE-2017-3308 CVE-2017-3309 CVE-2017-3329 CVE-2017-3453 CVE-2017-3456 CVE-2017-3461 CVE-2017-3462 CVE-2017-3463 CVE-2017-3464 CVE-2017-3600} [jessie] - mysql-5.5 5.5.55-0+deb8u1 [24 Apr 2017] DSA-3833-1 libav - security update {CVE-2016-9821 CVE-2016-9822} [jessie] - libav 6:11.9-1~deb8u1 [20 Apr 2017] DSA-3832-1 icedove - security update {CVE-2017-5373 CVE-2017-5375 CVE-2017-5376 CVE-2017-5378 CVE-2017-5380 CVE-2017-5383 CVE-2017-5390 CVE-2017-5396 CVE-2017-5398 CVE-2017-5400 CVE-2017-5401 CVE-2017-5402 CVE-2017-5404 CVE-2017-5405 CVE-2017-5407 CVE-2017-5408 CVE-2017-5410} [jessie] - icedove 1:45.8.0-3~deb8u1 [20 Apr 2017] DSA-3831-1 firefox-esr - security update {CVE-2017-5429 CVE-2017-5432 CVE-2017-5433 CVE-2017-5434 CVE-2017-5435 CVE-2017-5436 CVE-2017-5438 CVE-2017-5439 CVE-2017-5440 CVE-2017-5441 CVE-2017-5442 CVE-2017-5443 CVE-2017-5444 CVE-2017-5445 CVE-2017-5446 CVE-2017-5447 CVE-2017-5448 CVE-2017-5459 CVE-2017-5460 CVE-2017-5461 CVE-2017-5462 CVE-2017-5464 CVE-2017-5465 CVE-2017-5469} [jessie] - firefox-esr 45.9.0esr-1~deb8u1 [19 Apr 2017] DSA-3830-1 icu - security update {CVE-2017-7867 CVE-2017-7868} [jessie] - icu 52.1-8+deb8u5 [11 Apr 2017] DSA-3829-1 bouncycastle - security update {CVE-2015-6644} [jessie] - bouncycastle 1.49+dfsg-3+deb8u2 [11 Apr 2017] DSA-3828-2 dovecot - regression update [jessie] - dovecot 1:2.2.13-12~deb8u3 [10 Apr 2017] DSA-3828-1 dovecot - security update [jessie] - dovecot 1:2.2.13-12~deb8u2 [07 Apr 2017] DSA-3827-1 jasper - security update {CVE-2016-9591 CVE-2016-10249 CVE-2016-10251} [jessie] - jasper 1.900.1-debian1-2.4+deb8u3 [04 Apr 2017] DSA-3826-1 tryton-server - security update {CVE-2017-0360} [jessie] - tryton-server 3.4.0-3+deb8u3 [02 Apr 2017] DSA-3816-2 samba - regression update [jessie] - samba 2:4.2.14+dfsg-0+deb8u5 [31 Mar 2017] DSA-3825-1 jhead - security update {CVE-2016-3822} [jessie] - jhead 1:2.97-1+deb8u1 [29 Mar 2017] DSA-3824-1 firebird2.5 - security update {CVE-2017-6369} [jessie] - firebird2.5 2.5.3.26778.ds4-5+deb8u1 [29 Mar 2017] DSA-3798-2 tnef - regression update [jessie] - tnef 1.4.9-1+deb8u2 [28 Mar 2017] DSA-3823-1 eject - security update {CVE-2017-6964} [jessie] - eject 2.1.5+deb1+cvs20081104-13.1+deb8u1 [27 Mar 2017] DSA-3822-1 gstreamer1.0 - security update {CVE-2017-5838} [jessie] - gstreamer1.0 1.4.4-2+deb8u1 [27 Mar 2017] DSA-3821-1 gst-plugins-ugly1.0 - security update {CVE-2017-5846 CVE-2017-5847} [jessie] - gst-plugins-ugly1.0 1.4.4-2+deb8u1 [27 Mar 2017] DSA-3820-1 gst-plugins-good1.0 - security update {CVE-2016-10198 CVE-2016-10199 CVE-2017-5840 CVE-2017-5841 CVE-2017-5845} [jessie] - gst-plugins-good1.0 1.4.4-2+deb8u3 [27 Mar 2017] DSA-3819-1 gst-plugins-base1.0 - security update {CVE-2016-9811 CVE-2017-5837 CVE-2017-5839 CVE-2017-5842 CVE-2017-5844} [jessie] - gst-plugins-base1.0 1.4.4-2+deb8u1 [27 Mar 2017] DSA-3818-1 gst-plugins-bad1.0 - security update {CVE-2016-9809 CVE-2016-9812 CVE-2016-9813 CVE-2017-5843 CVE-2017-5848} [jessie] - gst-plugins-bad1.0 1.4.4-2.1+deb8u2 [24 Mar 2017] DSA-3817-1 jbig2dec - security update {CVE-2016-9601 CVE-2016-8729} [jessie] - jbig2dec 0.13-4~deb8u1 [23 Mar 2017] DSA-3816-1 samba - security update {CVE-2017-2619} [jessie] - samba 2:4.2.14+dfsg-0+deb8u4 [23 Mar 2017] DSA-3815-1 wordpress - security update {CVE-2017-6814 CVE-2017-6815 CVE-2017-6816 CVE-2017-6817} [jessie] - wordpress 4.1+dfsg-1+deb8u13 [22 Mar 2017] DSA-3814-1 audiofile - security update {CVE-2017-6827 CVE-2017-6828 CVE-2017-6829 CVE-2017-6830 CVE-2017-6831 CVE-2017-6832 CVE-2017-6833 CVE-2017-6834 CVE-2017-6835 CVE-2017-6836 CVE-2017-6837 CVE-2017-6838 CVE-2017-6839} [jessie] - audiofile 0.3.6-2+deb8u2 [19 Mar 2017] DSA-3796-2 sitesummary - regression update [jessie] - sitesummary 0.1.17+deb8u2 [19 Mar 2017] DSA-3813-1 r-base - security update {CVE-2016-8714} [jessie] - r-base 3.1.1-1+deb8u1 [18 Mar 2017] DSA-3812-1 ioquake3 - security update {CVE-2017-6903} [jessie] - ioquake3 1.36+u20140802+gca9eebb-2+deb8u1 [18 Mar 2017] DSA-3811-1 wireshark - security update {CVE-2017-5596 CVE-2017-5597 CVE-2017-6014 CVE-2017-6467 CVE-2017-6468 CVE-2017-6469 CVE-2017-6470 CVE-2017-6471 CVE-2017-6472 CVE-2017-6473 CVE-2017-6474} [jessie] - wireshark 1.12.1+g01b65bf-4+deb8u11 [15 Mar 2017] DSA-3810-1 chromium-browser - security update {CVE-2017-5029 CVE-2017-5030 CVE-2017-5031 CVE-2017-5032 CVE-2017-5033 CVE-2017-5034 CVE-2017-5035 CVE-2017-5036 CVE-2017-5037 CVE-2017-5038 CVE-2017-5039 CVE-2017-5040 CVE-2017-5041 CVE-2017-5042 CVE-2017-5043 CVE-2017-5044 CVE-2017-5045 CVE-2017-5046} [jessie] - chromium-browser 57.0.2987.98-1~deb8u1 [14 Mar 2017] DSA-3809-1 mariadb-10.0 - security update {CVE-2017-3302 CVE-2017-3313} [jessie] - mariadb-10.0 10.0.30-0+deb8u1 [13 Mar 2017] DSA-3808-1 imagemagick - security update {CVE-2016-10252 CVE-2017-6498 CVE-2017-6499 CVE-2017-6500} [jessie] - imagemagick 8:6.8.9.9-5+deb8u8 [12 Mar 2017] DSA-3807-1 icoutils - security update {CVE-2017-6009 CVE-2017-6010 CVE-2017-6011} [jessie] - icoutils 0.31.0-2+deb8u3 [10 Mar 2017] DSA-3806-1 pidgin - security update {CVE-2017-2640} [jessie] - pidgin 2.11.0-0+deb8u2 [08 Mar 2017] DSA-3805-1 firefox-esr - security update {CVE-2017-5398 CVE-2017-5400 CVE-2017-5401 CVE-2017-5402 CVE-2017-5404 CVE-2017-5405 CVE-2017-5407 CVE-2017-5408 CVE-2017-5410} [jessie] - firefox-esr 45.8.0esr-1~deb8u1 [08 Mar 2017] DSA-3804-1 linux - security update {CVE-2016-9588 CVE-2017-2636 CVE-2017-5669 CVE-2017-5986 CVE-2017-6214 CVE-2017-6345 CVE-2017-6346 CVE-2017-6348 CVE-2017-6353} [jessie] - linux 3.16.39-1+deb8u2 [08 Mar 2017] DSA-3803-1 texlive-base - security update {CVE-2016-10243} [jessie] - texlive-base 2014.20141024-2+deb8u1 [05 Mar 2017] DSA-3802-1 zabbix - security update {CVE-2016-10134} [jessie] - zabbix 1:2.2.7+dfsg-2+deb8u2 [04 Mar 2017] DSA-3801-1 ruby-zip - security update {CVE-2017-5946} [jessie] - ruby-zip 1.1.6-1+deb8u1 [03 Mar 2017] DSA-3794-3 munin - regression update [jessie] - munin 2.0.25-1+deb8u3 [02 Mar 2017] DSA-3800-1 libquicktime - security update {CVE-2016-2399} [jessie] - libquicktime 2:1.2.4-7+deb8u1 [02 Mar 2017] DSA-3794-2 munin - regression update [jessie] - munin 2.0.25-1+deb8u2 [01 Mar 2017] DSA-3799-1 imagemagick - security update {CVE-2016-8707 CVE-2016-10062 CVE-2016-10144 CVE-2016-10145 CVE-2016-10146 CVE-2017-5506 CVE-2017-5507 CVE-2017-5508 CVE-2017-5510 CVE-2017-5511} [jessie] - imagemagick 8:6.8.9.9-5+deb8u7 [01 Mar 2017] DSA-3798-1 tnef - security update {CVE-2017-6307 CVE-2017-6308 CVE-2017-6309 CVE-2017-6310} [jessie] - tnef 1.4.9-1+deb8u1 [28 Feb 2017] DSA-3797-1 mupdf - security update {CVE-2016-8674 CVE-2017-5896 CVE-2017-5991 CVE-2017-7264} [jessie] - mupdf 1.5-1+deb8u2 [26 Feb 2017] DSA-3796-1 apache2 - security update {CVE-2016-0736 CVE-2016-2161 CVE-2016-8743} [jessie] - apache2 2.4.10-10+deb8u8 [26 Feb 2017] DSA-3795-1 bind9 - security update {CVE-2017-3135} [jessie] - bind9 1:9.9.5.dfsg-9+deb8u10 [25 Feb 2017] DSA-3794-1 munin - security update {CVE-2017-6188} [jessie] - munin 2.0.25-1+deb8u1 [24 Feb 2017] DSA-3793-1 shadow - security update {CVE-2016-6252 CVE-2017-2616} [jessie] - shadow 1:4.2-3+deb8u3 [23 Feb 2017] DSA-3792-1 libreoffice - security update {CVE-2017-3157} [jessie] - libreoffice 1:4.3.3-2+deb8u6 [22 Feb 2017] DSA-3791-1 linux - security update {CVE-2016-6786 CVE-2016-6787 CVE-2016-8405 CVE-2016-9191 CVE-2017-2583 CVE-2017-2584 CVE-2017-2596 CVE-2017-2618 CVE-2017-5549 CVE-2017-5551 CVE-2017-5897 CVE-2017-5970 CVE-2017-6001 CVE-2017-6074} [jessie] - linux 3.16.39-1+deb8u1 [22 Feb 2017] DSA-3788-2 tomcat8 - regression update [jessie] - tomcat8 8.0.14-1+deb8u8 [22 Feb 2017] DSA-3787-2 tomcat7 - regression update [jessie] - tomcat7 7.0.56-3+deb8u9 [16 Feb 2017] DSA-3790-1 spice - security update {CVE-2016-9577 CVE-2016-9578} [jessie] - spice 0.12.5-1+deb8u4 [15 Feb 2017] DSA-3789-1 libevent - security update {CVE-2016-10195 CVE-2016-10196 CVE-2016-10197} [jessie] - libevent 2.0.21-stable-2+deb8u1 [13 Feb 2017] DSA-3788-1 tomcat8 - security update {CVE-2017-6056} [jessie] - tomcat8 8.0.14-1+deb8u7 [13 Feb 2017] DSA-3787-1 tomcat7 - security update {CVE-2017-6056} [jessie] - tomcat7 7.0.56-3+deb8u8 [13 Feb 2017] DSA-3786-1 vim - security update {CVE-2017-5953} [jessie] - vim 2:7.4.488-7+deb8u2 [09 Feb 2017] DSA-3785-1 jasper - security update {CVE-2016-1867 CVE-2016-8654 CVE-2016-8691 CVE-2016-8692 CVE-2016-8693 CVE-2016-8882 CVE-2016-9560} [jessie] - jasper 1.900.1-debian1-2.4+deb8u2 [09 Feb 2017] DSA-3784-1 viewvc - security update {CVE-2017-5938} [jessie] - viewvc 1.1.22-1+deb8u1 [08 Feb 2017] DSA-3783-1 php5 - security update {CVE-2016-10158 CVE-2016-10159 CVE-2016-10160 CVE-2016-10161 CVE-2016-7479} [jessie] - php5 5.6.30+dfsg-0+deb8u1 [08 Feb 2017] DSA-3782-1 openjdk-7 - security update {CVE-2016-5546 CVE-2016-5547 CVE-2016-5548 CVE-2016-5552 CVE-2017-3231 CVE-2017-3241 CVE-2017-3252 CVE-2017-3253 CVE-2017-3260 CVE-2017-3261 CVE-2017-3272 CVE-2017-3289} [jessie] - openjdk-7 7u121-2.6.8-2~deb8u1 [05 Feb 2017] DSA-3781-1 svgsalamander - security update {CVE-2017-5617} [jessie] - svgsalamander 0~svn95-1+deb8u1 [01 Feb 2017] DSA-3780-1 ntfs-3g - security update {CVE-2017-0358} [jessie] - ntfs-3g 1:2014.2.15AR.2-1+deb8u3 [01 Feb 2017] DSA-3779-1 wordpress - security update {CVE-2017-5488 CVE-2017-5489 CVE-2017-5490 CVE-2017-5491 CVE-2017-5492 CVE-2017-5493 CVE-2017-5610 CVE-2017-5611 CVE-2017-5612} [jessie] - wordpress 4.1+dfsg-1+deb8u12 [31 Jan 2017] DSA-3778-1 ruby-archive-tar-minitar - security update {CVE-2016-10173} [jessie] - ruby-archive-tar-minitar 0.5.2-2+deb8u1 [31 Jan 2017] DSA-3777-1 libgd2 - security update {CVE-2016-6906 CVE-2016-6912 CVE-2016-9317 CVE-2016-10166 CVE-2016-10167 CVE-2016-10168} [jessie] - libgd2 2.1.0-5+deb8u9 [31 Jan 2017] DSA-3776-1 chromium-browser - security update {CVE-2017-5006 CVE-2017-5007 CVE-2017-5008 CVE-2017-5009 CVE-2017-5010 CVE-2017-5011 CVE-2017-5012 CVE-2017-5013 CVE-2017-5014 CVE-2017-5015 CVE-2017-5016 CVE-2017-5017 CVE-2017-5018 CVE-2017-5019 CVE-2017-5020 CVE-2017-5021 CVE-2017-5022 CVE-2017-5023 CVE-2017-5024 CVE-2017-5025 CVE-2017-5026 CVE-2017-5027 CVE-2017-5028} [jessie] - chromium-browser 56.0.2924.76-1~deb8u1 [29 Jan 2017] DSA-3775-1 tcpdump - security update {CVE-2016-7922 CVE-2016-7923 CVE-2016-7924 CVE-2016-7925 CVE-2016-7926 CVE-2016-7927 CVE-2016-7928 CVE-2016-7929 CVE-2016-7930 CVE-2016-7931 CVE-2016-7932 CVE-2016-7933 CVE-2016-7934 CVE-2016-7935 CVE-2016-7936 CVE-2016-7937 CVE-2016-7938 CVE-2016-7939 CVE-2016-7940 CVE-2016-7973 CVE-2016-7974 CVE-2016-7975 CVE-2016-7983 CVE-2016-7984 CVE-2016-7985 CVE-2016-7986 CVE-2016-7992 CVE-2016-7993 CVE-2016-8574 CVE-2016-8575 CVE-2017-5202 CVE-2017-5203 CVE-2017-5204 CVE-2017-5205 CVE-2017-5341 CVE-2017-5342 CVE-2017-5482 CVE-2017-5483 CVE-2017-5484 CVE-2017-5485 CVE-2017-5486} [jessie] - tcpdump 4.9.0-1~deb8u1 [29 Jan 2017] DSA-3774-1 lcms2 - security update {CVE-2016-10165} [jessie] - lcms2 2.6-3+deb8u1 [27 Jan 2017] DSA-3773-1 openssl - security update {CVE-2016-7056 CVE-2016-8610 CVE-2017-3731} [jessie] - openssl 1.0.1t-1+deb8u6 [26 Jan 2017] DSA-3772-1 libxpm - security update {CVE-2016-10164} [jessie] - libxpm 1:3.5.12-0+deb8u1 [25 Jan 2017] DSA-3771-1 firefox-esr - security update {CVE-2017-5373 CVE-2017-5375 CVE-2017-5376 CVE-2017-5378 CVE-2017-5380 CVE-2017-5383 CVE-2017-5386 CVE-2017-5390 CVE-2017-5396} [jessie] - firefox-esr 45.7.0esr-1~deb8u1 [22 Jan 2017] DSA-3770-1 mariadb-10.0 - security update {CVE-2016-6664 CVE-2017-3238 CVE-2017-3243 CVE-2017-3244 CVE-2017-3257 CVE-2017-3258 CVE-2017-3265 CVE-2017-3291 CVE-2017-3312 CVE-2017-3317 CVE-2017-3318} [jessie] - mariadb-10.0 10.0.29-0+deb8u1 [22 Jan 2017] DSA-3769-1 libphp-swiftmailer - security update {CVE-2016-10074} [jessie] - libphp-swiftmailer 5.2.2-1+deb8u1 [20 Jan 2017] DSA-3768-1 openjpeg2 - security update {CVE-2016-5158 CVE-2016-5159 CVE-2016-8332 CVE-2016-9572 CVE-2016-9573} [jessie] - openjpeg2 2.1.0-2+deb8u2 [19 Jan 2017] DSA-3767-1 mysql-5.5 - security update {CVE-2017-3238 CVE-2017-3243 CVE-2017-3244 CVE-2017-3258 CVE-2017-3265 CVE-2017-3291 CVE-2017-3312 CVE-2017-3313 CVE-2017-3317 CVE-2017-3318} [jessie] - mysql-5.5 5.5.54-0+deb8u1 [19 Jan 2017] DSA-3766-1 mapserver - security update {CVE-2017-5522} [jessie] - mapserver 6.4.1-5+deb8u3 [15 Jan 2017] DSA-3743-2 python-bottle - regression update [jessie] - python-bottle 0.12.7-1+deb8u2 [14 Jan 2017] DSA-3765-1 icoutils - security update {CVE-2017-5331 CVE-2017-5332 CVE-2017-5333} [jessie] - icoutils 0.31.0-2+deb8u2 [13 Jan 2017] DSA-3764-1 pdns - security update {CVE-2016-2120 CVE-2016-7068 CVE-2016-7072 CVE-2016-7073 CVE-2016-7074} [jessie] - pdns 3.4.1-4+deb8u7 [13 Jan 2017] DSA-3763-1 pdns-recursor - security update {CVE-2016-7068} [jessie] - pdns-recursor 3.6.2-2+deb8u3 [13 Jan 2017] DSA-3762-1 tiff - security update {CVE-2016-3622 CVE-2016-3623 CVE-2016-3624 CVE-2016-3945 CVE-2016-3990 CVE-2016-3991 CVE-2016-5314 CVE-2016-5315 CVE-2016-5316 CVE-2016-5317 CVE-2016-5321 CVE-2016-5322 CVE-2016-5323 CVE-2016-5652 CVE-2016-6223 CVE-2016-9273 CVE-2016-9297 CVE-2016-9453 CVE-2016-9532 CVE-2016-9533 CVE-2016-9534 CVE-2016-9536 CVE-2016-9537 CVE-2016-9538 CVE-2016-9540 CVE-2016-10092 CVE-2016-10093 CVE-2016-10094 CVE-2016-10271 CVE-2016-10272} [jessie] - tiff 4.0.3-12.3+deb8u2 [13 Jan 2017] DSA-3761-1 rabbitmq-server - security update {CVE-2016-9877} [jessie] - rabbitmq-server 3.3.5-1.1+deb8u1 [12 Jan 2017] DSA-3760-1 ikiwiki - security update {CVE-2016-9646 CVE-2016-10026 CVE-2017-0356} [jessie] - ikiwiki 3.20141016.4 [12 Jan 2017] DSA-3759-1 python-pysaml2 - security update {CVE-2016-10149} [jessie] - python-pysaml2 2.0.0-1+deb8u1 [11 Jan 2017] DSA-3758-1 bind9 - security update {CVE-2016-9131 CVE-2016-9147 CVE-2016-9444} [jessie] - bind9 1:9.9.5.dfsg-9+deb8u9 [11 Jan 2017] DSA-3757-1 icedove - security update {CVE-2016-9893 CVE-2016-9895 CVE-2016-9897 CVE-2016-9898 CVE-2016-9899 CVE-2016-9900 CVE-2016-9904 CVE-2016-9905} [jessie] - icedove 1:45.6.0-1~deb8u1 [09 Jan 2017] DSA-3756-1 icoutils - security update {CVE-2017-5208} [jessie] - icoutils 0.31.0-2+deb8u1 [08 Jan 2017] DSA-3755-1 tomcat8 - security update {CVE-2016-8745} [jessie] - tomcat8 8.0.14-1+deb8u6 [08 Jan 2017] DSA-3754-1 tomcat7 - security update {CVE-2016-8745} [jessie] - tomcat7 7.0.56-3+deb8u7 [05 Jan 2017] DSA-3753-1 libvncserver - security update {CVE-2016-9941 CVE-2016-9942} [jessie] - libvncserver 0.9.9+dfsg2-6.1+deb8u2 [04 Jan 2017] DSA-3752-1 pcsc-lite - security update {CVE-2016-10109} [jessie] - pcsc-lite 1.8.13-1+deb8u1 [03 Jan 2017] DSA-3750-2 libphp-phpmailer - regression update [jessie] - libphp-phpmailer 5.2.9+dfsg-2+deb8u3 [01 Jan 2017] DSA-3751-1 libgd2 - security update {CVE-2016-9933} [jessie] - libgd2 2.1.0-5+deb8u8 [31 Dec 2016] DSA-3750-1 libphp-phpmailer - security update {CVE-2016-10033} [jessie] - libphp-phpmailer 5.2.9+dfsg-2+deb8u2 [29 Dec 2016] DSA-3749-1 dcmtk - security update {CVE-2015-8979} [jessie] - dcmtk 3.6.0-15+deb8u1 [26 Dec 2016] DSA-3748-1 libcrypto++ - security update {CVE-2016-9939} [jessie] - libcrypto++ 5.6.1-6+deb8u3 [25 Dec 2016] DSA-3747-1 exim4 - security update {CVE-2016-9963} [jessie] - exim4 4.84.2-2+deb8u2 [24 Dec 2016] DSA-3746-1 graphicsmagick - security update {CVE-2015-8808 CVE-2016-2317 CVE-2016-2318 CVE-2016-3714 CVE-2016-3715 CVE-2016-5118 CVE-2016-5240 CVE-2016-7800 CVE-2016-7996 CVE-2016-7997 CVE-2016-8682 CVE-2016-8683 CVE-2016-8684 CVE-2016-9830} [jessie] - graphicsmagick 1.3.20-3+deb8u2 [24 Dec 2016] DSA-3745-1 squid3 - security update {CVE-2016-10002} [jessie] - squid3 3.4.8-6+deb8u4 [23 Dec 2016] DSA-3744-1 libxml2 - security update {CVE-2016-4658 CVE-2016-5131} [jessie] - libxml2 2.9.1+dfsg1-5+deb8u4 [21 Dec 2016] DSA-3732-2 php-ssh2 - regression update [jessie] - php-ssh2 0.12-3+deb8u1 [20 Dec 2016] DSA-3743-1 python-bottle - security update {CVE-2016-9964} [jessie] - python-bottle 0.12.7-1+deb8u1 [20 Dec 2016] DSA-3742-1 flightgear - security update {CVE-2016-9956} [jessie] - flightgear 3.0.0-5+deb8u1 [20 Dec 2016] DSA-3741-1 tor - security update {CVE-2016-1254} [jessie] - tor 0.2.5.12-4 [19 Dec 2016] DSA-3740-1 samba - security update {CVE-2016-2119 CVE-2016-2123 CVE-2016-2125 CVE-2016-2126} [jessie] - samba 2:4.2.14+dfsg-0+deb8u2 [18 Dec 2016] DSA-3739-1 tomcat8 - security update {CVE-2016-6816 CVE-2016-8735 CVE-2016-9774 CVE-2016-9775} [jessie] - tomcat8 8.0.14-1+deb8u5 [18 Dec 2016] DSA-3738-1 tomcat7 - security update {CVE-2016-6816 CVE-2016-8735 CVE-2016-9774 CVE-2016-9775} [jessie] - tomcat7 7.0.56-3+deb8u6 [16 Dec 2016] DSA-3737-1 php5 - security update {CVE-2016-9935} [jessie] - php5 5.6.29+dfsg-0+deb8u1 [16 Dec 2016] DSA-3736-1 libupnp - security update {CVE-2016-6255 CVE-2016-8863} [jessie] - libupnp 1:1.6.19+git20141001-1+deb8u1 [15 Dec 2016] DSA-3735-1 game-music-emu - security update {CVE-2016-9957 CVE-2016-9958 CVE-2016-9959 CVE-2016-9960 CVE-2016-9961} [jessie] - game-music-emu 0.5.5-2+deb8u1 [14 Dec 2016] DSA-3734-1 firefox-esr - security update {CVE-2016-9893 CVE-2016-9895 CVE-2016-9897 CVE-2016-9898 CVE-2016-9899 CVE-2016-9900 CVE-2016-9901 CVE-2016-9902 CVE-2016-9904 CVE-2016-9905} [jessie] - firefox-esr 45.6.0esr-1~deb8u1 [13 Dec 2016] DSA-3733-1 apt - security update {CVE-2016-1252} [jessie] - apt 1.0.9.8.4 [13 Dec 2016] DSA-3732-1 php5 - security update {CVE-2016-9138 CVE-2016-9933 CVE-2016-9934 CVE-2016-7478} [jessie] - php5 5.6.28+dfsg-0+deb8u1 [11 Dec 2016] DSA-3731-1 chromium-browser - security update {CVE-2016-5181 CVE-2016-5182 CVE-2016-5183 CVE-2016-5184 CVE-2016-5185 CVE-2016-5186 CVE-2016-5187 CVE-2016-5188 CVE-2016-5189 CVE-2016-5190 CVE-2016-5191 CVE-2016-5192 CVE-2016-5193 CVE-2016-5194 CVE-2016-5198 CVE-2016-5199 CVE-2016-5200 CVE-2016-5201 CVE-2016-5202 CVE-2016-5203 CVE-2016-5204 CVE-2016-5205 CVE-2016-5206 CVE-2016-5207 CVE-2016-5208 CVE-2016-5209 CVE-2016-5210 CVE-2016-5211 CVE-2016-5212 CVE-2016-5213 CVE-2016-5214 CVE-2016-5215 CVE-2016-5216 CVE-2016-5217 CVE-2016-5218 CVE-2016-5219 CVE-2016-5220 CVE-2016-5221 CVE-2016-5222 CVE-2016-5223 CVE-2016-5224 CVE-2016-5225 CVE-2016-5226 CVE-2016-9650 CVE-2016-9651 CVE-2016-9652} [jessie] - chromium-browser 55.0.2883.75-1~deb8u1 [11 Dec 2016] DSA-3730-1 icedove - security update {CVE-2016-5290 CVE-2016-5291 CVE-2016-5296 CVE-2016-5297 CVE-2016-9066 CVE-2016-9074 CVE-2016-9079} [jessie] - icedove 1:45.5.1-1~deb8u1 [07 Dec 2016] DSA-3729-1 xen - security update {CVE-2016-7777 CVE-2016-9379 CVE-2016-9380 CVE-2016-9382 CVE-2016-9383 CVE-2016-9385 CVE-2016-9386} [jessie] - xen 4.4.1-9+deb8u8 [01 Dec 2016] DSA-3728-1 firefox-esr - security update {CVE-2016-9079} [jessie] - firefox-esr 45.5.1esr-1~deb8u1 [30 Nov 2016] DSA-3727-1 hdf5 - security update {CVE-2016-4330 CVE-2016-4331 CVE-2016-4332 CVE-2016-4333} [jessie] - hdf5 1.8.13+docs-15+deb8u1 [26 Nov 2016] DSA-3726-1 imagemagick - security update {CVE-2016-7799 CVE-2016-7906 CVE-2016-8677 CVE-2016-8862 CVE-2016-9556 CVE-2016-9559 CVE-2016-10059 CVE-2016-10061 CVE-2016-10063 CVE-2016-10064 CVE-2016-10065 CVE-2016-10066 CVE-2016-10067 CVE-2016-10068 CVE-2016-10069 CVE-2016-10070 CVE-2016-10071} [jessie] - imagemagick 8:6.8.9.9-5+deb8u6 [27 Nov 2016] DSA-3725-1 icu - security update {CVE-2014-9911 CVE-2015-2632 CVE-2015-4844 CVE-2016-0494 CVE-2016-6293 CVE-2016-7415} [jessie] - icu 52.1-8+deb8u4 [24 Nov 2016] DSA-3724-1 gst-plugins-good0.10 - security update {CVE-2016-9634 CVE-2016-9635 CVE-2016-9636} [jessie] - gst-plugins-good0.10 0.10.31-3+nmu4+deb8u2 [24 Nov 2016] DSA-3723-1 gst-plugins-good1.0 - security update {CVE-2016-9634 CVE-2016-9635 CVE-2016-9636} [jessie] - gst-plugins-good1.0 1.4.4-2+deb8u2 [22 Nov 2016] DSA-3722-1 vim - security update {CVE-2016-1248} [jessie] - vim 2:7.4.488-7+deb8u1 [21 Nov 2016] DSA-3721-1 tomcat7 - security update {CVE-2016-0762 CVE-2016-5018 CVE-2016-6794 CVE-2016-6796 CVE-2016-6797} [jessie] - tomcat7 7.0.56-3+deb8u5 [21 Nov 2016] DSA-3720-1 tomcat8 - security update {CVE-2016-0762 CVE-2016-5018 CVE-2016-6794 CVE-2016-6796 CVE-2016-6797} [jessie] - tomcat8 8.0.14-1+deb8u4 [21 Nov 2016] DSA-3719-1 wireshark - security update {CVE-2016-9373 CVE-2016-9374 CVE-2016-9375 CVE-2016-9376} [jessie] - wireshark 1.12.1+g01b65bf-4+deb8u10 [17 Nov 2016] DSA-3718-1 drupal7 - security update {CVE-2016-9449 CVE-2016-9451} [jessie] - drupal7 7.32-1+deb8u8 [17 Nov 2016] DSA-3717-1 gst-plugins-bad1.0 - security update {CVE-2016-9445 CVE-2016-9446} [jessie] - gst-plugins-bad0.10 0.10.23-7.4+deb8u2 [jessie] - gst-plugins-bad1.0 1.4.4-2.1+deb8u1 [16 Nov 2016] DSA-3716-1 firefox-esr - security update {CVE-2016-5290 CVE-2016-5291 CVE-2016-5296 CVE-2016-5297 CVE-2016-9064 CVE-2016-9066 CVE-2016-9074} [jessie] - firefox-esr 45.5.0esr-1~deb8u1 [15 Nov 2016] DSA-3715-1 moin - security update {CVE-2016-7146 CVE-2016-7148 CVE-2016-9119} [jessie] - moin 1.9.8-1+deb8u1 [15 Nov 2016] DSA-3714-1 akonadi - update NOTE: Compatibility update for mysql 5.5.53 [jessie] - akonadi 1.13.0-2+deb8u2 [15 Nov 2016] DSA-3713-1 gst-plugins-bad0.10 - security update {CVE-2016-9447} [jessie] - gst-plugins-bad0.10 0.10.23-7.4+deb8u1 [13 Nov 2016] DSA-3712-1 terminology - security update {CVE-2015-8971} [jessie] - terminology 0.7.0-1+deb8u1 [11 Nov 2016] DSA-3711-1 mariadb-10.0 - security update {CVE-2016-3492 CVE-2016-5584 CVE-2016-5624 CVE-2016-5626 CVE-2016-5629 CVE-2016-6663 CVE-2016-7440 CVE-2016-8283} [jessie] - mariadb-10.0 10.0.28-0+deb8u1 [10 Nov 2016] DSA-3710-1 pillow - security update {CVE-2016-9189 CVE-2016-9190} [jessie] - pillow 2.6.1-2+deb8u3 [08 Nov 2016] DSA-3709-1 libxslt - security update {CVE-2016-4738} [jessie] - libxslt 1.1.28-2+deb8u2 [07 Nov 2016] DSA-3708-1 mat - security update [jessie] - mat 0.5.2-3+deb8u1 [07 Nov 2016] DSA-3707-1 openjdk-7 - security update {CVE-2016-5542 CVE-2016-5554 CVE-2016-5573 CVE-2016-5582 CVE-2016-5597} [jessie] - openjdk-7 7u111-2.6.7-2~deb8u1 [07 Nov 2016] DSA-3706-1 mysql-5.5 - security update {CVE-2016-5584 CVE-2016-7440} [jessie] - mysql-5.5 5.5.53-0+deb8u1 [03 Nov 2016] DSA-3705-1 curl - security update {CVE-2016-8615 CVE-2016-8616 CVE-2016-8617 CVE-2016-8618 CVE-2016-8619 CVE-2016-8620 CVE-2016-8621 CVE-2016-8622 CVE-2016-8623 CVE-2016-8624} [jessie] - curl 7.38.0-4+deb8u5 [03 Nov 2016] DSA-3704-1 memcached - security update {CVE-2016-8704 CVE-2016-8705 CVE-2016-8706} [jessie] - memcached 1.4.21-1.1+deb8u1 [01 Nov 2016] DSA-3703-1 bind9 - security update {CVE-2016-8864} [jessie] - bind9 1:9.9.5.dfsg-9+deb8u8 [01 Nov 2016] DSA-3702-1 tar - security update {CVE-2016-6321} [jessie] - tar 1.27.1-2+deb8u1 [28 Oct 2016] DSA-3691-2 ghostscript - regression update [jessie] - ghostscript 9.06~dfsg-2+deb8u4 [28 Oct 2016] DSA-3701-2 nginx - regression update [jessie] - nginx 1.6.2-5+deb8u4 [25 Oct 2016] DSA-3701-1 nginx - security update {CVE-2016-1247} [jessie] - nginx 1.6.2-5+deb8u3 [25 Oct 2016] DSA-3700-1 asterisk - security update {CVE-2015-3008 CVE-2016-2232 CVE-2016-2316 CVE-2016-7551} [jessie] - asterisk 1:11.13.1~dfsg-2+deb8u1 [25 Oct 2016] DSA-3699-1 virtualbox - end of life [jessie] - virtualbox [24 Oct 2016] DSA-3698-1 php5 - security update {CVE-2016-9137} [jessie] - php5 5.6.27+dfsg-0+deb8u1 [21 Oct 2016] DSA-3697-1 kdepimlibs - security update {CVE-2016-7966} [jessie] - kdepimlibs 4:4.14.2-2+deb8u2 [19 Oct 2016] DSA-3696-1 linux - security update {CVE-2015-8956 CVE-2016-5195 CVE-2016-7042 CVE-2016-7425} [jessie] - linux 3.16.36-1+deb8u2 [18 Oct 2016] DSA-3695-1 quagga - security update {CVE-2016-1245} [jessie] - quagga 0.99.23.1-1+deb8u3 [18 Oct 2016] DSA-3694-1 tor - security update {CVE-2016-8860} [jessie] - tor 0.2.5.12-3 [14 Oct 2016] DSA-3693-1 libgd2 - security update {CVE-2016-6911 CVE-2016-7568 CVE-2016-8670} [jessie] - libgd2 2.1.0-5+deb8u7 [13 Oct 2016] DSA-3692-1 freeimage - security update {CVE-2015-3885 CVE-2016-5684} [jessie] - freeimage 3.15.4-4.2+deb8u1 [12 Oct 2016] DSA-3691-1 ghostscript - security update {CVE-2013-5653 CVE-2016-7976 CVE-2016-7977 CVE-2016-7978 CVE-2016-7979 CVE-2016-8602} [jessie] - ghostscript 9.06~dfsg-2+deb8u3 [10 Oct 2016] DSA-3690-1 icedove - security update {CVE-2016-5257} [jessie] - icedove 1:45.4.0-1~deb8u1 [08 Oct 2016] DSA-3689-1 php5 - security update {CVE-2016-7124 CVE-2016-7125 CVE-2016-7126 CVE-2016-7127 CVE-2016-7128 CVE-2016-7129 CVE-2016-7130 CVE-2016-7131 CVE-2016-7132 CVE-2016-7411 CVE-2016-7412 CVE-2016-7413 CVE-2016-7414 CVE-2016-7416 CVE-2016-7417 CVE-2016-7418} [jessie] - php5 5.6.26+dfsg-0+deb8u1 [05 Oct 2016] DSA-3688-1 nss - security update {CVE-2015-4000 CVE-2015-7181 CVE-2015-7182 CVE-2015-7575 CVE-2016-1938 CVE-2016-1950 CVE-2016-1978 CVE-2016-1979 CVE-2016-2834} [jessie] - nss 2:3.26-1+debu8u1 [05 Oct 2016] DSA-3687-1 nspr - security update {CVE-2016-1951} [jessie] - nspr 2:4.12-1+debu8u1 [05 Oct 2016] DSA-3686-1 icedove - security update {CVE-2016-2836} [jessie] - icedove 1:45.3.0-1~deb8u1 [04 Oct 2016] DSA-3685-1 libav - security update {CVE-2016-7424} [jessie] - libav 6:11.8-1~deb8u1 [03 Oct 2016] DSA-3684-1 libdbd-mysql-perl - security update {CVE-2016-1246} [jessie] - libdbd-mysql-perl 4.028-2+deb8u2 [02 Oct 2016] DSA-3683-1 chromium-browser - security update {CVE-2016-5177 CVE-2016-5178} [jessie] - chromium-browser 53.0.2785.143-1~deb8u1 [01 Oct 2016] DSA-3681-2 wordpress - regression update [jessie] - wordpress 4.1+dfsg-1+deb8u11 [30 Sep 2016] DSA-3682-1 c-ares - security update {CVE-2016-5180} [jessie] - c-ares 1.10.0-2+deb8u1 [29 Sep 2016] DSA-3681-1 wordpress - security update {CVE-2016-4029 CVE-2016-6634 CVE-2016-6635 CVE-2016-7168 CVE-2016-7169} [jessie] - wordpress 4.1+dfsg-1+deb8u10 [27 Sep 2016] DSA-3680-1 bind9 - security update {CVE-2016-2775 CVE-2016-2776} [jessie] - bind9 1:9.9.5.dfsg-9+deb8u7 [27 Sep 2016] DSA-3679-1 jackrabbit - security update {CVE-2016-6801} [jessie] - jackrabbit 2.3.6-1+deb8u2 [26 Sep 2016] DSA-3678-1 python-django - security update {CVE-2016-7401} [jessie] - python-django 1.7.11-1+deb8u1 [25 Sep 2016] DSA-3677-1 libarchive - security update {CVE-2016-5418 CVE-2016-6250 CVE-2016-7166} [jessie] - libarchive 3.1.2-11+deb8u3 [24 Sep 2016] DSA-3676-1 unadf - security update {CVE-2016-1243 CVE-2016-1244} [jessie] - unadf 0.7.11a-3+deb8u1 [23 Sep 2016] DSA-3673-2 openssl - regression update [jessie] - openssl 1.0.1t-1+deb8u5 [23 Sep 2016] DSA-3675-1 imagemagick - security update {CVE-2016-10053 CVE-2016-10054 CVE-2016-10055 CVE-2016-10056 CVE-2016-10057} [jessie] - imagemagick 8:6.8.9.9-5+deb8u5 [22 Sep 2016] DSA-3674-1 firefox-esr - security update {CVE-2016-5250 CVE-2016-5257 CVE-2016-5261 CVE-2016-5270 CVE-2016-5272 CVE-2016-5274 CVE-2016-5276 CVE-2016-5277 CVE-2016-5278 CVE-2016-5280 CVE-2016-5281 CVE-2016-5284} [jessie] - firefox-esr 45.4.0esr-1~deb8u2 [22 Sep 2016] DSA-3673-1 openssl - security update {CVE-2016-2177 CVE-2016-2178 CVE-2016-2179 CVE-2016-2180 CVE-2016-2181 CVE-2016-2182 CVE-2016-6302 CVE-2016-6303 CVE-2016-6304 CVE-2016-6306} [jessie] - openssl 1.0.1t-1+deb8u4 [21 Sep 2016] DSA-3672-1 irssi - security update {CVE-2016-7044 CVE-2016-7045} [jessie] - irssi 0.8.17-1+deb8u1 [20 Sep 2016] DSA-3671-1 wireshark - security update {CVE-2016-7176 CVE-2016-7177 CVE-2016-7178 CVE-2016-7179 CVE-2016-7180} [jessie] - wireshark 1.12.1+g01b65bf-4+deb8u9 [15 Sep 2016] DSA-3670-1 tomcat8 - security update {CVE-2016-1240} [jessie] - tomcat8 8.0.14-1+deb8u3 [15 Sep 2016] DSA-3669-1 tomcat7 - security update {CVE-2016-1240} [jessie] - tomcat7 7.0.56-3+deb8u4 [15 Sep 2016] DSA-3668-1 mailman - security update {CVE-2016-6893} [jessie] - mailman 1:2.1.18-2+deb8u1 [15 Sep 2016] DSA-3667-1 chromium-browser - security update {CVE-2016-5170 CVE-2016-5171 CVE-2016-5172 CVE-2016-5173 CVE-2016-5174 CVE-2016-5175 CVE-2016-5176 CVE-2016-7395 CVE-2016-7549} [jessie] - chromium-browser 53.0.2785.113-1~deb8u1 [14 Sep 2016] DSA-3666-1 mysql-5.5 - security update {CVE-2016-6662} [jessie] - mysql-5.5 5.5.52-0+deb8u1 [11 Sep 2016] DSA-3665-1 openjpeg2 - security update {CVE-2015-6581 CVE-2015-8871 CVE-2016-1924 CVE-2016-7163} [jessie] - openjpeg2 2.1.0-2+deb8u1 [10 Sep 2016] DSA-3664-1 pdns - security update {CVE-2016-5426 CVE-2016-5427 CVE-2016-6172} [jessie] - pdns 3.4.1-4+deb8u6 [09 Sep 2016] DSA-3663-1 xen - security update {CVE-2016-7092 CVE-2016-7094 CVE-2016-7154} [jessie] - xen 4.4.1-9+deb8u7 [08 Sep 2016] DSA-3662-1 inspircd - security update {CVE-2016-7142} [jessie] - inspircd 2.0.17-1+deb8u2 [06 Sep 2016] DSA-3661-1 charybdis - security update {CVE-2016-7143} [jessie] - charybdis 3.4.2-5+deb8u2 [05 Sep 2016] DSA-3660-1 chromium-browser - security update {CVE-2016-5147 CVE-2016-5148 CVE-2016-5149 CVE-2016-5150 CVE-2016-5151 CVE-2016-5152 CVE-2016-5153 CVE-2016-5154 CVE-2016-5155 CVE-2016-5156 CVE-2016-5157 CVE-2016-5158 CVE-2016-5159 CVE-2016-5160 CVE-2016-5161 CVE-2016-5162 CVE-2016-5163 CVE-2016-5164 CVE-2016-5165 CVE-2016-5166 CVE-2016-5167} [jessie] - chromium-browser 53.0.2785.89-1~deb8u1 [04 Sep 2016] DSA-3659-1 linux - security update {CVE-2016-5696 CVE-2016-6136 CVE-2016-6480 CVE-2016-6828} [jessie] - linux 3.16.36-1+deb8u1 [04 Sep 2016] DSA-3653-2 flex - security update {CVE-2016-6354} [jessie] - flex 2.5.39-8+deb8u2 [01 Sep 2016] DSA-3658-1 libidn - security update {CVE-2015-8948 CVE-2016-6261 CVE-2016-6263} [jessie] - libidn 1.29-1+deb8u2 [30 Aug 2016] DSA-3657-1 libarchive - security update {CVE-2015-8916 CVE-2015-8917 CVE-2015-8919 CVE-2015-8920 CVE-2015-8921 CVE-2015-8922 CVE-2015-8923 CVE-2015-8924 CVE-2015-8925 CVE-2015-8926 CVE-2015-8928 CVE-2015-8930 CVE-2015-8931 CVE-2015-8932 CVE-2015-8933 CVE-2015-8934 CVE-2016-4300 CVE-2016-4302 CVE-2016-4809 CVE-2016-5844} [jessie] - libarchive 3.1.2-11+deb8u2 [30 Aug 2016] DSA-3656-1 tryton-server - security update {CVE-2016-1241 CVE-2016-1242} [jessie] - tryton-server 3.4.0-3+deb8u2 [26 Aug 2016] DSA-3655-1 mupdf - security update {CVE-2016-6265 CVE-2016-6525} [jessie] - mupdf 1.5-1+deb8u1 [26 Aug 2016] DSA-3654-1 quagga - security update {CVE-2016-4036 CVE-2016-4049} [jessie] - quagga 0.99.23.1-1+deb8u2 [25 Aug 2016] DSA-3653-1 flex - security update {CVE-2016-6354} [jessie] - flex 2.5.39-8+deb8u1 [25 Aug 2016] DSA-3652-1 imagemagick - security update {CVE-2014-9907 CVE-2015-8957 CVE-2015-8958 CVE-2015-8959 CVE-2016-4562 CVE-2016-4563 CVE-2016-4564 CVE-2016-5010 CVE-2016-5687 CVE-2016-5688 CVE-2016-5689 CVE-2016-5690 CVE-2016-5691 CVE-2016-5841 CVE-2016-5842 CVE-2016-6491 CVE-2016-6823 CVE-2016-7513 CVE-2016-7514 CVE-2016-7515 CVE-2016-7516 CVE-2016-7517 CVE-2016-7518 CVE-2016-7519 CVE-2016-7520 CVE-2016-7521 CVE-2016-7522 CVE-2016-7523 CVE-2016-7524 CVE-2016-7525 CVE-2016-7526 CVE-2016-7527 CVE-2016-7528 CVE-2016-7529 CVE-2016-7530 CVE-2016-7531 CVE-2016-7532 CVE-2016-7533 CVE-2016-7534 CVE-2016-7535 CVE-2016-7536 CVE-2016-7537 CVE-2016-7538 CVE-2016-7539 CVE-2016-7540 CVE-2016-10046 CVE-2016-10047 CVE-2016-10048 CVE-2016-10049 CVE-2016-10050 CVE-2016-10051 CVE-2016-10052} [jessie] - imagemagick 8:6.8.9.9-5+deb8u4 [25 Aug 2016] DSA-3651-1 rails - security update {CVE-2016-6316} [jessie] - rails 2:4.1.8-1+deb8u4 [17 Aug 2016] DSA-3650-1 libgcrypt20 - security update {CVE-2016-6313} [jessie] - libgcrypt20 1.6.3-2+deb8u2 [17 Aug 2016] DSA-3649-1 gnupg - security update {CVE-2016-6313} [jessie] - gnupg 1.4.18-7+deb8u2 [12 Aug 2016] DSA-3648-1 wireshark - security update {CVE-2016-6504 CVE-2016-6505 CVE-2016-6506 CVE-2016-6507 CVE-2016-6508 CVE-2016-6509 CVE-2016-6510 CVE-2016-6511} [jessie] - wireshark 1.12.1+g01b65bf-4+deb8u8 [11 Aug 2016] DSA-3647-1 icedove - security update {CVE-2016-2818} [jessie] - icedove 1:45.2.0-1~deb8u1 [11 Aug 2016] DSA-3646-1 postgresql-9.4 - security update {CVE-2016-5423 CVE-2016-5424} [jessie] - postgresql-9.4 9.4.9-0+deb8u1 [09 Aug 2016] DSA-3645-1 chromium-browser - security update {CVE-2016-5139 CVE-2016-5140 CVE-2016-5141 CVE-2016-5142 CVE-2016-5143 CVE-2016-5144 CVE-2016-5145 CVE-2016-5146} [jessie] - chromium-browser 52.0.2743.116-1~deb8u1 [08 Aug 2016] DSA-3644-1 fontconfig - security update {CVE-2016-5384} [jessie] - fontconfig 2.11.0-6.3+deb8u1 [06 Aug 2016] DSA-3643-1 kde4libs - security update {CVE-2016-6232} [jessie] - kde4libs 4:4.14.2-5+deb8u1 [05 Aug 2016] DSA-3642-1 lighttpd - security update {CVE-2016-1000212} [jessie] - lighttpd 1.4.35-4+deb8u1 [04 Aug 2016] DSA-3641-1 openjdk-7 - security update {CVE-2016-3458 CVE-2016-3500 CVE-2016-3508 CVE-2016-3550 CVE-2016-3606 CVE-2016-3598 CVE-2016-3610} [jessie] - openjdk-7 7u111-2.6.7-1~deb8u1 [03 Aug 2016] DSA-3640-1 firefox-esr - security update {CVE-2016-2830 CVE-2016-2836 CVE-2016-2837 CVE-2016-2838 CVE-2016-5252 CVE-2016-5254 CVE-2016-5258 CVE-2016-5259 CVE-2016-5262 CVE-2016-5263 CVE-2016-5264 CVE-2016-5265} [jessie] - firefox-esr 45.3.0esr-1~deb8u1 [03 Aug 2016] DSA-3639-1 wordpress - security update {CVE-2015-8834 CVE-2016-5832 CVE-2016-5834 CVE-2016-5835 CVE-2016-5837 CVE-2016-5838 CVE-2016-5839} [jessie] - wordpress 4.1+dfsg-1+deb8u9 [03 Aug 2016] DSA-3638-1 curl - security update {CVE-2016-5419 CVE-2016-5420 CVE-2016-5421} [jessie] - curl 7.38.0-4+deb8u4 [31 Jul 2016] DSA-3637-1 chromium-browser - security update {CVE-2016-1704 CVE-2016-1705 CVE-2016-1706 CVE-2016-1707 CVE-2016-1708 CVE-2016-1709 CVE-2016-1710 CVE-2016-1711 CVE-2016-5127 CVE-2016-5128 CVE-2016-5129 CVE-2016-5130 CVE-2016-5131 CVE-2016-5132 CVE-2016-5133 CVE-2016-5134 CVE-2016-5135 CVE-2016-5136 CVE-2016-5137} [jessie] - chromium-browser 52.0.2743.82-1~deb8u1 [30 Jul 2016] DSA-3636-1 collectd - security update {CVE-2016-6254} [jessie] - collectd 5.4.1-6+deb8u1 [29 Jul 2016] DSA-3635-1 libdbd-mysql-perl - security update {CVE-2014-9906 CVE-2015-8949} [jessie] - libdbd-mysql-perl 4.028-2+deb8u1 [30 Jul 2016] DSA-3634-1 redis - security update {CVE-2013-7458} [jessie] - redis 2:2.8.17-1+deb8u5 [27 Jul 2016] DSA-3633-1 xen - security update {CVE-2015-8338 CVE-2016-4480 CVE-2016-4962 CVE-2016-5242 CVE-2016-6258} [jessie] - xen 4.4.1-9+deb8u6 [27 Jul 2016] DSA-3632-1 mariadb-10.0 - security update {CVE-2016-3477 CVE-2016-3521 CVE-2016-3615 CVE-2016-5440} [jessie] - mariadb-10.0 10.0.26-0+deb8u1 [26 Jul 2016] DSA-3631-1 php5 - security update {CVE-2016-5385 CVE-2016-5399 CVE-2016-6289 CVE-2016-6290 CVE-2016-6291 CVE-2016-6292 CVE-2016-6294 CVE-2016-6295 CVE-2016-6296 CVE-2016-6297} [jessie] - php5 5.6.24+dfsg-0+deb8u1 [26 Jul 2016] DSA-3630-1 libgd2 - security update {CVE-2016-6207} [jessie] - libgd2 2.1.0-5+deb8u6 [25 Jul 2016] DSA-3629-1 ntp - security update {CVE-2015-7974 CVE-2015-7977 CVE-2015-7978 CVE-2015-7979 CVE-2015-8138 CVE-2015-8158 CVE-2016-1547 CVE-2016-1548 CVE-2016-1550 CVE-2016-2516 CVE-2016-2518} [jessie] - ntp 1:4.2.6.p5+dfsg-7+deb8u2 [25 Jul 2016] DSA-3628-1 perl - security update {CVE-2016-1238 CVE-2016-6185} [jessie] - perl 5.20.2-3+deb8u6 [24 Jul 2016] DSA-3627-1 phpmyadmin - security update {CVE-2016-1927 CVE-2016-2039 CVE-2016-2040 CVE-2016-2041 CVE-2016-2560 CVE-2016-2561 CVE-2016-5099 CVE-2016-5701 CVE-2016-5705 CVE-2016-5706 CVE-2016-5731 CVE-2016-5733 CVE-2016-5739} [jessie] - phpmyadmin 4:4.2.12-2+deb8u2 [24 Jul 2016] DSA-3626-1 openssh - security update {CVE-2016-6210} [jessie] - openssh 1:6.7p1-5+deb8u3 [22 Jul 2016] DSA-3625-1 squid3 - security update {CVE-2016-3948 CVE-2016-4051 CVE-2016-4052 CVE-2016-4053 CVE-2016-4054 CVE-2016-4553 CVE-2016-4554 CVE-2016-4555 CVE-2016-4556} [jessie] - squid3 3.4.8-6+deb8u3 [21 Jul 2016] DSA-3624-1 mysql-5.5 - security update {CVE-2016-3477 CVE-2016-3521 CVE-2016-3615 CVE-2016-5440} [jessie] - mysql-5.5 5.5.50-0+deb8u1 [20 Jul 2016] DSA-3623-1 apache2 - security update {CVE-2016-5387} [jessie] - apache2 2.4.10-10+deb8u5 [18 Jul 2016] DSA-3622-1 python-django - security update {CVE-2016-6186} [jessie] - python-django 1.7.7-1+deb8u5 [18 Jul 2016] DSA-3621-1 mysql-connector-java - security update {CVE-2015-2575} [jessie] - mysql-connector-java 5.1.39-1~deb8u1 [15 Jul 2016] DSA-3620-1 pidgin - security update {CVE-2016-2365 CVE-2016-2366 CVE-2016-2367 CVE-2016-2368 CVE-2016-2369 CVE-2016-2370 CVE-2016-2371 CVE-2016-2372 CVE-2016-2373 CVE-2016-2374 CVE-2016-2375 CVE-2016-2376 CVE-2016-2377 CVE-2016-2378 CVE-2016-2380 CVE-2016-4323} [jessie] - pidgin 2.11.0-0+deb8u1 [15 Jul 2016] DSA-3619-1 libgd2 - security update {CVE-2016-5116 CVE-2016-5766 CVE-2016-6128 CVE-2016-6132 CVE-2016-6161 CVE-2016-6214 CVE-2016-6905} [jessie] - libgd2 2.1.0-5+deb8u4 [14 Jul 2016] DSA-3618-1 php5 - security update {CVE-2016-5768 CVE-2016-5769 CVE-2016-5770 CVE-2016-5771 CVE-2016-5772 CVE-2016-5773} [jessie] - php5 5.6.23+dfsg-0+deb8u1 [06 Jul 2016] DSA-3617-1 horizon - security update {CVE-2015-3219 CVE-2016-4428} [jessie] - horizon 2014.1.3-7+deb8u2 [04 Jul 2016] DSA-3616-1 linux - security update {CVE-2014-9904 CVE-2016-5728 CVE-2016-5828 CVE-2016-5829 CVE-2016-6130} [jessie] - linux 3.16.7-ckt25-2+deb8u3 [02 Jul 2016] DSA-3615-1 wireshark - security update {CVE-2016-5350 CVE-2016-5351 CVE-2016-5353 CVE-2016-5354 CVE-2016-5355 CVE-2016-5356 CVE-2016-5357 CVE-2016-5359} [jessie] - wireshark 1.12.1+g01b65bf-4+deb8u7 [02 Jul 2016] DSA-3614-1 tomcat7 - security update {CVE-2016-3092} [jessie] - tomcat7 7.0.56-3+deb8u3 [02 Jul 2016] DSA-3613-1 libvirt - security update {CVE-2016-5008} [jessie] - libvirt 1.2.9-9+deb8u3 [01 Jul 2016] DSA-3612-1 gimp - security update {CVE-2016-4994} [jessie] - gimp 2.8.14-1+deb8u1 [30 Jun 2016] DSA-3611-1 libcommons-fileupload-java - security update {CVE-2016-3092} [jessie] - libcommons-fileupload-java 1.3.1-1+deb8u1 [29 Jun 2016] DSA-3610-1 xerces-c - security update {CVE-2016-4463} [jessie] - xerces-c 3.1.1-5.1+deb8u3 [29 Jun 2016] DSA-3609-1 tomcat8 - security update {CVE-2015-5174 CVE-2015-5345 CVE-2015-5346 CVE-2015-5351 CVE-2016-0706 CVE-2016-0714 CVE-2016-0763 CVE-2016-3092} [jessie] - tomcat8 8.0.14-1+deb8u2 [29 Jun 2016] DSA-3608-1 libreoffice - security update {CVE-2016-4324} [jessie] - libreoffice 1:4.3.3-2+deb8u5 [28 Jun 2016] DSA-3607-1 linux - security update {CVE-2015-7515 CVE-2016-0821 CVE-2016-1237 CVE-2016-1583 CVE-2016-2117 CVE-2016-2143 CVE-2016-2184 CVE-2016-2185 CVE-2016-2186 CVE-2016-2187 CVE-2016-3070 CVE-2016-3134 CVE-2016-3136 CVE-2016-3137 CVE-2016-3138 CVE-2016-3140 CVE-2016-3156 CVE-2016-3157 CVE-2016-3672 CVE-2016-3951 CVE-2016-3955 CVE-2016-3961 CVE-2016-4470 CVE-2016-4482 CVE-2016-4485 CVE-2016-4486 CVE-2016-4565 CVE-2016-4569 CVE-2016-4578 CVE-2016-4580 CVE-2016-4581 CVE-2016-4805 CVE-2016-4913 CVE-2016-4997 CVE-2016-4998 CVE-2016-5243 CVE-2016-5244} [jessie] - linux 3.16.7-ckt25-2+deb8u2 [24 Jun 2016] DSA-3606-1 libpdfbox-java - security update {CVE-2016-2175} [jessie] - libpdfbox-java 1:1.8.7+dfsg-1+deb8u1 [19 Jun 2016] DSA-3605-1 libxslt - security update {CVE-2015-7995 CVE-2016-1683 CVE-2016-1684} [jessie] - libxslt 1.1.28-2+deb8u1 [16 Jun 2016] DSA-3604-1 drupal7 - security update {CVE-2016-6211} [jessie] - drupal7 7.32-1+deb8u7 [14 Jun 2016] DSA-3603-1 libav - security update {CVE-2016-3062} [jessie] - libav 6:11.7-1~deb8u1 [14 Jun 2016] DSA-3602-1 php5 - security update {CVE-2013-7456 CVE-2016-3074 CVE-2016-4537 CVE-2016-4538 CVE-2016-4539 CVE-2016-4540 CVE-2016-4541 CVE-2016-4542 CVE-2016-4543 CVE-2016-4544 CVE-2016-5093 CVE-2016-5094 CVE-2016-5095 CVE-2016-5096} [jessie] - php5 5.6.22+dfsg-0+deb8u1 [13 Jun 2016] DSA-3601-1 icedove - security update {CVE-2016-2806} [jessie] - icedove 1:45.1.0-1~deb8u1 [09 Jun 2016] DSA-3600-1 firefox-esr - security update {CVE-2016-2818 CVE-2016-2819 CVE-2016-2821 CVE-2016-2822 CVE-2016-2828 CVE-2016-2831} [jessie] - firefox-esr 45.2.0esr-1~deb8u1 [09 Jun 2016] DSA-3599-1 p7zip - security update {CVE-2016-2335} [jessie] - p7zip 9.20.1~dfsg.1-4.1+deb8u2 [07 Jun 2016] DSA-3598-1 vlc - security update {CVE-2016-5108} [jessie] - vlc 2.2.4-1~deb8u1 [07 Jun 2016] DSA-3597-1 expat - security update {CVE-2012-6702 CVE-2016-5300} [jessie] - expat 2.1.0-6+deb8u3 [06 Jun 2016] DSA-3596-1 spice - security update {CVE-2016-0749 CVE-2016-2150} [jessie] - spice 0.12.5-1+deb8u3 [05 Jun 2016] DSA-3595-1 mariadb-10.0 - security update {CVE-2016-0640 CVE-2016-0641 CVE-2016-0643 CVE-2016-0644 CVE-2016-0646 CVE-2016-0647 CVE-2016-0648 CVE-2016-0649 CVE-2016-0650 CVE-2016-0655 CVE-2016-0666 CVE-2016-0668} [jessie] - mariadb-10.0 10.0.25-0+deb8u1 [05 Jun 2016] DSA-3548-3 samba - regression update [jessie] - samba 2:4.2.10+dfsg-0+deb8u3 [04 Jun 2016] DSA-3594-1 chromium-browser - security update {CVE-2016-1696 CVE-2016-1697 CVE-2016-1698 CVE-2016-1699 CVE-2016-1700 CVE-2016-1701 CVE-2016-1702 CVE-2016-1703} [jessie] - chromium-browser 51.0.2704.79-1~deb8u1 [02 Jun 2016] DSA-3593-1 libxml2 - security update {CVE-2015-8806 CVE-2016-1762 CVE-2016-1833 CVE-2016-1834 CVE-2016-1835 CVE-2016-1836 CVE-2016-1837 CVE-2016-1838 CVE-2016-1839 CVE-2016-1840 CVE-2016-2073 CVE-2016-3627 CVE-2016-3705 CVE-2016-4447 CVE-2016-4449 CVE-2016-4483} [jessie] - libxml2 2.9.1+dfsg1-5+deb8u2 [01 Jun 2016] DSA-3592-1 nginx - security update {CVE-2016-4450} [jessie] - nginx 1.6.2-5+deb8u2 [01 Jun 2016] DSA-3591-1 imagemagick - security update {CVE-2016-5118} [jessie] - imagemagick 8:6.8.9.9-5+deb8u3 [01 Jun 2016] DSA-3590-1 chromium-browser - security update {CVE-2016-1667 CVE-2016-1668 CVE-2016-1669 CVE-2016-1670 CVE-2016-1672 CVE-2016-1673 CVE-2016-1674 CVE-2016-1675 CVE-2016-1676 CVE-2016-1677 CVE-2016-1678 CVE-2016-1679 CVE-2016-1680 CVE-2016-1681 CVE-2016-1682 CVE-2016-1683 CVE-2016-1684 CVE-2016-1685 CVE-2016-1686 CVE-2016-1687 CVE-2016-1688 CVE-2016-1689 CVE-2016-1690 CVE-2016-1691 CVE-2016-1692 CVE-2016-1693 CVE-2016-1694 CVE-2016-1695 CVE-2016-10403} [jessie] - chromium-browser 51.0.2704.63-1~deb8u1 [30 May 2016] DSA-3589-1 gdk-pixbuf - security update {CVE-2015-7552 CVE-2015-8875} [jessie] - gdk-pixbuf 2.31.1-2+deb8u5 [29 May 2016] DSA-3588-1 symfony - security update {CVE-2016-1902 CVE-2016-4423} [jessie] - symfony 2.3.21+dfsg-4+deb8u3 [27 May 2016] DSA-3587-1 libgd2 - security update {CVE-2013-7456 CVE-2015-8874 CVE-2015-8877} [jessie] - libgd2 2.1.0-5+deb8u3 [23 May 2016] DSA-3586-1 atheme-services - security update {CVE-2016-4478} [jessie] - atheme-services 6.0.11-2+deb8u1 [22 May 2016] DSA-3585-1 wireshark - security update {CVE-2016-4006 CVE-2016-4079 CVE-2016-4080 CVE-2016-4081 CVE-2016-4082 CVE-2016-4085} [jessie] - wireshark 1.12.1+g01b65bf-4+deb8u6 [19 May 2016] DSA-3584-1 librsvg - security update {CVE-2015-7558 CVE-2016-4348} [jessie] - librsvg 2.40.5-1+deb8u2 [18 May 2016] DSA-3583-1 swift-plugin-s3 - security update {CVE-2015-8466} [jessie] - swift-plugin-s3 1.7-5+deb8u1 [18 May 2016] DSA-3582-1 expat - security update {CVE-2016-0718 CVE-2016-4472} [jessie] - expat 2.1.0-6+deb8u2 [17 May 2016] DSA-3581-1 libndp - security update {CVE-2016-3698} [jessie] - libndp 1.4-2+deb8u1 [16 May 2016] DSA-3580-1 imagemagick - security update {CVE-2016-5239 CVE-2016-3714 CVE-2016-3715 CVE-2016-3716 CVE-2016-3717 CVE-2016-3718} [jessie] - imagemagick 8:6.8.9.9-5+deb8u2 [16 May 2016] DSA-3579-1 xerces-c - security update {CVE-2016-2099} [jessie] - xerces-c 3.1.1-5.1+deb8u2 [14 May 2016] DSA-3578-1 libidn - security update {CVE-2015-2059} [jessie] - libidn 1.29-1+deb8u1 [14 May 2016] DSA-3577-1 jansson - security update {CVE-2016-4425} [jessie] - jansson 2.7-1+deb8u1 [13 May 2016] DSA-3576-1 icedove - security update {CVE-2016-1979 CVE-2016-2805 CVE-2016-2807} [jessie] - icedove 38.8.0-1~deb8u1 [12 May 2016] DSA-3575-1 libxstream-java - security update {CVE-2016-3674} [jessie] - libxstream-java 1.4.7-2+deb8u1 [10 May 2016] DSA-3574-1 libarchive - security update {CVE-2016-1541} [jessie] - libarchive 3.1.2-11+deb8u1 [09 May 2016] DSA-3573-1 qemu - security update {CVE-2016-3710 CVE-2016-3712} [jessie] - qemu 1:2.1+dfsg-12+deb8u6 [09 May 2016] DSA-3572-1 websvn - security update {CVE-2016-1236} [jessie] - websvn 2.3.3-1.2+deb8u2 [08 May 2016] DSA-3571-1 ikiwiki - security update {CVE-2016-4561} [jessie] - ikiwiki 3.20141016.3 [05 May 2016] DSA-3570-1 mercurial - security update {CVE-2016-3105} [jessie] - mercurial 3.1.2-2+deb8u3 [05 May 2016] DSA-3569-1 openafs - security update {CVE-2015-8312 CVE-2016-2860} [jessie] - openafs 1.6.9-2+deb8u5 [05 May 2016] DSA-3568-1 libtasn1-6 - security update {CVE-2016-4008} [jessie] - libtasn1-6 4.2-3+deb8u2 [04 May 2016] DSA-3567-1 libpam-sshauth - security update {CVE-2016-4422} [jessie] - libpam-sshauth 0.3.1-1+deb8u1 [03 May 2016] DSA-3566-1 openssl - security update {CVE-2016-2105 CVE-2016-2106 CVE-2016-2107 CVE-2016-2108 CVE-2016-2109} [jessie] - openssl 1.0.1k-3+deb8u5 [02 May 2016] DSA-3565-1 botan1.10 - security update {CVE-2015-5726 CVE-2015-5727 CVE-2015-7827 CVE-2016-2194 CVE-2016-2195 CVE-2016-2849} [jessie] - botan1.10 1.10.8-2+deb8u1 [02 May 2016] DSA-3564-1 chromium-browser - security update {CVE-2016-1660 CVE-2016-1661 CVE-2016-1662 CVE-2016-1663 CVE-2016-1664 CVE-2016-1665 CVE-2016-1666} [jessie] - chromium-browser 50.0.2661.94-1~deb8u1 [01 May 2016] DSA-3563-1 poppler - security update {CVE-2015-8868} [jessie] - poppler 0.26.5-2+deb8u1 [01 May 2016] DSA-3562-1 tardiff - security update {CVE-2015-0857 CVE-2015-0858} [jessie] - tardiff 0.1-2+deb8u2 [29 Apr 2016] DSA-3561-1 subversion - security update {CVE-2016-2167 CVE-2016-2168} [jessie] - subversion 1.8.10-6+deb8u4 [27 Apr 2016] DSA-3560-1 php5 - security update {CVE-2015-8865 CVE-2016-4070 CVE-2016-4071 CVE-2016-4072 CVE-2016-4073} [jessie] - php5 5.6.20+dfsg-0+deb8u1 [27 Apr 2016] DSA-3559-1 iceweasel - security update {CVE-2016-2805 CVE-2016-2807 CVE-2016-2808 CVE-2016-2814} [jessie] - iceweasel 38.8.0esr-1~deb8u1 [wheezy] - iceweasel 38.8.0esr-1~deb7u1 [26 Apr 2016] DSA-3558-1 openjdk-7 - security update {CVE-2016-0636 CVE-2016-0686 CVE-2016-0687 CVE-2016-0695 CVE-2016-3425 CVE-2016-3426 CVE-2016-3427} [jessie] - openjdk-7 7u101-2.6.6-1~deb8u1 [26 Apr 2016] DSA-3557-1 mysql-5.5 - security update {CVE-2016-0640 CVE-2016-0641 CVE-2016-0642 CVE-2016-0643 CVE-2016-0644 CVE-2016-0646 CVE-2016-0647 CVE-2016-0648 CVE-2016-0649 CVE-2016-0650 CVE-2016-0666 CVE-2016-2047} [jessie] - mysql-5.5 5.5.49-0+deb8u1 [24 Apr 2016] DSA-3556-1 libgd2 - security update {CVE-2016-3074} [wheezy] - libgd2 2.0.36~rc1~dfsg-6.1+deb7u2 [jessie] - libgd2 2.1.0-5+deb8u1 [23 Apr 2016] DSA-3555-1 imlib2 - security update {CVE-2011-5326 CVE-2014-9771 CVE-2016-3993 CVE-2016-3994 CVE-2016-4024} [wheezy] - imlib2 1.4.5-1+deb7u2 [jessie] - imlib2 1.4.6-2+deb8u2 [21 Apr 2016] DSA-3554-1 xen - security update {CVE-2016-3158 CVE-2016-3159 CVE-2016-3960} [jessie] - xen 4.4.1-9+deb8u5 [21 Apr 2016] DSA-3553-1 varnish - security update {CVE-2015-8852} [wheezy] - varnish 3.0.2-2+deb7u2 [17 Apr 2016] DSA-3552-1 tomcat7 - security update {CVE-2015-5174 CVE-2015-5345 CVE-2015-5346 CVE-2015-5351 CVE-2016-0706 CVE-2016-0714 CVE-2016-0763} [wheezy] - tomcat7 7.0.28-4+deb7u4 [jessie] - tomcat7 7.0.56-3+deb8u2 [16 Apr 2016] DSA-3551-1 fuseiso - security update {CVE-2015-8836 CVE-2015-8837} [wheezy] - fuseiso 20070708-3+deb7u1 [15 Apr 2016] DSA-3550-1 openssh - security update {CVE-2015-8325} [wheezy] - openssh 1:6.0p1-4+deb7u4 [jessie] - openssh 1:6.7p1-5+deb8u2 [15 Apr 2016] DSA-3549-1 chromium-browser - security update {CVE-2016-1651 CVE-2016-1652 CVE-2016-1653 CVE-2016-1654 CVE-2016-1655 CVE-2016-1657 CVE-2016-1658 CVE-2016-1659} [jessie] - chromium-browser 50.0.2661.75-1~deb8u1 [14 Apr 2016] DSA-3548-2 samba - regression update [jessie] - samba 2:4.2.10+dfsg-0+deb8u2 [13 Apr 2016] DSA-3548-1 samba - security update {CVE-2015-5370 CVE-2016-2110 CVE-2016-2111 CVE-2016-2112 CVE-2016-2113 CVE-2016-2114 CVE-2016-2115 CVE-2016-2118} [wheezy] - samba 2:3.6.6-6+deb7u9 [jessie] - samba 2:4.2.10+dfsg-0+deb8u1 [12 Apr 2016] DSA-3485-2 didiwiki - regression update [wheezy] - didiwiki 0.5-11+deb7u2 [jessie] - didiwiki 0.5-11+deb8u2 [11 Apr 2016] DSA-3547-1 imagemagick - security update [wheezy] - imagemagick 8:6.7.7.10-5+deb7u4 [07 Apr 2016] DSA-3546-1 optipng - security update {CVE-2016-2191 CVE-2016-3981 CVE-2016-3982} [wheezy] - optipng 0.6.4-1+deb7u2 [jessie] - optipng 0.7.5-1+deb8u1 [07 Apr 2016] DSA-3545-1 cgit - security update {CVE-2016-1899 CVE-2016-1900 CVE-2016-1901} [jessie] - cgit 0.10.2.git2.0.1-3+deb8u1 [07 Apr 2016] DSA-3544-1 python-django - security update {CVE-2016-2512 CVE-2016-2513} [wheezy] - python-django 1.4.5-1+deb7u16 [jessie] - python-django 1.7.7-1+deb8u4 [05 Apr 2016] DSA-3543-1 oar - security update {CVE-2016-1235} [wheezy] - oar 2.5.2-3+deb7u1 [jessie] - oar 2.5.4-2+deb8u1 [05 Apr 2016] DSA-3542-1 mercurial - security update {CVE-2016-3068 CVE-2016-3069 CVE-2016-3630} [wheezy] - mercurial 2.2.2-4+deb7u2 [jessie] - mercurial 3.1.2-2+deb8u2 [05 Apr 2016] DSA-3541-1 roundcube - security update {CVE-2015-8770} [wheezy] - roundcube 0.7.2-9+deb7u2 [03 Apr 2016] DSA-3540-1 lhasa - security update {CVE-2016-2347} [wheezy] - lhasa 0.0.7-2+deb7u1 [jessie] - lhasa 0.2.0+git3fe46-1+deb8u1 [02 Apr 2016] DSA-3539-1 srtp - security update {CVE-2015-6360} [wheezy] - srtp 1.4.4+20100615~dfsg-2+deb7u2 [jessie] - srtp 1.4.5~20130609~dfsg-1.1+deb8u1 [31 Mar 2016] DSA-3538-1 libebml - security update {CVE-2015-8789 CVE-2015-8790 CVE-2015-8791} [wheezy] - libebml 1.2.2-2+deb7u1 [jessie] - libebml 1.3.0-2+deb8u1 [31 Mar 2016] DSA-3537-1 imlib2 - security update {CVE-2014-9762 CVE-2014-9763 CVE-2014-9764} [wheezy] - imlib2 1.4.5-1+deb7u1 [jessie] - imlib2 1.4.6-2+deb8u1 [31 Mar 2016] DSA-3536-1 libstruts1.2-java - security update {CVE-2015-0899} [wheezy] - libstruts1.2-java 1.2.9-5+deb7u2 [29 Mar 2016] DSA-3535-1 kamailio - security update {CVE-2016-2385} [jessie] - kamailio 4.2.0-2+deb8u1 [29 Mar 2016] DSA-3534-1 dhcpcd - security update {CVE-2012-6698 CVE-2012-6699 CVE-2012-6700} [wheezy] - dhcpcd 1:3.2.3-11+deb7u1 [29 Mar 2016] DSA-3533-1 openvswitch - security update {CVE-2016-2074} [jessie] - openvswitch 2.3.0+git20140819-3+deb8u1 [27 Mar 2016] DSA-3532-1 quagga - security update {CVE-2016-2342} [wheezy] - quagga 0.99.22.4-1+wheezy2 [jessie] - quagga 0.99.23.1-1+deb8u1 [25 Mar 2016] DSA-3531-1 chromium-browser - security update {CVE-2016-1646 CVE-2016-1647 CVE-2016-1648 CVE-2016-1649 CVE-2016-1650} [jessie] - chromium-browser 49.0.2623.108-1~deb8u1 [25 Mar 2016] DSA-3530-1 tomcat6 - security update {CVE-2013-4286 CVE-2013-4322 CVE-2013-4590 CVE-2014-0033 CVE-2014-0075 CVE-2014-0096 CVE-2014-0099 CVE-2014-0119 CVE-2014-0227 CVE-2014-0230 CVE-2014-7810 CVE-2015-5174 CVE-2015-5345 CVE-2015-5346 CVE-2015-5351 CVE-2016-0706 CVE-2016-0714 CVE-2016-0763} [wheezy] - tomcat6 6.0.45+dfsg-1~deb7u1 [23 Mar 2016] DSA-3529-1 redmine - security update {CVE-2015-8474 CVE-2015-8346 CVE-2015-8473 CVE-2015-8537} [jessie] - redmine 3.0~20140825-8~deb8u2 [23 Mar 2016] DSA-3528-1 pidgin-otr - security update {CVE-2015-8833} [jessie] - pidgin-otr 4.0.1-1+deb8u1 [23 Mar 2016] DSA-3527-1 inspircd - security update {CVE-2015-8702} [wheezy] - inspircd 2.0.5-1+deb7u2 [jessie] - inspircd 2.0.17-1+deb8u1 [23 Mar 2016] DSA-3526-1 libmatroska - security update {CVE-2015-8792} [wheezy] - libmatroska 1.3.0-2+deb7u1 [jessie] - libmatroska 1.4.1-2+deb8u1 [22 Mar 2016] DSA-3525-1 pixman - security update {CVE-2014-9766} [wheezy] - pixman 0.26.0-4+deb7u2 [20 Mar 2016] DSA-3524-1 activemq - security update {CVE-2015-5254} [wheezy] - activemq 5.6.0+dfsg-1+deb7u2 [jessie] - activemq 5.6.0+dfsg1-4+deb8u2 [20 Mar 2016] DSA-3523-1 iceweasel - security update [wheezy] - iceweasel 38.7.1esr-1~deb7u1 [jessie] - iceweasel 38.7.1esr-1~deb8u1 [20 Mar 2016] DSA-3522-1 squid3 - security update {CVE-2016-2571} [wheezy] - squid3 3.1.20-2.2+deb7u4 [jessie] - squid3 3.4.8-6+deb8u2 [19 Mar 2016] DSA-3521-1 git - security update {CVE-2016-2315 CVE-2016-2324} [wheezy] - git 1:1.7.10.4-1+wheezy3 [jessie] - git 1:2.1.4-2.1+deb8u2 [18 Mar 2016] DSA-3520-1 icedove - security update {CVE-2016-1950 CVE-2016-1954 CVE-2016-1957 CVE-2016-1960 CVE-2016-1961 CVE-2016-1962 CVE-2016-1964 CVE-2016-1966 CVE-2016-1974 CVE-2016-1977 CVE-2016-2790 CVE-2016-2791 CVE-2016-2792 CVE-2016-2793 CVE-2016-2794 CVE-2016-2795 CVE-2016-2796 CVE-2016-2797 CVE-2016-2798 CVE-2016-2799 CVE-2016-2800 CVE-2016-2801 CVE-2016-2802} [wheezy] - icedove 38.7.0-1~deb7u1 [jessie] - icedove 38.7.0-1~deb8u1 [17 Mar 2016] DSA-3519-1 xen - security update {CVE-2015-8339 CVE-2015-8340 CVE-2015-8341 CVE-2015-8550 CVE-2015-8555 CVE-2016-1570 CVE-2016-1571 CVE-2016-2270 CVE-2016-2271} [jessie] - xen 4.4.1-9+deb8u4 [16 Mar 2016] DSA-3518-1 spip - security update {CVE-2016-3153 CVE-2016-3154} [wheezy] - spip 2.1.17-1+deb7u5 [jessie] - spip 3.0.17-2+deb8u2 [14 Mar 2016] DSA-3517-1 exim4 - security update {CVE-2016-1531} [wheezy] - exim4 4.80-7+deb7u2 [jessie] - exim4 4.84.2-1 [13 Mar 2016] DSA-3516-1 wireshark - security update {CVE-2015-8731 CVE-2016-2523 CVE-2016-2530 CVE-2016-2531 CVE-2016-2532 CVE-2016-4417 CVE-2016-4418 CVE-2016-4421} [wheezy] - wireshark 1.8.2-5wheezy18 [jessie] - wireshark 1.12.1+g01b65bf-4+deb8u5 [13 Mar 2016] DSA-3515-1 graphite2 - security update {CVE-2016-1977 CVE-2016-2790 CVE-2016-2791 CVE-2016-2792 CVE-2016-2793 CVE-2016-2794 CVE-2016-2795 CVE-2016-2796 CVE-2016-2797 CVE-2016-2798 CVE-2016-2799 CVE-2016-2800 CVE-2016-2801 CVE-2016-2802 CVE-2016-1969} [wheezy] - graphite2 1.3.6-1~deb7u1 [jessie] - graphite2 1.3.6-1~deb8u1 [12 Mar 2016] DSA-3514-1 samba - security update {CVE-2015-7560 CVE-2016-0771} [wheezy] - samba 2:3.6.6-6+deb7u7 [jessie] - samba 2:4.1.17+dfsg-2+deb8u2 [10 Mar 2016] DSA-3513-1 chromium-browser - security update {CVE-2016-1643 CVE-2016-1644 CVE-2016-1645} [jessie] - chromium-browser 49.0.2623.87-1~deb8u1 [09 Mar 2016] DSA-3512-1 libotr - security update {CVE-2016-2851} [wheezy] - libotr 3.2.1-1+deb7u2 [jessie] - libotr 4.1.0-2+deb8u1 [09 Mar 2016] DSA-3511-1 bind9 - security update {CVE-2016-1285 CVE-2016-1286} [wheezy] - bind9 1:9.8.4.dfsg.P1-6+nmu2+deb7u10 [jessie] - bind9 1:9.9.5.dfsg-9+deb8u6 [09 Mar 2016] DSA-3510-1 iceweasel - security update {CVE-2016-1950 CVE-2016-1952 CVE-2016-1954 CVE-2016-1957 CVE-2016-1958 CVE-2016-1960 CVE-2016-1961 CVE-2016-1962 CVE-2016-1964 CVE-2016-1965 CVE-2016-1966 CVE-2016-1974 CVE-2016-1977 CVE-2016-2790 CVE-2016-2791 CVE-2016-2792 CVE-2016-2793 CVE-2016-2794 CVE-2016-2795 CVE-2016-2796 CVE-2016-2797 CVE-2016-2798 CVE-2016-2799 CVE-2016-2800 CVE-2016-2801 CVE-2016-2802} [wheezy] - iceweasel 38.7.0esr-1~deb7u1 [jessie] - iceweasel 38.7.0esr-1~deb8u1 [09 Mar 2016] DSA-3509-1 rails - security update {CVE-2016-2097 CVE-2016-2098} [jessie] - rails 2:4.1.8-1+deb8u2 [06 Mar 2016] DSA-3508-1 jasper - security update {CVE-2016-1577 CVE-2016-2089 CVE-2016-2116} [wheezy] - jasper 1.900.1-13+deb7u4 [jessie] - jasper 1.900.1-debian1-2.4+deb8u1 [05 Mar 2016] DSA-3507-1 chromium-browser - security update {CVE-2015-8126 CVE-2016-1630 CVE-2016-1631 CVE-2016-1632 CVE-2016-1633 CVE-2016-1634 CVE-2016-1635 CVE-2016-1636 CVE-2016-1637 CVE-2016-1638 CVE-2016-1639 CVE-2016-1640 CVE-2016-1641 CVE-2016-1642 CVE-2016-2845 CVE-2016-2844 CVE-2016-2843} [jessie] - chromium-browser 49.0.2623.75-1~deb8u1 [04 Mar 2016] DSA-3506-1 libav - security update {CVE-2016-1897 CVE-2016-1898 CVE-2016-2326} [wheezy] - libav 6:0.8.17-2 [jessie] - libav 6:11.6-1~deb8u1 [04 Mar 2016] DSA-3505-1 wireshark - security update {CVE-2015-7830 CVE-2015-8711 CVE-2015-8712 CVE-2015-8713 CVE-2015-8714 CVE-2015-8715 CVE-2015-8716 CVE-2015-8717 CVE-2015-8718 CVE-2015-8719 CVE-2015-8720 CVE-2015-8721 CVE-2015-8722 CVE-2015-8723 CVE-2015-8724 CVE-2015-8725 CVE-2015-8726 CVE-2015-8727 CVE-2015-8728 CVE-2015-8729 CVE-2015-8730 CVE-2015-8732 CVE-2015-8733} [wheezy] - wireshark 1.8.2-5wheezy17 [jessie] - wireshark 1.12.1+g01b65bf-4+deb8u4 [04 Mar 2016] DSA-3504-1 bsh - security update {CVE-2016-2510} [wheezy] - bsh 2.0b4-12+deb7u1 [jessie] - bsh 2.0b4-15+deb8u1 [03 Mar 2016] DSA-3503-1 linux - security update {CVE-2013-4312 CVE-2016-2847 CVE-2015-8785 CVE-2015-8812 CVE-2015-8816 CVE-2016-2069 CVE-2016-2384 CVE-2016-2543 CVE-2016-2544 CVE-2016-2545 CVE-2016-2546 CVE-2016-2547 CVE-2016-2548 CVE-2016-2549 CVE-2016-2550} [wheezy] - linux 3.2.73-2+deb7u3 [jessie] - linux 3.16.7-ckt20-1+deb8u4 [03 Mar 2016] DSA-3502-1 roundup - security update {CVE-2014-6276} [wheezy] - roundup 1.4.20-1.1+deb7u1 [jessie] - roundup 1.4.20-1.1+deb8u1 [03 Mar 2016] DSA-3426-2 ctdb - regression update [wheezy] - ctdb 1.12+git20120201-5 [jessie] - ctdb 2.5.4+debian0-4+deb8u1 [01 Mar 2016] DSA-3501-1 perl - security update {CVE-2016-2381} [wheezy] - perl 5.14.2-21+deb7u3 [jessie] - perl 5.20.2-3+deb8u4 [01 Mar 2016] DSA-3500-1 openssl - security update {CVE-2016-0702 CVE-2016-0705 CVE-2016-0797 CVE-2016-0798 CVE-2016-0799 CVE-2016-2842} [wheezy] - openssl 1.0.1e-2+deb7u20 [jessie] - openssl 1.0.1k-3+deb8u4 [28 Feb 2016] DSA-3499-1 pillow - security update {CVE-2016-0740 CVE-2016-0775 CVE-2016-2533} [jessie] - pillow 2.6.1-2+deb8u2 [28 Feb 2016] DSA-3498-1 drupal7 - security update {CVE-2016-3162 CVE-2016-3163 CVE-2016-3164 CVE-2016-3168 CVE-2016-3169 CVE-2016-3170} [wheezy] - drupal7 7.14-2+deb7u12 [jessie] - drupal7 7.32-1+deb8u6 [28 Feb 2016] DSA-3497-1 php-horde - security update {CVE-2016-2228} [jessie] - php-horde 5.2.1+debian0-2+deb8u3 [28 Feb 2016] DSA-3496-1 php-horde-core - security update {CVE-2015-8807} [jessie] - php-horde-core 2.15.0+debian0-1+deb8u1 [28 Feb 2016] DSA-3492-2 gajim - regression update [wheezy] - gajim 0.15.1-4.1+deb7u2 [28 Feb 2016] DSA-3495-1 xymon - security update {CVE-2016-2054 CVE-2016-2055 CVE-2016-2056 CVE-2016-2057 CVE-2016-2058} [jessie] - xymon 4.3.17-6+deb8u1 [27 Feb 2016] DSA-3494-1 cacti - security update {CVE-2015-8377 CVE-2015-8604} [wheezy] - cacti 0.8.8a+dfsg-5+deb7u8 [jessie] - cacti 0.8.8b+dfsg-8+deb8u4 [25 Feb 2016] DSA-3493-1 xerces-c - security update {CVE-2016-0729} [wheezy] - xerces-c 3.1.1-3+deb7u2 [jessie] - xerces-c 3.1.1-5.1+deb8u1 [25 Feb 2016] DSA-3492-1 gajim - security update {CVE-2015-8688} [wheezy] - gajim 0.15.1-4.1+deb7u1 [jessie] - gajim 0.16-1+deb8u1 [24 Feb 2016] DSA-3491-1 icedove - security update {CVE-2015-7575 CVE-2016-1523 CVE-2016-1526 CVE-2016-1930 CVE-2016-1935} [wheezy] - icedove 38.6.0-1~deb7u1 [jessie] - icedove 38.6.0-1~deb8u1 [24 Feb 2016] DSA-3490-1 websvn - security update {CVE-2016-2511} [wheezy] - websvn 2.3.3-1.1+deb7u2 [jessie] - websvn 2.3.3-1.2+deb8u1 [23 Feb 2016] DSA-3489-1 lighttpd - security update {CVE-2014-3566} [wheezy] - lighttpd 1.4.31-4+deb7u4 [23 Feb 2016] DSA-3488-1 libssh - security update {CVE-2016-0739} [wheezy] - libssh 0.5.4-1+deb7u3 [jessie] - libssh 0.6.3-4+deb8u2 [23 Feb 2016] DSA-3487-1 libssh2 - security update {CVE-2016-0787} [wheezy] - libssh2 1.4.2-1.1+deb7u2 [jessie] - libssh2 1.4.3-4.1+deb8u1 [21 Feb 2016] DSA-3486-1 chromium-browser - security update {CVE-2016-1622 CVE-2016-1623 CVE-2016-1624 CVE-2016-1625 CVE-2016-1626 CVE-2016-1627 CVE-2016-1628 CVE-2016-1629} [jessie] - chromium-browser 48.0.2564.116-1~deb8u1 [20 Feb 2016] DSA-3485-1 didiwiki - security update {CVE-2013-7448} [wheezy] - didiwiki 0.5-11+deb7u1 [jessie] - didiwiki 0.5-11+deb8u1 [19 Feb 2016] DSA-3484-1 xdelta3 - security update {CVE-2014-9765} [wheezy] - xdelta3 3.0.0.dfsg-1+deb7u1 [jessie] - xdelta3 3.0.8-dfsg-1+deb8u1 [19 Feb 2016] DSA-3483-1 cpio - security update {CVE-2016-2037} [wheezy] - cpio 2.11+dfsg-0.1+deb7u2 [jessie] - cpio 2.11+dfsg-4.1+deb8u1 [17 Feb 2016] DSA-3482-1 libreoffice - security update {CVE-2016-0794 CVE-2016-0795} [wheezy] - libreoffice 1:3.5.4+dfsg2-0+deb7u6 [jessie] - libreoffice 1:4.3.3-2+deb8u3 [16 Feb 2016] DSA-3481-1 glibc - security update {CVE-2015-7547 CVE-2015-8776 CVE-2015-8778 CVE-2015-8779} [jessie] - glibc 2.19-18+deb8u3 [16 Feb 2016] DSA-3480-1 eglibc - security update {CVE-2014-8121 CVE-2015-1781 CVE-2015-7547 CVE-2015-8776 CVE-2015-8777 CVE-2015-8778 CVE-2015-8779} [wheezy] - eglibc 2.13-38+deb7u10 [15 Feb 2016] DSA-3479-1 graphite2 - security update {CVE-2016-1521 CVE-2016-1522 CVE-2016-1523 CVE-2016-1526} [wheezy] - graphite2 1.3.5-1~deb7u1 [jessie] - graphite2 1.3.5-1~deb8u1 [15 Feb 2016] DSA-3478-1 libgcrypt11 - security update {CVE-2015-7511} [wheezy] - libgcrypt11 1.5.0-5+deb7u4 [14 Feb 2016] DSA-3477-1 iceweasel - security update {CVE-2016-1523 CVE-2016-1526 CVE-2016-1969} [wheezy] - iceweasel 38.6.1esr-1~deb7u1 [jessie] - iceweasel 38.6.1esr-1~deb8u1 [13 Feb 2016] DSA-3476-1 postgresql-9.4 - security update {CVE-2016-0766 CVE-2016-0773} [jessie] - postgresql-9.4 9.4.6-0+deb8u1 [13 Feb 2016] DSA-3475-1 postgresql-9.1 - security update {CVE-2015-5288 CVE-2016-0766 CVE-2016-0773} [wheezy] - postgresql-9.1 9.1.20-0+deb7u1 [12 Feb 2016] DSA-3474-1 libgcrypt20 - security update {CVE-2015-7511} [jessie] - libgcrypt20 1.6.3-2+deb8u1 [11 Feb 2016] DSA-3473-1 nginx - security update {CVE-2016-0742 CVE-2016-0746 CVE-2016-0747} [wheezy] - nginx 1.2.1-2.2+wheezy4 [jessie] - nginx 1.6.2-5+deb8u1 [08 Feb 2016] DSA-3472-1 wordpress - security update {CVE-2016-2221 CVE-2016-2222} [wheezy] - wordpress 3.6.1+dfsg-1~deb7u10 [jessie] - wordpress 4.1+dfsg-1+deb8u8 [08 Feb 2016] DSA-3471-1 qemu - security update {CVE-2015-7295 CVE-2015-7504 CVE-2015-7512 CVE-2015-7549 CVE-2015-8345 CVE-2015-8504 CVE-2015-8550 CVE-2015-8558 CVE-2015-8567 CVE-2015-8568 CVE-2015-8613 CVE-2015-8619 CVE-2015-8743 CVE-2015-8744 CVE-2015-8745 CVE-2016-1568 CVE-2016-1714 CVE-2016-1922 CVE-2016-1981} [jessie] - qemu 1:2.1+dfsg-12+deb8u5a [08 Feb 2016] DSA-3470-1 qemu-kvm - security update {CVE-2015-7295 CVE-2015-7504 CVE-2015-7512 CVE-2015-8345 CVE-2015-8504 CVE-2015-8558 CVE-2015-8743 CVE-2016-1568 CVE-2016-1714 CVE-2016-1922 CVE-2016-1981} [wheezy] - qemu-kvm 1.1.2+dfsg-6+deb7u12 [08 Feb 2016] DSA-3469-1 qemu - security update {CVE-2015-7295 CVE-2015-7504 CVE-2015-7512 CVE-2015-8345 CVE-2015-8504 CVE-2015-8558 CVE-2015-8743 CVE-2016-1568 CVE-2016-1714 CVE-2016-1922 CVE-2016-1981} [wheezy] - qemu 1.1.2+dfsg-6a+deb7u12 [06 Feb 2016] DSA-3468-1 polarssl - security update {CVE-2015-5291 CVE-2015-8036} [wheezy] - polarssl 1.2.9-1~deb7u6 [jessie] - polarssl 1.3.9-2.1+deb8u1 [06 Feb 2016] DSA-3467-1 tiff - security update {CVE-2015-8665 CVE-2015-8683 CVE-2015-8781 CVE-2015-8782 CVE-2015-8783 CVE-2015-8784} [wheezy] - tiff 4.0.2-6+deb7u5 [jessie] - tiff 4.0.3-12.3+deb8u1 [04 Feb 2016] DSA-3466-1 krb5 - security update {CVE-2015-8629 CVE-2015-8631} [wheezy] - krb5 1.10.1+dfsg-5+deb7u7 [jessie] - krb5 1.12.1+dfsg-19+deb8u2 [02 Feb 2016] DSA-3465-1 openjdk-6 - security update {CVE-2015-7575 CVE-2016-0402 CVE-2016-0448 CVE-2016-0466 CVE-2016-0483 CVE-2016-0494 CVE-2015-4734 CVE-2015-4803 CVE-2015-4805 CVE-2015-4806 CVE-2015-4835 CVE-2015-4842 CVE-2015-4843 CVE-2015-4844 CVE-2015-4860 CVE-2015-4872 CVE-2015-4881 CVE-2015-4882 CVE-2015-4883 CVE-2015-4893 CVE-2015-4903 CVE-2015-4911} [wheezy] - openjdk-6 6b38-1.13.10-1~deb7u1 [31 Jan 2016] DSA-3464-1 rails - security update {CVE-2015-3226 CVE-2015-3227 CVE-2015-7576 CVE-2015-7577 CVE-2015-7581 CVE-2016-0751 CVE-2016-0752 CVE-2016-0753} [jessie] - rails 2:4.1.8-1+deb8u1 [31 Jan 2016] DSA-3463-1 prosody - security update {CVE-2016-0756} [wheezy] - prosody 0.8.2-4+deb7u4 [jessie] - prosody 0.9.7-2+deb8u3 [30 Jan 2016] DSA-3462-1 radicale - security update {CVE-2015-8747 CVE-2015-8748} [wheezy] - radicale 0.7-1.1+deb7u1 [jessie] - radicale 0.9-1+deb8u1 [31 Jan 2016] DSA-3461-1 freetype - security update {CVE-2014-9674} [wheezy] - freetype 2.4.9-1.1+deb7u3 [30 Jan 2016] DSA-3460-1 privoxy - security update {CVE-2016-1982 CVE-2016-1983} [wheezy] - privoxy 3.0.19-2+deb7u3 [jessie] - privoxy 3.0.21-7+deb8u1 [28 Jan 2016] DSA-3459-1 mysql-5.5 - security update {CVE-2016-0505 CVE-2016-0546 CVE-2016-0596 CVE-2016-0597 CVE-2016-0598 CVE-2016-0600 CVE-2016-0606 CVE-2016-0608 CVE-2016-0609 CVE-2016-0616} [wheezy] - mysql-5.5 5.5.47-0+deb7u1 [jessie] - mysql-5.5 5.5.47-0+deb8u1 [27 Jan 2016] DSA-3458-1 openjdk-7 - security update {CVE-2015-7575 CVE-2016-0402 CVE-2016-0448 CVE-2016-0466 CVE-2016-0483 CVE-2016-0494} [wheezy] - openjdk-7 7u95-2.6.4-1~deb7u1 [jessie] - openjdk-7 7u95-2.6.4-1~deb8u1 [27 Jan 2016] DSA-3457-1 iceweasel - security update {CVE-2015-7575 CVE-2016-1930 CVE-2016-1935} [wheezy] - iceweasel 38.6.0esr-1~deb7u1 [jessie] - iceweasel 38.6.0esr-1~deb8u1 [27 Jan 2016] DSA-3456-1 chromium-browser - security update {CVE-2015-6792 CVE-2016-1612 CVE-2016-1613 CVE-2016-1614 CVE-2016-1615 CVE-2016-1616 CVE-2016-1617 CVE-2016-1618 CVE-2016-1619 CVE-2016-1620} [jessie] - chromium-browser 48.0.2564.82-1~deb8u1 [27 Jan 2016] DSA-3455-1 curl - security update {CVE-2016-0755} [jessie] - curl 7.38.0-4+deb8u3 [27 Jan 2016] DSA-3454-1 virtualbox - security update {CVE-2015-5307 CVE-2015-8104 CVE-2016-0495 CVE-2016-0592} [jessie] - virtualbox 4.3.36-dfsg-1+deb8u1 [25 Jan 2016] DSA-3453-1 mariadb-10.0 - security update {CVE-2016-0505 CVE-2016-0546 CVE-2016-0596 CVE-2016-0597 CVE-2016-0598 CVE-2016-0600 CVE-2016-0606 CVE-2016-0608 CVE-2016-0609 CVE-2016-0616 CVE-2016-2047} [jessie] - mariadb-10.0 10.0.23-0+deb8u1 [23 Jan 2016] DSA-3452-1 claws-mail - security update {CVE-2015-8614} [wheezy] - claws-mail 3.8.1-2+deb7u1 [jessie] - claws-mail 3.11.1-3+deb8u1 [20 Jan 2016] DSA-3451-1 fuse - security update {CVE-2016-1233} [jessie] - fuse 2.9.3-15+deb8u2 [20 Jan 2016] DSA-3450-1 ecryptfs-utils - security update {CVE-2016-1572} [wheezy] - ecryptfs-utils 99-1+deb7u1 [jessie] - ecryptfs-utils 103-5+deb8u1 [19 Jan 2016] DSA-3449-1 bind9 - security update {CVE-2015-8704} [wheezy] - bind9 1:9.8.4.dfsg.P1-6+nmu2+deb7u9 [jessie] - bind9 1:9.9.5.dfsg-9+deb8u5 [19 Jan 2016] DSA-3448-1 linux - security update {CVE-2013-4312 CVE-2015-7566 CVE-2015-8767 CVE-2016-0723 CVE-2016-0728} [jessie] - linux 3.16.7-ckt20-1+deb8u3 [17 Jan 2016] DSA-3447-1 tomcat7 - security update {CVE-2014-7810} [wheezy] - tomcat7 7.0.28-4+deb7u3 [jessie] - tomcat7 7.0.56-3+deb8u1 [14 Jan 2016] DSA-3431-2 ganeti - regression update [wheezy] - ganeti 2.5.2-1+deb7u2 [jessie] - ganeti 2.12.4-1+deb8u3 [14 Jan 2016] DSA-3446-1 openssh - security update {CVE-2016-0777 CVE-2016-0778} [wheezy] - openssh 1:6.0p1-4+deb7u3 [jessie] - openssh 1:6.7p1-5+deb8u1 [13 Jan 2016] DSA-3445-1 pygments - security update {CVE-2015-8557} [wheezy] - pygments 1.5+dfsg-1+deb7u1 [jessie] - pygments 2.0.1+dfsg-1.1+deb8u1 [13 Jan 2016] DSA-3444-1 wordpress - security update {CVE-2016-1564} [wheezy] - wordpress 3.6.1+dfsg-1~deb7u9 [jessie] - wordpress 4.1+dfsg-1+deb8u7 [13 Jan 2016] DSA-3443-1 libpng - security update {CVE-2015-8472 CVE-2015-8540} [wheezy] - libpng 1.2.49-1+deb7u2 [jessie] - libpng 1.2.50-2+deb8u2 [13 Jan 2016] DSA-3442-1 isc-dhcp - security update {CVE-2015-8605} [wheezy] - isc-dhcp 4.2.2.dfsg.1-5+deb70u8 [jessie] - isc-dhcp 4.3.1-6+deb8u2 [11 Jan 2016] DSA-3441-1 perl - security update {CVE-2015-8607} [jessie] - perl 5.20.2-3+deb8u2 [11 Jan 2016] DSA-3440-1 sudo - security update {CVE-2015-5602} [wheezy] - sudo 1.8.5p2-1+nmu3+deb7u1 [jessie] - sudo 1.8.10p3-1+deb8u3 [10 Jan 2016] DSA-3439-1 prosody - security update {CVE-2016-1231 CVE-2016-1232} [wheezy] - prosody 0.8.2-4+deb7u3 [jessie] - prosody 0.9.7-2+deb8u2 [10 Jan 2016] DSA-3438-1 xscreensaver - security update {CVE-2015-8025} [wheezy] - xscreensaver 5.15-3+deb7u1 [jessie] - xscreensaver 5.30-1+deb8u1 [09 Jan 2016] DSA-3437-1 gnutls26 - security update {CVE-2015-7575} [wheezy] - gnutls26 2.12.20-8+deb7u5 [08 Jan 2016] DSA-3436-1 openssl - security update {CVE-2015-7575} [wheezy] - openssl 1.0.1e-2+deb7u19 [05 Jan 2016] DSA-3435-1 git - security update {CVE-2015-7545} [wheezy] - git 1:1.7.10.4-1+wheezy2 [jessie] - git 1:2.1.4-2.1+deb8u1 [05 Jan 2016] DSA-3434-1 linux - security update {CVE-2015-7513 CVE-2015-7550 CVE-2015-8550 CVE-2015-8551 CVE-2015-8552 CVE-2015-8569 CVE-2015-8575} [wheezy] - linux 3.2.73-2+deb7u2 [jessie] - linux 3.16.7-ckt20-1+deb8u2 [02 Jan 2016] DSA-3433-1 samba - security update {CVE-2015-3223 CVE-2015-5252 CVE-2015-5296 CVE-2015-5299 CVE-2015-5330 CVE-2015-7540 CVE-2015-8467} [wheezy] - samba 2:3.6.6-6+deb7u6 [jessie] - samba 2:4.1.17+dfsg-2+deb8u1 [01 Jan 2016] DSA-3432-1 icedove - security update {CVE-2015-7201 CVE-2015-7205 CVE-2015-7212 CVE-2015-7213 CVE-2015-7214} [wheezy] - icedove 38.5.0-1~deb7u1 [jessie] - icedove 38.5.0-1~deb8u1 [01 Jan 2016] DSA-3431-1 ganeti - security update {CVE-2015-7944 CVE-2015-7945} [wheezy] - ganeti 2.5.2-1+deb7u1 [jessie] - ganeti 2.12.4-1+deb8u2 [23 Dec 2015] DSA-3430-1 libxml2 - security update {CVE-2015-1819 CVE-2015-5312 CVE-2015-7497 CVE-2015-7498 CVE-2015-7499 CVE-2015-7500 CVE-2015-7941 CVE-2015-7942 CVE-2015-8035 CVE-2015-8241 CVE-2015-8317 CVE-2015-8710} [wheezy] - libxml2 2.8.0+dfsg1-7+wheezy5 [jessie] - libxml2 2.9.1+dfsg1-5+deb8u1 [21 Dec 2015] DSA-3429-1 foomatic-filters - security update {CVE-2015-8327 CVE-2015-8560} [wheezy] - foomatic-filters 4.0.17-1+deb7u1 [jessie] - foomatic-filters 4.0.17-5+deb8u1 [18 Dec 2015] DSA-3428-1 tomcat8 - security update {CVE-2014-7810} [jessie] - tomcat8 8.0.14-1+deb8u1 [18 Dec 2015] DSA-3427-1 blueman - security update {CVE-2015-8612} [wheezy] - blueman 1.23-1+deb7u1 [jessie] - blueman 1.99~alpha1-1+deb8u1 [17 Dec 2015] DSA-3426-1 linux - security update {CVE-2013-7446 CVE-2015-7799 CVE-2015-7833 CVE-2015-8104} [wheezy] - linux 3.2.73-2+deb7u1 [jessie] - linux 3.16.7-ckt20-1+deb8u1 [17 Dec 2015] DSA-3425-1 tryton-server - security update {CVE-2015-0861} [jessie] - tryton-server 3.4.0-3+deb8u1 [17 Dec 2015] DSA-3337-2 gdk-pixbuf - security update {CVE-2015-4491} [wheezy] - gdk-pixbuf 2.26.1-1+deb7u3 [jessie] - gdk-pixbuf 2.31.1-2+deb8u4 [16 Dec 2015] DSA-3424-1 subversion - security update {CVE-2015-5343} [jessie] - subversion 1.8.10-6+deb8u2 [16 Dec 2015] DSA-3423-1 cacti - security update {CVE-2015-8369} [wheezy] - cacti 0.8.8a+dfsg-5+deb7u7 [jessie] - cacti 0.8.8b+dfsg-8+deb8u3 [16 Dec 2015] DSA-3422-1 iceweasel - security update {CVE-2015-7201 CVE-2015-7205 CVE-2015-7210 CVE-2015-7212 CVE-2015-7213 CVE-2015-7214 CVE-2015-7222} [wheezy] - iceweasel 38.5.0esr-1~deb7u2 [jessie] - iceweasel 38.5.0esr-1~deb8u2 [16 Dec 2015] DSA-3421-1 grub2 - security update {CVE-2015-8370} [wheezy] - grub2 1.99-27+deb7u3 [jessie] - grub2 2.02~beta2-22+deb8u1 [15 Dec 2015] DSA-3420-1 bind9 - security update {CVE-2015-8000} [wheezy] - bind9 1:9.8.4.dfsg.P1-6+nmu2+deb7u8 [jessie] - bind9 1:9.9.5.dfsg-9+deb8u4 [15 Dec 2015] DSA-3419-1 cups-filters - security update {CVE-2015-8560} [jessie] - cups-filters 1.0.61-5+deb8u3 [14 Dec 2015] DSA-3418-1 chromium-browser - security update {CVE-2015-6788 CVE-2015-6789 CVE-2015-6790 CVE-2015-6791 CVE-2015-8548} [jessie] - chromium-browser 47.0.2526.80-1~deb8u1 [14 Dec 2015] DSA-3417-1 bouncycastle - security update {CVE-2015-7940} [wheezy] - bouncycastle 1.44+dfsg-3.1+deb7u1 [jessie] - bouncycastle 1.49+dfsg-3+deb8u1 [13 Dec 2015] DSA-3416-1 libphp-phpmailer - security update {CVE-2015-8476} [wheezy] - libphp-phpmailer 5.1-1.1 [jessie] - libphp-phpmailer 5.2.9+dfsg-2+deb8u1 [09 Dec 2015] DSA-3415-1 chromium-browser - security update {CVE-2015-1302 CVE-2015-6764 CVE-2015-6765 CVE-2015-6766 CVE-2015-6767 CVE-2015-6768 CVE-2015-6769 CVE-2015-6770 CVE-2015-6771 CVE-2015-6772 CVE-2015-6773 CVE-2015-6774 CVE-2015-6775 CVE-2015-6776 CVE-2015-6777 CVE-2015-6778 CVE-2015-6779 CVE-2015-6780 CVE-2015-6781 CVE-2015-6782 CVE-2015-6784 CVE-2015-6785 CVE-2015-6786} [jessie] - chromium-browser 47.0.2526.73-1~deb8u1 [09 Dec 2015] DSA-3414-1 xen - security update {CVE-2015-3259 CVE-2015-3340 CVE-2015-5307 CVE-2015-6654 CVE-2015-7311 CVE-2015-7812 CVE-2015-7813 CVE-2015-7814 CVE-2015-7969 CVE-2015-7970 CVE-2015-7971 CVE-2015-7972 CVE-2015-8104} [jessie] - xen 4.4.1-9+deb8u3 [04 Dec 2015] DSA-3413-1 openssl - security update {CVE-2015-3194 CVE-2015-3195 CVE-2015-3196} [wheezy] - openssl 1.0.1e-2+deb7u18 [jessie] - openssl 1.0.1k-3+deb8u2 [03 Dec 2015] DSA-3412-1 redis - security update {CVE-2015-8080} [jessie] - redis 2:2.8.17-1+deb8u3 [02 Dec 2015] DSA-3411-1 cups-filters - security update {CVE-2015-8327} [jessie] - cups-filters 1.0.61-5+deb8u2 [01 Dec 2015] DSA-3410-1 icedove - security update {CVE-2015-4473 CVE-2015-4487 CVE-2015-4488 CVE-2015-4489 CVE-2015-4513 CVE-2015-7181 CVE-2015-7182 CVE-2015-7188 CVE-2015-7189 CVE-2015-7193 CVE-2015-7194 CVE-2015-7197 CVE-2015-7198 CVE-2015-7199 CVE-2015-7200} [wheezy] - icedove 38.4.0-1~deb7u1 [jessie] - icedove 38.4.0-1~deb8u1 [01 Dec 2015] DSA-3409-1 putty - security update {CVE-2015-5309} [wheezy] - putty 0.62-9+deb7u3 [jessie] - putty 0.63-10+deb8u1 [01 Dec 2015] DSA-3408-1 gnutls26 - security update {CVE-2015-8313} [wheezy] - gnutls26 2.12.20-8+deb7u4 [26 Nov 2015] DSA-3407-1 dpkg - security update {CVE-2015-0860} [wheezy] - dpkg 1.16.17 [jessie] - dpkg 1.17.26 [25 Nov 2015] DSA-3406-1 nspr - security update {CVE-2015-7183} [wheezy] - nspr 2:4.9.2-1+deb7u3 [jessie] - nspr 2:4.10.7-1+deb8u1 [25 Nov 2015] DSA-3405-1 smokeping - security update {CVE-2015-0859} [wheezy] - smokeping 2.6.8-2+deb7u1 [jessie] - smokeping 2.6.9-1+deb8u1 [25 Nov 2015] DSA-3404-1 python-django - security update {CVE-2015-8213} [wheezy] - python-django 1.4.5-1+deb7u14 [jessie] - python-django 1.7.7-1+deb8u3 [24 Nov 2015] DSA-3403-1 libcommons-collections3-java - security update [wheezy] - libcommons-collections3-java 3.2.1-5+deb7u1 [jessie] - libcommons-collections3-java 3.2.1-7+deb8u1 [24 Nov 2015] DSA-3402-1 symfony - security update {CVE-2015-8124 CVE-2015-8125} [jessie] - symfony 2.3.21+dfsg-4+deb8u2 [22 Nov 2015] DSA-3401-1 openjdk-7 - security update {CVE-2015-4871} [wheezy] - openjdk-7 7u91-2.6.3-1~deb7u1 [jessie] - openjdk-7 7u91-2.6.3-1~deb8u1 [19 Nov 2015] DSA-3400-1 lxc - security update {CVE-2015-1335} [jessie] - lxc 1:1.0.6-6+deb8u2 [18 Nov 2015] DSA-3399-1 libpng - security update {CVE-2015-7981 CVE-2015-8126} [wheezy] - libpng 1.2.49-1+deb7u1 [jessie] - libpng 1.2.50-2+deb8u1 [16 Nov 2015] DSA-3398-1 strongswan - security update {CVE-2015-8023} [wheezy] - strongswan 4.5.2-1.5+deb7u8 [jessie] - strongswan 5.2.1-6+deb8u2 [14 Nov 2015] DSA-3208-2 freexl - regression update [wheezy] - freexl 1.0.0b-1+deb7u3 [jessie] - freexl 1.0.0g-1+deb8u3 [12 Nov 2015] DSA-3395-2 krb5 - security update {CVE-2015-2697} [wheezy] - krb5 1.10.1+dfsg-5+deb7u6 [10 Nov 2015] DSA-3397-1 wpa - security update {CVE-2015-4141 CVE-2015-4142 CVE-2015-4143 CVE-2015-4144 CVE-2015-4145 CVE-2015-4146 CVE-2015-5310 CVE-2015-5314 CVE-2015-5315 CVE-2015-5316 CVE-2015-8041} [wheezy] - wpa 1.0-3+deb7u3 [jessie] - wpa 2.3-1+deb8u3 [10 Nov 2015] DSA-3396-1 linux - security update {CVE-2015-5307 CVE-2015-7833 CVE-2015-7872 CVE-2015-7990} [wheezy] - linux 3.2.68-1+deb7u6 [jessie] - linux 3.16.7-ckt11-1+deb8u6 [09 Nov 2015] DSA-3386-2 unzip - regression update [wheezy] - unzip 6.0-8+deb7u5 [jessie] - unzip 6.0-16+deb8u2 [06 Nov 2015] DSA-3395-1 krb5 - security update {CVE-2015-2695 CVE-2015-2696 CVE-2015-2697} [wheezy] - krb5 1.10.1+dfsg-5+deb7u4 [jessie] - krb5 1.12.1+dfsg-19+deb8u1 [05 Nov 2015] DSA-3394-1 libreoffice - security update {CVE-2015-4551 CVE-2015-5212 CVE-2015-5213 CVE-2015-5214} [wheezy] - libreoffice 1:3.5.4+dfsg2-0+deb7u5 [jessie] - libreoffice 1:4.3.3-2+deb8u2 [04 Nov 2015] DSA-3393-1 iceweasel - security update {CVE-2015-4513 CVE-2015-7181 CVE-2015-7182 CVE-2015-7183 CVE-2015-7188 CVE-2015-7189 CVE-2015-7193 CVE-2015-7194 CVE-2015-7196 CVE-2015-7197 CVE-2015-7198 CVE-2015-7199 CVE-2015-7200} [wheezy] - iceweasel 38.4.0esr-1~deb7u1 [jessie] - iceweasel 38.4.0esr-1~deb8u1 [04 Nov 2015] DSA-3392-1 freeimage - security update {CVE-2015-0852} [wheezy] - freeimage 3.15.1-1.1 [jessie] - freeimage 3.15.4-4.2 [03 Nov 2015] DSA-3391-1 php-horde - security update {CVE-2015-7984} [jessie] - php-horde 5.2.1+debian0-2+deb8u2 [02 Nov 2015] DSA-3355-2 libvdpau - regression update [jessie] - libvdpau 0.8-3+deb8u2 [02 Nov 2015] DSA-3390-1 xen - security update {CVE-2015-7835} [wheezy] - xen 4.1.4-3+deb7u9 [jessie] - xen 4.4.1-9+deb8u2 [01 Nov 2015] DSA-3389-1 elasticsearch - end of life [jessie] - elasticsearch [01 Nov 2015] DSA-3388-1 ntp - security update {CVE-2015-5146 CVE-2015-5194 CVE-2015-5195 CVE-2015-5219 CVE-2015-5300 CVE-2015-7691 CVE-2015-7692 CVE-2015-7701 CVE-2015-7702 CVE-2015-7703 CVE-2015-7704 CVE-2015-7850 CVE-2015-7851 CVE-2015-7852 CVE-2015-7855 CVE-2015-7871} [wheezy] - ntp 1:4.2.6.p5+dfsg-2+deb7u6 [jessie] - ntp 1:4.2.6.p5+dfsg-7+deb8u1 [01 Nov 2015] DSA-3387-1 openafs - security update {CVE-2015-7762 CVE-2015-7763} [wheezy] - openafs 1.6.1-3+deb7u5 [jessie] - openafs 1.6.9-2+deb8u4 [31 Oct 2015] DSA-3386-1 unzip - security update {CVE-2015-7696 CVE-2015-7697} [wheezy] - unzip 6.0-8+deb7u4 [jessie] - unzip 6.0-16+deb8u1 [31 Oct 2015] DSA-3385-1 mariadb-10.0 - security update {CVE-2015-4792 CVE-2015-4802 CVE-2015-4815 CVE-2015-4816 CVE-2015-4819 CVE-2015-4826 CVE-2015-4830 CVE-2015-4836 CVE-2015-4858 CVE-2015-4861 CVE-2015-4870 CVE-2015-4879 CVE-2015-4895 CVE-2015-4913} [jessie] - mariadb-10.0 10.0.22-0+deb8u1 [29 Oct 2015] DSA-3384-1 virtualbox - security update {CVE-2015-4813 CVE-2015-4896} [wheezy] - virtualbox 4.1.42-dfsg-1+deb7u1 [jessie] - virtualbox 4.3.32-dfsg-1+deb8u2 [29 Oct 2015] DSA-3383-1 wordpress - security update {CVE-2015-2213 CVE-2015-5622 CVE-2015-5714 CVE-2015-5715 CVE-2015-5731 CVE-2015-5732 CVE-2015-5734 CVE-2015-7989} [wheezy] - wordpress 3.6.1+dfsg-1~deb7u8 [29 Oct 2015] DSA-3332-2 wordpress - regression update [jessie] - wordpress 4.1+dfsg-1+deb8u6 [28 Oct 2015] DSA-3382-1 phpmyadmin - security update {CVE-2014-8958 CVE-2014-9218 CVE-2015-2206 CVE-2015-3902 CVE-2015-3903 CVE-2015-6830 CVE-2015-7873} [wheezy] - phpmyadmin 4:3.4.11.1-2+deb7u2 [jessie] - phpmyadmin 4:4.2.12-2+deb8u1 [27 Oct 2015] DSA-3381-1 openjdk-7 - security update {CVE-2015-4734 CVE-2015-4803 CVE-2015-4805 CVE-2015-4806 CVE-2015-4835 CVE-2015-4840 CVE-2015-4842 CVE-2015-4843 CVE-2015-4844 CVE-2015-4860 CVE-2015-4872 CVE-2015-4881 CVE-2015-4882 CVE-2015-4883 CVE-2015-4893 CVE-2015-4903 CVE-2015-4911} [wheezy] - openjdk-7 7u85-2.6.1-6~deb7u1 [jessie] - openjdk-7 7u85-2.6.1-6~deb8u1 [27 Oct 2015] DSA-3380-1 php5 - security update {CVE-2015-7803 CVE-2015-7804} [wheezy] - php5 5.4.45-0+deb7u2 [jessie] - php5 5.6.14+dfsg-0+deb8u1 [25 Oct 2015] DSA-3379-1 miniupnpc - security update {CVE-2015-6031} [wheezy] - miniupnpc 1.5-2+deb7u1 [jessie] - miniupnpc 1.9.20140610-2+deb8u1 [24 Oct 2015] DSA-3378-1 gdk-pixbuf - security update {CVE-2015-7673 CVE-2015-7674} [wheezy] - gdk-pixbuf 2.26.1-1+deb7u2 [jessie] - gdk-pixbuf 2.31.1-2+deb8u3 [24 Oct 2015] DSA-3377-1 mysql-5.5 - security update {CVE-2015-4792 CVE-2015-4802 CVE-2015-4815 CVE-2015-4816 CVE-2015-4819 CVE-2015-4826 CVE-2015-4830 CVE-2015-4836 CVE-2015-4858 CVE-2015-4861 CVE-2015-4870 CVE-2015-4879 CVE-2015-4913} [wheezy] - mysql-5.5 5.5.46-0+deb7u1 [jessie] - mysql-5.5 5.5.46-0+deb8u1 [20 Oct 2015] DSA-3376-1 chromium-browser - security update {CVE-2015-1303 CVE-2015-1304 CVE-2015-6755 CVE-2015-6756 CVE-2015-6757 CVE-2015-6758 CVE-2015-6759 CVE-2015-6760 CVE-2015-6761 CVE-2015-6762 CVE-2015-6763} [jessie] - chromium-browser 46.0.2490.71-1~deb8u1 [19 Oct 2015] DSA-3375-1 wordpress - security update {CVE-2015-5714 CVE-2015-5715 CVE-2015-7989} [jessie] - wordpress 4.1+dfsg-1+deb8u5 [19 Oct 2015] DSA-3374-1 postgresql-9.4 - security update {CVE-2015-5288 CVE-2015-5289} [jessie] - postgresql-9.4 9.4.5-0+deb8u1 [18 Oct 2015] DSA-3373-1 owncloud - security update {CVE-2015-4716 CVE-2015-4717 CVE-2015-4718 CVE-2015-5953 CVE-2015-5954 CVE-2015-6500 CVE-2015-6670 CVE-2015-7699} [jessie] - owncloud 7.0.4+dfsg-4~deb8u3 [13 Oct 2015] DSA-3372-1 linux - security update {CVE-2015-5257 CVE-2015-7613} [wheezy] - linux 3.2.68-1+deb7u5 [jessie] - linux 3.16.7-ckt11-1+deb8u5 [09 Oct 2015] DSA-3371-1 spice - security update {CVE-2015-5260 CVE-2015-5261} [wheezy] - spice 0.11.0-1+deb7u2 [jessie] - spice 0.12.5-1+deb8u2 [06 Oct 2015] DSA-3370-1 freetype - security update {CVE-2014-9745 CVE-2014-9746 CVE-2014-9747} [wheezy] - freetype 2.4.9-1.1+deb7u2 [jessie] - freetype 2.5.2-3+deb8u1 [06 Oct 2015] DSA-3369-1 zendframework - security update {CVE-2015-5723 CVE-2015-7695} [wheezy] - zendframework 1.11.13-1.1+deb7u4 [jessie] - zendframework 1.12.9+dfsg-2+deb8u4 [25 Sep 2015] DSA-3368-1 cyrus-sasl2 - security update {CVE-2013-4122} [jessie] - cyrus-sasl2 2.1.26.dfsg1-13+deb8u1 [24 Sep 2015] DSA-3367-1 wireshark - security update {CVE-2015-6241 CVE-2015-6242 CVE-2015-6243 CVE-2015-6244 CVE-2015-6245 CVE-2015-6246 CVE-2015-6247 CVE-2015-6248 CVE-2015-6249} [jessie] - wireshark 1.12.1+g01b65bf-4+deb8u3 [23 Sep 2015] DSA-3366-1 rpcbind - security update {CVE-2015-7236} [wheezy] - rpcbind 0.2.0-8+deb7u1 [jessie] - rpcbind 0.2.1-6+deb8u1 [23 Sep 2015] DSA-3365-1 iceweasel - security update {CVE-2015-4500 CVE-2015-4506 CVE-2015-4509 CVE-2015-4511 CVE-2015-4517 CVE-2015-4519 CVE-2015-4520 CVE-2015-4521 CVE-2015-4522 CVE-2015-7174 CVE-2015-7175 CVE-2015-7176 CVE-2015-7177 CVE-2015-7180} [wheezy] - iceweasel 38.3.0esr-1~deb7u1 [jessie] - iceweasel 38.3.0esr-1~deb8u1 [21 Sep 2015] DSA-3364-1 linux - security update {CVE-2015-8215 CVE-2015-5156 CVE-2015-6252 CVE-2015-6937} [wheezy] - linux 3.2.68-1+deb7u4 [jessie] - linux 3.16.7-ckt11-1+deb8u4 [20 Sep 2015] DSA-3363-1 owncloud-client - security update {CVE-2015-4456} [jessie] - owncloud-client 1.7.0~beta1+really1.6.4+dfsg-1+deb8u1 [18 Sep 2015] DSA-3362-1 qemu-kvm - security update {CVE-2015-5278 CVE-2015-5279 CVE-2015-6815 CVE-2015-6855} [wheezy] - qemu-kvm 1.1.2+dfsg-6+deb7u11 [18 Sep 2015] DSA-3361-1 qemu - security update {CVE-2015-5278 CVE-2015-5279 CVE-2015-6815 CVE-2015-6855} [wheezy] - qemu 1.1.2+dfsg-6a+deb7u11 [jessie] - qemu 1:2.1+dfsg-12+deb8u4 [15 Sep 2015] DSA-3360-1 icu - security update {CVE-2015-1270} [jessie] - icu 52.1-8+deb8u3 [13 Sep 2015] DSA-3359-1 virtualbox - security update {CVE-2015-2594} [wheezy] - virtualbox 4.1.40-dfsg-1+deb7u1 [jessie] - virtualbox 4.3.30-dfsg-1+deb8u1 [13 Sep 2015] DSA-3358-1 php5 - security update {CVE-2015-6834 CVE-2015-6835 CVE-2015-6836 CVE-2015-6837 CVE-2015-6838} [wheezy] - php5 5.4.45-0+deb7u1 [jessie] - php5 5.6.13+dfsg-0+deb8u1 [13 Sep 2015] DSA-3357-1 vzctl - security update {CVE-2015-6927} [jessie] - vzctl 4.8-1+deb8u2 [12 Sep 2015] DSA-3356-1 openldap - security update {CVE-2015-6908} [wheezy] - openldap 2.4.31-2+deb7u1 [jessie] - openldap 2.4.40+dfsg-1+deb8u1 [10 Sep 2015] DSA-3355-1 libvdpau - security update {CVE-2015-5198 CVE-2015-5199 CVE-2015-5200} [wheezy] - libvdpau 0.4.1-7+deb7u1 [jessie] - libvdpau 0.8-3+deb8u1 [08 Sep 2015] DSA-3354-1 spice - security update {CVE-2015-3247} [jessie] - spice 0.12.5-1+deb8u1 [05 Sep 2015] DSA-3353-1 openslp-dfsg - security update {CVE-2015-5177} [wheezy] - openslp-dfsg 1.2.1-9+deb7u1 [jessie] - openslp-dfsg 1.2.1-10+deb8u1 [04 Sep 2015] DSA-3352-1 screen - security update {CVE-2015-6806} [wheezy] - screen 4.1.0~20120320gitdb59704-7+deb7u1 [jessie] - screen 4.2.1-3+deb8u1 [03 Sep 2015] DSA-3351-1 chromium-browser - security update {CVE-2015-1291 CVE-2015-1292 CVE-2015-1293 CVE-2015-1294 CVE-2015-1295 CVE-2015-1296 CVE-2015-1297 CVE-2015-1298 CVE-2015-1299 CVE-2015-1300 CVE-2015-1301} [jessie] - chromium-browser 45.0.2454.85-1~deb8u1 [02 Sep 2015] DSA-3350-1 bind9 - security update {CVE-2015-5722} [wheezy] - bind9 1:9.8.4.dfsg.P1-6+nmu2+deb7u7 [jessie] - bind9 1:9.9.5.dfsg-9+deb8u3 [02 Sep 2015] DSA-3349-1 qemu-kvm - security update {CVE-2015-5165 CVE-2015-5745} [wheezy] - qemu-kvm 1.1.2+dfsg-6+deb7u9 [02 Sep 2015] DSA-3348-1 qemu - security update {CVE-2015-3214 CVE-2015-5154 CVE-2015-5165 CVE-2015-5225 CVE-2015-5745} [jessie] - qemu 1:2.1+dfsg-12+deb8u2 [02 Sep 2015] DSA-3347-1 pdns - security update {CVE-2015-5230} [jessie] - pdns 3.4.1-4+deb8u3 [31 Aug 2015] DSA-3346-1 drupal7 - security update {CVE-2015-6658 CVE-2015-6659 CVE-2015-6660 CVE-2015-6661 CVE-2015-6665} [wheezy] - drupal7 7.14-2+deb7u11 [jessie] - drupal7 7.32-1+deb8u5 [29 Aug 2015] DSA-3345-1 iceweasel - security update {CVE-2015-4497 CVE-2015-4498} [wheezy] - iceweasel 38.2.1esr-1~deb7u1 [jessie] - iceweasel 38.2.1esr-1~deb8u1 [27 Aug 2015] DSA-3344-1 php5 - security update {CVE-2015-4598 CVE-2015-4643 CVE-2015-4644 CVE-2015-5589 CVE-2015-5590 CVE-2015-6831 CVE-2015-6832 CVE-2015-6833} [wheezy] - php5 5.4.44-0+deb7u1 [jessie] - php5 5.6.12+dfsg-0+deb8u1 [26 Aug 2015] DSA-3343-1 twig - security update {CVE-2015-7809} [jessie] - twig 1.16.2-1+deb8u1 [20 Aug 2015] DSA-3342-1 vlc - security update {CVE-2015-5949} [jessie] - vlc 2.2.0~rc2-2+deb8u1 [20 Aug 2015] DSA-3341-1 conntrack - security update {CVE-2015-6496} [wheezy] - conntrack 1:1.2.1-1+deb7u1 [jessie] - conntrack 1:1.4.2-2+deb8u1 [19 Aug 2015] DSA-3340-1 zendframework - security update {CVE-2015-5161} [wheezy] - zendframework 1.11.13-1.1+deb7u3 [jessie] - zendframework 1.12.9+dfsg-2+deb8u3 [19 Aug 2015] DSA-3339-1 openjdk-6 - security update {CVE-2015-2590 CVE-2015-2601 CVE-2015-2613 CVE-2015-2621 CVE-2015-2625 CVE-2015-2628 CVE-2015-2632 CVE-2015-2808 CVE-2015-4000 CVE-2015-4731 CVE-2015-4732 CVE-2015-4733 CVE-2015-4748 CVE-2015-4749 CVE-2015-4760} [wheezy] - openjdk-6 6b36-1.13.8-1~deb7u1 [18 Aug 2015] DSA-3338-1 python-django - security update {CVE-2015-5963 CVE-2015-5964} [wheezy] - python-django 1.4.5-1+deb7u13 [jessie] - python-django 1.7.7-1+deb8u2 [18 Aug 2015] DSA-3337-1 gdk-pixbuf - security update {CVE-2015-4491} [wheezy] - gdk-pixbuf 2.26.1-1+deb7u1 [jessie] - gdk-pixbuf 2.31.1-2+deb8u2 [18 Aug 2015] DSA-3325-2 apache2 - regression update [wheezy] - apache2 2.2.22-13+deb7u6 [17 Aug 2015] DSA-3336-1 nss - security update {CVE-2015-2721 CVE-2015-2730} [wheezy] - nss 2:3.14.5-1+deb7u5 [jessie] - nss 2:3.17.2-1.1+deb8u1 [13 Aug 2015] DSA-3335-1 request-tracker4 - security update {CVE-2015-5475 CVE-2015-6506} [wheezy] - request-tracker4 4.0.7-5+deb7u4 [jessie] - request-tracker4 4.2.8-3+deb8u1 [12 Aug 2015] DSA-3334-1 gnutls28 - security update {CVE-2015-6251} [jessie] - gnutls28 3.3.8-6+deb8u2 [12 Aug 2015] DSA-3333-1 iceweasel - security update {CVE-2015-4473 CVE-2015-4478 CVE-2015-4479 CVE-2015-4480 CVE-2015-4484 CVE-2015-4487 CVE-2015-4488 CVE-2015-4489 CVE-2015-4492 CVE-2015-4493 CVE-2015-4475} [wheezy] - iceweasel 38.2.0esr-1~deb7u1 [jessie] - iceweasel 38.2.0esr-1~deb8u1 [11 Aug 2015] DSA-3332-1 wordpress - security update {CVE-2015-2213 CVE-2015-5622 CVE-2015-5730 CVE-2015-5731 CVE-2015-5732 CVE-2015-5734} [jessie] - wordpress 4.1+dfsg-1+deb8u4 [10 Aug 2015] DSA-3331-1 subversion - security update {CVE-2015-3184 CVE-2015-3187} [wheezy] - subversion 1.6.17dfsg-4+deb7u10 [jessie] - subversion 1.8.10-6+deb8u1 [08 Aug 2015] DSA-3321-2 opensaml2 - security update [wheezy] - opensaml2 2.4.3-4+deb7u1 [jessie] - opensaml2 2.5.3-2+deb8u1 [07 Aug 2015] DSA-3330-1 activemq - security update {CVE-2014-3576} [wheezy] - activemq 5.6.0+dfsg-1+deb7u1 [jessie] - activemq 5.6.0+dfsg1-4+deb8u1 [07 Aug 2015] DSA-3329-1 linux - security update {CVE-2015-3212 CVE-2015-4700 CVE-2015-5697 CVE-2015-5707} [wheezy] - linux 3.2.68-1+deb7u3 [jessie] - linux 3.16.7-ckt11-1+deb8u3 [04 Aug 2015] DSA-3328-1 wordpress - security update {CVE-2015-3429 CVE-2015-5623} [jessie] - wordpress 4.1+dfsg-1+deb8u2 [03 Aug 2015] DSA-3327-1 squid3 - security update {CVE-2015-5400} [wheezy] - squid3 3.1.20-2.2+deb7u3 [jessie] - squid3 3.4.8-6+deb8u1 [02 Aug 2015] DSA-3326-1 ghostscript - security update {CVE-2015-3228} [wheezy] - ghostscript 9.05~dfsg-6.3+deb7u2 [jessie] - ghostscript 9.06~dfsg-2+deb8u1 [01 Aug 2015] DSA-3325-1 apache2 - security update {CVE-2015-3183 CVE-2015-3185} [wheezy] - apache2 2.2.22-13+deb7u5 [jessie] - apache2 2.4.10-10+deb8u1 [01 Aug 2015] DSA-3324-1 icedove - security update {CVE-2015-2721 CVE-2015-2724 CVE-2015-2734 CVE-2015-2735 CVE-2015-2736 CVE-2015-2737 CVE-2015-2738 CVE-2015-2739 CVE-2015-2740 CVE-2015-4000} [wheezy] - icedove 31.8.0-1~deb7u1 [jessie] - icedove 31.8.0-1~deb8u1 [01 Aug 2015] DSA-3323-1 icu - security update {CVE-2014-8146 CVE-2014-8147 CVE-2015-4760} [wheezy] - icu 4.8.1.1-12+deb7u3 [jessie] - icu 52.1-8+deb8u2 [31 Jul 2015] DSA-3322-1 ruby-rack - security update {CVE-2015-3225} [wheezy] - ruby-rack 1.4.1-2.1+deb7u1 [jessie] - ruby-rack 1.5.2-3+deb8u1 [30 Jul 2015] DSA-3321-1 xmltooling - security update {CVE-2015-0851} [wheezy] - xmltooling 1.4.2-5+deb7u1 [jessie] - xmltooling 1.5.3-2+deb8u1 [30 Jul 2015] DSA-3320-1 openafs - security update {CVE-2015-3282 CVE-2015-3283 CVE-2015-3284 CVE-2015-3285 CVE-2015-6587} [wheezy] - openafs 1.6.1-3+deb7u3 [jessie] - openafs 1.6.9-2+deb8u3 [28 Jul 2015] DSA-3319-1 bind9 - security update {CVE-2015-5477} [wheezy] - bind9 1:9.8.4.dfsg.P1-6+nmu2+deb7u6 [jessie] - bind9 1:9.9.5.dfsg-9+deb8u2 [26 Jul 2015] DSA-3318-1 expat - security update {CVE-2015-1283} [wheezy] - expat 2.1.0-1+deb7u2 [jessie] - expat 2.1.0-6+deb8u1 [25 Jul 2015] DSA-3317-1 lxc - security update {CVE-2015-1331 CVE-2015-1334} [jessie] - lxc 1:1.0.6-6+deb8u1 [25 Jul 2015] DSA-3316-1 openjdk-7 - security update {CVE-2014-8873 CVE-2015-0460 CVE-2015-0469 CVE-2015-0470 CVE-2015-0477 CVE-2015-0478 CVE-2015-0480 CVE-2015-0488 CVE-2015-2590 CVE-2015-2601 CVE-2015-2613 CVE-2015-2621 CVE-2015-2625 CVE-2015-2628 CVE-2015-2632 CVE-2015-2808 CVE-2015-4000 CVE-2015-4731 CVE-2015-4732 CVE-2015-4733 CVE-2015-4748 CVE-2015-4749 CVE-2015-4760} [wheezy] - openjdk-7 7u79-2.5.6-1~deb7u1 [jessie] - openjdk-7 7u79-2.5.6-1~deb8u1 [23 Jul 2015] DSA-3315-1 chromium-browser - security update {CVE-2015-1266 CVE-2015-1267 CVE-2015-1268 CVE-2015-1269 CVE-2015-1270 CVE-2015-1271 CVE-2015-1272 CVE-2015-1273 CVE-2015-1274 CVE-2015-1276 CVE-2015-1277 CVE-2015-1278 CVE-2015-1279 CVE-2015-1280 CVE-2015-1281 CVE-2015-1282 CVE-2015-1283 CVE-2015-1284 CVE-2015-1285 CVE-2015-1286 CVE-2015-1287 CVE-2015-1288 CVE-2015-1289} [jessie] - chromium-browser 44.0.2403.89-1~deb8u1 [23 Jul 2015] DSA-3314-1 typo3-sec - end of life [wheezy] - typo3-src [23 Jul 2015] DSA-3313-1 linux - security update {CVE-2015-3290 CVE-2015-3291 CVE-2015-4167 CVE-2015-5157 CVE-2015-5364 CVE-2015-5366} [jessie] - linux 3.16.7-ckt11-1+deb8u2 [22 Jul 2015] DSA-3312-1 cacti - security update {CVE-2015-4634} [wheezy] - cacti 0.8.8a+dfsg-5+deb7u6 [jessie] - cacti 0.8.8b+dfsg-8+deb8u2 [20 Jul 2015] DSA-3311-1 mariadb-10.0 - security update {CVE-2015-0433 CVE-2015-0441 CVE-2015-0499 CVE-2015-0501 CVE-2015-0505 CVE-2015-2568 CVE-2015-2571 CVE-2015-2573 CVE-2015-2582 CVE-2015-2643 CVE-2015-2648 CVE-2015-3152 CVE-2015-4752 CVE-2015-4757} [jessie] - mariadb-10.0 10.0.20-0+deb8u1 [19 Jul 2015] DSA-3310-1 freexl - security update [wheezy] - freexl 1.0.0b-1+deb7u2 [jessie] - freexl 1.0.0g-1+deb8u2 [18 Jul 2015] DSA-3309-1 tidy - security update {CVE-2015-5522 CVE-2015-5523} [wheezy] - tidy 20091223cvs-1.2+deb7u1 [jessie] - tidy 20091223cvs-1.4+deb8u1 [18 Jul 2015] DSA-3308-1 mysql-5.5 - security update {CVE-2015-2582 CVE-2015-2620 CVE-2015-2643 CVE-2015-2648 CVE-2015-4737 CVE-2015-4752} [wheezy] - mysql-5.5 5.5.44-0+deb7u1 [jessie] - mysql-5.5 5.5.44-0+deb8u1 [09 Jul 2015] DSA-3307-1 pdns-recursor - security update {CVE-2015-5470} [jessie] - pdns-recursor 3.6.2-2+deb8u2 [09 Jul 2015] DSA-3306-1 pdns - security update {CVE-2015-5470} [jessie] - pdns 3.4.1-4+deb8u2 [08 Jul 2015] DSA-3305-1 python-django - security update {CVE-2015-5143 CVE-2015-5144} [wheezy] - python-django 1.4.5-1+deb7u12 [jessie] - python-django 1.7.7-1+deb8u1 [07 Jul 2015] DSA-3304-1 bind9 - security update {CVE-2015-4620} [wheezy] - bind9 1:9.8.4.dfsg.P1-6+nmu2+deb7u5 [jessie] - bind9 1:9.9.5.dfsg-9+deb8u1 [07 Jul 2015] DSA-3303-1 cups-filters - security update {CVE-2015-3258 CVE-2015-3279} [wheezy] - cups-filters 1.0.18-2.1+deb7u2 [jessie] - cups-filters 1.0.61-5+deb8u1 [06 Jul 2015] DSA-3302-1 libwmf - security update {CVE-2015-0848 CVE-2015-4588 CVE-2015-4695 CVE-2015-4696} [wheezy] - libwmf 0.2.8.4-10.3+deb7u1 [jessie] - libwmf 0.2.8.4-10.3+deb8u1 [05 Jul 2015] DSA-3301-1 haproxy - security update {CVE-2015-3281} [jessie] - haproxy 1.5.8-3+deb8u1 [04 Jul 2015] DSA-3300-1 iceweasel - security update {CVE-2015-2721 CVE-2015-2743 CVE-2015-4000 CVE-2015-2734 CVE-2015-2735 CVE-2015-2736 CVE-2015-2737 CVE-2015-2738 CVE-2015-2739 CVE-2015-2740 CVE-2015-2728 CVE-2015-2731 CVE-2015-2724} [wheezy] - iceweasel 31.8.0esr-1~deb7u1 [jessie] - iceweasel 31.8.0esr-1~deb8u1 [02 Jul 2015] DSA-3299-1 stunnel4 - security update {CVE-2015-3644} [jessie] - stunnel4 3:5.06-2+deb8u1 [01 Jul 2015] DSA-3298-1 jackrabbit - security update {CVE-2015-1833} [wheezy] - jackrabbit 2.3.6-1+deb7u1 [jessie] - jackrabbit 2.3.6-1+deb8u1 [29 Jun 2015] DSA-3297-1 unattended-upgrades - security update {CVE-2015-1330} [wheezy] - unattended-upgrades 0.79.5+wheezy2 [jessie] - unattended-upgrades 0.83.3.2+deb8u1 [29 Jun 2015] DSA-3296-1 libcrypto++ - security update {CVE-2015-2141} [wheezy] - libcrypto++ 5.6.1-6+deb7u1 [jessie] - libcrypto++ 5.6.1-6+deb8u1 [24 Jun 2015] DSA-3295-1 cacti - security update {CVE-2015-2665 CVE-2015-2967 CVE-2015-4342 CVE-2015-4454} [wheezy] - cacti 0.8.8a+dfsg-5+deb7u5 [jessie] - cacti 0.8.8b+dfsg-8+deb8u1 [23 Jun 2015] DSA-3294-1 wireshark - security update {CVE-2015-4651 CVE-2015-4652} [jessie] - wireshark 1.12.1+g01b65bf-4+deb8u2 [20 Jun 2015] DSA-3293-1 pyjwt - security update [jessie] - pyjwt 0.2.1-1+deb8u1 [19 Jun 2015] DSA-3292-1 cinder - security update {CVE-2015-1851} [jessie] - cinder 2014.1.3-11+deb8u1 [18 Jun 2015] DSA-3291-1 drupal7 - security update {CVE-2015-3231 CVE-2015-3232 CVE-2015-3233 CVE-2015-3234} [wheezy] - drupal7 7.14-2+deb7u10 [jessie] - drupal7 7.32-1+deb8u4 [18 Jun 2015] DSA-3290-1 linux - security update {CVE-2015-1805 CVE-2015-3636 CVE-2015-4167} [wheezy] - linux 3.2.68-1+deb7u2 [15 Jun 2015] DSA-3289-1 p7zip - security update {CVE-2015-1038} [wheezy] - p7zip 9.20.1~dfsg.1-4+deb7u1 [jessie] - p7zip 9.20.1~dfsg.1-4.1+deb8u1 [14 Jun 2015] DSA-3252-2 sqlite3 - security update {CVE-2015-3416} [wheezy] - sqlite3 3.7.13-1+deb7u2 [13 Jun 2015] DSA-3288-1 libav - security update {CVE-2015-3395 CVE-2015-3417} [jessie] - libav 6:11.4-1~deb8u1 [13 Jun 2015] DSA-3287-1 openssl - security update {CVE-2014-8176 CVE-2015-1788 CVE-2015-1789 CVE-2015-1790 CVE-2015-1791 CVE-2015-1792 CVE-2015-4000} [wheezy] - openssl 1.0.1e-2+deb7u17 [jessie] - openssl 1.0.1k-3+deb8u1 [13 Jun 2015] DSA-3286-1 xen - security update {CVE-2015-3209 CVE-2015-4103 CVE-2015-4104 CVE-2015-4105 CVE-2015-4106 CVE-2015-4163 CVE-2015-4164} [wheezy] - xen 4.1.4-3+deb7u8 [jessie] - xen 4.4.1-9+deb8u1 [13 Jun 2015] DSA-3285-1 qemu-kvm - security update {CVE-2015-3209 CVE-2015-4037} [wheezy] - qemu-kvm 1.1.2+dfsg-6+deb7u8 [13 Jun 2015] DSA-3284-1 qemu - security update {CVE-2015-3209 CVE-2015-4037 CVE-2015-4103 CVE-2015-4104 CVE-2015-4105 CVE-2015-4106} [jessie] - qemu 1:2.1+dfsg-12+deb8u1 [09 Jun 2015] DSA-3283-1 cups - security update {CVE-2015-1158 CVE-2015-1159} [wheezy] - cups 1.5.3-5+deb7u6 [jessie] - cups 1.7.5-11+deb8u1 [08 Jun 2015] DSA-3282-1 strongswan - security update {CVE-2015-4171} [wheezy] - strongswan 4.5.2-1.5+deb7u7 [jessie] - strongswan 5.2.1-6+deb8u1 [07 Jun 2015] DSA-3281-1 Debian Security Team PGP/GPG key change notice [07 Jun 2015] DSA-3280-1 php5 - security update {CVE-2015-2783 CVE-2015-3307 CVE-2015-3329 CVE-2015-4021 CVE-2015-4022 CVE-2015-4024 CVE-2015-4025 CVE-2015-4026} [wheezy] - php5 5.4.41-0+deb7u1 [jessie] - php5 5.6.9+dfsg-0+deb8u1 [06 Jun 2015] DSA-3279-1 redis - security update {CVE-2015-4335} [jessie] - redis 2:2.8.17-1+deb8u1 [03 Jun 2015] DSA-3278-1 libapache-mod-jk - security update {CVE-2014-8111} [wheezy] - libapache-mod-jk 1:1.2.37-1+deb7u1 [jessie] - libapache-mod-jk 1:1.2.37-4+deb8u1 [02 Jun 2015] DSA-3249-2 jqueryui - security update [wheezy] - jqueryui 1.8.ooops.21+dfsg-2+deb7u2 [02 Jun 2015] DSA-3277-1 wireshark - security update {CVE-2015-3808 CVE-2015-3809 CVE-2015-3810 CVE-2015-3811 CVE-2015-3812 CVE-2015-3813 CVE-2015-3814 CVE-2015-3815 CVE-2015-3906} [jessie] - wireshark 1.12.1+g01b65bf-4+deb8u1 [31 May 2015] DSA-3276-1 symfony - security update {CVE-2015-4050} [jessie] - symfony 2.3.21+dfsg-4+deb8u1 [31 May 2015] DSA-3269-2 postgresql-9.1 - regression update [wheezy] - postgresql-9.1 9.1.16-0+deb7u2 [30 May 2015] DSA-3275-1 fusionforge - security update {CVE-2015-0850} [jessie] - fusionforge 5.3.2+20141104-3+deb8u1 [28 May 2015] DSA-3274-1 virtualbox - security update {CVE-2015-3456} [wheezy] - virtualbox 4.1.18-dfsg-2+deb7u5 [jessie] - virtualbox 4.3.18-dfsg-3+deb8u2 [26 May 2015] DSA-3268-2 ntfs-3g - security update {CVE-2015-3202} [wheezy] - ntfs-3g 1:2012.1.15AR.5-2.1+deb7u2 [jessie] - ntfs-3g 1:2014.2.15AR.2-1+deb8u2 [25 May 2015] DSA-3273-1 tiff - security update {CVE-2014-8127 CVE-2014-8128 CVE-2014-8129 CVE-2014-9330 CVE-2014-9655 CVE-2015-1547} [wheezy] - tiff 4.0.2-6+deb7u4 [24 May 2015] DSA-3265-2 zendframework - regression update [wheezy] - zendframework 1.11.13-1.1+deb7u2 [jessie] - zendframework 1.12.9+dfsg-2+deb8u2 [23 May 2015] DSA-3272-1 ipsec-tools - security update {CVE-2015-4047} [wheezy] - ipsec-tools 1:0.8.0-14+deb7u1 [jessie] - ipsec-tools 1:0.8.2+20140711-2+deb8u1 [23 May 2015] DSA-3271-1 nbd - security update {CVE-2013-7441 CVE-2015-0847} [wheezy] - nbd 1:3.2-4~deb7u5 [jessie] - nbd 1:3.8-4+deb8u1 [22 May 2015] DSA-3270-1 postgresql-9.4 - security update {CVE-2015-3165 CVE-2015-3166 CVE-2015-3167} [jessie] - postgresql-9.4 9.4.2-0+deb8u1 [22 May 2015] DSA-3269-1 postgresql-9.1 - security update {CVE-2015-3165 CVE-2015-3166 CVE-2015-3167} [wheezy] - postgresql-9.1 9.1.16-0+deb7u1 [jessie] - postgresql-9.1 9.1.16-0+deb8u1 [22 May 2015] DSA-3268-1 ntfs-3g - security update {CVE-2015-3202} [wheezy] - ntfs-3g 1:2012.1.15AR.5-2.1+deb7u1 [jessie] - ntfs-3g 1:2014.2.15AR.2-1+deb8u1 [22 May 2015] DSA-3267-1 chromium-browser - security update {CVE-2015-1251 CVE-2015-1252 CVE-2015-1253 CVE-2015-1254 CVE-2015-1255 CVE-2015-1256 CVE-2015-1257 CVE-2015-1258 CVE-2015-1259 CVE-2015-1260 CVE-2015-1261 CVE-2015-1262 CVE-2015-1263 CVE-2015-1264 CVE-2015-1265 CVE-2015-3910} [jessie] - chromium-browser 43.0.2357.65-1~deb8u1 [21 May 2015] DSA-3266-1 fuse - security update {CVE-2015-3202} [wheezy] - fuse 2.9.0-2+deb7u2 [jessie] - fuse 2.9.3-15+deb8u1 [20 May 2015] DSA-3265-1 zendframework - security update {CVE-2014-2681 CVE-2014-2682 CVE-2014-2683 CVE-2014-2684 CVE-2014-2685 CVE-2014-4914 CVE-2014-8088 CVE-2014-8089 CVE-2015-3154} [wheezy] - zendframework 1.11.13-1.1+deb7u1 [19 May 2015] DSA-3264-1 icedove - security update {CVE-2015-0797 CVE-2015-2708 CVE-2015-2710 CVE-2015-2713 CVE-2015-2716} [wheezy] - icedove 31.7.0-1~deb7u1 [jessie] - icedove 31.7.0-1~deb8u1 [19 May 2015] DSA-3263-1 proftpd-dfsg - security update {CVE-2015-3306} [wheezy] - proftpd-dfsg 1.3.4a-5+deb7u3 [jessie] - proftpd-dfsg 1.3.5-1.1+deb8u1 [18 May 2015] DSA-3262-1 xen - security update {CVE-2015-3456} [wheezy] - xen 4.1.4-3+deb7u6 [18 May 2015] DSA-3175-2 kfreebsd-9 - security update {CVE-2015-1414 CVE-2015-2923} [wheezy] - kfreebsd-9 9.0-10+deb70.10 [15 May 2015] DSA-3261-1 libmodule-signature-perl - security update {CVE-2015-3406 CVE-2015-3407 CVE-2015-3408 CVE-2015-3409} [wheezy] - libmodule-signature-perl 0.68-1+deb7u2 [jessie] - libmodule-signature-perl 0.73-1+deb8u1 [13 May 2015] DSA-3260-1 iceweasel - security update {CVE-2011-3079 CVE-2015-0797 CVE-2015-2708 CVE-2015-2710 CVE-2015-2713 CVE-2015-2716} [wheezy] - iceweasel 31.7.0esr-1~deb7u1 [jessie] - iceweasel 31.7.0esr-1~deb8u1 [13 May 2015] DSA-3259-1 qemu - security update {CVE-2014-9718 CVE-2015-1779 CVE-2015-2756 CVE-2015-3456} [jessie] - qemu 1:2.1+dfsg-12 [12 May 2015] DSA-3258-1 quassel - security update {CVE-2015-3427} [jessie] - quassel 1:0.10.0-2.3+deb8u1 [11 May 2015] DSA-3257-1 mercurial - security update {CVE-2014-9462} [wheezy] - mercurial 2.2.2-4+deb7u1 [jessie] - mercurial 3.1.2-2+deb8u1 [10 May 2015] DSA-3256-1 libtasn1-6 - security update {CVE-2015-3622} [jessie] - libtasn1-6 4.2-3+deb8u1 [10 May 2015] DSA-3255-1 zeromq3 - security update {CVE-2014-9721} [jessie] - zeromq3 4.0.5+dfsg-2+deb8u1 [09 May 2015] DSA-3254-1 suricata - security update {CVE-2015-0971} [jessie] - suricata 2.0.7-2+deb8u1 [07 May 2015] DSA-3253-1 pound - security update {CVE-2009-3555 CVE-2012-4929 CVE-2014-3566} [wheezy] - pound 2.6-2+deb7u1 [jessie] - pound 2.6-6+deb8u1 [06 May 2015] DSA-3252-1 sqlite3 - security update {CVE-2015-3414 CVE-2015-3415 CVE-2015-3416} [jessie] - sqlite3 3.8.7.1-1+deb8u1 [05 May 2015] DSA-3251-1 dnsmasq - security update {CVE-2015-3294} [wheezy] - dnsmasq 2.62-3+deb7u2 [jessie] - dnsmasq 2.72-3+deb8u1 [04 May 2015] DSA-3250-1 wordpress - security update {CVE-2015-3438 CVE-2015-3439 CVE-2015-3440} [wheezy] - wordpress 3.6.1+dfsg-1~deb7u6 [jessie] - wordpress 4.1+dfsg-1+deb8u1 [03 May 2015] DSA-3249-1 jqueryui - security update {CVE-2010-5312} [wheezy] - jqueryui 1.8.ooops.21+dfsg-2+deb7u1 [02 May 2015] DSA-3248-1 libphp-snoopy - security update {CVE-2014-5008 CVE-2008-7313} [wheezy] - libphp-snoopy 2.0.0-1~deb7u1 [02 May 2015] DSA-3247-1 ruby2.1 - security update {CVE-2015-1855} [jessie] - ruby2.1 2.1.5-2+deb8u1 [02 May 2015] DSA-3246-1 ruby1.9.1 - security update {CVE-2015-1855} [wheezy] - ruby1.9.1 1.9.3.194-8.1+deb7u5 [02 May 2015] DSA-3245-1 ruby1.8 - security update {CVE-2015-1855} [wheezy] - ruby1.8 1.8.7.358-7.1+deb7u3 [02 May 2015] DSA-3244-1 owncloud - security update {CVE-2015-3011 CVE-2015-3012 CVE-2015-3013} [jessie] - owncloud 7.0.4+dfsg-4~deb8u1 [01 May 2015] DSA-3243-1 libxml-libxml-perl - security update {CVE-2015-3451} [wheezy] - libxml-libxml-perl 2.0001+dfsg-1+deb7u1 [jessie] - libxml-libxml-perl 2.0116+dfsg-1+deb8u1 [30 Apr 2015] DSA-3242-1 chromium-browser - security update {CVE-2015-1243 CVE-2015-1250} [jessie] - chromium-browser 42.0.2311.135-1~deb8u1 [29 Apr 2015] DSA-3241-1 elasticsearch - security update {CVE-2015-3337} [jessie] - elasticsearch 1.0.3+dfsg-5+deb8u1 [29 Apr 2015] DSA-3240-1 curl - security update {CVE-2015-3153} [jessie] - curl 7.38.0-4+deb8u2 [29 Apr 2015] DSA-3239-1 icecast2 - security update {CVE-2015-3026} [jessie] - icecast2 2.4.0-1.1+deb8u1 [26 Apr 2015] DSA-3238-1 chromium-browser - security update {CVE-2015-1235 CVE-2015-1236 CVE-2015-1237 CVE-2015-1238 CVE-2015-1240 CVE-2015-1241 CVE-2015-1242 CVE-2015-1244 CVE-2015-1245 CVE-2015-1246 CVE-2015-1247 CVE-2015-1248 CVE-2015-1249 CVE-2015-3333 CVE-2015-3334 CVE-2015-3336} [jessie] - chromium-browser 42.0.2311.90-1~deb8u1 [26 Apr 2015] DSA-3237-1 linux - security update {CVE-2014-8159 CVE-2014-9715 CVE-2015-2041 CVE-2015-2042 CVE-2015-2150 CVE-2015-2830 CVE-2015-2922 CVE-2015-3331 CVE-2015-3339} [wheezy] - linux 3.2.68-1+deb7u1 [jessie] - linux 3.16.7-ckt9-3~deb8u1 [25 Apr 2015] DSA-3236-1 libreoffice - security update {CVE-2015-1774} [wheezy] - libreoffice 1:3.5.4+dfsg2-0+deb7u4 [jessie] - libreoffice 1:4.3.3-2+deb8u1 [24 Apr 2015] DSA-3235-1 openjdk-7 - security update {CVE-2015-0460 CVE-2015-0469 CVE-2015-0470 CVE-2015-0477 CVE-2015-0478 CVE-2015-0480 CVE-2015-0488 CVE-2014-8873} [wheezy] - openjdk-7 7u79-2.5.5-1~deb7u1 [jessie] - openjdk-7 7u79-2.5.5-1~deb8u1 [24 Apr 2015] DSA-3234-1 openjdk-6 - security update {CVE-2015-0460 CVE-2015-0469 CVE-2015-0470 CVE-2015-0477 CVE-2015-0478 CVE-2015-0480 CVE-2015-0488} [wheezy] - openjdk-6 6b35-1.13.7-1~deb7u1 [24 Apr 2015] DSA-3233-1 wpa - security update {CVE-2015-1863} [wheezy] - wpa 1.0-3+deb7u2 [jessie] - wpa 2.3-1+deb8u1 [22 Apr 2015] DSA-3232-1 curl - security update {CVE-2015-3143 CVE-2015-3148} [wheezy] - curl 7.26.0-1+wheezy13 [jessie] - curl 7.38.0-4+deb8u1 [21 Apr 2015] DSA-3231-1 subversion - security update {CVE-2015-0248 CVE-2015-0251} [wheezy] - subversion 1.6.17dfsg-4+deb7u9 [20 Apr 2015] DSA-3230-1 django-markupfield - security update {CVE-2015-0846} [wheezy] - django-markupfield 1.0.2-2+deb7u1 [jessie] - django-markupfield 1.2.1-2+deb8u1 [19 Apr 2015] DSA-3229-1 mysql-5.5 - security update {CVE-2015-0433 CVE-2015-0441 CVE-2015-0499 CVE-2015-0501 CVE-2015-0505 CVE-2015-2568 CVE-2015-2571 CVE-2015-2573} [wheezy] - mysql-5.5 5.5.43-0+deb7u1 [16 Apr 2015] DSA-3228-1 ppp - security update {CVE-2015-3310} [wheezy] - ppp 2.4.5-5.1+deb7u2 [15 Apr 2015] DSA-3227-1 movabletype-opensource - security update {CVE-2015-0845} [wheezy] - movabletype-opensource 5.1.4+dfsg-4+deb7u3 [15 Apr 2015] DSA-3226-1 inspircd - security update {CVE-2012-6696 CVE-2012-6697 CVE-2015-6674} [wheezy] - inspircd 2.0.5-1+deb7u1 [15 Apr 2015] DSA-3225-1 gst-plugins-bad0.10 - security update {CVE-2015-0797} [wheezy] - gst-plugins-bad0.10 0.10.23-7.1+deb7u2 [12 Apr 2015] DSA-3224-1 libx11 - security update {CVE-2013-7439} [wheezy] - libx11 2:1.5.0-1+deb7u2 [12 Apr 2015] DSA-3223-1 ntp - security update {CVE-2015-1798 CVE-2015-1799 CVE-2015-3405} [wheezy] - ntp 1:4.2.6.p5+dfsg-2+deb7u4 [12 Apr 2015] DSA-3222-1 chrony - security update {CVE-2015-1821 CVE-2015-1822 CVE-2015-1853} [wheezy] - chrony 1.24-3.1+deb7u3 [12 Apr 2015] DSA-3221-1 das-watchdog - security update {CVE-2015-2831} [wheezy] - das-watchdog 0.9.0-2+deb7u1 [11 Apr 2015] DSA-3220-1 libtasn1-3 - security update {CVE-2015-2806} [wheezy] - libtasn1-3 2.13-2+deb7u2 [11 Apr 2015] DSA-3219-1 libdbd-firebird-perl - security update {CVE-2015-2788} [wheezy] - libdbd-firebird-perl 0.91-2+deb7u1 [10 Apr 2015] DSA-3218-1 wesnoth-1.10 - security update {CVE-2015-0844} [wheezy] - wesnoth-1.10 1:1.10.3-3+deb7u1 [09 Apr 2015] DSA-3217-1 dpkg - security update {CVE-2015-0840} [wheezy] - dpkg 1.16.16 [07 Apr 2015] DSA-3057-2 libxml2 - regression update [wheezy] - libxml2 2.8.0+dfsg1-7+wheezy4 [06 Apr 2015] DSA-3216-1 tor - security update {CVE-2015-2928 CVE-2015-2929} [wheezy] - tor 0.2.4.27-1 [06 Apr 2015] DSA-3215-1 libgd2 - security update {CVE-2014-2497 CVE-2014-9709} [wheezy] - libgd2 2.0.36~rc1~dfsg-6.1+deb7u1 [06 Apr 2015] DSA-3214-1 mailman - security update {CVE-2015-2775} [wheezy] - mailman 1:2.1.15-1+deb7u1 [06 Apr 2015] DSA-3213-1 arj - security update {CVE-2015-0556 CVE-2015-0557 CVE-2015-2782} [wheezy] - arj 3.10.22-10+deb7u1 [02 Apr 2015] DSA-3212-1 icedove - security update {CVE-2015-0801 CVE-2015-0807 CVE-2015-0813 CVE-2015-0815 CVE-2015-0816} [wheezy] - icedove 31.6.0-1~deb7u1 [01 Apr 2015] DSA-3211-1 iceweasel - security update {CVE-2015-0801 CVE-2015-0807 CVE-2015-0813 CVE-2015-0815 CVE-2015-0816} [wheezy] - iceweasel 31.6.0esr-1~deb7u1 [31 Mar 2015] DSA-3210-1 wireshark - security update {CVE-2015-2188 CVE-2015-2189 CVE-2015-2191} [wheezy] - wireshark 1.8.2-5wheezy15 [30 Mar 2015] DSA-3209-1 openldap - security update {CVE-2013-4449 CVE-2014-9713 CVE-2015-1545} [wheezy] - openldap 2.4.31-2 [29 Mar 2015] DSA-3208-1 freexl - security update {CVE-2015-2753 CVE-2015-2754 CVE-2015-2776} [wheezy] - freexl 1.0.0b-1+deb7u1 [28 Mar 2015] DSA-3198-2 php5 - regression update [wheezy] - php5 5.4.39-0+deb7u2 [28 Mar 2015] DSA-3207-1 shibboleth-sp2 - security update {CVE-2015-2684} [wheezy] - shibboleth-sp2 2.4.3+dfsg-5+deb7u1 [28 Mar 2015] DSA-3206-1 dulwich - security update {CVE-2014-9706 CVE-2015-0838} [wheezy] - dulwich 0.8.5-2+deb7u2 [27 Mar 2015] DSA-3205-1 batik - security update {CVE-2015-0250} [wheezy] - batik 1.7+dfsg-3+deb7u1 [24 Mar 2015] DSA-3197-2 openssl - regression update [wheezy] - openssl 1.0.1e-2+deb7u16 [24 Mar 2015] DSA-3204-1 python-django - security update {CVE-2015-2317} [wheezy] - python-django 1.4.5-1+deb7u11 [22 Mar 2015] DSA-3203-1 tor - security update {CVE-2015-2688 CVE-2015-2689} [wheezy] - tor 0.2.4.26-1 [22 Mar 2015] DSA-3202-1 mono - security update {CVE-2015-2318 CVE-2015-2319 CVE-2015-2320} [wheezy] - mono 2.10.8.1-8+deb7u1 [22 Mar 2015] DSA-3201-1 iceweasel - security update {CVE-2015-0817 CVE-2015-0818} [wheezy] - iceweasel 31.5.3esr-1~deb7u1 [20 Mar 2015] DSA-3200-1 drupal7 - security update {CVE-2015-2559 CVE-2015-2749 CVE-2015-2750} [wheezy] - drupal7 7.14-2+deb7u9 [20 Mar 2015] DSA-3199-1 xerces-c - security update {CVE-2015-0252} [wheezy] - xerces-c 3.1.1-3+deb7u1 [20 Mar 2015] DSA-3198-1 php5 - security update {CVE-2015-2301 CVE-2015-2331 CVE-2015-2348 CVE-2015-2787 CVE-2015-3330} [wheezy] - php5 5.4.39-0+deb7u1 [19 Mar 2015] DSA-3197-1 openssl - security update {CVE-2015-0209 CVE-2015-0286 CVE-2015-0287 CVE-2015-0288 CVE-2015-0289 CVE-2015-0292} [wheezy] - openssl 1.0.1e-2+deb7u15 [18 Mar 2015] DSA-3196-1 file - security update {CVE-2014-9653} [wheezy] - file 5.11-2+deb7u8 [18 Mar 2015] DSA-3195-1 php5 - security update {CVE-2014-9705 CVE-2015-0231 CVE-2015-0232 CVE-2015-0273 CVE-2015-2305 CVE-2015-1352} [wheezy] - php5 5.4.38-0+deb7u1 [17 Mar 2015] DSA-3194-1 libxfont - security update {CVE-2015-1802 CVE-2015-1803 CVE-2015-1804} [wheezy] - libxfont 1:1.4.5-5 [17 Mar 2015] DSA-3193-1 tcpdump - security update {CVE-2015-0261 CVE-2015-2153 CVE-2015-2154 CVE-2015-2155} [wheezy] - tcpdump 4.3.0-1+deb7u2 [17 Mar 2015] DSA-3192-1 checkpw - security update {CVE-2015-0885} [wheezy] - checkpw 1.02-1+deb7u1 [15 Mar 2015] DSA-3191-1 gnutls26 - security update {CVE-2015-0282 CVE-2015-0294} [wheezy] - gnutls26 2.12.20-8+deb7u3 [15 Mar 2015] DSA-3190-1 putty - security update {CVE-2015-2157} [wheezy] - putty 0.62-9+deb7u2 [15 Mar 2015] DSA-3189-1 libav - security update {CVE-2014-7933 CVE-2014-8543 CVE-2014-8544 CVE-2014-8547 CVE-2014-8548 CVE-2014-9604} [wheezy] - libav 6:0.8.17-1 [15 Mar 2015] DSA-3188-1 freetype - security update {CVE-2014-9656 CVE-2014-9657 CVE-2014-9658 CVE-2014-9660 CVE-2014-9661 CVE-2014-9663 CVE-2014-9664 CVE-2014-9666 CVE-2014-9667 CVE-2014-9669 CVE-2014-9670 CVE-2014-9671 CVE-2014-9672 CVE-2014-9673 CVE-2014-9675} [wheezy] - freetype 2.4.9-1.1+deb7u1 [15 Mar 2015] DSA-3187-1 icu - security update {CVE-2013-1569 CVE-2013-2383 CVE-2013-2384 CVE-2013-2419 CVE-2014-6585 CVE-2014-6591 CVE-2014-7923 CVE-2014-7926 CVE-2014-7940 CVE-2014-9654} [wheezy] - icu 4.8.1.1-12+deb7u2 [13 Mar 2015] DSA-3186-1 nss - security update {CVE-2014-1569} [wheezy] - nss 2:3.14.5-1+deb7u4 [12 Mar 2015] DSA-3185-1 libgcrypt11 - security update {CVE-2014-3591 CVE-2015-0837} [wheezy] - libgcrypt11 1.5.0-5+deb7u3 [12 Mar 2015] DSA-3184-1 gnupg - security update {CVE-2014-3591 CVE-2015-0837 CVE-2015-1606} [wheezy] - gnupg 1.4.12-7+deb7u7 [12 Mar 2015] DSA-3183-1 movabletype-opensource - security update {CVE-2013-2184 CVE-2014-9057 CVE-2015-1592} [wheezy] - movabletype-opensource 5.1.4+dfsg-4+deb7u2 [11 Mar 2015] DSA-3182-1 libssh2 - security update {CVE-2015-1782} [wheezy] - libssh2 1.4.2-1.1+deb7u1 [10 Mar 2015] DSA-3181-1 xen - security update {CVE-2015-2044 CVE-2015-2045 CVE-2015-2151} [wheezy] - xen 4.1.4-3+deb7u5 [05 Mar 2015] DSA-3180-1 libarchive - security update {CVE-2015-2304} [wheezy] - libarchive 3.0.4-3+wheezy1 [03 Mar 2015] DSA-3179-1 icedove - security update {CVE-2015-0822 CVE-2015-0827 CVE-2015-0831 CVE-2015-0836} [wheezy] - icedove 31.5.0-1~deb7u1 [02 Mar 2015] DSA-3178-1 unace - security update {CVE-2015-2063} [wheezy] - unace 1.2b-10+deb7u1 [10 Mar 2015] DSA-3177-1 mod-gnutls - security update {CVE-2015-2091} [wheezy] - mod-gnutls 0.5.10-1.1+deb7u1 [26 Feb 2015] DSA-3176-1 request-tracker4 - security update {CVE-2014-9472 CVE-2015-1165 CVE-2015-1464} [wheezy] - request-tracker4 4.0.7-5+deb7u3 [25 Feb 2015] DSA-3175-1 kfreebsd-9 - security update {CVE-2015-1414} [wheezy] - kfreebsd-9 9.0-10+deb70.9 [25 Feb 2015] DSA-3174-1 iceweasel - security update {CVE-2015-0822 CVE-2015-0827 CVE-2015-0831 CVE-2015-0836} [wheezy] - iceweasel 31.5.0esr-1~deb7u1 [25 Feb 2015] DSA-3173-1 libgtk2-perl - security update [wheezy] - libgtk2-perl 2:1.244-1+deb7u1 [25 Feb 2015] DSA-3172-1 cups - security update {CVE-2014-9679} [wheezy] - cups 1.5.3-5+deb7u5 [23 Feb 2015] DSA-3171-1 samba - security update {CVE-2015-0240} [wheezy] - samba 2:3.6.6-6+deb7u5 [23 Feb 2015] DSA-3170-1 linux - security update {CVE-2013-7421 CVE-2014-7822 CVE-2014-8160 CVE-2014-8559 CVE-2014-9585 CVE-2014-9644 CVE-2014-9683 CVE-2015-0239 CVE-2015-1420 CVE-2015-1421 CVE-2015-1593} [wheezy] - linux 3.2.65-1+deb7u2 [23 Feb 2015] DSA-3169-1 eglibc - security update {CVE-2012-3406 CVE-2013-7424 CVE-2014-4043 CVE-2014-9402 CVE-2015-1472 CVE-2015-1473} [wheezy] - eglibc 2.13-38+deb7u8 [22 Feb 2015] DSA-3168-1 ruby-redcloth - security update {CVE-2012-6684} [wheezy] - ruby-redcloth 4.2.9-2+deb7u2 [22 Feb 2015] DSA-3167-1 sudo - security update {CVE-2014-9680} [wheezy] - sudo 1.8.5p2-1+nmu2 [22 Feb 2015] DSA-3166-1 e2fsprogs - security update {CVE-2015-0247 CVE-2015-1572} [wheezy] - e2fsprogs 1.42.5-1.1+deb7u1 [21 Feb 2015] DSA-3165-1 xdg-utils - security update {CVE-2015-1877} [wheezy] - xdg-utils 1.1.0~rc1+git20111210-6+deb7u3 [21 Feb 2015] DSA-3164-1 typo3-src - security update {CVE-2015-2047} [wheezy] - typo3-src 4.5.19+dfsg1-5+wheezy4 [19 Feb 2015] DSA-3163-1 libreoffice - security update {CVE-2014-9093} [wheezy] - libreoffice 1:3.5.4+dfsg2-0+deb7u3 [18 Feb 2015] DSA-3162-1 bind9 - security update {CVE-2015-1349} [wheezy] - bind9 1:9.8.4.dfsg.P1-6+nmu2+deb7u4 [11 Feb 2015] DSA-3161-1 dbus - security update {CVE-2015-0245} [wheezy] - dbus 1.6.8-1+deb7u6 [11 Feb 2015] DSA-3160-1 xorg-server - security update {CVE-2015-0255} [wheezy] - xorg-server 2:1.12.4-6+deb7u6 [10 Feb 2015] DSA-3159-1 ruby1.8 - security update {CVE-2014-8080 CVE-2014-8090} [wheezy] - ruby1.8 1.8.7.358-7.1+deb7u2 [09 Feb 2015] DSA-3158-1 unrtf - security update {CVE-2014-9274 CVE-2014-9275} [wheezy] - unrtf 0.21.5-3~deb7u1 [09 Feb 2015] DSA-3157-1 ruby1.9.1 - security update {CVE-2014-4975 CVE-2014-8080 CVE-2014-8090} [wheezy] - ruby1.9.1 1.9.3.194-8.1+deb7u3 [07 Feb 2015] DSA-3156-1 liblivemedia - security update {CVE-2013-6933} [wheezy] - liblivemedia 2012.05.17-1+wheezy1 [wheezy] - vlc 2.0.3-5+deb7u2 [wheezy] - mplayer 2:1.0~rc4.dfsg1+svn34540-1+deb7u1 [07 Feb 2015] DSA-3154-2 ntp - incomplete fix {CVE-2014-9750} [wheezy] - ntp 1:4.2.6.p5+dfsg-2+deb7u3 [06 Feb 2015] DSA-2978-2 libxml2 - security update {CVE-2014-0191 CVE-2014-3660} [wheezy] - libxml2 2.8.0+dfsg1-7+wheezy3 [06 Feb 2015] DSA-3155-1 postgresql-9.1 - security update {CVE-2014-8161 CVE-2015-0241 CVE-2015-0243 CVE-2015-0244} [wheezy] - postgresql-9.1 9.1.15-0+deb7u1 [05 Feb 2015] DSA-3154-1 ntp - security update {CVE-2014-9750 CVE-2014-9751} [wheezy] - ntp 1:4.2.6.p5+dfsg-2+deb7u2 [03 Feb 2015] DSA-3153-1 krb5 - security update {CVE-2014-5352 CVE-2014-9421 CVE-2014-9422 CVE-2014-9423} [wheezy] - krb5 1.10.1+dfsg-5+deb7u3 [03 Feb 2015] DSA-3152-1 unzip - security update {CVE-2014-9636} [wheezy] - unzip 6.0-8+deb7u2 [03 Feb 2015] DSA-3151-1 python-django - security update {CVE-2015-0219 CVE-2015-0220 CVE-2015-0221} [wheezy] - python-django 1.4.5-1+deb7u9 [02 Feb 2015] DSA-3150-1 vlc - security update {CVE-2014-9626 CVE-2014-9627 CVE-2014-9628 CVE-2014-9629 CVE-2014-9630} [wheezy] - vlc 2.0.3-5+deb7u2 [02 Feb 2015] DSA-3149-1 condor - security update {CVE-2014-8126} [wheezy] - condor 7.8.2~dfsg.1-1+deb7u3 [31 Jan 2015] DSA-3148-1 chromium-browser - end of life [wheezy] - chromium-browser [30 Jan 2015] DSA-3147-1 openjdk-6 - security update {CVE-2014-3566 CVE-2014-6585 CVE-2014-6587 CVE-2014-6591 CVE-2014-6593 CVE-2014-6601 CVE-2015-0383 CVE-2015-0395 CVE-2015-0407 CVE-2015-0408 CVE-2015-0410 CVE-2015-0412} [wheezy] - openjdk-6 6b34-1.13.6-1~deb7u1 [30 Jan 2015] DSA-3146-1 requests - security update {CVE-2014-1829 CVE-2014-1830} [wheezy] - requests 0.12.1-1+deb7u1 [30 Jan 2015] DSA-3145-1 privoxy - security update {CVE-2015-1381 CVE-2015-1382} [wheezy] - privoxy 3.0.19-2+deb7u2 [29 Jan 2015] DSA-3144-1 openjdk-7 - security update {CVE-2014-3566 CVE-2014-6585 CVE-2014-6587 CVE-2014-6591 CVE-2014-6593 CVE-2014-6601 CVE-2015-0383 CVE-2015-0395 CVE-2015-0407 CVE-2015-0408 CVE-2015-0410 CVE-2015-0412} [wheezy] - openjdk-7 7u75-2.5.4-1~deb7u1 [28 Jan 2015] DSA-3143-1 virtualbox - security update {CVE-2015-0377 CVE-2015-0418} [wheezy] - virtualbox 4.1.18-dfsg-2+deb7u4 [27 Jan 2015] DSA-3142-1 eglibc - security update {CVE-2012-6656 CVE-2014-6040 CVE-2014-7817 CVE-2015-0235} [wheezy] - eglibc 2.13-38+deb7u7 [27 Jan 2015] DSA-3141-1 wireshark - security update {CVE-2015-0562 CVE-2015-0564} [wheezy] - wireshark 1.8.2-5wheezy14 [27 Jan 2015] DSA-3140-1 xen - security update {CVE-2014-8594 CVE-2014-8595 CVE-2014-8866 CVE-2014-8867 CVE-2014-9030} [wheezy] - xen 4.1.4-3+deb7u4 [25 Jan 2015] DSA-3139-1 squid - security update {CVE-2014-3609} [wheezy] - squid 2.7.STABLE9-4.1+deb7u1 [25 Jan 2015] DSA-3138-1 jasper - security update {CVE-2014-8157 CVE-2014-8158} [wheezy] - jasper 1.900.1-13+deb7u3 [24 Jan 2015] DSA-3137-1 websvn - security update {CVE-2013-6892} [wheezy] - websvn 2.3.3-1.1+deb7u1 [24 Jan 2015] DSA-3136-1 polarssl - security update {CVE-2015-1182} [wheezy] - polarssl 1.2.9-1~deb7u5 [23 Jan 2015] DSA-3135-1 mysql-5.5 - security update {CVE-2014-6568 CVE-2015-0374 CVE-2015-0381 CVE-2015-0382 CVE-2015-0411 CVE-2015-0432} [wheezy] - mysql-5.5 5.5.41-0+wheezy1 [20 Jan 2015] DSA-3134-1 sympa - security update {CVE-2015-1306} [wheezy] - sympa 6.1.11~dfsg-5+deb7u2 [20 Jan 2015] DSA-3133-1 privoxy - security update {CVE-2015-1031} [wheezy] - privoxy 3.0.19-2+deb7u1 [19 Jan 2015] DSA-3132-1 icedove - security update {CVE-2014-8634 CVE-2014-8638 CVE-2014-8639} [wheezy] - icedove 31.4.0-1~deb7u1 [18 Jan 2015] DSA-3131-1 xdg-utils - security update {CVE-2014-9622} [wheezy] - xdg-utils 1.1.0~rc1+git20111210-6+deb7u2 [16 Jan 2015] DSA-3130-1 lsyncd - security update {CVE-2014-8990} [wheezy] - lsyncd 2.0.7-3+deb7u1 [15 Jan 2015] DSA-3129-1 rpm - security update {CVE-2013-6435 CVE-2014-8118} [wheezy] - rpm 4.10.0-5+deb7u2 [15 Jan 2015] DSA-3128-1 linux - security update {CVE-2013-6885 CVE-2014-8133 CVE-2014-9419 CVE-2014-9529 CVE-2014-9584} [wheezy] - linux 3.2.65-1+deb7u1 [14 Jan 2015] DSA-3127-1 iceweasel - security update {CVE-2014-8634 CVE-2014-8638 CVE-2014-8639 CVE-2014-8641} [wheezy] - iceweasel 31.4.0esr-1~deb7u1 [13 Jan 2015] DSA-3123-2 binutils-mingw-w64 - security update {CVE-2014-8484 CVE-2014-8485 CVE-2014-8501 CVE-2014-8502 CVE-2014-8503 CVE-2014-8504 CVE-2014-8737 CVE-2014-8738} [wheezy] - binutils-mingw-w64 2+deb7u1 [12 Jan 2015] DSA-3126-1 php5 - security update {CVE-2014-9652} [wheezy] - php5 5.4.36-0+deb7u3 [11 Jan 2015] DSA-3125-1 openssl - security update {CVE-2014-3569 CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 CVE-2014-8275 CVE-2015-0204 CVE-2015-0205 CVE-2015-0206} [wheezy] - openssl 1.0.1e-2+deb7u14 [10 Jan 2015] DSA-3124-1 otrs2 - security update {CVE-2014-9324} [wheezy] - otrs2 3.1.7+dfsg1-8+deb7u5 [09 Jan 2015] DSA-3123-1 binutils - security update {CVE-2014-8484 CVE-2014-8485 CVE-2014-8501 CVE-2014-8502 CVE-2014-8503 CVE-2014-8504 CVE-2014-8737 CVE-2014-8738} [wheezy] - binutils 2.22-8+deb7u2 [08 Jan 2015] DSA-3122-1 curl - security update {CVE-2014-8150} [wheezy] - curl 7.26.0-1+wheezy12 [08 Jan 2015] DSA-3121-1 file - security update {CVE-2014-8116 CVE-2014-8117 CVE-2014-9620 CVE-2014-9652} [wheezy] - file 5.11-2+deb7u7 [06 Jan 2015] DSA-3120-1 mantis - security update {CVE-2014-6316 CVE-2014-7146 CVE-2014-8553 CVE-2014-8554 CVE-2014-8598 CVE-2014-8986 CVE-2014-8988 CVE-2014-9089 CVE-2014-9117 CVE-2014-9269 CVE-2014-9270 CVE-2014-9271 CVE-2014-9272 CVE-2014-9280 CVE-2014-9281 CVE-2014-9388 CVE-2014-9506 CVE-2014-6387 CVE-2013-4460 CVE-2013-1934 CVE-2013-1811} [wheezy] - mantis 1.2.18-1 [06 Jan 2015] DSA-3119-1 libevent - security update {CVE-2014-6272 CVE-2015-6525} [wheezy] - libevent 2.0.19-stable-3+deb7u1 [05 Jan 2015] DSA-3118-1 strongswan - security update {CVE-2014-9221} [wheezy] - strongswan 4.5.2-1.5+deb7u6 [31 Dec 2014] DSA-3117-1 php5 - security update {CVE-2014-8142 CVE-2014-9427} [wheezy] - php5 5.4.36-0+deb7u1 [30 Dec 2014] DSA-3116-1 polarssl - security update {CVE-2014-8628} [wheezy] - polarssl 1.2.9-1~deb7u4 [29 Dec 2014] DSA-3115-1 pyyaml - security update {CVE-2014-9130} [wheezy] - pyyaml 3.10-4+deb7u1 [29 Dec 2014] DSA-3114-1 mime-support - security update {CVE-2014-7209} [wheezy] - mime-support 3.52-1+deb7u1 [28 Dec 2014] DSA-3113-1 unzip - security update {CVE-2014-8139 CVE-2014-8140 CVE-2014-8141} [wheezy] - unzip 6.0-8+deb7u1 [23 Dec 2014] DSA-3112-1 sox - security update {CVE-2014-8145} [wheezy] - sox 14.4.0-3+deb7u1 [22 Dec 2014] DSA-3111-1 cpio - security update {CVE-2014-9112} [wheezy] - cpio 2.11+dfsg-0.1+deb7u1 [23 Dec 2014] DSA-3110-1 mediawiki - security update {CVE-2014-9475} [wheezy] - mediawiki 1:1.19.20+dfsg-0+deb7u3 [21 Dec 2014] DSA-3109-1 firebird2.5 - security update {CVE-2014-9323} [wheezy] - firebird2.5 2.5.2.26540.ds4-1~deb7u2 [20 Dec 2014] DSA-3107-2 subversion - regression update [wheezy] - subversion 1.6.17dfsg-4+deb7u8 [20 Dec 2014] DSA-3108-1 ntp - security update {CVE-2014-9293 CVE-2014-9294 CVE-2014-9295 CVE-2014-9296} [wheezy] - ntp 1:4.2.6.p5+dfsg-2+deb7u1 [20 Dec 2014] DSA-3107-1 subversion - security update {CVE-2014-3580} [wheezy] - subversion 1.6.17dfsg-4+deb7u7 [20 Dec 2014] DSA-3106-1 jasper - security update {CVE-2014-8137 CVE-2014-8138} [wheezy] - jasper 1.900.1-13+deb7u2 [16 Dec 2014] DSA-3105-1 heirloom-mailx - security update {CVE-2004-2771 CVE-2014-7844} [wheezy] - heirloom-mailx 12.5-2+deb7u1 [16 Dec 2014] DSA-3104-1 bsd-mailx - security update {CVE-2014-7844} [wheezy] - bsd-mailx 8.1.2-0.20111106cvs-1+deb7u1 [13 Dec 2014] DSA-3103-1 libyaml-libyaml-perl - security update {CVE-2014-9130} [wheezy] - libyaml-libyaml-perl 0.38-3+deb7u3 [13 Dec 2014] DSA-3102-1 libyaml - security update {CVE-2014-9130} [wheezy] - libyaml 0.1.4-2+deb7u5 [13 Dec 2014] DSA-3101-1 c-icap - security update {CVE-2013-7401 CVE-2013-7402} [wheezy] - c-icap 1:0.1.6-1.1+deb7u1 [13 Dec 2014] DSA-3100-1 mediawiki - security update {CVE-2014-9277} [wheezy] - mediawiki 1:1.19.20+dfsg-0+deb7u2 [11 Dec 2014] DSA-3099-1 dbus - security update {CVE-2014-7824} [wheezy] - dbus 1.6.8-1+deb7u5 [11 Dec 2014] DSA-3098-1 graphviz - security update {CVE-2014-9157} [wheezy] - graphviz 2.26.3-14+deb7u2 [10 Dec 2014] DSA-3097-1 unbound - security update {CVE-2014-8602} [wheezy] - unbound 1.4.17-3+deb7u2 [11 Dec 2014] DSA-3096-1 pdns-recursor - security update {CVE-2014-8601} [wheezy] - pdns-recursor 3.3-3+deb7u1 [10 Dec 2014] DSA-3095-1 xorg-server - security update {CVE-2014-8091 CVE-2014-8092 CVE-2014-8093 CVE-2014-8094 CVE-2014-8095 CVE-2014-8096 CVE-2014-8097 CVE-2014-8098 CVE-2014-8099 CVE-2014-8100 CVE-2014-8101 CVE-2014-8102} [wheezy] - xorg-server 2:1.12.4-6+deb7u5 [08 Dec 2014] DSA-3094-1 bind9 - security update {CVE-2014-8500} [wheezy] - bind9 1:9.8.4.dfsg.P1-6+nmu2+deb7u3 [08 Dec 2014] DSA-3093-1 linux - security update {CVE-2014-7841 CVE-2014-8369 CVE-2014-8884 CVE-2014-9090} [wheezy] - linux 3.2.63-2+deb7u2 [07 Dec 2014] DSA-3092-1 icedove - security update {CVE-2014-1587 CVE-2014-1590 CVE-2014-1592 CVE-2014-1593 CVE-2014-1594 CVE-2014-3566} [wheezy] - icedove 31.3.0-1~deb7u1 [07 Dec 2014] DSA-3091-1 getmail4 - security update {CVE-2014-7273 CVE-2014-7274 CVE-2014-7275} [wheezy] - getmail4 4.46.0-1~deb7u1 [04 Dec 2014] DSA-3090-1 iceweasel - security update {CVE-2014-1587 CVE-2014-1590 CVE-2014-1592 CVE-2014-1593 CVE-2014-1594} [wheezy] - iceweasel 31.3.0esr-1~deb7u1 [04 Dec 2014] DSA-3089-1 jasper - security update {CVE-2014-9029} [wheezy] - jasper 1.900.1-13+deb7u1 [04 Dec 2014] DSA-3088-1 qemu-kvm - security update {CVE-2014-8106} [wheezy] - qemu-kvm 1.1.2+dfsg-6+deb7u6 [04 Dec 2014] DSA-3087-1 qemu - security update {CVE-2014-8106} [wheezy] - qemu 1.1.2+dfsg-6a+deb7u6 [03 Dec 2014] DSA-3086-1 tcpdump - security update {CVE-2014-8767 CVE-2014-8769 CVE-2014-9140} [wheezy] - tcpdump 4.3.0-1+deb7u1 [03 Dec 2014] DSA-3085-1 wordpress - security update {CVE-2014-9031 CVE-2014-9033 CVE-2014-9034 CVE-2014-9035 CVE-2014-9036 CVE-2014-9037 CVE-2014-9038 CVE-2014-9039} [wheezy] - wordpress 3.6.1+dfsg-1~deb7u5 [01 Dec 2014] DSA-3084-1 openvpn - security update {CVE-2014-8104} [wheezy] - openvpn 2.2.1-8+deb7u3 [30 Nov 2014] DSA-3083-1 mutt - security update {CVE-2014-9116} [wheezy] - mutt 1.5.21-6.2+deb7u3 [30 Nov 2014] DSA-3082-1 flac - security update {CVE-2014-8962 CVE-2014-9028} [wheezy] - flac 1.2.1-6+deb7u1 [29 Nov 2014] DSA-3081-1 libvncserver - security update {CVE-2014-6051 CVE-2014-6052 CVE-2014-6053 CVE-2014-6054 CVE-2014-6055} [wheezy] - libvncserver 0.9.9+dfsg-1+deb7u1 [29 Nov 2014] DSA-3080-1 openjdk-7 - security update {CVE-2014-6457 CVE-2014-6502 CVE-2014-6504 CVE-2014-6506 CVE-2014-6511 CVE-2014-6512 CVE-2014-6517 CVE-2014-6519 CVE-2014-6531 CVE-2014-6558} [wheezy] - openjdk-7 7u71-2.5.3-2~deb7u1 [29 Nov 2014] DSA-3079-1 ppp - security update {CVE-2014-3158} [wheezy] - ppp 2.4.5-5.1+deb7u1 [27 Nov 2014] DSA-3078-1 libksba - security update {CVE-2014-9087} [wheezy] - libksba 1.2.0-2+deb7u1 [26 Nov 2014] DSA-3077-1 openjdk-6 - security update {CVE-2014-6457 CVE-2014-6502 CVE-2014-6504 CVE-2014-6506 CVE-2014-6511 CVE-2014-6512 CVE-2014-6517 CVE-2014-6519 CVE-2014-6531 CVE-2014-6558} [wheezy] - openjdk-6 6b33-1.13.5-2~deb7u1 [25 Nov 2014] DSA-3076-1 wireshark - security update {CVE-2014-8710 CVE-2014-8711 CVE-2014-8712 CVE-2014-8713 CVE-2014-8714} [wheezy] - wireshark 1.8.2-5wheezy13 [20 Nov 2014] DSA-3075-1 drupal7 - security update {CVE-2014-9015 CVE-2014-9016} [wheezy] - drupal7 7.14-2+deb7u8 [19 Nov 2014] DSA-3074-2 php5 - regression update [wheezy] - php5 5.4.35-0+deb7u2 [18 Nov 2014] DSA-3074-1 php5 - security update {CVE-2014-3710} [wheezy] - php5 5.4.35-0+deb7u1 [16 Nov 2014] DSA-3073-1 libgcrypt11 - security update {CVE-2014-5270} [wheezy] - libgcrypt11 1.5.0-5+deb7u2 [11 Nov 2014] DSA-3072-1 file - security update {CVE-2014-3710} [wheezy] - file 5.11-2+deb7u6 [11 Nov 2014] DSA-3071-1 nss - security update {CVE-2014-1544} [wheezy] - nss 2:3.14.5-1+deb7u3 [07 Nov 2014] DSA-3070-1 kfreebsd-9 - security update {CVE-2014-3711 CVE-2014-3952 CVE-2014-3953 CVE-2014-8476} [wheezy] - kfreebsd-9 9.0-10+deb70.8 [07 Nov 2014] DSA-3069-1 curl - security update {CVE-2014-3707} [wheezy] - curl 7.26.0-1+wheezy11 [07 Nov 2014] DSA-3068-1 konversation - security update {CVE-2014-8483} [wheezy] - konversation 1.4-1+deb7u1 [06 Nov 2014] DSA-3067-1 qemu-kvm - security update {CVE-2014-3689 CVE-2014-7815} [wheezy] - qemu-kvm 1.1.2+dfsg-6+deb7u5 [06 Nov 2014] DSA-3066-1 qemu - security update {CVE-2014-3689 CVE-2014-7815} [wheezy] - qemu 1.1.2+dfsg-6a+deb7u5 [06 Nov 2014] DSA-3065-1 libxml-security-java - security update {CVE-2013-2172} [wheezy] - libxml-security-java 1.4.5-1+deb7u1 [04 Nov 2014] DSA-3064-1 php5 - security update {CVE-2013-7345 CVE-2014-3668 CVE-2014-3669 CVE-2014-3670} [wheezy] - php5 5.4.34-0+deb7u1 [02 Nov 2014] DSA-3063-1 quassel - security update {CVE-2014-8483} [wheezy] - quassel 0.8.0-1+deb7u3 [02 Nov 2014] DSA-3062-1 wget - security update {CVE-2014-4877} [wheezy] - wget 1.13.4-3+deb7u2 [31 Oct 2014] DSA-3061-1 icedove - security update {CVE-2014-1574 CVE-2014-1576 CVE-2014-1577 CVE-2014-1578 CVE-2014-1581 CVE-2014-1585 CVE-2014-1586} [wheezy] - icedove 31.2.0-1~deb7u1 [31 Oct 2014] DSA-3060-1 linux - security update {CVE-2014-3610 CVE-2014-3611 CVE-2014-3645 CVE-2014-3646 CVE-2014-3647 CVE-2014-3673 CVE-2014-3687 CVE-2014-3688 CVE-2014-3690 CVE-2014-7207} [wheezy] - linux 3.2.63-2+deb7u1 [29 Oct 2014] DSA-3059-1 dokuwiki - security update {CVE-2014-8761 CVE-2014-8762 CVE-2014-8763 CVE-2014-8764} [wheezy] - dokuwiki 0.0.20120125b-2+deb7u1 [27 Oct 2014] DSA-3058-1 torque - security update {CVE-2014-3684} [wheezy] - torque 2.4.16+dfsg-1+deb7u4 [26 Oct 2014] DSA-3057-1 libxml2 - security update {CVE-2014-3660} [wheezy] - libxml2 2.8.0+dfsg1-7+wheezy2 [26 Oct 2014] DSA-3056-1 libtasn1-3 - security update {CVE-2014-3467 CVE-2014-3468 CVE-2014-3469} [wheezy] - libtasn1-3 2.13-2+deb7u1 [23 Oct 2014] DSA-3055-1 pidgin - security update {CVE-2014-3694 CVE-2014-3695 CVE-2014-3696 CVE-2014-3698} [wheezy] - pidgin 2.10.10-1~deb7u1 [20 Oct 2014] DSA-3054-1 mysql-5.5 - security update {CVE-2012-5615 CVE-2014-4274 CVE-2014-4287 CVE-2014-6463 CVE-2014-6464 CVE-2014-6469 CVE-2014-6478 CVE-2014-6484 CVE-2014-6491 CVE-2014-6494 CVE-2014-6495 CVE-2014-6496 CVE-2014-6500 CVE-2014-6505 CVE-2014-6507 CVE-2014-6520 CVE-2014-6530 CVE-2014-6551 CVE-2014-6555 CVE-2014-6559} [wheezy] - mysql-5.5 5.5.40-0+wheezy1 [16 Oct 2014] DSA-3053-1 openssl - security update {CVE-2014-3513 CVE-2014-3567 CVE-2014-3568} [wheezy] - openssl 1.0.1e-2+deb7u13 [15 Oct 2014] DSA-3052-1 wpa - security update {CVE-2014-3686} [wheezy] - wpa 1.0-3+deb7u1 [15 Oct 2014] DSA-3051-1 drupal7 - security update {CVE-2014-3704} [wheezy] - drupal7 7.14-2+deb7u7 [18 Oct 2014] DSA-3050-1 iceweasel - security update {CVE-2014-1574 CVE-2014-1576 CVE-2014-1577 CVE-2014-1578 CVE-2014-1581 CVE-2014-1583 CVE-2014-1585 CVE-2014-1586} [wheezy] - iceweasel 31.2.0esr-2~deb7u1 [14 Oct 2014] DSA-3049-1 wireshark - security update {CVE-2014-6422 CVE-2014-6423 CVE-2014-6424 CVE-2014-6427 CVE-2014-6428 CVE-2014-6429 CVE-2014-6430 CVE-2014-6431 CVE-2014-6432} [wheezy] - wireshark 1.8.2-5wheezy12 [08 Oct 2014] DSA-3048-1 apt - security update {CVE-2014-7206} [wheezy] - apt 0.9.7.9+deb7u6 [08 Oct 2014] DSA-3047-1 rsyslog - security update {CVE-2014-3683} [wheezy] - rsyslog 5.8.11-3+deb7u2 [05 Oct 2014] DSA-3046-1 mediawiki - security update {CVE-2014-7295} [wheezy] - mediawiki 1:1.19.20+dfsg-0+deb7u1 [04 Oct 2014] DSA-3045-1 qemu - security update {CVE-2014-0142 CVE-2014-0143 CVE-2014-0144 CVE-2014-0145 CVE-2014-0146 CVE-2014-0147 CVE-2014-0222 CVE-2014-0223 CVE-2014-3615 CVE-2014-3640} [wheezy] - qemu 1.1.2+dfsg-6a+deb7u4 [04 Oct 2014] DSA-3044-1 qemu-kvm - security update {CVE-2014-0142 CVE-2014-0143 CVE-2014-0144 CVE-2014-0145 CVE-2014-0146 CVE-2014-0147 CVE-2014-0222 CVE-2014-0223 CVE-2014-3615 CVE-2014-3640} [wheezy] - qemu-kvm 1.1.2+dfsg-6+deb7u4 [04 Oct 2014] DSA-3043-1 tryton-server - security update {CVE-2014-6633} [wheezy] - tryton-server 2.2.4-1+deb7u2 [04 Oct 2014] DSA-3042-1 exuberant-ctags - security update {CVE-2014-7204} [wheezy] - exuberant-ctags 1:5.9~svn20110310-4+deb7u1 [01 Oct 2014] DSA-3041-1 xen - security update {CVE-2013-2072 CVE-2014-7154 CVE-2014-7155 CVE-2014-7156 CVE-2014-7188} [wheezy] - xen 4.1.4-3+deb7u3 [30 Sep 2014] DSA-3040-1 rsyslog - security update {CVE-2014-3634} [wheezy] - rsyslog 5.8.11-3+deb7u1 [28 Sep 2014] DSA-3039-1 chromium-browser - security update {CVE-2014-3160 CVE-2014-3162 CVE-2014-3165 CVE-2014-3166 CVE-2014-3167 CVE-2014-3168 CVE-2014-3169 CVE-2014-3170 CVE-2014-3171 CVE-2014-3172 CVE-2014-3173 CVE-2014-3174 CVE-2014-3175 CVE-2014-3176 CVE-2014-3177 CVE-2014-3178 CVE-2014-3179} [wheezy] - chromium-browser 37.0.2062.120-1~deb7u1 [27 Sep 2014] DSA-3038-1 libvirt - security update {CVE-2014-0179 CVE-2014-3633} [wheezy] - libvirt 0.9.12.3-1+deb7u1 [26 Sep 2014] DSA-3037-1 icedove - security update {CVE-2014-1568} [wheezy] - icedove 24.8.1-1~deb7u1 [26 Sep 2014] DSA-3036-1 mediawiki - security update {CVE-2014-7199} [wheezy] - mediawiki 1:1.19.19+dfsg-0+deb7u1 [25 Sep 2014] DSA-3035-1 bash - security update {CVE-2014-7169 CVE-2014-7186 CVE-2014-7187} [wheezy] - bash 4.2+dfsg-0.1+deb7u3 [25 Sep 2014] DSA-3034-1 iceweasel - security update {CVE-2014-1568} [wheezy] - iceweasel 24.8.1esr-1~deb7u1 [25 Sep 2014] DSA-3033-1 nss - security update {CVE-2014-1568} [wheezy] - nss 2:3.14.5-1+deb7u2 [24 Sep 2014] DSA-3032-1 bash - security update {CVE-2014-6271} [wheezy] - bash 4.2+dfsg-0.1+deb7u1 [23 Sep 2014] DSA-3031-1 apt - security update {CVE-2014-6273} [wheezy] - apt 0.9.7.9+deb7u5 [20 Sep 2014] DSA-3030-1 mantis - security update {CVE-2014-1608 CVE-2014-1609} [wheezy] - mantis 1.2.11-1.2+deb7u1 [20 Sep 2014] DSA-3029-1 nginx - security update {CVE-2014-3616} [wheezy] - nginx 1.2.1-2.2+wheezy3 [17 Sep 2014] DSA-3028-1 icedove - security update {CVE-2014-1562 CVE-2014-1567} [wheezy] - icedove 24.8.0-1~deb7u1 [17 Sep 2014] DSA-3027-1 libav - security update {CVE-2013-7020} [wheezy] - libav 6:0.8.16-1 [16 Sep 2014] DSA-3026-1 dbus - security update {CVE-2014-3635 CVE-2014-3636 CVE-2014-3637 CVE-2014-3638 CVE-2014-3639} [wheezy] - dbus 1.6.8-1+deb7u4 [16 Sep 2014] DSA-3025-1 apt - security update {CVE-2014-0487 CVE-2014-0488 CVE-2014-0489 CVE-2014-0490} [wheezy] - apt 0.9.7.9+deb7u3 [11 Sep 2014] DSA-3024-1 gnupg - security update {CVE-2014-5270} [wheezy] - gnupg 1.4.12-7+deb7u6 [11 Sep 2014] DSA-3023-1 bind9 - security update {CVE-2014-0591} [wheezy] - bind9 1:9.8.4.dfsg.P1-6+nmu2+deb7u2 [10 Sep 2014] DSA-3022-1 curl - security update {CVE-2014-3613} [wheezy] - curl 7.26.0-1+wheezy10 [09 Sep 2014] DSA-3021-1 file - security update {CVE-2014-0207 CVE-2014-0237 CVE-2014-0238 CVE-2014-3478 CVE-2014-3479 CVE-2014-3480 CVE-2014-3487 CVE-2014-3538 CVE-2014-3587} [wheezy] - file 5.11-2+deb7u4 [10 Sep 2014] DSA-3020-1 acpi-support - security update {CVE-2014-0484} [wheezy] - acpi-support 0.140-5+deb7u3 [04 Sep 2014] DSA-3019-1 procmail - security update {CVE-2014-3618} [wheezy] - procmail 3.22-20+deb7u1 [03 Sep 2014] DSA-3018-1 iceweasel - security update {CVE-2014-1562 CVE-2014-1567} [wheezy] - iceweasel 24.8.0esr-1~deb7u1 [02 Sep 2014] DSA-3017-1 php-cas - security update {CVE-2014-4172} [wheezy] - php-cas 1.3.1-4+deb7u1 [01 Sep 2014] DSA-3016-1 lua5.2 - security update {CVE-2014-5461} [wheezy] - lua5.2 5.2.1-3+deb7u1 [01 Sep 2014] DSA-3015-1 lua5.1 - security update {CVE-2014-5461} [wheezy] - lua5.1 5.1.5-4+deb7u1 [31 Aug 2014] DSA-2987-2 openjdk-7 - regression update [wheezy] - openjdk-7 7u65-2.5.1-5~deb7u1 [28 Aug 2014] DSA-3014-1 squid3 - security update {CVE-2014-3609} [wheezy] - squid3 3.1.20-2.2+deb7u2 [27 Aug 2014] DSA-3013-1 s3ql - security update {CVE-2014-0485} [wheezy] - s3ql 1.11.1-3+deb7u1 [26 Aug 2014] DSA-3012-1 eglibc - security update {CVE-2014-5119} [wheezy] - eglibc 2.13-38+deb7u4 [23 Aug 2014] DSA-3011-1 mediawiki - security update {CVE-2014-5241 CVE-2014-5243} [wheezy] - mediawiki 1:1.19.18+dfsg-0+deb7u1 [22 Aug 2014] DSA-3010-1 python-django - security update {CVE-2014-0480 CVE-2014-0481 CVE-2014-0482 CVE-2014-0483} [wheezy] - python-django 1.4.5-1+deb7u8 [21 Aug 2014] DSA-3009-1 python-imaging - security update {CVE-2014-3589} [wheezy] - python-imaging 1.1.7-4+deb7u1 [21 Aug 2014] DSA-3008-1 php5 - security update {CVE-2014-3538 CVE-2014-3587 CVE-2014-3597 CVE-2014-4670} [wheezy] - php5 5.4.4-14+deb7u13 [20 Aug 2014] DSA-3007-1 cacti - security update {CVE-2014-5025 CVE-2014-5026 CVE-2014-5261 CVE-2014-5262} [wheezy] - cacti 0.8.8a+dfsg-5+deb7u4 [18 Aug 2014] DSA-3006-1 xen - security update {CVE-2013-1432 CVE-2013-1442 CVE-2013-2076 CVE-2013-2077 CVE-2013-2078 CVE-2013-2194 CVE-2013-2195 CVE-2013-2196 CVE-2013-2211 CVE-2013-4329 CVE-2013-4355 CVE-2013-4361 CVE-2013-4368 CVE-2013-4494 CVE-2013-4553 CVE-2014-1950 CVE-2014-2599 CVE-2014-3124 CVE-2014-4021} [wheezy] - xen 4.1.4-3+deb7u2 [14 Aug 2014] DSA-3005-1 gpgme1.0 - security update {CVE-2014-3564} [wheezy] - gpgme1.0 1.2.0-1.4+deb7u1 [11 Aug 2014] DSA-2984-2 acpi-support - regression update [wheezy] - acpi-support 0.140-5+deb7u2 [11 Aug 2014] DSA-3004-1 kde4libs - security update {CVE-2014-5033} [wheezy] - kde4libs 4:4.8.4-4+deb7u1 [10 Aug 2014] DSA-3003-1 libav - security update {CVE-2011-3934 CVE-2011-3935 CVE-2011-3946 CVE-2013-0848 CVE-2013-0851 CVE-2013-0852 CVE-2013-0860 CVE-2013-0868 CVE-2013-3672 CVE-2013-3674 CVE-2014-2263} [wheezy] - libav 6:0.8.15-1 [10 Aug 2014] DSA-3002-1 wireshark - security update {CVE-2014-5161 CVE-2014-5162 CVE-2014-5163 CVE-2014-5164 CVE-2014-5165} [wheezy] - wireshark 1.8.2-5wheezy11 [09 Aug 2014] DSA-3001-1 wordpress - security update {CVE-2014-2053 CVE-2014-5204 CVE-2014-5205 CVE-2014-5240 CVE-2014-5265 CVE-2014-5266} [wheezy] - wordpress 3.6.1+dfsg-1~deb7u4 [09 Aug 2014] DSA-3000-1 krb5 - security update {CVE-2014-4341 CVE-2014-4342 CVE-2014-4343 CVE-2014-4344 CVE-2014-4345} [wheezy] - krb5 1.10.1+dfsg-5+deb7u2 [09 Aug 2014] DSA-2999-1 drupal7 - security update {CVE-2014-5265 CVE-2014-5266 CVE-2014-5267} [wheezy] - drupal7 7.14-2+deb7u6 [07 Aug 2014] DSA-2998-1 openssl - security update {CVE-2014-3505 CVE-2014-3506 CVE-2014-3507 CVE-2014-3508 CVE-2014-3509 CVE-2014-3510 CVE-2014-3511 CVE-2014-3512 CVE-2014-5139} [wheezy] - openssl 1.0.1e-2+deb7u12 [05 Aug 2014] DSA-2997-1 reportbug - security update {CVE-2014-0479} [wheezy] - reportbug 6.4.4+deb7u1 [03 Aug 2014] DSA-2996-1 icedove - security update {CVE-2014-1544 CVE-2014-1547 CVE-2014-1555 CVE-2014-1556 CVE-2014-1557} [wheezy] - icedove 24.7.0-1~deb7u1 [03 Aug 2014] DSA-2995-1 lzo2 - security update {CVE-2014-4607} [wheezy] - lzo2 2.06-1+deb7u1 [31 Jul 2014] DSA-2994-1 nss - security update {CVE-2013-1741 CVE-2013-5606 CVE-2014-1491 CVE-2014-1492} [wheezy] - nss 2:3.14.5-1+deb7u1 [31 Jul 2014] DSA-2993-1 tor - security update {CVE-2014-5117} [wheezy] - tor 0.2.4.23-1~deb7u1 [29 Jul 2014] DSA-2992-1 linux - security update {CVE-2014-3534 CVE-2014-4667 CVE-2014-4943} [wheezy] - linux 3.2.60-1+deb7u3 [27 Jul 2014] DSA-2991-1 modsecurity-apache - security update {CVE-2013-5705} [wheezy] - modsecurity-apache 2.6.6-6+deb7u2 [27 Jul 2014] DSA-2990-1 cups - security update {CVE-2014-3537 CVE-2014-5029 CVE-2014-5030 CVE-2014-5031} [wheezy] - cups 1.5.3-5+deb7u4 [24 Jul 2014] DSA-2989-1 apache2 - security update {CVE-2014-0118 CVE-2014-0226 CVE-2014-0231} [wheezy] - apache2 2.2.22-13+deb7u3 [24 Jul 2014] DSA-2988-1 transmission - security update {CVE-2014-4909} [wheezy] - transmission 2.52-3+nmu2 [23 Jul 2014] DSA-2987-1 openjdk-7 - security update {CVE-2014-2483 CVE-2014-2490 CVE-2014-4209 CVE-2014-4216 CVE-2014-4218 CVE-2014-4219 CVE-2014-4221 CVE-2014-4223 CVE-2014-4244 CVE-2014-4252 CVE-2014-4262 CVE-2014-4263 CVE-2014-4264 CVE-2014-4266 CVE-2014-4268} [wheezy] - openjdk-7 7u65-2.5.1-2~deb7u1 [23 Jul 2014] DSA-2986-1 iceweasel - security update {CVE-2014-1544 CVE-2014-1547 CVE-2014-1555 CVE-2014-1556 CVE-2014-1557} [wheezy] - iceweasel 24.7.0esr-1~deb7u1 [22 Jul 2014] DSA-2985-1 mysql-5.5 - security update {CVE-2014-2494 CVE-2014-4207 CVE-2014-4258 CVE-2014-4260} [wheezy] - mysql-5.5 5.5.38-0+wheezy1 [22 Jul 2014] DSA-2984-1 acpi-support - security update {CVE-2014-1419} [wheezy] - acpi-support 0.140-5+deb7u1 [20 Jul 2014] DSA-2983-1 drupal7 - security update {CVE-2014-5019 CVE-2014-5020 CVE-2014-5021 CVE-2014-5022} [wheezy] - drupal7 7.14-2+deb7u5 [19 Jul 2014] DSA-2982-1 ruby-activerecord-3.2 - security update {CVE-2014-3482 CVE-2014-3483} [wheezy] - ruby-activerecord-3.2 3.2.6-5+deb7u1 [18 Jul 2014] DSA-2981-1 polarssl - security update {CVE-2014-4911} [wheezy] - polarssl 1.2.9-1~deb7u3 [17 Jul 2014] DSA-2980-1 openjdk-6 - security update {CVE-2014-2490 CVE-2014-4209 CVE-2014-4216 CVE-2014-4218 CVE-2014-4219 CVE-2014-4244 CVE-2014-4252 CVE-2014-4262 CVE-2014-4263 CVE-2014-4266 CVE-2014-4268} [wheezy] - openjdk-6 6b32-1.13.4-1~deb7u1 [17 Jul 2014] DSA-2979-1 fail2ban - security update {CVE-2013-7176 CVE-2013-7177} [wheezy] - fail2ban 0.8.6-3wheezy3 [11 Jul 2014] DSA-2978-1 libxml2 - security update [wheezy] - libxml2 2.8.0+dfsg1-7+wheezy1 [11 Jul 2014] DSA-2977-1 libav - security update {CVE-2014-4609} [wheezy] - libav 6:0.8.13-1 [10 Jul 2014] DSA-2976-1 eglibc - security update {CVE-2014-0475} [wheezy] - eglibc 2.13-38+deb7u3 [09 Jul 2014] DSA-2975-1 phpmyadmin - security update {CVE-2013-4995 CVE-2013-4996 CVE-2013-5002 CVE-2013-5003 CVE-2014-1879} [wheezy] - phpmyadmin 4:3.4.11.1-2+deb7u1 [08 Jul 2014] DSA-2974-1 php5 - security update {CVE-2014-0207 CVE-2014-3478 CVE-2014-3479 CVE-2014-3480 CVE-2014-3487 CVE-2014-3515 CVE-2014-4721} [wheezy] - php5 5.4.4-14+deb7u12 [07 Jul 2014] DSA-2973-1 vlc - security update {CVE-2013-1868 CVE-2013-1954 CVE-2013-4388} [wheezy] - vlc 2.0.3-5+deb7u1 [06 Jul 2014] DSA-2972-1 linux - security update {CVE-2014-4699} [wheezy] - linux 3.2.60-1+deb7u1 [02 Jul 2014] DSA-2971-1 dbus - security update {CVE-2014-3477 CVE-2014-3532 CVE-2014-3533} [wheezy] - dbus 1.6.8-1+deb7u3 [29 Jun 2014] DSA-2970-1 cacti - security update {CVE-2014-2326 CVE-2014-2327 CVE-2014-2328 CVE-2014-2708 CVE-2014-2709 CVE-2014-4002} [wheezy] - cacti 0.8.8a+dfsg-5+deb7u3 [27 Jun 2014] DSA-2969-1 libemail-address-perl - security update {CVE-2014-0477 CVE-2014-4720} [wheezy] - libemail-address-perl 1.895-1+deb7u1 [27 Jun 2014] DSA-2968-1 gnupg2 - security update {CVE-2014-4617} [wheezy] - gnupg2 2.0.19-2+deb7u2 [25 Jun 2014] DSA-2967-1 gnupg - security update {CVE-2014-4617} [wheezy] - gnupg 1.4.12-7+deb7u4 [23 Jun 2014] DSA-2966-1 samba - security update {CVE-2014-0178 CVE-2014-0244 CVE-2014-3493} [wheezy] - samba 2:3.6.6-6+deb7u4 [22 Jun 2014] DSA-2965-1 tiff - security update {CVE-2013-4243} [wheezy] - tiff 4.0.2-6+deb7u3 [21 Jun 2014] DSA-2964-1 iodine - security update {CVE-2014-4168} [wheezy] - iodine 0.6.0~rc1-12+deb7u1 [17 Jun 2014] DSA-2963-1 lucene-solr - security update {CVE-2012-6612 CVE-2013-6397 CVE-2013-6407 CVE-2013-6408} [wheezy] - lucene-solr 3.6.0+dfsg-1+deb7u1 [17 Jun 2014] DSA-2962-1 nspr - security update {CVE-2014-1545} [wheezy] - nspr 2:4.9.2-1+deb7u2 [16 Jun 2014] DSA-2961-1 php5 - security update {CVE-2014-4049} [wheezy] - php5 5.4.4-14+deb7u11 [16 Jun 2014] DSA-2960-1 icedove - security update {CVE-2014-1533 CVE-2014-1538 CVE-2014-1541 CVE-2014-1545} [wheezy] - icedove 24.6.0-1~deb7u1 [14 Jun 2014] DSA-2959-1 chromium-browser - security update {CVE-2014-3154 CVE-2014-3155 CVE-2014-3156 CVE-2014-3157} [wheezy] - chromium-browser 35.0.1916.153-1~deb7u1 [12 Jun 2014] DSA-2958-1 apt - security update {CVE-2014-0478} [wheezy] - apt 0.9.7.9+deb7u2 [12 Jun 2014] DSA-2957-1 mediawiki - security update {CVE-2014-3966} [wheezy] - mediawiki 1:1.19.16+dfsg-0+deb7u1 [11 Jun 2014] DSA-2956-1 icinga - security update {CVE-2013-7106 CVE-2013-7107 CVE-2013-7108 CVE-2014-1878 CVE-2014-2386} [wheezy] - icinga 1.7.1-7 [11 Jun 2014] DSA-2955-1 iceweasel - security update {CVE-2014-1533 CVE-2014-1538 CVE-2014-1541 CVE-2014-1545} [wheezy] - iceweasel 24.6.0esr-1~deb7u1 [09 Jun 2014] DSA-2954-1 dovecot - security update {CVE-2014-3430} [wheezy] - dovecot 1:2.1.7-7+deb7u1 [08 Jun 2014] DSA-2953-1 dpkg - security update {CVE-2014-3864 CVE-2014-3865} [squeeze] - dpkg 1.15.11 [wheezy] - dpkg 1.16.15 [05 Jun 2014] DSA-2952-1 kfreebsd-9 - security update {CVE-2014-1453 CVE-2014-3000 CVE-2014-3880} [wheezy] - kfreebsd-9 9.0-10+deb70.7 [05 Jun 2014] DSA-2951-1 mupdf - security update {CVE-2014-2013} [wheezy] - mupdf 0.9-2+deb7u2 [05 Jun 2014] DSA-2950-1 openssl - security update {CVE-2014-0195 CVE-2014-0221 CVE-2014-0224 CVE-2014-3470} [wheezy] - openssl 1.0.1e-2+deb7u10 [05 Jun 2014] DSA-2949-1 linux - security update {CVE-2014-3144 CVE-2014-3145 CVE-2014-3153} [wheezy] - linux 3.2.57-3+deb7u2 [04 Jun 2014] DSA-2948-1 python-bottle - security update {CVE-2014-3137} [wheezy] - python-bottle 0.10.11-1+deb7u1 [04 Jun 2014] DSA-2947-1 libav - security update {CVE-2012-6618} [wheezy] - libav 6:0.8.12-1 [04 Jun 2014] DSA-2946-1 python-gnupg - security update {CVE-2013-7323 CVE-2014-1927 CVE-2014-1928 CVE-2014-1929} [wheezy] - python-gnupg 0.3.6-1~deb7u1 [03 Jun 2014] DSA-2945-1 chkrootkit - security update {CVE-2014-0476} [wheezy] - chkrootkit 0.49-4.1+deb7u2 [01 Jun 2014] DSA-2944-1 gnutls26 - security update {CVE-2014-3466} [wheezy] - gnutls26 2.12.20-8+deb7u2 [01 Jun 2014] DSA-2943-1 php5 - security update {CVE-2014-0185 CVE-2014-0237 CVE-2014-0238 CVE-2014-2270} [wheezy] - php5 5.4.4-14+deb7u10 [31 May 2014] DSA-2942-1 typo3-src - security update {CVE-2014-3941 CVE-2014-3942 CVE-2014-3943 CVE-2014-3944 CVE-2014-3945 CVE-2014-3946} [wheezy] - typo3-src 4.5.19+dfsg1-5+wheezy3 [01 Jun 2014] DSA-2941-1 lxml - security update {CVE-2014-3146} [wheezy] - lxml 2.3.2-1+deb7u1 [01 Jun 2014] DSA-2940-1 libstruts1.2-java - security update {CVE-2014-0114} [wheezy] - libstruts1.2-java 1.2.9-5+deb7u1 [31 May 2014] DSA-2939-1 chromium-browser - security update {CVE-2014-1743 CVE-2014-1744 CVE-2014-1745 CVE-2014-1746 CVE-2014-1747 CVE-2014-1748 CVE-2014-1749 CVE-2014-3803 CVE-2014-3152} [wheezy] - chromium-browser 35.0.1916.114-1~deb7u2 [27 May 2014] DSA-2938-1 squeeze-lts announcement NOTE: announcement for squeeze-lts [27 May 2014] DSA-2937-1 mod-wsgi - security update {CVE-2014-0240 CVE-2014-0242} [squeeze] - mod-wsgi 3.3-2+deb6u1 [wheezy] - mod-wsgi 3.3-4+deb7u1 [23 May 2014] DSA-2936-1 torque - security update {CVE-2014-0749} [squeeze] - torque 2.4.8+dfsg-9squeeze4 [wheezy] - torque 2.4.16+dfsg-1+deb7u3 [21 May 2014] DSA-2935-1 libgadu - security update {CVE-2014-3775} [wheezy] - libgadu 1:1.11.2-1+deb7u2 [19 May 2014] DSA-2934-1 python-django - security update {CVE-2014-0472 CVE-2014-0473 CVE-2014-0474 CVE-2014-1418 CVE-2014-3730} [squeeze] - python-django 1.2.3-3+squeeze10 [wheezy] - python-django 1.4.5-1+deb7u7 [19 May 2014] DSA-2933-1 qemu-kvm - security update {CVE-2013-4344 CVE-2014-2894} [wheezy] - qemu-kvm 1.1.2+dfsg-6+deb7u3 [19 May 2014] DSA-2932-1 qemu - security update {CVE-2013-4344 CVE-2014-2894} [wheezy] - qemu 1.1.2+dfsg-6a+deb7u3 [18 May 2014] DSA-2931-1 openssl - security update {CVE-2014-0198} [wheezy] - openssl 1.0.1e-2+deb7u9 [17 May 2014] DSA-2930-1 chromium-browser - security update {CVE-2014-1740 CVE-2014-1741 CVE-2014-1742} [wheezy] - chromium-browser 34.0.1847.137-1~deb7u1 [16 May 2014] DSA-2929-1 ruby-actionpack-3.2 - security update {CVE-2014-0081 CVE-2014-0082 CVE-2014-0130} [wheezy] - ruby-actionpack-3.2 3.2.6-6+deb7u2 [14 May 2014] DSA-2928-1 linux-2.6 - security update {CVE-2014-0196 CVE-2014-1737 CVE-2014-1738} [squeeze] - linux-2.6 2.6.32-48squeeze6 [13 May 2014] DSA-2927-1 libxfont - security update {CVE-2014-0209 CVE-2014-0210 CVE-2014-0211} [squeeze] - libxfont 1:1.4.1-5 [wheezy] - libxfont 1:1.4.5-4 [12 May 2014] DSA-2926-1 linux - security update {CVE-2014-0196 CVE-2014-1737 CVE-2014-1738 CVE-2014-2851 CVE-2014-3122} [wheezy] - linux 3.2.57-3+deb7u1 [08 May 2014] DSA-2925-1 rxvt-unicode - security update {CVE-2014-3121} [squeeze] - rxvt-unicode 9.07-2+deb6u1 [wheezy] - rxvt-unicode 9.15-2+deb7u1 [05 May 2014] DSA-2924-1 icedove - security update {CVE-2014-1518 CVE-2014-1523 CVE-2014-1524 CVE-2014-1529 CVE-2014-1530 CVE-2014-1531 CVE-2014-1532} [wheezy] - icedove 24.5.0-1~deb7u1 [05 May 2014] DSA-2923-1 openjdk-7 - security update {CVE-2013-6629 CVE-2013-6954 CVE-2014-0429 CVE-2014-0446 CVE-2014-0451 CVE-2014-0452 CVE-2014-0453 CVE-2014-0454 CVE-2014-0455 CVE-2014-0456 CVE-2014-0457 CVE-2014-0458 CVE-2014-0459 CVE-2014-0460 CVE-2014-0461 CVE-2014-1876 CVE-2014-2397 CVE-2014-2398 CVE-2014-2402 CVE-2014-2403 CVE-2014-2412 CVE-2014-2413 CVE-2014-2414 CVE-2014-2421 CVE-2014-2423 CVE-2014-2427} [wheezy] - openjdk-7 7u55-2.4.7-1~deb7u1 [05 May 2014] DSA-2922-1 strongswan - security update {CVE-2014-2891} [squeeze] - strongswan 4.4.1-5.6 [wheezy] - strongswan 4.5.2-1.5+deb7u4 [04 May 2014] DSA-2921-1 xbuffy - security update {CVE-2014-0469} [squeeze] - xbuffy 3.3.bl.3.dfsg-8+deb6u1 [wheezy] - xbuffy 3.3.bl.3.dfsg-8+deb7u1 [03 May 2014] DSA-2920-1 chromium-browser - security update {CVE-2014-1730 CVE-2014-1731 CVE-2014-1732 CVE-2014-1733 CVE-2014-1734 CVE-2014-1735 CVE-2014-1736} [wheezy] - chromium-browser 34.0.1847.132-1~deb7u1 [03 May 2014] DSA-2919-1 mysql-5.5 - security update {CVE-2014-0001 CVE-2014-0384 CVE-2014-2419 CVE-2014-2430 CVE-2014-2431 CVE-2014-2432 CVE-2014-2436 CVE-2014-2438 CVE-2014-2440} [wheezy] - mysql-5.5 5.5.37-0+wheezy1 [30 Apr 2014] DSA-2915-2 dpkg - security update {CVE-2014-3127 CVE-2014-3227} [squeeze] - dpkg 1.15.10 [wheezy] - dpkg 1.16.14 [30 Apr 2014] DSA-2918-1 iceweasel - security update {CVE-2014-1518 CVE-2014-1523 CVE-2014-1524 CVE-2014-1529 CVE-2014-1530 CVE-2014-1531 CVE-2014-1532} [wheezy] - iceweasel 24.5.0esr-1~deb7u1 [28 Apr 2014] DSA-2917-1 super - security update {CVE-2014-0470} [squeeze] - super 3.30.0-3+squeeze2 [wheezy] - super 3.30.0-6+deb7u1 [28 Apr 2014] DSA-2916-1 libmms - security update {CVE-2014-2892} [squeeze] - libmms 0.6-1+squeeze2 [wheezy] - libmms 0.6.2-3+deb7u1 [28 Apr 2014] DSA-2915-1 dpkg - security update {CVE-2014-0471} [squeeze] - dpkg 1.15.9 [wheezy] - dpkg 1.16.13 [25 Apr 2014] DSA-2914-1 drupal6 - security update {CVE-2014-2983} [squeeze] - drupal6 6.31-1 [25 Apr 2014] DSA-2913-1 drupal7 - security update {CVE-2014-2983} [wheezy] - drupal7 7.14-2+deb7u4 [24 Apr 2014] DSA-2912-1 openjdk-6 - security update {CVE-2014-0429 CVE-2014-0446 CVE-2014-0451 CVE-2014-0452 CVE-2014-0453 CVE-2014-0456 CVE-2014-0457 CVE-2014-0458 CVE-2014-0459 CVE-2014-0460 CVE-2014-0461 CVE-2014-0462 CVE-2014-1876 CVE-2014-2397 CVE-2014-2398 CVE-2014-2403 CVE-2014-2405 CVE-2014-2412 CVE-2014-2414 CVE-2014-2421 CVE-2014-2423 CVE-2014-2427} [squeeze] - openjdk-6 6b31-1.13.3-1~deb6u1 [wheezy] - openjdk-6 6b31-1.13.3-1~deb7u1 [22 Apr 2014] DSA-2808-2 openjpeg - regression update [squeeze] - openjpeg 1.3+dfsg-4+squeeze3 [wheezy] - openjpeg 1.3+dfsg-4.8 [22 Apr 2014] DSA-2911-1 icedove - security update {CVE-2014-1493 CVE-2014-1497 CVE-2014-1505 CVE-2014-1508 CVE-2014-1509 CVE-2014-1510 CVE-2014-1511 CVE-2014-1512 CVE-2014-1513 CVE-2014-1514} [wheezy] - icedove 24.4.0-1~deb7u1 [18 Apr 2014] DSA-2910-1 qemu-kvm - security update {CVE-2014-0150} [squeeze] - qemu-kvm 0.12.5+dfsg-5+squeeze11 [wheezy] - qemu-kvm 1.1.2+dfsg-6+deb7u1 [18 Apr 2014] DSA-2909-1 qemu - security update {CVE-2014-0150} [squeeze] - qemu 0.12.5+dfsg-3squeeze4 [wheezy] - qemu 1.1.2+dfsg-6a+deb7u1 [17 Apr 2014] DSA-2908-1 openssl - security update {CVE-2010-5298 CVE-2014-0076} [wheezy] - openssl 1.0.1e-2+deb7u7 [16 Apr 2014] DSA-2907-1 squeeze end-of-life NOTE: end of security support for squeeze [24 Apr 2014] DSA-2906-1 linux-2.6 - several {CVE-2013-0343 CVE-2013-2147 CVE-2013-2889 CVE-2013-2893 CVE-2013-2929 CVE-2013-4162 CVE-2013-4299 CVE-2013-4345 CVE-2013-4511 CVE-2013-4512 CVE-2013-4587 CVE-2013-4588 CVE-2013-6367 CVE-2013-6380 CVE-2013-6381 CVE-2013-6382 CVE-2013-6383 CVE-2013-7263 CVE-2013-7264 CVE-2013-7265 CVE-2013-7339 CVE-2014-0101 CVE-2014-1444 CVE-2014-1445 CVE-2014-1446 CVE-2014-1874 CVE-2014-2039 CVE-2014-2523 CVE-2013-6378} [squeeze] - linux-2.6 2.6.32-48squeeze5 [15 Apr 2014] DSA-2905-1 chromium-browser - security update {CVE-2014-1716 CVE-2014-1717 CVE-2014-1718 CVE-2014-1719 CVE-2014-1720 CVE-2014-1721 CVE-2014-1722 CVE-2014-1723 CVE-2014-1724 CVE-2014-1725 CVE-2014-1726 CVE-2014-1727 CVE-2014-1728 CVE-2014-1729} [wheezy] - chromium-browser 34.0.1847.116-1~deb7u1 [15 Apr 2014] DSA-2904-1 virtualbox - security update {CVE-2014-0981 CVE-2014-0983} [squeeze] - virtualbox-ose 3.2.10-dfsg-1+squeeze3 [wheezy] - virtualbox 4.1.18-dfsg-2+deb7u3 [14 Apr 2014] DSA-2903-1 strongswan - security update {CVE-2014-2338} [squeeze] - strongswan 4.4.1-5.5 [wheezy] - strongswan 4.5.2-1.5+deb7u3 [13 Apr 2014] DSA-2902-1 curl - security update {CVE-2014-0138 CVE-2014-0139} [squeeze] - curl 7.21.0-2.1+squeeze8 [wheezy] - curl 7.26.0-1+wheezy9 [12 Apr 2014] DSA-2901-1 wordpress - security update {CVE-2014-0165 CVE-2014-0166} [squeeze] - wordpress 3.6.1+dfsg-1~deb6u2 [wheezy] - wordpress 3.6.1+dfsg-1~deb7u2 [10 Apr 2014] DSA-2900-1 jbigkit - security update {CVE-2013-6369} [wheezy] - jbigkit 2.0-2+deb7u1 [09 Apr 2014] DSA-2899-1 openafs - security update {CVE-2014-0159 CVE-2014-2852} [squeeze] - openafs 1.4.12.1+dfsg-4+squeeze3 [wheezy] - openafs 1.6.1-3+deb7u2 [09 Apr 2014] DSA-2898-1 imagemagick - security update {CVE-2014-1947 CVE-2014-1958 CVE-2014-2030} [squeeze] - imagemagick 8:6.6.0.4-3+squeeze4 [wheezy] - imagemagick 8:6.7.7.10-5+deb7u3 [08 Apr 2014] DSA-2897-1 tomcat7 - security update {CVE-2012-3544 CVE-2013-2067 CVE-2013-2071 CVE-2013-4286 CVE-2013-4322 CVE-2014-0050} [wheezy] - tomcat7 7.0.28-4+deb7u1 [07 Apr 2014] DSA-2896-1 openssl - security update {CVE-2014-0160} [wheezy] - openssl 1.0.1e-2+deb7u5 [06 Apr 2014] DSA-2895-1 prosody - security update {CVE-2014-2744 CVE-2014-2745} [wheezy] - prosody 0.8.2-4+deb7u1 [05 Apr 2014] DSA-2894-1 openssh - security update {CVE-2014-2532 CVE-2014-2653} [squeeze] - openssh 1:5.5p1-6+squeeze5 [wheezy] - openssh 1:6.0p1-4+deb7u1 [31 Mar 2014] DSA-2893-1 openswan - security update {CVE-2013-2053 CVE-2013-6466} [squeeze] - openswan 1:2.6.28+dfsg-5+squeeze2 [wheezy] - openswan 1:2.6.37-3+deb7u1 [31 Mar 2014] DSA-2892-1 a2ps - security update {CVE-2001-1593 CVE-2014-0466} [squeeze] - a2ps 1:4.14-1.1+deb6u1 [wheezy] - a2ps 1:4.14-1.1+deb7u1 [30 Mar 2014] DSA-2891-1 mediawiki - security update {CVE-2013-2031 CVE-2013-2032 CVE-2013-4567 CVE-2013-4568 CVE-2013-4572 CVE-2013-6452 CVE-2013-6453 CVE-2013-6454 CVE-2013-6472 CVE-2014-1610 CVE-2014-2665} [wheezy] - mediawiki 1:1.19.14+dfsg-0+deb7u1 [wheezy] - mediawiki-extensions 3.5~deb7u1 [29 Mar 2014] DSA-2890-1 libspring-java - security update {CVE-2014-0054 CVE-2014-1904} [wheezy] - libspring-java 3.0.6.RELEASE-6+deb7u3 [28 Mar 2014] DSA-2889-1 postfixadmin - security update {CVE-2014-2655} [wheezy] - postfixadmin 2.3.5-2+deb7u1 [27 Mar 2014] DSA-2888-1 ruby-actionpack-3.2 - security update {CVE-2013-4389 CVE-2013-4491 CVE-2013-6414 CVE-2013-6415 CVE-2013-6417} [wheezy] - ruby-actionpack-3.2 3.2.6-6+deb7u1 [27 Mar 2014] DSA-2887-1 ruby-actionmailer-3.2 - security update {CVE-2013-4389} [wheezy] - ruby-actionmailer-3.2 3.2.6-2+deb7u1 [26 Mar 2014] DSA-2886-1 libxalan2-java - security update {CVE-2014-0107} [squeeze] - libxalan2-java 2.7.1-5+deb6u1 [wheezy] - libxalan2-java 2.7.1-7+deb7u1 [26 Mar 2014] DSA-2885-1 libyaml-libyaml-perl - security update {CVE-2014-2525} [squeeze] - libyaml-libyaml-perl 0.33-1+squeeze3 [wheezy] - libyaml-libyaml-perl 0.38-3+deb7u2 [26 Mar 2014] DSA-2884-1 libyaml - security update {CVE-2014-2525} [squeeze] - libyaml 0.1.3-1+deb6u4 [wheezy] - libyaml 0.1.4-2+deb7u4 [23 Mar 2014] DSA-2883-1 chromium-browser - security update {CVE-2013-6653 CVE-2013-6654 CVE-2013-6655 CVE-2013-6656 CVE-2013-6657 CVE-2013-6658 CVE-2013-6659 CVE-2013-6660 CVE-2013-6661 CVE-2013-6663 CVE-2013-6664 CVE-2013-6665 CVE-2013-6666 CVE-2013-6667 CVE-2013-6668 CVE-2014-1700 CVE-2014-1701 CVE-2014-1702 CVE-2014-1703 CVE-2014-1704 CVE-2014-1705 CVE-2014-1713 CVE-2014-1715} [wheezy] - chromium-browser 33.0.1750.152-1~deb7u1 [20 Mar 2014] DSA-2882-1 extplorer - security update {CVE-2013-5951} [squeeze] - extplorer 2.1.0b6+dfsg.2-1+squeeze2 [wheezy] - extplorer 2.1.0b6+dfsg.3-4+deb7u1 [19 Mar 2014] DSA-2859-2 pidgin - security update {CVE-2013-6485 CVE-2013-6490} [squeeze] - pidgin 2.7.3-1+squeeze4 [19 Mar 2014] DSA-2881-1 iceweasel - security update {CVE-2014-1493 CVE-2014-1497 CVE-2014-1505 CVE-2014-1508 CVE-2014-1509 CVE-2014-1510 CVE-2014-1511 CVE-2014-1512 CVE-2014-1513 CVE-2014-1514} [wheezy] - iceweasel 24.4.0esr-1~deb7u2 [17 Mar 2014] DSA-2880-1 python2.7 - security update {CVE-2013-4238 CVE-2014-1912} [wheezy] - python2.7 2.7.3-6+deb7u2 [13 Mar 2014] DSA-2879-1 libssh - security update {CVE-2014-0017} [squeeze] - libssh 0.4.5-3+squeeze2 [wheezy] - libssh 0.5.4-1+deb7u1 [13 Mar 2014] DSA-2878-1 virtualbox - security update {CVE-2013-5892 CVE-2014-0404 CVE-2014-0406 CVE-2014-0407} [squeeze] - virtualbox-ose 3.2.10-dfsg-1+squeeze2 [wheezy] - virtualbox 4.1.18-dfsg-2+deb7u2 [12 Mar 2014] DSA-2877-1 lighttpd - security update {CVE-2014-2323 CVE-2014-2324} [squeeze] - lighttpd 1.4.28-2+squeeze1.6 [wheezy] - lighttpd 1.4.31-4+deb7u3 [12 Mar 2014] DSA-2876-1 cups - security update {CVE-2013-6474 CVE-2013-6475 CVE-2013-6476} [squeeze] - cups 1.4.4-7+squeeze4 [12 Mar 2014] DSA-2875-1 cups-filters - security update {CVE-2013-6474 CVE-2013-6475 CVE-2013-6476} [wheezy] - cups-filters 1.0.18-2.1+deb7u1 [12 Mar 2014] DSA-2874-1 mutt - security update {CVE-2014-0467} [squeeze] - mutt 1.5.20-9+squeeze3 [wheezy] - mutt 1.5.21-6.2+deb7u2 [11 Mar 2014] DSA-2873-1 file - several {CVE-2014-2270 CVE-2013-7345} [squeeze] - file 5.04-5+squeeze4 [wheezy] - file 5.11-2+deb7u2 [10 Mar 2014] DSA-2872-1 udisks - buffer overflow {CVE-2014-0004} [squeeze] - udisks 1.0.1+git20100614-3squeeze1 [wheezy] - udisks 1.0.4-7wheezy1 [10 Mar 2014] DSA-2871-1 wireshark - several {CVE-2014-2281 CVE-2014-2283 CVE-2014-2299} [squeeze] - wireshark 1.2.11-6+squeeze14 [wheezy] - wireshark 1.8.2-5wheezy10 [08 Mar 2014] DSA-2870-1 libyaml-libyaml-perl - heap-based buffer overflow {CVE-2013-6393} [squeeze] - libyaml-libyaml-perl 0.33-1+squeeze2 [wheezy] - libyaml-libyaml-perl 0.38-3+deb7u1 [03 Mar 2014] DSA-2869-1 gnutls26 - incorrect certificate verification {CVE-2014-0092} [squeeze] - gnutls26 2.8.6-1+squeeze3 [wheezy] - gnutls26 2.12.20-8+deb7u1 [02 Mar 2014] DSA-2868-1 php5 - denial of service {CVE-2014-1943 CVE-2014-8117} [squeeze] - php5 5.3.3-7+squeeze19 [wheezy] - php5 5.4.4-14+deb7u8 [23 Feb 2014] DSA-2867-1 otrs2 - several {CVE-2014-1471 CVE-2014-1694} [squeeze] - otrs2 2.4.9+dfsg1-3+squeeze5 [wheezy] - otrs2 3.1.7+dfsg1-8+deb7u4 [22 Feb 2014] DSA-2866-1 gnutls26 - certificate verification flaw {CVE-2014-1959} [wheezy] - gnutls26 2.12.20-8 [20 Feb 2014] DSA-2865-1 postgresql-9.1 - several {CVE-2014-0060 CVE-2014-0061 CVE-2014-0062 CVE-2014-0063 CVE-2014-0064 CVE-2014-0065 CVE-2014-0066 CVE-2014-0067 CVE-2014-2669} [wheezy] - postgresql-9.1 9.1.12-0wheezy1 [20 Feb 2014] DSA-2864-1 postgresql-8.4 - several {CVE-2014-0060 CVE-2014-0061 CVE-2014-0062 CVE-2014-0063 CVE-2014-0064 CVE-2014-0065 CVE-2014-0066 CVE-2014-0067} [squeeze] - postgresql-8.4 8.4.20-0squeeze1 [18 Feb 2014] DSA-2863-1 libtar - directory traversal {CVE-2013-4420} [squeeze] - libtar 1.2.11-6+deb6u2 [wheezy] - libtar 1.2.16-1+deb7u2 [16 Feb 2014] DSA-2862-1 chromium-browser - several {CVE-2013-6641 CVE-2013-6643 CVE-2013-6644 CVE-2013-6645 CVE-2013-6646 CVE-2013-6649 CVE-2013-6650} [wheezy] - chromium-browser 32.0.1700.123-1~deb7u1 [16 Feb 2014] DSA-2861-1 file - denial of service {CVE-2014-1943} [squeeze] - file 5.04-5+squeeze3 [wheezy] - file 5.11-2+deb7u1 [11 Feb 2014] DSA-2860-1 parcimonie - information disclosure {CVE-2014-1921} [wheezy] - parcimonie 0.7.1-1+deb7u1 [10 Feb 2014] DSA-2859-1 pidgin - several {CVE-2013-6477 CVE-2013-6478 CVE-2013-6479 CVE-2013-6481 CVE-2013-6482 CVE-2013-6483 CVE-2013-6484 CVE-2013-6485 CVE-2013-6487 CVE-2013-6489 CVE-2013-6490 CVE-2014-0020} [wheezy] - pidgin 2.10.9-1~deb7u1 [10 Feb 2014] DSA-2858-1 iceweasel - several {CVE-2014-1477 CVE-2014-1479 CVE-2014-1481 CVE-2014-1482 CVE-2014-1486 CVE-2014-1487 CVE-2014-1490 CVE-2014-1491} [wheezy] - iceweasel 24.3.0esr-1~deb7u1 [08 Feb 2014] DSA-2857-1 libspring-java - several {CVE-2013-6429 CVE-2013-6430} [wheezy] - libspring-java 3.0.6.RELEASE-6+deb7u2 [07 Feb 2014] DSA-2856-1 libcommons-fileupload-java - security update {CVE-2014-0050} [squeeze] - libcommons-fileupload-java 1.2.2-1+deb6u2 [wheezy] - libcommons-fileupload-java 1.2.2-1+deb7u2 [05 Feb 2014] DSA-2855-1 libav - several {CVE-2011-3944 CVE-2013-0845 CVE-2013-0846 CVE-2013-0849 CVE-2013-0865 CVE-2013-7010 CVE-2013-7014 CVE-2013-7015} [wheezy] - libav 6:0.8.10-1 [05 Feb 2014] DSA-2854-1 mumble - several {CVE-2014-0044 CVE-2014-0045} [wheezy] - mumble 1.2.3-349-g315b5f5-2.2+deb7u1 [05 Feb 2014] DSA-2853-1 horde3 - Remote code execution {CVE-2014-1691} [squeeze] - horde3 3.3.8+debian0-3 [03 Feb 2014] DSA-2852-1 libgadu - heap-based buffer overflow {CVE-2013-6487} [wheezy] - libgadu 1:1.11.2-1+deb7u1 [squeeze] - libgadu 1:1.9.0-2+squeeze2 [02 Feb 2014] DSA-2851-1 drupal6 - impersonation {CVE-2014-1475} [squeeze] - drupal6 6.30-1 [31 Jan 2014] DSA-2850-1 libyaml - heap-based buffer overflow {CVE-2013-6393} [squeeze] - libyaml 0.1.3-1+deb6u2 [wheezy] - libyaml 0.1.4-2+deb7u2 [31 Jan 2014] DSA-2849-1 curl - information disclosure {CVE-2014-0015} [squeeze] - curl 7.21.0-2.1+squeeze7 [wheezy] - curl 7.26.0-1+wheezy8 [23 Jan 2014] DSA-2826-2 denyhosts - denyhosts regression update [squeeze] - denyhosts 2.6-7+deb6u3 [wheezy] - denyhosts 2.6-10+deb7u3 [23 Jan 2014] DSA-2848-1 mysql-5.5 - several {CVE-2013-5891 CVE-2013-5908 CVE-2014-0386 CVE-2014-0393 CVE-2014-0401 CVE-2014-0402 CVE-2014-0412 CVE-2014-0420 CVE-2014-0437} [wheezy] - mysql-5.5 5.5.35+dfsg-0+wheezy1 [20 Jan 2014] DSA-2847-1 drupal7 - several {CVE-2014-1475 CVE-2014-1476} [wheezy] - drupal7 7.14-2+deb7u2 [17 Jan 2014] DSA-2846-1 libvirt - several {CVE-2013-6458 CVE-2014-1447} [wheezy] - libvirt 0.9.12.3-1 [17 Jan 2014] DSA-2845-1 mysql-5.1 - several {CVE-2013-5908 CVE-2014-0386 CVE-2014-0393 CVE-2014-0401 CVE-2014-0402 CVE-2014-0412 CVE-2014-0437} [squeeze] - mysql-5.1 5.1.73-1 [15 Jan 2014] DSA-2844-1 djvulibre - arbitrary code execution {CVE-2012-6535} [squeeze] - djvulibre 3.5.23-3+squeeze1 [13 Jan 2014] DSA-2843-1 graphviz - buffer overflow {CVE-2014-0978 CVE-2014-1236} [squeeze] - graphviz 2.26.3-5+squeeze2 [wheezy] - graphviz 2.26.3-14+deb7u1 [13 Jan 2014] DSA-2842-1 libspring-java - several {CVE-2013-4152 CVE-2013-7315} [wheezy] - libspring-java 3.0.6.RELEASE-6+deb7u1 [11 Jan 2014] DSA-2841-1 movabletype-opensource - cross-site scripting {CVE-2014-0977} [squeeze] - movabletype-opensource 4.3.8+dfsg-0+squeeze4 [wheezy] - movabletype-opensource 5.1.4+dfsg-4+deb7u1 [10 Jan 2014] DSA-2840-1 srtp - buffer overflow {CVE-2013-2139} [squeeze] - srtp 1.4.4~dfsg-6+deb6u1 [wheezy] - srtp 1.4.4+20100615~dfsg-2+deb7u1 [08 Jan 2014] DSA-2839-1 spice - denial of service {CVE-2013-4130 CVE-2013-4282} [wheezy] - spice 0.11.0-1+deb7u1 [07 Jan 2014] DSA-2838-1 libxfont - buffer overflow {CVE-2013-6462} [squeeze] - libxfont 1:1.4.1-4 [wheezy] - libxfont 1:1.4.5-3 [07 Jan 2014] DSA-2837-1 openssl - programming error {CVE-2013-4353} [wheezy] - openssl 1.0.1e-2+deb7u3 [05 Jan 2014] DSA-2836-1 devscripts - arbitrary code execution {CVE-2013-6888 CVE-2013-7325} [wheezy] - devscripts 2.12.6+deb7u2 [05 Jan 2014] DSA-2835-1 asterisk - buffer overflow {CVE-2013-7100} [squeeze] - asterisk 1:1.6.2.9-2+squeeze12 [wheezy] - asterisk 1:1.8.13.1~dfsg1-3+deb7u3 [01 Jan 2014] DSA-2834-1 typo3-src - several {CVE-2013-7073 CVE-2013-7074 CVE-2013-7075 CVE-2013-7076 CVE-2013-7078 CVE-2013-7079 CVE-2013-7080 CVE-2013-7081} [squeeze] - typo3-src 4.3.9+dfsg1-1+squeeze9 [wheezy] - typo3-src 4.5.19+dfsg1-5+wheezy2 [01 Jan 2014] DSA-2833-1 openssl - several {CVE-2013-6449 CVE-2013-6450} [wheezy] - openssl 1.0.1e-2+deb7u1 [01 Jan 2014] DSA-2832-1 memcached - several {CVE-2011-4971 CVE-2013-7239} [squeeze] - memcached 1.4.5-1+deb6u1 [wheezy] - memcached 1.4.13-0.2+deb7u1 [31 Dec 2013] DSA-2831-1 puppet - insecure temporary files {CVE-2013-4969} [squeeze] - puppet 2.6.2-5+squeeze9 [wheezy] - puppet 2.7.23-1~deb7u2 [30 Dec 2013] DSA-2830-1 ruby-i18n - cross-site scripting {CVE-2013-4492} [wheezy] - ruby-i18n 0.6.0-3+deb7u1 [28 Dec 2013] DSA-2829-1 hplip - several {CVE-2013-0200 CVE-2013-4325 CVE-2013-6402 CVE-2013-6427} [squeeze] - hplip 3.10.6-2+squeeze2 [wheezy] - hplip 3.12.6-3.1+deb7u1 [28 Dec 2013] DSA-2828-1 drupal6 - several {CVE-2013-6385 CVE-2013-6386} [squeeze] - drupal6 6.29-1 [24 Dec 2013] DSA-2827-1 libcommons-fileupload-java - arbitrary file upload via deserialization {CVE-2013-2186} [squeeze] - libcommons-fileupload-java 1.2.2-1+deb6u1 [wheezy] - libcommons-fileupload-java 1.2.2-1+deb7u1 [22 Dec 2013] DSA-2826-1 denyhosts - Remote denial of ssh service {CVE-2013-6890} [squeeze] - denyhosts 2.6-7+deb6u2 [wheezy] - denyhosts 2.6-10+deb7u2 [20 Dec 2013] DSA-2825-1 wireshark - several {CVE-2013-7113 CVE-2013-7114} [wheezy] - wireshark 1.8.2-5wheezy9 [19 Dec 2013] DSA-2824-1 curl - unchecked tls/ssl certificate host name {CVE-2013-6422} [wheezy] - curl 7.26.0-1+wheezy7 [18 Dec 2013] DSA-2823-1 pixman - integer underflow {CVE-2013-6425} [squeeze] - pixman 0.16.4-1+deb6u1 [wheezy] - pixman 0.26.0-4+deb7u1 [18 Dec 2013] DSA-2822-1 xorg-server - integer underflow {CVE-2013-6424} [squeeze] - xorg-server 2:1.7.7-18 [wheezy] - xorg-server 2:1.12.4-6+deb7u2 [18 Dec 2013] DSA-2821-1 gnupg - side channel attack {CVE-2013-4576} [squeeze] - gnupg 1.4.10-4+squeeze4 [wheezy] - gnupg 1.4.12-7+deb7u3 [17 Dec 2013] DSA-2820-1 nspr - integer overflow {CVE-2013-5607} [squeeze] - nspr 4.8.6-1+squeeze1 [wheezy] - nspr 2:4.9.2-1+deb7u1 [16 Dec 2013] DSA-2819-1 iceape - several [16 Dec 2013] DSA-2818-1 mysql-5.5 - several {CVE-2013-1861 CVE-2013-2162 CVE-2013-3783 CVE-2013-3793 CVE-2013-3802 CVE-2013-3804 CVE-2013-3809 CVE-2013-3812 CVE-2013-3839 CVE-2013-5807} [wheezy] - mysql-5.5 5.5.33+dfsg-0+wheezy1 [14 Dec 2013] DSA-2817-1 libtar - Multiple integer overflows {CVE-2013-4397} [squeeze] - libtar 1.2.11-6+deb6u1 [wheezy] - libtar 1.2.16-1+deb7u1 [12 Dec 2013] DSA-2816-1 php5 - several {CVE-2013-6420 CVE-2013-6712} [squeeze] - php5 5.3.3-7+squeeze18 [wheezy] - php5 5.4.4-14+deb7u7 [09 Dec 2013] DSA-2815-1 munin - denial of service {CVE-2013-6048 CVE-2013-6359} [wheezy] - munin 2.0.6-4+deb7u2 [09 Dec 2013] DSA-2814-1 varnish - denial of service {CVE-2013-4484} [squeeze] - varnish 2.1.3-8+deb6u1 [wheezy] - varnish 3.0.2-2+deb7u1 [09 Dec 2013] DSA-2813-1 gimp - several {CVE-2013-1913 CVE-2013-1978} [squeeze] - gimp 2.6.10-1+squeeze4 [wheezy] - gimp 2.8.2-2+deb7u1 [09 Dec 2013] DSA-2812-1 samba - several {CVE-2013-4408 CVE-2013-4475} [squeeze] - samba 2:3.5.6~dfsg-3squeeze11 [wheezy] - samba 2:3.6.6-6+deb7u2 [07 Dec 2013] DSA-2811-1 chromium-browser - several {CVE-2013-6634 CVE-2013-6635 CVE-2013-6636 CVE-2013-6637 CVE-2013-6638 CVE-2013-6639 CVE-2013-6640 CVE-2014-1681} [wheezy] - chromium-browser 31.0.1650.63-1~deb7u1 [04 Dec 2013] DSA-2810-1 ruby1.9.1 - heap overflow {CVE-2013-4164} [squeeze] - ruby1.9.1 1.9.2.0-2+deb6u2 [wheezy] - ruby1.9.1 1.9.3.194-8.1+deb7u2 [04 Dec 2013] DSA-2809-1 ruby1.8 - several {CVE-2013-1821 CVE-2013-4073 CVE-2013-4164} [squeeze] - ruby1.8 1.8.7.302-2squeeze2 [wheezy] - ruby1.8 1.8.7.358-7.1+deb7u1 [03 Dec 2013] DSA-2808-1 openjpeg - several {CVE-2013-1447 CVE-2013-6045 CVE-2013-6052 CVE-2013-6054} [squeeze] - openjpeg 1.3+dfsg-4+squeeze2 [wheezy] - openjpeg 1.3+dfsg-4.7 [30 Nov 2013] DSA-2807-1 links2 - integer overflow {CVE-2013-6050} [squeeze] - links2 2.3~pre1-1+squeeze2 [wheezy] - links2 2.7-1+deb7u1 [29 Nov 2013] DSA-2806-1 nbd - privilege escalation {CVE-2013-6410} [squeeze] - nbd 1:2.9.16-8+squeeze1 [wheezy] - nbd 1:3.2-4~deb7u4 [27 Nov 2013] DSA-2805-1 sup-mail - remote command injection {CVE-2013-4478 CVE-2013-4479} [squeeze] - sup-mail 0.11-2+nmu1+deb6u1 [wheezy] - sup-mail 0.12.1+git20120407.aaa852f-1+deb7u1 [26 Nov 2013] DSA-2804-1 drupal7 - several {CVE-2013-6385 CVE-2013-6386 CVE-2013-6387 CVE-2013-6388 CVE-2013-6389} [wheezy] - drupal7 7.14-2+deb7u1 [26 Nov 2013] DSA-2803-1 quagga - several {CVE-2013-2236 CVE-2013-6051} [squeeze] - quagga 0.99.20.1-0+squeeze5 [wheezy] - quagga 0.99.22.4-1+wheezy1 [21 Nov 2013] DSA-2802-1 nginx - restriction bypass {CVE-2013-4547} [wheezy] - nginx 1.2.1-2.2+wheezy2 [21 Nov 2013] DSA-2801-1 libhttp-body-perl - design error {CVE-2013-4407} [wheezy] - libhttp-body-perl 1.11-1+deb7u1 [25 Nov 2013] DSA-2800-1 nss - buffer overflow {CVE-2013-5605} [squeeze] - nss 3.12.8-1+squeeze7 [wheezy] - nss 2:3.14.5-1 [16 Nov 2013] DSA-2799-1 chromium-browser - several {CVE-2013-2931 CVE-2013-6621 CVE-2013-6622 CVE-2013-6623 CVE-2013-6624 CVE-2013-6625 CVE-2013-6626 CVE-2013-6627 CVE-2013-6628 CVE-2013-6629 CVE-2013-6630 CVE-2013-6631 CVE-2013-6632 CVE-2013-6802} [wheezy] - chromium-browser 31.0.1650.57-1~deb7u1 [17 Nov 2013] DSA-2798-1 curl - unchecked ssl certificate host name {CVE-2013-4545} [squeeze] - curl 7.21.0-2.1+squeeze5 [wheezy] - curl 7.26.0-1+wheezy5 [13 Nov 2013] DSA-2797-1 icedove - several {CVE-2013-5590 CVE-2013-5595 CVE-2013-5597 CVE-2013-5599 CVE-2013-5600 CVE-2013-5601 CVE-2013-5602 CVE-2013-5604} [wheezy] - icedove 17.0.10-1~deb7u1 [13 Nov 2013] DSA-2796-1 torque - arbitrary code execution {CVE-2013-4495} [squeeze] - torque 2.4.8+dfsg-9squeeze3 [wheezy] - torque 2.4.16+dfsg-1+deb7u2 [13 Nov 2013] DSA-2795-1 lighttpd - several {CVE-2013-4508 CVE-2013-4559 CVE-2013-4560} [squeeze] - lighttpd 1.4.28-2+squeeze1.4 [wheezy] - lighttpd 1.4.31-4+deb7u1 [10 Nov 2013] DSA-2794-1 spip - several {CVE-2013-4555 CVE-2013-4556 CVE-2013-4557} [squeeze] - spip 2.1.1-3squeeze7 [wheezy] - spip 2.1.17-1+deb7u2 [09 Nov 2013] DSA-2793-1 libav - several {CVE-2013-0844 CVE-2013-0850 CVE-2013-0853 CVE-2013-0854 CVE-2013-0857 CVE-2013-0858 CVE-2013-0866} [wheezy] - libav 6:0.8.9-1 [04 Nov 2013] DSA-2792-1 wireshark - several {CVE-2013-6336 CVE-2013-6337 CVE-2013-6338 CVE-2013-6340} [squeeze] - wireshark 1.2.11-6+squeeze13 [wheezy] - wireshark 1.8.2-5wheezy7 [04 Nov 2013] DSA-2791-1 tryton-client - missing input sanitization {CVE-2013-4510} [squeeze] - tryton-client 1.6.1-1+deb6u1 [wheezy] - tryton-client 2.2.3-1+deb7u1 [02 Nov 2013] DSA-2790-1 nss - uninitialized memory read {CVE-2013-1739} [wheezy] - nss 2:3.14.4-1 [01 Nov 2013] DSA-2789-1 strongswan - Denial of service and authorization bypass {CVE-2013-6075} [squeeze] - strongswan 4.4.1-5.4 [wheezy] - strongswan 4.5.2-1.5+deb7u2 [31 Oct 2013] DSA-2788-1 iceweasel - several {CVE-2013-5590 CVE-2013-5595 CVE-2013-5597 CVE-2013-5599 CVE-2013-5600 CVE-2013-5601 CVE-2013-5602 CVE-2013-5604} [wheezy] - iceweasel 17.0.10esr-1~deb7u1 [27 Oct 2013] DSA-2787-1 roundcube - design error {CVE-2013-6172} [wheezy] - roundcube 0.7.2-9+deb7u1 [27 Oct 2013] DSA-2786-1 icu - several {CVE-2013-0900 CVE-2013-2924} [squeeze] - icu 4.4.1-8+squeeze2 [wheezy] - icu 4.8.1.1-12+deb7u1 [26 Oct 2013] DSA-2785-1 chromium-browser - several {CVE-2013-2906 CVE-2013-2907 CVE-2013-2908 CVE-2013-2909 CVE-2013-2910 CVE-2013-2911 CVE-2013-2912 CVE-2013-2913 CVE-2013-2915 CVE-2013-2916 CVE-2013-2917 CVE-2013-2918 CVE-2013-2919 CVE-2013-2920 CVE-2013-2921 CVE-2013-2922 CVE-2013-2923 CVE-2013-2924 CVE-2013-2925 CVE-2013-2926 CVE-2013-2927 CVE-2013-2928} [wheezy] - chromium-browser 30.0.1599.101-1~deb7u1 [22 Oct 2013] DSA-2784-1 xorg-server - use-after-free {CVE-2013-4396} [squeeze] - xorg-server 2:1.7.7-17 [wheezy] - xorg-server 2:1.12.4-6+deb7u1 [21 Oct 2013] DSA-2783-1 librack-ruby - several {CVE-2011-5036 CVE-2013-0183 CVE-2013-0184 CVE-2013-0263} [squeeze] - librack-ruby 1.1.0-4+squeeze1 [20 Oct 2013] DSA-2782-1 polarssl - several {CVE-2013-4623 CVE-2013-5914 CVE-2013-5915} [squeeze] - polarssl 1.2.9-1~deb6u1 [wheezy] - polarssl 1.2.9-1~deb7u1 [15 Oct 2013] DSA-2781-1 python-crypto - PRNG not correctly reseeded in some situations {CVE-2013-1445} [squeeze] - python-crypto 2.1.0-2+squeeze2 [wheezy] - python-crypto 2.6-4+deb7u1 [18 Oct 2013] DSA-2780-1 mysql-5.1 - several {CVE-2012-2750 CVE-2013-3839 CVE-2013-1861 CVE-2012-0553 CVE-2012-0572 CVE-2012-0574 CVE-2012-1702 CVE-2012-1705 CVE-2012-5060 CVE-2013-0375 CVE-2013-0383 CVE-2013-0384 CVE-2013-0385 CVE-2013-0389 CVE-2013-1492 CVE-2013-1506 CVE-2013-1521 CVE-2013-1531 CVE-2013-1532 CVE-2013-1544 CVE-2013-1548 CVE-2013-1552 CVE-2013-1555 CVE-2013-2375 CVE-2013-2378 CVE-2013-2389 CVE-2013-2391 CVE-2013-2392 CVE-2013-3802 CVE-2013-3804 CVE-2013-3808 CVE-2013-1623} [squeeze] - mysql-5.1 5.1.72-2 [13 Oct 2013] DSA-2779-1 libxml2 - denial of service {CVE-2013-2877} [squeeze] - libxml2 2.7.8.dfsg-2+squeeze8 [wheezy] - libxml2 2.8.0+dfsg1-7+nmu2 [12 Oct 2013] DSA-2778-1 libapache2-mod-fcgid - heap-based buffer overflow {CVE-2013-4365} [squeeze] - libapache2-mod-fcgid 1:2.3.6-1+squeeze2 [wheezy] - libapache2-mod-fcgid 1:2.3.6-1.2+deb7u1 [11 Oct 2013] DSA-2777-1 systemd - several {CVE-2013-4327 CVE-2013-4391 CVE-2013-4394} [wheezy] - systemd 44-11+deb7u4 [11 Oct 2013] DSA-2776-1 drupal6 - several {CVE-2012-0825 CVE-2012-0826 CVE-2012-5651 CVE-2012-5652 CVE-2012-5653 CVE-2013-0244 CVE-2013-0245} [squeeze] - drupal6 6.28-1 [10 Oct 2013] DSA-2775-1 ejabberd - insecure SSL usage {CVE-2013-6169} [squeeze] - ejabberd 2.1.5-3+squeeze2 [wheezy] - ejabberd 2.1.10-4+deb7u1 [10 Oct 2013] DSA-2774-1 gnupg2 - several {CVE-2013-4351 CVE-2013-4402} [squeeze] - gnupg2 2.0.14-2+squeeze2 [wheezy] - gnupg2 2.0.19-2+deb7u1 [10 Oct 2013] DSA-2773-1 gnupg - several {CVE-2013-4351 CVE-2013-4402} [squeeze] - gnupg 1.4.10-4+squeeze3 [wheezy] - gnupg 1.4.12-7+deb7u2 [10 Oct 2013] DSA-2772-1 typo3-src - cross-site scripting {CVE-2013-1464} [wheezy] - typo3-src 4.5.19+dfsg1-5+wheezy1 [09 Oct 2013] DSA-2771-1 nas - several {CVE-2013-4256 CVE-2013-4258} [squeeze] - nas 1.9.2-4squeeze1 [wheezy] - nas 1.9.3-5wheezy1 [09 Oct 2013] DSA-2770-1 torque - authentication bypass {CVE-2013-4319} [squeeze] - torque 2.4.8+dfsg-9squeeze2 [wheezy] - torque 2.4.16+dfsg-1+deb7u1 [08 Oct 2013] DSA-2769-1 kfreebsd-9 - several {CVE-2013-5691 CVE-2013-5710} [wheezy] - kfreebsd-9 9.0-10+deb70.4 [04 Oct 2013] DSA-2768-1 icedtea-web - heap-based buffer overflow {CVE-2012-4540} [wheezy] - icedtea-web 1.4-3~deb7u2 [28 Sep 2013] DSA-2767-1 proftpd-dfsg - denial of service {CVE-2013-4359} [squeeze] - proftpd-dfsg 1.3.3a-6squeeze7 [wheezy] - proftpd-dfsg 1.3.4a-5+deb7u1 [27 Sep 2013] DSA-2766-1 linux-2.6 - several {CVE-2013-2141 CVE-2013-2164 CVE-2013-2206 CVE-2013-2232 CVE-2013-2234 CVE-2013-2237 CVE-2013-2239 CVE-2013-2851 CVE-2013-2852 CVE-2013-2888 CVE-2013-2892} [squeeze] - linux-2.6 2.6.32-48squeeze4 [26 Sep 2013] DSA-2765-1 davfs2 - privilege escalation {CVE-2013-4362} [squeeze] - davfs2 1.4.6-1.1+squeeze1 [wheezy] - davfs2 1.4.6-1.1+deb7u1 [25 Sep 2013] DSA-2764-1 libvirt - programming error {CVE-2013-4296} [wheezy] - libvirt 0.9.12-11+deb7u4 [24 Sep 2013] DSA-2763-1 pyopenssl - hostname check bypassing {CVE-2013-4314} [squeeze] - pyopenssl 0.10-1+squeeze1 [wheezy] - pyopenssl 0.13-2+deb7u1 [23 Sep 2013] DSA-2762-1 icedove - several {CVE-2013-1718 CVE-2013-1722 CVE-2013-1725 CVE-2013-1730 CVE-2013-1732 CVE-2013-1735 CVE-2013-1736 CVE-2013-1737} [wheezy] - icedove 17.0.9-1~deb7u1 [19 Sep 2013] DSA-2761-1 puppet - several {CVE-2013-4761 CVE-2013-4956} [wheezy] - puppet 2.7.23-1~deb7u1 [18 Sep 2013] DSA-2760-1 chrony - several {CVE-2012-4502 CVE-2012-4503} [squeeze] - chrony 1.24-3+squeeze1 [wheezy] - chrony 1.24-3.1+deb7u2 [18 Sep 2013] DSA-2759-1 iceweasel - several {CVE-2013-1718 CVE-2013-1722 CVE-2013-1725 CVE-2013-1730 CVE-2013-1732 CVE-2013-1735 CVE-2013-1736 CVE-2013-1737} [wheezy] - iceweasel 17.0.9esr-1~deb7u1 [17 Sep 2013] DSA-2758-1 python-django - denial of service {CVE-2013-1443} [squeeze] - python-django 1.2.3-3+squeeze8 [wheezy] - python-django 1.4.5-1+deb7u4 [14 Sep 2013] DSA-2757-1 wordpress - several {CVE-2013-4338 CVE-2013-4339 CVE-2013-4340 CVE-2013-5738 CVE-2013-5739} [squeeze] - wordpress 3.6.1+dfsg-1~deb6u1 [wheezy] - wordpress 3.6.1+dfsg-1~deb7u1 [13 Sep 2013] DSA-2756-1 wireshark - several {CVE-2013-5718 CVE-2013-5720 CVE-2013-5722} [squeeze] - wireshark 1.2.11-6+squeeze12 [wheezy] - wireshark 1.8.2-5wheezy6 [11 Sep 2013] DSA-2755-1 python-django - directory traversal {CVE-2013-4315} [squeeze] - python-django 1.2.3-3+squeeze7 [wheezy] - python-django 1.4.5-1+deb7u3 [11 Sep 2013] DSA-2754-1 exactimage - denial of service {CVE-2013-1441} [squeeze] - exactimage 0.8.1-3+deb6u3 [wheezy] - exactimage 0.8.5-5+deb7u3 [13 Sep 2013] DSA-2753-1 mediawiki - cross-site request forgery token disclosure {CVE-2013-4302} [squeeze] - mediawiki 1:1.15.5-2squeeze6 [wheezy] - mediawiki 1:1.19.5-1+deb7u1 [07 Sep 2013] DSA-2752-1 phpbb3 - too wide permissions {CVE-2013-5724} [squeeze] - phpbb3 3.0.7-PL1-4+squeeze1 [wheezy] - phpbb3 3.0.10-4+deb7u1 [04 Sep 2013] DSA-2751-1 libmodplug - several {CVE-2013-4233 CVE-2013-4234} [squeeze] - libmodplug 1:0.8.8.1-1+squeeze2+git20130828 [wheezy] - libmodplug 1:0.8.8.4-3+deb7u1+git20130828 [03 Sep 2013] DSA-2750-1 imagemagick - buffer overflow {CVE-2013-4298} [wheezy] - imagemagick 8:6.7.7.10-5+deb7u2 [02 Sep 2013] DSA-2749-1 asterisk - several {CVE-2013-5641 CVE-2013-5642} [squeeze] - asterisk 1:1.6.2.9-2+squeeze11 [wheezy] - asterisk 1:1.8.13.1~dfsg-3+deb7u1 [01 Sep 2013] DSA-2740-2 python-django - regression [wheezy] - python-django 1.4.5-1+deb7u2 [01 Sep 2013] DSA-2748-1 exactimage - denial of service {CVE-2013-1438} [squeeze] - exactimage 0.8.1-3+deb6u2 [wheezy] - exactimage 0.8.5-5+deb7u2 [31 Aug 2013] DSA-2747-1 cacti - several {CVE-2013-5588 CVE-2013-5589} [squeeze] - cacti 0.8.7g-1+squeeze3 [wheezy] - cacti 0.8.8a+dfsg-5+deb7u2 [29 Aug 2013] DSA-2746-1 icedove - several {CVE-2013-1701 CVE-2013-1709 CVE-2013-1710 CVE-2013-1713 CVE-2013-1714 CVE-2013-1717} [wheezy] - icedove 17.0.8-1~deb7u1 [28 Aug 2013] DSA-2745-1 linux - several {CVE-2013-1059 CVE-2013-2148 CVE-2013-2164 CVE-2013-2232 CVE-2013-2234 CVE-2013-2237 CVE-2013-2851 CVE-2013-2852 CVE-2013-4162 CVE-2013-4163} [wheezy] - linux 3.2.46-1+deb7u1 [27 Aug 2013] DSA-2744-1 tiff - several {CVE-2013-4231 CVE-2013-4232 CVE-2013-4244} [squeeze] - tiff 3.9.4-5+squeeze10 [wheezy] - tiff 4.0.2-6+deb7u2 [26 Aug 2013] DSA-2743-1 kfreebsd-9 - several {CVE-2013-3077 CVE-2013-4851 CVE-2013-5209} [wheezy] - kfreebsd-9 9.0-10+deb70.3 [26 Aug 2013] DSA-2742-1 php5 - interpretation conflict {CVE-2013-4248} [squeeze] - php5 5.3.3-7+squeeze17 [wheezy] - php5 5.4.4-14+deb7u4 [25 Aug 2013] DSA-2741-1 chromium-browser - several {CVE-2013-2887 CVE-2013-2900 CVE-2013-2901 CVE-2013-2902 CVE-2013-2903 CVE-2013-2904 CVE-2013-2905} [wheezy] - chromium-browser 29.0.1547.57-1~deb7u1 [23 Aug 2013] DSA-2740-1 python-django - cross-site scripting vulnerability {CVE-2013-6044} [squeeze] - python-django 1.2.3-3+squeeze6 [wheezy] - python-django 1.4.5-1+deb7u1 [21 Aug 2013] DSA-2739-1 cacti - several {CVE-2013-1434 CVE-2013-1435} [squeeze] - cacti 0.8.7g-1+squeeze2 [wheezy] - cacti 0.8.8a+dfsg-5+deb7u1 [18 Aug 2013] DSA-2738-1 ruby1.9.1 - several {CVE-2013-1821 CVE-2013-4073} [squeeze] - ruby1.9.1 1.9.2.0-2+deb6u1 [wheezy] - ruby1.9.1 1.9.3.194-8.1+deb7u1 [12 Aug 2013] DSA-2737-1 swift - several {CVE-2013-2161 CVE-2013-4155} [wheezy] - swift 1.4.8-2+deb7u1 [11 Aug 2013] DSA-2736-1 putty - several {CVE-2013-4206 CVE-2013-4207 CVE-2013-4208 CVE-2013-4852} [squeeze] - putty 0.60+2010-02-20-1+squeeze2 [wheezy] - putty 0.62-9+deb7u1 [07 Aug 2013] DSA-2735-1 iceweasel - several {CVE-2013-1701 CVE-2013-1709 CVE-2013-1710 CVE-2013-1713 CVE-2013-1714 CVE-2013-1717} [wheezy] - iceweasel 17.0.8esr-1~deb7u1 [05 Aug 2013] DSA-2734-1 wireshark - several {CVE-2013-4930 CVE-2013-4932 CVE-2013-4933 CVE-2013-4934 CVE-2013-4935} [squeeze] - wireshark 1.2.11-6+squeeze11 [wheezy] - wireshark 1.8.2-5wheezy5 [02 Aug 2013] DSA-2733-1 otrs2 - SQL injection {CVE-2013-4717} [squeeze] - otrs2 2.4.9+dfsg1-3+squeeze4 [wheezy] - otrs2 3.1.7+dfsg1-8+deb7u3 [31 Jul 2013] DSA-2732-1 chromium-browser - several {CVE-2013-2881 CVE-2013-2882 CVE-2013-2883 CVE-2013-2884 CVE-2013-2885 CVE-2013-2886} [wheezy] - chromium-browser 28.0.1500.95-1~deb7u1 [29 Jul 2013] DSA-2731-1 libgcrypt11 - information leak {CVE-2013-4242} [squeeze] - libgcrypt11 1.4.5-2+squeeze1 [wheezy] - libgcrypt11 1.5.0-5+deb7u1 [29 Jul 2013] DSA-2730-1 gnupg - information leak {CVE-2013-4242} [squeeze] - gnupg 1.4.10-4+squeeze2 [wheezy] - gnupg 1.4.12-7+deb7u1 [28 Jul 2013] DSA-2729-1 openafs - several {CVE-2013-4134 CVE-2013-4135} [squeeze] - openafs 1.4.12.1+dfsg-4+squeeze2 [wheezy] - openafs 1.6.1-3+deb7u1 [27 Jul 2013] DSA-2728-1 bind9 - denial of service {CVE-2013-4854} [squeeze] - bind9 1:9.7.3.dfsg-1~squeeze11 [wheezy] - bind9 1:9.8.4.dfsg.P1-6+nmu2+deb7u1 [25 Jul 2013] DSA-2727-1 openjdk-6 - several {CVE-2013-1500 CVE-2013-1571 CVE-2013-2407 CVE-2013-2412 CVE-2013-2443 CVE-2013-2444 CVE-2013-2445 CVE-2013-2446 CVE-2013-2447 CVE-2013-2448 CVE-2013-2450 CVE-2013-2451 CVE-2013-2452 CVE-2013-2453 CVE-2013-2455 CVE-2013-2456 CVE-2013-2457 CVE-2013-2459 CVE-2013-2461 CVE-2013-2463 CVE-2013-2465 CVE-2013-2469 CVE-2013-2470 CVE-2013-2471 CVE-2013-2472 CVE-2013-2473} [squeeze] - openjdk-6 6b27-1.12.6-1~deb6u1 [wheezy] - openjdk-6 6b27-1.12.6-1~deb7u1 [25 Jul 2013] DSA-2726-1 php-radius - buffer overflow {CVE-2013-2220} [squeeze] - php-radius 1.2.5-2+squeeze1 [wheezy] - php-radius 1.2.5-2.3+deb7u1 [18 Jul 2013] DSA-2725-1 tomcat6 - several {CVE-2012-3544 CVE-2013-2067} [squeeze] - tomcat6 6.0.35-1+squeeze3 [wheezy] - tomcat6 6.0.35-6+deb7u1 [17 Jul 2013] DSA-2724-1 chromium-browser - several {CVE-2013-2853 CVE-2013-2867 CVE-2013-2868 CVE-2013-2869 CVE-2013-2870 CVE-2013-2871 CVE-2013-2873 CVE-2013-2875 CVE-2013-2876 CVE-2013-2877 CVE-2013-2878 CVE-2013-2879 CVE-2013-2880} [wheezy] - chromium-browser 28.0.1500.71-1~deb7u1 [17 Jul 2013] DSA-2723-1 php5 - heap corruption {CVE-2013-4113} [squeeze] - php5 5.3.3-7+squeeze16 [wheezy] - php5 5.4.4-14+deb7u3 [15 Jul 2013] DSA-2722-1 openjdk-7 - several {CVE-2013-1500 CVE-2013-1571 CVE-2013-2407 CVE-2013-2412 CVE-2013-2443 CVE-2013-2444 CVE-2013-2445 CVE-2013-2446 CVE-2013-2447 CVE-2013-2448 CVE-2013-2449 CVE-2013-2450 CVE-2013-2451 CVE-2013-2452 CVE-2013-2453 CVE-2013-2454 CVE-2013-2455 CVE-2013-2456 CVE-2013-2457 CVE-2013-2458 CVE-2013-2459 CVE-2013-2460 CVE-2013-2461 CVE-2013-2463 CVE-2013-2465 CVE-2013-2469 CVE-2013-2470 CVE-2013-2471 CVE-2013-2472 CVE-2013-2473} [wheezy] - openjdk-7 7u25-2.3.10-1~deb7u1 [07 Jul 2013] DSA-2721-1 nginx - nginx security update {CVE-2013-2070} [wheezy] - nginx 1.2.1-2.2+wheezy1 [06 Jul 2013] DSA-2720-1 icedove - several {CVE-2013-0795 CVE-2013-0801 CVE-2013-1670 CVE-2013-1674 CVE-2013-1675 CVE-2013-1676 CVE-2013-1677 CVE-2013-1678 CVE-2013-1679 CVE-2013-1680 CVE-2013-1681 CVE-2013-1682 CVE-2013-1684 CVE-2013-1685 CVE-2013-1686 CVE-2013-1687 CVE-2013-1690 CVE-2013-1692 CVE-2013-1693 CVE-2013-1694 CVE-2013-1697} [wheezy] - icedove 17.0.7-1~deb7u1 [10 Jul 2013] DSA-2719-1 poppler - multiple issues {CVE-2013-1788 CVE-2013-1790} [squeeze] - poppler 0.12.4-1.2+squeeze3 [01 Jul 2013] DSA-2718-1 wordpress - several {CVE-2013-2173 CVE-2013-2199 CVE-2013-2200 CVE-2013-2201 CVE-2013-2202 CVE-2013-2203 CVE-2013-2204 CVE-2013-2205} [squeeze] - wordpress 3.5.2+dfsg-1~deb6u1 [wheezy] - wordpress 3.5.2+dfsg-1~deb7u1 [28 Jun 2013] DSA-2717-1 xml-security-c - heap overflow {CVE-2013-2210} [squeeze] - xml-security-c 1.5.1-3+squeeze3 [wheezy] - xml-security-c 1.6.1-5+deb7u2 [26 Jun 2013] DSA-2716-1 iceweasel - several {CVE-2013-1682 CVE-2013-1684 CVE-2013-1685 CVE-2013-1686 CVE-2013-1687 CVE-2013-1690 CVE-2013-1692 CVE-2013-1693 CVE-2013-1694 CVE-2013-1697} [wheezy] - iceweasel 17.0.7esr-1~deb7u1 [26 Jun 2013] DSA-2715-1 puppet - code execution {CVE-2013-3567} [squeeze] - puppet 2.6.2-5+squeeze8 [wheezy] - puppet 2.7.18-5 [25 Jun 2013] DSA-2714-1 kfreebsd-9 - programming error {CVE-2013-2171} [wheezy] - kfreebsd-9 9.0-10+deb70.2 [24 Jun 2013] DSA-2713-1 curl - heap overflow {CVE-2013-2174} [squeeze] - curl 7.21.0-2.1+squeeze4 [wheezy] - curl 7.26.0-1+wheezy3 [19 Jun 2013] DSA-2712-1 otrs2 - privilege escalation {CVE-2013-4088} [wheezy] - otrs2 3.1.7+dfsg1-8+deb7u2 [19 Jun 2013] DSA-2711-1 haproxy - several {CVE-2012-2942 CVE-2013-1912 CVE-2013-2175} [squeeze] - haproxy 1.4.8-1+squeeze1 [18 Jun 2013] DSA-2710-1 xml-security-c - several {CVE-2013-2153 CVE-2013-2154 CVE-2013-2155 CVE-2013-2156} [squeeze] - xml-security-c 1.5.1-3+squeeze2 [wheezy] - xml-security-c 1.6.1-5+deb7u1 [17 Jun 2013] DSA-2709-1 wireshark - several {CVE-2013-4074 CVE-2013-4075 CVE-2013-4076 CVE-2013-4077 CVE-2013-4078 CVE-2013-4081 CVE-2013-4082 CVE-2013-4083} [wheezy] - wireshark 1.8.2-5wheezy4 [16 Jun 2013] DSA-2708-1 fail2ban - denial of service {CVE-2013-2178} [squeeze] - fail2ban 0.8.4-3+squeeze2 [wheezy] - fail2ban 0.8.6-3wheezy2 [13 Jun 2013] DSA-2707-1 dbus - denial of service {CVE-2013-2168} [wheezy] - dbus 1.6.8-1+deb7u1 [10 Jun 2013] DSA-2706-1 chromium-browser - several {CVE-2013-2855 CVE-2013-2856 CVE-2013-2857 CVE-2013-2858 CVE-2013-2859 CVE-2013-2860 CVE-2013-2861 CVE-2013-2862 CVE-2013-2863 CVE-2013-2865} [wheezy] - chromium-browser 27.0.1453.110-1~deb7u1 [10 Jun 2013] DSA-2705-1 pymongo - denial of service {CVE-2013-2132} [wheezy] - pymongo 2.2-4+deb7u1 [09 Jun 2013] DSA-2704-1 mesa - out of bounds access {CVE-2013-1872} [wheezy] - mesa 8.0.5-4+deb7u2 [09 Jun 2013] DSA-2703-1 subversion - several {CVE-2013-1968 CVE-2013-2112} [squeeze] - subversion 1.6.12dfsg-7 [wheezy] - subversion 1.6.17dfsg-4+deb7u3 [03 Jun 2013] DSA-2702-1 telepathy-gabble - TLS verification bypass {CVE-2013-1431} [squeeze] - telepathy-gabble 0.9.15-1+squeeze2 [wheezy] - telepathy-gabble 0.16.5-1+deb7u1 [02 Jun 2013] DSA-2701-1 krb5 - denial of service {CVE-2002-2443} [squeeze] - krb5 1.8.3+dfsg-4squeeze7 [wheezy] - krb5 1.10.1+dfsg-5+deb7u1 [02 Jun 2013] DSA-2700-1 wireshark - several {CVE-2013-3555 CVE-2013-3557 CVE-2013-3558 CVE-2013-3559 CVE-2013-3560 CVE-2013-3562} [wheezy] - wireshark 1.8.2-5wheezy3 [02 Jun 2013] DSA-2699-1 iceweasel - several {CVE-2013-0773 CVE-2013-0775 CVE-2013-0776 CVE-2013-0780 CVE-2013-0782 CVE-2013-0783 CVE-2013-0787 CVE-2013-0788 CVE-2013-0793 CVE-2013-0795 CVE-2013-0796 CVE-2013-0800 CVE-2013-0801 CVE-2013-1670 CVE-2013-1674 CVE-2013-1675 CVE-2013-1676 CVE-2013-1677 CVE-2013-1678 CVE-2013-1679 CVE-2013-1680 CVE-2013-1681} [wheezy] - iceweasel 17.0.6esr-1~deb7u1 [18 Jun 2013] DSA-2698-1 tiff - buffer overflow {CVE-2013-1960 CVE-2013-1961} [squeeze] - tiff 3.9.4-5+squeeze9 [wheezy] - tiff 4.0.2-6+deb7u1 [29 May 2013] DSA-2697-1 gnutls26 - out-of-bounds array read {CVE-2013-2116} [wheezy] - gnutls26 2.12.20-7 [29 May 2013] DSA-2696-1 otrs2 - privilege escalation {CVE-2013-3551} [wheezy] - otrs2 3.1.7+dfsg1-8+deb7u1 [29 May 2013] DSA-2695-1 chromium-browser - several {CVE-2013-2837 CVE-2013-2838 CVE-2013-2839 CVE-2013-2840 CVE-2013-2841 CVE-2013-2842 CVE-2013-2843 CVE-2013-2844 CVE-2013-2845 CVE-2013-2846 CVE-2013-2847 CVE-2013-2848 CVE-2013-2849} [wheezy] - chromium-browser 27.0.1453.93-1~deb7u1 [26 May 2013] DSA-2694-1 spip - privilege escalation {CVE-2013-2118} [squeeze] - spip 2.1.1-3squeeze6 [wheezy] - spip 2.1.17-1+deb7u1 [24 May 2013] DSA-2693-1 libx11 - several {CVE-2013-1981 CVE-2013-1997 CVE-2013-2004} [squeeze] - libx11 2:1.3.3-4+squeeze1 [wheezy] - libx11 2:1.5.0-1+deb7u1 [23 May 2013] DSA-2692-1 libxxf86vm - several {CVE-2013-2001} [wheezy] - libxxf86vm 1:1.1.2-1+deb7u1 [squeeze] - libxxf86vm 1:1.1.0-2+squeeze1 [23 May 2013] DSA-2691-1 libxinerama - several {CVE-2013-1985} [squeeze] - libxinerama 2:1.1-3+squeeze1 [wheezy] - libxinerama 2:1.1.2-1+deb7u1 [23 May 2013] DSA-2690-1 libxxf86dga - several {CVE-2013-1991 CVE-2013-2000} [squeeze] - libxxf86dga 2:1.1.1-2+squeeze1 [wheezy] - libxxf86dga 2:1.1.3-2+deb7u1 [23 May 2013] DSA-2689-1 libxtst - several {CVE-2013-2063} [squeeze] - libxtst 2:1.1.0-3+squeeze1 [wheezy] - libxtst 2:1.2.1-1+deb7u1 [23 May 2013] DSA-2688-1 libxres - several {CVE-2013-1988} [squeeze] - libxres 2:1.0.4-1+squeeze [wheezy] - libxres 2:1.0.6-1+deb7u1 [23 May 2013] DSA-2687-1 libfs - several {CVE-2013-1996} [squeeze] - libfs 2:1.0.2-1+squeeze1 [wheezy] - libfs 2:1.0.4-1+deb7u1 [23 May 2013] DSA-2686-1 libxcb - several {CVE-2013-2064} [squeeze] - libxcb 1.6-1+squeeze1 [wheezy] - libxcb 1.8.1-2+deb7u1 [23 May 2013] DSA-2685-1 libxp - several {CVE-2013-2062} [squeeze] - libxp 1:1.0.0.xsf1-2+squeeze1 [wheezy] - libxp 1:1.0.1-2+deb7u1 [23 May 2013] DSA-2684-1 libxrandr - several {CVE-2013-1986} [squeeze] - libxrandr 2:1.3.0-3+squeeze1 [wheezy] - libxrandr 2:1.3.2-2+deb7u1 [23 May 2013] DSA-2683-1 libxi - several {CVE-2013-1984 CVE-2013-1995 CVE-2013-1998} [squeeze] - libxi 2:1.3-8 [wheezy] - libxi 2:1.6.1-1+deb7u1 [23 May 2013] DSA-2682-1 libxext - several {CVE-2013-1982} [squeeze] - libxext 2:1.1.2-1+squeeze1 [wheezy] - libxext 2:1.3.1-2+deb7u1 [23 May 2013] DSA-2681-1 libxcursor - several {CVE-2013-2003} [squeeze] - libxcursor 1:1.1.10-2+squeeze1 [wheezy] - libxcursor 1:1.1.13-1+deb7u1 [23 May 2013] DSA-2680-1 libxt - several {CVE-2013-2002 CVE-2013-2005} [squeeze] - libxt 1:1.0.7-1+squeeze1 [wheezy] - libxt 1:1.1.3-1+deb7u1 [23 May 2013] DSA-2679-1 xserver-xorg-video-openchrome - several {CVE-2013-1994} [squeeze] - xserver-xorg-video-openchrome 1:0.2.904+svn842-2+squeeze1 [wheezy] - xserver-xorg-video-openchrome 1:0.2.906-2+deb7u1 [23 May 2013] DSA-2678-1 mesa - several {CVE-2013-1993} [squeeze] - mesa 7.7.1-6 [wheezy] - mesa 8.0.5-4+deb7u1 [23 May 2013] DSA-2677-1 libxrender - several {CVE-2013-1987} [squeeze] - libxrender 1:0.9.6-1+squeeze1 [wheezy] - libxrender 1:0.9.7-1+deb7u1 [23 May 2013] DSA-2676-1 libxfixes - several {CVE-2013-1983} [squeeze] - libxfixes 1:4.0.5-1+squeeze1 [wheezy] - libxfixes 1:5.0-4+deb7u1 [23 May 2013] DSA-2675-1 libxvmc - several {CVE-2013-1990 CVE-2013-1999} [squeeze] - libxvmc 2:1.0.5-1+squeeze1 [wheezy] - libxvmc 2:1.0.7-1+deb7u1 [23 May 2013] DSA-2674-1 libxv - several {CVE-2013-1989 CVE-2013-2066} [squeeze] - libxv 2:1.0.5-1+squeeze1 [wheezy] - libxv 2:1.0.7-1+deb7u1 [23 May 2013] DSA-2673-1 libdmx - several {CVE-2013-1992} [squeeze] - libdmx 1:1.1.0-2+squeeze1 [wheezy] - libdmx 1:1.1.2-1+deb7u1 [22 May 2013] DSA-2672-1 kfreebsd-9 - interpretation conflict {CVE-2013-3266} [wheezy] - kfreebsd-9 9.0-10+deb70.1 [22 May 2013] DSA-2671-1 request-tracker4 - several {CVE-2012-4733 CVE-2013-3368 CVE-2013-3369 CVE-2013-3370 CVE-2013-3371 CVE-2013-3372 CVE-2013-3373 CVE-2013-3374 CVE-2013-5587} [wheezy] - request-tracker4 4.0.7-5+deb7u2 [22 May 2013] DSA-2670-1 request-tracker3.8 - several {CVE-2013-3368 CVE-2013-3369 CVE-2013-3370 CVE-2013-3371 CVE-2013-3372 CVE-2013-3373 CVE-2013-3374} [squeeze] - request-tracker3.8 3.8.8-7+squeeze7 [15 May 2013] DSA-2669-1 linux - several {CVE-2013-0160 CVE-2013-1796 CVE-2013-1929 CVE-2013-1979 CVE-2013-2015 CVE-2013-2094 CVE-2013-3076 CVE-2013-3222 CVE-2013-3223 CVE-2013-3224 CVE-2013-3225 CVE-2013-3227 CVE-2013-3228 CVE-2013-3229 CVE-2013-3231 CVE-2013-3234 CVE-2013-3235 CVE-2013-3301 CVE-2013-2141} [wheezy] - linux 3.2.41-2+deb7u2 [14 May 2013] DSA-2668-1 linux-2.6 - several {CVE-2012-2121 CVE-2012-3552 CVE-2012-4461 CVE-2012-4508 CVE-2012-6537 CVE-2012-6539 CVE-2012-6540 CVE-2012-6542 CVE-2012-6544 CVE-2012-6545 CVE-2012-6546 CVE-2012-6548 CVE-2012-6549 CVE-2013-0349 CVE-2013-0914 CVE-2013-1767 CVE-2013-1773 CVE-2013-1774 CVE-2013-1792 CVE-2013-1796 CVE-2013-1798 CVE-2013-1826 CVE-2013-1860 CVE-2013-1928 CVE-2013-1929 CVE-2013-2015 CVE-2013-2634 CVE-2013-3222 CVE-2013-3223 CVE-2013-3224 CVE-2013-3225 CVE-2013-3228 CVE-2013-3229 CVE-2013-3231 CVE-2013-3234 CVE-2013-3235} [squeeze] - linux-2.6 2.6.32-48squeeze3 [12 May 2013] DSA-2667-1 mysql-5.5 - several {CVE-2013-1502 CVE-2013-1511 CVE-2013-1532 CVE-2013-1544 CVE-2013-2375 CVE-2013-2376 CVE-2013-2389 CVE-2013-2391 CVE-2013-2392} [wheezy] - mysql-5.5 5.5.31+dfsg-0+wheezy1 [12 May 2013] DSA-2666-1 xen - several {CVE-2013-1918 CVE-2013-1952 CVE-2013-1964} [squeeze] - xen 4.0.1-5.11 [wheezy] - xen 4.1.4-3+deb7u1 [30 Apr 2013] DSA-2665-1 strongswan - authentication bypass {CVE-2013-2944} [squeeze] - strongswan 4.4.1-5.3 [wheezy] - strongswan 4.5.2-1.5+deb7u1 [02 May 2013] DSA-2664-1 stunnel4 - buffer overflow {CVE-2013-1762} [squeeze] - stunnel4 3:4.29-1+squeeze1 [22 Apr 2013] DSA-2663-1 tinc - stack based buffer overflow {CVE-2013-1428} [squeeze] - tinc 1.0.13-1+squeeze1 [18 Apr 2013] DSA-2662-1 xen - several {CVE-2013-1917 CVE-2013-1919} [squeeze] - xen 4.0.1-5.10 [17 Apr 2013] DSA-2661-1 xorg-server - information disclosure {CVE-2013-1940} [squeeze] - xorg-server 2:1.7.7-16 [20 Apr 2013] DSA-2660-1 curl - cookie leak vulnerability {CVE-2013-1944} [squeeze] - curl 7.21.0-2.1+squeeze3 [09 Apr 2013] DSA-2659-1 libapache-mod-security - XML external entity processing vulnerability {CVE-2013-1915} [squeeze] - libapache-mod-security 2.5.12-1+squeeze2 [04 Apr 2013] DSA-2658-1 postgresql-9.1 - several {CVE-2013-1899 CVE-2013-1900 CVE-2013-1901} [wheezy] - postgresql-9.1 9.1.9-0wheezy1 [04 Apr 2013] DSA-2657-1 postgresql-8.4 - guessable random numbers {CVE-2013-1900} [squeeze] - postgresql-8.4 8.4.17-0squeeze1 [29 Mar 2013] DSA-2656-1 bind9 - denial of service {CVE-2013-2266} [squeeze] - bind9 1:9.7.3.dfsg-1~squeeze10 [28 Mar 2013] DSA-2655-1 rails - several {CVE-2011-2932 CVE-2012-3464 CVE-2012-3465 CVE-2013-1854 CVE-2013-1855 CVE-2013-1857} [squeeze] - rails 2.3.5-1.2+squeeze8 [03 Apr 2013] DSA-2654-1 libxslt - denial of service {CVE-2012-6139} [squeeze] - libxslt 1.1.26-6+squeeze3 [26 Mar 2013] DSA-2653-1 icinga - buffer overflow {CVE-2012-6096} [squeeze] - icinga 1.0.2-2+squeeze1 [24 Mar 2013] DSA-2652-1 libxml2 - external entity expansion {CVE-2013-0338 CVE-2013-0339} [squeeze] - libxml2 2.7.8.dfsg-2+squeeze7 [20 Mar 2013] DSA-2651-1 smokeping - cross-site scripting vulnerability {CVE-2012-0790} [squeeze] - smokeping 2.3.6-5+squeeze1 [15 Mar 2013] DSA-2650-1 libvirt - files and device nodes ownership change to kvm group {CVE-2013-1766} [squeeze] - libvirt 0.8.3-5+squeeze4 [15 Mar 2013] DSA-2649-1 lighttpd - fixed socket name in world-writable directory {CVE-2013-1427} [squeeze] - lighttpd 1.4.28-2+squeeze1.3 [15 Mar 2013] DSA-2648-1 firebird2.5 - several {CVE-2012-5529 CVE-2013-2492} [squeeze] - firebird2.5 2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze1 [15 Mar 2013] DSA-2647-1 firebird2.1 - buffer overflow {CVE-2013-2492} [squeeze] - firebird2.1 2.1.3.18185-0.ds1-11+squeeze1 [15 Mar 2013] DSA-2646-1 typo3-src - several {CVE-2013-1842 CVE-2013-1843} [squeeze] - typo3-src 4.3.9+dfsg1-1+squeeze8 [14 Mar 2013] DSA-2645-1 inetutils - denial of service {CVE-2010-2529} [squeeze] - inetutils 2:1.6-3.1+squeeze2 [14 Mar 2013] DSA-2644-1 wireshark - several {CVE-2013-2478 CVE-2013-2480 CVE-2013-2481 CVE-2013-2483 CVE-2013-2484 CVE-2013-2488} [squeeze] - wireshark 1.2.11-6+squeeze10 [12 Mar 2013] DSA-2643-1 puppet - several issues {CVE-2013-1640 CVE-2013-1652 CVE-2013-1653 CVE-2013-1654 CVE-2013-1655 CVE-2013-2274 CVE-2013-2275} [squeeze] - puppet 2.6.2-5+squeeze7 [09 Mar 2013] DSA-2642-1 sudo - several issues {CVE-2013-1775 CVE-2013-1776 CVE-2013-2776 CVE-2013-2777} [squeeze] - sudo 1.7.4p4-2.squeeze.4 [09 Mar 2013] DSA-2641-1 perl - rehashing flaw {CVE-2013-1667} [squeeze] - perl 5.10.1-17squeeze6 [14 Mar 2013] DSA-2640-1 zoneminder - several issues {CVE-2013-0232 CVE-2013-0332} [squeeze] - zoneminder 1.24.2-8+squeeze1 [05 Mar 2013] DSA-2639-1 php5 - several vulnerabilities {CVE-2013-1635 CVE-2013-1643 CVE-2013-1824} [squeeze] - php5 5.3.3-7+squeeze15 [04 Mar 2013] DSA-2638-1 openafs - buffer overflow {CVE-2013-1794 CVE-2013-1795} [squeeze] - openafs 1.4.12.1+dfsg-4+squeeze1 [04 Mar 2013] DSA-2637-1 apache2 - several {CVE-2012-3499 CVE-2012-4558 CVE-2013-1048} [squeeze] - apache2 2.2.16-6+squeeze11 [01 Mar 2013] DSA-2636-1 xen - several {CVE-2012-2625 CVE-2012-4544 CVE-2012-5511 CVE-2012-5634 CVE-2012-6333 CVE-2013-0153} [squeeze] - xen 4.0.1-5.7 [01 Mar 2013] DSA-2635-1 cfingerd - buffer overflow {CVE-2013-1049} [squeeze] - cfingerd 1.4.3-3+squeeze1 [27 Feb 2013] DSA-2634-1 python-django - several vulnerabilities {CVE-2012-4520 CVE-2013-0305 CVE-2013-0306 CVE-2013-1665} [squeeze] - python-django 1.2.3-3+squeeze5 [26 Feb 2013] DSA-2633-1 fusionforge - privilege escalation {CVE-2013-1423} [squeeze] - fusionforge 5.0.2-5+squeeze2 [25 Feb 2013] DSA-2632-1 linux-2.6 - several vulnerabilities {CVE-2013-0231 CVE-2013-0871} [squeeze] - linux-2.6 2.6.32-48squeeze1 [23 Feb 2013] DSA-2631-1 squid3 - denial of service {CVE-2012-5643 CVE-2013-0189} [squeeze] - squid3 3.1.6-1.2+squeeze3 [20 Feb 2013] DSA-2630-1 postgresql-8.4 - programming error {CVE-2013-0255} [squeeze] - postgresql-8.4 8.4.16-0squeeze1 [18 Feb 2013] DSA-2629-1 openjpeg - several issues {CVE-2009-5030 CVE-2012-3358 CVE-2012-3535} [squeeze] - openjpeg 1.3+dfsg-4+squeeze1 [18 Feb 2013] DSA-2628-1 nss-pam-ldapd - buffer overflow {CVE-2013-0288} [squeeze] - nss-pam-ldapd 0.7.15+squeeze3 [17 Feb 2013] DSA-2627-1 nginx - information leak {CVE-2012-4929} [squeeze] - nginx 0.7.67-3+squeeze3 [17 Feb 2013] DSA-2626-1 lighttpd - several issues {CVE-2009-3555 CVE-2012-4929} [squeeze] - lighttpd 1.4.28-2+squeeze1.2 [17 Feb 2013] DSA-2625-1 wireshark - several {CVE-2013-1582 CVE-2013-1586 CVE-2013-1588 CVE-2013-1590} [squeeze] - wireshark 1.2.11-6+squeeze9 [16 Feb 2013] DSA-2624-1 ffmpeg - several {CVE-2012-0858 CVE-2012-2777 CVE-2012-2783 CVE-2012-2784 CVE-2012-2788 CVE-2012-2801 CVE-2012-2803} [squeeze] - ffmpeg 4:0.5.10-1 [14 Feb 2013] DSA-2623-1 openconnect - buffer overflow {CVE-2012-6128} [squeeze] - openconnect 2.25-0.1+squeeze2 [13 Feb 2013] DSA-2622-1 polarssl - several {CVE-2013-0169 CVE-2013-1621} [squeeze] - polarssl 0.12.1-1squeeze1 [13 Feb 2013] DSA-2621-1 openssl - several vulnerabilities {CVE-2013-0166 CVE-2013-0169} [squeeze] - openssl 0.9.8o-4squeeze14 [12 Feb 2013] DSA-2620-1 rails - several {CVE-2013-0276 CVE-2013-0277} [squeeze] - rails 2.3.5-1.2+squeeze7 [10 Feb 2013] DSA-2619-1 xen-qemu-dm-4.0 - buffer overflow {CVE-2012-6075} [squeeze] - xen-qemu-dm-4.0 4.0.1-2+squeeze3 [07 Feb 2013] DSA-2618-1 ircd-hybrid - denial of service {CVE-2013-0238} [squeeze] - ircd-hybrid 1:7.2.2.dfsg.2-6.2+squeeze1 [02 Feb 2013] DSA-2617-1 samba - several issues {CVE-2013-0213 CVE-2013-0214} [squeeze] - samba 2:3.5.6~dfsg-3squeeze9 [01 Feb 2013] DSA-2616-1 nagios3 - buffer overflow vulnerability {CVE-2012-6096} [squeeze] - nagios3 3.2.1-2+squeeze1 [01 Feb 2013] DSA-2615-1 libupnp4 - several {CVE-2012-5958 CVE-2012-5959 CVE-2012-5960 CVE-2012-5961 CVE-2012-5962 CVE-2012-5963 CVE-2012-5964 CVE-2012-5965} [squeeze] - libupnp4 1.8.0~svn20100507-1+squeeze1 [01 Feb 2013] DSA-2614-1 libupnp - several {CVE-2012-5958 CVE-2012-5959 CVE-2012-5960 CVE-2012-5961 CVE-2012-5962 CVE-2012-5963 CVE-2012-5964 CVE-2012-5965} [squeeze] - libupnp 1:1.6.6-5+squeeze1 [29 Jan 2013] DSA-2613-1 rails - insufficient input validation {CVE-2013-0333} [squeeze] - rails 2.3.5-1.2+squeeze6 [24 Jan 2013] DSA-2612-1 ircd-ratbox - programming error {CVE-2012-6084} [squeeze] - ircd-ratbox 3.0.6.dfsg-2squeeze1 [22 Jan 2013] DSA-2611-1 movabletype-opensource - several {CVE-2013-0209} [squeeze] - movabletype-opensource 4.3.8+dfsg-0+squeeze3 [21 Jan 2013] DSA-2610-1 ganglia - remote code execution {CVE-2012-3448} [squeeze] - ganglia 3.1.7-1+squeeze1 [16 Jan 2013] DSA-2609-1 rails - SQL query manipulation {CVE-2013-0155} [squeeze] - rails 2.3.5-1.2+squeeze5 [15 Jan 2013] DSA-2608-1 qemu - buffer overflow {CVE-2012-6075} [squeeze] - qemu 0.12.5+dfsg-3squeeze3 [15 Jan 2013] DSA-2607-1 qemu-kvm - buffer overflow {CVE-2012-6075} [squeeze] - qemu-kvm 0.12.5+dfsg-5+squeeze10 [13 Jan 2013] DSA-2606-1 proftpd-dfsg - symlink race {CVE-2012-6095} [squeeze] - proftpd-dfsg 1.3.3a-6squeeze5 [13 Jan 2013] DSA-2605-1 asterisk - several issues {CVE-2012-5976 CVE-2012-5977} [squeeze] - asterisk 1:1.6.2.9-2+squeeze9 [09 Jan 2013] DSA-2604-1 rails - insufficient input validation {CVE-2013-0156} [squeeze] - rails 2.3.5-1.2+squeeze4.1 [09 Jan 2013] DSA-2603-1 emacs23 - programming error {CVE-2012-3479} [squeeze] - emacs23 23.2+1-7+squeeze1 [08 Jan 2013] DSA-2602-1 zendframework - XML external entity inclusion {CVE-2012-5657} [squeeze] - zendframework 1.10.6-1squeeze2 [06 Jan 2013] DSA-2601-1 gnupg - missing input sanitation {CVE-2012-6085} [squeeze] - gnupg 1.4.10-4+squeeze1 [squeeze] - gnupg2 2.0.14-2+squeeze1 [06 Jan 2013] DSA-2600-1 cups - privilege escalation {CVE-2012-5519} [squeeze] - cups 1.4.4-7+squeeze2 [06 Jan 2013] DSA-2599-1 nss - mis-issued intermediates [squeeze] - nss 3.12.8-1+squeeze6 [04 Jan 2013] DSA-2598-1 weechat - several {CVE-2011-1428 CVE-2012-5534} [squeeze] - weechat 0.3.2-1+squeeze1 [04 Jan 2013] DSA-2597-1 rails - input validation error {CVE-2012-6496 CVE-2012-6497} [squeeze] - rails 2.3.5-1.2+squeeze4 [30 Dec 2012] DSA-2596-1 mediawiki-extensions - cross-site scripting in RSSReader extension {CVE-2012-6453} [squeeze] - mediawiki-extensions 2.3squeeze2 [30 Dec 2012] DSA-2595-1 ghostscript - buffer overflow {CVE-2012-4405} [squeeze] - ghostscript 8.71~dfsg2-9+squeeze1 [30 Dec 2012] DSA-2594-1 virtualbox-ose - programming error {CVE-2012-3221} [squeeze] - virtualbox-ose 3.2.10-dfsg-1+squeeze1 [29 Dec 2012] DSA-2593-1 moin - several {CVE-2012-6080 CVE-2012-6081 CVE-2012-6082 CVE-2012-6495} [squeeze] - moin 1.9.3-1+squeeze4 [28 Dec 2012] DSA-2592-1 elinks - programming error {CVE-2012-4545} [squeeze] - elinks 0.12~pre5-2+squeeze1 [27 Dec 2012] DSA-2591-1 mahara - several {CVE-2012-2239 CVE-2012-2243 CVE-2012-2244 CVE-2012-2246 CVE-2012-2247 CVE-2012-2253 CVE-2012-6037} [squeeze] - mahara 1.2.6-2+squeeze6 [26 Dec 2012] DSA-2590-1 wireshark - several {CVE-2012-4048 CVE-2012-4296} [squeeze] - wireshark 1.2.11-6+squeeze8 [16 Dec 2012] DSA-2589-1 tiff - buffer overflow {CVE-2012-5581} [squeeze] - tiff 3.9.4-5+squeeze8 [16 Dec 2012] DSA-2588-1 icedove - several {CVE-2012-4201 CVE-2012-4207 CVE-2012-4216 CVE-2012-5829 CVE-2012-5842} [squeeze] - icedove 3.0.11-1+squeeze15 [11 Dec 2012] DSA-2587-1 libcgi-pm-perl - HTTP header injection {CVE-2012-5526} [squeeze] - libcgi-pm-perl 3.49-1squeeze2 [11 Dec 2012] DSA-2586-1 perl - several {CVE-2012-5195 CVE-2012-5526} [squeeze] - perl 5.10.1-17squeeze4 [11 Dec 2012] DSA-2585-1 bogofilter - heap-based buffer overflow {CVE-2012-5468} [squeeze] - bogofilter 1.2.2-2+squeeze1 [08 Dec 2012] DSA-2584-1 iceape - several {CVE-2012-4201 CVE-2012-4207 CVE-2012-4216 CVE-2012-5829 CVE-2012-5842} [squeeze] - iceape 2.0.11-17 [08 Dec 2012] DSA-2583-1 iceweasel - several {CVE-2012-4201 CVE-2012-4207 CVE-2012-4216 CVE-2012-5829 CVE-2012-5842} [squeeze] - iceweasel 3.5.16-20 [07 Dec 2012] DSA-2582-1 xen - denial of service {CVE-2011-3131 CVE-2012-4535 CVE-2012-4537 CVE-2012-4538 CVE-2012-4539 CVE-2012-5510 CVE-2012-5513 CVE-2012-5514 CVE-2012-5515} [squeeze] - xen 4.0.1-5.5 [04 Dec 2012] DSA-2581-1 mysql-5.1 - several {CVE-2012-3150 CVE-2012-3158 CVE-2012-3160 CVE-2012-3163 CVE-2012-3166 CVE-2012-3167 CVE-2012-3173 CVE-2012-3177 CVE-2012-3180 CVE-2012-3197 CVE-2012-5611} [squeeze] - mysql-5.1 5.1.66-0+squeeze1 [02 Dec 2012] DSA-2580-1 libxml2 - buffer overflow {CVE-2012-5134} [squeeze] - libxml2 2.7.8.dfsg-2+squeeze6 [30 Nov 2012] DSA-2579-1 apache2 - several {CVE-2012-4557 CVE-2012-4929} [squeeze] - apache2 2.2.16-6+squeeze10 [28 Nov 2012] DSA-2578-1 rssh - several {CVE-2012-2251 CVE-2012-2252} [squeeze] - rssh 2.3.2-13squeeze3 [01 Dec 2012] DSA-2577-1 libssh - several {CVE-2012-4559 CVE-2012-4561 CVE-2012-4562 CVE-2012-6063} [squeeze] - libssh 0.4.5-3+squeeze1 [23 Nov 2012] DSA-2576-1 trousers - denial of service {CVE-2012-0698} [squeeze] - trousers 0.3.5-2+squeeze1 [18 Nov 2012] DSA-2575-1 tiff - heap overflow {CVE-2012-4564} [squeeze] - tiff 3.9.4-5+squeeze7 [15 Nov 2012] DSA-2574-1 typo3-src - several {CVE-2012-6144 CVE-2012-6145 CVE-2012-6146 CVE-2012-6147} [squeeze] - typo3-src 4.3.9+dfsg1-1+squeeze7 [10 Nov 2012] DSA-2573-1 radsecproxy - SSL certificate verification weakness {CVE-2012-4523 CVE-2012-4566} [squeeze] - radsecproxy 1.4-1+squeeze1 [04 Nov 2012] DSA-2572-1 iceape - several {CVE-2012-3982 CVE-2012-3986 CVE-2012-3990 CVE-2012-3991 CVE-2012-4179 CVE-2012-4180 CVE-2012-4182 CVE-2012-4186 CVE-2012-4188} [squeeze] - iceape 2.0.11-16 [04 Nov 2012] DSA-2571-1 libproxy - buffer overflow {CVE-2012-4505} [squeeze] - libproxy 0.3.1-2+squeeze1 [18 Oct 2012] DSA-2570-1 openoffice.org - remote {CVE-2012-4233} [squeeze] - openoffice.org 1:3.2.1-11+squeeze8 [29 Oct 2012] DSA-2569-1 icedove - several {CVE-2012-3982 CVE-2012-3986 CVE-2012-3990 CVE-2012-3991 CVE-2012-4179 CVE-2012-4180 CVE-2012-4182 CVE-2012-4186 CVE-2012-4188} [squeeze] - icedove 3.0.11-1+squeeze14 [26 Oct 2012] DSA-2568-1 rtfm - privilege escalation {CVE-2012-4731} [squeeze] - rtfm 2.4.2-4+squeeze2 [26 Oct 2012] DSA-2567-1 request-tracker3.8 - several {CVE-2012-4730 CVE-2012-4732 CVE-2012-4734 CVE-2012-4884 CVE-2012-6578 CVE-2012-6579 CVE-2012-6580 CVE-2012-6581} [squeeze] - request-tracker3.8 3.8.8-7+squeeze6 [26 Oct 2012] DSA-2566-1 exim4 - heap overflow {CVE-2012-5671} [squeeze] - exim4 4.72-6+squeeze3 [23 Oct 2012] DSA-2565-1 iceweasel - several {CVE-2012-3982 CVE-2012-3986 CVE-2012-3990 CVE-2012-3991 CVE-2012-4179 CVE-2012-4180 CVE-2012-4182 CVE-2012-4186 CVE-2012-4188} [squeeze] - iceweasel 3.5.16-19 [23 Oct 2012] DSA-2564-1 tinyproxy - denial of service {CVE-2012-3505} [squeeze] - tinyproxy 1.8.2-1squeeze3 [23 Oct 2012] DSA-2563-1 viewvc - several {CVE-2009-5024 CVE-2012-3356 CVE-2012-3357 CVE-2012-4533} [squeeze] - viewvc 1.1.5-1.1+squeeze2 [23 Oct 2012] DSA-2562-1 cups-pk-helper - privilege escalation {CVE-2012-4510} [squeeze] - cups-pk-helper 0.1.0-3 [21 Oct 2012] DSA-2561-1 tiff - buffer overflow {CVE-2012-4447} [squeeze] - tiff 3.9.4-5+squeeze6 [20 Oct 2012] DSA-2560-1 bind9 - denial of service {CVE-2012-5166} [squeeze] - bind9 1:9.7.3.dfsg-1~squeeze8 [17 Oct 2012] DSA-2559-1 libexif - several {CVE-2012-2812 CVE-2012-2813 CVE-2012-2814 CVE-2012-2836 CVE-2012-2837 CVE-2012-2840 CVE-2012-2841} [squeeze] - libexif 0.6.19-1+squeeze1 [08 Oct 2012] DSA-2558-1 bacula - information disclosure {CVE-2012-4430} [squeeze] - bacula 5.0.2-2.2+squeeze1 [08 Oct 2012] DSA-2557-1 hostapd - denial of service {CVE-2012-4445} [squeeze] - hostapd 1:0.6.10-2+squeeze1 [07 Oct 2012] DSA-2556-1 icedove - several {CVE-2012-1970 CVE-2012-1972 CVE-2012-1973 CVE-2012-1974 CVE-2012-1975 CVE-2012-1976 CVE-2012-3959 CVE-2012-3962 CVE-2012-3969 CVE-2012-3972 CVE-2012-3978} [squeeze] - icedove 3.0.11-1+squeeze13 [05 Oct 2012] DSA-2555-1 libxslt - several {CVE-2012-2870 CVE-2012-2871 CVE-2012-2893} [squeeze] - libxslt 1.1.26-6+squeeze2 [26 Sep 2012] DSA-2554-1 iceape - several {CVE-2012-1970 CVE-2012-1972 CVE-2012-1973 CVE-2012-1974 CVE-2012-1975 CVE-2012-1976 CVE-2012-3959 CVE-2012-3962 CVE-2012-3969 CVE-2012-3972 CVE-2012-3978} [squeeze] - iceape 2.0.11-15 [24 Sep 2012] DSA-2553-1 iceweasel - several {CVE-2012-1970 CVE-2012-1972 CVE-2012-1973 CVE-2012-1974 CVE-2012-1975 CVE-2012-1976 CVE-2012-3959 CVE-2012-3962 CVE-2012-3969 CVE-2012-3972 CVE-2012-3978} [squeeze] - iceweasel 3.5.16-18 [26 Sep 2012] DSA-2552-1 tiff - several {CVE-2010-2482 CVE-2010-2595 CVE-2010-2597 CVE-2010-2630 CVE-2010-4665 CVE-2012-2088 CVE-2012-2113 CVE-2012-3401} [squeeze] - tiff 3.9.4-5+squeeze5 [23 Sep 2012] DSA-2551-1 isc-dhcp - denial of service {CVE-2012-3955} [squeeze] - isc-dhcp 4.1.1-P1-15+squeeze8 [18 Sep 2012] DSA-2550-1 asterisk - several {CVE-2012-2186 CVE-2012-3812 CVE-2012-3863 CVE-2012-4737} [squeeze] - asterisk 1:1.6.2.9-2+squeeze7 [15 Sep 2012] DSA-2480-4 request-tracker3.8 - regression [squeeze] - request-tracker3.8 3.8.8-7+squeeze5 [15 Sep 2012] DSA-2549-1 devscripts - multiple {CVE-2012-2240 CVE-2012-2241 CVE-2012-2242 CVE-2012-3500} [squeeze] - devscripts 2.10.69+squeeze4 [13 Sep 2012] DSA-2548-1 tor - several {CVE-2012-3518 CVE-2012-3519 CVE-2012-4419 CVE-2012-4922} [squeeze] - tor 0.2.2.39-1 NOTE: also used in duplicate for the security team's key expiration notice NOTE: https://lists.debian.org/debian-security-announce/2012/msg00189.html [12 Sep 2012] DSA-2547-1 bind9 - improper assert {CVE-2012-4244} [squeeze] - bind9 1:9.7.3.dfsg-1~squeeze7 [11 Sep 2012] DSA-2546-1 freeradius - code execution {CVE-2012-3547} [squeeze] - freeradius 2.1.10+dfsg-2+squeeze1 [08 Sep 2012] DSA-2545-1 qemu - multiple {CVE-2012-2652 CVE-2012-3515} [squeeze] - qemu 0.12.5+dfsg-3squeeze2 [08 Sep 2012] DSA-2544-1 xen - denial of service {CVE-2012-3494 CVE-2012-3496} [squeeze] - xen 4.0.1-5.4 [08 Sep 2012] DSA-2543-1 xen-qemu-dm-4.0 - multiple {CVE-2012-3515 CVE-2012-4411} [squeeze] - xen-qemu-dm-4.0 4.0.1-2+squeeze2 [08 Sep 2012] DSA-2542-1 qemu-kvm - multiple {CVE-2012-2652 CVE-2012-3515} [squeeze] - qemu-kvm 0.12.5+dfsg-5+squeeze9 [07 Sep 2012] DSA-2541-1 beaker - information disclosure {CVE-2012-3458} [squeeze] - beaker 1.5.4-4+squeeze1 [07 Sep 2012] DSA-2540-1 mahara - cross-site scripting {CVE-2012-2237} [squeeze] - mahara 1.2.6-2+squeeze5 [06 Sep 2012] DSA-2539-1 zabbix - SQL injection {CVE-2012-3435} [squeeze] - zabbix 1:1.8.2-1squeeze4 [05 Sep 2012] DSA-2538-1 moin - privilege escalation {CVE-2012-4404} [squeeze] - moin 1.9.3-1+squeeze2 [30 Aug 2012] DSA-2537-1 typo3-src - several {CVE-2012-3527 CVE-2012-3528 CVE-2012-3529 CVE-2012-3530 CVE-2012-3531} [squeeze] - typo3-src 4.3.9+dfsg1-1+squeeze5 [30 Aug 2012] DSA-2536-1 otrs2 - cross-site scripting {CVE-2012-2582 CVE-2012-4600} [squeeze] - otrs2 2.4.9+dfsg1-3+squeeze3 [29 Aug 2012] DSA-2535-1 rtfm - cross-site scripting {CVE-2012-2768} [squeeze] - rtfm 2.4.2-4+squeeze1 [25 Aug 2012] DSA-2534-1 postgresql-8.4 - several {CVE-2012-3488 CVE-2012-3489} [squeeze] - postgresql-8.4 8.4.13-0squeeze1 [23 Aug 2012] DSA-2533-1 pcp - several {CVE-2012-3418 CVE-2012-3419 CVE-2012-3420 CVE-2012-3421} [squeeze] - pcp 3.3.3-squeeze2 [22 Aug 2012] DSA-2532-1 libapache2-mod-rpaf - denial of service {CVE-2012-3526} [squeeze] - libapache2-mod-rpaf 0.5-3+squeeze1 [18 Aug 2012] DSA-2531-1 xen - several {CVE-2012-3432 CVE-2012-3433} [squeeze] - xen 4.0.1-5.3 [15 Aug 2012] DSA-2530-1 rssh - shell command injection {CVE-2012-3478} [squeeze] - rssh 2.3.2-13squeeze1 [14 Aug 2012] DSA-2529-1 python-django - several {CVE-2012-3442 CVE-2012-3443 CVE-2012-3444} [squeeze] - python-django 1.2.3-3+squeeze3 [14 Aug 2012] DSA-2528-1 icedove - several {CVE-2012-1948 CVE-2012-1950 CVE-2012-1954 CVE-2012-1967} [squeeze] - icedove 3.0.11-1+squeeze12 [13 Aug 2012] DSA-2527-1 php5 - several {CVE-2012-2688 CVE-2012-3450} [squeeze] - php5 5.3.3-7+squeeze14 [12 Aug 2012] DSA-2526-1 libotr - buffer overflow {CVE-2012-3461} [squeeze] - libotr 3.2.0-2+squeeze1 [06 Aug 2012] DSA-2525-1 expat - several {CVE-2012-0876 CVE-2012-1148} [squeeze] - expat 2.0.1-7+squeeze1 [06 Aug 2012] DSA-2524-1 openttd - several {CVE-2012-0049 CVE-2012-3436} [squeeze] - openttd 1.0.4-6 [06 Aug 2012] DSA-2523-1 globus-gridftp-server - programming error {CVE-2012-3292} [squeeze] - globus-gridftp-server 3.23-1+squeeze1 [05 Aug 2012] DSA-2522-1 fckeditor - cross site scripting {CVE-2012-4000} [squeeze] - fckeditor 1:2.6.6-1squeeze1 [04 Aug 2012] DSA-2521-1 libxml2 - integer overflows {CVE-2012-2807} [squeeze] - libxml2 2.7.8.dfsg-2+squeeze5 [04 Aug 2012] DSA-2519-2 isc-dhcp - denial of service {CVE-2012-3571 CVE-2012-3954 CVE-2011-4539} [squeeze] - isc-dhcp 4.1.1-P1-15+squeeze6 [01 Aug 2012] DSA-2520-1 openoffice.org - Multiple heap-based buffer overflows {CVE-2012-2665} [squeeze] - openoffice.org 1:3.2.1-11+squeeze7 [01 Aug 2012] DSA-2519-1 isc-dhcp - denial of service {CVE-2012-3571 CVE-2012-3954 CVE-2011-4539} [squeeze] - isc-dhcp 4.1.1-P1-15+squeeze5 [31 Jul 2012] DSA-2518-1 krb5 - denial of service {CVE-2012-1014 CVE-2012-1015} [squeeze] - krb5 1.8.3+dfsg-4squeeze6 [30 Jul 2012] DSA-2517-1 bind9 - denial of service {CVE-2012-3817} [squeeze] - bind9 1:9.7.3.dfsg-1~squeeze6 [26 Jul 2012] DSA-2516-1 isc-dhcp - denial of service {CVE-2012-3571 CVE-2012-3954} [squeeze] - isc-dhcp 4.1.1-P1-15+squeeze4 [19 Jul 2012] DSA-2515-1 nsd3 - null pointer dereference {CVE-2012-2978} [squeeze] - nsd3 3.2.5-1.squeeze2 [17 Jul 2012] DSA-2514-1 iceweasel - several vulnerabilities {CVE-2012-1948 CVE-2012-1950 CVE-2012-1954 CVE-2012-1966 CVE-2012-1967} [squeeze] - iceweasel 3.5.16-17 [17 Jul 2012] DSA-2513-1 iceape - several vulnerabilities {CVE-2012-1948 CVE-2012-1954 CVE-2012-1967} [squeeze] - iceape 2.0.11-14 [12 Jul 2012] DSA-2512-1 mono - missing input sanitising {CVE-2012-3382} [squeeze] - mono 2.6.7-5.1 [12 Jul 2012] DSA-2511-1 puppet - several {CVE-2012-3864 CVE-2012-3865 CVE-2012-3866 CVE-2012-3867} [squeeze] - puppet 2.6.2-5+squeeze6 [12 Jul 2012] DSA-2510-1 extplorer - Cross-site request forgery {CVE-2012-3362} [squeeze] - extplorer 2.1.0b6+dfsg.2-1+squeeze1 [08 Jul 2012] DSA-2509-1 pidgin - remote code execution {CVE-2012-3374} [squeeze] - pidgin 2.7.3-1+squeeze3 [08 Jul 2012] DSA-2508-1 kfreebsd-8 - privilege escalation {CVE-2012-0217} [squeeze] - kfreebsd-8 8.1+dfsg-8+squeeze3 [04 Jul 2012] DSA-2507-1 openjdk-6 - several {CVE-2012-1711 CVE-2012-1713 CVE-2012-1716 CVE-2012-1717 CVE-2012-1718 CVE-2012-1719 CVE-2012-1723 CVE-2012-1724 CVE-2012-1725} [squeeze] - openjdk-6 6b18-1.8.13-0+squeeze2 [02 Jul 2012] DSA-2506-1 libapache-mod-security - modsecurity bypass {CVE-2012-2751} [squeeze] - libapache-mod-security 2.5.12-1+squeeze1 [29 Jun 2012] DSA-2505-1 zendframework - information disclosure {CVE-2012-3363} [squeeze] - zendframework 1.10.6-1squeeze1 [28 Jun 2012] DSA-2504-1 libspring-2.5-java - information disclosure {CVE-2011-2730} [squeeze] - libspring-2.5-java 2.5.6.SEC02-2+squeeze1 [28 Jun 2012] DSA-2503-1 bcfg2 - shell command injection {CVE-2012-3366} [squeeze] - bcfg2 1.0.1-3+squeeze2 [24 Jun 2012] DSA-2502-1 python-crypto - programming error {CVE-2012-2417} [squeeze] - python-crypto 2.1.0-2+squeeze1 [24 Jun 2012] DSA-2501-1 xen - several {CVE-2012-0217 CVE-2012-0218 CVE-2012-2934} [squeeze] - xen 4.0.1-5.2 [24 Jun 2012] DSA-2500-1 mantis - several {CVE-2012-1118 CVE-2012-1119 CVE-2012-1120 CVE-2012-1122 CVE-2012-1123 CVE-2012-2692} [squeeze] - mantis 1.1.8+dfsg-10squeeze2 [24 Jun 2012] DSA-2499-1 icedove - several {CVE-2012-1937 CVE-2012-1940 CVE-2012-1947} [squeeze] - icedove 3.0.11-1+squeeze11 [23 Jun 2012] DSA-2498-1 dhcpcd - remote stack overflow {CVE-2012-2152} [squeeze] - dhcpcd 1:3.2.3-5+squeeze1 [20 Jun 2012] DSA-2497-1 quagga - denial of service {CVE-2012-1820} [squeeze] - quagga 0.99.20.1-0+squeeze3 [18 Jun 2012] DSA-2496-1 mysql-5.1 - several {CVE-2012-0540 CVE-2012-0583 CVE-2012-1688 CVE-2012-1689 CVE-2012-1690 CVE-2012-1703 CVE-2012-1734 CVE-2012-2102 CVE-2012-2122 CVE-2012-2749} [squeeze] - mysql-5.1 5.1.63-0+squeeze1 [16 Jun 2012] DSA-2495-1 openconnect - buffer overflow {CVE-2012-3291} [squeeze] - openconnect 2.25-0.1+squeeze1 [12 Jun 2012] DSA-2494-1 ffmpeg - several {CVE-2011-3951 CVE-2011-3952 CVE-2012-0851 CVE-2012-0852} [squeeze] - ffmpeg 4:0.5.9-1 [12 Jun 2012] DSA-2493-1 asterisk - denial of service {CVE-2012-2947 CVE-2012-2948} [squeeze] - asterisk 1:1.6.2.9-2+squeeze6 [10 Jun 2012] DSA-2492-1 php5 - buffer overflow {CVE-2012-2386} [squeeze] - php5 5.3.3-7+squeeze13 [09 Jun 2012] DSA-2491-1 postgresql-8.4 - several {CVE-2012-2143 CVE-2012-2655} [squeeze] - postgresql-8.4 8.4.12-0squeeze1 [07 Jun 2012] DSA-2490-1 nss - denial of service {CVE-2012-0441} [squeeze] - nss 3.12.8-1+squeeze5 [07 Jun 2012] DSA-2489-1 iceape - several vulnerabilities {CVE-2012-1937 CVE-2012-1940 CVE-2012-1947} [squeeze] - iceape 2.0.11-13 [07 Jun 2012] DSA-2488-1 iceweasel - several vulnerabilities {CVE-2012-1937 CVE-2012-1940 CVE-2012-1947} [squeeze] - iceweasel 3.5.16-16 [07 Jun 2012] DSA-2487-1 openoffice.org - buffer overflow {CVE-2012-1149 CVE-2012-2334} [squeeze] - openoffice.org 1:3.2.1-11+squeeze6 [07 Jun 2012] DSA-2480-3 request-tracker3.8 - regression [squeeze] - request-tracker3.8 3.8.8-7+squeeze4 [05 Jun 2012] DSA-2486-1 bind9 - denial of service {CVE-2012-1667} [squeeze] - bind9 1:9.7.3.dfsg-1~squeeze5 [03 Jun 2012] DSA-2485-1 imp4 - cross site scripting {CVE-2012-0791} [squeeze] - imp4 4.3.7+debian0-2.2 [02 Jun 2012] DSA-2484-1 nut - denial of service {CVE-2012-2944} [squeeze] - nut 2.4.3-1.1squeeze2 [31 May 2012] DSA-2483-1 strongswan - authentication bypass {CVE-2012-2388} [squeeze] - strongswan 4.4.1-5.2 [24 May 2012] DSA-2480-2 request-tracker3.8 - regression [squeeze] - request-tracker3.8 3.8.8-7+squeeze3 [28 May 2012] DSA-2482-1 libgdata - no verification of TLS certificates against system root CA {CVE-2012-1177} [squeeze] - libgdata 0.6.4-2+squeeze1 [27 May 2012] DSA-2481-1 arpwatch - fails to drop supplementary groups {CVE-2012-2653} [squeeze] - arpwatch 2.1a15-1.1+squeeze1 [24 May 2012] DSA-2480-1 request-tracker3.8 - several {CVE-2011-2082 CVE-2011-2083 CVE-2011-2084 CVE-2011-2085 CVE-2011-4458 CVE-2011-4459 CVE-2011-4460} [squeeze] - request-tracker3.8 3.8.8-7+squeeze2 [23 May 2012] DSA-2479-1 libxml2 - off-by-one {CVE-2011-3102} [squeeze] - libxml2 2.7.8.dfsg-2+squeeze4 [23 May 2012] DSA-2478-1 sudo - parsing error {CVE-2012-2337} [squeeze] - sudo 1.7.4p4-2.squeeze.3 [20 May 2012] DSA-2477-1 sympa - authorization bypass {CVE-2012-2352} [squeeze] - sympa 6.0.1+dfsg-4+squeeze1 [19 May 2012] DSA-2476-1 pidgin-otr - format string vulnerability {CVE-2012-2369} [squeeze] - pidgin-otr 3.2.0-5+squeeze1 [17 May 2012] DSA-2475-1 openssl - integer underflow {CVE-2012-2333} [squeeze] - openssl 0.9.8o-4squeeze13 [16 May 2012] DSA-2474-1 ikiwiki - cross-site scripting {CVE-2012-0220} [squeeze] - ikiwiki 3.20100815.9 [16 May 2012] DSA-2473-1 openoffice.org - buffer overflow {CVE-2012-1149} [squeeze] - openoffice.org 1:3.2.1-11+squeeze5 [15 May 2012] DSA-2472-1 gridengine - privilege escalation {CVE-2012-0208} [squeeze] - gridengine 6.2u5-1squeeze1 [13 May 2012] DSA-2471-1 ffmpeg - several {CVE-2011-3892 CVE-2011-3893 CVE-2011-3895 CVE-2011-3929 CVE-2011-3936 CVE-2011-3940 CVE-2011-3947 CVE-2012-0853 CVE-2012-0859 CVE-2012-0947} [squeeze] - ffmpeg 4:0.5.8-1 [11 May 2012] DSA-2470-1 wordpress - several {CVE-2011-3122 CVE-2011-3125 CVE-2011-3126 CVE-2011-3127 CVE-2011-3128 CVE-2011-3129 CVE-2011-3130 CVE-2011-4956 CVE-2011-4957 CVE-2012-2399 CVE-2012-2400 CVE-2012-2401 CVE-2012-2402 CVE-2012-2403 CVE-2012-2404} [squeeze] - wordpress 3.3.2+dfsg-1~squeeze1 [09 May 2012] DSA-2469-1 linux-2.6 - several {CVE-2011-4086 CVE-2012-0879 CVE-2012-1601 CVE-2012-2123 CVE-2012-2133} [squeeze] - linux-2.6 2.6.32-44 [09 May 2012] DSA-2468-1 libjakarta-poi-java - unbounded memory allocation {CVE-2012-0213} [squeeze] - libjakarta-poi-java 3.6+dfsg-1+squeeze1 [09 May 2012] DSA-2467-1 mahara - insecure defaults {CVE-2012-2351} [squeeze] - mahara 1.2.6-2+squeeze4 [09 May 2012] DSA-2466-1 rails - cross site scripting {CVE-2012-1099} [squeeze] - rails 2.3.5-1.2+squeeze3 [09 May 2012] DSA-2465-1 php5 - several {CVE-2012-1172 CVE-2012-1823 CVE-2012-2311} [squeeze] - php5 5.3.3-7+squeeze9 [08 May 2012] DSA-2464-2 icedove - regression [squeeze] - icedove 3.0.11-1+squeeze10 [04 May 2012] DSA-2459-2 quagga - regression [squeeze] - quagga 0.99.20.1-0+squeeze2 [02 May 2012] DSA-2464-1 icedove - several {CVE-2012-0467 CVE-2012-0470 CVE-2012-0471 CVE-2012-0477 CVE-2012-0479} [squeeze] - icedove 3.0.11-1+squeeze9 [02 May 2012] DSA-2463-1 samba - missing permission checks {CVE-2012-2111} [squeeze] - samba 2:3.5.6~dfsg-3squeeze8 [29 Apr 2012] DSA-2462-1 imagemagick - several {CVE-2012-0259 CVE-2012-0260 CVE-2012-1185 CVE-2012-1186 CVE-2012-1610 CVE-2012-1798} [squeeze] - imagemagick 8:6.6.0.4-3+squeeze3 [26 Apr 2012] DSA-2461-1 spip - several [squeeze] - spip 2.1.1-3squeeze3 {CVE-2012-2151 CVE-2012-4331} [25 Apr 2012] DSA-2460-1 asterisk - several {CVE-2012-1183 CVE-2012-2414 CVE-2012-2415} [squeeze] - asterisk 1:1.6.2.9-2+squeeze5 [25 Apr 2012] DSA-2459-1 quagga - several {CVE-2012-0249 CVE-2012-0250 CVE-2012-0255} [squeeze] - quagga 0.99.20.1-0+squeeze1 [24 Apr 2012] DSA-2454-2 openssl - incomplete fix {CVE-2012-2131} [squeeze] - openssl 0.9.8o-4squeeze12 [24 Apr 2012] DSA-2458-1 iceape - several {CVE-2012-0455 CVE-2012-0456 CVE-2012-0458 CVE-2012-0461 CVE-2012-0467 CVE-2012-0470 CVE-2012-0471 CVE-2012-0477 CVE-2012-0479} [squeeze] - iceape 2.0.11-11 [24 Apr 2012] DSA-2457-1 iceweasel - several {CVE-2012-0467 CVE-2012-0470 CVE-2012-0471 CVE-2012-0477 CVE-2012-0479} [squeeze] - iceweasel 3.5.16-14 [23 Apr 2012] DSA-2456-1 dropbear - use after free {CVE-2012-0920} [squeeze] - dropbear 0.52-5+squeeze1 [20 Apr 2012] DSA-2455-1 typo3-src - cross site scripting {CVE-2012-2112} [squeeze] - typo3-src 4.3.9+dfsg1-1+squeeze4 [19 Apr 2012] DSA-2454-1 openssl - multiple {CVE-2006-7250 CVE-2012-0884 CVE-2012-1165 CVE-2012-2110} [squeeze] - openssl 0.9.8o-4squeeze11 [19 Apr 2012] DSA-2453-2 gajim - regression {CVE-2012-2093 CVE-2012-2086 CVE-2012-2085} [squeeze] - gajim 0.13.4-3+squeeze3 [16 Apr 2012] DSA-2453-1 gajim - several {CVE-2012-2093 CVE-2012-2086 CVE-2012-2085} [squeeze] - gajim 0.13.4-3+squeeze2 [13 Apr 2012] DSA-2452-1 apache2 - insecure default configuration {CVE-2012-0216} [squeeze] - apache2 2.2.16-6+squeeze7 [13 Apr 2012] DSA-2451-1 puppet - several {CVE-2012-1906 CVE-2012-1986 CVE-2012-1987 CVE-2012-1988} [squeeze] - puppet 2.6.2-5+squeeze5 [12 Apr 2012] DSA-2450-1 samba - privilege escalation {CVE-2012-1182} [squeeze] - samba 2:3.5.6~dfsg-3squeeze7 [12 Apr 2012] DSA-2449-1 sqlalchemy - missing input sanitization {CVE-2012-0805} [squeeze] - sqlalchemy 0.6.3-3+squeeze1 [08 Apr 2012] DSA-2448-1 inspircd - buffer overflow {CVE-2012-1836} [squeeze] - inspircd 1.1.22+dfsg-4+squeeze1 [wheezy] - inspircd 1.1.22+dfsg-4+wheezy1 [04 Apr 2012] DSA-2447-1 tiff - integer overflow {CVE-2012-1173} [squeeze] - tiff 3.9.4-5+squeeze4 [04 Apr 2012] DSA-2446-1 libpng - incorrect memory handling {CVE-2011-3048} [squeeze] - libpng 1.2.44-1+squeeze4 [31 Mar 2012] DSA-2442-2 openarena - UDP traffic amplification [squeeze] - openarena 0.8.5-5+squeeze3 [31 Mar 2012] DSA-2445-1 typo3-src - several {CVE-2012-1606 CVE-2012-1607 CVE-2012-1608} [squeeze] - typo3-src 4.3.9+dfsg1-1+squeeze3 [29 Mar 2012] DSA-2444-1 tryton-server - privilege escalation {CVE-2012-0215} [squeeze] - tryton-server 1.6.1-2+squeeze1 [26 Mar 2012] DSA-2443-1 linux-2.6 - several {CVE-2009-4307 CVE-2011-1833 CVE-2011-4127 CVE-2011-4347 CVE-2012-0045 CVE-2012-1090 CVE-2012-1097} [squeeze] - linux-2.6 2.6.32-41squeeze2 [26 Mar 2012] DSA-2442-1 openarena - UDP traffic amplification {CVE-2010-5077} [squeeze] - openarena 0.8.5-5+squeeze2 [25 Mar 2012] DSA-2441-1 gnutls26 - missing bounds check {CVE-2012-1573} [squeeze] - gnutls26 2.8.6-1+squeeze2 [24 Mar 2012] DSA-2440-1 libtasn1-3 - integer overflow {CVE-2012-1569} [squeeze] - libtasn1-3 2.7-1+squeeze+1 [22 Mar 2012] DSA-2439-1 libpng - buffer overflow {CVE-2011-3045} [squeeze] - libpng 1.2.44-1+squeeze3 [22 Mar 2012] DSA-2438-1 raptor - programming error {CVE-2012-0037} [squeeze] - raptor 1.4.21-2+squeeze1 [21 Mar 2012] DSA-2437-1 icedove - several {CVE-2012-0455 CVE-2012-0456 CVE-2012-0458 CVE-2012-0461} [squeeze] - icedove 3.0.11-1+squeeze8 [19 Mar 2012] DSA-2436-1 libapache2-mod-fcgid - inactive resource limits {CVE-2012-1181} [squeeze] - libapache2-mod-fcgid 1:2.3.6-1+squeeze1 [19 Mar 2012] DSA-2435-1 gnash - several {CVE-2010-4337 CVE-2011-4328 CVE-2012-1175} [squeeze] - gnash 0.8.8-5+squeeze1 [19 Mar 2012] DSA-2434-1 nginx - sensitive information leak {CVE-2012-1180} [squeeze] - nginx 0.7.67-3+squeeze2 [15 Mar 2012] DSA-2433-1 iceweasel - several {CVE-2012-0455 CVE-2012-0456 CVE-2012-0458 CVE-2012-0461} [squeeze] - iceweasel 3.5.16-13 [12 Mar 2012] DSA-2432-1 libyaml-libyaml-perl - format string vulnerability {CVE-2012-1152} [squeeze] - libyaml-libyaml-perl 0.33-1+squeeze1 [11 Mar 2012] DSA-2431-1 libdbd-pg-perl - format string vulnerabilities {CVE-2012-1151} [squeeze] - libdbd-pg-perl 2.17.1-2+squeeze1 [10 Mar 2012] DSA-2430-1 python-pam - double free {CVE-2012-1502} [squeeze] - python-pam 0.4.2-12.2+squeeze1 [07 Mar 2012] DSA-2429-1 mysql-5.1 - several {CVE-2011-2262 CVE-2012-0075 CVE-2012-0087 CVE-2012-0101 CVE-2012-0102 CVE-2012-0112 CVE-2012-0113 CVE-2012-0114 CVE-2012-0115 CVE-2012-0116 CVE-2012-0118 CVE-2012-0119 CVE-2012-0120 CVE-2012-0484 CVE-2012-0485 CVE-2012-0490 CVE-2012-0492} [squeeze] - mysql-5.1 5.1.61-0+squeeze1 [07 Mar 2012] DSA-2428-1 freetype - several {CVE-2012-1133 CVE-2012-1134 CVE-2012-1136 CVE-2012-1142 CVE-2012-1144} [squeeze] - freetype 2.4.2-2.1+squeeze4 [06 Mar 2012] DSA-2427-1 imagemagick - several {CVE-2012-0247 CVE-2012-0248} [squeeze] - imagemagick 8:6.6.0.4-3+squeeze1 [06 Mar 2012] DSA-2426-1 gimp - several {CVE-2010-4540 CVE-2010-4541 CVE-2010-4542 CVE-2010-4543 CVE-2011-1782 CVE-2011-2896} [squeeze] - gimp 2.6.10-1+squeeze3 [04 Mar 2012] DSA-2425-1 plib - buffer overflow {CVE-2011-4620} [squeeze] - plib 1.8.5-5+squeeze1 [04 Mar 2012] DSA-2424-1 libxml-atom-perl - XML entity expansion {CVE-2012-1102} [squeeze] - libxml-atom-perl 0.37-1+squeeze1 [02 Mar 2012] DSA-2423-1 movabletype-opensource - several {CVE-2012-1497 CVE-2012-1262 CVE-2012-0320 CVE-2012-0319 CVE-2012-0318 CVE-2012-0317 CVE-2011-5085 CVE-2011-5084} [squeeze] - movabletype-opensource 4.3.8+dfsg-0+squeeze2 [29 Feb 2012] DSA-2422-1 file - missing bounds check {CVE-2012-1571} [squeeze] - file 5.04-5+squeeze1 [29 Feb 2012] DSA-2421-1 moodle - several {CVE-2011-4308 CVE-2011-4584 CVE-2011-4585 CVE-2011-4586 CVE-2011-4587 CVE-2011-4588 CVE-2012-0792 CVE-2012-0793 CVE-2012-0794 CVE-2012-0795 CVE-2012-0796} [squeeze] - moodle 1.9.9.dfsg2-2.1+squeeze3 [28 Feb 2012] DSA-2420-1 openjdk-6 - several {CVE-2011-3377 CVE-2011-3563 CVE-2011-5035 CVE-2012-0497 CVE-2012-0501 CVE-2012-0502 CVE-2012-0503 CVE-2012-0505 CVE-2012-0506 CVE-2012-0507} [squeeze] - openjdk-6 6b18-1.8.13-0+squeeze1 [27 Feb 2012] DSA-2419-1 puppet - several {CVE-2012-1053 CVE-2012-1054} [squeeze] - puppet 2.6.2-5+squeeze4 [27 Feb 2012] DSA-2418-1 postgresql-8.4 - several {CVE-2012-0866 CVE-2012-0867 CVE-2012-0868} [squeeze] - postgresql-8.4 8.4.11-0squeeze1 [25 Feb 2012] DSA-2414-2 fex - regression [squeeze] - fex 20100208+debian1-1+squeeze3 [22 Feb 2012] DSA-2417-1 libxml2 - denial of service {CVE-2012-0841} [squeeze] - libxml2 2.7.8.dfsg-2+squeeze3 [22 Feb 2012] DSA-2416-1 notmuch - information disclosure {CVE-2012-1103} [squeeze] - notmuch 0.3.1+squeeze1 [21 Feb 2012] DSA-2415-1 libmodplug - several {CVE-2011-1761 CVE-2011-2911 CVE-2011-2912 CVE-2011-2913 CVE-2011-2914 CVE-2011-2915} [squeeze] - libmodplug 1:0.8.8.1-1+squeeze2 [21 Feb 2012] DSA-2414-1 fex - cross-site scripting {CVE-2012-0869 CVE-2012-1293} [squeeze] - fex 20100208+debian1-1+squeeze2 [20 Feb 2012] DSA-2413-1 libarchive - buffer overflows {CVE-2011-1777 CVE-2011-1778} [squeeze] - libarchive 2.8.4-1+squeeze1 [19 Feb 2012] DSA-2412-1 libvorbis - buffer overflow {CVE-2012-0444} [squeeze] - libvorbis 1.3.1-1+squeeze1 [19 Feb 2012] DSA-2411-1 mumble - information disclosure {CVE-2012-0863} [squeeze] - mumble 1.2.2-6+squeeze1 [15 Feb 2012] DSA-2410-1 libpng - integer overflow {CVE-2011-3026} [squeeze] - libpng 1.2.44-1+squeeze2 [15 Feb 2012] DSA-2409-1 devscripts - several {CVE-2012-0210 CVE-2012-0211 CVE-2012-0212} [squeeze] - devscripts 2.10.69+squeeze2 [13 Feb 2012] DSA-2408-1 php5 - several {CVE-2011-1072 CVE-2011-4153 CVE-2012-0781 CVE-2012-0788 CVE-2012-0831 CVE-2010-4697 CVE-2011-1092 CVE-2011-1148 CVE-2011-1464 CVE-2011-1467 CVE-2011-1468 CVE-2011-1469 CVE-2011-1470 CVE-2011-1657 CVE-2011-3182 CVE-2011-3267} [squeeze] - php5 5.3.3-7+squeeze8 [09 Feb 2012] DSA-2407-1 cvs - heap overflow {CVE-2012-0804} [squeeze] - cvs 1:1.12.13-12+squeeze1 [09 Feb 2012] DSA-2406-1 icedove - several {CVE-2011-3670 CVE-2012-0442 CVE-2012-0444 CVE-2012-0449} [squeeze] - icedove 3.0.11-1+squeeze7 [06 Feb 2012] DSA-2405-1 apache2 - multiple issues {CVE-2011-3368 CVE-2011-3607 CVE-2011-3639 CVE-2011-4317 CVE-2012-0031 CVE-2012-0053} [squeeze] - apache2 2.2.16-6+squeeze6 [lenny] - apache2 2.2.9-10+lenny12 [05 Feb 2012] DSA-2404-1 xen-qemu-dm-4.0 - buffer overflow {CVE-2012-0029} [squeeze] - xen-qemu-dm-4.0 4.0.1-2+squeeze1 [04 Feb 2012] DSA-2384-2 cacti - several [lenny] - cacti 0.8.7b-2.1+lenny5 [02 Feb 2012] DSA-2403-1 php5 - code injection {CVE-2012-0830} [squeeze] - php5 5.3.3-7+squeeze7 [lenny] - php5 5.2.6.dfsg.1-1+lenny16 [02 Feb 2012] DSA-2402-1 iceape - several {CVE-2011-3670 CVE-2012-0442 CVE-2012-0444 CVE-2012-0449 } [squeeze] - iceape 2.0.11-10 [02 Feb 2012] DSA-2401-1 tomcat6 - several {CVE-2011-1184 CVE-2011-2204 CVE-2011-2526 CVE-2011-3190 CVE-2011-3375 CVE-2011-4858 CVE-2011-5062 CVE-2011-5063 CVE-2011-5064 CVE-2012-0022 } [squeeze] - tomcat6 6.0.35-1+squeeze2 [02 Feb 2012] DSA-2400-1 iceweasel - several {CVE-2011-3670 CVE-2012-0442 CVE-2012-0444 CVE-2012-0449 } [squeeze] - iceweasel 3.5.16-12 [lenny] - xulrunner 1.9.0.19-16 [31 Jan 2012] DSA-2399-1 php5 - several {CVE-2011-1938 CVE-2011-2483 CVE-2011-4566 CVE-2011-4885 CVE-2012-0057} [squeeze] - php5 5.3.3-7+squeeze5 [lenny] - php5 5.2.6.dfsg.1-1+lenny14 [30 Jan 2012] DSA-2398-1 curl - several {CVE-2011-3389 CVE-2012-0036 } [lenny] - curl 7.18.2-8lenny6 [squeeze] - curl 7.21.0-2.1+squeeze1 [29 Jan 2012] DSA-2397-1 icu - buffer underflow {CVE-2011-4599} [squeeze] - icu 4.4.1-8 [lenny] - icu 3.8.1-3+lenny3 [27 Jan 2012] DSA-2396-1 qemu-kvm - buffer underflow {CVE-2012-0029} [squeeze] - qemu-kvm 0.12.5+dfsg-5+squeeze8 [27 Jan 2012] DSA-2395-1 wireshark - buffer underflow {CVE-2011-3483 CVE-2012-0041 CVE-2012-0042 CVE-2012-0066 CVE-2012-0067 CVE-2012-0068} [squeeze] - wireshark 1.2.11-6+squeeze6 [25 Jan 2012] DSA-2394-1 libxml2 - several {CVE-2011-0216 CVE-2011-2821 CVE-2011-2834 CVE-2011-3905 CVE-2011-3919} [squeeze] - libxml2 2.7.8.dfsg-2+squeeze2 [lenny] - libxml2 2.6.32.dfsg-5+lenny5 [24 Jan 2012] DSA-2393-1 bip - buffer overflow {CVE-2012-0806} [squeeze] - bip 0.8.2-1squeeze4 [23 Jan 2012] DSA-2392-1 openssl - out-of-bounds read {CVE-2012-0050} [lenny] - openssl 0.9.8g-15+lenny16 [squeeze] - openssl 0.9.8o-4squeeze7 [23 Jan 2012] DSA-2301-2 rails - several [squeeze] - rails 2.3.5-1.2+squeeze2 [lenny] - rails 2.1.0-7+lenny2 [22 Jan 2012] DSA-2391-1 phpmyadmin - several {CVE-2011-1940 CVE-2011-3181 CVE-2011-4107} [squeeze] - phpmyadmin 4:3.3.7-7 [15 Jan 2012] DSA-2390-1 openssl - several {CVE-2011-4108 CVE-2011-4109 CVE-2011-4354 CVE-2011-4576 CVE-2011-4619} [lenny] - openssl 0.9.8g-15+lenny15 [squeeze] - openssl 0.9.8o-4squeeze5 [15 Jan 2012] DSA-2389-1 linux-2.6 - several {CVE-2011-2183 CVE-2011-2213 CVE-2011-2898 CVE-2011-3353 CVE-2011-4077 CVE-2011-4110 CVE-2011-4127 CVE-2011-4611 CVE-2011-4622 CVE-2011-4914} [squeeze] - linux-2.6 2.6.32-39squeeze1 [14 Jan 2012] DSA-2388-1 t1lib - several {CVE-2010-2642 CVE-2011-0433 CVE-2011-0764 CVE-2011-1552 CVE-2011-1553 CVE-2011-1554} [squeeze] - t1lib 5.1.2-3+squeeze1 [lenny] - t1lib 5.1.2-3+lenny1 [11 Jan 2012] DSA-2387-1 simplesamlphp - cross site scripting {CVE-2012-0040 CVE-2012-0908} [squeeze] - simplesamlphp 1.6.3-3 [10 Jan 2012] DSA-2386-1 openttd - several {CVE-2011-3341 CVE-2011-3342 CVE-2011-3343 } [lenny] - openttd 0.6.2-1+lenny4 [squeeze] - openttd 1.0.4-4 [10 Jan 2012] DSA-2385-1 pdns - packet loop {CVE-2012-0206} [lenny] - pdns 2.9.21.2-1+lenny1 [squeeze] - pdns 2.9.22-8+squeeze1 [09 Jan 2012] DSA-2384-1 cacti - several {CVE-2010-1644 CVE-2010-1645 CVE-2010-2543 CVE-2010-2545 CVE-2011-4824} [lenny] - cacti 0.8.7b-2.1+lenny4 [squeeze] - cacti 0.8.7g-1+squeeze1 [08 Jan 2012] DSA-2383-1 super - buffer overflow {CVE-2011-2776} [lenny] - super 3.30.0-2+lenny1 [squeeze] - super 3.30.0-3+squeeze1 [07 Jan 2012] DSA-2382-1 ecryptfs-utils - multiple {CVE-2011-1831 CVE-2011-1832 CVE-2011-1834 CVE-2011-1835 CVE-2011-1837 CVE-2011-3145} [lenny] - ecryptfs-utils 68-1+lenny1 [squeeze] - ecryptfs-utils 83-4+squeeze1 [06 Jan 2012] DSA-2381-1 squid3 - invalid memory deallocation {CVE-2011-4096} [squeeze] - squid3 3.1.6-1.2+squeeze2 [04 Jan 2012] DSA-2380-1 foomatic-filters - shell command injection {CVE-2011-2697 CVE-2011-2964} [squeeze] - foomatic-filters 4.0.5-6+squeeze1 [lenny] - foomatic-filters 3.0.2-20080211-3.2+lenny1 [04 Jan 2012] DSA-2379-1 krb5 - several {CVE-2011-1528 CVE-2011-1529} [squeeze] - krb5 1.8.3+dfsg-4squeeze5 [03 Jan 2012] DSA-2378-1 ffmpeg - several {CVE-2011-4351 CVE-2011-4353 CVE-2011-4364 CVE-2011-4579 } [squeeze] - ffmpeg 4:0.5.6-3 [01 Jan 2012] DSA-2377-1 cyrus-imapd-2.2 - denial of service {CVE-2011-3481} [lenny] - cyrus-imapd-2.2 2.2.13-14+lenny6 [squeeze] - cyrus-imapd-2.2 2.2.13-19+squeeze3 [31 Dec 2011] DSA-2376-2 ipmitool - insecure pid file {CVE-2011-4339} [lenny] - ipmitool 1.8.9-2+squeeze1 [30 Dec 2011] DSA-2263-2 movabletype-opensource - several [lenny] - movabletype-opensource 4.2.3-1+lenny3 [30 Dec 2011] DSA-2376-1 ipmitool - insecure pid file {CVE-2011-4339} [squeeze] - ipmitool 1.8.11-2+squeeze2 [26 Dec 2011] DSA-2375-1 krb5 - buffer overflow {CVE-2011-4862} [lenny] - krb5 1.6.dfsg.4~beta1-5lenny7 [squeeze] - krb5-appl 1:1.0.1-1.2 [26 Dec 2011] DSA-2374-1 openswan - implementation error {CVE-2011-4073} [squeeze] - openswan 1:2.6.28+dfsg-5+squeeze1 [lenny] - openswan 1:2.4.12+dfsg-1.3+lenny4 [25 Dec 2011] DSA-2373-1 inetutils - buffer overflow {CVE-2011-4862} [squeeze] - inetutils 2:1.6-3.1+squeeze1 [lenny] - inetutils 2:1.5.dfsg.1-9+lenny1 [25 Dec 2011] DSA-2372-1 heimdal - buffer overflow {CVE-2011-4862} [squeeze] - heimdal 1.4.0~git20100726.dfsg.1-2+squeeze1 [lenny] - heimdal 1.2.dfsg.1-2.1+lenny1 [24 Dec 2011] DSA-2371-1 jasper - buffer overflows {CVE-2011-4516 CVE-2011-4517 } [squeeze] - jasper 1.900.1-7+squeeze1 [lenny] - jasper 1.900.1-5.1+lenny2 [22 Dec 2011] DSA-2370-1 unbound - several {CVE-2011-4528 CVE-2011-4869} [lenny] - unbound 1.4.6-1~lenny2 [squeeze] - unbound 1.4.6-1+squeeze2 [21 Dec 2011] DSA-2369-1 libsoup2.4 - directory traversal {CVE-2011-2524} [squeeze] - libsoup2.4 2.30.2-1+squeeze1 [lenny] - libsoup2.4 2.4.1-2+lenny1 [20 Dec 2011] DSA-2368-1 lighttpd - several {CVE-2011-4362 CVE-2011-3389} [squeeze] - lighttpd 1.4.28-2+squeeze1 [lenny] - lighttpd 1.4.19-5+lenny3 [19 Dec 2011] DSA-2367-1 asterisk - several {CVE-2011-4597 CVE-2011-4598} [squeeze] - asterisk 1:1.6.2.9-2+squeeze4 [lenny] - asterisk 1:1.4.21.2~dfsg-3+lenny6 [18 Dec 2011] DSA-2366-1 mediawiki - multiple {CVE-2011-1578 CVE-2011-1579 CVE-2011-1580 CVE-2011-1587 CVE-2011-4360 CVE-2011-4361} [squeeze] - mediawiki 1:1.15.5-2squeeze2 [lenny] - mediawiki 1:1.12.0-2lenny9 [18 Dec 2011] DSA-2365-1 dtc - several {CVE-2011-3195 CVE-2011-3196 CVE-2011-3197 CVE-2011-3198 CVE-2011-3199} [lenny] - dtc 0.29.18-1+lenny2 [18 Dec 2011] DSA-2364-1 xorg - incorrect permission check {CVE-2011-4613} [squeeze] - xorg 1:7.5+8+squeeze1 [16 Dec 2011] DSA-2363-1 tor - buffer overflow {CVE-2011-2778} [squeeze] - tor 0.2.2.35-1~squeeze+1 [lenny] - tor 0.2.1.32-1 [10 Dec 2011] DSA-2362-1 acpid - several {CVE-2011-1159 CVE-2011-4578} [lenny] - acpid 1.0.8-1lenny4 [squeeze] - acpid 1:2.0.7-1squeeze3 [07 Dec 2011] DSA-2361-1 chasen - buffer overflow {CVE-2011-4000} [squeeze] - chasen 2.4.4-11+squeeze2 [lenny] - chasen 2.4.4-2+lenny2 [06 Dec 2011] DSA-2360-1 lenny end-of-life NOTE: end of security support for lenny ended on 6 February 2011 [06 Dec 2011] DSA-2359-1 mojarra - EL injection {CVE-2011-4358 } [squeeze] - mojarra 2.0.3-1+squeeze1 [05 Dec 2011] DSA-2358-1 openjdk-6 - several {CVE-2011-0862 CVE-2011-0864 CVE-2011-0865 CVE-2011-0867 CVE-2011-0868 CVE-2011-0869 CVE-2011-0871 CVE-2011-3389 CVE-2011-3521 CVE-2011-3544 CVE-2011-3547 CVE-2011-3548 CVE-2011-3551 CVE-2011-3552 CVE-2011-3553 CVE-2011-3554 CVE-2011-3556 CVE-2011-3557 CVE-2011-3560} [lenny] - openjdk-6 6b18-1.8.10-0~lenny2 [03 Dec 2011] DSA-2357-1 evince - several {CVE-2010-2640 CVE-2010-2641 CVE-2010-2642 CVE-2010-2643 CVE-2011-5244} [lenny] - evince 2.22.2-4~lenny2 [01 Dec 2011] DSA-2356-1 openjdk-6 - several {CVE-2011-3389 CVE-2011-3521 CVE-2011-3544 CVE-2011-3547 CVE-2011-3548 CVE-2011-3551 CVE-2011-3552 CVE-2011-3553 CVE-2011-3554 CVE-2011-3556 CVE-2011-3557 CVE-2011-3560} [squeeze] - openjdk-6 6b18-1.8.10-0+squeeze2 [30 Nov 2011] DSA-2355-1 clearsilver - format string vulnerability {CVE-2011-4357} [squeeze] - clearsilver 0.10.5-1+squeeze1 [lenny] - clearsilver 0.10.4-1.3+lenny1 [28 Nov 2011] DSA-2354-1 cups - several {CVE-2011-2896 CVE-2011-3170 } [squeeze] - cups 1.4.4-7+squeeze1 [lenny] - cups 1.3.8-1+lenny10 [24 Nov 2011] DSA-2353-1 ldns - buffer overflow {CVE-2011-3581} [squeeze] - ldns 1.6.6-2+squeeze1 [lenny] - ldns 1.4.0-1+lenny2 [22 Nov 2011] DSA-2352-1 puppet - programming error {CVE-2011-3872} [lenny] - puppet 0.24.5-3+lenny2 [squeeze] - puppet 2.6.2-5+squeeze3 [21 Nov 2011] DSA-2351-1 wireshark - buffer overflow {CVE-2011-4102} [squeeze] - wireshark 1.2.11-6+squeeze5 [lenny] - wireshark 1.0.2-3+lenny16 [20 Nov 2011] DSA-2350-1 freetype - missing input sanitising {CVE-2011-3439} [lenny] - freetype 2.3.7-2+lenny8 [squeeze] - freetype 2.4.2-2.1+squeeze3 [19 Nov 2011] DSA-2349-1 spip - several [squeeze] - spip 2.1.1-3squeeze2 [17 Nov 2011] DSA-2348-1 systemtap - several {CVE-2010-4170 CVE-2010-4171 CVE-2011-2503 } [squeeze] - systemtap 1.2-5+squeeze1 [16 Nov 2011] DSA-2347-1 bind9 - improper assert {CVE-2011-4313} [lenny] - bind9 1:9.6.ESV.R4+dfsg-0+lenny4 [squeeze] - bind9 1:9.7.3.dfsg-1~squeeze4 [16 Nov 2011] DSA-2346-2 proftpd-dfsg - several {CVE-2011-4130} [lenny] - proftpd-dfsg 1.3.1-17lenny9 [15 Nov 2011] DSA-2346-1 proftpd-dfsg - several {CVE-2011-4130} [lenny] - proftpd-dfsg 1.3.1-17lenny8 [squeeze] - proftpd-dfsg 1.3.3a-6squeeze4 [11 Nov 2011] DSA-2345-1 icedove - several {CVE-2011-3647 CVE-2011-3648 CVE-2011-3650} [squeeze] - icedove 3.0.11-1+squeeze6 [11 Nov 2011] DSA-2344-1 python-django-piston - deserialization vulnerability {CVE-2011-4103} [squeeze] - python-django-piston 0.2.2-1+squeeze1 [09 Nov 2011] DSA-2343-1 openssl - CA trust revocation [lenny] - openssl 0.9.8g-15+lenny14 [squeeze] - openssl 0.9.8o-4squeeze4 [09 Nov 2011] DSA-2342-1 iceape - several {CVE-2011-3647 CVE-2011-3648 CVE-2011-3650} [squeeze] - iceape 2.0.11-9 [09 Nov 2011] DSA-2341-1 iceweasel - several {CVE-2011-3647 CVE-2011-3648 CVE-2011-3650} [squeeze] - iceweasel 3.5.16-11 [lenny] - xulrunner 1.9.0.19-15 [07 Nov 2011] DSA-2340-1 postgresql - weak password hashing {CVE-2011-2483} [squeeze] - postgresql-8.4 8.4.9-0squeeze1 [lenny] - postgresql-8.3 8.3.16-0lenny1 [07 Nov 2011] DSA-2339-1 nss - several {CVE-2011-3640} [squeeze] - nss 3.12.8-1+squeeze4 [lenny] - nss 3.12.3.1-0lenny7 [07 Nov 2011] DSA-2338-1 moodle - several {CVE-2011-4294 CVE-2011-4301 CVE-2011-4302 CVE-2011-4305 CVE-2011-4306} [squeeze] - moodle 1.9.9.dfsg2-2.1+squeeze2 [06 Nov 2011] DSA-2337-1 xen - several vulnerabilities {CVE-2011-1166 CVE-2011-1583 CVE-2011-1898 CVE-2011-3262} [squeeze] - xen 4.0.1-4 [05 Nov 2011] DSA-2336-1 ffmpeg - several {CVE-2011-3504 CVE-2011-3973 CVE-2011-3974 CVE-2011-3362 } [squeeze] - ffmpeg 4:0.5.5-1 [05 Nov 2011] DSA-2335-1 man2html - missing input sanitization {CVE-2011-2770} [lenny] - man2html 1.6f-3+lenny1 [squeeze] - man2html 1.6f+repack-1+squeeze1 [04 Nov 2011] DSA-2334-1 mahara - several {CVE-2011-2771 CVE-2011-2772 CVE-2011-2773 CVE-2011-4118} [lenny] - mahara 1.0.4-4+lenny11 [squeeze] - mahara 1.2.6-2+squeeze3 [31 Oct 2011] DSA-2333-1 phpldapadmin - several issues {CVE-2011-4075 CVE-2011-4074} [squeeze] - phpldapadmin 1.2.0.5-2+squeeze1 [lenny] - phpldapadmin 1.1.0.5-6+lenny2 [29 Oct 2011] DSA-2332-1 python-django - several issues {CVE-2011-4136 CVE-2011-4137 CVE-2011-4138 CVE-2011-4139 CVE-2011-4140} [squeeze] - python-django 1.2.3-3+squeeze2 [lenny] - python-django 1.0.2-1+lenny3 [28 Oct 2011] DSA-2331-1 tor - several {CVE-2011-2768 CVE-2011-2769} [squeeze] - tor 0.2.1.31-1 [lenny] - tor 0.2.1.31-1~lenny+1 [27 Oct 2011] DSA-2330-1 simplesamlphp - several {CVE-2011-4625} [squeeze] - simplesamlphp 1.6.3-2 [27 Oct 2011] DSA-2329-1 torque - buffer overflow {CVE-2011-2193} [squeeze] - torque 2.4.8+dfsg-9squeeze1 [24 Oct 2011] DSA-2328-1 freetype - missing input sanitising {CVE-2011-3256 } [lenny] - freetype 2.3.7-2+lenny7 [squeeze] - freetype 2.4.2-2.1+squeeze2 [24 Oct 2011] DSA-2327-1 libfcgi-perl - authentication bypass {CVE-2011-2766} [squeeze] - libfcgi-perl 0.71-1+squeeze1 [24 Oct 2011] DSA-2326-1 pam - several {CVE-2011-3148 CVE-2011-3149} [squeeze] - pam 1.1.1-6.1+squeeze1 [23 Oct 2011] DSA-2325-1 kfreebsd-8 - privilege escalation/denial of service {CVE-2011-4062} [squeeze] - kfreebsd-8 8.1+dfsg-8+squeeze2 [20 Oct 2011] DSA-2324-1 wireshark - programming error {CVE-2011-3360} [squeeze] - wireshark 1.2.11-6+squeeze4 [lenny] - wireshark 1.0.2-3+lenny15 [26 Oct 2011] DSA-2323-1 radvd - several {CVE-2011-3601 CVE-2011-3602 CVE-2011-3604 CVE-2011-3605 } [squeeze] - radvd 1:1.6-1.1 [lenny] - radvd 1:1.1-3.1 [10 Oct 2011] DSA-2322-1 bugzilla - several {CVE-2011-2979 CVE-2010-4567 CVE-2010-4568 CVE-2010-4572 CVE-2011-0046 CVE-2011-0048 CVE-2011-2379 CVE-2011-2380 CVE-2011-2381 CVE-2011-2978} [squeeze] - bugzilla 3.6.2.0-4.4 [10 Oct 2011] DSA-2321-1 moin - cross-site scripting {CVE-2011-1058} [squeeze] - moin 1.9.3-1+squeeze1 [lenny] - moin 1.7.1-3+lenny6 [08 Oct 2011] DSA-2319-1 policykit-1 - race condition {CVE-2011-1485} [squeeze] - policykit-1 0.96-4+squeeze1 [06 Oct 2011] DSA-2318-1 cyrus-imapd-2.2 - several {CVE-2011-3372 CVE-2011-3208} [squeeze] - cyrus-imapd-2.2 2.2.13-19+squeeze2 [lenny] - cyrus-imapd-2.2 2.2.13-14+lenny5 [05 Oct 2011] DSA-2317-1 icedove - several {CVE-2011-2372 CVE-2011-2995 CVE-2011-2998 CVE-2011-2999 CVE-2011-3000 } [squeeze] - icedove 3.0.11-1+squeeze5 [05 Oct 2011] DSA-2316-1 quagga - several {CVE-2011-3323 CVE-2011-3324 CVE-2011-3325 CVE-2011-3326 CVE-2011-3327} [lenny] - quagga 0.99.10-1lenny6 [squeeze] - quagga 0.99.17-2+squeeze3 [05 Oct 2011] DSA-2315-1 openoffice.org - multiple vulnerabilities {CVE-2011-2713 } [lenny] - openoffice.org 1:2.4.1+dfsg-1+lenny12 [squeeze] - openoffice.org 1:3.2.1-11+squeeze4 [29 Sep 2011] DSA-2314-1 puppet - several {CVE-2011-3848 CVE-2011-3870 CVE-2011-3869 CVE-2011-3871} [squeeze] - puppet 2.6.2-5+squeeze1 [29 Sep 2011] DSA-2313-1 iceweasel - several {CVE-2011-2372 CVE-2011-2995 CVE-2011-2998 CVE-2011-2999 CVE-2011-3000} [squeeze] - iceweasel 3.5.16-10 [lenny] - xulrunner 1.9.0.19-14 [29 Sep 2011] DSA-2312-1 iceape - several {CVE-2011-2372 CVE-2011-2995 CVE-2011-2998 CVE-2011-2999 CVE-2011-3000 } [squeeze] - iceape 2.0.11-8 [27 Sep 2011] DSA-2311-1 openjdk-6 - several {CVE-2011-0862 CVE-2011-0864 CVE-2011-0865 CVE-2011-0867 CVE-2011-0868 CVE-2011-0869 CVE-2011-0871} [squeeze] - openjdk-6 6b18-1.8.9-0.1~squeeze1 [22 Sep 2011] DSA-2310-1 linux-2.6 - several issues {CVE-2009-4067 CVE-2011-0712 CVE-2011-1020 CVE-2011-2208 CVE-2011-2209 CVE-2011-2211 CVE-2011-2213 CVE-2011-2484 CVE-2011-2491 CVE-2011-2492 CVE-2011-2495 CVE-2011-2496 CVE-2011-2497 CVE-2011-2525 CVE-2011-2928 CVE-2011-3188 CVE-2011-3191} [lenny] - linux-2.6 2.6.26-26lenny4 [13 Sep 2011] DSA-2309-1 openssl - compromised certificate authority {CVE-2011-1945} [lenny] - openssl 0.9.8g-15+lenny12 [squeeze] - openssl 0.9.8o-4squeeze2 [12 Sep 2011] DSA-2308-1 mantis - several {CVE-2011-3357 CVE-2011-3358 } [squeeze] - mantis 1.1.8+dfsg-10squeeze1 [lenny] - mantis 1.1.6+dfsg-2lenny6 [11 Sep 2011] DSA-2307-1 chromium-browser - several {CVE-2011-2359 CVE-2011-2800 CVE-2011-2818 } [squeeze] - chromium-browser 6.0.472.63~r59945-5+squeeze6 [11 Sep 2011] DSA-2306-1 ffmpeg - several {CVE-2010-3908 CVE-2010-4704 CVE-2011-0480 CVE-2011-0722 CVE-2011-0723 CVE-2011-2161 CVE-2011-2160 CVE-2011-2162} [squeeze] - ffmpeg 4:0.5.4-1 [11 Sep 2011] DSA-2304-1 squid3 - buffer overflow {CVE-2011-3205} [squeeze] - squid3 3.1.6-1.2+squeeze1 [lenny] - squid3 3.0.STABLE8-3+lenny5 [08 Sep 2011] DSA-2305-1 vsftpd - denial of service {CVE-2011-0762} [squeeze] - vsftpd 2.3.2-3+squeeze2 [lenny] - vsftpd 2.0.7-1+lenny1 NOTE: additionally CVE-2011-2189 has been fixed for vsftpd by adding a kernel check [08 Sep 2011] DSA-2303-1 linux-2.6 - several issues {CVE-2011-1020 CVE-2011-1576 CVE-2011-2484 CVE-2011-2491 CVE-2011-2492 CVE-2011-2495 CVE-2011-2496 CVE-2011-2497 CVE-2011-2517 CVE-2011-2525 CVE-2011-2700 CVE-2011-2723 CVE-2011-2905 CVE-2011-2909 CVE-2011-2918 CVE-2011-2928 CVE-2011-3188 CVE-2011-3191} [squeeze] - linux-2.6 2.6.32-35squeeze1 [07 Sep 2011] DSA-2302-1 bcfg2 - arbitrary code execution {CVE-2011-3211} [squeeze] - bcfg2 1.0.1-3+squeeze1 [lenny] - bcfg2 0.9.5.7-1.1+lenny1 [05 Sep 2011] DSA-2301-1 rails - several {CVE-2011-2930 CVE-2011-2931 CVE-2011-3186 CVE-2009-4214} [squeeze] - rails 2.3.5-1.2+squeeze1 [lenny] - rails 2.1.0-7+lenny1 [05 Sep 2011] DSA-2300-2 nss - compromised certificate authority [squeeze] - nss 3.12.8-1+squeeze3 [lenny] - nss 3.12.3.1-0lenny6 [31 Aug 2011] DSA-2300-1 nss - compromised certificate authority [squeeze] - nss 3.12.8-1+squeeze2 [lenny] - nss 3.12.3.1-0lenny5 [31 Aug 2011] DSA-2299-1 ca-certificates - untrusted root CA [squeeze] - ca-certificates 20090814+nmu3 [29 Aug 2011] DSA-2298-1 apache2 - denial of service {CVE-2011-3192} [lenny] - apache2 2.2.9-10+lenny10 [squeeze] - apache2 2.2.16-6+squeeze2 [21 Aug 2011] DSA-2297-1 icedove - several {CVE-2011-0084 CVE-2011-2378 CVE-2011-2981 CVE-2011-2982 CVE-2011-2983 CVE-2011-2984 } [squeeze] - icedove 3.0.11-1+squeeze4 [17 Aug 2011] DSA-2296-1 iceweasel - several {CVE-2011-0084 CVE-2011-2378 CVE-2011-2981 CVE-2011-2982 CVE-2011-2983 CVE-2011-2984 } [squeeze] - iceweasel 3.5.16-9 [lenny] - xulrunner 1.9.0.19-13 [17 Aug 2011] DSA-2295-1 iceape - several {CVE-2011-0084 CVE-2011-2378 CVE-2011-2981 CVE-2011-2982 CVE-2011-2983 CVE-2011-2984 } [squeeze] - iceape 2.0.11-7 [14 Aug 2011] DSA-2294-1 freetype - missing input sanitization {CVE-2011-0226} [lenny] - freetype 2.3.7-2+lenny6 [squeeze] - freetype 2.4.2-2.1+squeeze1 [12 Aug 2011] DSA-2293-1 libxfont - buffer overflow {CVE-2011-2895} [lenny] - libxfont 1:1.3.3-2 [squeeze] - libxfont 1:1.4.1-3 [11 Aug 2011] DSA-2292-1 isc-dhcp - denial of service {CVE-2011-2748 CVE-2011-2749} [lenny] - dhcp3 3.1.1-6+lenny6 [squeeze] - isc-dhcp 4.1.1-P1-15+squeeze3 [08 Aug 2011] DSA-2291-1 squirrelmail - various issues {CVE-2010-4554 CVE-2010-4555 CVE-2011-2023 CVE-2011-2752 CVE-2011-2753} [lenny] - squirrelmail 2:1.4.15-4+lenny5 [squeeze] - squirrelmail 2:1.4.21-2 [07 Aug 2011] DSA-2290-1 samba - cross-side scripting {CVE-2011-2522 CVE-2011-2694} [lenny] - samba 2:3.2.5-4lenny15 [squeeze] - samba 2:3.5.6~dfsg-3squeeze5 [07 Aug 2011] DSA-2289-1 typo3-src - several {CVE-2011-4626 CVE-2011-4627 CVE-2011-4628 CVE-2011-4629 CVE-2011-4630 CVE-2011-4631 CVE-2011-4632 CVE-2011-4900 CVE-2011-4901 CVE-2011-4902 CVE-2011-4903 CVE-2011-4904} [lenny] - typo3-src 4.2.5-1+lenny8 [squeeze] - typo3-src 4.3.9+dfsg1-1+squeeze1 [28 Jul 2011] DSA-2288-1 libsndfile - integer overflow {CVE-2011-2696} [squeeze] - libsndfile 1.0.21-3+squeeze1 [lenny] - libsndfile 1.0.17-4+lenny3 [28 Jul 2011] DSA-2287-1 libpng - several vulnerabilities {CVE-2011-2501 CVE-2011-2690 CVE-2011-2691 CVE-2011-2692} [squeeze] - libpng 1.2.44-1+squeeze1 [lenny] - libpng 1.2.27-2+lenny5 [26 Jul 2011] DSA-2286-1 phpymadmin - several {CVE-2011-2505 CVE-2011-2506 CVE-2011-2507 CVE-2011-2508 CVE-2011-2642 CVE-2011-2719} [squeeze] - phpmyadmin 4:3.3.7-6 [lenny] - phpmyadmin 4:2.11.8.1-5+lenny9 [26 Jul 2011] DSA-2285-1 mapserver - several {CVE-2011-2703 CVE-2011-2704} [squeeze] - mapserver 5.6.5-2+squeeze2 [lenny] - mapserver 5.0.3-3+lenny7 [25 Jul 2011] DSA-2284-1 opensaml2 - implementation error {CVE-2011-1411} [squeeze] - opensaml2 2.3-2+squeeze1 [lenny] - opensaml2 2.0-2+lenny3 [25 Jul 2011] DSA-2283-1 krb5-appl - programming error {CVE-2011-1526} [squeeze] - krb5-appl 1:1.0.1-1.1 [25 Jul 2011] DSA-2282-1 qemu-kvm - several {CVE-2011-2212 CVE-2011-2527} [squeeze] - qemu-kvm 0.12.5+dfsg-5+squeeze6 [21 Jul 2011] DSA-2281-1 opie - several {CVE-2011-2489 CVE-2011-2490} [squeeze] - opie 2.32.dfsg.1-0.2+squeeze1 [lenny] - opie 2.32-10.2+lenny2 [19 Jul 2011] DSA-2280-1 libvirt - several {CVE-2011-2511 CVE-2011-1486} [squeeze] - libvirt 0.8.3-5+squeeze2 [lenny] - libvirt 0.4.6-10+lenny2 [19 Jul 2011] DSA-2279-1 libapache2-mod-authnz-external - SQL injection {CVE-2011-2688} [squeeze] - libapache2-mod-authnz-external 3.2.4-2+squeeze1 [16 Jul 2011] DSA-2278-1 horde3 - several {CVE-2010-3077 CVE-2010-3694} [lenny] - horde3 3.2.2+debian0-2+lenny3 [16 Jul 2011] DSA-2254-2 oprofile - command injection {CVE-2011-1760} [squeeze] - oprofile 0.9.6-1.1+squeeze2 [lenny] - oprofile 0.9.3-2+lenny2 [11 Jul 2011] DSA-2276-2 asterisk - multiple issues {CVE-2011-2529 CVE-2011-2535 CVE-2011-2536} [squeeze] - asterisk 1:1.6.2.9-2+squeeze3 [lenny] - asterisk 1:1.4.21.2~dfsg-3+lenny3 [10 Jul 2011] DSA-2277-1 xml-security-c - buffer overflow {CVE-2011-2516} [lenny] - xml-security-c 1.4.0-3+lenny3 [squeeze] - xml-security-c 1.5.1-3+squeeze1 [10 Jul 2011] DSA-2276-1 asterisk - multiple issues {CVE-2011-2529 CVE-2011-2535 CVE-2011-2536} [squeeze] - asterisk 1:1.6.2.9-2+squeeze3 [lenny] - asterisk 1:1.4.21.2~dfsg-3+lenny3 [07 Jul 2011] DSA-2275-1 openoffice.org - buffer overflow {CVE-2011-2685} [squeeze] - openoffice.org 1:3.2.1-11+squeeze3 [lenny] - openoffice.org (Vulnerable code not present) [07 Jul 2011] DSA-2274-1 wireshark - multiple {CVE-2011-1590 CVE-2011-1957 CVE-2011-1958 CVE-2011-1959 CVE-2011-2174 CVE-2011-2175} [squeeze] - wireshark 1.2.11-6+squeeze2 [lenny] - wireshark 1.0.2-3+lenny14 [06 Jul 2011] DSA-2273-3 icedove - multiple issues {CVE-2011-0083 CVE-2011-0085 CVE-2011-2362 CVE-2011-2363 CVE-2011-2365 CVE-2011-2371 CVE-2011-2373 CVE-2011-2374 CVE-2011-2376 CVE-2011-2605} [squeeze] - icedove 3.0.11-1+squeeze3 [05 Jul 2011] DSA-2272-1 bind9 - denial of service {CVE-2011-2464} [lenny] - bind9 1:9.6.ESV.R4+dfsg-0+lenny3 [squeeze] - bind9 1:9.7.3.dfsg-1~squeeze3 [02 Jul 2011] DSA-2271-1 curl - improper delegation of client credentials {CVE-2011-2192 } [lenny] - curl 7.18.2-8lenny5 [squeeze] - curl 7.21.0-2 [01 Jul 2011] DSA-2270-1 qemu-kvm - programming error {CVE-2011-2512} [squeeze] - qemu-kvm 0.12.5+dfsg-5+squeeze4 [01 Jul 2011] DSA-2269-1 iceape - several {CVE-2011-0083 CVE-2011-0085 CVE-2011-2362 CVE-2011-2363 CVE-2011-2365 CVE-2011-2371 CVE-2011-2373 CVE-2011-2374 CVE-2011-2376 CVE-2011-2605} [squeeze] - iceape 2.0.11-6 [01 Jul 2011] DSA-2268-1 iceweasel - several {CVE-2011-0083 CVE-2011-0085 CVE-2011-2362 CVE-2011-2363 CVE-2011-2365 CVE-2011-2371 CVE-2011-2373 CVE-2011-2374 CVE-2011-2376 CVE-2011-2605 } [squeeze] - iceweasel 3.5.16-8 [lenny] - xulrunner 1.9.0.19-12 [01 Jul 2011] DSA-2267-1 perl - restriction bypass {CVE-2010-1447 } [lenny] - perl 5.10.0-19lenny5 [squeeze] - perl 5.10.1-17squeeze2 [29 Jun 2011] DSA-2266-1 php5 - several {CVE-2010-2531 CVE-2011-0420 CVE-2011-0421 CVE-2011-0708 CVE-2011-1153 CVE-2011-1466 CVE-2011-1471 CVE-2011-2202 } [lenny] - php5 5.2.6.dfsg.1-1+lenny12 [squeeze] - php5 5.3.3-7+squeeze3 [20 Jun 2011] DSA-2265-1 perl - missing taint check {CVE-2011-1487} [lenny] - perl 5.10.0-19lenny4 [squeeze] - perl 5.10.1-17squeeze1 [18 Jun 2011] DSA-2264-1 linux-2.6 - several issues {CVE-2010-2524 CVE-2010-4075 CVE-2010-4655 CVE-2011-0710 CVE-2011-1010 CVE-2011-1012 CVE-2011-1017 CVE-2011-1078 CVE-2011-1093 CVE-2011-1577 CVE-2011-1768 CVE-2011-2182 CVE-2010-3875 CVE-2011-0695 CVE-2011-0711 CVE-2011-0726 CVE-2011-1079 CVE-2011-1080 CVE-2011-1090 CVE-2011-1160 CVE-2011-1163 CVE-2011-1170 CVE-2011-1171 CVE-2011-1172 CVE-2011-1173 CVE-2011-1180 CVE-2011-1182 CVE-2011-1477 CVE-2011-1493 CVE-2011-1593 CVE-2011-1598 CVE-2011-1745 CVE-2011-1746 CVE-2011-1748 CVE-2011-1759 CVE-2011-1767 CVE-2011-1776 CVE-2011-2022 CVE-2011-4913} [lenny] - linux-2.6 2.6.26-26lenny3 [16 Jun 2011] DSA-2263-1 movabletype-opensource - several [squeeze] - movabletype-opensource 4.3.5+dfsg-2+squeeze2 [16 Jun 2011] DSA-2262-1 moodle - several {CVE-2011-4133 CVE-2011-4278 CVE-2011-4283 CVE-2011-4286 CVE-2011-4288 CVE-2011-4290} [squeeze] - moodle 1.9.9.dfsg2-2.1+squeeze1 [15 Jun 2011] DSA-2261-1 redmine - several {CVE-2011-4927 CVE-2011-4928 CVE-2011-4929} [squeeze] - redmine 1.0.1-2 [14 Jun 2011] DSA-2260-1 rails - several {CVE-2009-3086 CVE-2009-4214} [lenny] - rails 2.1.0-7+lenny0.2 [12 Jun 2011] DSA-2259-1 fex - authentication bypass {CVE-2011-1409} [squeeze] - fex 20100208+debian1-1+squeeze1 [11 Jun 2011] DSA-2258-1 kolab-cyrus-imapd - implementation error {CVE-2011-1926} [squeeze] - kolab-cyrus-imapd 2.2.13-9.1 [lenny] - kolab-cyrus-imapd 2.2.13-5+lenny3 [10 Jun 2011] DSA-2257-1 vlc - buffer overflow {CVE-2011-2194} [squeeze] - vlc 1.1.3-1squeeze6 [09 Jun 2011] DSA-2256-1 tiff - buffer overflow {CVE-2009-5022} [squeeze] - tiff 3.9.4-5+squeeze2 [06 Jun 2011] DSA-2255-1 libxml2 - buffer overflow {CVE-2011-1944} [lenny] - libxml2 2.6.32.dfsg-5+lenny4 [squeeze] - libxml2 2.7.8.dfsg-2+squeeze1 [04 Jun 2011] DSA-2254-1 oprofile - command injection {CVE-2011-1760} [lenny] - oprofile 0.9.3-2+lenny1 [squeeze] - oprofile 0.9.6-1.1+squeeze1 [03 Jun 2011] DSA-2253-1 fontforge - buffer overflow {CVE-2010-4259} [lenny] - fontforge 0.0.20080429-1+lenny2 [02 Jun 2011] DSA-2252-1 dovecot - programming error {CVE-2011-1929} [squeeze] - dovecot 1:1.2.15-7 [02 Jun 2011] DSA-2251-1 subversion - several {CVE-2011-1752 CVE-2011-1783 CVE-2011-1921} [squeeze] - subversion 1.6.12dfsg-6 [lenny] - subversion 1.5.1dfsg1-7 [31 May 2011] DSA-2250-1 citadel - denial of service {CVE-2011-1756} [squeeze] - citadel 7.83-2squeeze2 [lenny] - citadel 7.37-8+lenny1 [31 May 2011] DSA-2249-1 jabberd14 - denial of service {CVE-2011-1754} [squeeze] - jabberd14 1.6.1.1-5+squeeze1 [31 May 2011] DSA-2248-1 ejabberd - denial of service {CVE-2011-1753} [squeeze] - ejabberd 2.1.5-3+squeeze1 [lenny] - ejabberd 2.0.1-6+lenny3 [31 May 2011] DSA-2247-1 rails - several vulnerabilities {CVE-2011-0446 CVE-2011-0447} [squeeze] - rails 2.3.5-1.2+squeeze0.1 [lenny] - rails 2.1.0-7+lenny0.1 [29 May 2011] DSA-2246-1 mahara - several vulnerabilities {CVE-2011-1402 CVE-2011-1403 CVE-2011-1404 CVE-2011-1405 CVE-2011-1406 } [lenny] - mahara 1.0.4-4+lenny10 [squeeze] - mahara 1.2.6-2+squeeze2 [29 May 2011] DSA-2245-1 chromium-browser - several vulnerabilities {CVE-2011-1292 CVE-2011-1293 CVE-2011-1440 CVE-2011-1444 CVE-2011-1797 CVE-2011-1799 } [squeeze] - chromium-browser 6.0.472.63~r59945-5+squeeze5 [27 May 2011] DSA-2244-1 bind9 - wrong boundary condition {CVE-2011-1910} [lenny] - bind9 1:9.6.ESV.R4+dfsg-0+lenny2 [squeeze] - bind9 1:9.7.3.dfsg-1~squeeze2 [27 May 2011] DSA-2243-1 unbound - design flaw {CVE-2009-4008} [lenny] - unbound 1.4.6-1~lenny1 [25 May 2011] DSA-2242-1 cyrus-imapd-2.2 - implementation error {CVE-2011-1926 } [lenny] - cyrus-imapd-2.2 2.2.13-14+lenny4 [squeeze] - cyrus-imapd-2.2 2.2.13-19+squeeze1 [24 May 2011] DSA-2241-1 qemu-kvm - implementation error {CVE-2011-1751 } [squeeze] - qemu-kvm 0.12.5+dfsg-5+squeeze2 [23 May 2011] DSA-2240-1 linux-2.6 - several issues {CVE-2010-3875 CVE-2011-0695 CVE-2011-0711 CVE-2011-0726 CVE-2011-1016 CVE-2011-1017 CVE-2011-1078 CVE-2011-1079 CVE-2011-1080 CVE-2011-1090 CVE-2011-1160 CVE-2011-1163 CVE-2011-1170 CVE-2011-1171 CVE-2011-1172 CVE-2011-1173 CVE-2011-1180 CVE-2011-1182 CVE-2011-1476 CVE-2011-1477 CVE-2011-1478 CVE-2011-1493 CVE-2011-1494 CVE-2011-1495 CVE-2011-1585 CVE-2011-1593 CVE-2011-1598 CVE-2011-1745 CVE-2011-1746 CVE-2011-1748 CVE-2011-1759 CVE-2011-1767 CVE-2011-1770 CVE-2011-1776 CVE-2011-2022 CVE-2011-4913} [squeeze] - linux-2.6 2.6.32-34squeeze1 [24 May 2011] DSA-2239-1 libmojolicious-perl - several {CVE-2010-4802 CVE-2010-4803 CVE-2011-1841 } [squeeze] - libmojolicious-perl 0.999926-1+squeeze2 [19 May 2011] DSA-2238-1 vino - several {CVE-2011-0904 CVE-2011-0905 } [squeeze] - vino 2.28.2-2+squeeze1 [15 May 2011] DSA-2237-2 apr - denial of service {CVE-2011-0419 CVE-2011-1928} [lenny] - apr 1.2.12-5+lenny4 [squeeze] - apr 1.4.2-6+squeeze2 [12 May 2011] DSA-2236-1 exim4 - command injection {CVE-2011-1407} [squeeze] - exim4 4.72-6+squeeze2 [10 May 2011] DSA-2235-1 icedove - several {CVE-2011-0065 CVE-2011-0066 CVE-2011-0067 CVE-2011-0069 CVE-2011-0070 CVE-2011-0071 CVE-2011-0072 CVE-2011-0073 CVE-2011-0074 CVE-2011-0075 CVE-2011-0077 CVE-2011-0078 CVE-2011-0080 CVE-2011-0081 } [squeeze] - icedove 3.0.11-1+squeeze2 [10 May 2011] DSA-2234-1 zodb - several {CVE-2009-0668 CVE-2009-0669} [lenny] - zodb 1:3.6.0-2+lenny3 [10 May 2011] DSA-2233-1 postfix - several {CVE-2011-0411 CVE-2011-1720} [lenny] - postfix 2.5.5-1.1+lenny1 [squeeze] - postfix 2.7.1-1+squeeze1 [06 May 2011] DSA-2232-1 exim4 - format string vulnerability {CVE-2011-1764} [squeeze] - exim4 4.72-6+squeeze1 [06 May 2011] DSA-2231-1 otrs2 - cross-site scripting {CVE-2011-1518} [squeeze] - otrs2 2.4.9+dfsg1-3+squeeze1 [01 May 2011] DSA-2230-1 qemu-kvm - several {CVE-2011-0011 CVE-2011-1750 } [squeeze] - qemu-kvm 0.12.5+dfsg-5+squeeze1 [01 May 2011] DSA-2229-1 spip - programming error [squeeze] - spip 2.1.1-3squeeze1 [01 May 2011] DSA-2228-1 iceweasel - several {CVE-2011-0065 CVE-2011-0066 CVE-2011-0067 CVE-2011-0069 CVE-2011-0070 CVE-2011-0071 CVE-2011-0072 CVE-2011-0073 CVE-2011-0074 CVE-2011-0075 CVE-2011-0077 CVE-2011-0078 CVE-2011-0080 CVE-2011-0081 } [squeeze] - iceweasel 3.5.16-7 [30 Apr 2011] DSA-2227-1 iceape - several {CVE-2011-0065 CVE-2011-0066 CVE-2011-0067 CVE-2011-0069 CVE-2011-0070 CVE-2011-0071 CVE-2011-0072 CVE-2011-0073 CVE-2011-0074 CVE-2011-0075 CVE-2011-0077 CVE-2011-0078 CVE-2011-0080 CVE-2011-0081 } [squeeze] - iceape 2.0.11-5 [26 Apr 2011] DSA-2226-1 libmodplug - buffer overflow {CVE-2011-1574 } [lenny] - libmodplug 1:0.8.4-1+lenny2 [squeeze] - libmodplug 1:0.8.8.1-1+squeeze1 [24 Apr 2011] DSA-2225-1 asterisk - several {CVE-2011-1147 CVE-2011-1174 CVE-2011-1175 CVE-2011-1507 CVE-2011-1599 } [lenny] - asterisk 1:1.4.21.2~dfsg-3+lenny2.1 [squeeze] - asterisk 1:1.6.2.9-2+squeeze2 [20 Apr 2011] DSA-2224-1 openjdk-6 - several {CVE-2010-4351 CVE-2010-4448 CVE-2010-4450 CVE-2010-4465 CVE-2010-4469 CVE-2010-4470 CVE-2010-4471 CVE-2010-4472 CVE-2011-0025 CVE-2011-0706} [lenny] - openjdk-6 6b18-1.8.7-2~lenny1 [squeeze] - openjdk-6 6b18-1.8.7-2~squeeze1 [20 Apr 2011] DSA-2223-1 doctrine - SQL injection {CVE-2011-1522} [squeeze] - doctrine 1.2.2-2+squeeze1 [20 Apr 2011] DSA-2222-1 tinyproxy - incorrect ACL processing {CVE-2011-1499} [squeeze] - tinyproxy 1.8.2-1squeeze1 [19 Apr 2011] DSA-2221-1 libmojolicious-perl - directory traversal {CVE-2011-1589} [squeeze] - libmojolicious-perl 0.999926-1+squeeze1 [19 Apr 2011] DSA-2220-1 request-tracker3.8 - several {CVE-2011-1685 CVE-2011-1686 CVE-2011-1687 CVE-2011-1688 CVE-2011-1689 CVE-2011-1690 } [lenny] - request-tracker3.6 3.6.7-5+lenny6 [squeeze] - request-tracker3.8 3.8.8-7+squeeze1 [18 Apr 2011] DSA-2219-1 xmlsec1 - file overwrite {CVE-2011-1425} [lenny] - xmlsec1 1.2.9-5+lenny1 [squeeze] - xmlsec1 1.2.14-1+squeeze1 [12 Apr 2011] DSA-2218-1 vlc - heap-based buffer overflow {CVE-2011-1684} [lenny] - vlc (Vulnerable code not present) [squeeze] - vlc 1.1.3-1squeeze5 [10 Apr 2011] DSA-2217-1 dhcp3 - missing input sanitizing {CVE-2011-0997} [lenny] - dhcp3 3.1.1-6+lenny5 [10 Apr 2011] DSA-2216-1 isc-dhcp - missing input sanitizing {CVE-2011-0997} [squeeze] - isc-dhcp 4.1.1-P1-15+squeeze2 [09 Apr 2011] DSA-2215-1 gitolite - directory traversal {CVE-2011-1572} [squeeze] - gitolite 1.5.4-2+squeeze1 [08 Apr 2011] DSA-2214-1 ikiwiki - missing input validation {CVE-2011-1401} [lenny] - ikiwiki 2.53.6 [squeeze] - ikiwiki 3.20100815.7 [08 Apr 2011] DSA-2213-1 x11-xserver-utils - missing input sanitizing {CVE-2011-0465} [squeeze] - x11-xserver-utils 7.5+3 [lenny] - x11-xserver-utils 7.3+6 [07 Apr 2011] DSA-2212-1 tmux - privilege escalation {CVE-2011-1496} [squeeze] - tmux 1.3-2+squeeze1 [06 Apr 2011] DSA-2211-1 vlc - missing input sanitising {CVE-2010-3275 CVE-2010-3276} [squeeze] - vlc 1.1.3-1squeeze4 [lenny] - vlc 0.8.6.h-4+lenny3 [03 Apr 2011] DSA-2210-1 tiff - several {CVE-2011-0191 CVE-2011-0192 CVE-2011-1167} [squeeze] - tiff 3.9.4-5+squeeze1 [lenny] - tiff 3.8.2-11.4 [02 Apr 2011] DSA-2209-1 tgt - double free {CVE-2011-0001} [squeeze] - tgt 1:1.0.4-2squeeze1 [30 Mar 2011] DSA-2208-1 bind9 - denial of service {CVE-2011-0414} [squeeze] - bind9 1:9.7.3.dfsg-1~squeeze1 [30 Mar 2011] DSA-2207-1 tomcat5.5 - several {CVE-2008-5515 CVE-2009-0033 CVE-2009-0580 CVE-2009-0781 CVE-2009-0783 CVE-2009-2693 CVE-2009-2902 CVE-2010-1157 CVE-2010-2227} [lenny] - tomcat5.5 5.5.26-5lenny2 [29 Mar 2011] DSA-2206-1 mahara - several {CVE-2011-0439 CVE-2011-0440} [squeeze] - mahara 1.2.6-2+squeeze1 [lenny] - mahara 1.0.4-4+lenny8 [28 Mar 2011] DSA-2205-1 gdm3 - privilege escalation {CVE-2011-0727 } [squeeze] - gdm3 2.30.5-6squeeze2 [27 Mar 2011] DSA-2204-1 imp4 - Insufficient input sanitising {CVE-2010-3695} [lenny] - imp4 4.2-4lenny3 [23 Mar 2011] DSA-2202-1 apache2 - failure to drop root privileges {CVE-2011-1176} [squeeze] - apache2 2.2.16-6+squeeze1 [23 Mar 2011] DSA-2201-1 wireshark - several {CVE-2011-0538 CVE-2011-0713 CVE-2011-1139 CVE-2011-1140 CVE-2011-1141} [lenny] - wireshark 1.0.2-3+lenny13 [squeeze] - wireshark 1.2.11-6+squeeze1 [22 Mar 2011] DSA-2198-1 tex-common - insufficient input sanitizing {CVE-2011-1400} [lenny] - tex-common (shell_escape disabled) [squeeze] - tex-common 2.08.1 [21 Mar 2011] DSA-2197-1 quagga - denial of service {CVE-2010-1674 CVE-2010-1675} [lenny] - quagga 0.99.10-1lenny5 [squeeze] - quagga 0.99.17-2+squeeze2 [19 Mar 2011] DSA-2196-1 maradns - buffer overflow {CVE-2011-0520} [lenny] - maradns 1.3.07.09-2.1 [19 Mar 2011] DSA-2195-1 php5 - several {CVE-2011-0441 CVE-2010-3709 CVE-2010-3710 CVE-2010-3870 CVE-2010-4150 CVE-2010-1128} [lenny] - php5 5.2.6.dfsg.1-1+lenny10 [squeeze] - php5 5.3.3-7+squeeze1 [18 Mar 2011] DSA-2194-1 libvirt - privilege escalation {CVE-2011-1146} [squeeze] - libvirt 0.8.3-5+squeeze1 [16 Mar 2011] DSA-2193-1 libcgroup - several {CVE-2011-1006 CVE-2011-1022} [squeeze] - libcgroup 0.36.2-3+squeeze1 [15 Mar 2011] DSA-2192-1 chromium-browser - several {CVE-2011-0779 CVE-2011-1290} [squeeze] - chromium-browser 6.0.472.63~r59945-5+squeeze4 [14 Mar 2011] DSA-2191-1 proftpd-dfsg - several {CVE-2008-7265 CVE-2010-3867 CVE-2010-4652} [lenny] - proftpd-dfsg 1.3.1-17lenny6 [11 Mar 2011] DSA-2190-1 wordpress - several {CVE-2011-0700 CVE-2011-0701} [squeeze] - wordpress 3.0.5+dfsg-0+squeeze1 [10 Mar 2011] DSA-2189-1 chromium-browser - several {CVE-2011-1108 CVE-2011-1109 CVE-2011-1113 CVE-2011-1114 CVE-2011-1115 CVE-2011-1121 CVE-2011-1122 CVE-2011-1188 CVE-2011-1189 CVE-2011-1190 CVE-2011-1197 CVE-2011-1203} [squeeze] - chromium-browser 6.0.472.63~r59945-5+squeeze3 [10 Mar 2011] DSA-2188-1 webkit - several {CVE-2010-1783 CVE-2010-2901 CVE-2010-4199 CVE-2010-4040 CVE-2010-4492 CVE-2010-4493 CVE-2010-4577 CVE-2010-4578 CVE-2010-0474 CVE-2011-0482 CVE-2011-0778} [squeeze] - webkit 1.2.7-0+squeeze1 [09 Mar 2011] DSA-2187-1 icedove - several {CVE-2010-1585 CVE-2011-0051 CVE-2011-0053 CVE-2011-0054 CVE-2011-0055 CVE-2011-0056 CVE-2011-0057 CVE-2011-0059} [squeeze] - icedove 3.0.11-1+squeeze1 [09 Mar 2011] DSA-2186-1 iceweasel - several {CVE-2010-1585 CVE-2011-0051 CVE-2011-0053 CVE-2011-0054 CVE-2011-0055 CVE-2011-0056 CVE-2011-0057 CVE-2011-0059} [squeeze] - iceweasel 3.5.16-5 [07 Mar 2011] DSA-2185-1 proftpd-dfsg - integer overflow {CVE-2011-1137} [squeeze] - proftpd-dfsg 1.3.3a-6squeeze1 [05 Mar 2011] DSA-2184-1 isc-dhcp - denial of service {CVE-2011-0413} [squeeze] - isc-dhcp 4.1.1-P1-15+squeeze1 [04 Mar 2011] DSA-2183-1 nbd - arbitrary code execution {CVE-2011-0530} [lenny] - nbd 1:2.9.11-3lenny1 [04 Mar 2011] DSA-2182-1 logwatch - remote code execution {CVE-2011-1018} [lenny] - logwatch 7.3.6.cvs20080702-2lenny1 [squeeze] - logwatch 7.3.6.cvs20090906-1squeeze1 [04 Mar 2011] DSA-2181-1 subversion - denial of service {CVE-2011-0715} [lenny] - subversion 1.5.1dfsg1-6 [squeeze] - subversion 1.6.12dfsg-5 [03 Mar 2011] DSA-2180-1 iceape - several {CVE-2010-1585 CVE-2011-0051 CVE-2011-0053 CVE-2011-0054 CVE-2011-0055 CVE-2011-0056 CVE-2011-0057 CVE-2011-0059} [squeeze] - iceape 2.0.11-3 [02 Mar 2011] DSA-2179-1 dtc - SQL injection {CVE-2011-0434 CVE-2011-0435 CVE-2011-0436 CVE-2011-0437} [lenny] - dtc 0.29.17-1+lenny1 [02 Mar 2011] DSA-2178-1 pango1.0 - NULL pointer dereference {CVE-2011-0064} [squeeze] - pango1.0 1.28.3-1+squeeze2 [02 Mar 2011] DSA-2177-1 pywebdav - SQL injection {CVE-2011-0432} [squeeze] - pywebdav 0.9.4-1+squeeze1 [02 Mar 2011] DSA-2176-1 cups - several {CVE-2008-5183 CVE-2009-3553 CVE-2010-0540 CVE-2010-0542 CVE-2010-1748 CVE-2010-2431 CVE-2010-2432 CVE-2010-2941} [lenny] - cups 1.3.8-1+lenny9 [28 Feb 2011] DSA-2175-1 samba - missing input sanisiting {CVE-2011-0719} [lenny] - samba 2:3.2.5-4lenny14 [squeeze] - samba 2:3.5.6~dfsg-3squeeze2 [26 Feb 2011] DSA-2174-1 avahi - denial of service {CVE-2011-1002} [lenny] - avahi 0.6.23-3lenny3 [squeeze] - avahi 0.6.27-2+squeeze1 [26 Feb 2011] DSA-2173-1 pam-pgsql - buffer overflow [lenny] - pam-pgsql 0.6.3-2+lenny1 [squeeze] - pam-pgsql 0.7.1-4+squeeze1 [22 Feb 2011] DSA-2172-1 moodle - several {CVE-2010-2795 CVE-2010-2796 CVE-2010-3690 CVE-2010-3691 CVE-2010-3692} [lenny] - moodle 1.8.13-3 [21 Feb 2011] DSA-2171-1 asterisk - buffer overflow {CVE-2011-0495} [squeeze] - asterisk 1:1.6.2.9-2+squeeze1 [lenny] - asterisk 1:1.4.21.2~dfsg-3+lenny2 [18 Feb 2011] DSA-2170-1 mailman - several vulnerabilities {CVE-2010-3089 CVE-2011-0707} [lenny] - mailman 1:2.1.11-11+lenny2 [squeeze] - mailman 1:2.1.13-5 [16 Feb 2011] DSA-2169-1 telepathy-gabble - missing input validation {CVE-2011-1000} [squeeze] - telepathy-gabble 0.9.15-1+squeeze1 [lenny] - telepathy-gabble 0.7.6-1+lenny1 [16 Feb 2011] DSA-2168-1 openafs - several {CVE-2011-0430 CVE-2011-0431} [squeeze] - openafs 1.4.12.1+dfsg-4 [lenny] - openafs 1.4.7.dfsg1-6+lenny4 [16 Feb 2011] DSA-2167-1 phpmyadmin - sql injection {CVE-2011-0987} [squeeze] - phpmyadmin 4:3.3.7-5 [lenny] - phpmyadmin 4:2.11.8.1-5+lenny8 [16 Feb 2011] DSA-2166-1 chromium-browser - several {CVE-2011-0777 CVE-2011-0778 CVE-2011-0783 CVE-2011-0983 CVE-2011-0981 CVE-2011-0984 CVE-2011-0985} [squeeze] - chromium-browser 6.0.472.63~r59945-5+squeeze2 [16 Feb 2011] DSA-2165-1 ffmpeg-debian - buffer overflow {CVE-2010-3429 CVE-2010-4704 CVE-2010-4705} [lenny] - ffmpeg-debian 0.svn20080206-18+lenny3 [16 Feb 2011] DSA-2164-1 shadow - missing input sanitization {CVE-2011-0721} [squeeze] - shadow 1:4.1.4.2+svn3283-2+squeeze1 [14 Feb 2011] DSA-2161-2 openjdk-6 - several {CVE-2010-4476} [lenny] - openjdk-6 6b18-1.8.3-2~lenny1 [14 Feb 2011] DSA-2163-1 python-django - multiple {CVE-2011-0696 CVE-2011-0697} [squeeze] - python-django 1.2.3-3+squeeze1 [14 Feb 2011] DSA-2162-1 openssl - invalid memory access {CVE-2011-0014} [squeeze] - openssl 0.9.8o-4squeeze1 [13 Feb 2011] DSA-2161-1 openjdk-6 - denial of service {CVE-2010-4476} [squeeze] - openjdk-6 6b18-1.8.3-2+squeeze1 [13 Feb 2011] DSA-2160-1 tomcat6 - several {CVE-2010-3718 CVE-2011-0013 CVE-2011-0534} [squeeze] - tomcat6 6.0.28-9+squeeze1 [10 Feb 2011] DSA-2159-1 vlc - missing input sanitising {CVE-2011-0531} [squeeze] - vlc 1.1.3-1squeeze3 [09 Feb 2011] DSA-2158-1 cgiirc - cross-site-scripting {CVE-2011-0050} [lenny] - cgiirc 0.5.9-3lenny3 [squeeze] - cgiirc 0.5.9-3squeeze1 [03 Feb 2011] DSA-2157-1 postgresql-8.3 - buffer overflow {CVE-2010-4015} [lenny] - postgresql-8.3 8.3.14-0lenny1 [squeeze] - postgresql-8.4 8.4.7-0squeeze2 [31 Jan 2011] DSA-2156-1 pcsc-lite - buffer overflow {CVE-2010-4531} [lenny] - pcsc-lite 1.4.102-1+lenny4 [30 Jan 2011] DSA-2155-1 freetype - several {CVE-2010-3814 CVE-2010-3855} [lenny] - freetype 2.3.7-2+lenny5 [30 Jan 2011] DSA-2154-1 exim4 - privilege escalation {CVE-2010-4345 CVE-2011-0017} [lenny] - exim4 4.69-9+lenny3 [30 Jan 2011] DSA-2153-1 linux-2.6 - several issues {CVE-2010-0435 CVE-2010-3699 CVE-2010-4158 CVE-2010-4162 CVE-2010-4163 CVE-2010-4242 CVE-2010-4243 CVE-2010-4248 CVE-2010-4249 CVE-2010-4258 CVE-2010-4342 CVE-2010-4346 CVE-2010-4526 CVE-2010-4527 CVE-2010-4529 CVE-2010-4565 CVE-2010-4649 CVE-2010-4656 CVE-2010-4668 CVE-2011-0521} [lenny] - linux-2.6 2.6.26-26lenny2 [lenny] - user-mode-linux 2.6.26-1um-2+26lenny2 [27 Jan 2011] DSA-2152-1 hplip - buffer overflow {CVE-2010-4267} [lenny] - hplip 2.8.6.b-4+lenny1 [26 Jan 2011] DSA-2151-1 openoffice.org - several vulnerabilities {CVE-2010-3450 CVE-2010-3451 CVE-2010-3452 CVE-2010-3453 CVE-2010-3454 CVE-2010-3689 CVE-2010-4253 CVE-2010-4643} [lenny] - openoffice.org 1:2.4.1+dfsg-1+lenny11 [22 Jan 2011] DSA-2150-1 request-tracker3.6 - salt password hashing {CVE-2011-0009} [lenny] - request-tracker3.6 3.6.7-5+lenny5 [20 Jan 2011] DSA-2149-1 dbus - denial of service {CVE-2010-4352} [lenny] - dbus 1.2.1-5+lenny2 [17 Jan 2011] DSA-2148-1 tor - several {CVE-2011-0015 CVE-2011-0016 CVE-2011-0427 CVE-2011-0490 CVE-2011-0491 CVE-2011-0492 CVE-2011-0493} [lenny] - tor 0.2.1.29-1~lenny+1 [16 Jan 2011] DSA-2147-1 pimd - insecure temporary files {CVE-2011-0007} [lenny] - pimd 2.1.0-alpha29.17-8.1lenny1 [16 Jan 2011] DSA-2146-1 mydms - directory traversal {CVE-2010-2006} [lenny] - mydms 1.7.0-1+lenny1 [16 Jan 2011] DSA-2145-1 libsmi - buffer overflow {CVE-2010-2891} [lenny] - libsmi 0.4.7+dfsg-0.2 [15 Jan 2011] DSA-2144-1 wireshark - buffer overflow {CVE-2010-4538} [lenny] - wireshark 1.0.2-3+lenny12 [14 Jan 2011] DSA-2143-1 mysql-dfsg-5.0 - several vulnerabilities {CVE-2010-3677 CVE-2010-3680 CVE-2010-3681 CVE-2010-3682 CVE-2010-3833 CVE-2010-3834 CVE-2010-3835 CVE-2010-3836 CVE-2010-3837 CVE-2010-3838 CVE-2010-3840} [lenny] - mysql-dfsg-5.0 5.0.51a-24+lenny5 [11 Jan 2011] DSA-2122-2 glibc - privilege escalation {CVE-2010-3847 CVE-2010-3856} [lenny] - glibc 2.7-18lenny7 [06 Jan 2011] DSA-2142-1 dpkg - directory traversal {CVE-2010-1679 CVE-2011-0402} [lenny] - dpkg 1.14.31 [06 Jan 2011] DSA-2141-2 nss - protocol design flaw {CVE-2009-3555} [lenny] - nss 3.12.3.1-0lenny3 [06 Jan 2011] DSA-2141-1 openssl - protocol design flaw {CVE-2009-3555 CVE-2010-4180} [lenny] - openssl 0.9.8g-15+lenny11 [05 Jan 2011] DSA-2140-1 libapache2-mod-fcgid - stack overflow {CVE-2010-3872} [lenny] - libapache2-mod-fcgid 1:2.2-1+lenny1 [31 Dec 2010] DSA-2139-1 phpmyadmin - several {CVE-2010-4329 CVE-2010-4480 CVE-2010-4481} [lenny] - phpmyadmin 4:2.11.8.1-5+lenny7 [29 Dec 2010] DSA-2138-1 wordpress - SQL injection {CVE-2010-4257} [lenny] - wordpress 2.5.1-11+lenny4 [26 Dec 2010] DSA-2137-1 libxml2 - several vulnerabilities {CVE-2010-4494} [lenny] - libxml2 2.6.32.dfsg-5+lenny3 [21 Dec 2010] DSA-2136-1 tor - potential code execution {CVE-2010-1676} [lenny] - tor 0.2.1.26-1~lenny+4 [21 Dec 2010] DSA-2135-1 xpdf - several vulnerabilities {CVE-2010-3702 CVE-2010-3704} [lenny] - xpdf 3.02-1.4+lenny3 [18 Dec 2010] DSA-2134-1 upcoming changes in advisory format NOTE: Announcement that md5sums will be dropped from future Debian Security Advisories [13 Dec 2010] DSA-2133-1 collectd - denial of service {CVE-2010-4336} [lenny] - collectd 4.4.2-3+lenny1 [11 Dec 2010] DSA-2132-1 xulrunner - several vulnerabilities {CVE-2010-3767 CVE-2010-3769 CVE-2010-3770 CVE-2010-3771 CVE-2010-3772 CVE-2010-3773 CVE-2010-3775 CVE-2010-3776 CVE-2010-3778} [lenny] - xulrunner 1.9.0.19-7 [10 Dec 2010] DSA-2130-1 bind9 - denial of service {CVE-2010-3613 CVE-2010-3614 CVE-2010-3762} [lenny] - bind9 1:9.6.ESV.R3+dfsg-0+lenny1 [10 Dec 2010] DSA-2131-1 exim4 - remote code execution {CVE-2010-4344} [lenny] - exim4 4.69-9+lenny1 [01 Dec 2010] DSA-2129-1 krb5 - checksum verification weakness {CVE-2010-1323} [lenny] - krb5 1.6.dfsg.4~beta1-5lenny6 [01 Dec 2010] DSA-2128-1 libxml2 - potential code execution {CVE-2010-4008} [lenny] - libxml2 2.6.32.dfsg-5+lenny2 [28 Nov 2010] DSA-2127-1 wireshark - denial of service {CVE-2010-3445} [lenny] - wireshark 1.0.2-3+lenny11 [26 Nov 2010] DSA-2126-1 linux-2.6 - several issues {CVE-2010-2963 CVE-2010-3067 CVE-2010-3296 CVE-2010-3297 CVE-2010-3310 CVE-2010-3432 CVE-2010-3437 CVE-2010-3442 CVE-2010-3448 CVE-2010-3477 CVE-2010-3705 CVE-2010-3848 CVE-2010-3849 CVE-2010-3850 CVE-2010-3858 CVE-2010-3859 CVE-2010-3873 CVE-2010-3874 CVE-2010-3875 CVE-2010-3876 CVE-2010-3877 CVE-2010-3880 CVE-2010-4072 CVE-2010-4073 CVE-2010-4074 CVE-2010-4078 CVE-2010-4079 CVE-2010-4080 CVE-2010-4081 CVE-2010-4083 CVE-2010-4157 CVE-2010-4160 CVE-2010-4164} [lenny] - linux-2.6 2.6.26-26lenny1 [22 Nov 2010] DSA-2125-1 openssl - buffer overflow {CVE-2010-3864} [lenny] - openssl 0.9.8g-15+lenny9 [01 Nov 2010] DSA-2124-1 xulrunner - several vulnerabilities {CVE-2010-0654 CVE-2010-2769 CVE-2010-3174 CVE-2010-3176 CVE-2010-3177 CVE-2010-3178 CVE-2010-3179 CVE-2010-3180 CVE-2010-3183 CVE-2010-3765} [lenny] - xulrunner 1.9.0.19-6 [01 Nov 2010] DSA-2123-1 nss - cryptographic weaknesses {CVE-2010-3170 CVE-2010-3173} [lenny] - nss 3.12.3.1-0lenny2 [22 Oct 2010] DSA-2122-1 glibc - local privilege escalation {CVE-2010-3847 CVE-2010-3856} [lenny] - glibc 2.7-18lenny6 [19 Oct 2010] DSA-2121-1 typo3-src - several vulnerabilities {CVE-2010-3714 CVE-2010-3715 CVE-2010-3716 CVE-2010-3717 CVE-2010-4068} [lenny] - typo3-src 4.2.5-1+lenny6 [12 Oct 2010] DSA-2120-1 postgresql-8.3 - privilege escalation {CVE-2010-3433} [lenny] - postgresql-8.3 8.3.12-0lenny1 [12 Oct 2010] DSA-2119-1 poppler - several vulnerabilities {CVE-2010-3702 CVE-2010-3704} [lenny] - poppler 0.8.7-4 [08 Oct 2010] DSA-2118-1 subversion - authentication bypass {CVE-2010-3315} [lenny] - subversion 1.5.1dfsg1-5 [04 Oct 2010] DSA-2117-1 apr-util - denial of service {CVE-2010-1623} [lenny] - apr-util 1.2.12+dfsg-8+lenny5 [04 Oct 2010] DSA-2116-1 freetype - integer overflow {CVE-2010-3311} [lenny] - freetype 2.3.7-2+lenny4 [29 Sep 2010] DSA-2115-1 moodle - several vulnerabilities {CVE-2009-4300 CVE-2009-4304 CVE-2010-1613 CVE-2010-1614 CVE-2010-1615 CVE-2010-1616 CVE-2010-1617 CVE-2010-1618 CVE-2010-1619 CVE-2010-2228 CVE-2010-2229 CVE-2010-2230 CVE-2010-2231} [lenny] - moodle 1.8.13-1 [26 Sep 2010] DSA-2114-1 git-core {CVE-2010-2542} [lenny] - git-core 1:1.5.6.5-3+lenny3.1 [20 Sep 2010] DSA-2113-1 drupal6 - several vulnerabilities {CVE-2010-3091 CVE-2010-3092 CVE-2010-3093 CVE-2010-3094 CVE-2010-3685 CVE-2010-3686} [lenny] - drupal6 6.6-3lenny6 [20 Sep 2010] DSA-2112-1 bzip2 - integer overflow {CVE-2010-0405} [lenny] - bzip2 1.0.5-1+lenny1 [19 Sep 2010] DSA-2111-1 squid3 - denial of service {CVE-2010-3072} [lenny] - squid3 3.0.STABLE8-3+lenny4 [17 Sep 2010] DSA-2110-1 linux-2.6 - several issues {CVE-2010-2492 CVE-2010-2954 CVE-2010-3078 CVE-2010-3080 CVE-2010-3081} [lenny] - linux-2.6 2.6.26-25lenny1 [16 Sep 2010] DSA-2109-1 samba - buffer overflow {CVE-2010-3069} [lenny] - samba 2:3.2.5-4lenny13 [14 Sep 2010] DSA-2108-1 cvsnt - arbitrary code execution {CVE-2010-1326} [lenny] - cvsnt 2.5.03.2382-3.3+lenny1 [11 Sep 2010] DSA-2097-2 phpmyadmin - several vulnerabilities {CVE-2010-3055 CVE-2010-3056} [lenny] - phpmyadmin 4:2.11.8.1-5+lenny6 [09 Sep 2010] DSA-2107-1 couchdb - arbitrary code execution {CVE-2010-2953} [lenny] - couchdb 0.8.0-2+lenny1 [08 Sep 2010] DSA-2106-1 xulrunner - several vulnerabilities {CVE-2010-2760 CVE-2010-2763 CVE-2010-2765 CVE-2010-2766 CVE-2010-2767 CVE-2010-2768 CVE-2010-2769 CVE-2010-3167 CVE-2010-3168 CVE-2010-3169} [lenny] - xulrunner 1.9.0.19-4 [07 Sep 2010] DSA-2105-1 freetype - several vulnerabilities {CVE-2010-1797 CVE-2010-2541 CVE-2010-2805 CVE-2010-2806 CVE-2010-2807 CVE-2010-2808 CVE-2010-3053} [lenny] - freetype 2.3.7-2+lenny3 [06 Sep 2010] DSA-2104-1 quagga - denial of service {CVE-2010-2948 CVE-2010-2949} [lenny] - quagga 0.99.10-1lenny3 [05 Sep 2010] DSA-2103-1 smbind - sql injection {CVE-2010-3076} [lenny] - smbind 0.4.7-3+lenny1 [03 Sep 2010] DSA-2102-1 barnowl - arbitrary code execution {CVE-2010-2725} [lenny] - barnowl 1.0.1-4+lenny2 [31 Aug 2010] DSA-2101-1 wireshark - several vulnerabilities {CVE-2010-2994 CVE-2010-2995} [lenny] - wireshark 1.0.2-3+lenny10 [30 Aug 2010] DSA-2100-1 openssl - double free {CVE-2010-2939} [lenny] - openssl 0.9.8g-15+lenny8 [30 Aug 2010] DSA-2099-1 openoffice.org - several vulnerabilities {CVE-2010-2935 CVE-2010-2936} [lenny] - openoffice.org 1:2.4.1+dfsg-1+lenny8 [29 Aug 2010] DSA-2098-1 typo3-src - several vulnerabilities {CVE-2010-3659 CVE-2010-3660 CVE-2010-3661 CVE-2010-3662 CVE-2010-3663 CVE-2010-3664 CVE-2010-3665 CVE-2010-3666 CVE-2010-3667 CVE-2010-3668 CVE-2010-3669 CVE-2010-3670 CVE-2010-3671 CVE-2010-3672 CVE-2010-3673 CVE-2010-3674} [lenny] - typo3-src 4.2.5-1+lenny4 [29 Aug 2010] DSA-2097-1 phpmyadmin - several vulnerabilities {CVE-2010-3055 CVE-2010-3056} [lenny] - phpmyadmin 4:2.11.8.1-5+lenny5 [24 Aug 2010] DSA-2096-1 zope-ldapuserfolder - authentication {CVE-2010-2944} [lenny] - zope-ldapuserfolder 2.9-1+lenny1 [23 Aug 2010] DSA-2095-1 lvm2 - denial of service {CVE-2010-2526} [lenny] - lvm2 2.02.39-8 [19 Aug 2010] DSA-2094-1 linux-2.6 - several issues {CVE-2009-4895 CVE-2010-2226 CVE-2010-2240 CVE-2010-2248 CVE-2010-2521 CVE-2010-2798 CVE-2010-2803 CVE-2010-2959 CVE-2010-3015} [lenny] - linux-2.6 2.6.26-24lenny1 [19 Aug 2010] DSA-2093-1 ghostscript - several vulnerabilities {CVE-2009-4897 CVE-2010-1628} [lenny] - ghostscript 8.62.dfsg.1-3.2lenny5 [17 Aug 2010] DSA-2092-1 lxr-cvs - cross-site scripting {CVE-2009-4497 CVE-2010-1448 CVE-2010-1625} [lenny] - lxr-cvs 0.9.5+cvs20071020-1+lenny1 [12 Aug 2010] DSA-2091-1 squirrelmail - cross-site request forgery {CVE-2009-2964 CVE-2010-2813} [lenny] - squirrelmail 2:1.4.15-4+lenny3.1 [06 Aug 2010] DSA-2090-1 socat - arbitrary code execution {CVE-2010-2799} [lenny] - socat 1.6.0.1-1+lenny1 [06 Aug 2010] DSA-2089-1 php5 - several vulnerabilities {CVE-2010-1917 CVE-2010-2225 CVE-2010-3065} [lenny] - php5 5.2.6.dfsg.1-1+lenny9 [05 Aug 2010] DSA-2088-1 wget - potential code execution {CVE-2010-2252} [lenny] - wget 1.11.4-2+lenny2 [04 Aug 2010] DSA-2087-1 cabextract - arbitrary code execution {CVE-2010-2801} [lenny] - cabextract 1.2-3+lenny1 [04 Aug 2010] DSA-2086-1 avahi - denial of service {CVE-2009-0758 CVE-2010-2244} [lenny] - avahi 0.6.23-3lenny2 [03 Aug 2010] DSA-2085-1 lftp - file overwrite vulnerability {CVE-2010-2251} [lenny] - lftp 3.7.3-1+lenny1 [03 Aug 2010] DSA-2084-1 tiff - arbitrary code execution {CVE-2010-1411} [lenny] - tiff 3.8.2-11.3 [02 Aug 2010] DSA-2083-1 moin - cross-site scripting {CVE-2010-2487} [lenny] - moin 1.7.1-3+lenny5 [02 Aug 2010] DSA-2082-1 gmime2.2 - arbitrary code execution {CVE-2010-0409} [lenny] - gmime2.2 2.2.22-2+lenny2 [01 Aug 2010] DSA-2081-1 libmikmod - arbitrary code execution {CVE-2009-3995 CVE-2010-2546 CVE-2010-2971} [lenny] - libmikmod 3.1.11-6.0.1+lenny1 [01 Aug 2010] DSA-2080-1 ghostscript - several vulnerabilities {CVE-2007-6725 CVE-2008-3522 CVE-2008-6679 CVE-2009-0196 CVE-2009-0792 CVE-2009-4270 CVE-2010-1869} [lenny] - ghostscript 8.62.dfsg.1-3.2lenny4 [31 Jul 2010] DSA-2079-1 mapserver - arbitrary code execution {CVE-2010-2539 CVE-2010-2540} [lenny] - mapserver 5.0.3-3+lenny5 [31 Jul 2010] DSA-2078-1 kvirc - arbitrary IRC command execution {CVE-2010-2785} [lenny] - kvirc 2:3.4.0-6 [29 Jul 2010] DSA-2077-1 openldap - potential code execution {CVE-2010-0211 CVE-2010-0212} [lenny] - openldap 2.4.11-1+lenny2 [28 Jul 2010] DSA-2076-1 gnupg2 - execution of arbitrary code {CVE-2010-2547} [lenny] - gnupg2 2.0.9-3.1+lenny1 [27 Jul 2010] DSA-2075-1 xulrunner - several vulnerabilities {CVE-2010-0182 CVE-2010-0654 CVE-2010-1205 CVE-2010-1208 CVE-2010-1211 CVE-2010-1214 CVE-2010-2751 CVE-2010-2753 CVE-2010-2754} [lenny] - xulrunner 1.9.0.19-3 [21 Jul 2010] DSA-2074-1 ncompress - execution of arbitrary code {CVE-2010-0001} [lenny] - ncompress 4.2.4.2-1+lenny1 [20 Jul 2010] DSA-2073-1 mlmmj - directory traversal {CVE-2009-4896} [lenny] - mlmmj 1.2.15-1.1+lenny1 [19 Jul 2010] DSA-2072-1 libpng - several vulnerabilities {CVE-2010-1205 CVE-2010-2249} [lenny] - libpng 1.2.27-2+lenny4 [14 Jul 2010] DSA-2071-1 libmikmod - several vulnerabilities {CVE-2009-3995 CVE-2009-3996} [lenny] - libmikmod 3.1.11-6+lenny1 [14 Jul 2010] DSA-2070-1 freetype - several vulnerabilities {CVE-2010-2497 CVE-2010-2498 CVE-2010-2499 CVE-2010-2500 CVE-2010-2519 CVE-2010-2520 CVE-2010-2527} [lenny] - freetype 2.3.7-2+lenny2 [11 Jul 2010] DSA-2069-1 znc - denial of service {CVE-2010-2488} [lenny] - znc 0.058-2+lenny4 [11 Jul 2010] DSA-2068-1 python-cjson - denial of service {CVE-2010-1666} [lenny] - python-cjson 1.0.5-1+lenny1 [02 Jul 2010] DSA-2067-1 mahara - several vulnerabilities {CVE-2010-1667 CVE-2010-1668 CVE-2010-1670 CVE-2010-2479} [lenny] - mahara 1.0.4-4+lenny6 [01 Jul 2010] DSA-2066-1 wireshark - several vulnerabilities {CVE-2010-2283 CVE-2010-2284 CVE-2010-2285 CVE-2010-2286 CVE-2010-2287} [lenny] - wireshark 1.0.2-3+lenny9 [27 Jun 2010] DSA-2065-1 kvirc - several vulnerabilities {CVE-2010-2451 CVE-2010-2452} [lenny] - kvirc 2:3.4.0-5 [27 Jun 2010] DSA-2064-1 xulrunner - several vulnerabilities {CVE-2010-0183 CVE-2010-1196 CVE-2010-1197 CVE-2010-1198 CVE-2010-1199 CVE-2010-1200 CVE-2010-1201 CVE-2010-1202} [lenny] - xulrunner 1.9.0.19-2 [17 Jun 2010] DSA-2063-1 pmount - denial of service {CVE-2010-2192} [lenny] - pmount 0.9.18-2+lenny1 [17 Jun 2010] DSA-2062-1 sudo - environment sanitization bypass {CVE-2010-1646} [lenny] - sudo 1.6.9p17-3 [16 Jun 2010] DSA-2061-1 samba - arbitrary code execution {CVE-2010-2063} [lenny] - samba 2:3.2.5-4lenny12 [13 Jun 2010] DSA-2060-1 cacti - SQL injection {CVE-2010-2092} [lenny] - cacti 0.8.7b-2.1+lenny3 [10 Jun 2010] DSA-2059-1 pcsc-lite - privilege escalation {CVE-2010-0407} [lenny] - pcsc-lite 1.4.102-1+lenny1 [10 Jun 2010] DSA-2058-1 glibc - several vulnerabilities {CVE-2008-1391 CVE-2009-4880 CVE-2009-4881 CVE-2010-0296 CVE-2010-0830} [lenny] - glibc 2.7-18lenny4 [07 Jun 2010] DSA-2057-1 mysql-dfsg-5.0 - several {CVE-2010-1626 CVE-2010-1848 CVE-2010-1849 CVE-2010-1850} [lenny] - mysql-dfsg-5.0 5.0.51a-24+lenny4 [06 Jun 2010] DSA-2056-1 zonecheck - cross-site scripting {CVE-2009-4882 CVE-2010-2155} [lenny] - zonecheck 2.0.4-13lenny1 [05 Jun 2010] DSA-2055-1 openoffice.org - arbitrary code execution {CVE-2010-0395} [lenny] - openoffice.org 1:2.4.1+dfsg-1+lenny7 [04 Jun 2010] DSA-2054-1 bind9 - cache poisoning {CVE-2010-0097 CVE-2010-0290 CVE-2010-0382} [lenny] - bind9 1:9.6.ESV.R1+dfsg-0+lenny1 [25 May 2010] DSA-2053-1 linux-2.6 - several issues {CVE-2009-4537 CVE-2010-0727 CVE-2010-1083 CVE-2010-1084 CVE-2010-1086 CVE-2010-1087 CVE-2010-1088 CVE-2010-1162 CVE-2010-1173 CVE-2010-1187 CVE-2010-1437 CVE-2010-1446 CVE-2010-1451} [lenny] - linux-2.6 2.6.26-22lenny1 [24 May 2010] DSA-2052-1 krb5 - denial of service {CVE-2010-1321} [lenny] - krb5 1.6.dfsg.4~beta1-5lenny4 [24 May 2010] DSA-2051-1 postgresql-8.3 - several {CVE-2010-0442 CVE-2010-1169 CVE-2010-1170 CVE-2010-1975 CVE-2010-1447} [lenny] - postgresql-8.3 8.3.11-0lenny1 [24 May 2010] DSA-2050-1 kdegraphics - several vulnerabilities {CVE-2009-1188 CVE-2009-3603 CVE-2009-3604 CVE-2009-3606 CVE-2009-3608 CVE-2009-3609} [lenny] - kdegraphics 4:3.5.9-3+lenny3 [22 May 2010] DSA-2048-1 dvipng - arbitrary code execution {CVE-2010-0829} [lenny] - dvipng 1.11-1+lenny1 [23 May 2010] DSA-2049-1 barnowl - arbitrary code execution {CVE-2010-0793} [lenny] - barnowl 1.0.1-4+lenny1 [17 May 2010] DSA-2047-1 aria2 - directory traversal {CVE-2010-1512} [lenny] - aria2 0.14.0-1+lenny2 [13 May 2010] DSA-2046-1 phpgroupware - several vulnerabilities {CVE-2010-0403 CVE-2010-0404} [lenny] - phpgroupware 1:0.9.16.012+dfsg-8+lenny2 [11 May 2010] DSA-2045-1 libtheora - arbitrary code execution {CVE-2009-3389} [lenny] - libtheora 1.0~beta3-1+lenny1 [11 May 2010] DSA-2044-1 mplayer - arbitrary code execution {CVE-2010-2062} [lenny] - mplayer 1:1.0~rc2-17+lenny3.2 [11 May 2010] DSA-2043-1 vlc - arbitrary code execution {CVE-2010-2062} [lenny] - vlc 0.8.6.h-4+lenny2.3 [05 May 2010] DSA-2042-1 iscsitarget - arbitrary code execution {CVE-2010-0743} [lenny] - iscsitarget 0.4.16+svn162-3.1+lenny1 [03 May 2010] DSA-2041-1 mediawiki - cross-site request forgery {CVE-2010-1150} [lenny] - mediawiki 1:1.12.0-2lenny5 [02 May 2010] DSA-2040-1 squidguard - several vulnerabilities {CVE-2009-3700 CVE-2009-3826} [lenny] - squidguard 1.2.0-8.4+lenny1 [26 Apr 2010] DSA-2021-2 spamass-milter - regression fix {CVE-2010-1132} [lenny] - spamass-milter 0.3.1-8+lenny2 [23 Apr 2010] DSA-2039-1 cacti - missing input sanitising {CVE-2010-1431} [lenny] - cacti 0.8.7b-2.1+lenny2 [18 Apr 2010] DSA-2038-1 pidgin - denial of service {CVE-2010-0420 CVE-2010-0423 CVE-2010-0277 CVE-2009-3084 CVE-2009-3083} [lenny] - pidgin 2.4.3-4lenny6 [17 Apr 2010] DSA-2037-1 kdebase - privilege escalation {CVE-2010-0436} [lenny] - kdebase 4:3.5.9.dfsg.1-6+lenny1 [17 Apr 2010] DSA-2036-1 jasper - denial of service {CVE-2007-2721} [lenny] - jasper 1.900.1-5.1+lenny1 [17 Apr 2010] DSA-2035-1 apache2 - several issues {CVE-2010-0408 CVE-2010-0434} [lenny] - apache2 2.2.9-10+lenny7 [17 Apr 2010] DSA-2034-1 phpmyadmin - several vulnerabilities {CVE-2008-7251 CVE-2008-7252 CVE-2009-4605} [lenny] - phpmyadmin 4:2.11.8.1-5+lenny4 [15 Apr 2010] DSA-2033-1 ejabberd - denial of service {CVE-2010-0305} [lenny] - ejabberd 2.0.1-6+lenny2 [11 Apr 2010] DSA-2032-1 libpng - several vulnerabilities {CVE-2009-2042 CVE-2010-0205} [lenny] - libpng 1.2.27-2+lenny3 [11 Apr 2010] DSA-2031-1 krb5 - denial of service {CVE-2010-0629} [lenny] - krb5 1.6.dfsg.4~beta1-5lenny3 [06 Apr 2010] DSA-2030-1 mahara - sql injection {CVE-2010-0400} [lenny] - mahara 1.0.4-4+lenny5 [05 Apr 2010] DSA-2029-1 imlib2 - arbitrary code execution {CVE-2008-6079} [lenny] - imlib2 1.4.0-1.2+lenny1 [05 Apr 2010] DSA-2028-1 xpdf - several vulnerabilities {CVE-2009-1188 CVE-2009-3603 CVE-2009-3604 CVE-2009-3606 CVE-2009-3608 CVE-2009-3609} [lenny] - xpdf 3.02-1.4+lenny2 [03 Apr 2010] DSA-2027-1 xulrunner - several vulnerabilities {CVE-2010-0174 CVE-2010-0175 CVE-2010-0176 CVE-2010-0177 CVE-2010-0178 CVE-2010-0179} [lenny] - xulrunner 1.9.0.19-1 [02 Apr 2010] DSA-2026-1 netpbm-free - buffer overflow {CVE-2009-4274} [lenny] - netpbm-free 2:10.0-12+lenny1 [31 Mar 2010] DSA-2025-1 icedove - several vulnerabilities {CVE-2009-2404 CVE-2009-2408 CVE-2009-2463 CVE-2009-3072 CVE-2009-3075 CVE-2010-0163} [lenny] - icedove 2.0.0.24-0lenny1 [31 Mar 2010] DSA-2024-1 moin - cross-site scripting {CVE-2010-0828} [lenny] - moin 1.7.1-3+lenny4 [28 Mar 2010] DSA-2023-1 curl - arbitrary code execution {CVE-2010-0734} [lenny] - curl 7.18.2-8lenny4 [23 Mar 2010] DSA-2022-1 mediawiki - several vulnerabilities {CVE-2010-1189 CVE-2010-1190} [lenny] - mediawiki 1:1.12.0-2lenny4 [22 Mar 2010] DSA-2021-1 spamass-milter - remote command execution {CVE-2010-1132} [lenny] - spamass-milter 0.3.1-8+lenny1 [20 Mar 2010] DSA-2020-1 ikiwiki - cross-site scripting {CVE-2010-1195} [lenny] - ikiwiki 2.53.5 [20 Mar 2010] DSA-2019-1 pango1.0 - denial of service {CVE-2010-0421} [lenny] - pango1.0 1.20.5-5+lenny1 [18 Mar 2010] DSA-2018-1 php5 - null pointer dereference {CVE-2010-0397} [lenny] - php5 5.2.6.dfsg.1-1+lenny8 [15 Mar 2010] DSA-2017-1 pulseaudio - insecure temporary directory [lenny] - pulseaudio 0.9.10-3+lenny2 {CVE-2009-1299} [15 Mar 2010] DSA-2015-1 drbd8 linux-modules-extra-2.6 - privilege escalation {CVE-2010-0747} [lenny] - drbd8 2:8.0.14-2+lenny1 [lenny] - linux-modules-extra-2.6 2.6.26-6+lenny3 [13 Mar 2010] DSA-2016-1 drupal6 - several vulnerabilities {CVE-2010-2473 CVE-2010-2472 CVE-2010-2471 CVE-2010-2250} [lenny] - drupal6 6.6-3lenny5 [12 Mar 2010] DSA-2014-1 moin - several vulnerabilities {CVE-2010-0668 CVE-2010-0669 CVE-2010-0717} [lenny] - moin 1.7.1-3+lenny3 [11 Mar 2010] DSA-2013-1 egroupware - several vulnerabilities {CVE-2010-3313 CVE-2010-3314} [lenny] - egroupware 1.4.004-2.dfsg-4.2 [11 Mar 2010] DSA-2012-1 linux-2.6 - several issues {CVE-2009-3725 CVE-2010-0622} [lenny] - linux-2.6 2.6.26-21lenny4 [10 Mar 2010] DSA-2011-1 dpkg - path traversal {CVE-2010-0396} [lenny] - dpkg 1.14.29 [10 Mar 2010] DSA-2010-1 kvm - several vulnerabilities {CVE-2010-0298 CVE-2010-0306 CVE-2010-0309 CVE-2010-0419} [lenny] - kvm 72+dfsg-5~lenny5 [09 Mar 2010] DSA-2009-1 tdiary - cross-site scripting {CVE-2010-0726} [lenny] - tdiary 2.2.1-1+lenny1 [08 Mar 2010] DSA-2008-1 typo3-src - several vulnerabilities [lenny] - typo3-src 4.2.5-1+lenny3 [03 Mar 2010] DSA-2007-1 cups - arbitrary code execution {CVE-2010-0393} [lenny] - cups 1.3.8-1+lenny8 [02 Mar 2010] DSA-2006-1 sudo - several vulnerabilities {CVE-2010-0426 CVE-2010-0427} [lenny] - sudo 1.6.9p17-2+lenny1 [27 Feb 2010] DSA-2005-1 linux-2.6.24 - several vulnerabilities {CVE-2009-2691 CVE-2009-2695 CVE-2009-3080 CVE-2009-3726 CVE-2009-3889 CVE-2009-4005 CVE-2009-4020 CVE-2009-4021 CVE-2009-4138 CVE-2009-4308 CVE-2009-4536 CVE-2009-4538 CVE-2010-0003 CVE-2010-0007 CVE-2010-0291 CVE-2010-0410 CVE-2010-0415 CVE-2010-0622} [etch] - linux-2.6.24 2.6.24-6~etchnhalf.9etch3 [28 Feb 2010] DSA-2004-1 samba - several vulnerabilities {CVE-2010-0787 CVE-2010-0547} [lenny] - samba 2:3.2.5-4lenny9 NOTE: Initial DSA released as CVE-2009-3297 [22 Feb 2010] DSA-2003-1 linux-2.6 - several vulnerabilities {CVE-2009-3080 CVE-2009-3726 CVE-2009-4005 CVE-2009-4020 CVE-2009-4021 CVE-2009-4536 CVE-2010-0007 CVE-2010-0410 CVE-2010-0415 CVE-2010-0622} [etch] - linux-2.6 2.6.18.dfsg.1-26etch2 [19 Feb 2010] DSA-2002-1 polipo - denial of service {CVE-2009-3305 CVE-2009-4413} [lenny] - polipo 1.0.4-1+lenny1 [19 Feb 2010] DSA-2001-1 php5 - multiple vulnerabilities {CVE-2009-4142 CVE-2009-4143} [lenny] - php5 5.2.6.dfsg.1-1+lenny6 [18 Feb 2010] DSA-2000-1 ffmpeg-debian - several vulnerabilities {CVE-2009-4631 CVE-2009-4632 CVE-2009-4633 CVE-2009-4634 CVE-2009-4635 CVE-2009-4636 CVE-2009-4637 CVE-2009-4638 CVE-2009-4640} [lenny] - ffmpeg-debian 0.svn20080206-18+lenny1 [18 Feb 2010] DSA-1999-1 xulrunner - several vulnerabilities {CVE-2009-1571 CVE-2009-3988 CVE-2010-0159 CVE-2010-0162 CVE-2010-0167 CVE-2010-0169 CVE-2010-0171} [lenny] - xulrunner 1.9.0.18-1 [17 Feb 2010] DSA-1998-1 kdelibs - arbitrary code execution {CVE-2009-0689} [lenny] - kdelibs 4:3.5.10.dfsg.1-0lenny4 [14 Feb 2010] DSA-1997-1 mysql-dfsg-5.0 - several vulnerabilities {CVE-2009-4019 CVE-2009-4030 CVE-2009-4484} [etch] - mysql-dfsg-5.0 5.0.32-7etch12 [lenny] - mysql-dfsg-5.0 5.0.51a-24+lenny3 [12 Feb 2010] DSA-1996-1 linux-2.6 - several vulnerabilities {CVE-2009-3939 CVE-2009-4027 CVE-2009-4536 CVE-2009-4538 CVE-2010-0003 CVE-2010-0007 CVE-2010-0291 CVE-2010-0298 CVE-2010-0306 CVE-2010-0307 CVE-2010-0309 CVE-2010-0410 CVE-2010-0415} [lenny] - linux-2.6 2.6.26-21lenny3 [12 Feb 2010] DSA-1995-1 openoffice.org - several {CVE-2009-0217 CVE-2009-2949 CVE-2009-2950 CVE-2009-3301 CVE-2009-3302 CVE-2010-0136} [etch] - openoffice.org 2.0.4.dfsg.2-7etch9 [lenny] - openoffice.org 1:2.4.1+dfsg-1+lenny6 [11 Feb 2010] DSA-1994-1 ajaxterm - session hijacking {CVE-2009-1629} [etch] - ajaxterm 0.9-2+etch1 [lenny] - ajaxterm 0.10-2+lenny1 [10 Feb 2010] DSA-1993-1 otrs2 - SQL injection {CVE-2010-0438} [lenny] - otrs2 2.2.7-2lenny3 [04 Feb 2010] DSA-1992-1 chrony - denial of service {CVE-2010-0292 CVE-2010-0293 CVE-2010-0294} [etch] - chrony 1.21z-5+etch1 [lenny] - chrony 1.23-6+lenny1 [04 Feb 2010] DSA-1991-1 squid squid3 - denial of service {CVE-2009-2855 CVE-2010-0308} [etch] - squid3 3.0.PRE5-5+etch2 [etch] - squid 2.6.5-6etch5 [lenny] - squid 2.7.STABLE3-4.1lenny1 [lenny] - squid3 3.0.STABLE8-3+lenny3 [03 Feb 2010] DSA-1990-2 trac-git - regression fix {CVE-2010-0394} [lenny] - trac-git 0.0.20080710-3+lenny2 [03 Feb 2010] DSA-1990-1 trac-git - code execution {CVE-2010-0394} [lenny] - trac-git 0.0.20080710-3+lenny1 [02 Feb 2010] DSA-1989-1 fuse - denial of service {CVE-2010-0789} [etch] - fuse 2.5.3-4.4+etch1 [lenny] - fuse 2.7.4-1.1+lenny1 NOTE: Used to be CVE-2009-3297 [02 Feb 2010] DSA-1988-1 qt4-x11 - several vulnerabilities {CVE-2009-0945 CVE-2009-1687 CVE-2009-1690 CVE-2009-1698 CVE-2009-1699 CVE-2009-1711 CVE-2009-1712 CVE-2009-1713 CVE-2009-1725 CVE-2009-2700} [lenny] - qt4-x11 4.4.3-1+lenny1 [02 Feb 2010] DSA-1986-1 moodle - several vulnerabilities {CVE-2009-4297 CVE-2009-4298 CVE-2009-4299 CVE-2009-4301 CVE-2009-4302 CVE-2009-4303 CVE-2009-4305} [lenny] - moodle 1.8.2.dfsg-3+lenny3 [02 Feb 2010] DSA-1987-1 lighttpd - denial of service {CVE-2010-0295} [etch] - lighttpd 1.4.13-4etch12 [lenny] - lighttpd 1.4.19-5+lenny1 [31 Jan 2010] DSA-1841-2 git-core - correct build failure introduced in DSA-1841-1 {CVE-2009-2108} [etch] - git-core 1:1.4.4.4-4+etch4 [lenny] - git-core 1:1.5.6.5-3+lenny3 [31 Jan 2010] DSA-1985-1 sendmail - insufficient input validation {CVE-2009-4565} [etch] - sendmail 8.13.8-3+etch1 [lenny] - sendmail 8.14.3-5+lenny1 [30 Jan 2010] DSA-1983-1 wireshark - several vulnerabilities {CVE-2009-4377 CVE-2010-0304} [lenny] - wireshark 1.0.2-3+lenny8 [30 Jan 2010] DSA-1984-1 libxerces2-java - denial of service {CVE-2009-2625} [etch] - libxerces2-java 2.8.1-1+etch1 [lenny] - libxerces2-java 2.9.1-2+lenny1 [29 Jan 2010] DSA-1982-1 hybserv - denial of service {CVE-2010-0303} [etch] - hybserv 1.9.2-4+etch1 [lenny] - hybserv 1.9.2-4+lenny2 [28 Jan 2010] DSA-1968-2 pdns-recursor - cache poisoning {CVE-2009-4010} [etch] - pdns-recursor 3.1.4+v3.1.7-0+etch1 [28 Jan 2010] DSA-1981-1 maildrop - privilege escalation {CVE-2010-0301} [etch] - maildrop 2.0.2-11+etch1 [lenny] - maildrop 2.0.4-3+lenny1 [27 Jan 2010] DSA-1980-1 ircd-hybrid ircd-ratbox - arbitrary code execution {CVE-2009-4016 CVE-2010-0300} [lenny] - ircd-ratbox 2.2.8.dfsg-2+lenny1 [etch] - ircd-hybrid 1:7.2.2.dfsg.2-3+etch1 [lenny] - ircd-hybrid 1:7.2.2.dfsg.2-4+lenny1 [27 Jan 2010] DSA-1979-1 lintian - multiple vulnerabilities {CVE-2009-4013 CVE-2009-4014 CVE-2009-4015} [etch] - lintian 1.23.28+etch1 [lenny] - lintian 1.24.2.1+lenny1 [26 Jan 2010] DSA-1978-1 phpgroupware - several vulnerabilities {CVE-2009-4414 CVE-2009-4415 CVE-2009-4416} [lenny] - phpgroupware 1:0.9.16.012+dfsg-8+lenny1 [25 Jan 2010] DSA-1977-1 python - several vulnerabilities {CVE-2008-2316 CVE-2009-3560 CVE-2009-3720} [etch] - python2.4 2.4.4-3+etch3 [etch] - python2.5 2.5-5+etch2 [lenny] - python2.4 2.4.6-1+lenny1 [lenny] - python2.5 2.5.2-15+lenny1 [22 Jan 2010] DSA-1976-1 dokuwiki - several vulnerabilities {CVE-2010-0287 CVE-2010-0288 CVE-2010-0289} [lenny] - dokuwiki 0.0.20080505-4+lenny1 [20 Jan 2010] DSA-1975-1 etch - end of life NOTE: End of life of etch is on Feb 15th [20 Jan 2010] DSA-1974-1 gzip - arbitrary code execution {CVE-2006-4334 CVE-2009-2624 CVE-2010-0001} [etch] - gzip 1.3.5-15+etch1 [lenny] - gzip 1.3.12-6+lenny1 [19 Jan 2010] DSA-1973-1 glibc - information disclosure {CVE-2010-0015} [etch] - glibc 2.3.6.ds1-13etch10 [lenny] - glibc 2.7-18lenny2 [17 Jan 2010] DSA-1972-1 audiofile - buffer overflow {CVE-2008-5824} [lenny] - audiofile 0.2.6-7+lenny1 [etch] - audiofile 0.2.6-6+etch1 [15 Jan 2010] DSA-1971-1 libthai - arbitrary code execution {CVE-2009-4012} [etch] - libthai 0.1.6-1+etch1 [lenny] - libthai 0.1.9-4+lenny1 [13 Jan 2010] DSA-1970-1 openssl - denial of service {CVE-2009-4355} [lenny] - openssl 0.9.8g-15+lenny6 [12 Jan 2010] DSA-1969-1 krb5 - denial of service {CVE-2009-4212} [etch] - krb5 1.4.4-7etch8 [lenny] - krb5 1.6.dfsg.4~beta1-5lenny2 [08 Jan 2010] DSA-1968-1 pdns-recursor - potential code execution {CVE-2009-4009 CVE-2009-4010} [lenny] - pdns-recursor 3.1.7-1+lenny1 [07 Jan 2010] DSA-1967-1 transmission - directory traversal {CVE-2010-0012} [lenny] - transmission 1.22-1+lenny2 [07 Jan 2010] DSA-1966-1 horde3 - cross-site scripting {CVE-2009-3237 CVE-2009-3701 CVE-2009-4363} [etch] - horde3 3.1.3-4etch7 [lenny] - horde3 3.2.2+debian0-2+lenny2 [06 Jan 2010] DSA-1965-1 phpldapadmin - remote file inclusion {CVE-2009-4427} [lenny] - phpldapadmin 1.1.0.5-6+lenny1 [31 Dec 2009] DSA-1964-1 postgresql-7.4 postgresql-8.1 postgresql-8.3 - several vulnerabilities {CVE-2009-4034 CVE-2009-4136} [etch] - postgresql-8.1 8.1.19-0etch1 [etch] - postgresql-7.4 1:7.4.27-0etch1 [lenny] - postgresql-8.3 8.3.9-0lenny1 [31 Dec 2009] DSA-1953-2 expat - regression fix {CVE-2009-3560} [etch] - expat 1.95.8-3.4+etch3 [lenny] - expat 2.0.1-4+lenny3 [29 Dec 2009] DSA-1958-1 libtool - privilege escalation {CVE-2009-3736} [etch] - libtool 1.5.22-4+etch1 [lenny] - libtool 1.5.26-4+lenny1 [28 Dec 2009] DSA-1957-1 aria2 - arbitrary code execution {CVE-2009-3575} [lenny] - aria2 0.14.0-1+lenny1 [23 Dec 2009] DSA-1963-1 unbound - DNSSEC validation {CVE-2009-3602} [lenny] - unbound 1.0.2-1+lenny1 [23 Dec 2009] DSA-1962-1 kvm - several vulnerabilities {CVE-2009-3638 CVE-2009-3722 CVE-2009-4031} [lenny] - kvm 72+dfsg-5~lenny4 [23 Dec 2009] DSA-1961-1 bind9 - cache poisoning {CVE-2009-4022} [etch] - bind9 1:9.3.4-2etch6 [lenny] - bind9 1:9.5.1.dfsg.P3-1+lenny1 [19 Dec 2009] DSA-1960-1 acpid - weak file permissions {CVE-2009-4235} [etch] - acpid 1.0.4-5etch2 [lenny] - acpid 1.0.8-1lenny2 [19 Dec 2009] DSA-1959-1 ganeti - arbitrary command execution {CVE-2009-4261} [lenny] - ganeti 1.2.6-3+lenny2 [16 Dec 2009] DSA-1956-1 xulrunner - several vulnerabilities {CVE-2009-3979 CVE-2009-3981 CVE-2009-3983 CVE-2009-3984 CVE-2009-3985 CVE-2009-3986} [lenny] - xulrunner 1.9.0.16-1 [16 Dec 2009] DSA-1955-1 network-manager network-manager-applet - information disclosure {CVE-2009-0365} [etch] - network-manager 0.6.4-6+etch1 [lenny] - network-manager-applet 0.6.6-4+lenny1 [16 Dec 2009] DSA-1954-1 cacti - insufficient input sanitising {CVE-2007-3112 CVE-2007-3113 CVE-2009-4032} [etch] - cacti 0.8.6i-3.6 [lenny] - cacti 0.8.7b-2.1+lenny1 [15 Dec 2009] DSA-1953-1 expat - denial of service {CVE-2009-3560} [etch] - expat 1.95.8-3.4+etch2 [lenny] - expat 2.0.1-4+lenny2 [15 Dec 2009] DSA-1952-1 asterisk - several vulnerabilities {CVE-2007-2383 CVE-2008-3903 CVE-2008-7220 CVE-2009-0041 CVE-2009-3727 CVE-2009-4055} [lenny] - asterisk 1:1.4.21.2~dfsg-3+lenny1 [15 Dec 2009] DSA-1951-1 firefox-sage - insufficient input sanitizing {CVE-2009-4102} [etch] - firefox-sage 1.3.6-4etch1 [lenny] - firefox-sage 1.4.2-0.1+lenny1 [12 Dec 2009] DSA-1950-1 webkit - several vulnerabilities {CVE-2009-0945 CVE-2009-1681 CVE-2009-1684 CVE-2009-1687 CVE-2009-1690 CVE-2009-1692 CVE-2009-1693 CVE-2009-1694 CVE-2009-1695 CVE-2009-1697 CVE-2009-1698 CVE-2009-1710 CVE-2009-1711 CVE-2009-1712 CVE-2009-1714 CVE-2009-1725} [lenny] - webkit 1.0.1-4+lenny2 [12 Dec 2009] DSA-1949-1 php-net-ping - arbitrary code execution {CVE-2009-4024} [etch] - php-net-ping 2.4.2-1+etch1 [lenny] - php-net-ping 2.4.2-1+lenny1 [08 Dec 2009] DSA-1948-1 ntp - denial of service {CVE-2009-3563} [etch] - ntp 1:4.2.2.p4+dfsg-2etch4 [lenny] - ntp 1:4.2.4p4+dfsg-8lenny3 [07 Dec 2009] DSA-1947-1 opensaml2 shibboleth-sp shibboleth-sp2 - cross-site scripting {CVE-2009-3300} [etch] - shibboleth-sp 1.3f.dfsg1-2+etch2 [lenny] - opensaml2 2.0-2+lenny2 [lenny] - shibboleth-sp2 2.0.dfsg1-4+lenny2 [lenny] - shibboleth-sp 1.3.1.dfsg1-3+lenny2 [04 Dec 2009] DSA-1946-1 belpic - cryptographic weakness {CVE-2009-0049} [etch] - belpic 2.5.9-7.etch.1 [03 Dec 2009] DSA-1945-1 gforge - denial of service {CVE-2009-3304} [etch] - gforge 4.5.14-22etch13 [lenny] - gforge 4.7~rc2-7lenny3 [03 Dec 2009] DSA-1944-1 request-tracker3.4 request-tracker3.6 - session hijack vulnerability {CVE-2009-3585 CVE-2009-4151} [etch] - request-tracker3.6 3.6.1-4+etch1 [etch] - request-tracker3.4 3.4.5-2+etch1 [lenny] - request-tracker3.6 3.6.7-5+lenny3 [02 Dec 2009] DSA-1943-1 openldap openldap2.3 - SSL certificate {CVE-2009-3767} [etch] - openldap2.3 2.3.30-5+etch3 [lenny] - openldap 2.4.11-1+lenny1 [29 Nov 2009] DSA-1942-1 wireshark - several vulnerabilities {CVE-2009-1829 CVE-2009-2560 CVE-2009-2562 CVE-2009-3241 CVE-2009-3550 CVE-2009-3829} [etch] - wireshark 0.99.4-5.etch.4 [lenny] - wireshark 1.0.2-3+lenny7 [25 Nov 2009] DSA-1941-1 poppler - several vulnerabilities {CVE-2009-0755 CVE-2009-1187 CVE-2009-3603 CVE-2009-3604 CVE-2009-3605 CVE-2009-3606 CVE-2009-3607 CVE-2009-3608 CVE-2009-3609 CVE-2009-3938} [lenny] - poppler 0.8.7-3 [25 Nov 2009] DSA-1940-1 php5 - multiple issues {CVE-2009-2626 CVE-2009-2687 CVE-2009-3291 CVE-2009-3292 CVE-2009-4017} [etch] - php5 5.2.0+dfsg-8+etch16 [lenny] - php5 5.2.6.dfsg.1-1+lenny4 [24 Nov 2009] DSA-1939-1 libvorbis - several vulnerabilities {CVE-2009-2663 CVE-2009-3379} [etch] - libvorbis 1.1.2.dfsg-1.4+etch1 [lenny] - libvorbis 1.2.0.dfsg-3.1+lenny1 [23 Nov 2009] DSA-1938-1 php-mail - insufficient input sanitising {CVE-2009-4023 CVE-2009-4111} [etch] - php-mail 1.1.6-2+etch1 [lenny] - php-mail 1.1.14-1+lenny1 [21 Nov 2009] DSA-1937-1 gforge - cross-site scripting {CVE-2009-3303} [etch] - gforge 4.5.14-22etch12 [lenny] - gforge 4.7~rc2-7lenny2 [17 Nov 2009] DSA-1936-1 libgd2 - several vulnerabilities {CVE-2007-0455 CVE-2009-3546} [etch] - libgd2 2.0.33-5.2etch2 [lenny] - libgd2 2.0.36~rc1~dfsg-3+lenny1 [17 Nov 2009] DSA-1935-1 gnutls13 gnutls26 - SSL certificate {CVE-2009-2409 CVE-2009-2730} [etch] - gnutls13 1.4.4-3+etch5 [lenny] - gnutls26 2.4.2-6+lenny2 [16 Nov 2009] DSA-1934-1 apache2 - several issues {CVE-2009-3094 CVE-2009-3095 CVE-2009-3555} [etch] - apache2 2.2.3-4+etch11 [lenny] - apache2 2.2.9-10+lenny6 [10 Nov 2009] DSA-1933-1 cups cupsys - cross-site scripting {CVE-2009-2820} [etch] - cupsys 1.2.7-4+etch9 [lenny] - cups 1.3.8-1+lenny7 [08 Nov 2009] DSA-1932-1 pidgin - arbitrary code execution {CVE-2009-3615} [lenny] - pidgin 2.4.3-4lenny5 [08 Nov 2009] DSA-1931-1 nspr - several vulnerabilities {CVE-2009-2463 CVE-2009-0689} [lenny] - nspr 4.7.1-5 [07 Nov 2009] DSA-1930-1 drupal6 - several vulnerabilities {CVE-2009-2372 CVE-2009-2373 CVE-2009-2374} [lenny] - drupal6 6.6-3lenny3 [05 Nov 2009] DSA-1929-1 linux-2.6 - several vulnerabilities {CVE-2009-1883 CVE-2009-2909 CVE-2009-3001 CVE-2009-3002 CVE-2009-3228 CVE-2009-3238 CVE-2009-3286 CVE-2009-3547 CVE-2009-3612 CVE-2009-3621} [etch] - linux-2.6 2.6.18.dfsg.1-26etch1 [05 Nov 2009] DSA-1928-1 linux-2.6.24 - several vulnerabilities {CVE-2009-2846 CVE-2009-2847 CVE-2009-2848 CVE-2009-2849 CVE-2009-2903 CVE-2009-2908 CVE-2009-2909 CVE-2009-2910 CVE-2009-3001 CVE-2009-3002 CVE-2009-3228 CVE-2009-3238 CVE-2009-3286 CVE-2009-3547 CVE-2009-3612 CVE-2009-3613 CVE-2009-3620 CVE-2009-3621} [etch] - linux-2.6.24 2.6.24-6~etchnhalf.9etch1 [05 Nov 2009] DSA-1927-1 linux-2.6 - several vulnerabilities {CVE-2009-3228 CVE-2009-3238 CVE-2009-3547 CVE-2009-3612 CVE-2009-3620 CVE-2009-3621 CVE-2009-3638} [lenny] - linux-2.6 2.6.26-19lenny2 [04 Nov 2009] DSA-1926-1 typo3-src - several vulnerabilities {CVE-2009-3628 CVE-2009-3629 CVE-2009-3630 CVE-2009-3631 CVE-2009-3632 CVE-2009-3633 CVE-2009-3634 CVE-2009-3635 CVE-2009-3636} [etch] - typo3-src 4.0.2+debian-9 [lenny] - typo3-src 4.2.5-1+lenny2 [31 Oct 2009] DSA-1925-1 proftpd-dfsg - SSL certificate verification weakness {CVE-2009-3639} [etch] - proftpd-dfsg 1.3.0-19etch3 [lenny] - proftpd-dfsg 1.3.1-17lenny4 [31 Oct 2009] DSA-1924-1 mahara - several vulnerabilities {CVE-2009-3298 CVE-2009-3299} [lenny] - mahara 1.0.4-4+lenny4 [27 Oct 2009] DSA-1923-1 libhtml-parser-perl - denial of service {CVE-2009-3627} [etch] - libhtml-parser-perl 3.55-1+etch1 [lenny] - libhtml-parser-perl 3.56-1+lenny1 [28 Oct 2009] DSA-1922-1 xulrunner - several vulnerabilities {CVE-2009-3007 CVE-2009-3274 CVE-2009-3370 CVE-2009-3372 CVE-2009-3373 CVE-2009-3374 CVE-2009-3375 CVE-2009-3376 CVE-2009-3380 CVE-2009-3382 CVE-2009-3385} [lenny] - xulrunner 1.9.0.15-0lenny1 [28 Oct 2009] DSA-1921-1 expat - denial of service {CVE-2009-3720} [etch] - expat 1.95.8-3.4+etch1 [lenny] - expat 2.0.1-4+lenny1 [26 Oct 2009] DSA-1920-1 nginx - denial of service {CVE-2009-3896} [etch] - nginx 0.4.13-2+etch3 [lenny] - nginx 0.6.32-3+lenny3 [25 Oct 2009] DSA-1919-1 smarty - several vulnerabilities {CVE-2008-4810 CVE-2009-1669} [etch] - smarty 2.6.14-1etch2 [lenny] - smarty 2.6.20-1.2 [25 Oct 2009] DSA-1918-1 phpmyadmin - several vulnerabilities {CVE-2009-3696 CVE-2009-3697} [etch] - phpmyadmin 4:2.9.1.1-13 [lenny] - phpmyadmin 4:2.11.8.1-5+lenny3 [24 Oct 2009] DSA-1917-1 mimetex - several vulnerabilities {CVE-2009-1382 CVE-2009-2459} [etch] - mimetex 1.50-1+etch1 [lenny] - mimetex 1.50-1+lenny1 [23 Oct 2009] DSA-1916-1 kdelibs - SSL certificate verification weakness {CVE-2009-2702} [etch] - kdelibs 4:3.5.5a.dfsg.1-8etch3 [lenny] - kdelibs 4:3.5.10.dfsg.1-0lenny3 [23 Oct 2009] DSA-1912-2 advi - arbitrary code execution {CVE-2009-2295 CVE-2009-2660 CVE-2009-3296} [etch] - advi 1.6.0-12+etch2 [lenny] - advi 1.6.0-13+lenny2 [22 Oct 2009] DSA-1915-1 linux-2.6 - several vulnerabilities {CVE-2009-2695 CVE-2009-2903 CVE-2009-2908 CVE-2009-2909 CVE-2009-2910 CVE-2009-3001 CVE-2009-3002 CVE-2009-3286 CVE-2009-3290 CVE-2009-3613} [lenny] - linux-2.6 2.6.26-19lenny1 [22 Oct 2009] DSA-1914-1 mapserver - serveral vulnerabilities {CVE-2009-0839 CVE-2009-0840 CVE-2009-0841 CVE-2009-0842 CVE-2009-0843 CVE-2009-1176 CVE-2009-2281} [etch] - mapserver 4.10.0-5.1+etch4 [lenny] - mapserver 5.0.3-3+lenny4 [17 Oct 2009] DSA-1913-1 bugzilla - SQL injection {CVE-2009-3165} [lenny] - bugzilla 3.0.4.1-2+lenny2 [16 Oct 2009] DSA-1912-1 camlimages - arbitrary code execution {CVE-2009-2660 CVE-2009-3296} [etch] - camlimages 2.20-8+etch3 [lenny] - camlimages 1:2.2.0-4+lenny3 [14 Oct 2009] DSA-1911-1 pygresql - missing escape function {CVE-2009-2940} [etch] - pygresql 1:3.8.1-1etch2 [lenny] - pygresql 1:3.8.1-3+lenny1 [14 Oct 2009] DSA-1910-1 mysql-ocaml - missing escape function {CVE-2009-2942} [etch] - mysql-ocaml 1.0.4-2+etch1 [lenny] - mysql-ocaml 1.0.4-4+lenny1 [14 Oct 2009] DSA-1909-1 postgresql-ocaml - missing escape function {CVE-2009-2943} [etch] - postgresql-ocaml 1.5.4-2+etch1 [lenny] - postgresql-ocaml 1.7.0-3+lenny1 [14 Oct 2009] DSA-1908-1 samba - several vulnerabilities {CVE-2009-2813 CVE-2009-2906 CVE-2009-2948} [lenny] - samba 2:3.2.5-4lenny7 [13 Oct 2009] DSA-1907-1 kvm - several vulnerabilities {CVE-2008-5714 CVE-2009-3290} [lenny] - kvm 72+dfsg-5~lenny3 [11 Oct 2009] DSA-1906-1 clamav - end-of-life announcement NOTE: [etch] - clamav (upstream has discontinued providing virus signatures for versions prior to 0.95) NOTE: [lenny] - clamav (upstream has discontinued providing virus signatures for versions prior to 0.95) [10 Oct 2009] DSA-1905-1 python-django - denial of service {CVE-2009-3695} [lenny] - python-django 1.0.2-1+lenny2 [09 Oct 2009] DSA-1895-2 opensaml2, shibboleth-sp2 - interpretation conflict {CVE-2009-3474 CVE-2009-3475 CVE-2009-3476} [lenny] - opensaml2 2.0-2+lenny1 [lenny] - shibboleth-sp2 2.0.dfsg1-4+lenny1 [09 Oct 2009] DSA-1904-1 wget - SSL certificate verification weakness {CVE-2009-3490} [etch] - wget 1.10.2-2+etch1 [lenny] - wget 1.11.4-2+lenny1 [07 Oct 2009] DSA-1903-1 graphicsmagick - several {CVE-2007-1667 CVE-2007-1797 CVE-2007-4985 CVE-2007-4986 CVE-2007-4988 CVE-2008-1096 CVE-2008-3134 CVE-2008-6070 CVE-2008-6071 CVE-2008-6072 CVE-2008-6621 CVE-2009-1882} [etch] - graphicsmagick 1.1.7-13+etch1 [lenny] - graphicsmagick 1.1.11-3.2+lenny1 [05 Oct 2009] DSA-1902-1 elinks - arbitrary code execution {CVE-2008-7224} [etch] - elinks 0.11.1-1.2etch2 [05 Oct 2009] DSA-1901-1 mediawiki1.7 - several vulnerabilities {CVE-2008-5249 CVE-2008-5250 CVE-2008-5252 CVE-2009-0737} [etch] - mediawiki1.7 1.7.1-9etch1 [02 Oct 2009] DSA-1900-1 postgresql-7.4 postgresql-8.1 postgresql-8.3 - various problems {CVE-2009-3229 CVE-2009-3230 CVE-2009-3231} [etch] - postgresql-7.4 1:7.4.26-0etch1 [etch] - postgresql-8.1 8.1.18-0etch1 [lenny] - postgresql-8.3 8.3.8-0lenny1 [02 Oct 2009] DSA-1899-1 strongswan - denial of service {CVE-2009-1957 CVE-2009-1958 CVE-2009-2185 CVE-2009-2661} [etch] - strongswan 2.8.0+dfsg-1+etch2 [lenny] - strongswan 4.2.4-5+lenny3 [02 Oct 2009] DSA-1898-1 openswan - denial of service {CVE-2009-2185} [etch] - openswan 1:2.4.6+dfsg.2-1.1+etch2 [lenny] - openswan 1:2.4.12+dfsg-1.3+lenny2 [28 Sep 2009] DSA-1897-1 horde3 - arbitrary code execution {CVE-2009-3236 CVE-2009-4824 CVE-2008-7218} [etch] - horde3 3.1.3-4etch6 [lenny] - horde3 3.2.2+debian0-2+lenny1 [28 Sep 2009] DSA-1896-1 opensaml shibboleth-sp - potential code execution {CVE-2009-3474 CVE-2009-3475 CVE-2009-3476} [etch] - opensaml 1.1a-2+etch1 [etch] - shibboleth-sp 1.3f.dfsg1-2+etch1 [lenny] - opensaml 1.1.1-2+lenny1 [lenny] - shibboleth-sp 1.3.1.dfsg1-3+lenny1 [24 Sep 2009] DSA-1895-1 xmltooling - potential code execution {CVE-2009-3474 CVE-2009-3475 CVE-2009-3476} [lenny] - xmltooling 1.0-2+lenny1 [24 Sep 2009] DSA-1894-1 newt - arbitrary code execution {CVE-2009-2905} [etch] - newt 0.52.2-10+etch1 [lenny] - newt 0.52.2-11.3+lenny1 [23 Sep 2009] DSA-1893-1 cyrus-imapd-2.2 kolab-cyrus-imapd - arbitrary code execution {CVE-2009-2632 CVE-2009-3235} [etch] - cyrus-imapd-2.2 2.2.13-10+etch4 [etch] - kolab-cyrus-imapd 2.2.13-2+etch2 [lenny] - cyrus-imapd-2.2 2.2.13-14+lenny3 [lenny] - kolab-cyrus-imapd 2.2.13-5+lenny2 [23 Sep 2009] DSA-1892-1 dovecot - arbitrary code execution {CVE-2009-2632 CVE-2009-3235} [etch] - dovecot 1.0.rc15-2etch5 [lenny] - dovecot 1:1.0.15-2.3+lenny1 [22 Sep 2009] DSA-1891-1 changetrack - arbitrary code execution {CVE-2009-3233} [etch] - changetrack 4.3-3+etch1 [lenny] - changetrack 4.3-3+lenny1 [19 Sep 2009] DSA-1890-1 wxwidgets2.6 wxwidgets2.8 wxwindows2.4 - arbitrary code execution {CVE-2009-2369} [etch] - wxwidgets2.6 2.6.3.2.1.5+etch1 [etch] - wxwindows2.4 2.4.5.1.1+etch1 [lenny] - wxwidgets2.8 2.8.7.1-1.1+lenny1 [lenny] - wxwidgets2.6 2.6.3.2.2-3+lenny1 [16 Sep 2009] DSA-1889-1 icu - programming error {CVE-2009-0153} [etch] - icu 3.6-2etch3 [lenny] - icu 3.8.1-3+lenny2 [16 Sep 2009] DSA-1888-1 openssl - cryptographic weakness {CVE-2009-2409} [etch] - openssl097 0.9.7k-3.1etch5 [etch] - openssl 0.9.8c-4etch9 [lenny] - openssl 0.9.8g-15+lenny5 [15 Sep 2009] DSA-1887-1 rails - cross-site scripting {CVE-2009-3009} [lenny] - rails 2.1.0-7 [14 Sep 2009] DSA-1886-1 iceweasel - several vulnerabilities {CVE-2009-1310 CVE-2009-3079} [lenny] - iceweasel 3.0.6-3 [14 Sep 2009] DSA-1885-1 xulrunner - several vulnerabilities {CVE-2009-3070 CVE-2009-3071 CVE-2009-3072 CVE-2009-3074 CVE-2009-3075 CVE-2009-3076 CVE-2009-3077 CVE-2009-3078} [lenny] - xulrunner 1.9.0.14-0lenny1 [14 Sep 2009] DSA-1883-2 nagios2 - regression fix {CVE-2007-5624 CVE-2007-5803 CVE-2008-1360} [etch] - nagios2 2.6-2+etch5 [14 Sep 2009] DSA-1884-1 nginx - arbitrary code execution {CVE-2009-2629} [etch] - nginx 0.4.13-2+etch2 [lenny] - nginx 0.6.32-3+lenny2 [11 Sep 2009] DSA-1878-2 devscripts - regression fix {CVE-2009-2946} [etch] - devscripts 2.9.26etch5 [lenny] - devscripts 2.10.35lenny7 [10 Sep 2009] DSA-1883-1 nagios2 - several cross-site scriptings {CVE-2007-5624 CVE-2007-5803 CVE-2008-1360} [etch] - nagios2 2.6-2+etch4 [09 Sep 2009] DSA-1882-1 xapian-omega - cross-site scripting {CVE-2009-2947} [etch] - xapian-omega 0.9.9-1+etch1 [lenny] - xapian-omega 1.0.7-3+lenny1 [07 Sep 2009] DSA-1881-1 cyrus-imapd - buffer overflow {CVE-2009-2632} [lenny] - cyrus-imapd-2.2 2.2.13-14+lenny1 [etch] - cyrus-imapd-2.2 2.2.13-10+etch2 [04 Sep 2009] DSA-1880-1 openoffice.org - arbitrary code execution {CVE-2009-0200 CVE-2009-0201 CVE-2009-2139} [lenny] - openoffice.org 1:2.4.1+dfsg-1+lenny3 [etch] - openoffice.org 2.0.4.dfsg.2-7etch7 [04 Sep 2009] DSA-1879-1 silc-client silc-toolkit - arbitrary code execution {CVE-2008-7159 CVE-2008-7160 CVE-2009-3051 CVE-2009-3163} [lenny] - silc-toolkit 1.1.7-2+lenny1 [lenny] - silc-client 1.1.4-1+lenny1 [02 Sep 2009] DSA-1878-1 devscripts - remote code execution {CVE-2009-2946} [etch] - devscripts 2.9.26etch4 [lenny] - devscripts 2.10.35lenny6 [02 Sep 2009] DSA-1877-1 mysql-dfsg-5.0 - arbitrary code {CVE-2009-2446} [etch] - mysql-dfsg-5.0 5.0.32-7etch11 [lenny] - mysql-dfsg-5.0 5.0.51a-24+lenny2 [01 Sep 2009] DSA-1876-1 dnsmasq - remote code execution {CVE-2009-2957 CVE-2009-2958} [lenny] - dnsmasq 2.45-1+lenny1 [31 Aug 2009] DSA-1875-1 ikiwiki - information disclosure {CVE-2009-2944} [lenny] - ikiwiki 2.53.4 [26 Aug 2009] DSA-1871-2 wordpress - regression fix {CVE-2008-1502 CVE-2008-4106 CVE-2008-4769 CVE-2008-4796 CVE-2008-5113 CVE-2008-6762 CVE-2008-6767 CVE-2009-2334 CVE-2009-2851 CVE-2009-2853 CVE-2009-2854} [etch] - wordpress 2.0.10-1etch5 [26 Aug 2009] DSA-1874-1 nss - several vulnerabilities {CVE-2009-2404 CVE-2009-2408 CVE-2009-2409} [lenny] - nss 3.12.3.1-0lenny1 [26 Aug 2009] DSA-1873-1 xulrunner - spoofing vulnerabilities {CVE-2009-2654 CVE-2009-2662 CVE-2009-2664} [lenny] - xulrunner 1.9.0.13-0lenny1 [25 Aug 2009] DSA-1833-2 dhcp3 - arbitrary code execution {CVE-2009-0692 CVE-2009-1892} [lenny] - dhcp3 3.1.1-6+lenny3 [24 Aug 2009] DSA-1872-1 fai-kernels linux-2.6 user-mode-linux - several vulnerabilities {CVE-2009-2698 CVE-2009-2846 CVE-2009-2847 CVE-2009-2848 CVE-2009-2849} [etch] - linux-2.6 2.6.18.dfsg.1-24etch4 [etch] - fai-kernels 1.17+etch.24etch4 [etch] - user-mode-linux 2.6.18-1um-2etch.24etch4 [23 Aug 2009] DSA-1871-1 wordpress - several vulnerabilities {CVE-2008-1502 CVE-2008-4106 CVE-2008-4769 CVE-2008-4796 CVE-2008-5113 CVE-2008-6762 CVE-2008-6767 CVE-2009-2334 CVE-2009-2851 CVE-2009-2853 CVE-2009-2854} [etch] - wordpress 2.0.10-1etch4 [lenny] - wordpress 2.5.1-11+lenny1 [19 Aug 2009] DSA-1870-1 pidgin - insufficient input sanitization {CVE-2009-2694} [lenny] - pidgin 2.4.3-4lenny3 [19 Aug 2009] DSA-1869-1 curl - SSL certificate verification weakness {CVE-2009-2417} [etch] - curl 7.15.5-1etch3 [lenny] - curl 7.18.2-8lenny3 [19 Aug 2009] DSA-1868-1 kde4libs - several vulnerabilities {CVE-2009-1687 CVE-2009-1690 CVE-2009-1698} [lenny] - kde4libs 4:4.1.0-3+lenny1 [19 Aug 2009] DSA-1867-1 kdelibs - several vulnerabilities {CVE-2008-1671 CVE-2009-1687 CVE-2009-1690 CVE-2009-1698} [etch] - kdelibs 4:3.5.5a.dfsg.1-8etch2 [lenny] - kdelibs 4:3.5.10.dfsg.1-0lenny2 [19 Aug 2009] DSA-1866-1 kdegraphics - several vulnerabilities {CVE-2009-0945 CVE-2009-1709} [etch] - kdegraphics 4:3.5.5-3etch4 [lenny] - kdegraphics 4:3.5.9-3+lenny2 [16 Aug 2009] DSA-1864-1 linux-2.6.24 - privilege escalation {CVE-2009-2692} [etch] - linux-2.6.24 2.6.24-6~etchnhalf.8etch3 [16 Aug 2009] DSA-1865-1 fai-kernels linux-2.6 user-mode-linux - several vulnerabilities {CVE-2009-1385 CVE-2009-1389 CVE-2009-1630 CVE-2009-1633 CVE-2009-2692} [etch] - linux-2.6 2.6.18.dfsg.1-24etch3 [etch] - user-mode-linux 2.6.18-1um-2etch.24etch3 [etch] - fai-kernels 1.17+etch.24etch3 [15 Aug 2009] DSA-1863-1 zope2.10 zope2.9 - arbitrary code execution {CVE-2009-0668 CVE-2009-0669} [lenny] - zope2.10 2.10.6-1+lenny1 [etch] - zope2.9 2.9.6-4etch2 [14 Aug 2009] DSA-1862-1 linux-2.6 - privilege escalation {CVE-2009-2692} [lenny] - linux-2.6 2.6.26-17lenny2 [13 Aug 2009] DSA-1861-1 libxml - several issues {CVE-2009-2414 CVE-2009-2416} [etch] - libxml 1:1.8.17-14+etch1 [12 Aug 2009] DSA-1860-1 ruby1.8 ruby1.9 - several issues {CVE-2009-0642 CVE-2009-1904} [etch] - ruby1.9 1.9.0+20060609-1etch5 [etch] - ruby1.8 1.8.5-4etch5 [lenny] - ruby1.8 1.8.7.72-3lenny1 [lenny] - ruby1.9 1.9.0.2-9lenny1 [10 Aug 2009] DSA-1859-1 libxml2 - several issues {CVE-2009-2414 CVE-2009-2416} [etch] - libxml2 2.6.27.dfsg-6+etch1 [lenny] - libxml2 2.6.32.dfsg-5+lenny1 [10 Aug 2009] DSA-1858-1 imagemagick - several vulnerabilities {CVE-2007-1667 CVE-2007-1797 CVE-2007-4985 CVE-2007-4986 CVE-2007-4987 CVE-2007-4988 CVE-2008-1096 CVE-2008-1097 CVE-2009-1882} [etch] - imagemagick 7:6.2.4.5.dfsg1-0.15+etch1 [lenny] - imagemagick 7:6.3.7.9.dfsg2-1~lenny3 [10 Aug 2009] DSA-1857-1 camlimages - arbitrary code execution {CVE-2009-2660} [etch] - camlimages 2.20-8+etch2 [lenny] - camlimages 1:2.2.0-4+lenny2 [09 Aug 2009] DSA-1843-2 squid3 - regression fix {CVE-2009-2621 CVE-2009-2622} [lenny] - squid3 3.0.STABLE-3+lenny2 [08 Aug 2009] DSA-1856-1 mantis - information leak [lenny] - mantis 1.1.6+dfsg-2lenny1 [08 Aug 2009] DSA-1855-1 subversion - heap overflow {CVE-2009-2411} [etch] - subversion 1.4.2dfsg1-3 [lenny] - subversion 1.5.1dfsg1-4 [08 Aug 2009] DSA-1854-1 apr apr-util - arbitrary code execution {CVE-2009-2412} [etch] - apr-util 1.2.7+dfsg-2+etch3 [etch] - apr 1.2.7-9 [lenny] - apr-util 1.2.12+dfsg-8+lenny4 [lenny] - apr 1.2.12-5+lenny1 [07 Aug 2009] DSA-1853-1 memcached - arbitrary code execution {CVE-2009-2415} [etch] - memcached 1.1.12-1+etch1 [lenny] - memcached 1.2.2-1+lenny1 [07 Aug 2009] DSA-1852-1 fetchmail - SSL certificate verification weakness {CVE-2009-2666} [etch] - fetchmail 6.3.6-1etch2 [lenny] - fetchmail 6.3.9~rc2-4+lenny1 [06 Aug 2009] DSA-1851-1 gst-plugins-bad0.10 - arbitrary code execution {CVE-2009-1438} [etch] - gst-plugins-bad0.10 0.10.3-3.1+etch3 [lenny] - gst-plugins-bad0.10 0.10.7-2+lenny2 [04 Aug 2009] DSA-1850-1 libmodplug - arbitrary code execution {CVE-2009-1438 CVE-2009-1513} [etch] - libmodplug 1:0.7-5.2+etch1 [lenny] - libmodplug 1:0.8.4-1+lenny1 [02 Aug 2009] DSA-1849-1 xml-security-c - signature forgery {CVE-2009-0217} [etch] - xml-security-c 1.2.1-3+etch1 [lenny] - xml-security-c 1.4.0-3+lenny2 [02 Aug 2009] DSA-1848-1 znc - directory traversal {CVE-2009-2658} [etch] - znc 0.045-3+etch3 [lenny] - znc 0.058-2+lenny3 [29 Jul 2009] DSA-1847-1 bind9 - denial of service {CVE-2009-0696} [etch] - bind9 1:9.3.4-2etch5 [lenny] - bind9 1:9.5.1.dfsg.P3-1 [28 Jul 2009] DSA-1846-1 kvm - denial of service {CVE-2009-2287} [lenny] - kvm 72+dfsg-5~lenny2 [28 Jun 2009] DSA-1845-1 linux-2.6 - several vulnerabilities {CVE-2009-1895 CVE-2009-2287 CVE-2009-2406 CVE-2009-2407} [lenny] - linux-2.6 2.6.26-17lenny1 [28 Jul 2009] DSA-1844-1 linux-2.6.24 - several vulnerabilities {CVE-2009-1385 CVE-2009-1389 CVE-2009-1630 CVE-2009-1633 CVE-2009-1895 CVE-2009-1914 CVE-2009-1961 CVE-2009-2406 CVE-2009-2407} [etch] - linux-2.6.24 2.6.24-6~etchnhalf.8etch2 [28 Jul 2009] DSA-1843-1 squid3 - denial of service {CVE-2009-2621 CVE-2009-2622} [etch] - squid (Vulnerable code introduced in 3.x) [lenny] - squid3 3.0.STABLE8-3+lenny1 [28 Jul 2009] DSA-1842-1 openexr - several vulnerabilities {CVE-2009-1720 CVE-2009-1721 CVE-2009-1722} [etch] - openexr 1.2.2-4.3+etch2 [lenny] - openexr 1.6.1-3+lenny3 [25 Jul 2009] DSA-1841-1 git-core - denial of service {CVE-2009-2108} [etch] - git-core 1:1.4.4.4-4+etch3 [lenny] - git-core 1:1.5.6.5-3+lenny2 [23 Jul 2009] DSA-1840-1 xulrunner - several vulnerabilities {CVE-2009-2462 CVE-2009-2464 CVE-2009-2465 CVE-2009-2466 CVE-2009-2467 CVE-2009-2469 CVE-2009-2470 CVE-2009-2471 CVE-2009-2472} [lenny] - xulrunner 1.9.0.12-0lenny1 [19 Jul 2009] DSA-1839-1 gst-plugins-good0.10 - arbitrary code execution {CVE-2009-1932} [etch] - gst-plugins-good0.10 0.10.4-4+etch1 [lenny] - gst-plugins-good0.10 0.10.8-4.1~lenny2 [18 Jul 2009] DSA-1838-1 pulseaudio - privilege escalation {CVE-2009-1894} [lenny] - pulseaudio 0.9.10-3+lenny1 [18 Jul 2009] DSA-1837-1 dbus - denial of service {CVE-2009-1189} [etch] - dbus 1.0.2-1+etch3 [lenny] - dbus 1.2.1-5+lenny1 [16 Jul 2009] DSA-1836-1 fckeditor - arbitrary code execution {CVE-2009-2324 CVE-2009-2265} [lenny] - fckeditor 1:2.6.2-1lenny1 [15 Jul 2009] DSA-1835-1 tiff - several vulnerabilities {CVE-2009-2285 CVE-2009-2347} [etch] - tiff 3.8.2-7+etch3 [lenny] - tiff 3.8.2-11.2 [15 Jul 2009] DSA-1834-1 apache2 apache2-mpm-itk - denial of service {CVE-2009-1891 CVE-2009-1890} [etch] - apache2 2.2.3-4+etch9 [lenny] - apache2 2.2.9-10+lenny4 [14 Jul 2009] DSA-1833-1 dhcp3 - arbitrary code execution {CVE-2009-0692} [etch] - dhcp3 3.0.4-13+etch2 [lenny] - dhcp3 3.1.1-6+lenny2 [13 Jul 2009] DSA-1832-1 camlimages - arbitrary code execution {CVE-2009-2295} [etch] - camlimages 2.20-8+etch1 [lenny] - camlimages 1:2.2.0-4+lenny1 [13 Jul 2009] DSA-1831-1 djbdns - privilege escalation {CVE-2009-0858} [lenny] - djbdns 1:1.05-4+lenny1 [12 Jul 2009] DSA-1830-1 icedove - several vulnerabilities {CVE-2009-0040 CVE-2009-0352 CVE-2009-0353 CVE-2009-0652 CVE-2009-0771 CVE-2009-0772 CVE-2009-0773 CVE-2009-0774 CVE-2009-0776 CVE-2009-1302 CVE-2009-1303 CVE-2009-1307 CVE-2009-1392 CVE-2009-1832 CVE-2009-1836 CVE-2009-1838 CVE-2009-1841 CVE-2009-2210 CVE-2009-2061} [lenny] - icedove 2.0.0.22-0lenny1 [11 Jul 2009] DSA-1829-1 sork-passwd-h3 - cross-site scripting {CVE-2009-2360} [etch] - sork-passwd-h3 3.0-2+etch1 [lenny] - sork-passwd-h3 3.0-2+lenny1 [07 Jul 2009] DSA-1828-1 ocsinventory-agent - arbitrary code execution {CVE-2009-0667} [lenny] - ocsinventory-agent 1:0.0.9.2repack1-4lenny1 [06 Jul 2009] DSA-1827-1 ipplan - cross-site scripting {CVE-2009-1732} [lenny] - ipplan 4.86a-7+lenny1 [04 Jul 2009] DSA-1826-1 eggdrop - several vulnerabilities {CVE-2007-2807 CVE-2009-1789} [etch] - eggdrop 1.6.18-1etch2 [lenny] - eggdrop 1.6.19-1.1+lenny1 [03 Jul 2009] DSA-1825-1 nagios2 nagios3 - arbitrary code execution {CVE-2009-2288} [lenny] - nagios3 3.0.6-4~lenny2 [etch] - nagios2 2.6-2+etch3 [25 Jun 2009] DSA-1824-1 phpmyadmin - several vulnerabilities {CVE-2009-1150 CVE-2009-1151} [etch] - phpmyadmin 4:2.9.1.1-11 [lenny] - phpmyadmin 4:2.11.8.1-5+lenny1 [25 Jun 2009] DSA-1823-1 samba - several vulnerabilities {CVE-2009-1886 CVE-2009-1888} [lenny] - samba 2:3.2.5-4lenny6 [23 Jun 2009] DSA-1822-1 mahara - cross-site scripting {CVE-2009-2170} [lenny] - mahara 1.0.4-4+lenny3 [22 Jun 2009] DSA-1821-1 amule - insufficient input sanitising {CVE-2009-1440} [lenny] - amule 2.2.1-1+lenny2 [18 Jun 2009] DSA-1820-1 xulrunner - several vulnerabilities {CVE-2009-1392 CVE-2009-1832 CVE-2009-1833 CVE-2009-1834 CVE-2009-1835 CVE-2009-1836 CVE-2009-1837 CVE-2009-1838 CVE-2009-1839 CVE-2009-1840 CVE-2009-1841 CVE-2009-2061} [lenny] - xulrunner 1.9.0.11-0lenny1 [18 Jun 2009] DSA-1819-1 vlc - several vulnerabilities {CVE-2008-1768 CVE-2008-1769 CVE-2008-1881 CVE-2008-2147 CVE-2008-2430 CVE-2008-3794 CVE-2008-4686 CVE-2008-5032} [etch] - vlc 0.8.6-svn20061012.debian-5.1+etch3 [18 Jun 2009] DSA-1818-1 gforge - insufficient input sanitising {CVE-2009-4069 CVE-2009-4070} [etch] - gforge 4.5.14-22etch11 [lenny] - gforge 4.7~rc2-7lenny1 [17 Jun 2009] DSA-1817-1 ctorrent - arbitrary code execution {CVE-2009-1759} [lenny] - ctorrent 1.3.4-dnh3.2-1+lenny1 [16 Jun 2009] DSA-1816-1 apache2 apache2-mpm-itk - privilege escalation {CVE-2009-1195} [etch] - apache2 2.2.3-4+etch8 [lenny] - apache2 2.2.9-10+lenny3 [14 Jun 2009] DSA-1815-1 libtorrent-rasterbar - denial of service {CVE-2009-1760} [lenny] - libtorrent-rasterbar 0.13.1-2+lenny1 [13 Jun 2009] DSA-1814-1 libsndfile - arbitrary code execution {CVE-2009-1788 CVE-2009-1791} [etch] - libsndfile 1.0.16-2+etch2 [lenny] - libsndfile 1.0.17-4+lenny2 [08 Jun 2009] DSA-1813-1 evolution-data-server - several vulnerabilities {CVE-2009-0547 CVE-2009-0582 CVE-2009-0587} [etch] - evolution-data-server 1.6.3-5etch2 [lenny] - evolution-data-server 2.22.3-1.1+lenny1 [04 Jun 2009] DSA-1812-1 apr-util - several vulnerabilities {CVE-2009-0023 CVE-2009-1955} [etch] - apr-util 1.2.7+dfsg-2+etch2 [lenny] - apr-util 1.2.12+dfsg-8+lenny2 [02 Jun 2009] DSA-1811-1 cups cupsys - denial of service {CVE-2009-0949} [etch] - cupsys 1.2.7-4+etch8 [lenny] - cups 1.3.8-1+lenny6 [02 Jun 2009] DSA-1810-1 libapache-mod-jk - information {CVE-2008-5519} [etch] - libapache-mod-jk 1:1.2.18-3etch2 [lenny] - libapache-mod-jk 1:1.2.26-2+lenny1 [01 Jun 2009] DSA-1809-1 linux-2.6 user-mode-linux - several vulnerabilities {CVE-2009-1184 CVE-2009-1630 CVE-2009-1633 CVE-2009-1758} [lenny] - user-mode-linux 2.6.26-1um-2+15lenny3 [lenny] - linux-2.6 2.6.26-15lenny3 [01 Jun 2009] DSA-1808-1 drupal6 - insufficient input sanitising {CVE-2009-1844} [lenny] - drupal6 6.6-3lenny2 [01 Jun 2009] DSA-1807-1 cyrus-sasl2 cyrus-sasl2-heimdal - arbitrary code execution {CVE-2009-0688} [lenny] - cyrus-sasl2-heimdal 2.1.22.dfsg1-23+lenny1 [lenny] - cyrus-sasl2 2.1.22.dfsg1-23+lenny1 [etch] - cyrus-sasl2 2.1.22.dfsg1-8+etch1 [24 May 2009] DSA-1806-1 cscope - arbitrary code execution {CVE-2009-0148} [lenny] - cscope 15.6-6+lenny1 [etch] - cscope 15.6-2+etch1 [22 May 2009] DSA-1805-1 pidgin - several vulnerabilities {CVE-2008-2927 CVE-2009-1373 CVE-2009-1375 CVE-2009-1376} [lenny] - pidgin 2.4.3-4lenny2 [21 May 2009] DSA-1802-2 squirrelmail - incomplete fix {CVE-2009-1381} [etch] - squirrelmail 2:1.4.9a-5 [lenny] - squirrelmail 2:1.4.15-4+lenny2 [20 May 2009] DSA-1803-1 nsd nsd3 - denial of service {CVE-2009-1755} [etch] - nsd 2.3.6-1+etch1 [lenny] - nsd 2.3.7-1.1+lenny1 [lenny] - nsd3 3.0.7-3.lenny2 [20 May 2009] DSA-1804-1 ipsec-tools - denial of service {CVE-2009-1574 CVE-2009-1632} [etch] - ipsec-tools 1:0.6.6-3.1etch3 [lenny] - ipsec-tools 1:0.7.1-1.3+lenny2 [19 May 2009] DSA-1802-1 squirrelmail - several vulnerabilities {CVE-2009-1578 CVE-2009-1579 CVE-2009-1580 CVE-2009-1581} [etch] - squirrelmail 2:1.4.9a-4 [lenny] - squirrelmail 2:1.4.15-4+lenny1 [19 May 2009] DSA-1801-1 ntp - several vulnerabilities {CVE-2009-0159 CVE-2009-1252} [etch] - ntp 1:4.2.2.p4+dfsg-2etch3 [lenny] - ntp 1:4.2.4p4+dfsg-8lenny2 [15 May 2009] DSA-1800-1 linux-2.6 user-mode-linux - several vulnerabilities {CVE-2009-0028 CVE-2009-0834 CVE-2009-0835 CVE-2009-0859 CVE-2009-1046 CVE-2009-1072 CVE-2009-1184 CVE-2009-1192 CVE-2009-1242 CVE-2009-1265 CVE-2009-1337 CVE-2009-1338 CVE-2009-1439} [lenny] - linux-2.6 2.6.26-15lenny2 [lenny] - user-mode-linux 2.6.26-1um-2+15lenny2 [11 May 2009] DSA-1799-1 qemu - several vulnerabilities {CVE-2008-0928 CVE-2008-1945 CVE-2008-4539} [etch] - qemu 0.8.2-4etch3 [lenny] - qemu 0.9.1-10lenny1 [10 May 2009] DSA-1798-1 pango1.0 - arbitrary code execution {CVE-2009-1194} [etch] - pango1.0 1.14.8-5+etch1 [lenny] - pango1.0 1.20.5-3+lenny1 [09 May 2009] DSA-1797-1 xulrunner - several vulnerabilities {CVE-2009-0652 CVE-2009-1302 CVE-2009-1303 CVE-2009-1304 CVE-2009-1305 CVE-2009-1306 CVE-2009-1307 CVE-2009-1308 CVE-2009-1309 CVE-2009-1311 CVE-2009-1312} [lenny] - xulrunner 1.9.0.9-0lenny2 [07 May 2009] DSA-1796-1 libwmf - denial of service {CVE-2009-1364} [etch] - libwmf 0.2.8.4-2+etch1 [lenny] - libwmf 0.2.8.4-6+lenny1 [07 May 2009] DSA-1795-1 ldns - arbitrary code execution {CVE-2009-1086} [lenny] - ldns 1.4.0-1+lenny1 [06 May 2009] DSA-1794-1 linux-2.6 - multiple vulnerabilities {CVE-2008-4307 CVE-2008-5395 CVE-2008-5701 CVE-2008-5702 CVE-2008-5713 CVE-2009-0028 CVE-2009-0029 CVE-2009-0031 CVE-2009-0065 CVE-2009-0322 CVE-2009-0675 CVE-2009-0676 CVE-2009-0834 CVE-2009-0859 CVE-2009-1192 CVE-2009-1265 CVE-2009-1336 CVE-2009-1337 CVE-2009-1439} [etch] - linux-2.6 2.6.18.dfsg.1-24etch2 [etch] - fai-kernels 1.17+etch.24etch2 [etch] - user-mode-linux 2.6.18-1um-2etch.24etch2 [06 May 2009] DSA-1793-1 kdegraphics - multiple vulnerabilities {CVE-2009-0146 CVE-2009-0147 CVE-2009-0165 CVE-2009-0166 CVE-2009-0799 CVE-2009-0800 CVE-2009-1179 CVE-2009-1180 CVE-2009-1181 CVE-2009-1182 CVE-2009-1183} [etch] - kdegraphics 4:3.5.5-3etch3 [lenny] - kdegraphics 4:3.5.9-3+lenny1 [06 May 2009] DSA-1792-1 drupal6 - multiple vulnerabilities {CVE-2009-1575 CVE-2009-1576} [lenny] - drupal6 6.6-3lenny1 [06 May 2009] DSA-1791-1 moin - cross-site scripting {CVE-2009-1482} [lenny] - moin 1.7.1-3+lenny2 [05 May 2009] DSA-1790-1 xpdf - multiple vulnerabilities {CVE-2009-0146 CVE-2009-0147 CVE-2009-0165 CVE-2009-0166 CVE-2009-0799 CVE-2009-0800 CVE-2009-1179 CVE-2009-1180 CVE-2009-1181 CVE-2009-1182 CVE-2009-1183 CVE-2009-0195} [etch] - xpdf 3.01-9.1+etch6 [lenny] - xpdf 3.02-1.4+lenny1 [04 May 2009] DSA-1789-1 php5 - several vulnerabilities {CVE-2008-2107 CVE-2008-2108 CVE-2008-5557 CVE-2008-5624 CVE-2008-5658 CVE-2008-5814 CVE-2009-0754 CVE-2009-1271} [etch] - php5 5.2.0+dfsg-8+etch15 [lenny] - php5 5.2.6.dfsg.1-1+lenny3 [04 May 2009] DSA-1788-1 quagga - denial of service {CVE-2009-1572} [lenny] - quagga 0.99.10-1lenny2 [02 May 2009] DSA-1787-1 linux-2.6.24 - several vulnerabilities {CVE-2008-4307 CVE-2008-5079 CVE-2008-5395 CVE-2008-5700 CVE-2008-5701 CVE-2008-5702 CVE-2009-0028 CVE-2009-0029 CVE-2009-0031 CVE-2009-0065 CVE-2009-0269 CVE-2009-0322 CVE-2009-0675 CVE-2009-0676 CVE-2009-0745 CVE-2009-0834 CVE-2009-0859 CVE-2009-1046 CVE-2009-1192 CVE-2009-1242 CVE-2009-1265 CVE-2009-1337 CVE-2009-1338 CVE-2009-1439} [etch] - linux-2.6.24 2.6.24-6~etchnhalf.8etch1 [02 May 2009] DSA-1786-1 acpid - denial of service {CVE-2009-0798} [etch] - acpid 1.0.4-5etch1 [lenny] - acpid 1.0.8-1lenny1 [01 May 2009] DSA-1785-1 wireshark - several vulnerabilities {CVE-2009-1210 CVE-2009-1268 CVE-2009-1269} [lenny] - wireshark 1.0.2-3+lenny5 [30 Apr 2009] DSA-1784-1 freetype - arbitrary code execution {CVE-2009-0946} [etch] - freetype 2.2.1-5+etch4 [lenny] - freetype 2.3.7-2+lenny1 [29 Apr 2009] DSA-1783-1 mysql-dfsg-5.0 - several vulnerabilities {CVE-2008-3963 CVE-2008-4456} [etch] - mysql-dfsg-5.0 5.0.32-7etch10 [lenny] - mysql-dfsg-5.0 5.0.51a-24+lenny1 [29 Apr 2009] DSA-1782-1 mplayer - arbitrary code execution {CVE-2008-4866 CVE-2008-5616 CVE-2009-0385} [etch] - mplayer 1.0~rc1-12etch7 [29 Apr 2009] DSA-1781-1 ffmpeg ffmpeg-debian - arbitrary code execution {CVE-2008-3162 CVE-2009-0385} [etch] - ffmpeg 0.cvs20060823-8+etch1 [lenny] - ffmpeg-debian 0.svn20080206-17+lenny1 [28 Apr 2009] DSA-1780-1 libdbd-pg-perl - potential code execution {CVE-2009-0663 CVE-2009-1341} [etch] - libdbd-pg-perl 1.49-2+etch1 [26 Apr 2009] DSA-1779-1 apt - several vulnerabilities {CVE-2009-1300 CVE-2009-1358} [etch] - apt 0.6.46.4-0.1+etch1 [lenny] - apt 0.7.20.2+lenny1 [22 Apr 2009] DSA-1778-1 mahara - cross-site scripting {CVE-2009-0664} [lenny] - mahara 1.0.4-4+lenny2 [21 Apr 2009] DSA-1776-1 slurm-llnl - privilege escalation {CVE-2009-2084} [lenny] - slurm-llnl 1.3.6-1lenny3 [21 Apr 2009] DSA-1777-1 git-core - privilege escalation [etch] - git-core 1:1.4.4.4-4+etch2 [lenny] - git-core 1:1.5.6.5-3+lenny1 [20 Apr 2009] DSA-1775-1 php-json-ext - denial of service {CVE-2009-1271} [etch] - php-json-ext 1.2.1-3.2+etch1 [17 Apr 2009] DSA-1774-1 ejabberd - cross-site scripting {CVE-2009-0934} [lenny] - ejabberd 2.0.1-6+lenny1 [17 Apr 2009] DSA-1773-1 cups cupsys - arbitrary code execution {CVE-2009-0163} [etch] - cupsys 1.2.7-4etch7 [lenny] - cups 1.3.8-1lenny5 [16 Apr 2009] DSA-1772-1 udev - privilege escalation {CVE-2009-1185 CVE-2009-1186} [etch] - udev 0.105-4etch1 [lenny] - udev 0.125-7+lenny1 [15 Apr 2009] DSA-1771-1 clamav - several vulnerabilities {CVE-2008-6680 CVE-2009-1270 CVE-2009-1371} [etch] - clamav 0.90.1dfsg-4etch19 [lenny] - clamav 0.94.dfsg.2-1lenny2 [13 Apr 2009] DSA-1770-1 imp4 - cross-site scripting {CVE-2008-4182 CVE-2009-0930} [etch] - imp4 4.1.3-4etch1 [11 Apr 2009] DSA-1769-1 openjdk-6 - arbitrary code execution {CVE-2006-2426 CVE-2009-0581 CVE-2009-0723 CVE-2009-0733 CVE-2009-0793 CVE-2009-1093 CVE-2009-1094 CVE-2009-1095 CVE-2009-1096 CVE-2009-1097 CVE-2009-1098 CVE-2009-1101} [lenny] - openjdk-6 6b11-9.1+lenny2 [10 Apr 2009] DSA-1768-1 openafs - potential code execution {CVE-2009-1250 CVE-2009-1251} [etch] - openafs 1.4.2-6etch2 [lenny] - openafs 1.4.7.dfsg1-6+lenny1 [09 Apr 2009] DSA-1754-1 roundup - privilege escalation {CVE-2009-2737} [etch] - roundup 1.2.1-10+etch1 [lenny] - roundup 1.4.4-4+lenny1 [09 Apr 2009] DSA-1767-1 multipath-tools - denial of service {CVE-2009-0115} [etch] - multipath-tools 0.4.7-1.1etch2 [lenny] - multipath-tools 0.4.8-14+lenny1 [09 Apr 2009] DSA-1766-1 krb5 - several vulnerabilities {CVE-2009-0844 CVE-2009-0845 CVE-2009-0846 CVE-2009-0847} [etch] - krb5 1.4.4-7etch7 [lenny] - krb5 1.6.dfsg.4~beta1-5lenny1 [08 Apr 2009] DSA-1765-1 horde3 - several vulnerabilities {CVE-2008-3330 CVE-2008-5917 CVE-2009-0932} [etch] - horde3 3.1.3-4etch5 [07 Apr 2009] DSA-1764-1 tunapie - several vulnerabilities {CVE-2009-1253 CVE-2009-1254} [lenny] - tunapie 2.1.8-2 [06 Apr 2009] DSA-1763-1 openssl openssl097 - denial of service {CVE-2009-0590} [etch] - openssl097 0.9.7k-3.1etch3 [etch] - openssl 0.9.8c-4etch5 [lenny] - openssl 0.9.8g-15+lenny1 [03 Apr 2009] DSA-1761-1 moodle - file disclosure {CVE-2009-1171} [etch] - moodle 1.6.3-2+etch3 [lenny] - moodle 1.8.2.dfsg-3+lenny2 [02 Apr 2009] DSA-1762-1 icu - cross site scripting {CVE-2008-1036} [etch] - icu 3.6-2etch2 [lenny] - icu 3.8.1-3+lenny1 [30 Mar 2009] DSA-1760-1 openswan - denial of service {CVE-2008-4190 CVE-2009-0790} [etch] - openswan 1:2.4.6+dfsg.2-1.1+etch1 [lenny] - openswan 1:2.4.12+dfsg-1.3+lenny1 [30 Mar 2009] DSA-1759-1 strongswan - denial of service {CVE-2009-0790} [etch] - strongswan 2.8.0+dfsg-1+etch1 [lenny] - strongswan 4.2.4-5+lenny1 [30 Mar 2009] DSA-1758-1 nss-ldapd - information disclosure {CVE-2009-1073} [lenny] - nss-ldapd 0.6.7.1 [24 Mar 2009] DSA-1753-1 iceweasel - end-of-life announcement for iceweasel in oldstable NOTE: (upstream iceweasel too volatile, solution: upgrade to security-supported iceweasel in lenny) NOTE: DSA issued to advise users to upgrade to lenny if they are interested in a security-supported iceweasel [08 Jul 2008] DSA-1605-1 glibc - DNS cache poisoning {CVE-2008-1447} NOTE: (backport too complicated, solution: install bind9 or use ip address spoofing protection) NOTE: DSA issued as an avisory about actions user can take to protect against this vulnerability [08 Jul 2008] DSA-1604-1 bind - DNS cache poisoning {CVE-2008-1447} NOTE: (backport too complicated, solution: upgrade to bind9 or have bind8 forward queries to a bind9 resolver) NOTE: DSA issued as an avisory about actions user can take to protect against this vulnerability [24 Mar 2008] DSA-1529-1 firebird - multiple vulnerabilities {CVE-2008-0387 CVE-2008-0467 CVE-2006-7211 CVE-2007-4664 CVE-2007-4665 CVE-2007-4666 CVE-2007-4667 CVE-2007-4668 CVE-2007-4669 CVE-2007-3527 CVE-2007-3181 CVE-2007-2606 CVE-2006-7212 CVE-2006-7213 CVE-2006-7214} NOTE: (backport too complicated, solution: use firebird packages in backports.org or isolate machine from internet) NOTE: DSA issued as an advisory about actions user can take to protect against these vulnabilities [25 Sep 2006] DSA-1184-2 kernel-source-2.6.8 - several vulnerabilities {CVE-2004-2660 CVE-2005-4798 CVE-2006-1052 CVE-2006-1343 CVE-2006-1528 CVE-2006-1855 CVE-2006-1856 CVE-2006-2444 CVE-2006-2446 CVE-2006-2935 CVE-2006-2936 CVE-2006-3468 CVE-2006-3745 CVE-2006-4093 CVE-2006-4145 CVE-2006-4535} [sarge] - kernel-source-2.6.8 2.6.8-16sarge5 [sarge] - fai-kernels 1.9.1sarge4 [25 Sep 2006] DSA-1183-1 kernel-source-2.4.27 - several vulnerabilities {CVE-2005-4798 CVE-2006-2935 CVE-2006-1528 CVE-2006-2444 CVE-2006-2446 CVE-2006-3745 CVE-2006-4535} [sarge] - kernel-source-2.4.27 2.4.27-10sarge4 [sarge] - fai-kernels 1.9.1sarge4 [sarge] - systemimager 3.2.3-6sarge3 [01 Oct 2005] DSA-833-2 mysql-dfsg-4.1 - buffer overflow {CVE-2005-2558} [sarge] - mysql-dfsg-4.1 4.1.11a-4sarge2 [30 Mar 2009] DSA-1757-1 auth2db - SQL injection {CVE-2009-1208} [lenny] - auth2db 0.2.5-2+dfsg-1+lenny1 [29 Mar 2009] DSA-1756-1 xulrunner - multiple vulnerabilities {CVE-2009-1044 CVE-2009-1169} [lenny] - xulrunner 1.9.0.7-0lenny2 [25 Mar 2009] DSA-1755-1 systemtap - local privilege escalation {CVE-2009-0784} [lenny] - systemtap 0.0.20080705-1+lenny1 [23 Mar 2009] DSA-1752-1 webcit - potential remote code execution {CVE-2009-0364} [lenny] - webcit 7.37-dfsg-7 [22 Mar 2009] DSA-1751-1 xulrunner - several vulnerabilities {CVE-2009-0771 CVE-2009-0772 CVE-2009-0773 CVE-2009-0774 CVE-2009-0775 CVE-2009-0776} [lenny] - xulrunner 1.9.0.7-0lenny1 [22 Mar 2009] DSA-1750-1 libpng - several vulnerabilities {CVE-2008-5907 CVE-2008-6218 CVE-2009-0040} [etch] - libpng 1.2.15~beta5-1+etch2 [lenny] - libpng 1.2.27-2+lenny2 [20 Mar 2009] DSA-1749-1 linux-2.6 - several vulnerabilities {CVE-2009-0029 CVE-2009-0031 CVE-2009-0065 CVE-2009-0269 CVE-2009-0322 CVE-2009-0675 CVE-2009-0676 CVE-2009-0745 CVE-2009-0746 CVE-2009-0747 CVE-2009-0748} [lenny] - linux-2.6 2.6.26-13lenny2 [20 Mar 2009] DSA-1748-1 libsoup - arbitrary code execution {CVE-2009-0585} [etch] - libsoup 2.2.98-2+etch1 [20 Mar 2009] DSA-1747-1 glib2.0 - arbitrary code execution {CVE-2008-4316} [etch] - glib2.0 2.12.4-2+etch1 [lenny] - glib2.0 2.16.6-1+lenny1 [20 Mar 2009] DSA-1746-1 ghostscript gs-gpl - arbitrary code execution {CVE-2009-0583 CVE-2009-0584} [etch] - gs-gpl 8.54.dfsg.1-5etch2 [lenny] - ghostscript 8.62.dfsg.1-3.2lenny1 [20 Mar 2009] DSA-1745-1 lcms - arbitrary code execution {CVE-2009-0581 CVE-2009-0723 CVE-2009-0733} [etch] - lcms 1.15-1.1+etch2 [lenny] - lcms 1.17.dfsg-1+lenny1 [18 Mar 2009] DSA-1744-1 weechat - denial of service {CVE-2009-0661} [lenny] - weechat 0.2.6-1+lenny1 [17 Mar 2009] DSA-1743-1 libtk-img - arbitrary code execution {CVE-2007-5137 CVE-2007-5378} [etch] - libtk-img 1:1.3-15etch3 [lenny] - libtk-img 1:1.3-release-7+lenny1 [16 Mar 2009] DSA-1742-1 libsndfile - arbitrary code execution {CVE-2009-0186} [etch] - libsndfile 1.0.16-2+etch1 [lenny] - libsndfile 1.0.17-4+lenny1 [14 Mar 2009] DSA-1741-1 psi - denial of service {CVE-2008-6393} [lenny] - psi 0.11-9 [14 Mar 2009] DSA-1740-1 yaws - denial of service {CVE-2009-0751} [etch] - yaws 1.65-4etch1 [lenny] - yaws 1.77-3+lenny1 [13 Mar 2009] DSA-1739-1 mldonkey - information disclosure {CVE-2009-0753} [lenny] - mldonkey 2.9.5-2+lenny1 [11 Mar 2009] DSA-1738-1 curl - arbitrary file access {CVE-2009-0037} [etch] - curl 7.15.5-1etch2 [lenny] - curl 7.18.2-8lenny2 [11 Mar 2009] DSA-1737-1 wesnoth - several vulnerabilities {CVE-2009-0366 CVE-2009-0367 CVE-2009-0878} [etch] - wesnoth 1.2-5 [lenny] - wesnoth 1:1.4.4-2+lenny1 [10 Mar 2009] DSA-1736-1 mahara - cross-site scripting {CVE-2009-0660} [lenny] - mahara 1.0.4-4+lenny1 [10 Mar 2009] DSA-1735-1 znc - privilege escalation {CVE-2009-0759} [etch] - znc 0.045-3+etch2 [lenny] - znc 0.058-2+lenny1 [05 Mar 2009] DSA-1734-1 opensc - information disclosure {CVE-2009-0368} [lenny] - opensc 0.11.4-5+lenny1 [03 Mar 2009] DSA-1733-1 vim - multiple vulnerabilities {CVE-2008-2712 CVE-2008-3074 CVE-2008-3075 CVE-2008-3076 CVE-2008-4101} [etch] - vim 1:7.0-122+1etch5 [03 Mar 2009] DSA-1732-1 squid3 - denial of service {CVE-2009-0478} [etch] - squid3 3.0.PRE5-5+etch1 [02 Mar 2009] DSA-1731-1 ndiswrapper - arbitrary code execution vulnerability {CVE-2008-4395} [etch] - ndiswrapper 1.28-1+etch1 [02 Mar 2009] DSA-1730-1 proftpd-dfsg - SQL injection vulnerabilites {CVE-2009-0542 CVE-2009-0543} [lenny] - proftpd-dfsg 1.3.1-17lenny2 [02 Mar 2009] DSA-1729-1 gst-plugins-bad0.10 - multiple vulnerabilities {CVE-2009-0386 CVE-2009-0387 CVE-2009-0397} [etch] - gst-plugins-bad0.10 0.10.3-3.1+etch1 [27 Feb 2009] DSA-1728-1 dkim-milter - denial of service {CVE-2009-0770} [lenny] - dkim-milter 2.6.0.dfsg-1+lenny1 [26 Feb 2009] DSA-1727-1 - SQL injection vulnerabilites {CVE-2009-0542 CVE-2009-0543} [lenny] - proftpd-dfsg 1.3.1-17lenny1 [25 Feb 2009] DSA-1726-1 python-crypto - denial of service {CVE-2009-0544} [lenny] - python-crypto 2.0.1+dfsg1-2.3+lenny0 [etch] - python-crypto 2.0.1+dfsg1-1.2+etch0 [15 Feb 2009] DSA-1725-1 websvn - information leak {CVE-2009-0240} [lenny] - websvn 2.0-4+lenny1 [13 Feb 2009] DSA-1724-1 - several vulnerabilities {CVE-2008-5153 CVE-2009-0500 CVE-2009-0502 CVE-2008-6125} [etch] - moodle 1.6.3-2+etch2 [11 Feb 2009] DSA-1723-1 phpmyadmin - arbitrary code execution {CVE-2008-5621} [etch] - phpmyadmin 4:2.9.1.1-10 [11 Feb 2009] DSA-1722-1 libpam-heimdal - local privilege {CVE-2009-0361} [etch] - libpam-heimdal 2.5-1etch1 [11 Feb 2009] DSA-1721-1 libpam-krb5 - local privilege {CVE-2009-0360 CVE-2009-0361} [etch] - libpam-krb5 2.6-1etch1 [10 Feb 2009] DSA-1720-1 typo3-src - several vulnerabilities [etch] - typo3-src 4.0.2+debian-8 [10 Feb 2009] DSA-1719-1 gnutls13 - certificate validation {CVE-2008-4989} [etch] - gnutls13 1.4.4-3+etch3 [08 Feb 2009] DSA-1718-1 boinc - validation bypass {CVE-2009-0126} [etch] - boinc 5.4.11-4+etch1 [05 Feb 2009] DSA-1717-1 devil - buffer overflow {CVE-2008-5262} [etch] - devil 1.6.7-5+etch1 [31 Jan 2009] DSA-1716-1 vnc4 - remote code execution {CVE-2008-4770} [etch] - vnc4 4.1.1+X4.3.0-21+etch1 [29 Jan 2009] DSA-1715-1 moin - insufficient input sanitising {CVE-2009-0260 CVE-2009-0312} [etch] - moin 1.5.3-1.2etch2 [28 Jan 2009] DSA-1714-1 rt2570 - arbitrary code execution {CVE-2009-0282} [etch] - rt2570 1.1.0+cvs20060620-3+etch1 [28 Jan 2009] DSA-1713-1 rt2500 - arbitrary code execution {CVE-2009-0282} [etch] - rt2500 1.1.0+cvs20060620-3+etch1 [28 Jan 2009] DSA-1712-1 rt2400 - arbitrary code execution {CVE-2009-0282} [etch] - rt2400 1.2.2+cvs20060620-4+etch1 [26 Jan 2009] DSA-1711-1 typo3-src - remote code execution {CVE-2009-0255 CVE-2009-0256 CVE-2009-0257 CVE-2009-0258} [etch] - typo3-src 4.0.2+debian-7 [25 Jan 2009] DSA-1710-1 ganglia-monitor-core - remote code execution {CVE-2009-0241} [etch] - ganglia-monitor-core 2.5.7-3.1etch1 [21 Jan 2009] DSA-1709-1 shadow - privilege escalation {CVE-2008-5394} [etch] - shadow 1:4.0.18.1-7+etch1 [19 Jan 2009] DSA-1708-1 git-core - remote code execution {CVE-2008-5516 CVE-2008-5517 CVE-2008-5916} [etch] - git-core 1:1.4.4.4-4+etch1 [15 Jan 2009] DSA-1707-1 iceweasel - several vulnerabilities {CVE-2008-5500 CVE-2008-5503 CVE-2008-5504 CVE-2008-5506 CVE-2008-5507 CVE-2008-5508 CVE-2008-5510 CVE-2008-5511 CVE-2008-5512 CVE-2008-5513 CVE-2007-3074} [etch] - iceweasel 2.0.0.19-0etch1 [15 Jan 2009] DSA-1706-1 amarok - arbitrary code execution {CVE-2009-0135 CVE-2009-0136} [etch] - amarok 1.4.4-4etch1 [15 Jan 2009] DSA-1705-1 netatalk - arbitrary code execution {CVE-2008-5718} [etch] - netatalk 2.0.3-4+etch1 [14 Jan 2009] DSA-1704-1 xulrunner - several vulnerabilities {CVE-2008-5500 CVE-2008-5503 CVE-2008-5506 CVE-2008-5507 CVE-2008-5508 CVE-2008-5511 CVE-2008-5512 CVE-2007-3074} [etch] - xulrunner 1.8.0.15~pre080614i-0etch1 [12 Jan 2009] DSA-1703-1 bind9 - cryptographic weakness {CVE-2009-0025} [etch] - bind9 1:9.3.4-2etch4 [12 Jan 2009] DSA-1702-1 ntp - cryptographic weakness {CVE-2009-0021} [etch] - ntp 1:4.2.2.p4+dfsg-2etch1 [12 Jan 2009] DSA-1701-1 openssl openssl097 - cryptographic weakness {CVE-2008-5077} [etch] - openssl097 0.9.7k-3.1etch2 [etch] - openssl 0.9.8c-4etch4 [11 Jan 2009] DSA-1700-1 lasso - validation bypass {CVE-2009-0050} [etch] - lasso 0.6.5-3+etch1 [11 Jan 2009] DSA-1699-1 zaptel - privilege escalation {CVE-2008-5396 CVE-2008-5744} [etch] - zaptel 1:1.2.11.dfsg-1+etch1 [09 Jan 2009] DSA-1698-1 gforge - SQL injection {CVE-2008-2381 CVE-2008-6189 CVE-2008-6188 CVE-2008-6187} [etch] - gforge 4.5.14-22etch10 [07 Jan 2009] DSA-1697-1 iceape - several vulnerabilities {CVE-2008-0016 CVE-2008-0017 CVE-2008-0304 CVE-2008-2785 CVE-2008-2798 CVE-2008-2799 CVE-2008-2800 CVE-2008-2801 CVE-2008-2802 CVE-2008-2803 CVE-2008-2805 CVE-2008-2807 CVE-2008-2808 CVE-2008-2809 CVE-2008-2811 CVE-2008-2933 CVE-2008-3835 CVE-2008-3836 CVE-2008-3837 CVE-2008-4058 CVE-2008-4059 CVE-2008-4060 CVE-2008-4061 CVE-2008-4062 CVE-2008-4065 CVE-2008-4067 CVE-2008-4068 CVE-2008-4069 CVE-2008-4070 CVE-2008-4582 CVE-2008-5012 CVE-2008-5013 CVE-2008-5014 CVE-2008-5017 CVE-2008-5018 CVE-2008-5021 CVE-2008-5022 CVE-2008-5024 CVE-2008-5052 CVE-2008-5500 CVE-2008-5503 CVE-2008-5506 CVE-2008-5507 CVE-2008-5508 CVE-2008-5511 CVE-2008-5512 CVE-2007-3074} [etch] - iceape 1.0.13~pre080614i-0etch1 [07 Jan 2009] DSA-1696-1 icedove - several vulnerabilities {CVE-2008-0016 CVE-2008-1380 CVE-2008-3835 CVE-2008-4058 CVE-2008-4059 CVE-2008-4060 CVE-2008-4061 CVE-2008-4062 CVE-2008-4065 CVE-2008-4067 CVE-2008-4068 CVE-2008-4070 CVE-2008-4582 CVE-2008-5012 CVE-2008-5014 CVE-2008-5017 CVE-2008-5018 CVE-2008-5021 CVE-2008-5022 CVE-2008-5024 CVE-2008-5052 CVE-2008-5500 CVE-2008-5503 CVE-2008-5506 CVE-2008-5507 CVE-2008-5508 CVE-2008-5511 CVE-2008-5512} [etch] - icedove 1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1 [02 Jan 2009] DSA-1695-1 ruby1.8 ruby1.9 - denial of service {CVE-2008-3443} [etch] - ruby1.9 1.9.0+20060609-1etch4 [etch] - ruby1.8 1.8.5-4etch4 [02 Jan 2009] DSA-1694-1 xterm - remote code execution {CVE-2008-2383} [etch] - xterm 222-1etch3 [27 Dec 2008] DSA-1693-1 phppgadmin - several vulnerabilities {CVE-2007-2865 CVE-2007-5728 CVE-2008-5587} [etch] - phppgadmin 4.0.1-3.1etch1 [27 Dec 2008] DSA-1692-1 php-xajax - cross-site scripting {CVE-2007-2739} [etch] - php-xajax 0.2.4-2+etch1 [22 Dec 2008] DSA-1691-1 moodle - several vulnerabilities {CVE-2007-3555 CVE-2008-1502 CVE-2008-3325 CVE-2008-3326 CVE-2008-4796 CVE-2008-4810 CVE-2008-4811 CVE-2008-5432 CVE-2008-6124} [etch] - moodle 1.6.3-2+etch1 [22 Dec 2008] DSA-1690-1 avahi - denial of service {CVE-2007-3372 CVE-2008-5081} [etch] - avahi 0.6.16-3etch2 [21 Dec 2008] DSA-1689-1 proftpd-dfsg - Cross-Site Request Forgery {CVE-2008-4242} [etch] - proftpd-dfsg 1.3.0-19etch2 [20 Dec 2008] DSA-1688-1 courier-authlib - SQL injection {CVE-2008-2380 CVE-2008-2667} [etch] - courier-authlib 0.58-4+etch2 [15 Dec 2008] DSA-1687-1 fai-kernels linux-2.6 user-mode-linux - several vulnerabilities {CVE-2008-3527 CVE-2008-3528 CVE-2008-4554 CVE-2008-4576 CVE-2008-4933 CVE-2008-4934 CVE-2008-5025 CVE-2008-5029 CVE-2008-5079 CVE-2008-5182 CVE-2008-5300} [etch] - fai-kernels 1.17+etch.23etch1 [etch] - linux-2.6 2.6.18.dfsg.1-23etch1 [etch] - user-mode-linux 2.6.18-1um-2etch.23etch1 [14 Dec 2008] DSA-1686-1 no-ip - arbitrary code execution {CVE-2008-5297} [etch] - no-ip 2.1.1-4+etch1 [12 Dec 2008] DSA-1685-1 uw-imap - multiple vulnerabilities {CVE-2008-5005 CVE-2008-5006} [etch] - uw-imap 7:2002edebian1-13.1+etch1 [10 Dec 2008] DSA-1684-1 lcms - multiple vulnerabilities {CVE-2008-5316 CVE-2008-5317} [etch] - lcms 1.15-1.1+etch1 [08 Dec 2008] DSA-1683-1 streamripper - potential code execution {CVE-2007-4337 CVE-2008-4829} [etch] - streamripper 1.61.27-1+etch1 [07 Dec 2008] DSA-1682-1 squirrelmail - cross site scripting {CVE-2008-2379} [etch] - squirrelmail 2:1.4.9a-3 [04 Dec 2008] DSA-1681-1 linux-2.6.24 - several vulnerabilities {CVE-2008-3528 CVE-2008-4554 CVE-2008-4576 CVE-2008-4618 CVE-2008-4933 CVE-2008-4934 CVE-2008-5025 CVE-2008-5029 CVE-2008-5134 CVE-2008-5182 CVE-2008-5300} [etch] - linux-2.6.24 2.6.24-6~etchnhalf.7 [04 Dec 2008] DSA-1680-1 clamav - potential code execution {CVE-2008-5050 CVE-2008-5314} [etch] - clamav 0.90.1dfsg-4etch16 [03 Dec 2008] DSA-1679-1 awstats - cross-site scripting {CVE-2008-3714 CVE-2008-5080} [etch] - awstats 6.5+dfsg-1+etch1 [03 Dec 2008] DSA-1678-1 perl - privilege escalation {CVE-2004-0452 CVE-2005-0448 CVE-2008-5302 CVE-2008-5303} [etch] - perl 5.8.8-7etch5 [02 Dec 2008] DSA-1677-1 cupsys - arbitrary code execution {CVE-2008-5286} [etch] - cupsys 1.2.7-4etch6 [01 Dec 2008] DSA-1676-1 flamethrower - denial of service {CVE-2008-5141} [etch] - flamethrower 0.1.8-1+etch1 [30 Nov 2008] DSA-1675-1 phpmyadmin - cross site scripting {CVE-2008-4326} [etch] - phpmyadmin 4:2.9.1.1-9 [30 Nov 2008] DSA-1674-1 jailer - denial of service {CVE-2008-5139} [etch] - jailer 0.4-9+etch1 [29 Nov 2008] DSA-1673-1 wireshark - several vulnerabilities {CVE-2008-3137 CVE-2008-3138 CVE-2008-3141 CVE-2008-3145 CVE-2008-3933 CVE-2008-4683 CVE-2008-4684 CVE-2008-4685} [etch] - wireshark 0.99.4-5.etch.3 [29 Nov 2008] DSA-1672-1 imlib2 - arbitrary code execution {CVE-2008-5187} [etch] - imlib2 1.3.0.0debian1-4+etch2 [24 Nov 2008] DSA-1671-1 iceweasel - several vulnerabilities {CVE-2008-0017 CVE-2008-4582 CVE-2008-5012 CVE-2008-5013 CVE-2008-5014 CVE-2008-5017 CVE-2008-5018 CVE-2008-5019 CVE-2008-5021 CVE-2008-5022 CVE-2008-5023 CVE-2008-5024 CVE-2008-5052} [etch] - iceweasel 2.0.0.18-0etch1 [24 Nov 2008] DSA-1670-1 enscript - arbitrary code execution {CVE-2008-3863 CVE-2008-4306 CVE-2008-5078} [etch] - enscript 1.6.4-11.1 [23 Nov 2008] DSA-1669-1 xulrunner - several vulnerabilities {CVE-2008-0016 CVE-2008-0017 CVE-2008-3835 CVE-2008-3836 CVE-2008-3837 CVE-2008-4058 CVE-2008-4059 CVE-2008-4060 CVE-2008-4061 CVE-2008-4062 CVE-2008-4065 CVE-2008-4066 CVE-2008-4067 CVE-2008-4068 CVE-2008-4069 CVE-2008-4582 CVE-2008-5012 CVE-2008-5013 CVE-2008-5014 CVE-2008-5017 CVE-2008-5018 CVE-2008-5021 CVE-2008-5022 CVE-2008-5023 CVE-2008-5024 CVE-2008-5052 CVE-2008-4063 CVE-2008-4064} [etch] - xulrunner 1.8.0.15~pre080614h-0etch1 [22 Nov 2008] DSA-1668-1 hf - execution of arbitrary code {CVE-2008-2378} [etch] - hf 0.7.3-4etch1 [19 Nov 2008] DSA-1667-1 python2.4 - several vulnerabilities {CVE-2008-2315 CVE-2008-3142 CVE-2008-3143 CVE-2008-3144} [etch] - python2.4 2.4.4-3+etch2 [17 Nov 2008] DSA-1666-1 libxml2 - several vulnerabilities {CVE-2008-4225 CVE-2008-4226} [etch] - libxml2 2.6.27.dfsg-6 [12 Nov 2008] DSA-1665-1 libcdaudio - heap overflow {CVE-2008-5030} [etch] - libcdaudio 0.99.12p2-2+etch1 [10 Nov 2008] DSA-1664-1 ekg - denial of service {CVE-2008-4776} [etch] - ekg 1:1.7~rc2-1etch2 [09 Nov 2008] DSA-1663-1 net-snmp - several vulnerabilities {CVE-2008-0960 CVE-2008-2292 CVE-2008-4309} [etch] - net-snmp 5.2.3-7etch4 [06 Nov 2008] DSA-1662-1 mysql-dfsg-5.0 - authorization bypass {CVE-2008-4098} [etch] - mysql-dfsg-5.0 5.0.32-7etch8 [29 Oct 2008] DSA-1661-1 openoffice.org - several vulnerabilities {CVE-2008-2237 CVE-2008-2238} [etch] - openoffice.org 2.0.4.dfsg.2-7etch6 [26 Oct 2008] DSA-1660-1 clamav - denial of service {CVE-2008-3912 CVE-2008-3913 CVE-2008-3914} [etch] - clamav 0.90.1dfsg-4etch15 [23 Oct 2008] DSA-1659-1 libspf2 - potential remote code execution {CVE-2008-2469} [etch] - libspf2 1.2.5-4+etch1 [22 Oct 2008] DSA-1658-1 dbus - denial of service {CVE-2008-3834} [etch] - dbus 1.0.2-1+etch2 [20 Oct 2008] DSA-1657-1 qemu - denial of service {CVE-2008-4553} [etch] - qemu 0.8.2-4etch2 [20 Oct 2008] DSA-1656-1 cupsys - several vulnerabilities {CVE-2008-3639 CVE-2008-3640 CVE-2008-3641} [etch] - cupsys 1.2.7-4etch5 [16 Oct 2008] DSA-1655-1 linux-2.6.24 - several vulnerabilities {CVE-2008-1514 CVE-2008-3525 CVE-2008-3831 CVE-2008-4113 CVE-2008-4445} [etch] - linux-2.6.24 2.6.24-6~etchnhalf.6 [14 Oct 2008] DSA-1654-1 libxml2 - execution of arbitrary code {CVE-2008-3529} [etch] - libxml2 2.6.27.dfsg-5 [13 Oct 2008] DSA-1653-1 fai-kernels linux-2.6 user-mode-linux - several vulnerabilities {CVE-2007-6716 CVE-2008-1514 CVE-2008-3276 CVE-2008-3525 CVE-2008-3833 CVE-2008-4210 CVE-2008-4302} [etch] - fai-kernels 1.17+etch.22etch3 [etch] - linux-2.6 2.6.18.dfsg.1-22etch3 [etch] - user-mode-linux 2.6.18-1um-2etch.22etch3 [12 Oct 2008] DSA-1652-1 ruby1.9 - several vulnerabilities {CVE-2008-3655 CVE-2008-3656 CVE-2008-3657 CVE-2008-3790 CVE-2008-3905} [etch] - ruby1.9 1.9.0+20060609-1etch3 [12 Oct 2008] DSA-1651-1 ruby1.8 - several vulnerabilities {CVE-2008-3655 CVE-2008-3656 CVE-2008-3657 CVE-2008-3790 CVE-2008-3905} [etch] - ruby1.8 1.8.5-4etch3 [12 Oct 2008] DSA-1650-1 openldap2.3 - denial of service {CVE-2008-2952} [etch] - openldap2.3 2.3.30-5+etch2 [08 Oct 2008] DSA-1649-1 iceweasel - several vulnerabilities {CVE-2008-0016 CVE-2008-3835 CVE-2008-3836 CVE-2008-3837 CVE-2008-4058 CVE-2008-4059 CVE-2008-4060 CVE-2008-4061 CVE-2008-4062 CVE-2008-4065 CVE-2008-4066 CVE-2008-4067 CVE-2008-4068 CVE-2008-4069} [etch] - iceweasel 2.0.0.17-0etch1 [08 Oct 2008] DSA-1648-1 mon - insecure temporary files {CVE-2008-4477} [etch] - mon 0.99.2-9+etch2 [07 Oct 2008] DSA-1647-1 php5 - several vulnerabilities {CVE-2008-3658 CVE-2008-3659 CVE-2008-3660} [etch] - php5 5.2.0-8+etch13 [07 Oct 2008] DSA-1646-2 squid - array bounds check {CVE-2007-6239 CVE-2008-1612} [etch] - squid 2.6.5-6etch4 [06 Oct 2008] DSA-1645-1 lighttpd - various problems {CVE-2008-4298 CVE-2008-4359 CVE-2008-4360} [etch] - lighttpd 1.4.13-4etch11 [05 Oct 2008] DSA-1644-1 mplayer - integer overflows {CVE-2008-3827} [etch] - mplayer 1.0~rc1-12etch5 [05 Oct 2008] DSA-1643-1 feta - denial of service {CVE-2008-4440} [etch] - feta 1.4.15+etch1 [20 Sep 2008] DSA-1642-1 horde3 - cross site scripting {CVE-2008-3823 CVE-2008-3824} [etch] - horde3 3.1.3-4etch4 [20 Sep 2008] DSA-1641-1 phpmyadmin - several issues {CVE-2008-3197 CVE-2008-3456 CVE-2008-3457 CVE-2008-4096} [etch] - phpmyadmin 4:2.9.1.1-8 [20 Sep 2008] DSA-1640-1 python-django - cross site request forgery {CVE-2007-5712 CVE-2008-3909} [etch] - python-django 0.95.1-1etch2 [19 Sep 2008] DSA-1639-1 twiki - command execution {CVE-2008-3195} [etch] - twiki 1:4.0.5-9.1etch1 [16 Sep 2008] DSA-1638-1 openssh - denial of service {CVE-2006-5051 CVE-2008-4109} [etch] - openssh 1:4.3p2-9etch3 [15 Sep 2008] DSA-1637-1 git-core - buffer overflow {CVE-2008-3546} [etch] - git-core 1:1.4.4.4-2.1+etch1 [11 Sep 2008] DSA-1636-1 linux-2.6.24 - several vulnerabilities {CVE-2008-3272 CVE-2008-3275 CVE-2008-3276 CVE-2008-3526 CVE-2008-3534 CVE-2008-3535 CVE-2008-3792 CVE-2008-3915} [etch] - linux-2.6.24 2.6.24-6~etchnhalf.5 [10 Sep 2008] DSA-1635-1 freetype - multiple vulnerabilities {CVE-2008-1806 CVE-2008-1807 CVE-2008-1808} [etch] - freetype 2.2.1-5+etch3 [01 Sep 2008] DSA-1634-1 wordnet - arbitrary code execution {CVE-2008-2149 CVE-2008-3908} [etch] - wordnet 1:2.1-4+etch1 [01 Sep 2008] DSA-1633-1 slash - multiple vulnerabilities {CVE-2008-2231 CVE-2008-2553} [etch] - slash 2.2.6-8etch1 [26 Aug 2008] DSA-1632-1 tiff - arbitrary code execution {CVE-2008-2327} [etch] - tiff 3.8.2-7+etch1 [22 Aug 2008] DSA-1631-1 libxml2 - denial of service {CVE-2008-3281} [etch] - libxml2 2.6.27.dfsg-3 [21 Aug 2008] DSA-1630-1 fai-kernels linux-2.6 user-mode-linux - several vulnerabilities {CVE-2007-6282 CVE-2008-0598 CVE-2008-2729 CVE-2008-2812 CVE-2008-2826 CVE-2008-2931 CVE-2008-3272 CVE-2008-3275} [etch] - fai-kernels 1.17+etch.22etch2 [etch] - user-mode-linux 2.6.18-1um-2etch.22etch2 [etch] - linux-2.6 2.6.18.dfsg.1-22etch2 [19 Aug 2008] DSA-1629-2 postfix - privilege escalation {CVE-2008-2936} [etch] - postfix 2.3.8-2+etch1 [18 Aug 2008] DSA-1629-1 postfix - privilege escalation {CVE-2008-2936} [etch] - postfix 2.3.8-2etch1 [10 Aug 2008] DSA-1628-1 pdns - DNS spoofing {CVE-2008-3337} [etch] - pdns 2.9.20-8+etch1 [04 Aug 2008] DSA-1627-2 opensc - smart card vulnerability {CVE-2008-2235 CVE-2008-3972} [etch] - opensc 0.11.1-2etch2 [01 Aug 2008] DSA-1626-1 httrack - arbitrary code execution {CVE-2008-3429} [etch] - httrack 3.40.4-3.1+etch1 [01 Aug 2008] DSA-1625-1 cupsys - arbitrary code execution {CVE-2008-0053 CVE-2008-1373 CVE-2008-1722} [etch] - cupsys 1.2.7-4etch4 [31 Jul 2008] DSA-1624-1 libxslt - arbitrary code execution {CVE-2008-2935} [etch] - libxslt 1.1.19-3 [31 Jul 2008] DSA-1623-1 dnsmasq - cache poisoning {CVE-2008-1447} [etch] - dnsmasq 2.35-1+etch4 [31 Jul 2008] DSA-1622-1 newsx - arbitrary code execution {CVE-2008-3252} [etch] - newsx 1.6-2etch1 [27 Jul 2008] DSA-1621-1 icedove - several vulnerabilities {CVE-2008-0304 CVE-2008-2785 CVE-2008-2798 CVE-2008-2799 CVE-2008-2802 CVE-2008-2803 CVE-2008-2807 CVE-2008-2809 CVE-2008-2811} [etch] - icedove 1.5.0.13+1.5.0.15b.dfsg1+prepatch080614d-0etch1 [27 Jul 2008] DSA-1620-1 python2.5 - several vulnerabilities {CVE-2007-2052 CVE-2007-4965 CVE-2008-1679 CVE-2008-1721 CVE-2008-1887} [etch] - python2.5 2.5-5+etch1 [27 Jul 2008] DSA-1619-1 python-dns - DNS response spoofing {CVE-2008-1447 CVE-2008-4099 CVE-2008-4126} [etch] - python-dns 2.3.0-5.2+etch1 [26 Jul 2008] DSA-1618-1 ruby1.9 - several vulnerabilities {CVE-2008-2376 CVE-2008-2662 CVE-2008-2663 CVE-2008-2664 CVE-2008-2725 CVE-2008-2726} [etch] - ruby1.9 1.9.0+20060609-1etch2 [25 Jul 2008] DSA-1617-1 refpolicy - incompatible policy {CVE-2008-1447} [etch] - refpolicy 0.0.20061018-5.1+etch1 [24 Jul 2008] DSA-1616-2 clamav - denial of service {CVE-2008-2713 CVE-2008-3215} [etch] - clamav 0.90.1dfsg-3.1etch14 [23 Jul 2008] DSA-1615-1 xulrunner - several vulnerabilities {CVE-2008-2785 CVE-2008-2798 CVE-2008-2799 CVE-2008-2800 CVE-2008-2801 CVE-2008-2802 CVE-2008-2803 CVE-2008-2805 CVE-2008-2807 CVE-2008-2808 CVE-2008-2809 CVE-2008-2811 CVE-2008-2933} [etch] - xulrunner 1.8.0.15~pre080614d-0etch1 [23 Jul 2008] DSA-1614-1 iceweasel - several vulnerabilities {CVE-2008-2785 CVE-2008-2933 CVE-2008-3198} [etch] - iceweasel 2.0.0.16-0etch1 [22 Jul 2008] DSA-1613-1 libgd2 - multiple vulnerabilities {CVE-2007-2445 CVE-2007-2756 CVE-2007-3476 CVE-2007-3477 CVE-2007-3996} [etch] - libgd2 2.0.33-5.2etch1 [21 Jul 2008] DSA-1612-1 ruby1.8 - several vulnerabilities {CVE-2008-2376 CVE-2008-2662 CVE-2008-2663 CVE-2008-2664 CVE-2008-2725 CVE-2008-2726} [etch] - ruby1.8 1.8.5-4etch2 [16 Jul 2008] DSA-1611-1 afuse - privilege escalation {CVE-2008-2232} [etch] - afuse 0.1.1-1+etch1 [16 Jul 2008] DSA-1544-2 pdns-recursor - predictable randomness {CVE-2008-1637 CVE-2008-3217} [etch] - pdns-recursor 3.1.4-1+etch2 [15 Jul 2008] DSA-1610-1 gaim - execution of arbitrary code {CVE-2008-2927} [etch] - gaim 1:2.0.0+beta5-10etch1 [15 Jul 2008] DSA-1609-1 lighttpd - multiple DOS issues {CVE-2008-0983} [etch] - lighttpd 1.4.13-4etch9 [13 Jul 2008] DSA-1608-1 mysql-dfsg-5.0 - authorization bypass {CVE-2008-2079 CVE-2008-4097} [etch] - mysql-dfsg-5.0 5.0.32-7etch6 [11 Jul 2008] DSA-1607-1 iceweasel - several vulnerabilities {CVE-2008-2798 CVE-2008-2799 CVE-2008-2800 CVE-2008-2801 CVE-2008-2802 CVE-2008-2803 CVE-2008-2805 CVE-2008-2807 CVE-2008-2808 CVE-2008-2809 CVE-2008-2811} [etch] - iceweasel 2.0.0.15-0etch1 [09 Jul 2008] DSA-1606-1 poppler - execution of arbitrary code {CVE-2008-1693} [etch] - poppler 0.4.5-5.1etch3 [08 Jul 2008] DSA-1603-1 bind9 - cache poisoning {CVE-2008-1447} [etch] - bind9 1:9.3.4-2etch3 [05 Jul 2008] DSA-1602-1 pcre3 - arbitrary code execution {CVE-2008-2371} [etch] - pcre3 6.7+7.4-4 [04 Jul 2008] DSA-1601-1 wordpress - several vulnerabilities {CVE-2007-1599 CVE-2008-0664} [etch] - wordpress 2.0.10-1etch3 [01 Jul 2008] DSA-1600-1 sympa - denial of service {CVE-2008-1648} [etch] - sympa 5.2.3-1.2+etch1 [26 Jun 2008] DSA-1599-1 dbus {CVE-2008-0595} [etch] - dbus 1.0.2-1+etch1 [19 Jun 2008] DSA-1598-1 libtk-img - arbitrary code execution {CVE-2008-0553} [etch] - libtk-img 1:1.3-15etch2 [12 Jun 2008] DSA-1597-1 mt-daapd - several vulnerabilities {CVE-2007-5824 CVE-2007-5825 CVE-2008-1771} [etch] - mt-daapd 0.2.4+r1376-1.1+etch1 [12 Jun 2008] DSA-1596-1 typo3-src - several vulnerabilities {CVE-2008-2717 CVE-2008-2718} [etch] - typo3-src 4.0.2+debian-5 [11 Jun 2008] DSA-1595-1 xorg-server - several vulnerabilities {CVE-2008-1377 CVE-2008-1379 CVE-2008-2360 CVE-2008-2361 CVE-2008-2362} [etch] - xorg-server 2:1.1.1-21etch5 [10 Jun 2008] DSA-1594-1 imlib2 {CVE-2008-2426} [etch] - imlib2 1.3.0.0debian1-4+etch1 [09 Jun 2008] DSA-1593-1 tomcat5.5 {CVE-2008-1947} [etch] - tomcat5.5 5.5.20-2etch3 [09 Jun 2008] DSA-1592-1 linux-2.6 - overflow conditions {CVE-2008-1673 CVE-2008-2358} [etch] - linux-2.6 2.6.18.dfsg.1-18etch6 [03 Jun 2008] DSA-1591-1 libvorbis - several vulnerabilities {CVE-2008-1419 CVE-2008-1420 CVE-2008-1423} [etch] - libvorbis 1.1.2.dfsg-1.4 [30 May 2008] DSA-1590-1 samba - arbitrary code execution {CVE-2008-1105} [etch] - samba 3.0.24-6etch10 [29 May 2008] DSA-1589-1 libxslt - arbitrary code execution {CVE-2008-1767} [etch] - libxslt 1.1.19-2 [27 May 2008] DSA-1588-1 fai-kernels linux-2.6 user-mode-linux - several vulnerabilities {CVE-2007-6712 CVE-2008-1615 CVE-2008-2136 CVE-2008-2137} [etch] - linux-2.6 2.6.18.dfsg.1-18etch5 [etch] - fai-kernels 1.17+etch.18etch5 [etch] - user-mode-linux 2.6.18-1um-2etch.18etch5 [26 May 2008] DSA-1587-1 mtr - execution of arbitrary code {CVE-2008-2357} [etch] - mtr 0.71-2etch1 [22 May 2008] DSA-1586-1 xine-lib - multiple vulnerabilities {CVE-2008-1482 CVE-2008-1686 CVE-2008-1878} [etch] - xine-lib 1.1.2+dfsg-7 [21 May 2008] DSA-1585-1 speex - integer overflow {CVE-2008-1686} [etch] - speex 1.1.12-3etch1 [21 May 2008] DSA-1584-1 libfishsound - integer overflow {CVE-2008-1686} [etch] - libfishsound 0.7.0-2etch1 [20 May 2008] DSA-1583-1 gnome-peercast - several vulnerabilities {CVE-2007-6454 CVE-2008-2040} [etch] - gnome-peercast 0.5.4-1.1etch0 [20 May 2008] DSA-1582-1 peercast - arbitrary code execution {CVE-2008-2040} [etch] - peercast 0.1217.toots.20060314-1etch1 [20 May 2008] DSA-1581-1 gnutls13 - potential code execution {CVE-2008-1948 CVE-2008-1949 CVE-2008-1950} [etch] - gnutls13 1.4.4-3+etch1 [20 May 2008] DSA-1580-1 phpgedview - privilege escalation {CVE-2008-2064} [etch] - phpgedview 4.0.2.dfsg-4 [18 May 2008] DSA-1579-1 netpbm-free - arbitrary code execution {CVE-2008-0554} [etch] - netpbm-free 2:10.0-11.1+etch1 [17 May 2008] DSA-1578-1 php4 - several vulnerabilities {CVE-2007-3799 CVE-2007-3806 CVE-2007-3998 CVE-2007-4657 CVE-2008-2051} [etch] - php4 6:4.4.4-8+etch6 [14 May 2008] DSA-1577-1 gforge - insecure temporary files {CVE-2008-0167} [etch] - gforge 4.5.14-22etch8 [14 May 2008] DSA-1576-1 openssh openssh-blacklist - predictable randomness {CVE-2007-4752 CVE-2008-0166 CVE-2008-1483 CVE-2008-2285} [etch] - openssh 1:4.3p2-9etch2 NOTE: The package should not be flagged as vulnerable because this is just NOTE: a band-aid for DSA-1571-1. [12 May 2008] DSA-1575-1 linux-2.6 - denial of service {CVE-2008-1669} [etch] - linux-2.6 2.6.18.dfsg.1-18etch4 [12 May 2008] DSA-1574-1 icedove - several vulnerabilities {CVE-2008-1233 CVE-2008-1234 CVE-2008-1235 CVE-2008-1236 CVE-2008-1237} [etch] - icedove 1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1 [11 May 2008] DSA-1573-1 rdesktop - several vulnerabilities {CVE-2008-1801 CVE-2008-1802 CVE-2008-1803} [etch] - rdesktop 1.5.0-1etch2 [11 May 2008] DSA-1572-1 php5 - several vulnerabilities {CVE-2007-3806 CVE-2008-1384 CVE-2008-2050 CVE-2008-2051} [etch] - php5 5.2.0-8+etch11 [13 May 2008] DSA-1571-1 openssl - predictable random number generator {CVE-2007-3108 CVE-2007-4995 CVE-2008-0166} [etch] - openssl 0.9.8c-4etch3 [06 May 2008] DSA-1570-1 kazehakase - execution of arbitrary code {CVE-2006-7227 CVE-2006-7228 CVE-2006-7230 CVE-2007-1659 CVE-2007-1660 CVE-2007-1661 CVE-2007-1662 CVE-2007-4766 CVE-2007-4767 CVE-2007-4768} [etch] - kazehakase 0.4.2-1etch1 [05 May 2008] DSA-1569-1 cacti - multiple vulnerabilities {CVE-2008-0783 CVE-2008-0785} [etch] - cacti 0.8.6i-3.3 [05 May 2008] DSA-1568-1 b2evolution - cross site scripting {CVE-2007-0175} [etch] - b2evolution 0.9.2-3+etch1 [05 May 2008] DSA-1567-1 blender - arbitrary code execution {CVE-2008-1102} [etch] - blender 2.42a-7.1+etch1 [02 May 2008] DSA-1566-1 cpio - programming error {CVE-2007-4476} [etch] - cpio 2.6-18.1+etch1 [01 May 2008] DSA-1565-1 linux-2.6 - several vulnerabilities {CVE-2008-1375 CVE-2008-1294 CVE-2007-6694 CVE-2008-0007} [etch] - linux-2.6 2.6.18.dfsg.1-18etch3 [01 May 2008] DSA-1564-1 wordpress - several vulnerabilities {CVE-2008-2146 CVE-2007-0540 CVE-2007-3639 CVE-2007-4153 CVE-2007-4154} [etch] - wordpress 2.0.10-1etch2 [30 Apr 2008] DSA-1563-1 asterisk - denial of service {CVE-2008-1897} [etch] - asterisk 1:1.2.13~dfsg-2etch4 [28 Apr 2008] DSA-1562-1 iceape - arbitrary code execution {CVE-2008-1380} [etch] - iceape 1.0.13~pre080323b-0etch3 [28 Apr 2008] DSA-1561-1 ltsp - information disclosure {CVE-2008-1293} [etch] - ltsp 0.99debian11+etch1 [28 Apr 2008] DSA-1560-1 kronolith2 - cross site scripting {CVE-2008-1974} [etch] - kronolith2 2.1.4-1etch1 [27 Apr 2008] DSA-1559-1 phpgedview - cross site scripting {CVE-2007-5051} [etch] - phpgedview 4.0.2.dfsg-3 [24 Apr 2008] DSA-1558-1 xulrunner - arbitrary code execution {CVE-2008-1380} [etch] - xulrunner 1.8.0.15~pre080323b-0etch2 [24 Apr 2008] DSA-1534-2 iceape - regression {CVE-2007-3738 CVE-2007-4879 CVE-2007-5338 CVE-2008-1233 CVE-2008-1234 CVE-2008-1235 CVE-2008-1236 CVE-2008-1237 CVE-2008-1238 CVE-2008-1240 CVE-2008-1241} [etch] - iceape 1.0.13~pre080323b-0etch2 [24 Apr 2008] DSA-1557-1 phpmyadmin - several vulnerabilities {CVE-2008-1149 CVE-2008-1567 CVE-2008-1924} [etch] - phpmyadmin 4:2.9.1.1-7 [24 Apr 2008] DSA-1556-2 perl - denial of service {CVE-2008-1927} [etch] - perl 5.8.8-7etch3 [23 Apr 2008] DSA-1555-1 iceweasel - arbitrary code execution {CVE-2008-1380} [etch] - iceweasel 2.0.0.14-0etch1 [22 Apr 2008] DSA-1554-1 roundup - cross-site scripting vulnerability {CVE-2008-1474} [etch] - roundup 1.2.1-5+etch1 [20 Apr 2008] DSA-1553-1 ikiwiki - cross-site request forgery {CVE-2008-0165} [etch] - ikiwiki 1.33.5 [19 Apr 2008] DSA-1552-1 mplayer - arbitrary code execution {CVE-2008-1558} [etch] - mplayer 1.0~rc1-12etch3 [19 Apr 2008] DSA-1551-1 python2.4 - several vulnerabilities {CVE-2007-2052 CVE-2007-4965 CVE-2008-1679 CVE-2008-1721 CVE-2008-1887} [etch] - python2.4 2.4.4-3+etch1 [17 Apr 2008] DSA-1550-1 suphp {CVE-2008-1614} [etch] - suphp 0.6.2-1+etch0 [17 Apr 2008] DSA-1549-1 clamav {CVE-2008-0314 CVE-2008-1100 CVE-2008-1833} [etch] - clamav 0.90.1dfsg-3etch11 [17 Apr 2008] DSA-1548-1 xpdf {CVE-2008-1693} [etch] - xpdf 3.01-9.1+etch3 [17 Apr 2008] DSA-1547-1 openoffice.org {CVE-2007-5745 CVE-2007-5746 CVE-2007-5747 CVE-2008-0320} [etch] - openoffice.org 2.0.4.dfsg.2-7etch5 [sarge] - openoffice.org 1.1.3-9sarge9 [10 Apr 2008] DSA-1546-1 gnumeric {CVE-2008-0668} [etch] - gnumeric 1.6.3-5.1+etch1 [10 Apr 2008] DSA-1545-1 rsync {CVE-2008-1720} [etch] - rsync 2.6.9-2etch2 [09 Apr 2008] DSA-1544-1 pdns-recursor - cache poisoning vulnerability {CVE-2008-1637} [etch] - pdns-recursor 3.1.4-1+etch1 [09 Apr 2008] DSA-1543-1 vlc - several vulnerabilities {CVE-2007-6681 CVE-2007-6682 CVE-2007-6683 CVE-2008-0073 CVE-2008-0295 CVE-2008-0296 CVE-2008-0984 CVE-2008-1489} [etch] - vlc 0.8.6-svn20061012.debian-5.1+etch2 [09 Apr 2008] DSA-1542-1 libcairo - arbitrary code execution {CVE-2007-5503} [etch] - libcairo 1.2.4-4.1+etch1 [08 Apr 2008] DSA-1541-1 openldap2.3 {CVE-2007-5707 CVE-2007-5708 CVE-2007-6698 CVE-2008-0658} [etch] - openldap2.3 2.3.30-5+etch1 [07 Apr 2008] DSA-1540-1 lighttpd {CVE-2008-1531} [etch] - lighttpd 1.4.13-4etch7 [04 Apr 2008] DSA-1539-1 mapserver - multiple vulnerabilities {CVE-2007-4542 CVE-2007-4629} [etch] - mapserver 4.10.0-5.1+etch2 [04 Apr 2008] DSA-1538-1 alsaplayer - arbitrary code execution {CVE-2007-5301} [etch] - alsaplayer 0.99.76-9+etch1 [02 Apr 2008] DSA-1537-1 xpdf {CVE-2007-4352 CVE-2007-5392 CVE-2007-5393} [etch] - xpdf 3.01-9.1+etch2 [01 Apr 2008] DSA-1533-2 exiftags {CVE-2007-6354 CVE-2007-6355 CVE-2007-6356} [sarge] - exiftags 0.98-1.1+0sarge1 [31 Mar 2008] DSA-1536-1 xine-lib - several vulnerabilities {CVE-2007-1246 CVE-2007-1387 CVE-2008-0073 CVE-2008-0486 CVE-2008-1161} [sarge] - xine-lib 1.0.1-1sarge7 [etch] - xine-lib 1.1.2+dfsg-6 [30 Mar 2008] DSA-1535-1 iceweasel {CVE-2007-4879 CVE-2008-1233 CVE-2008-1234 CVE-2008-1235 CVE-2008-1236 CVE-2008-1237 CVE-2008-1238 CVE-2008-1240 CVE-2008-1241} [etch] - iceweasel 2.0.0.13-0etch1 [28 Mar 2008] DSA-1534-1 iceape {CVE-2007-4879 CVE-2008-1233 CVE-2008-1234 CVE-2008-1235 CVE-2008-1236 CVE-2008-1237 CVE-2008-1238 CVE-2008-1240 CVE-2008-1241 CVE-2007-6589 CVE-2008-0420} [etch] - iceape 1.0.13~pre080323b-0etch1 [27 Mar 2008] DSA-1533-1 exiftags {CVE-2007-6354 CVE-2007-6355 CVE-2007-6356} [etch] - exiftags 0.98-1.1+etch1 [27 Mar 2008] DSA-1532-1 xulrunner {CVE-2007-4879 CVE-2008-1233 CVE-2008-1234 CVE-2008-1235 CVE-2008-1236 CVE-2008-1237 CVE-2008-1238 CVE-2008-1240 CVE-2008-1241} [etch] - xulrunner 1.8.0.15~pre080323b-0etch1 [27 Mar 2008] DSA-1531-2 policyd-weight - insecure temporary files {CVE-2008-1569 CVE-2008-1570} [etch] - policyd-weight 0.1.14-beta-6etch2 [25 Mar 2008] DSA-1530-1 cupsys - multiple vulnerabilities {CVE-2008-0047 CVE-2008-0882} [etch] - cupsys 1.2.7-4etch3 [24 Mar 2008] DSA-1528-1 serendipity - cross site scripting {CVE-2007-6205 CVE-2008-0124 CVE-2008-1476} [etch] - serendipity 1.0.4-1+etch1 [24 Mar 2008] DSA-1527-1 debian-goodies - privilege escalation {CVE-2007-3912} [sarge] - debian-goodies 0.23+sarge1 [etch] - debian-goodies 0.27+etch1 [20 Mar 2008] DSA-1526-1 xwine {CVE-2008-0930 CVE-2008-0931} [etch] - xwine 1.0.1-1etch1 [20 Mar 2008] DSA-1525-1 asterisk {CVE-2007-6430 CVE-2008-1332 CVE-2008-1333} [etch] - asterisk 1:1.2.13~dfsg-2etch3 [18 Mar 2008] DSA-1524-1 krb5 - multiple vulnerabilities {CVE-2008-0062 CVE-2008-0063 CVE-2008-0947} [sarge] - krb5 1.3.6-2sarge6 [etch] - krb5 1.4.4-7etch5 [17 Mar 2008] DSA-1523-1 ikiwiki - cross-site scripting {CVE-2008-0808 CVE-2008-0809} [etch] - ikiwiki 1.33.4 [17 Mar 2008] DSA-1522-1 unzip - potential code execution {CVE-2008-0888} [sarge] - unzip 5.52-1sarge5 [etch] - unzip 5.52-9etch1 [16 Mar 2008] DSA-1493-2 sdl-image1.2 - arbitrary code execution {CVE-2007-6697 CVE-2008-0544} [sarge] - sdl-image1.2 1.2.4-1etch1 [etch] - sdl-image1.2 1.2.5-2+etch1 [16 Mar 2008] DSA-1521-1 lighttpd - arbitrary file disclosure {CVE-2008-1270} [etch] - lighttpd 1.4.13-4etch6 [16 Mar 2008] DSA-1520-1 smarty - arbitrary code execution {CVE-2008-1066} [sarge] - smarty 2.6.9-1sarge1 [etch] - smarty 2.6.14-1etch1 [15 Mar 2008] DSA-1519-1 horde3 - information disclosure {CVE-2008-1284} [sarge] - horde3 3.0.4-4sarge7 [etch] - horde3 3.1.3-4etch3 [15 Mar 2008] DSA-1518-1 backup-manager - information disclosure {CVE-2007-4656} [sarge] - backup-manager 0.5.7-1sarge2 [etch] - backup-manager 0.7.5-4 [15 Mar 2008] DSA-1517-1 ldapscripts - information disclosure {CVE-2007-5373} [etch] - ldapscripts 1.4-2etch1 [14 Mar 2008] DSA-1516-1 dovecot - privilege escalation {CVE-2008-1199 CVE-2008-1218} [etch] - dovecot 1.0.rc15-2etch4 [11 Mar 2008] DSA-1515-1 libnet-dns-perl - several vulnerabilities {CVE-2007-3377 CVE-2007-3409 CVE-2007-6341} [sarge] - libnet-dns-perl 0.48-1sarge1 [etch] - libnet-dns-perl 0.59-1etch1 [09 Mar 2008] DSA-1514-1 moin {CVE-2007-2423 CVE-2007-2637 CVE-2008-0780 CVE-2008-0781 CVE-2008-0782 CVE-2008-1098 CVE-2008-1099} [etch] - moin 1.5.3-1.2etch1 [06 Mar 2008] DSA-1513-1 lighttpd - information disclosure {CVE-2008-1111} [etch] - lighttpd 1.4.13-4etch5 [06 Mar 2008] DSA-1503-2 kernel-source-2.4.27 - several vulnerabilities {CVE-2004-2731 CVE-2006-4814 CVE-2006-5753 CVE-2006-5823 CVE-2006-6053 CVE-2006-6054 CVE-2006-6106 CVE-2007-1353 CVE-2007-1592 CVE-2007-2172 CVE-2007-2525 CVE-2007-3848 CVE-2007-4308 CVE-2007-4311 CVE-2007-5093 CVE-2007-6063 CVE-2007-6151 CVE-2007-6206 CVE-2007-6694 CVE-2008-0007} [sarge] - kernel-source-2.4.27 2.4.27-10sarge7 [05 Mar 2008] DSA-1512-1 evolution - remote code execution {CVE-2008-0072} [sarge] - evolution 2.0.4-2sarge3 [etch] - evolution 2.6.3-6etch2 [03 Mar 2008] DSA-1511-1 icu - multiple problems {CVE-2007-4770 CVE-2007-4771} [etch] - icu 3.6-2etch1 [27 Feb 2008] DSA-1510-1 gs-esp gs-gpl - arbitrary code execution {CVE-2008-0411} [sarge] - gs-esp 7.07.1-9sarge1 [sarge] - gs-gpl 8.01-6 [etch] - gs-esp 8.15.3.dfsg.1-1etch1 [etch] - gs-gpl 8.54.dfsg.1-5etch1 [25 Feb 2008] DSA-1509-1 koffice - multiple vulnerabilities {CVE-2007-4352 CVE-2007-5392 CVE-2007-5393} [etch] - koffice 1:1.6.1-2etch2 [25 Feb 2008] DSA-1508-1 sword - arbirary shell command execution {CVE-2008-0932} [sarge] - sword 1.5.7-7sarge1 [etch] - sword 1.5.9-2etch1 [24 Feb 2008] DSA-1507-1 turba2 {CVE-2008-0807} [sarge] - turba2 2.0.2-1sarge1 [etch] - turba2 2.1.3-1etch1 [24 Feb 2008] DSA-1506-1 iceape - several vulnerabilities {CVE-2008-0412 CVE-2008-0413 CVE-2008-0414 CVE-2008-0415 CVE-2008-0416 CVE-2008-0417 CVE-2008-0418 CVE-2008-0419 CVE-2008-0591 CVE-2008-0592 CVE-2008-0593 CVE-2008-0594 CVE-2007-5947 CVE-2007-5959 CVE-2007-5960} [etch] - iceape 1.0.12~pre080131b-0etch1 [22 Feb 2008] DSA-1505-1 alsa-driver alsa-modules-i386 - kernel memory leak {CVE-2007-4571} [sarge] - alsa-driver 1.0.8-7sarge1 [sarge] - alsa-modules-i386 1.0.8+2sarge2 [etch] - alsa-driver 1.0.13-5etch1 [22 Feb 2008] DSA-1504-1 kernel-image-2.6.8 - several issues {CVE-2006-5823 CVE-2006-6054 CVE-2006-6058 CVE-2006-7203 CVE-2007-1353 CVE-2007-2172 CVE-2007-2525 CVE-2007-3105 CVE-2007-3739 CVE-2007-3740 CVE-2007-3848 CVE-2007-4133 CVE-2007-4308 CVE-2007-4573 CVE-2007-5093 CVE-2007-6063 CVE-2007-6151 CVE-2007-6206 CVE-2007-6694 CVE-2008-0007} [sarge] - kernel-image-2.6.8-s390 2.6.8-6sarge1 [sarge] - kernel-image-2.6.8-ia64 2.6.8-15sarge1 [sarge] - fai-kernels 1.9.1sarge8 [sarge] - kernel-image-2.6.8-amd64 2.6.8-17sarge1 [sarge] - kernel-image-2.6.8-hppa 2.6.8-7sarge1 [sarge] - kernel-image-2.6.8-sparc 2.6.8-16sarge1 [sarge] - kernel-image-2.6.8-alpha 2.6.8-17sarge1 [sarge] - kernel-image-2.6.8-i386 2.6.8-17sarge1 [sarge] - kernel-source-2.6.8 2.6.8-17sarge1 [sarge] - kernel-patch-powerpc-2.6.8 2.6.8-13sarge1 [sarge] - kernel-image-2.6.8-m68k 2.6.8-5sarge1 [22 Feb 2008] DSA-1503-1 kernelimage-2.4.27 - several issues {CVE-2004-2731 CVE-2006-4814 CVE-2006-5753 CVE-2006-5823 CVE-2006-6053 CVE-2006-6054 CVE-2006-6106 CVE-2007-1353 CVE-2007-1592 CVE-2007-2172 CVE-2007-2525 CVE-2007-3848 CVE-2007-4308 CVE-2007-4311 CVE-2007-5093 CVE-2007-6063 CVE-2007-6151 CVE-2007-6206 CVE-2007-6694 CVE-2008-0007} [sarge] - kernel-latest-2.4-i386 101sarge2 [sarge] - kernel-image-2.4.27-alpha 2.4.27-10sarge6 [sarge] - kernel-image-2.4.27-m68k 2.4.27-3sarge6 [sarge] - i2c 1:2.9.1-1sarge2 [sarge] - systemimager 3.2.3-6sarge5 [sarge] - kernel-latest-2.4-alpha 101sarge3 [sarge] - kernel-patch-powerpc-2.4.27 2.4.27-10sarge6 [sarge] - kernel-latest-2.4-sparc 42sarge3 [sarge] - kernel-patch-2.4.27-mips 2.4.27-10.sarge4.040815-3 [sarge] - pcmcia-modules-2.4.27-i386 3.2.5+2sarge2 [sarge] - kernel-image-2.4.27-ia64 2.4.27-10sarge6 [sarge] - mindi-kernel 2.4.27-2sarge5 [sarge] - kernel-latest-2.4-s390 2.4.27-1sarge2 [sarge] - hostap-modules-i386 1:0.3.7-1sarge3 [sarge] - kernel-image-speakup-i386 2.4.27-1.1sarge5 [sarge] - kernel-source-2.4.27 2.4.27-10sarge6 [sarge] - kernel-image-2.4.27-arm 2.4.27-2sarge6 [sarge] - kernel-image-2.4.27-i386 2.4.27-10sarge6 [sarge] - kernel-image-2.4.27-sparc 2.4.27-9sarge6 [sarge] - kernel-image-2.4.27-s390 2.4.27-2sarge6 [22 Feb 2008] DSA-1502-1 wordpress - multiple vulnerabilities {CVE-2007-2821 CVE-2007-3238 CVE-2008-0193 CVE-2008-0194} [etch] - wordpress 2.0.10-1etch1 [21 Feb 2008] DSA-1501-1 dspam - information disclosure {CVE-2007-6418} [etch] - dspam 3.6.8-5etch1 [21 Feb 2008] DSA-1500-1 splitvt - privilege escalation {CVE-2008-0162} [etch] - splitvt 1.6.5-9etch1 [19 Feb 2008] DSA-1499-1 pcre3 - arbitrary code execution {CVE-2008-0674} [sarge] - pcre3 4.5+7.4-2 [etch] - pcre3 6.7+7.4-3 [19 Feb 2008] DSA-1498-1 libimager-perl - buffer overflow {CVE-2007-2459} [etch] - libimager-perl 0.50-1etch1 [16 Feb 2008] DSA-1497-1 clamav - several vulnerabilities {CVE-2007-6595 CVE-2008-0318} [etch] - clamav 0.90.1dfsg-3etch10 [12 Feb 2008] DSA-1496-1 mplayer - arbitrary code execution {CVE-2008-0485 CVE-2008-0486 CVE-2008-0629 CVE-2008-0630} [etch] - mplayer 1.0~rc1-12etch2 [12 Feb 2008] DSA-1495-1 nagios-plugins - several {CVE-2007-5198 CVE-2007-5623} [sarge] - nagios-plugins 1.4-6sarge1 [etch] - nagios-plugins 1.4.5-1etch1 [11 Feb 2008] DSA-1494-1 linux-2.6 - privilege escalation {CVE-2008-0163 CVE-2008-0600} [etch] - linux-2.6 2.6.18.dfsg.1-18etch1 [10 Feb 2008] DSA-1493-1 sdl-image1.2 {CVE-2007-6697 CVE-2008-0544} [sarge] - sdl-image1.2 1.2.4-1etch1 [etch] - sdl-image1.2 1.2.5-2etch1 [10 Feb 2008] DSA-1492-1 wml {CVE-2008-0665 CVE-2008-0666} [etch] - wml 2.0.11-1etch1 [10 Feb 2008] DSA-1491-1 tk8.4 - arbitrary code execution {CVE-2008-0553} [sarge] - tk8.4 8.4.9-1sarge2 [etch] - tk8.4 8.4.12-1etch2 [10 Feb 2008] DSA-1490-1 tk8.3 - arbitrary code execution {CVE-2008-0553} [sarge] - tk8.3 8.3.5-4sarge1 [etch] - tk8.3 8.3.5-6etch2 [10 Feb 2008] DSA-1489-1 iceweasel - several vulnerabilities {CVE-2008-0412 CVE-2008-0413 CVE-2008-0414 CVE-2008-0415 CVE-2008-0416 CVE-2008-0417 CVE-2008-0418 CVE-2008-0419 CVE-2008-0591 CVE-2008-0592 CVE-2008-0593 CVE-2008-0594} [etch] - iceweasel 2.0.0.12-0etch1 [09 Feb 2008] DSA-1488-1 phpbb2 - several vulnerabilities {CVE-2006-4758 CVE-2006-6508 CVE-2006-6839 CVE-2006-6840 CVE-2006-6841 CVE-2008-0471} [sarge] - phpbb2 2.0.13+1-6sarge4 [etch] - phpbb2 2.0.21-7 [08 Feb 2008] DSA-1487-1 libexif - several vulnerabilities {CVE-2007-2645 CVE-2007-6351 CVE-2007-6352} [sarge] - libexif 0.6.9-6sarge2 [etch] - libexif 0.6.13-5etch2 [05 Feb 2008] DSA-1486-1 gnatsweb - cross-site scripting {CVE-2007-2808} [etch] - gnatsweb 4.00-1etch1 [10 Feb 2008] DSA-1485-2 icedove - several vulnerabilities {CVE-2008-0412 CVE-2008-0413 CVE-2008-0414 CVE-2008-0415 CVE-2008-0416 CVE-2008-0417 CVE-2008-0418 CVE-2008-0419 CVE-2008-0591 CVE-2008-0592 CVE-2008-0593 CVE-2008-0594} [etch] - icedove 1.5.0.13+1.5.0.15b.dfsg1-0etch2 [10 Feb 2008] DSA-1484-1 xulrunner - several vulnerabilities {CVE-2008-0412 CVE-2008-0413 CVE-2008-0414 CVE-2008-0415 CVE-2008-0416 CVE-2008-0417 CVE-2008-0418 CVE-2008-0419 CVE-2008-0591 CVE-2008-0592 CVE-2008-0593 CVE-2008-0594 CVE-2008-0420} [etch] - xulrunner 1.8.0.15~pre080131b-0etch1 [06 Feb 2008] DSA-1483-1 net-snmp - denial of service {CVE-2007-5846} [etch] - net-snmp 5.2.3-7etch2 [05 Feb 2008] DSA-1482-1 squid - programming error {CVE-2007-6239} [etch] - squid 2.6.5-6etch1 NOTE: temporary i386 update for sarge on: http://people.debian.org/~jmm/squid/ [05 Feb 2008] DSA-1481-1 python-cherrypy - missing input sanitising {CVE-2008-0252} [etch] - python-cherrypy 2.2.1-3etch1 [05 Feb 2008] DSA-1480-1 poppler - several vulnerabilities {CVE-2007-4352 CVE-2007-5392 CVE-2007-5393} [etch] - poppler 0.4.5-5.1etch2 [29 Jan 2008] DSA-1479-1 linux-2.6 {CVE-2007-2878 CVE-2007-4571 CVE-2007-6151 CVE-2008-0001} [etch] - linux-2.6 2.6.18.dfsg.1-17etch1 [28 Jan 2008] DSA-1478-1 mysql-dfsg-5.0 - buffer overflows {CVE-2008-0226 CVE-2008-0227} [etch] - mysql-dfsg-5.0 5.0.32-7etch5 [27 Jan 2008] DSA-1477-1 yarssr - missing input sanitising {CVE-2007-5837} [etch] - yarssr 0.2.2-1etch1 [27 Jan 2008] DSA-1476-1 pulseaudio - programming error {CVE-2008-0008} [etch] - pulseaudio 0.9.5-5etch1 [26 Jan 2008] DSA-1475-1 gforge - cross site scripting {CVE-2007-0176} [etch] - gforge 4.5.14-22etch5 [21 Jan 2008] DSA-1474-1 exiv2 - arbitrary code execution {CVE-2007-6353} [etch] - exiv2 0.10-1.5 [21 Jan 2008] DSA-1473-1 scponly - arbitrary code execution {CVE-2007-6350 CVE-2007-6415} [sarge] - scponly 4.0-1sarge2 [etch] - scponly 4.6-1etch1 [21 Jan 2008] DSA-1472-1 xine-lib - buffer overflow {CVE-2008-0225} [etch] - xine-lib 1.1.2+dfsg-5 [sarge] - xine-lib 1.0.1-1sarge6 [21 Jan 2008] DSA-1471-1 libvorbis - several vulnerabilities {CVE-2007-3106 CVE-2007-4029 CVE-2007-4065 CVE-2007-4066} [etch] - libvorbis 1.1.2.dfsg-1.3 [sarge] - libvorbis 1.1.0-2 [20 Jan 2008] DSA-1470-1 horde3 - missing input sanitising {CVE-2007-6018} [etch] - horde3 3.1.3-4etch2 [sarge] - horde3 (Vulnerable code not present) [20 Jan 2008] DSA-1469-1 flac {CVE-2007-4619 CVE-2007-6277} [etch] - flac 1.1.2-8 [sarge] - flac 1.1.1-5sarge1 [20 Jan 2008] DSA-1468-1 tomcat5.5 {CVE-2008-0128 CVE-2007-2450} [etch] - tomcat5.5 5.5.20-2etch2 [19 Jan 2008] DSA-1467-1 mantis - several vulnerabilities {CVE-2006-6574 CVE-2007-6611} [sarge] - mantis 0.19.2-5sarge5 [19 Jan 2008] DSA-1466-2 libxfont xfree86 xorg-server - several vulnerabilities {CVE-2007-5760 CVE-2007-5958 CVE-2007-6427 CVE-2007-6428 CVE-2007-6429 CVE-2008-0006} [sarge] - xfree86 4.3.0.dfsg.1-14sarge7 [etch] - xorg-server 2:1.1.1-21etch3 [17 Jan 2008] DSA-1465-2 apt-listchanges - arbitrary code execution {CVE-2008-0302} [etch] - apt-listchanges 2.72.5etch2 [15 Jan 2008] DSA-1464-1 syslog-ng - denial of service {CVE-2007-6437} [etch] - syslog-ng 2.0.0-1etch1 [14 Jan 2008] DSA-1463-1 postgresql-7.4 - several {CVE-2007-3278 CVE-2007-4769 CVE-2007-4772 CVE-2007-6067 CVE-2007-6600 CVE-2007-6601} [etch] - postgresql-7.4 7.4.19-0etch1 [sarge] - postgresql 7.4.7-6sarge6 [13 Jan 2008] DSA-1462-1 hplip - missing input sanitising {CVE-2007-5208} [etch] - hplip 1.6.10-3etch1 [13 Jan 2008] DSA-1461-1 libxml2 - denial of service {CVE-2007-6284} [etch] - libxml2 2.6.27.dfsg-2 [sarge] - libxml2 2.6.16-7sarge1 [13 Jan 2008] DSA-1460-1 postgresql-8.1 - several {CVE-2007-3278 CVE-2007-4769 CVE-2007-4772 CVE-2007-6067 CVE-2007-6600 CVE-2007-6601} [etch] - postgresql-8.1 8.1.11-0etch1 [13 Jan 2008] DSA-1459-1 gforge - SQL injection {CVE-2008-0173} [sarge] - gforge 3.1-31sarge5 [etch] - gforge 4.5.14-22etch4 [10 Jan 2008] DSA-1458-1 openafs {CVE-2007-6599} [etch] - openafs 1.4.2-6etch1 [sarge] - openafs 1.3.81-3sarge3 [09 Jan 2008] DSA-1457-1 dovecot {CVE-2007-6598} [etch] - dovecot 1.0.rc15-2etch3 [09 Jan 2008] DSA-1456-1 fail2ban {CVE-2007-4321} [etch] - fail2ban 0.7.5-2etch1 [08 Jan 2008] DSA-1455-1 libarchive {CVE-2007-3641 CVE-2007-3644 CVE-2007-3645} [etch] - libarchive 1.2.53-2etch1 [07 Jan 2008] DSA-1454-1 freetype - arbitrary code execution {CVE-2007-1351} [etch] - freetype 2.2.1-5+etch2 [07 Jan 2008] DSA-1453-1 tomcat5 - several vulnerabilities {CVE-2007-3382 CVE-2007-3385 CVE-2007-5461} [etch] - tomcat5 5.0.30-12etch1 [06 Jan 2008] DSA-1452-1 wzdftpd denial of service {CVE-2007-5300} [etch] - wzdftpd 0.8.1-2etch1 [sarge] - wzdftpd 0.5.2-1.1sarge3 [06 Jan 2008] DSA-1451-1 mysql-dfsg-5.0 several vulnerabilities {CVE-2007-3781 CVE-2007-5969 CVE-2007-6304} [etch] - mysql-dfsg-5.0 5.0.32-7etch4 [05 Jan 2008] DSA-1450-1 util-linux privilege escalation {CVE-2007-5191} [etch] - util-linux 2.12r-19etch1 [sarge] - util-linux 2.12p-4sarge2 [05 Jan 2008] DSA-1449-1 loop-aes-utils privilege escalation {CVE-2007-5191} [etch] - loop-aes-utils 2.12r-15+etch1 [sarge] - loop-aes-utils 2.12p-4sarge2 [05 Jan 2008] DSA-1448-1 eggdrop arbitrary code execution {CVE-2007-2807} [etch] - eggdrop 1.6.18-1etch1 [sarge] - eggdrop 1.6.17-3sarge1 [03 Jan 2008] DSA-1447-1 tomcat5.5 several vulnerabilities {CVE-2007-3382 CVE-2007-3385 CVE-2007-3386 CVE-2007-5342 CVE-2007-5461} [etch] - tomcat5.5 5.5.20-2etch1 [03 Jan 2008] DSA-1446-1 wireshark denial of service {CVE-2007-6450 CVE-2007-6451} [etch] - wireshark 0.99.4-5.etch.2 [sarge] - ethereal 0.10.10-2sarge11 [03 Jan 2008] DSA-1445-1 maradns denial of service {CVE-2008-0061} [etch] - maradns 1.2.12.04-1etch2 [sarge] - maradns 1.0.27-2 [03 Jan 2008] DSA-1444-1 php5 several issues {CVE-2007-3799 CVE-2007-3998 CVE-2007-4657 CVE-2007-4658 CVE-2007-4660 CVE-2007-4662 CVE-2007-5898 CVE-2007-5899} [etch] - php5 5.2.0-8+etch9 [03 Jan 2008] DSA-1443-1 tcpreen buffer overflows {CVE-2007-6562} [etch] - tcpreen 1.4.3-0.1etch1 [29 Dec 2007] DSA-1442-1 libsndfile {CVE-2007-4974} [etch] - libsndfile 1.0.16-2 [28 Dec 2007] DSA-1441-1 peercast {CVE-2007-6454} [etch] - peercast 0.1217.toots.20060314-1etch0 [28 Dec 2007] DSA-1440-1 inotify-tools {CVE-2007-5037} [etch] - inotify-tools 3.3-2 [28 Dec 2007] DSA-1439-1 typo3-src {CVE-2007-6381} [etch] - typo3-src 4.0.2+debian-4 [28 Dec 2007] DSA-1438-1 tar {CVE-2007-4131 CVE-2007-4476} [etch] - tar 1.16-2etch1 [sarge] - tar 1.14-2.4 [26 Dec 2007] DSA-1437-1 cupsys {CVE-2007-5849 CVE-2007-6358} [etch] - cupsys 1.2.7-4etch2 [20 Dec 2007] DSA-1436-1 linux-2.6 fai-kernels user-mode-linux - several vulnerabilities {CVE-2006-6058 CVE-2007-5966 CVE-2007-6063 CVE-2007-6206 CVE-2007-6417} [etch] - linux-2.6 2.6.18.dfsg.1-13etch6 [etch] - fai-kernels 1.17+etch.13etch6 [etch] - user-mode-linux 2.6.18-1um-2etch.13etch6 [19 Dec 2007] DSA-1435-1 clamav {CVE-2007-6335 CVE-2007-6336} [etch] - clamav 0.90.1-3etch8 [16 Dec 2007] DSA-1434-1 mydns - denial of service {CVE-2007-2362} [etch] - mydns 1:1.1.0-7etch1 [16 Dec 2007] DSA-1433-1 centericq - buffer overflow {CVE-2007-3713} [etch] - centericq 4.21.0-18etch1 [sarge] - centericq 4.20.0-1sarge5 [16 Dec 2007] DSA-1432-1 link-grammar - buffer overflow {CVE-2007-5395} [etch] - link-grammar 4.2.2-4etch1 [11 Dec 2007] DSA-1431-1 ruby-gnome2 - format string {CVE-2007-6183} [etch] - ruby-gnome2 0.15.0-1.1etch1 [sarge] - ruby-gnome2 0.12.0-2sarge1 [11 Dec 2007] DSA-1430-1 libnss-ldap - information disclosure {CVE-2007-5794} [etch] - libnss-ldap 251-7.5etch1 [sarge] - libnss-ldap 238-1sarge1 [11 Dec 2007] DSA-1429-1 htdig - cross site scripting {CVE-2007-6110} [etch] - htdig 1:3.2.0b6-3.1etch1 [10 Dec 2007] DSA-1428-1 fai-kernels linux-2.6 user-mode-linux - several vulnerabilities {CVE-2007-3104 CVE-2007-4997 CVE-2007-5500 CVE-2007-5904} [etch] - linux-2.6 2.6.18.dfsg.1-13etch5 [etch] - fai-kernels 1.17+etch.13etch5 [etch] - user-mode-linux 2.6.18-1um-2etch.13etch5 [10 Dec 2007] DSA-1427-1 samba - buffer overflow {CVE-2007-6015} [etch] - samba 3.0.24-6etch9 [sarge] - samba 3.0.14a-3sarge11 [08 Dec 2007] DSA-1426-1 qt-x11-free - several vulnerabilities {CVE-2007-3388 CVE-2007-4137} [sarge] - qt-x11-free 3:3.3.4-3sarge3 [etch] - qt-x11-free 3:3.3.7-4etch1 [08 Dec 2007] DSA-1425-1 xulrunner - several vulnerabilities {CVE-2007-5947 CVE-2007-5959 CVE-2007-5960} [etch] - xulrunner 1.8.0.14~pre071019c-0etch1 [08 Dec 2007] DSA-1424-1 iceweasel - several vulnerabilities {CVE-2007-5947 CVE-2007-5959 CVE-2007-5960} [etch] - iceweasel 2.0.0.10-0etch1 [07 Dec 2007] DSA-1423-1 sitebar - several vulnerabilities {CVE-2007-5491 CVE-2007-5492 CVE-2007-5693 CVE-2007-5694 CVE-2007-5695 CVE-2007-5692} [etch] - sitebar 3.3.8-7etch1 [sarge] - sitebar 3.2.6-7.1sarge1 [07 Dec 2007] DSA-1422-1 e2fsprogs - arbitrary code execution {CVE-2007-5497} [etch] - e2fsprogs 1.39+1.40-WIP-2006.11.14+dfsg-2etch1 [06 Dec 2007] DSA-1421-1 wesnoth - directory traversal {CVE-2007-5742} [sarge] - wesnoth 0.9.0-7 [etch] - wesnoth 1.2-3 [05 Dec 2007] DSA-1420-1 zabbix - programming error {CVE-2007-6210} [etch] - zabbix 1:1.1.4-10etch1 [05 Dec 2007] DSA-1419-1 openoffice.org {CVE-2007-4575} [etch] - openoffice.org 2.0.4.dfsg.2-7etch4 [etch] - hsqldb 1.8.0.7-1etch1 [sarge] - openoffice.org (Vulnerable code not present) [sarge] - hsqldb (Vulnerable code not present) [02 Dec 2007] DSA-1418-1 cacti - SQL injection {CVE-2007-6035} [sarge] - cacti 0.8.6c-7sarge5 [etch] - cacti 0.8.6i-3.2 [02 Dec 2007] DSA-1417-1 asterisk - SQL injection {CVE-2007-6170} [sarge] - asterisk 1:1.0.7.dfsg.1-2sarge6 [etch] - asterisk 1:1.2.13~dfsg-2etch2 [22 Nov 2007] DSA-1409-3 samba - several vulnerabilities (update) {CVE-2007-4572 CVE-2007-5398} [etch] - samba 3.0.24-6etch8 [sarge] - samba 3.0.14a-3sarge10 NOTE: this fixes all regressions introduced by the previous DSAs [27 Nov 2007] DSA-1416-1 tk8.3 - buffer overflow {CVE-2007-5378} [etch] - tk8.3 8.3.5-6etch1 [27 Nov 2007] DSA-1415-1 tk8.4 - buffer overflow {CVE-2007-5378} [etch] - tk8.4 8.4.12-1etch1 [sarge] - tk8.4 8.4.9-1sarge1 [27 Nov 2007] DSA-1414-1 wireshark - several vulnerabilities {CVE-2007-6114 CVE-2007-6117 CVE-2007-6118 CVE-2007-6120 CVE-2007-6121} [etch] - wireshark 0.99.4-5.etch.1 [sarge] - ethereal 0.10.10-2sarge10 [26 Nov 2007] DSA-1413-1 mysql - multiple {CVE-2007-2583 CVE-2007-2691 CVE-2007-2692 CVE-2007-3780 CVE-2007-3782 CVE-2007-5925} [etch] - mysql-dfsg-5.0 5.0.32-7etch3 [sarge] - mysql-dfsg 4.0.24-10sarge3 [sarge] - mysql-dfsg-4.1 4.1.11a-4sarge8 [24 Nov 2007] DSA-1412-1 ruby1.9 - possible man-in-the-middle attacks {CVE-2007-5162 CVE-2007-5770} [etch] - ruby1.9 1.9.0+20060609-1etch1 [24 Nov 2007] DSA-1411-1 libopenssl-ruby - possible man-in-the-middle attacks {CVE-2007-5162 CVE-2007-5770} [sarge] - libopenssl-ruby 0.1.4a-1sarge1 NOTE: libopenssl-ruby is not in etch [24 Nov 2007] DSA-1410-1 ruby1.8 - possible man-in-the-middle attacks {CVE-2007-5162 CVE-2007-5770} [etch] - ruby1.8 1.8.5-4etch1 [sarge] - ruby1.8 1.8.2-7sarge6 [22 Nov 2007] DSA-1409-2 samba - several vulnerabilities {CVE-2007-4572 CVE-2007-5398} [etch] - samba 3.0.24-6etch7 [sarge] - samba 3.0.14a-3sarge9 NOTE: the previous DSA introduced regressions [22 Nov 2007] DSA-1409-1 samba - several vulnerabilities {CVE-2007-4572 CVE-2007-5398} [etch] - samba 3.0.24-6etch5 [sarge] - samba 3.0.14a-3sarge7 [21 Nov 2007] DSA-1408-1 kdegraphics - buffer overflow with arbitrary code execution {CVE-2007-5393} [etch] - kdegraphics 4:3.5.5-3etch2 [18 Nov 2007] DSA-1407-1 cupsys - buffer overflow with arbitrary code execution {CVE-2007-4351} [etch] - cupsys 1.2.7-4etch1 [11 Nov 2007] DSA-1405-2 zope-cmfplone - arbitrary code {CVE-2007-5741} [etch] - zope-cmfplone 2.5.1-4etch2 NOTE: the previous DSA introduced a regression [09 Nov 2007] DSA-1406-1 horde3 - several vulnerabilities {CVE-2006-3548 CVE-2006-3549 CVE-2006-4256 CVE-2007-1473 CVE-2007-1474} [sarge] - horde3 3.0.4-4sarge6 [etch] - horde3 3.1.3-4etch1 [09 Nov 2007] DSA-1405-1 zope-cmfplone - arbitrary code {CVE-2007-5741} [etch] - zope-cmfplone 2.5.1-4etch1 [08 Nov 2007] DSA-1404-1 gallery2 - privilege escalation {CVE-2007-4650} [etch] - gallery2 2.1.2-2.0.etch.1 [08 Nov 2007] DSA-1403-1 phpmyadmin - cross-site scripting {CVE-2007-5386 CVE-2007-5589} [sarge] - phpmyadmin 4:2.6.2-3sarge6 [etch] - phpmyadmin 4:2.9.1.1-6 [08 Nov 2007] DSA-1402-1 gforge - insecure temporary files {CVE-2007-3921} [sarge] - gforge 3.1-31sarge4 [etch] - gforge 4.5.14-22etch3 [06 Nov 2007] DSA-1400-1 perl - arbitrary code execution {CVE-2007-5116} [sarge] - perl 5.8.4-8sarge6 [etch] - perl 5.8.8-7etch1 [05 Nov 2007] DSA-1401-1 iceape - several vulnerabilities {CVE-2006-2894 CVE-2007-1095 CVE-2007-2292 CVE-2007-3511 CVE-2007-5334 CVE-2007-5337 CVE-2007-5338 CVE-2007-5339 CVE-2007-5340} [etch] - iceape 1.0.11~pre071022-0etch1 [05 Nov 2007] DSA-1399-1 pcre3 - arbitrary code execution {CVE-2007-1659 CVE-2007-1660 CVE-2007-1661 CVE-2007-1662 CVE-2007-4766 CVE-2007-4767 CVE-2007-4768} [sarge] - pcre3 4.5+7.4-1 [etch] - pcre3 6.7+7.4-2 [05 Nov 2007] DSA-1398-1 perdition - format string vulnerability {CVE-2007-5740} [etch] - perdition 1.17-7etch1 [sarge] - perdition 1.15-5sarge1 [03 Nov 2007] DSA-1397-1 mono - buffer overflow {CVE-2007-5197} [etch] - mono 1.2.2.1-1etch1 [29 Oct 2007] DSA-1388-3 dhcp - buffer overflow {CVE-2007-5365} [etch] - dhcp 2.0pl5-19.5etch2 NOTE: DSA-1388-1 was incomplete [27 Oct 2007] DSA-1396-1 iceweasel {CVE-2007-1095 CVE-2007-2292 CVE-2007-3511 CVE-2007-5334 CVE-2007-5335 CVE-2007-5337 CVE-2007-5338 CVE-2007-5339 CVE-2007-5340} [etch] - iceweasel 2.0.0.6+2.0.0.8-0etch1 [25 Oct 2007] DSA-1395-1 xen-3.0 - insecure temporary files {CVE-2007-3919} [etch] - xen-3.0 3.0.3-0-4 [24 Oct 2007] DSA-1389-2 zoph - SQL injection {CVE-2007-3905} [sarge] - zoph 0.3.3-12sarge3 [23 Oct 2007] DSA-1394-1 reprepro - authentication bypass {CVE-2007-4739} [etch] - reprepro 1.3.1+1-1 [23 Oct 2007] DSA-1393-1 xfce4-terminal - insecure execution {CVE-2007-3770} [etch] - xfce4-terminal 0.2.5.6rc1-2etch1 [23 Oct 2007] DSA-1373-2 ktorrent - directory traversal {CVE-2007-1799} [etch] - ktorrent 2.0.3+dfsg1-2.2etch1 [20 Oct 2007] DSA-1392-1 xulrunner - several vulnerabilities {CVE-2006-2894 CVE-2007-1095 CVE-2007-2292 CVE-2007-3511 CVE-2007-5334 CVE-2007-5337 CVE-2007-5338 CVE-2007-5339 CVE-2007-5340} [etch] - xulrunner 1.8.0.14~pre071019b-0etch1 [19 Oct 2007] DSA-1391-1 icedove - several vulnerabilities {CVE-2007-3734 CVE-2007-3735 CVE-2007-3844 CVE-2007-3845 CVE-2007-5339 CVE-2007-5340} [etch] - icedove 1.5.0.13+1.5.0.14b.dfsg1-0etch1 [18 Oct 2007] DSA-1390-1 t1lib - arbitrary code execution {CVE-2007-4033} [sarge] - t1lib 5.0.2-3sarge1 [etch] - t1lib 5.1.0-2etch1 [18 Oct 2007] DSA-1389-1 zoph - SQL injection {CVE-2007-3905} [etch] - zoph 0.6-2.1etch1 [18 Oct 2007] DSA-1388-1 dhcp {CVE-2007-5365} [etch] - dhcp 2.0pl5-19.5etch1 [sarge] - dhcp 2.0pl5-19.1sarge3 [15 Oct 2007] DSA-1387-1 librpcsecgss {CVE-2007-4743} [etch] - librpcsecgss 0.14-2etch3 [15 Oct 2007] DSA-1386-1 wesnoth {CVE-2007-3917} [etch] - wesnoth 1.2-2 [sarge] - wesnoth 0.9.0-6 [08 Oct 2007] DSA-1385-1 xfs {CVE-2007-4568 CVE-2007-4990} [etch] - xfs 1.0.1-7 [sarge] - xfree86 4.3.0.dfsg.1-14sarge5 [05 Oct 2007] DSA-1384-1 xen-3.0 {CVE-2007-4993 CVE-2007-1320} [etch] - xen-3.0 3.0.3-0-3 [04 Oct 2007] DSA-1383-1 gforge - cross-site scripting {CVE-2007-3918} [sarge] - gforge 3.1-31sarge3 [etch] - gforge 4.5.14-22etch2 [03 Oct 2007] DSA-1382-1 quagga {CVE-2007-4826} [etch] - quagga 0.99.5-5etch3 [sarge] - quagga 0.98.3-7.5 [02 Oct 2007] DSA-1381-2 linux-2.6 {CVE-2006-5755 CVE-2007-4133 CVE-2007-4573 CVE-2007-5093} [etch] - linux-2.6 2.6.18.dfsg.1-13etch4 [02 Oct 2007] DSA-1380-1 elinks - information disclosure {CVE-2007-5034} [etch] - elinks 0.11.1-1.2etch1 [02 Oct 2007] DSA-1379-1 openssl - arbitrary code execution {CVE-2007-5135} [sarge] - openssl 0.9.7e-3sarge5 [sarge] - openssl096 0.9.6m-1sarge5 [etch] - openssl 0.9.8c-4etch1 [etch] - openssl097 0.9.7k-3.1etch1 [02 Oct 2007] DSA-1365-3 id3lib3.8.3 - denial of service {CVE-2007-4460} [sarge] - id3lib3.8.3 3.8.3-4.1sarge1 [etch] - id3lib3.8.3 3.8.3-6etch1 [28 Sep 2007] DSA-1378-2 fai-kernels linux-2.6 user-mode-linux - several vulnerabilities {CVE-2007-3731 CVE-2007-3739 CVE-2007-3740 CVE-2007-4573 CVE-2007-4849} [etch] - linux-2.6 2.6.18.dfsg.1-13etch3 [etch] - fai-kernels 1.17+etch.13etch3 [etch] - user-mode-linux 2.6.18-1um-2etch.13etch3 [27 Sep 2007] DSA-1378-1 fai-kernels linux-2.6 user-mode-linux - several vulnerabilities {CVE-2007-3731 CVE-2007-3739 CVE-2007-3740 CVE-2007-4573 CVE-2007-4849} [etch] - linux-2.6 2.6.18.dfsg.1-13etch3 [etch] - fai-kernels 1.17+etch.13etch3 [etch] - user-mode-linux 2.6.18-1um-2etch.13etch3 [02 Aug 2007] DSA-1343-2 file {CVE-2007-2799} [etch] - file 4.17-5etch3 [21 Sep 2007] DSA-1377-2 fetchmail - null pointer dereference {CVE-2007-4565} [etch] - fetchmail 6.3.6-1etch1 [21 Sep 2007] DSA-1376-1 kdebase - programming error {CVE-2007-4569} [etch] - kdebase 4:3.5.5a.dfsg.1-6etch1 [19 Sep 2007] DSA-1364-2 vim - several vulnerabilities {CVE-2007-2438 CVE-2007-2953} [etch] - vim 1:7.0-122+1etch3 [17 Sep 2007] DSA-1375-1 openoffice.org - buffer overflow {CVE-2007-2834} [etch] - openoffice.org 2.0.4.dfsg.2-7etch2 [sarge] - openoffice.org 1.1.3-9sarge8 [11 Sep 2007] DSA-1373-1 ktorrent - directory traversal vulnerabilities {CVE-2007-1799} [etch] - ktorrent 2.0.3+dfsg1-2etch1 [11 Sep 2007] DSA-1374-1 jffnms - several vulnerabilities {CVE-2007-3189 CVE-2007-3190 CVE-2007-3191 CVE-2007-3192} [etch] - jffnms 0.8.3dfsg.1-2.1etch1 [11 Sep 2007] DSA-1371-1 phpwiki - several vulnerabilities {CVE-2007-2024 CVE-2007-2025 CVE-2007-3193} [etch] - phpwiki 1.3.12p3-5etch1 [10 Sep 2007] DSA-1370-2 phpmyadmin - several vulnerabilities {CVE-2006-6942 CVE-2006-6944 CVE-2007-1325 CVE-2007-1395 CVE-2007-2245} [sarge] - phpmyadmin 4:2.6.2-3sarge5 [etch] - phpmyadmin 4:2.9.1.1-4 [09 Sep 2007] DSA-1365-2 id3lib3.8.3 - denial of service {CVE-2007-4460} [etch] - id3lib3.8.3 3.8.3-6etch1 [09 Sep 2007] DSA-1372-1 xorg-server - privilege escalation {CVE-2007-4730} [etch] - xorg-server 2:1.1.1-21etch1 [10 Sep 2007] DSA-1370-1 phpmyadmin - several vulnerabilities {CVE-2006-6942 CVE-2006-6944 CVE-2007-1325 CVE-2007-1395 CVE-2007-2245} [sarge] - phpmyadmin 4:2.6.2-3sarge5 [etch] - phpmyadmin 4:2.9.1.1-4 [06 Sep 2007] DSA-1369-1 gforge - SQL injection {CVE-2007-3913} [sarge] - gforge 3.1-31sarge2 [etch] - gforge 4.5.14-22etch1 [04 Sep 2007] DSA-1368-1 librpcsecgss - arbitrary code execution {CVE-2007-3999} [etch] - librpcsecgss 0.14-2etch1 [06 Sep 2007] DSA-1367-1 krb5 - arbitrary code execution {CVE-2007-3999 CVE-2007-4743} [etch] - krb5 1.4.4-7etch4 [02 Sep 2007] DSA-1288-2 pptpd - regression {CVE-2007-0244} [etch] - pptpd 1.3.0-2etch2 [01 Sep 2007] DSA-1366-1 clamav {CVE-2007-4510 CVE-2007-4560} [etch] - clamav 0.90.1-3etch7 [01 Sep 2007] DSA-1365-1 id3lib3.8.3 {CVE-2007-4460} [sarge] - id3lib3.8.3 3.8.3-4.1sarge1 [etch] - id3lib3.8.3 3.8.3-6etch1 [01 Sep 2007] DSA-1364-1 vim {CVE-2007-2438 CVE-2007-2953} [sarge] - vim 1:6.3-071+1sarge2 [etch] - vim 1:7.0-122+1etch3 [31 Aug 2007] DSA-1363-1 linux-2.6 {CVE-2007-2172 CVE-2007-2875 CVE-2007-3105 CVE-2007-3843 CVE-2007-4308} [etch] - linux-2.6 2.6.18.dfsg.1-13etch2 [29 Aug 2007] DSA-1362-1 lighttpd - several vulnerabilities {CVE-2007-3946 CVE-2007-3947 CVE-2007-3949 CVE-2007-3950 CVE-2007-4727} [etch] - lighttpd 1.4.13-4etch4 [29 Aug 2007] DSA-1361-1 postfix-policyd - arbitrary code execution {CVE-2007-3791} [etch] - postfix-policyd 1.80-2.1etch1 [28 Aug 2007] DSA-1360-1 rsync - arbitrary code execution {CVE-2007-4091} [etch] - rsync 2.6.9-2etch1 [28 Aug 2007] DSA-1359-1 dovecot - directory traversal {CVE-2007-2231} [etch] - dovecot 1.0.rc15-2etch1 [26 Aug 2007] DSA-1358-1 asterisk {CVE-2007-1306 CVE-2007-1561 CVE-2007-2294 CVE-2007-2297 CVE-2007-2488 CVE-2007-3762 CVE-2007-3763 CVE-2007-3764} [etch] - asterisk 1:1.2.13~dfsg-2etch1 [sarge] - asterisk 1:1.0.7.dfsg.1-2sarge5 [19 Aug 2007] DSA-1357-1 koffice - integer overflow {CVE-2007-3387} [etch] - koffice 1:1.6.1-2etch1 [15 Aug 2007] DSA-1356-1 linux-2.6 - several vulnerabilities {CVE-2007-1353 CVE-2007-2172 CVE-2007-2453 CVE-2007-2525 CVE-2007-2876 CVE-2007-3513 CVE-2007-3642 CVE-2007-3848 CVE-2007-3851 CVE-2007-2242 CVE-2006-5753} [etch] - linux-2.6 2.6.18.dfsg.1-13etch1 NOTE: The above entry includes fixes pulled in through -13 in 4.0r1 [13 Aug 2007] DSA-1355-1 kdegraphics - integer overflow {CVE-2007-3387} [sarge] - kdegraphics 4:3.3.2-2sarge5 [etch] - kdegraphics 4:3.5.5-3etch1 [13 Aug 2007] DSA-1354-1 gpdf - integer overflow {CVE-2007-3387} [sarge] - gpdf 2.8.2-1.2sarge6 [08 Aug 2007] DSA-1353-1 tcpdump - integer overflow {CVE-2007-3798} [sarge] - tcpdump 3.8.3-5sarge3 [etch] - tcpdump 3.9.5-2etch1 [07 Aug 2007] DSA-1352-1 pdfkit.framework - integer overflow {CVE-2007-3387} [sarge] - pdfkit.framework 0.8-2sarge4 [07 Aug 2007] DSA-1351-1 bochs - buffer overflow {CVE-2007-2893} [sarge] - bochs 2.1.1+20041109-3sarge1 [etch] - bochs 2.3-2etch1 [06 Aug 2007] DSA-1350-1 tetex-bin {CVE-2007-3387} [sarge] - tetex-bin 2.0.2-30sarge5 [05 Aug 2007] DSA-1349-1 libextractor - integer overflow {CVE-2007-3387} [sarge] - libextractor 0.4.2-2sarge6 [04 Aug 2007] DSA-1348-1 poppler {CVE-2007-3387} [etch] - poppler 0.4.5-5.1etch1 [04 Aug 2007] DSA-1347-1 xpdf {CVE-2007-3387} [etch] - xpdf 3.01-9etch1 [sarge] - xpdf 3.00-13.7 [04 Aug 2007] DSA-1346-1 iceape {CVE-2007-3844 CVE-2007-3845 CVE-2007-4041} [etch] - iceape 1.0.10~pre070720-0etch3 [04 Aug 2007] DSA-1345-1 xulrunner {CVE-2007-3844 CVE-2007-3845 CVE-2007-4041} [etch] - xulrunner 1.8.0.13~pre070720-0etch3 [03 Aug 2007] DSA-1344-1 iceweasel {CVE-2007-3844 CVE-2007-3845 CVE-2007-4041} [etch] - iceweasel 2.0.0.6-0etch1 [02 Aug 2007] DSA-1343-1 file {CVE-2007-2799} [sarge] - file 4.12-1sarge2 [etch] - file 4.17-5etch2 [30 Jul 2007] DSA-1342-1 xfs {CVE-2007-3103} [etch] - xfs 1:1.0.1-6 [25 Jul 2007] DSA-1341-2 bind9 - DNS cache poisoning vulnerability {CVE-2007-2926} [etch] - bind9 1:9.3.4-2etch1 [sarge] - bind9 1:9.2.4-1sarge3 [24 Jul 2007] DSA-1340-1 clamav - null pointer dereference {CVE-2007-3725} [etch] - clamav 0.90.1-3etch4 [24 Jul 2007] DSA-1339-1 iceape - several {CVE-2007-3089 CVE-2007-3656 CVE-2007-3734 CVE-2007-3735 CVE-2007-3736 CVE-2007-3737 CVE-2007-3738} [etch] - iceape 1.0.10~pre070720-0etch1 [23 Jul 2007] DSA-1338-1 iceweasel {CVE-2007-3089 CVE-2007-3656 CVE-2007-3734 CVE-2007-3735 CVE-2007-3736 CVE-2007-3737 CVE-2007-3738 CVE-2007-4038} [etch] - iceweasel 2.0.0.5-0etch1 [22 Jul 2007] DSA-1337-1 xulrunner {CVE-2007-3089 CVE-2007-3656 CVE-2007-3734 CVE-2007-3735 CVE-2007-3736 CVE-2007-3737 CVE-2007-3738} [etch] - xulrunner 1.8.0.13~pre070720-0etch1 [22 Jul 2007] DSA-1336-1 mozilla-firefox {CVE-2007-1282 CVE-2007-0994 CVE-2007-0995 CVE-2007-0996 CVE-2007-0981 CVE-2007-0008 CVE-2007-0009 CVE-2007-0775 CVE-2007-0778 CVE-2007-0045 CVE-2006-6077} [sarge] - mozilla-firefox 1.0.4-2sarge17 [18 Jul 2007] DSA-1335-1 gimp {CVE-2006-4519 CVE-2007-2949} [sarge] - gimp 2.2.6-1sarge4 [etch] - gimp 2.2.13-1etch4 [18 Jul 2007] DSA-1334-1 freetype {CVE-2007-2754} [sarge] - freetype 2.1.7-8 [18 Jul 2007] DSA-1333-1 curl {CVE-2007-3564} [etch] - curl 7.15.5-1etch1 [09 Jul 2007] DSA-1332-1 vlc {CVE-2007-3316 CVE-2007-3467 CVE-2007-3468} [sarge] - vlc 0.8.1.svn20050314-1sarge3 [etch] - vlc 0.8.6-svn20061012.debian-5etch1 [07 Jul 2007] DSA-1331-1 php4 - several vulnerabilities {CVE-2006-0207 CVE-2006-4486 CVE-2007-1864} [sarge] - php4 4:4.3.10-22 [etch] - php4 6:4.4.4-8+etch4 [07 Jul 2007] DSA-1330-1 php5 - several vulnerabilities {CVE-2007-1399 CVE-2007-1864} [etch] - php5 5.2.0-8+etch7 [05 Jul 2007] DSA-1329-1 gfax - insecure temporary files {CVE-2007-2839} [sarge] - gfax 0.4.2-11sarge1 [01 Jul 2007] DSA-1328-1 unicon - buffer overflow {CVE-2007-2835} [etch] - unicon 3.0.4-11etch1 [01 Jul 2007] DSA-1327-1 gsambad - insecure temporary files {CVE-2007-2838} [etch] - gsambad 0.1.4-2etch1 [01 Jul 2007] DSA-1326-1 fireflier {CVE-2007-2837} [sarge] - fireflier 1.1.5-1sarge1 [etch] - fireflier 1.1.6-3etch1 [29 Jun 2007] DSA-1325-1 evolution {CVE-2007-1002 CVE-2007-3257} [sarge] - evolution 2.0.4-2sarge2 [etch] - evolution 2.6.3-6etch1 [28 Jun 2007] DSA-1324-1 hiki {CVE-2007-2836} [etch] - hiki 0.8.6-1etch1 [28 Jun 2007] DSA-1323-1 krb5 {CVE-2007-2442 CVE-2007-2443 CVE-2007-2798} [sarge] - krb5 1.3.6-2sarge5 [etch] - krb5 1.4.4-7etch2 [27 Jun 2007] DSA-1322-1 wireshark {CVE-2007-3390 CVE-2007-3392 CVE-2007-3393} [etch] - wireshark 0.99.4-5.etch.0 [23 Jun 2007] DSA-1321-1 evolution-data-server {CVE-2007-3257} [etch] - evolution-data-server 1.6.3-5etch1 [23 Jun 2007] DSA-1320-1 clamav {CVE-2007-2650 CVE-2007-3023 CVE-2007-3024 CVE-2007-3122 CVE-2007-3123} [sarge] - clamav 0.84-2.sarge.17 [etch] - clamav 0.90.1-3etch3 [23 Jun 2007] DSA-1319-1 maradns {CVE-2007-3114 CVE-2007-3115 CVE-2007-3116} [etch] - maradns 1.2.12.04-1etch1 [23 Jun 2007] DSA-1318-1 ekg {CVE-2005-2370 CVE-2005-2448 CVE-2007-1663 CVE-2007-1664 CVE-2007-1665} [sarge] - ekg 1:1.5+20050411-7 [etch] - ekg 1:1.7~rc2-1etch1 [23 Jun 2007] DSA-1317-1 tinymux {CVE-2007-1655} [etch] - tinymux 2.4.3.31-1etch1 [21 Jun 2007] DSA-1316-1 emacs21 {CVE-2007-2833} [etch] - emacs21 21.4a+1-3etch1 [19 Jun 2007] DSA-1315-1 libphp-phpmailer {CVE-2007-3215} [etch] - libphp-phpmailer 1.73-2etch1 [19 Jun 2007] DSA-1314-1 open-iscsi {CVE-2007-3099 CVE-2007-3100} [etch] - open-iscsi 2.0.730-1etch1 [19 Jun 2007] DSA-1313-1 mplayer {CVE-2007-2948} [etch] - mplayer 1.0~rc1-12etch1 [18 Jun 2007] DSA-1312-1 libapache-mod-jk {CVE-2007-1860} [etch] - libapache-mod-jk 1:1.2.18-3etch1 [sarge] - libapache-mod-jk 1:1.2.5-2sarge1 [17 Jun 2007] DSA-1311-1 postgresql-7.4 {CVE-2007-2138} [etch] - postgresql-7.4 1:7.4.17-0etch1 [sarge] - postgresql 7.4.7-6sarge5 [16 Jun 2007] DSA-1310-1 libexif {CVE-2006-4168} [etch] - libexif 0.6.13-5etch1 [sarge] - libexif 0.6.9-6sarge1 [16 Jun 2007] DSA-1309-1 postgresql-8.1 {CVE-2007-2138} [etch] - postgresql-8.1 8.1.9-0etch1 [14 Jun 2007] DSA-1308-1 iceweasel - several vulnerabilities {CVE-2007-1116 CVE-2007-1362 CVE-2007-2867 CVE-2007-2868 CVE-2007-2869 CVE-2007-2870 CVE-2007-2871} [etch] - iceweasel 2.0.0.4-0etch1 [12 Jun 2007] DSA-1307-1 openoffice.org - heap overflow {CVE-2007-0245} [sarge] - openoffice.org 1.1.3-9sarge7 [etch] - openoffice.org 2.0.4.dfsg.2-7etch1 [12 Jun 2007] DSA-1306-1 xulrunner {CVE-2007-1116 CVE-2007-1362 CVE-2007-2867 CVE-2007-2868 CVE-2007-2869 CVE-2007-2870 CVE-2007-2871} [etch] - xulrunner 1.8.0.12-0etch1 [13 Jun 2007] DSA-1305-1 icedove - several vulnerabilities {CVE-2007-1558 CVE-2007-2867 CVE-2007-2868} [etch] - icedove 1.5.0.12.dfsg1-0etch1 [16 Jun 2007] DSA-1304 kernel-source-2.6.8 - several {CVE-2005-4811 CVE-2006-4814 CVE-2006-4623 CVE-2006-5753 CVE-2006-5754 CVE-2006-5757 CVE-2006-6053 CVE-2006-6056 CVE-2006-6060 CVE-2006-6106 CVE-2006-6535 CVE-2007-0958 CVE-2007-1357 CVE-2007-1592} [sarge] - kernel-source-2.6.8 2.6.8-16sarge7 [10 Jun 2007] DSA-1303-1 lighttpd - denial of service {CVE-2007-1869 CVE-2007-1870} [etch] - lighttpd 1.4.13-4etch1 [10 Jun 2007] DSA-1302-1 freetype - integer overflow {CVE-2007-2754} [etch] - freetype 2.2.1-5+etch1 [09 Jun 2007] DSA-1301-1 gimp {CVE-2007-2356} [sarge] - gimp 2.2.6-1sarge2 [etch] - gimp 2.2.13-1etch1 [07 Jun 2007] DSA-1300-1 iceape {CVE-2007-1116 CVE-2007-1362 CVE-2007-1558 CVE-2007-2867 CVE-2007-2868 CVE-2007-2870 CVE-2007-2871} [etch] - iceape 1.0.9-0etch1 [07 Jun 2007] DSA-1299-1 ipsec-tools {CVE-2007-1841} [etch] - ipsec-tools 1:0.6.6-3.1etch1 [28 May 2007] DSA-1298-1 otrs2 {CVE-2007-2524} [etch] - otrs2 2.0.4p01-17 [24 May 2007] DSA-1297-1 gforge-plugin-scmcvs {CVE-2007-0246} [etch] - gforge-plugin-scmcvs 4.5.14-5etch1 [21 May 2007] DSA-1296-1 php4 {CVE-2007-2509} [etch] - php4 6:4.4.4-8+etch3 [sarge] - php4 4:4.3.10-21 [19 May 2007] DSA-1295-1 php5 {CVE-2007-2509 CVE-2007-2510} [etch] - php5 5.2.0-8+etch4 [17 May 2007] DSA-1294-1 xfree86 {CVE-2007-1003 CVE-2007-1351 CVE-2007-1352 CVE-2007-1667} [sarge] - xfree86 4.3.0.dfsg.1-14sarge4 [17 May 2007] DSA-1293-1 quagga {CVE-2007-1995} [sarge] - quagga 0.98.3-7.4 [etch] - quagga 0.99.5-5etch2 [15 May 2007] DSA-1292-1 qt4-x11 {CVE-2007-0242} [etch] - qt4-x11 4.2.1-2etch1 [17 May 2007] DSA-1291-2 samba {CVE-2007-2444 CVE-2007-2446 CVE-2007-2447} [etch] - samba 3.0.24-6etch2 [sarge] - samba 3.0.14a-3sarge6 [13 May 2007] DSA-1290-1 squirrelmail {CVE-2007-1262 CVE-2007-2589} [sarge] - squirrelmail 2:1.4.4-11 [etch] - squirrelmail 2:1.4.9a-2 [13 May 2007] DSA-1289-1 linux-2.6 {CVE-2007-1496 CVE-2007-1497 CVE-2007-1861} [etch] - linux-2.6 2.6.18.dfsg.1-12etch2 [08 May 2007] DSA-1288-1 pptpd {CVE-2007-0244} [etch] - pptpd 1.3.0-2etch1 [07 May 2007] DSA-1287-1 ldap-account-manager {CVE-2006-7191 CVE-2007-1840} [sarge] - ldap-account-manager 0.4.9-2sarge1 [02 May 2007] DSA-1286-1 linux-2.6 {CVE-2007-0005 CVE-2007-0958 CVE-2007-1357 CVE-2007-1592} [etch] - linux-2.6 2.6.18.dfsg.1-12etch1 [01 May 2007] DSA-1285-1 wordpress {CVE-2007-1622 CVE-2007-1893 CVE-2007-1894 CVE-2007-1897 CVE-2007-4483} [etch] - wordpress 2.0.10-1 [01 May 2007] DSA-1284-1 qemu {CVE-2007-1320 CVE-2007-1321 CVE-2007-1322 CVE-2007-1366 CVE-2007-5729 CVE-2007-5730} [sarge] - qemu 0.6.1+20050407-1sarge1 [etch] - qemu 0.8.2-4etch1 [29 Apr 2007] DSA-1283-1 php5 {CVE-2007-1286 CVE-2007-1375 CVE-2007-1376 CVE-2007-1380 CVE-2007-1453 CVE-2007-1454 CVE-2007-1521 CVE-2007-1583 CVE-2007-1700 CVE-2007-1711 CVE-2007-1718 CVE-2007-1777 CVE-2007-1824 CVE-2007-1887 CVE-2007-1889 CVE-2007-1900 CVE-2007-1522} [etch] - php5 5.2.0-8+etch3 [26 Apr 2007] DSA-1282-1 php4 {CVE-2007-1286 CVE-2007-1380 CVE-2007-1521 CVE-2007-1583 CVE-2007-1711 CVE-2007-1718 CVE-2007-1777} [sarge] - php4 4:4.3.10-20 [etch] - php4 6:4.4.4-8+etch2 [25 Apr 2007] DSA-1281-1 clamav - several vulnerabilities {CVE-2007-1745 CVE-2007-1997 CVE-2007-2029} [sarge] - clamav 0.84-2.sarge.16 [etch] - clamav 0.90.1-3etch1 [24 Apr 2007] DSA-1280-1 aircrack-ng - buffer overflow {CVE-2007-2057} [etch] - aircrack-ng 1:0.6.2-7etch1 [22 Apr 2007] DSA-1279-1 webcalendar - missing input sanitising {CVE-2006-6669} [sarge] - webcalendar 0.9.45-4sarge7 [06 Apr 2007] DSA-1278-1 man-db - buffer overflow {CVE-2006-4250} [sarge] - man-db 2.4.2-21sarge1 [04 Apr 2007] DSA-1277-1 xmms - several {CVE-2007-0654 CVE-2007-0653} [sarge] - xmms 1.2.10+cvs20050209-2sarge1 [etch] - xmms 1:1.2.10+20061101-1etch1 [03 Apr 2007] DSA-1276-1 krb5 - several vulnerabilities {CVE-2007-0956 CVE-2007-0957 CVE-2007-1216} [sarge] - krb5 1.3.6-2sarge4 [etch] - krb5 1.4.4-7etch1 [02 Apr 2007] DSA-1275-1 zope2.7 - cross-site scripting {CVE-2007-0240} [sarge] - zope2.7 2.7.5-2sarge4 [02 Apr 2007] DSA-1274-1 file - buffer overflow {CVE-2007-1536} [sarge] - file 4.12-1sarge1 [etch] - file 4.17-5etch1 [27 Mar 2007] DSA-1273-1 nas - several vulnerabilities {CVE-2007-1543 CVE-2007-1544 CVE-2007-1545 CVE-2007-1546 CVE-2007-1547} [sarge] - nas 1.7-2sarge1 [22 Mar 2007] DSA-1272-1 tcpdump - buffer overflow {CVE-2007-1218} [sarge] - tcpdump 3.8.3-5sarge2 [20 Mar 2007] DSA-1271-1 openafs - design error {CVE-2007-1507} [sarge] - openafs 1.3.81-3sarge2 [20 Mar 2007] DSA-1270-1 openoffice.org - several vulnerabilities {CVE-2007-0002 CVE-2007-0238 CVE-2007-0239} [sarge] - openoffice.org 1.1.3-9sarge6 [18 Mar 2007] DSA-1269-1 lookup-el - insecure temporary file {CVE-2007-0237} [sarge] - lookup-el 1.4-3sarge1 [17 Mar 2007] DSA-1268-1 libwpd - integer overflow {CVE-2007-0002} [sarge] - libwpd 0.8.1-1sarge1 [etch] - libwpd 0.8.7-6 [15 Mar 2007] DSA-1267-1 webcalendar - missing input sanitising {CVE-2007-1343} [sarge] - webcalendar 0.9.45-4sarge6 [13 Mar 2007] DSA-1266-1 gnupg - several vulnerabilities {CVE-2007-1263} [sarge] - gnupg 1.4.1-1.sarge7 [10 Mar 2007] DSA-1265-1 mozilla {CVE-2006-6497 CVE-2006-6498 CVE-2006-6499 CVE-2006-6501 CVE-2006-6502 CVE-2006-6503 CVE-2006-6505} [sarge] - mozilla 2:1.7.8-1sarge10 [07 Mar 2007] DSA-1264-1 php4 {CVE-2007-0906 CVE-2007-0907 CVE-2007-0908 CVE-2007-0909 CVE-2007-0910 CVE-2007-0988} [sarge] - php4 4:4.3.10-19 [06 Mar 2007] DSA-1263-1 clamav {CVE-2007-0897 CVE-2007-0898 CVE-2007-0899} [sarge] - clamav 0.84-2.sarge.15 NOTE: We fixed the issue, but it's not 100% confirmed, that this is -0899 [04 Mar 2007] DSA-1262-1 gnomemeeting {CVE-2007-1007} [sarge] - gnomemeeting 1.2.1-1sarge1 [16 Feb 2007] DSA-1261-1 postgresql {CVE-2007-0555} [sarge] - postgresql 7.4.7-6sarge4 [14 Feb 2007] DSA-1260 imagemagick {CVE-2007-0770} [sarge] - imagemagick 6:6.0.6.2-2.9 [14 Feb 2007] DSA-1259-1 fetchmail {CVE-2006-5867} [sarge] - fetchmail 6.2.5-12sarge5 [07 Feb 2007] DSA-1258-1 mozilla-thunderbird {CVE-2006-6497 CVE-2006-6498 CVE-2006-6499 CVE-2006-6501 CVE-2006-6502 CVE-2006-6503} [sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8e.2 [05 Feb 2007] DSA-1257 samba {CVE-2007-0452 CVE-2007-0454} [sarge] - samba 3.0.14a-3sarge4 [31 Jan 2007] DSA-1256-1 gtk+2.0 {CVE-2007-0010} [sarge] - gtk+2.0 2.6.4-3.2 [31 Jan 2007] DSA-1255-1 libgtop2 {CVE-2007-0235} [sarge] - libgtop2 2.6.0-4sarge1 [27 Jan 2007] DSA-1254-1 bind9 {CVE-2007-0494} [sarge] - bind9 1:9.2.4-1sarge2 [27 Jan 2007] DSA-1253-1 mozilla-firefox {CVE-2006-6497 CVE-2006-6498 CVE-2006-6499 CVE-2006-6501 CVE-2006-6502 CVE-2006-6503} [sarge] - mozilla-firefox 1.0.4-2sarge15 [27 Jan 2007] DSA-1252-1 vlc {CVE-2007-0017} [sarge] - vlc 0.8.1.svn20050314-1sarge2 [etch] - vlc 0.8.6-svn20061012.debian-3 [21 Jan 2007] DSA-1251-1 netrik {CVE-2006-6678} [sarge] - netrik 1.15.3-1sarge1 [17 Jan 2007] DSA-1250-1 cacti {CVE-2006-6799} [sarge] - cacti 0.8.6c-7sarge4 [15 Jan 2007] DSA-1249-1 xfree86 {CVE-2006-6101 CVE-2006-6102 CVE-2006-6103} [sarge] - xfree86 4.3.0.dfsg.1-14sarge3 [12 Jan 2007] DSA-1248-1 libsoup {CVE-2006-5876} [sarge] - libsoup 2.2.3-2sarge1 [08 Jan 2007] DSA-1247-1 libapache-mod-auth-kerb {CVE-2006-5989} [sarge] - libapache-mod-auth-kerb 4.996-5.0-rc6-1sarge1 [08 Jan 2007] DSA-1246-1 openoffice.org {CVE-2006-5870} [sarge] - openoffice.org 1.1.3-9sarge4 [07 Jan 2007] DSA-1245-1 proftpd {CVE-2005-4816} [sarge] - proftpd 1.2.10-15sarge4 [28 Dec 2006] DSA-1244-1 xine-lib {CVE-2006-6172} [sarge] - xine-lib 1.0.1-1sarge5 [28 Dec 2006] DSA-1243-1 evince {CVE-2006-5864} [sarge] - evince 0.1.5-2sarge1 [27 Dec 2006] DSA-1242-1 elog {CVE-2006-5063 CVE-2006-5790 CVE-2006-5791 CVE-2006-6318} [sarge] - elog 2.5.7+r1558-4+sarge3 [25 Dec 2006] DSA-1241-1 squirrelmail {CVE-2006-6142} [sarge] - squirrelmail 2:1.4.4-10 [21 Dec 2006] DSA-1240-1 links2 {CVE-2006-5925} [sarge] - links2 2.1pre16-1sarge1 [17 Dec 2006] DSA-1239-1 sql-ledger {CVE-2006-4244 CVE-2006-4731 CVE-2006-5872} [sarge] - sql-ledger 2.4.7-2sarge1 [17 Dec 2006] DSA-1238-1 clamav {CVE-2006-6406 CVE-2006-6481} [sarge] - clamav 0.84-2.sarge.13 [17 Dec 2006] DSA-1237 kernel-source-2.4.27 - several {CVE-2006-4093 CVE-2006-4538 CVE-2006-4997 CVE-2006-5174 CVE-2006-5649 CVE-2006-5871} [sarge] - kernel-source-2.6.8 2.6.8-16sarge6 [13 Dec 2006] DSA-1236-1 enemies-of-carlotta {CVE-2006-5875} [sarge] - enemies-of-carlotta 1.0.3-1sarge1 [13 Dec 2006] DSA-1235-1 ruby1.8 {CVE-2006-5467} [sarge] - ruby1.8 1.8.2-7sarge5 [13 Dec 2006] DSA-1234-1 ruby1.6 {CVE-2006-5467} [sarge] - ruby1.6 1.6.8-12sarge3 [10 Dec 2006] DSA-1233 kernel-source-2.6.8 - several {CVE-2006-3741 CVE-2006-4538 CVE-2006-4813 CVE-2006-4997 CVE-2006-5174 CVE-2006-5619 CVE-2006-5649 CVE-2006-5751 CVE-2006-5871} [sarge] - kernel-source-2.6.8 2.6.8-16sarge6 [09 Dec 2006] DSA-1232-1 clamav {CVE-2006-5874} [sarge] - clamav 0.84-2.sarge.12 [09 Dec 2006] DSA-1231-1 gnupg {CVE-2006-6169 CVE-2006-6235} [sarge] - gnupg 1.4.1-1.sarge6 [08 Dec 2006] DSA-1230-1 l2tpns {CVE-2006-5873} [sarge] - l2tpns 2.0.14-1sarge1 [06 Dec 2006] DSA-1229-1 asterisk {CVE-2006-5444} [sarge] - asterisk 1:1.0.7.dfsg.1-2sarge4 [05 Dec 2006] DSA-1228-1 elinks {CVE-2006-5925} [sarge] - elinks 0.10.4-7.1 [04 Dec 2006] DSA-1227-1 mozilla-thunderbird {CVE-2006-4310 CVE-2006-5462 CVE-2006-5463 CVE-2006-5464 CVE-2006-5748} [sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8d.1 [03 Dec 2006] DSA-1226-1 links {CVE-2006-5925} [sarge] - links 0.99+1.00pre12-1sarge1 [03 Dec 2006] DSA-1225-1 mozilla-firefox {CVE-2006-4310 CVE-2006-5462 CVE-2006-5463 CVE-2006-5464 CVE-2006-5748} [sarge] - mozilla-firefox 1.0.4-2sarge13 [03 Dec 2006] DSA-1224-1 mozilla {CVE-2006-4310 CVE-2006-5462 CVE-2006-5463 CVE-2006-5464 CVE-2006-5748} [sarge] - mozilla 2:1.7.8-1sarge8 [01 Dec 2006] DSA-1223-1 tar {CVE-2006-6097} [sarge] - tar 1.14-2.3 [30 Nov 2006] DSA-1222-1 proftpd {CVE-2006-5815 CVE-2006-6170} [sarge] - proftpd 1.2.10-15sarge3 [30 Nov 2006] DSA-1221-1 libgsf {CVE-2006-4514} [sarge] - libgsf 1.11.1-1sarge1 [27 Nov 2006] DSA-1220 pstotext {CVE-2006-5869} [sarge] - pstotext 1.9-1sarge2 [27 Nov 2006] DSA-1219 texinfo {CVE-2005-3011 CVE-2006-4810} [sarge] - texinfo 4.7-2.2sarge2 [21 Nov 2006] DSA-1218 proftpd {CVE-2006-6171} [sarge] - proftpd 1.2.10-15sarge2 [20 Nov 2006] DSA-1217 linux-ftpd {CVE-2006-5778 CVE-2006-6008} [sarge] - linux-ftpd 0.17-20sarge2 [20 Nov 2006] DSA-1216 flexbackup {CVE-2005-4802} [sarge] - flexbackup 1.2.1-2sarge1 [20 Nov 2006] DSA-1215 xine-lib {CVE-2006-4799 CVE-2006-4800} [sarge] - xine-lib 1.0.1-1sarge4 [20 Nov 2006] DSA-1214 gv {CVE-2006-5864} [sarge] - gv 1:3.6.1-10sarge2 [19 Nov 2006] DSA-1213 imagemagick {CVE-2006-0082 CVE-2006-4144 CVE-2006-5456 CVE-2006-5868} [sarge] - imagemagick 6:6.0.6.2-2.8 [15 Nov 2006] DSA-1212 openssh {CVE-2006-4924 CVE-2006-5051} [sarge] - openssh 1:3.8.1p1-8.sarge.6 [14 Nov 2006] DSA-1211 pdns {CVE-2006-4251} [sarge] - pdns 2.9.17-13sarge3 [14 Nov 2006] DSA-1210 mozilla-firefox {CVE-2006-2788 CVE-2006-4340 CVE-2006-4565 CVE-2006-4566 CVE-2006-4568 CVE-2006-4571} [sarge] - mozilla-firefox 1.0.4-2sarge12 [12 Nov 2006] DSA-1209 trac {CVE-2006-5878} [sarge] - trac 0.8.1-3sarge6 [11 Nov 2006] DSA-1208-1 bugzilla {CVE-2005-4534 CVE-2006-5453} [sarge] - bugzilla 2.16.7-7sarge2 [09 Nov 2006] DSA-1207-1 phpmyadmin {CVE-2006-1678 CVE-2006-2418 CVE-2005-3621 CVE-2005-3665 CVE-2006-5116} [sarge] - phpmyadmin 4:2.6.2-3sarge2 [06 Nov 2006] DSA-1206-1 php4 {CVE-2005-3353 CVE-2006-3017 CVE-2006-4482 CVE-2006-5465} [sarge] - php4 4:4.3.10-18 [02 Nov 2006] DSA-1205-1 thttpd - insecure temporary files {CVE-2006-4248} [sarge] - thttpd 2.23beta1-3sarge2 [02 Nov 2006] DSA-1204-1 ingo1 {CVE-2006-5449} [sarge] - ingo1 1.0.1-1sarge1 [02 Nov 2006] DSA-1203-1 libpam-ldap {CVE-2006-5170} [sarge] - libpam-ldap 178-1sarge3 [31 Oct 2006] DSA-1202-1 screen - programming error {CVE-2006-4573} [sarge] - screen 4.0.2-4.1sarge1 [31 Oct 2006] DSA-1201-1 ethereal - several vulnerabilities {CVE-2005-4574 CVE-2006-4805} [sarge] - ethereal 0.10.10-2sarge9 [30 Oct 2006] DSA-1200-1 qt-x11-free - integer overflow {CVE-2006-4811} [sarge] - qt-x11-free 3:3.3.4-3sarge1 [23 Oct 2006] DSA-1199-1 webmin {CVE-2005-3912 CVE-2006-3392 CVE-2006-4542} [sarge] - webmin 1.180-3sarge1 [23 Oct 2006] DSA-1198-1 python2.3 {CVE-2006-4980} [sarge] - python2.3 2.3.5-3sarge2 [22 Oct 2006] DSA-1197-1 python2.4 {CVE-2006-4980} [sarge] - python2.4 2.4.1-2sarge1 [19 Oct 2006] DSA-1196-1 clamav {CVE-2006-4182 CVE-2006-5295} [sarge] - clamav 0.84-2.sarge.11 [10 Oct 2006] DSA-1195-1 openssl096 {CVE-2006-2940 CVE-2006-3738 CVE-2006-4343} [sarge] - openssl096 0.9.6m-1sarge4 [09 Oct 2006] DSA-1194-1 libwmf {CVE-2006-3376} [sarge] - libwmf 0.2.8.3-2sarge1 [09 Oct 2006] DSA-1193-1 xfree86 {CVE-2006-3467 CVE-2006-3739 CVE-2006-3740 CVE-2006-4447} [sarge] - xfree86 4.3.0.dfsg.1-14sarge2 [06 Oct 2006] DSA-1192-1 mozilla {CVE-2006-2788 CVE-2006-4340 CVE-2006-4565 CVE-2006-4566 CVE-2006-4568 CVE-2006-4570 CVE-2006-4571} [sarge] - mozilla 2:1.7.8-1sarge7.3.1 [05 Oct 2006] DSA-1191-1 mozilla-thunderbird {CVE-2006-2788 CVE-2006-4340 CVE-2006-4565 CVE-2006-4566 CVE-2006-4568 CVE-2006-4570 CVE-2006-4571} [sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8c.1 [04 Oct 2006] DSA-1190-1 maxdb-7.5.00 {CVE-2006-4305} [sarge] - maxdb-7.5.00 7.5.00.24-4 [04 Oct 2006] DSA-1189-1 openssh-krb5 {CVE-2006-4924 CVE-2006-5051} [sarge] - openssh-krb5 3.8.1p1-7sarge1 [04 Oct 2006] DSA-1188-1 mailman {CVE-2006-3636 CVE-2006-4624} [sarge] - mailman 2.1.5-8sarge5 [30 Sep 2006] DSA-1187-1 migrationtools {CVE-2006-0512} [sarge] - migrationtools 46-1sarge1 [30 Sep 2006] DSA-1186-1 cscope {CVE-2006-4262} [sarge] - cscope 15.5-1.1sarge2 [28 Sep 2006] DSA-1185-2 openssl {CVE-2006-2940 CVE-2006-3738 CVE-2006-4343 CVE-2006-2937} [sarge] - openssl 0.9.7e-3sarge4 NOTE: First DSA had a minor regression [22 Sep 2006] DSA-1182-1 gnutls11 {CVE-2006-4790} [sarge] - gnutls11 1.0.16-13.2sarge2 [19 Sep 2006] DSA-1181-1 gzip {CVE-2006-4334 CVE-2006-4335 CVE-2006-4336 CVE-2006-4337 CVE-2006-4338} [sarge] - gzip 1.3.5-10sarge2 [19 Sep 2006] DSA-1180-1 bomberclone {CVE-2006-4005 CVE-2006-4006} [sarge] - bomberclone 0.11.5-1sarge2 [16 Sep 2006] DSA-1179-1 alsaplayer {CVE-2006-4089} [sarge] - alsaplayer 0.99.76-0.3sarge1 [16 Sep 2006] DSA-1178-1 freetype {CVE-2006-3467} [sarge] - freetype 2.1.7-6 [15 Sep 2006] DSA-1177-1 usermin {CVE-2006-4246} [sarge] - usermin 1.110-3.1 [13 Sep 2006] DSA-1176-1 zope2.7 {CVE-2006-4684} [sarge] - zope2.7 2.7.5-2sarge2 [13 Sep 2006] DSA-1175-1 isakmpd {CVE-2006-4436} [sarge] - isakmpd 20041012-1sarge1 [11 Sep 2006] DSA-1174-1 openssl096 - cryptographic weakness {CVE-2006-4339} [sarge] - openssl096 0.9.6m-1sarge2 [10 Sep 2006] DSA-1173-1 openssl - cryptographic weakness {CVE-2006-4339} [sarge] - openssl 0.9.7e-3sarge2 [09 Sep 2006] DSA-1172-1 bind9 - programming error {CVE-2006-4095 CVE-2006-4096} [sarge] - bind9 1:9.2.4-1sarge1 [07 Sep 2006] DSA-1171 ethereal - several {CVE-2006-4333 CVE-2005-3241 CVE-2005-3242 CVE-2005-3243 CVE-2005-3244 CVE-2005-3246 CVE-2005-3248 CVE-2005-3249} [sarge] - ethereal 0.10.10-2sarge8 [06 Sep 2006] DSA-1170 gcc-3.4 - missing sanity check {CVE-2006-3619} [sarge] - gcc-3.4 3.4.3-13sarge1 [05 Sep 2006] DSA-1169 mysql-dfsg-4.1 - several {CVE-2006-4226 CVE-2006-4380} [sarge] - mysql-dfsg-4.1 4.1.11a-4sarge7 [04 Sep 2006] DSA-1168-1 imagemagick {CVE-2006-2440 CVE-2006-3743 CVE-2006-3744} [sarge] - imagemagick 6:6.0.6.2-2.7 [04 Sep 2006] DSA-1167-1 apache - missing input sanitising {CVE-2005-3352 CVE-2006-3918} [sarge] - apache 1.3.33-6sarge3 [03 Sep 2006] DSA-1166 cheesetracker - buffer overflow {CVE-2006-3814} [sarge] - cheesetracker 0.9.9-1sarge1 [01 Sep 2006] DSA-1165 capi4hylafax - missing input sanitising {CVE-2006-3126} [sarge] - capi4hylafax 1:01.02.03-10sarge2 [31 Aug 2006] DSA-1164 sendmail - programming error {CVE-2006-4434} [sarge] - sendmail 8.13.4-3sarge3 [30 Aug 2006] DSA-1163 gtetrinet - programming error {CVE-2006-3125} [sarge] - gtetrinet 0.7.8-1sarge2 [30 Aug 2006] DSA-1162 libmusicbrainz-2.0 - buffer overflows {CVE-2006-4197} [sarge] - libmusicbrainz-2.1 2.1.1-3sarge1 [sarge] - libmusicbrainz-2.0 2.0.2-10sarge1 [29 Aug 2006] DSA-1161 mozilla-firefox - several vulnerabilities {CVE-2006-3805 CVE-2006-3806 CVE-2006-3807 CVE-2006-3808 CVE-2006-3809 CVE-2006-3811} [sarge] - mozilla-firefox 1.0.4-2sarge11 [29 Aug 2006] DSA-1160 mozilla - several {CVE-2006-2779 CVE-2006-3805 CVE-2006-3806 CVE-2006-3807 CVE-2006-3808 CVE-2006-3809 CVE-2006-3811} [sarge] - mozilla 2:1.7.8-1sarge7.2.2 [28 Aug 2006] DSA-1159 mozilla-thunderbird - several {CVE-2006-2779 CVE-2006-3805 CVE-2006-3806 CVE-2006-3807 CVE-2006-3808 CVE-2006-3809 CVE-2006-3810 CVE-2006-3811} [sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8b.1 [27 Aug 2006] DSA-1158 streamripper {CVE-2006-3124} [sarge] - streamripper 1.61.7-1sarge1 [27 Aug 2006] DSA-1157 ruby1.8 {CVE-2006-3694 CVE-2006-1931} [sarge] - ruby1.8 1.8.2-7sarge4 [27 Aug 2006] DSA-1156 kdebase {CVE-2006-2449} [sarge] - kdebase 4:3.3.2-1sarge3 [24 Aug 2006] DSA-1155 sendmail - programming error {CVE-2006-1173} [sarge] - sendmail 8.13.4-3sarge2 [20 Aug 2006] DSA-1154 squirrelmail - variable overwriting {CVE-2006-4019} [sarge] - squirrelmail 2:1.4.4-9 [18 Aug 2006] DSA-1153 clamav - buffer overflow {CVE-2006-4018} [sarge] - clamav 0.84-2.sarge.10 [18 Aug 2006] DSA-1152 trac - missing input sanitising {CVE-2006-3695} [sarge] - trac 0.8.1-3sarge5 [15 Aug 2006] DSA-1151-1 heartbeat - out-of-bounds read {CVE-2006-3121} [sarge] - heartbeat 1.2.3-9sarge6 [12 Aug 2006] DSA-1150-1 shadow - programming error {CVE-2006-3378} [sarge] - shadow 1:4.0.3-31sarge8 [10 Aug 2006] DSA-1149-1 ncompress - buffer underflow {CVE-2006-1168} [sarge] - ncompress 4.2.4-15sarge2 [09 Aug 2006] DSA-1148-1 gallery - several vulnerabilities {CVE-2005-2734 CVE-2006-0330 CVE-2006-4030} [sarge] - gallery 1.5-1sarge2 [09 Aug 2006] DSA-1147-1 drupal - missing input sanitising {CVE-2006-4002} [sarge] - drupal 4.5.3-6.1sarge3 [09 Aug 2006] DSA-1146-1 krb5 - programming error {CVE-2006-3083 CVE-2006-3084} [sarge] - krb5 1.3.6-2sarge3 [08 Aug 2006] DSA-1145-1 freeradius - several {CVE-2005-4745 CVE-2005-4746} [sarge] - freeradius 1.0.2-4sarge3 [07 Aug 2006] DSA-1144-1 chmlib - missing input sanitising {CVE-2006-3178} [sarge] - chmlib 0.35-6sarge3 [04 Aug 2006] DSA-1143-1 dhcp - programming error {CVE-2006-3122} [sarge] - dhcp 2.0pl5-19.1sarge2 [04 Aug 2006] DSA-1142-1 freeciv - missing bouncary checks {CVE-2006-3913} [sarge] - freeciv 2.0.1-1sarge2 [04 Aug 2006] DSA-1141-1 gnupg2 - integer overflow {CVE-2006-3746} [sarge] - gnupg2 1.9.15-6sarge2 [03 Aug 2006] DSA-1140-1 gnupg - integer overflow {CVE-2006-3746} [sarge] - gnupg 1.4.1-1.sarge5 [03 Aug 2006] DSA-1139-1 ruby1.6 - missing privilege checks {CVE-2006-3694} [sarge] - ruby1.6 1.6.8-12sarge2 [02 Aug 2006] DSA-1138-1 cfs - integer overflow {CVE-2006-3123} [sarge] - cfs 1.4.1-15sarge1 [02 Aug 2006] DSA-1137-1 tiff - several vulnerabilities {CVE-2006-3459 CVE-2006-3460 CVE-2006-3461 CVE-2006-3462 CVE-2006-3463 CVE-2006-3464 CVE-2006-3465} [sarge] - tiff 3.7.2-7 [02 Aug 2006] DSA-1136-1 gpdf - wrong input sanitising {CVE-2005-2097} [sarge] - gpdf 2.8.2-1.2sarge5 [02 Aug 2006] DSA-1135-1 libtunepimp - buffer overflow {CVE-2006-3600} [sarge] - libtunepimp 0.3.0-3sarge2 [02 Aug 2006] DSA-1134-1 mozilla-thunderbird - several vulnerabilities {CVE-2006-1729 CVE-2006-1942 CVE-2006-2775 CVE-2006-2776 CVE-2006-2777 CVE-2006-2778 CVE-2006-2779 CVE-2006-2780 CVE-2006-2781 CVE-2006-2782 CVE-2006-2783 CVE-2006-2784 CVE-2006-2785 CVE-2006-2786 CVE-2006-2787} [sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8a [01 Aug 2006] DSA-1133-1 mantis - cross site scripting {CVE-2006-0664 CVE-2006-0665 CVE-2006-0841 CVE-2006-1577} [sarge] - mantis 0.19.2-5sarge4.1 [01 Aug 2006] DSA-1132-1 apache2 - buffer overflow {CVE-2006-3747} [sarge] - apache2 2.0.54-5sarge1 [01 Aug 2006] DSA-1131-1 apache - buffer overflow {CVE-2006-3747} [sarge] - apache 1.3.33-6sarge2 [30 Jul 2006] DSA-1130-1 sitebar - missing input validation {CVE-2006-3320} [sarge] - sitebar 3.2.6-7.1 [28 Jul 2006] DSA-1129 osiris - format string {CVE-2006-3120} [sarge] - osiris 4.0.6-1sarge1 [28 Jul 2006] DSA-1128 heartbeat - permission error {CVE-2006-3815} [sarge] - heartbeat 1.2.3-9sarge5 [28 Jul 2006] DSA-1127 ethereal - several {CVE-2006-3628 CVE-2006-3629 CVE-2006-3630 CVE-2006-3631 CVE-2006-3632} [sarge] - ethereal 0.10.10-2sarge6 [27 Jul 2006] DSA-1126 asterisk - several {CVE-2006-2898} [sarge] - asterisk 1:1.0.7.dfsg.1-2sarge3 [26 Jul 2006] DSA-1125 drupal - several {CVE-2006-2742 CVE-2006-2743 CVE-2006-2831 CVE-2006-2832 CVE-2006-2833} [sarge] - drupal 4.5.3-6.1sarge1 [24 Jul 2006] DSA-1124 fbi - typo {CVE-2006-3119} [sarge] - fbi 2.01-1.2sarge2 [24 Jul 2006] DSA-1123 libdumb - buffer overflow {CVE-2006-3668} [sarge] - libdumb 1:0.9.2-6 [24 Jul 2006] DSA-1122 libnet-server-perl - format string {CVE-2005-1127} [sarge] - libnet-server-perl 0.87-3sarge1 [24 Jul 2006] DSA-1121 postgrey - format string {CVE-2005-1127} [sarge] - postgrey 1.21-1sarge1 NOTE: also fixed in 1.21-1volatile4 [23 Jul 2006] DSA-1120 mozilla-firefox - several vulnerabilities {CVE-2006-1942 CVE-2006-2775 CVE-2006-2776 CVE-2006-2777 CVE-2006-2778 CVE-2006-2779 CVE-2006-2780 CVE-2006-2782 CVE-2006-2783 CVE-2006-2784 CVE-2006-2785 CVE-2006-2786 CVE-2006-2787} [sarge] - mozilla-firefox 1.0.4-2sarge9 [23 Jul 2006] DSA-1119 hiki - design flaw {CVE-2006-3379} [sarge] - hiki 0.6.5-2 [22 Jul 2006] DSA-1118 mozilla - several {CVE-2006-1942 CVE-2006-2775 CVE-2006-2776 CVE-2006-2777 CVE-2006-2778 CVE-2006-2779 CVE-2006-2780 CVE-2006-2781 CVE-2006-2782 CVE-2006-2783 CVE-2006-2784 CVE-2006-2785 CVE-2006-2786 CVE-2006-2787} [sarge] - mozilla 2:1.7.8-1sarge7.1 [21 Jul 2006] DSA-1117 libgd2 - insufficient input sanitising {CVE-2006-2906} [sarge] - libgd2 2.0.33-1.1sarge1 [21 Jul 2006] DSA-1116 gimp - buffer overflow {CVE-2006-3404} [sarge] - gimp 2.2.6-1sarge1 [21 Jul 2006] DSA-1115 gnupg2 - integer overflow {CVE-2006-3082} [sarge] - gnupg 1.4.1-1.sarge4 [sarge] - gnupg2 1.9.15-6sarge1 [21 Jul 2006] DSA-1114 hashcash - buffer overflow {CVE-2006-3251} [sarge] - hashcash 1.17-1sarge1 [18 Jul 2006] DSA-1113 zope2.7 - programming error {CVE-2006-3458} [sarge] - zope2.7 2.7.5-2sarge2 [18 Jul 2006] DSA-1112 mysql-dfsg-4.1 - several vulnerabilities {CVE-2006-3081 CVE-2006-3469} [sarge] - mysql-dfsg-4.1 4.1.11a-4sarge5 [16 Jul 2006] DSA-1111 kernel-source-2.6.8 - race condition {CVE-2006-3626} [sarge] - kernel-source-2.6.8 2.6.8-16sarge4 [16 Jul 2006] DSA-1110 samba - missing input sanitising {CVE-2006-3403} [sarge] - samba 3.0.14a-3sarge2 [16 Jul 2006] DSA-1109 rssh - programming error {CVE-2006-1320} [sarge] - rssh 2.2.3-1.sarge.2 [11 Jul 2006] DSA-1108 mutt - buffer overflow {CVE-2006-3242} [sarge] - mutt 1.5.9-2sarge2 [10 Jul 2006] DSA-1107 gnupg - integer overflow {CVE-2006-3082} [sarge] - gnupg 1.4.1-1.sarge4 [10 Jul 2006] DSA-1106 ppp - programming error {CVE-2006-2194} [sarge] - ppp 2.4.3-20050321+2sarge1 [07 Jul 2006] DSA-1105 xine-lib - buffer overflow {CVE-2006-2802} [woody] - xine-lib 0.9.8-2woody5 [sarge] - xine-lib 1.0.1-1sarge3 [30 Jun 2006] DSA-1104 openoffice.org - several vulnerabilities {CVE-2006-2198 CVE-2006-2199 CVE-2006-3117} [sarge] - openoffice.org 1.1.3-9sarge3 [27 Jun 2006] DSA-1103 kernel-source-2.6.8 - several vulnerabilities {CVE-2005-3359 CVE-2006-0038 CVE-2006-0039 CVE-2006-0456 CVE-2006-0554 CVE-2006-0555 CVE-2006-0557 CVE-2006-0558 CVE-2006-0741 CVE-2006-0742 CVE-2006-0744 CVE-2006-1056 CVE-2006-1242 CVE-2006-1368 CVE-2006-1523 CVE-2006-1524 CVE-2006-1525 CVE-2006-1857 CVE-2006-1858 CVE-2006-1863 CVE-2006-1864 CVE-2006-2271 CVE-2006-2272 CVE-2006-2274} [sarge] - kernel-source-2.6.8 2.6.8-16sarge3 [26 Jun 2006] DSA-1102 pinball - design error {CVE-2006-2196} [sarge] - pinball 0.3.1-3sarge1 [23 Jun 2006] DSA-1101 courier - programming error {CVE-2006-2659} [woody] - courier 0.37.3-2.9 [sarge] - courier 0.47-4sarge5 [15 Jun 2006] DSA-1100 wv2 - integer overflow {CVE-2006-2197} [sarge] - wv2 0.2.2-1sarge1 [14 Jun 2006] DSA-1099-1 - horde2 - missing input sanitising {CVE-2006-2195} [sarge] - horde2 2.2.8-1sarge3 [14 Jun 2006] DSA-1098-1 - horde3 - missing input sanitising {CVE-2006-2195} [sarge] - horde3 3.0.4-4sarge4 [14 Jun 2006] DSA-1097-1 kernel-source-2.4.27 - several vulnerabilities {CVE-2006-0038 CVE-2006-0039 CVE-2006-0741 CVE-2006-0742 CVE-2006-1056 CVE-2006-1242 CVE-2006-1343 CVE-2006-1368 CVE-2006-1524 CVE-2006-1525 CVE-2006-1857 CVE-2006-1858 CVE-2006-1864 CVE-2006-2271 CVE-2006-2272 CVE-2006-2274} [sarge] - kernel-source-2.4.27 2.4.27-10sarge3 [13 Jun 2006] DSA-1096-1 webcalendar - uninitialised variable {CVE-2006-2762} [sarge] - webcalendar 0.9.45-4sarge5 [10 Jun 2006] DSA-1095-1 freetype - integer overflows {CVE-2006-0747 CVE-2006-1861 CVE-2006-2661} [woody] - freetype 2.0.9-1woody1 [sarge] - freetype 2.1.7-2.5 [08 Jun 2006] DSA-1094-1 gforge - missing input sanitising {CVE-2005-2430} [sarge] - gforge 3.1-31sarge1 [08 Jun 2006] DSA-1093-1 xine - format string {CVE-2006-2230} [sarge] - xine-ui 0.99.3-1sarge1 [08 Jun 2006] DSA-1092-1 mysql-dfsg-4.1 - programming error {CVE-2006-2753} [sarge] - mysql-dfsg-4.1 4.1.11a-4sarge4 [08 Jun 2006] DSA-1091-1 tiff - buffer overflows {CVE-2006-2193 CVE-2006-2656} [woody] - tiff 3.5.5-7woody2 [sarge] - tiff 3.7.2-5 [06 Jun 2006] DSA-1090-1 spamassassin - programming error {CVE-2006-2447} [sarge] - spamassassin 3.0.3-2sarge1 [03 Jun 2006] DSA-1089-1 freeradius - several vulnerabilities {CVE-2005-4744 CVE-2006-1354} [sarge] - freeradius 1.0.2-4sarge1 [03 Jun 2006] DSA-1088-1 centericq - buffer overflow {CVE-2005-3863} [woody] - centericq 4.5.1-1.1woody2 [sarge] - centericq 4.20.0-1sarge4 [03 Jun 2006] DSA-1087-1 postgresql - programming error {CVE-2006-2313 CVE-2006-2314} [sarge] - postgresql 7.4.7-6sarge2 [02 Jun 2006] DSA-1086-1 xmcd - design flaw {CVE-2006-2542} [woody] - xmcd 2.6-14woody1 [sarge] - xmcd 2.6-17sarge1 [01 Jun 2006] DSA-1085-1 lynx-cur - several vulnerabilities {CVE-2005-3120} [woody] - lynx-cur 2.8.5-2.5woody1 [sarge] - lynx-cur 2.8.6-9sarge1 [31 May 2006] DSA-1084-1 typespeed - buffer overflow {CVE-2006-1515} [woody] - typespeed 0.4.1-2.4 [sarge] - typespeed 0.4.4-8sarge1 [31 May 2006] DSA-1083-1 motor - buffer overflow {CVE-2005-3863} [woody] - motor 2:3.2.2-2woody1 [sarge] - motor 2:3.4.0-2sarge1 [29 May 2006] DSA-1082-1 kernel-source-2.4.17 - several vulnerabilities {CVE-2003-0984 CVE-2004-0138 CVE-2004-0394 CVE-2004-0427 CVE-2004-0447 CVE-2004-0554 CVE-2004-0565 CVE-2004-0685 CVE-2004-0883 CVE-2004-0949 CVE-2004-0997 CVE-2004-1016 CVE-2004-1017 CVE-2004-1068 CVE-2004-1070 CVE-2004-1071 CVE-2004-1072 CVE-2004-1073 CVE-2004-1074 CVE-2004-1234 CVE-2004-1235 CVE-2004-1333 CVE-2004-1335 CVE-2005-0001 CVE-2005-0003 CVE-2005-0124 CVE-2005-0135 CVE-2005-0384 CVE-2005-0489 CVE-2005-0504} [woody] - kernel-source-2.4.17 2.4.17-1woody4 [29 May 2006] DSA-1081-1 libextractor - buffer overflow {CVE-2006-2458} [sarge] - libextractor 0.4.2-2sarge5 [29 May 2006] DSA-1080-1 dovecot - programming error {CVE-2006-2414} [sarge] - dovecot 0.99.14-1sarge0 [29 May 2006] DSA-1079-1 mysql-dfsg - several {CVE-2006-0903 CVE-2006-1516 CVE-2006-1517 CVE-2006-1518} [sarge] - mysql-dfsg 4.0.24-10sarge2 [27 May 2006] DSA-1078-1 tiff - out-of-bounds read {CVE-2006-2120} [sarge] - tiff 3.7.2-4 [26 May 2006] DSA-1077-1 lynx-ssl - programming error {CVE-2004-1617} [woody] - lynx-ssl 1:2.8.4.1b-3.3 [26 May 2006] DSA-1076-1 lynx - programming error {CVE-2004-1617} [woody] - lynx 2.8.4.1b-3.4 [sarge] - lynx 2.8.5-2sarge2 [26 May 2006] DSA-1075-1 awstats - programming error {CVE-2006-2644 CVE-2006-1945} [sarge] - awstats 6.4-1sarge3 (bug #365910) [24 May 2006] DSA-1074-1 mpg123 - buffer overflow {CVE-2006-1655} [sarge] - mpg123 0.59r-20sarge1 [22 May 2006] DSA-1073-1 mysql-dfsg-4.1 - several vulnerabilities {CVE-2006-0903 CVE-2006-1516 CVE-2006-1517 CVE-2006-1518} [sarge] - mysql-dfsg-4.1 4.1.11a-4sarge3 [22 May 2006] DSA-1072-1 nagios - buffer overflow {CVE-2006-2162 CVE-2006-2489} [sarge] - nagios 2:1.3-cvs.20050402-2.sarge.2 [22 May 2006] DSA-1071-1 mysql - several vulnerabilities {CVE-2006-0903 CVE-2006-1516 CVE-2006-1517 CVE-2006-1518} [woody] - mysql 3.23.49-8.15 [21 May 2006] DSA-1070-1 kernel-source-2.4.19 - several vulnerabilities {CVE-2003-0984 CVE-2004-0138 CVE-2004-0394 CVE-2004-0427 CVE-2004-0447 CVE-2004-0554 CVE-2004-0565 CVE-2004-0685 CVE-2004-0883 CVE-2004-0949 CVE-2004-0997 CVE-2004-1016 CVE-2004-1017 CVE-2004-1068 CVE-2004-1070 CVE-2004-1071 CVE-2004-1072 CVE-2004-1073 CVE-2004-1074 CVE-2004-1234 CVE-2004-1235 CVE-2004-1333 CVE-2004-1335 CVE-2005-0001 CVE-2005-0003 CVE-2005-0124 CVE-2005-0135 CVE-2005-0384 CVE-2005-0489 CVE-2005-0504} [woody] - kernel-image-sparc-2.4 26woody1 [woody] - kernel-patch-2.4.19-mips 2.4.19-0.020911.1.woody5 [woody] - kernel-source-2.4.19 2.4.19-4.woody3 [20 May 2006] DSA-1069-1 kernel-source-2.4.18 - several {CVE-2004-0427 CVE-2005-0489 CVE-2004-0394 CVE-2004-0447 CVE-2004-0554 CVE-2004-0565 CVE-2004-0685 CVE-2005-0001 CVE-2004-0883 CVE-2004-0949 CVE-2004-1016 CVE-2004-1333 CVE-2004-0997 CVE-2004-1335 CVE-2004-1017 CVE-2005-0124 CVE-2003-0984 CVE-2004-1070 CVE-2004-1071 CVE-2004-1072 CVE-2004-1073 CVE-2004-1074 CVE-2004-0138 CVE-2004-1068 CVE-2004-1234 CVE-2005-0003 CVE-2004-1235 CVE-2005-0504 CVE-2005-0384} [woody] - kernel-source-2.4.18 2.4.18-14.4 [20 May 2006] DSA-1068-1 fbi - insecure temporary file {CVE-2006-1695} [woody] - fbi 1.23woody1 [sarge] - fbi 2.01-1.2sarge1 [20 May 2006] DSA-1067-1 kernel-source-2.4.16 - several {CVE-2004-0427 CVE-2005-0489 CVE-2004-0394 CVE-2004-0447 CVE-2004-0554 CVE-2004-0565 CVE-2004-0685 CVE-2005-0001 CVE-2004-0883 CVE-2004-0949 CVE-2004-1016 CVE-2004-1333 CVE-2004-0997 CVE-2004-1335 CVE-2004-1017 CVE-2005-0124 CVE-2003-0984 CVE-2004-1070 CVE-2004-1071 CVE-2004-1072 CVE-2004-1073 CVE-2004-1074 CVE-2004-0138 CVE-2004-1068 CVE-2004-1234 CVE-2005-0003 CVE-2004-1235 CVE-2005-0504 CVE-2005-0384 CVE-2005-0135} [woody] - kernel-source-2.4.16 2.4.16-1woody2 [19 May 2006] DSA-1066-1 phpbb2 - missing input sanitising {CVE-2006-1896} [sarge] - phpbb2 2.0.13+1-6sarge3 [19 May 2006] DSA-1065-1 hostapd - missing input sanitising {CVE-2006-2213} [sarge] - hostapd 1:0.3.7-2sarge1 [19 May 2006] DSA-1064-1 cscope - buffer overflows {CVE-2004-2541} [woody] - cscope 15.3-1woody3 [sarge] - cscope 15.5-1.1sarge1 [19 May 2006] DSA-1063-1 phpgroupware - missing input sanitising {CVE-2005-2781} [woody] - phpgroupware 0.9.14-0.RC3.2.woody6 [sarge] - phpgroupware 0.9.16.005-3.sarge5 [19 May 2006] DSA-1062-1 kphone - insecure file creation {CVE-2006-2442} [sarge] - kphone 1:4.1.0-2sarge1 [19 May 2006] DSA-1061-1 popfile - missing input sanitising {CVE-2006-0876} [sarge] - popfile 0.22.2-2sarge1 [19 May 2006] DSA-1060-1 kernel-patch-server - programming error {CVE-2006-2110} [sarge] - kernel-patch-vserver 1.9.5.6 [19 May 2006] DSA-1059-1 quagga - several {CVE-2006-2223 CVE-2006-2224 CVE-2006-2276} [sarge] - quagga 0.98.3-7.2 [18 May 2006] DSA-1058-1 awstats - missing input sanitising {CVE-2006-2237} [woody] - awstats [sarge] - awstats 6.4-1sarge2 [15 May 2006] DSA-1057-1 phpldapadmin - missing input sanitising {CVE-2006-2016} [sarge] - phpldapadmin 0.9.5-3sarge3 [15 May 2006] DSA-1056-1 webcalendar - verbose error message {CVE-2006-2247} [sarge] - webcalendar 0.9.45-4sarge4 [11 May 2006] DSA-1055-1 mozilla-firefox - programming error {CVE-2006-1993} [sarge] - mozilla-firefox 1.0.4-2sarge7 [09 May 2006] DSA-1054-1 tiff - several vulnerabilities {CVE-2006-2024 CVE-2006-2025 CVE-2006-2026} [woody] - tiff 3.5.5-7woody1 [sarge] - tiff 3.7.2-3sarge1 [09 May 2006] DSA-1053-1 mozilla - programming error {CVE-2006-1993} [sarge] - mozilla 2:1.7.8-1sarge6 [08 May 2006] DSA-1052-1 cgiirc - buffer overflows {CVE-2006-2148} [sarge] - cgiirc 0.5.4-6sarge1 [04 May 2006] DSA-1051-1 mozilla-thunderbird - several vulnerabilities {CVE-2005-2353 CVE-2005-4134 CVE-2006-0292 CVE-2006-0293 CVE-2006-0296 CVE-2006-0748 CVE-2006-0749 CVE-2006-0884 CVE-2006-1045 CVE-2006-1723 CVE-2006-1724 CVE-2006-1727 CVE-2006-1728 CVE-2006-1729 CVE-2006-1730 CVE-2006-1731 CVE-2006-1732 CVE-2006-1733 CVE-2006-1734 CVE-2006-1735 CVE-2006-1736 CVE-2006-1737 CVE-2006-1738 CVE-2006-1739 CVE-2006-1740 CVE-2006-1741 CVE-2006-1742 CVE-2006-1790} [sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 [02 May 2006] DSA-1050-1 clamav - buffer overflow {CVE-2006-1989} [sarge] - clamav 0.84-2.sarge.9 [02 May 2006] DSA-1049-1 ethereal - several vulnerabilities {CVE-2006-1932 CVE-2006-1933 CVE-2006-1934 CVE-2006-1935 CVE-2006-1936 CVE-2006-1937 CVE-2006-1938 CVE-2006-1939 CVE-2006-1940} [woody] - ethereal 0.9.4-1woody15 [sarge] - ethereal 0.10.10-2sarge5 [01 May 2006] DSA-1048-1 asterisk - several vulnerabilities {CVE-2005-3559 CVE-2006-1827} [woody] - asterisk 0.1.11-3woody1 [sarge] - asterisk 1:1.0.7.dfsg.1-2sarge2 [30 Apr 2006] DSA-1047-1 resmgr - programming error {CVE-2006-2147} [sarge] - resmgr 1.0-2sarge2 [27 Apr 2006] DSA-1046-1 mozilla - several {CVE-2006-1732 CVE-2005-2353 CVE-2005-4134 CVE-2006-0292 CVE-2006-0293 CVE-2006-0748 CVE-2006-0749 CVE-2006-0884 CVE-2006-1045 CVE-2006-1529 CVE-2006-1530 CVE-2006-1531 CVE-2006-1723 CVE-2006-1724 CVE-2006-1727 CVE-2006-1728 CVE-2006-1729 CVE-2006-1730 CVE-2006-1731 CVE-2006-1733 CVE-2006-1734 CVE-2006-1735 CVE-2006-1736 CVE-2006-1737 CVE-2006-1738 CVE-2006-1739 CVE-2006-1740 CVE-2006-1741 CVE-2006-1742 CVE-2006-1790 CVE-2006-0296} [sarge] - mozilla 2:1.7.8-1sarge5 [27 Apr 2006] DSA-1045-1 openvpn - design error {CVE-2006-1629} [sarge] - openvpn 2.0-1sarge3 [26 Apr 2006] DSA-1044-1 mozilla-firefox - several {CVE-2006-1724 CVE-2006-0292 CVE-2005-4134 CVE-2006-1741 CVE-2006-1742 CVE-2006-1737 CVE-2006-1738 CVE-2006-1739 CVE-2006-1740 CVE-2006-1736 CVE-2006-1735 CVE-2006-1734 CVE-2006-1733 CVE-2006-1732 CVE-2006-0749 CVE-2006-1731 CVE-2006-1730 CVE-2006-1729 CVE-2006-1728 CVE-2006-1727 CVE-2006-0748 CVE-2005-4720 CVE-2006-0296} [sarge] - mozilla-firefox 1.0.4-2sarge6 [26 Apr 2006] DSA-1043-1 abcmidi - buffer overflows {CVE-2006-1514} [woody] - abcmidi 17-1woody1 [sarge] - abcmidi 20050101-1sarge1 [25 Apr 2006] DSA-1042-1 cyrus-sasl2 - programming error {CVE-2006-1721} [woody] - cyrus-sasl2 [sarge] - cyrus-sasl2 2.1.19-1.5sarge1 [25 Apr 2006] DSA-1041-1 abc2ps - buffer overflows {CVE-2006-1513} [woody] - abc2ps 1.3.3-2woody1 [sarge] - abc2ps 1.3.3-3sarge1 [24 Apr 2006] DSA-1040-1 gdm - programming error {CVE-2006-1057} [sarge] - gdm 2.6.0.8-1sarge2 [24 Apr 2006] DSA-1039-1 blender - several {CVE-2005-3302 CVE-2005-4470} [sarge] - blender 2.36-1sarge1 [21 Apr 2006] DSA-1038-1 xzgv - programming error {CVE-2006-1060} [woody] - xzgv 0.7-6woody3 [sarge] - xzgv 0.8-3sarge1 [21 Apr 2006] DSA-1037-1 zgv - programming error {CVE-2006-1060} [woody] - zgv 5.5-3woody3 [sarge] - zgv 5.7-1.4 [17 Apr 2006] DSA-1036-1 bsdgames - buffer overflow {CVE-2006-1744} [woody] - bsdgames 2.13-7woody0 [sarge] - bsdgames 2.7.59-7sarge1 [15 Apr 2006] DSA-1035-1 fcheck - insecure temporary file {CVE-2006-1753} [woody] - fcheck [sarge] - fcheck 2.7.59-7sarge1 [14 Apr 2006] DSA-1034-1 horde2 - several vulnerabilities {CVE-2006-1260 CVE-2006-1491} [sarge] - horde2 2.2.8-1sarge2 [12 Apr 2006] DSA-1033-1 horde3 - several vulnerabilities {CVE-2005-4190 CVE-2006-1260 CVE-2006-1491} [sarge] - horde3 3.0.4-4sarge3 [12 Apr 2006] DSA-1032-1 zope-cmfplone - programming error {CVE-2006-1711} [sarge] - zope-cmfplone 2.0.4-3sarge1 [08 Apr 2006] DSA-1031-1 cacti - several {CVE-2006-0146 CVE-2006-0147 CVE-2006-0410 CVE-2006-0806} [sarge] - cacti 0.8.6c-7sarge3 [08 Apr 2006] DSA-1030-1 moodle - several {CVE-2006-0146 CVE-2006-0147 CVE-2006-0410 CVE-2006-0806} [sarge] - moodle 1.4.4.dfsg.1-3sarge1 [08 Apr 2006] DSA-1029-1 libphp-adodb - several {CVE-2006-0146 CVE-2006-0147 CVE-2006-0410 CVE-2006-0806} [woody] - libphp-adodb 1.51-1.2 [sarge] - libphp-adodb 4.52-1sarge1 [07 Apr 2006] DSA-1028-1 libimager-perl - denial of service {CVE-2006-0053} [sarge] - libimager-perl 0.44-1sarge1 [06 Apr 2006] DSA-1027-1 mailman - programming error {CVE-2006-0052} [woody] - mailman (Vulnerable code not present) [sarge] - mailman 2.1.5-8sarge2 [06 Apr 2006] DSA-1026-1 sash - buffer overflows {CVE-2005-1849 CVE-2005-2096} [woody] - sash (Older zlib not vulnerable) [sarge] - sash 3.7-5sarge1 [06 Apr 2006] DSA-1025-1 dia - programming error {CVE-2006-1550} [woody] - dia 0.88.1-3woody1 [sarge] - dia 0.94.0-7sarge3 [05 Apr 2006] DSA-1024-1 clamav - heap overflow {CVE-2006-1614 CVE-2006-1615 CVE-2006-1630} [sarge] - clamav 0.84-2.sarge.8 [05 Apr 2006] DSA-1023-1 kaffeine - buffer overflow {CVE-2006-0051} [sarge] - kaffeine 0.6-1sarge1 [04 Apr 2006] DSA-1022-1 storebackup - several {CVE-2005-3146 CVE-2005-3147 CVE-2005-3148} [sarge] - storebackup 1.18.4-2sarge1 [28 Mar 2006] DSA-1021-1 netpbm-free - insecure program execution {CVE-2005-2471} [woody] - netpbm-free 2:9.20-8.6 [sarge] - netpbm-free 2:10.0-8sarge3 [28 Mar 2006] DSA-1020-1 flex - buffer overflow {CVE-2006-0459} [sarge] - flex 2.5.31-31sarge1 [24 Mar 2006] DSA-1019-1 koffice - several {CVE-2006-1244 CVE-2005-3192 CVE-2006-0301} [sarge] - koffice 1.3.5-4.sarge.3 [24 Mar 2006] DSA-1018-1 kernel-source-2.4.27 - several {CVE-2004-0887 CVE-2004-1058 CVE-2004-2607 CVE-2005-0449 CVE-2005-1761 CVE-2005-2457 CVE-2005-2555 CVE-2005-2709 CVE-2005-2973 CVE-2005-3257 CVE-2005-3783 CVE-2005-3806 CVE-2005-3848 CVE-2005-3857 CVE-2005-3858 CVE-2005-4618} [sarge] - kernel-source-2.4.27 2.4.27-10sarge2 NOTE: An update 1018-2 was issued later, but it doesn't contain noteworthy data [23 Mar 2006] DSA-1017-1 kernel-source-2.6.8 - several {CVE-2004-1017 CVE-2005-0124 CVE-2005-0449 CVE-2005-2457 CVE-2005-2490 CVE-2005-2555 CVE-2005-2709 CVE-2005-2800 CVE-2005-2973 CVE-2005-3044 CVE-2005-3053 CVE-2005-3055 CVE-2005-3180 CVE-2005-3181 CVE-2005-3257 CVE-2005-3356 CVE-2005-3358 CVE-2005-3783 CVE-2005-3784 CVE-2005-3806 CVE-2005-3847 CVE-2005-3848 CVE-2005-3857 CVE-2005-3858 CVE-2005-4605 CVE-2005-4618 CVE-2006-0095 CVE-2006-0096 CVE-2006-0482 CVE-2006-1066} [sarge] - kernel-source-2.6.8 2.6.8-16sarge2 [23 Mar 2006] DSA-1016-1 evolution - format string vulnerabilities {CVE-2005-2549 CVE-2005-2550} [woody] - evolution 1.0.5-1woody3 [sarge] - evolution 2.0.4-2sarge1 [23 Mar 2006] DSA-1015-1 sendmail - programming error {CVE-2006-0058} [woody] - sendmail 8.12.3-7.2 [sarge] - sendmail 8.13.4-3sarge1 [23 Mar 2006] DSA-1014-1 firebird2 - buffer overflow {CVE-2004-2043} [sarge] - firebird2 1.5.1-4sarge1 [22 Mar 2006] DSA-1013-1 snmptrapfmt - insecure temporary file {CVE-2006-0050} [woody] - snmptrapfmt 1.03woody1 [sarge] - snmptrapfmt 1.08sarge1 NOTE: fixed in testing at time of DSA [21 Mar 2006] DSA-1012-1 unzip - buffer overflow {CVE-2005-4667} [woody] - unzip 5.50-1woody6 [sarge] - unzip 5.52-1sarge4 NOTE: not fixed in testing at time of DSA (too young) [21 Mar 2006] DSA-1011-1 kernel-patch-server, util-vserver - missing attribute support {CVE-2005-4347 CVE-2005-4418} [sarge] - kernel-patch-vserver 1.9.5.4 [sarge] - util-vserver 0.30.204-5sarge3 NOTE: not fixed in testing at the time of DSA [21 Mar 2006] DSA-1010-1 ilohamail - missing input sanitising {CVE-2005-1120} [sarge] - ilohamail 0.8.14-0rc3sarge1 NOTE: not fixed in testing at the time of DSA (too young) [21 Mar 2006] DSA-1009-1 crossfire - buffer overflow {CVE-2006-1236} [woody] - crossfire 1.1.0-1woody2 [sarge] - crossfire 1.6.0.dfsg.1-4sarge2 NOTE: fixed in testing at the time of DSA [17 Mar 2006] DSA-1008-1 kpdf - buffer overflow {CVE-2006-0746} [sarge] - kdegraphics 4:3.3.2-2sarge4 NOTE: Sid is not affected according to DSA [17 Mar 2006] DSA-1007-1 drupal - several {CVE-2006-1225 CVE-2006-1226 CVE-2006-1227 CVE-2006-1228} [sarge] - drupal 4.5.3-6 NOTE: not fixed in testing at the time of DSA (too young) [16 Mar 2006] DSA-1006-1 wzdftpd - missing input sanitising {CVE-2005-3081} [sarge] - wzdftpd 0.5.2-1.1sarge1 NOTE: fixed in testing at the time of DSA [16 Mar 2006] DSA-1005-1 xine-lib - buffer overflow {CVE-2005-4048} [woody] - xine-lib [sarge] - xine-lib 1.0.1-1sarge2 NOTE: fixed in testing at the time of DSA [16 Mar 2006] DSA-1004-1 vlc - buffer overflow {CVE-2005-4048} [woody] - vlc [sarge] - vlc 0.8.1.svn20050314-1sarge1 NOTE: not fixed in testing at the time of DSA (waiting on deps) [16 Mar 2006] DSA-1003-1 xpvm - insecure temporary file {CVE-2005-2240} [woody] - xpvm 1.2.5-7.2woody1 [sarge] - xpvm 1.2.5-7.3sarge1 NOTE: fixed in testing at the time of DSA (not in testing) [15 Mar 2006] DSA-1002-1 webcalendar - several {CVE-2005-3949 CVE-2005-3961 CVE-2005-3982 CVE-2005-3984} [sarge] - webcalendar 0.9.45-4sarge3 NOTE: not fixed in testing at the time of DSA (too young) [14 Mar 2006] DSA-1001-1 crossfire - buffer overflow {CVE-2006-1010} [woody] - crossfire 1.1.0-1woody1 [sarge] - crossfire 1.6.0.dfsg.1-4sarge1 NOTE: not fixed in testing at the time of DSA (too young) [14 Mar 2006] DSA-1000-2 libapreq2-perl - design error {CVE-2006-0042} [sarge] - libapreq2-perl 2.04-dev-1sarge2 [14 Mar 2006] DSA-999-1 lurker - several {CVE-2006-1062 CVE-2006-1063 CVE-2006-1064} [sarge] - lurker 1.2-5sarge1 NOTE: not fixed in testing at the time of DSA (too young) [14 Mar 2006] DSA-998-1 libextractor - several {CVE-2006-0301} [sarge] - libextractor 0.4.2-2sarge3 NOTE: not fixed in testing at the time of DSA (missing mips builds) [13 Mar 2006] DSA-997-1 bomberclone - buffer overflows {CVE-2006-0460} [sarge] - bomberclone 0.11.5-1sarge1 NOTE: not fixed in testing at the time of DSA (missing builds) [13 Mar 2006] DSA-996-1 libcrypt-cbc-perl - programming error {CVE-2006-0898} [sarge] - libcrypt-cbc-perl 2.12-1sarge1 NOTE: fixed in testing at the time of DSA [13 Mar 2006] DSA-995-1 metamail - buffer overflow {CVE-2006-0709} [woody] - metamail 2.7-45woody.4 [sarge] - metamail 2.7-47sarge1 NOTE: fixed in testing at the time of DSA [13 Mar 2006] DSA-994-1 freeciv - denial of service {CVE-2006-0047} [sarge] - freeciv 2.0.1-1sarge1 NOTE: fixed in testing at the time of DSA [10 Mar 2006] DSA-993-2 gnupg - remote {CVE-2006-0049} [woody] - gnupg 1.0.6-4woody5 [sarge] - gnupg 1.4.1-1.sarge3 NOTE: not fixed in testing at the time of DSA (too young) NOTE: Initial -1 DSA lacked a Woody version [10 Mar 2006] DSA-992-1 ffmpeg - buffer overflow {CVE-2005-4048} [sarge] - ffmpeg 0.cvs20050313-2sarge1 NOTE: fixed in testing at the time of DSA [10 Mar 2006] DSA-991-1 zoo - buffer overflow {CVE-2006-0855} [woody] - zoo 2.10-9woody0 [sarge] - zoo 2.10-11sarge0 NOTE: not fixed in testing at the time of DSA (too young) [10 Mar 2006] DSA-990-1 bluez-hcidump - programming error {CVE-2006-0670} [sarge] - bluez-hcidump 1.17-1sarge1 NOTE: fixed in testing at the time of DSA [08 Mar 2006] DSA-989-1 zoph - SQL injection {CVE-2006-0402} [sarge] - zoph 0.3.3-12sarge1 NOTE: not fixed in testing at the time of DSA (too young) [08 Mar 2006] DSA-988-1 squirrelmail - several {CVE-2006-0377 CVE-2006-0195 CVE-2006-0188} [woody] - squirrelmail 1.2.6-5 [sarge] - squirrelmail 2:1.4.4-8 NOTE: not fixed in testing at the time of DSA (unfixed in sid) [07 Mar 2006] DSA-987-1 tar - buffer overflow {CVE-2006-0300} [sarge] - tar 1.14-2.1 NOTE: fixed in testing at the time of DSA [06 Mar 2006] DSA-986-1 gnutls11 - buffer overflows {CVE-2006-0645} [sarge] - gnutls11 1.0.16-13.2 NOTE: not fixed in testing at the time of DSA (unfixed in sid) [06 Mar 2006] DSA-985-1 libtasn1-2 - buffer overflows {CVE-2006-0645} [sarge] - libtasn1-2 0.2.10-3sarge1 NOTE: not fixed in testing at the time of DSA (unfixed in sid) [02 Mar 2006] DSA-984-1 xpdf - several {CVE-2005-2097 CVE-2005-3191 CVE-2005-3193 CVE-2006-0301} [sarge] - xpdf 3.00-13.6 NOTE: sid is not affected, just a revamp of previous patches [27 Feb 2006] DSA-983-1 pdftohtml - several {CVE-2005-3191 CVE-2005-3192 CVE-2006-0301} [sarge] - pdftohtml 0.36-11sarge2 NOTE: sid is not affected, just a revamp of previous patches [27 Feb 2006] DSA-982-1 gpdf - several {CVE-2005-2097 CVE-2005-3191 CVE-2005-3193 CVE-2006-0301 CVE-2006-1244} [sarge] - gpdf 2.8.2-1.2sarge4 NOTE: sid is not affected, just a revamp of previous patches [26 Feb 2006] DSA-981-1 bmv - integer overflow {CVE-2005-3278} [woody] - bmv 1.2-14.3 [sarge] - bmv 1.2-17sarge1 NOTE: fixed in testing at the time of DSA [22 Feb 2006] DSA-980-1 tutos - several {CVE-2004-2161 CVE-2004-2162} [sarge] - tutos 1.1.20031017-2+1sarge1 NOTE: fixed in testing at the time of DSA (removed from sid) [17 Feb 2006] DSA-979-1 pdfkit.framework - several {CVE-2005-3191 CVE-2005-3193 CVE-2006-0301} [sarge] - pdfkit.framework 0.8-2sarge3 NOTE: sid is not affected [17 Feb 2006] DSA-978-1 gnupg - invalid success return {CVE-2006-0455} [woody] - gnupg 1.0.6-4woody4 [sarge] - gnupg 1.4.1-1sarge1 NOTE: not fixed in sid at the time of DSA [16 Feb 2006] DSA-977-1 heimdal - several {CVE-2006-0582 CVE-2006-0677} [woody] - heimdal [sarge] - heimdal 0.6.3-10sarge2 NOTE: not fixed in testing at time of DSA (unfixed in sid) [15 Feb 2006] DSA-976-1 libast - buffer overflow {CVE-2006-0224} [woody] - libast1 0.4-3woody2 [sarge] - libast 0.6-0pre2003010606sarge1 NOTE: Fixed in sid at time of DSA - need 10 days for migration [15 Feb 2006] DSA-975-1 nfs-user-server - buffer overflow {CVE-2006-0043} [woody] - nfs-user-server 2.2beta47-12woody1 [sarge] - nfs-user-server 2.2beta47-20sarge2 NOTE: fixed in testing at time of DSA [15 Feb 2006] DSA-974-1 gpdf - buffer overflow {CVE-2006-0301} [sarge] - gpdf 2.8.2-1.2sarge3 NOTE: not fixed in testing at time of DSA (unfixed in sid) [15 Feb 2006] DSA-973-1 otrs - several {CVE-2005-3893 CVE-2005-3894 CVE-2005-3895} [sarge] - otrs 1.3.2p01-6 NOTE: fixed in testing at time of DSA [15 Feb 2006] DSA-972-1 pdfkit.framework - buffer overflows {CVE-2006-0301} [sarge] - pdfkit.framework 0.8-2sarge2 NOTE: not fixed in testing at time of DSA (too young) [14 Feb 2006] DSA-971-1 xpdf - buffer overflow {CVE-2006-0301} [sarge] - xpdf 3.00-13.5 NOTE: fixed in testing at time of DSA [14 Feb 2006] DSA-970-1 kronolith - missing input sanitising {CVE-2005-4189} [sarge] - kronolith 1.1.4-2sarge1 NOTE: fixed in testing at time of DSA (removed from sid) [13 Feb 2006] DSA-969-1 scponly - design error {CVE-2005-4532 CVE-2005-4533} [sarge] - scponly 4.0-1sarge1 NOTE: not fixed in testing at time of DSA (mips/mipsel missing) [13 Feb 2006] DSA-968-1 noweb - insecure temporary file {CVE-2005-3342} [woody] - noweb 2.9a-7.4 [sarge] - noweb 2.10c-3.2 NOTE: not fixed in testing at time of DSA (too young) [10 Feb 2006] DSA-967-1 elog - several {CVE-2005-4439 CVE-2006-0347 CVE-2006-0348 CVE-2006-0597 CVE-2006-0598 CVE-2006-0599 CVE-2006-0600} [sarge] - elog 2.5.7+r1558-4+sarge2 NOTE: fixed in testing at time of DSA [09 Feb 2006] DSA-966-1 adzapper - denial of service {CVE-2006-0046} [sarge] - adzapper 20050316-1sarge1 NOTE: fixed in testing at time of DSA [06 Feb 2006] DSA-965-1 ipsec-tools - null dereference {CVE-2005-3732} [sarge] - ipsec-tools 1:0.5.2-1sarge1 NOTE: fixed in testing at time of DSA [03 Feb 2006] DSA-964-1 gnocatan - buffer overflow { CVE-2006-0467 } [woody] - gnocatan 0.6.1-5woody3 [sarge] - gnocatan 0.8.1.59-1sarge1 NOTE: not fixed in testing at time of DSA NOTE: Fixed in sid at time of DSA (package name change to pioneers) [02 Feb 2006] DSA-963-1 mydns - missing input sanitising { CVE-2006-0351 } [sarge] - mydns 1.0.0-4sarge1 NOTE: not fixed in testing at time of DSA NOTE: fixed in sid at time of DSA [01 Feb 2006] DSA-962-1 pdftohtml - buffer overflows {CVE-2005-3191 CVE-2005-3192 CVE-2005-3624 CVE-2005-3625 CVE-2005-3626 CVE-2005-3627 CVE-2005-3628} [sarge] - pdftohtml 0.36-11sarge1 NOTE: not fixed in testing at time of DSA (unfixed in sid) [01 Feb 2006] DSA-961-1 pdfkit.framework - buffer overflows {CVE-2005-3191 CVE-2005-3192 CVE-2005-3193 CVE-2005-3624 CVE-2005-3625 CVE-2005-3626 CVE-2005-3627 CVE-2005-3628} [sarge] - pdfkit.framework 0.8-2sarge1 NOTE: not fixed in testing at time of DSA (unfixed in sid) [31 Jan 2006] DSA-960-3 libmail-audit-perl - insecure temporary file creation {CVE-2005-4536} [woody] - libmail-audit-perl 2.0-4woody3 [sarge] - libmail-audit-perl 2.1-5sarge4 NOTE: 960-1 and 960-2 had regressions [30 Jan 2006] DSA-959-1 unalz - buffer overflow {CVE-2005-3862} [sarge] - unalz 0.30.1 NOTE: not fixed in testing at time of DSA (unfixed in sid) [27 Jan 2006] DSA-958-1 drupal - several {CVE-2005-3973 CVE-2005-3974 CVE-2005-3975} [sarge] - drupal 4.5.3-5 NOTE: fixed in testing at time of DSA [26 Jan 2006] DSA-957-2 imagemagick - missing shell meta sanitising {CVE-2005-4601} [woody] - imagemagick 4:5.4.4.5-1woody8 [sarge] - imagemagick 6:6.0.6.2-2.6 NOTE: fixed in testing at time of DSA [26 Jan 2006] DSA-956-1 lsh-server - filedescriptor leak {CVE-2006-0353} [sarge] - lsh-utils 2.0.1-3sarge1 NOTE: not fixed in testing at time of DSA (not yet built) [25 Jan 2006] DSA-955-1 mailman - DoS {CVE-2005-3573 CVE-2005-4153} [woody] - mailman (Vulnerable code not present) [sarge] - mailman 2.1.5-8sarge1 NOTE: fixed in testing at time of DSA [25 Jan 2006] DSA-954-1 wine - design flaw {CVE-2006-0106} [sarge] - wine 0.0.20050310-1.2 NOTE: not fixed in testing at time of DSA (too young, 1/10) [24 Jan 2006] DSA-953-1 flyspray - missing input sanitising {CVE-2005-3334} [sarge] - flyspray 0.9.7-2.1 NOTE: fixed in testing at time of DSA [23 Jan 2006] DSA-952-1 libapache-auth-ldap - format string vulnerability {CVE-2006-0150} [woody] - libapache-auth-ldap 1.6.0-3.1 [sarge] - libapache-auth-ldap 1.6.0-8.1 NOTE: fixed in testing at time of DSA (no longer present in testing/sid) [23 Jan 2006] DSA-951-2 trac - missing input sanitising {CVE-2005-4065 CVE-2005-4644} [sarge] - trac 0.8.1-3sarge4 NOTE: fixed in testing at time of DSA NOTE: Original fix in 951-1 had regressions [23 Jan 2006] DSA-950-1 cupsys - buffer overflow {CVE-2005-3191 CVE-2005-3192 CVE-2005-3193 CVE-2005-3624 CVE-2005-3625 CVE-2005-3626 CVE-2005-3627 CVE-2005-3628} [woody] - cupsys 1.1.14-5woody14 [sarge] - cupsys (Cups uses xpdf-utils in Sarge) NOTE: fixed in testing at time of DSA [20 Jan 2006] DSA-949-1 crawl - insecure program execution {CVE-2006-0045} [woody] - crawl 1:4.0.0beta23-2woody2 [sarge] - crawl 1:4.0.0beta26-4sarge0 NOTE: not fixed in testing at time of DSA (unfixed in sid) [20 Jan 2006] DSA-948-1 kdelibs - heap overflow {CVE-2006-0019} [sarge] - kdelibs 4:3.3.2-6.4 NOTE: not fixed in testing at time of DSA (unfixed in sid) [20 Jan 2006] DSA-947-1 clamav - heap overflow {CVE-2006-0162 CVE-2005-3587} [sarge] - clamav 0.84-2.sarge.7 NOTE: fixed in testing at time of DSA [08 Apr 2006] DSA-946-2 sudo - missing input sanitising {CVE-2005-4158 CVE-2006-0151} [woody] - sudo 1.6.6-1.6 [sarge] - sudo 1.6.8p7-1.4 NOTE: fixed in testing at time of DSA NOTE: The fix for stable and oldstable switched from a black list NOTE: of dangerous env vars to a white list of known-to-be-safe env vars NOTE: sid's 1.6.8p12 still has the black list (although with the strong NOTE: recommendation to use env_reset, which basically does the same), NOTE: but 1.7 will have a white list as well [17 Jan 2006] DSA-945-1 antiword - insecure temporary file {CVE-2005-3126} [woody] - antiword 0.32-2woody0 NOTE: fixed in testing at time of DSA NOTE: sarge is also affected, but the uploaded version is greater NOTE: than the fixed sid version. [17 Jan 2006] DSA-944-1 mantis - several {CVE-2005-4238 CVE-2005-4518 CVE-2005-4519 CVE-2005-4520 CVE-2005-4521 CVE-2005-4522 CVE-2005-4523 CVE-2005-4524 CVE-2006-0840} [woody] - mantis (Vulnerable code not present) [sarge] - mantis 0.19.2-5sarge1 NOTE: fixed in testing at time of DSA [16 Jan 2006] DSA-943-1 perl - integer overflow {CVE-2005-3962} [woody] - perl [sarge] - perl 5.8.4-8sarge3 NOTE: Fixed in testing at time of DSA [16 Jan 2006] DSA-942-1 albatross - design error {CVE-2006-0044} [sarge] - albatross 1.20-2 NOTE: Fixed in testing at time of DSA [16 Jan 2006] DSA-941-1 tuxpaint - insecure temporary file {CVE-2005-3340} [sarge] - tuxpaint 1:0.9.14-2sarge0 NOTE: Not fixed in testing at time of DSA (only 2/2 days old) [13 Jan 2006] DSA-940-1 gpdf - buffer overflows {CVE-2005-3191 CVE-2005-3192 CVE-2005-3624 CVE-2005-3625 CVE-2005-3626 CVE-2005-3627 CVE-2005-3628} [sarge] - gpdf 2.8.2-1.2sarge2 NOTE: Not fixed in testing at time of DSA (waiting on dep) [13 Jan 2006] DSA-939-1 fetchmail - programming error {CVE-2005-4348} [woody] - fetchmail (Vulnerable code not present) [sarge] - fetchmail 6.2.5-12sarge4 NOTE: Not fixed in testing at time of DSA (unfixed in sid) [12 Jan 2006] DSA-938-1 koffice - buffer overflows {CVE-2005-3191 CVE-2005-3624 CVE-2005-3625 CVE-2005-3626 CVE-2005-3627 CVE-2005-3628} [sarge] - koffice 1:1.3.5-4.sarge.2 NOTE: Not fixed in testing at time of DSA (too new) [12 Jan 2006] DSA-937-1 tetex-bin - buffer overflows {CVE-2005-3191 CVE-2005-3192 CVE-2005-3193 CVE-2005-3624 CVE-2005-3625 CVE-2005-3626 CVE-2005-3627 CVE-2005-3628} [sarge] - tetex-bin 2.0.2-30sarge4 [woody] - tetex-bin 1.0.7+20011202-7.7 NOTE: Not fixed in testing at time of DSA (waiting on dep) [11 Jan 2006] DSA-936-1 libextractor - buffer overflows {CVE-2005-2097 CVE-2005-3191 CVE-2005-3192 CVE-2005-3193 CVE-2005-3624 CVE-2005-3625 CVE-2005-3626 CVE-2005-3627 CVE-2005-3628} [sarge] - libextractor 0.4.2-2sarge2 NOTE: Fixed in testing at time of DSA [10 Jan 2006] DSA-935-1 libapache2-mod-auth-pgsql - format string vulnerability {CVE-2005-3656} [sarge] - libapache2-mod-auth-pgsql 2.0.2b1-5sarge0 NOTE: Not fixed in sid at the time of DSA [09 Jan 2006] DSA-934-1 pound - remote {CVE-2005-1391 CVE-2005-3751} [sarge] - pound 1.8.2-1sarge1 NOTE: Fixed in testing at time of DSA [09 Jan 2006] DSA-933-1 hylafax - arbitrary command execution {CVE-2005-3539} [woody] - hylafax 4.1.1-4woody1 [sarge] - hylafax 1:4.2.1-5sarge3 NOTE: Not fixed in testing at time of DSA (Valid candidate should sync today) [09 Jan 2006] DSA-932-1 kdegraphics - buffer overflows {CVE-2005-3191 CVE-2005-3192 CVE-2005-3193 CVE-2005-3624 CVE-2005-3625 CVE-2005-3626 CVE-2005-3627 CVE-2005-3628} [sarge] - kdegraphics 4:3.3.2-2sarge3 [09 Jan 2006] DSA-931-1 xpdf - buffer overflows {CVE-2005-3191 CVE-2005-3192 CVE-2005-3193 CVE-2005-3624 CVE-2005-3625 CVE-2005-3626 CVE-2005-3627 CVE-2005-3628} [woody] - xpdf 1.00-3.8 [sarge] - xpdf 3.00-13.4 [10 Jan 2006] DSA-930-2 smstools - format string attack {CVE-2006-0083} [woody] - smstools 1.5.0-2woody0 [sarge] - smstools 1.14.8-1sarge0 NOTE: not fixed in sid at time of DSA [09 Jan 2006] DSA-930-1 smstools - format string error {CVE-2006-0083} [sarge] - smstools 1.14.8-1sarge0 [09 Jan 2006] DSA-929-1 petris - buffer overflow {CVE-2005-3540} [sarge] - petris 1.0.1-4sarge0 [27 Dec 2005] DSA-928-1 dhis-tools-dns - insecure temporary file {CVE-2005-3341} [sarge] - dhis-tools-dns 5.0-3sarge1 [27 Dec 2005] DSA-927-1 tkdiff - insecure temporary file {CVE-2005-3343} [woody] - tkdiff 1:3.08-3woody0 [sarge] - tkdiff 1:4.0.2-1sarge0 NOTE: fixed in testing at time of DSA [23 Dec 2005] DSA-926-1 ketm - buffer overflow {CVE-2005-3535} [woody] - ketm 0.0.6-7woody0 [sarge] - ketm 0.0.6-17sarge1 NOTE: not fixed in testing at time of DSA (unfixed in sid) [22 Dec 2005] DSA-925-1 phpbb2 - several {CVE-2005-3310 CVE-2005-3415 CVE-2005-3416 CVE-2005-3417 CVE-2005-3418 CVE-2005-3419 CVE-2005-3420 CVE-2005-3536 CVE-2005-3537} [sarge] - phpbb2 2.0.13+1-6sarge2 NOTE: fixed in testing at time of DSA [21 Dec 2005] DSA-924-1 nbd - buffer overflow {CVE-2005-3534} [woody] - nbd 1.2cvs20020320-3.woody.3 [sarge] - nbd 1:2.7.3-3sarge1 NOTE: not fixed in testing at time of DSA (unfixed in sid) [19 Dec 2005] DSA-923-1 dropbear - buffer overflow {CVE-2005-4178} [sarge] - dropbear 0.45-2sarge0 NOTE: fixed in testing at time of DSA [14 Dec 2005] DSA-922-1 kernel-source-2.6.8 - several {CVE-2004-2302 CVE-2005-0756 CVE-2005-0757 CVE-2005-1265 CVE-2005-1761 CVE-2005-1762 CVE-2005-1763 CVE-2005-1765 CVE-2005-1767 CVE-2005-2456 CVE-2005-2458 CVE-2005-2459 CVE-2005-2548 CVE-2005-2801 CVE-2005-2872 CVE-2005-3105 CVE-2005-3106 CVE-2005-3107 CVE-2005-3108 CVE-2005-3109 CVE-2005-3110 CVE-2005-3271 CVE-2005-3272 CVE-2005-3273 CVE-2005-3274 CVE-2005-3275 CVE-2005-3276} [sarge] - kernel-source-2.6.8 2.6.8-16sarge1 [sarge] - kernel-image-2.6.8-alpha 2.6.8-16sarge1 [sarge] - kernel-image-2.6.8-amd64 2.6.8-16sarge1 [sarge] - kernel-image-2.6.8-hppa 2.6.8-6sarge1 [sarge] - kernel-image-2.6.8-i386 2.6.8-16sarge1 [sarge] - kernel-image-2.6.8-ia64 2.6.8-14sarge1 [sarge] - kernel-image-2.6.8-m68k 2.6.8-4sarge1 [sarge] - kernel-patch-powerpc-2.6.8 2.6.8-12sarge1 [sarge] - kernel-image-2.6.8-s390 2.6.8-5sarge1 [sarge] - kernel-image-2.6.8-sparc 2.6.8-15sarge1 NOTE: fixed in testing at time of DSA [14 Dec 2005] DSA-921-1 kernel-source-2.4.27 - several {CVE-2005-0756 CVE-2005-0757 CVE-2005-1762 CVE-2005-1767 CVE-2005-1768 CVE-2005-2456 CVE-2005-2458 CVE-2005-2459 CVE-2005-2553 CVE-2005-2801 CVE-2005-2872 CVE-2005-3275} [sarge] - kernel-source-2.4.27 2.4.27-10sarge1 [sarge] - kernel-image-2.4.27-alpha 2.4.27-10sarge1 [sarge] - kernel-patch-2.4.27-arm 2.4.27-1sarge1 [sarge] - kernel-image-2.4.27-arm 2.4.27-2sarge1 [sarge] - kernel-image-2.4.27-i386 2.4.27-10sarge1 [sarge] - kernel-image-2.4.27-ia64 2.4.27-10sarge1 [sarge] - kernel-image-2.4.27-m68k 2.4.27-3sarge1 [sarge] - kernel-patch-2.4.27-mips 2.4.27-10.sarge1.040815-1 [sarge] - kernel-patch-powerpc-2.4.27 2.4.27-10sarge1 [sarge] - kernel-image-2.4.27-s390 2.4.27-2sarge1 [sarge] - kernel-image-2.4.27-sparc 2.4.27-9sarge1 NOTE: fixed in testing at time of DSA [13 Dec 2005] DSA-920-1 ethereal - buffer overflow {CVE-2005-3651} [woody] - ethereal 0.9.4-1woody14 [sarge] - ethereal 0.10.10-2sarge3 NOTE: not fixed in testing at time of DSA (unfixed in sid) [12 Dec 2005] DSA-919-2 curl - buffer overflow {CVE-2005-4077 CVE-2005-3185} [woody] - curl 7.9.5-1woody2 [sarge] - curl 7.13.2-2sarge5 NOTE: partially fixed in testing at time of DSA NOTE: Initial -1 DSA was incomplete [09 Dec 2005] DSA-918-1 osh - programming error {CVE-2005-3346 CVE-2005-3533} [woody] - osh 1.7-11woody2 [sarge] - osh 1.7-13sarge1 NOTE: fixed in testing at time of DSA (has been removed) [08 Dec 2005] DSA-917-1 courier - programming error {CVE-2005-3532} [woody] - courier 0.37.3-2.8 [sarge] - courier 0.47-4sarge4 NOTE: not fixed in testing at time of DSA (waiting on GCC) [07 Dec 2005] DSA-916-1 inkscape - buffer overflow {CVE-2005-3737 CVE-2005-3885} [sarge] - inkscape 0.41-4.99.sarge2 NOTE: not fixed in testing at time of DSA (RC bug, waiting on GCC) [02 Dec 2005] DSA-915-1 helix-player - buffer overflow {CVE-2005-2629} [sarge] - helix-player 1.0.4-1sarge2 NOTE: fixed in testing at time of DSA (not in testing due to RC bugs) [01 Dec 2005] DSA-914-1 horde2 - missing input sanitising {CVE-2005-3570} [sarge] - horde2 2.2.8-1sarge1 NOTE: fixed in testing at time of DSA [01 Dec 2005] DSA-913-1 gdk-pixbuf - several {CVE-2005-2975 CVE-2005-2976 CVE-2005-3186} [woody] - gdk-pixbuf 0.17.0-2woody3 [sarge] - gdk-pixbuf 0.22.0-8.1 NOTE: fixed in testing at time of DSA [30 Nov 2005] DSA-912-1 centericq - denial of service {CVE-2005-3694} [woody] - centericq 4.5.1-1.1woody1 [sarge] - centericq 4.20.0-1sarge3 NOTE: not fixed in testing at time of DSA (waiting on deps) [30 Nov 2005] DSA-911-1 gtk+2.0 - several {CVE-2005-2975 CVE-2005-2976 CVE-2005-3186} [woody] - gtk+2.0 2.0.2-5woody3 [sarge] - gtk+2.0 2.6.4-3.1 NOTE: not fixed in testing at time of DSA (RC bug) [24 Nov 2005] DSA-910-1 zope2.7 - design error {CVE-2005-3323} [sarge] - zope2.7 2.7.5-2sarge1 NOTE: fixed in testing at time of DSA [23 Nov 2005] DSA-909-1 horde3 - missing input sanitising {CVE-2005-3759} [sarge] - horde3 3.0.4-4sarge2 NOTE: not fixed in testing at time of DSA (too young 0/2) [23 Nov 2005] DSA-908-1 sylpheed-claws - buffer overflows {CVE-2005-3354} [woody] - sylpheed-claws 0.7.4claws-3woody1 [sarge] - sylpheed-claws 1.0.4-1sarge1 NOTE: not fixed in testing at time of DSA (too young 0/2) [23 Nov 2005] DSA-907-1 ipmenu - insecure temporary file {CVE-2004-2569} [woody] - ipmenu 0.0.3-4woody1 NOTE: fixed in testing at time of DSA (not part of testing/sarge due to long-standing blocking deps) [22 Nov 2005] DSA-906-1 sylpheed - several {CVE-2005-3354} [woody] - sylpheed 0.7.4-4woody1 [sarge] - sylpheed 1.0.4-1sarge1 NOTE: not fixed in testing at time of DSA (too young 7/10, RC bugs) [22 Nov 2005] DSA-905-1 mantis - several {CVE-2005-3091 CVE-2005-3335 CVE-2005-3336 CVE-2005-3338 CVE-2005-3339} [woody] - mantis (Vulnerable code not present) [sarge] - mantis 0.19.2-4.1 NOTE: fixed in testing at time of DSA [21 Nov 2005] DSA-904-1 netpbm-free - buffer overflows {CVE-2005-3632 CVE-2005-3662} [woody] - netpbm-free 2:9.20-8.5 [sarge] - netpbm-free 2:10.0-8sarge2 NOTE: not fixed in testing at time of DSA (unfixed in sid) [21 Nov 2005] DSA-903-1 unzip - race condition {CVE-2005-2475} [woody] - unzip 5.50-1woody5 [sarge] - unzip 5.52-1sarge3 NOTE: fixed in testing at time of DSA NOTE: Original 903-1 DSA had a regression [21 Nov 2005] DSA-902-1 xmail - buffer overflow {CVE-2005-2943} [sarge] - xmail 1.21-3sarge1 NOTE: fixed in testing at time of DSA [19 Nov 2005] DSA-901-1 gnump3d - programming error {CVE-2005-3349 CVE-2005-3355} [sarge] - gnump3d 2.9.3-1sarge3 NOTE: not fixed in testing at time of DSA (unfixed in sid) [22 Nov 2005] DSA-900-3 fetchmail - programming error {CVE-2005-3088} [woody] - fetchmail 5.9.11-6.4 [woody] - fetchmail-ssl 5.9.11-6.3 [sarge] - fetchmail 6.2.5-12sarge3 NOTE: Original two Woody fixes had regressions NOTE: not fixed in testing at time of DSA (too young 2/2) [17 Nov 2005] DSA-899-1 egroupware - programming errors {CVE-2005-0870 CVE-2005-2600 CVE-2005-3347 CVE-2005-3348} [sarge] - egroupware 1.0.0.007-2.dfsg-2sarge4 NOTE: not fixed in testing at time of DSA (too young 1/2) [17 Nov 2005] DSA-898-1 phpgroupware - programming errors {CVE-2005-0870 CVE-2005-3347 CVE-2005-3348} [woody] - phpgroupware 0.9.14-0.RC3.2.woody5 [sarge] - phpgroupware 0.9.16.005-3.sarge4 NOTE: not fixed in testing at time of DSA (too young 1/2) [15 Nov 2005] DSA-897-1 phpsysinfo - programming errors {CVE-2005-0870 CVE-2005-3347 CVE-2005-3348} [woody] - phpsysinfo 2.0-3woody3 [sarge] - phpsysinfo 2.3-4sarge1 NOTE: not fixed in testing at time of DSA (unfixed in sid) [15 Nov 2005] DSA-896-1 linux-ftpd-ssl - buffer overflow {CVE-2005-3524} [sarge] - linux-ftpd-ssl 0.17.18+0.3-3sarge1 NOTE: not fixed in testing at time of DSA (unfixed in sid) [14 Nov 2005] DSA-895-1 uim - programming error {CVE-2005-3149} [sarge] - uim 1:0.4.6final1-3sarge1 NOTE: not fixed in testing at time of DSA (missing deps) [14 Nov 2005] DSA-894-1 abiword - buffer overflows {CVE-2005-2964 CVE-2005-2972} [woody] - abiword 1.0.2+cvs.2002.06.05-1woody3 [sarge] - abiword 2.2.7-3sarge2 NOTE: sid fix from DSA text in wrong, pinged security@ NOTE: fixed in testing at time of DSA [14 Nov 2005] DSA-893-1 acidlab - missing input sanitising {CVE-2005-3325} [woody] - acidlab 0.9.6b20-2.1 [sarge] - acidlab 0.9.6b20-10.1 NOTE: fixed in testing at time of DSA [10 Nov 2005] DSA-892-1 awstats - missing input sanitising {CVE-2005-1527} [sarge] - awstats 6.4-1sarge1 (bug #322591; bug #334833; bug #336137; medium) [woody] - awstats (vulnerable code not present) NOTE: fixed in testing at time of DSA [09 Nov 2005] DSA-891-1 gpsdrive - format string {CVE-2005-3523} [sarge] - gpsdrive 2.09-2sarge1 NOTE: not fixed in testing at time of DSA (DSA fix propagated to sid) [09 Nov 2005] DSA-890-1 libungif4 - several {CVE-2005-2974 CVE-2005-3350} [woody] - libungif4 4.1.0b1-2woody1 [sarge] - libungif4 4.1.3-2sarge1 NOTE: not fixed in testing at time of DSA (unfixed in sid) [08 Nov 2005] DSA-889-1 enigmail - programming error {CVE-2005-3256} [sarge] - enigmail 2:0.91-4sarge2 NOTE: fixed in testing at time of DSA [07 Nov 2005] DSA-888-1 openssl - cryptographic weakness {CVE-2005-2969} [woody] - openssl 0.9.6c-2.woody.8 [sarge] - openssl 0.9.7e-3sarge1 NOTE: fixed in testing at time of DSA [07 Nov 2005] DSA-887-1 clamav - several {CVE-2005-3239 CVE-2005-3303 CVE-2005-3500 CVE-2005-3501} [sarge] - clamav 0.84-2.sarge.6 NOTE: fixed in testing at time of DSA (unfixed in sid; DTSA issued) [07 Nov 2005] DSA-886-1 chmlib - several {CVE-2005-2659 CVE-2005-2930 CVE-2005-3318} [sarge] - chmlib 0.35-6sarge1 NOTE: not fixed in testing at time of DSA (not built on all archs) [07 Nov 2005] DSA-885-1 openvpn - several {CVE-2005-3393 CVE-2005-3409} [sarge] - openvpn 2.0-1sarge2 NOTE: not fixed in testing at time of DSA (too young 0/2 days) [07 Nov 2005] DSA-884-1 horde3 - design error {CVE-2005-3344} [sarge] - horde3 3.0.4-4sarge1 NOTE: fixed in testing at time of DSA [04 Nov 2005] DSA-883-1 thttpd - insecure temporary file {CVE-2005-3124} [woody] - thttpd 2.21b-11.3 [sarge] - thttpd 2.23beta1-3sarge1 NOTE: fixed in testing at time of DSA (not present in testing/sid anymore) [04 Nov 2005] DSA-882-1 openssl095 - cryptographic weakness {CVE-2005-2969} [woody] - openssl095 0.9.5a-6.woody.6 NOTE: fixed in testing at time of DSA (not present in testing/sid anymore) [04 Nov 2005] DSA-881-1 openssl096 - cryptographic weakness {CVE-2005-2969} [sarge] - openssl096 0.9.6m-1sarge1 NOTE: fixed in testing at time of DSA (not present in testing/sid anymore) [02 Nov 2005] DSA-880-1 phpmyadmin - several {CVE-2005-2869 CVE-2005-3300 CVE-2005-3301 CVE-2005-3787} [woody] - phpmyadmin [sarge] - phpmyadmin 4:2.6.2-3sarge1 NOTE: fixed in testing at time of DSA [02 Nov 2005] DSA-879-1 gallery - programming error {CVE-2005-2596} [woody] - gallery (Not affected, according to DSA-879) [sarge] - gallery 1.5-1sarge1 NOTE: fixed in testing at time of DSA [28 Oct 2005] DSA-878-1 netpbm-free - buffer overflow {CVE-2005-2978} [woody] - netpbm-free (Does not contain the vulnerable code) [sarge] - netpbm-free 2:10.0-8sarge1 NOTE: not fixed in testing at time of DSA (png transition) [28 Oct 2005] DSA-877-1 gnump3d - cross-site-scripting, directory traversal {CVE-2005-3123 CVE-2005-3424 CVE-2005-3425} [sarge] - gnump3d 2.9.3-1sarge2 NOTE: not fixed in testing at time of DSA (unfixed in sid) [27 Oct 2005] DSA-876-1 lynx-ssl - buffer overflow {CVE-2005-3120} [woody] - lynx 2.8.4.1b-3.2 [sarge] - lynx 2.8.5-2sarge1 NOTE: not fixed in testing at time of DSA (lynx provides now TLS support; unfixed in sid) [27 Oct 2005] DSA-875-1 openssl094 - cryptographic weakness {CVE-2005-2969} [woody] - openssl094 0.9.4-6.woody.4 NOTE: fixed in testing at time of DSA (not present in testing/sid anymore) [27 Oct 2005] DSA-874-1 lynx - buffer overflow {CVE-2005-3120} [woody] - lynx 2.8.4.1b-3.3 [sarge] - lynx 2.8.5-2sarge1 NOTE: not fixed in testing at time of DSA (unfixed in sid) [26 Oct 2005] DSA-873-1 net-snmp - programming error {CVE-2005-2177} [sarge] - net-snmp 5.1.2-6.2 NOTE: not fixed in testing at time of DSA (libsnmp transition) [26 Oct 2005] DSA-872-1 koffice - buffer overflow {CVE-2005-2971} [sarge] - koffice 1:1.3.5-4.sarge.1 NOTE: not fixed in testing at time of DSA (KDE transition) [25 Oct 2005] DSA-871-1 libgda2 - format string {CVE-2005-2958} [woody] - libgda (Does not contain the vulnerable code) [sarge] - libgda2 1.2.1-2sarge1 NOTE: not fixed in testing at time of DSA (waiting on deps) [25 Oct 2005] DSA-870-1 sudo - missing input sanitising {CVE-2005-2959} [woody] - sudo 1.6.6-1.4 [sarge] - sudo 1.6.8p7-1.2 NOTE: fixed in testing at time of DSA [20 Oct 2005] DSA-869-1 eric - missing input sanitising {CVE-2005-3068} [sarge] - eric 3.6.2-2 NOTE: not fixed in testing at time of DSA (KDE/qt transition) [20 Oct 2005] DSA-868-1 mozilla-thunderbird - several {CVE-2005-2871 CVE-2005-2701 CVE-2005-2702 CVE-2005-2703 CVE-2005-2704 CVE-2005-2705 CVE-2005-2706 CVE-2005-2707 CVE-2005-2968} [sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.7 NOTE: not fixed in testing at time of DSA (missing builds) [20 Oct 2005] DSA-867-1 module-assistant - insecure temporary file {CVE-2005-3121} [sarge] - module-assistant 0.9sarge1 NOTE: fixed in testing at time of DSA [20 Oct 2005] DSA-866-1 mozilla - several {CVE-2005-2871 CVE-2005-2701 CVE-2005-2702 CVE-2005-2703 CVE-2005-2704 CVE-2005-2705 CVE-2005-2706 CVE-2005-2707} [woody] - mozilla [sarge] - mozilla 1:1.7.8-1sarge3 NOTE: not fixed in testing at time of DSA (missing hppa, RC bugs) NOTE: DSA claims to fix CVE-2005-2968 and contains a patch. But NOTE: mozilla-browser 1.7.8-1sarge2 does not contain the NOTE: wrapper script in a vulnerable version. [13 Oct 2005] DSA-865-1 hylafax - insecure temporary files {CVE-2005-3069} [woody] - hylafax 1:4.1.1-3.2 [sarge] - hylafax 1:4.2.1-5sarge1 NOTE: not fixed in testing at time of DSA (missing arm) [13 Oct 2005] DSA-864-1 ruby1.8 - programming error {CVE-2005-2337} [sarge] - ruby1.8 1.8.2-7sarge2 NOTE: not fixed in testing at time of DSA (RC bugs) [12 Oct 2005] DSA-863-1 xine-lib - format string vulnerability {CVE-2005-2967} [woody] - xine-lib 0.9.8-2woody4 [sarge] - xine-lib 1.0.1-1sarge1 NOTE: not fixed in testing at time of DSA (unfixed in sid) [11 Oct 2005] DSA-862-1 ruby1.6 - programming error {CVE-2005-2337} [sarge] - ruby1.6 1.6.8-12sarge1 NOTE: not fixed in testing at time of DSA (RC bugs) [11 Oct 2005] DSA-861-1 up-imap - buffer overflow {CVE-2005-2933} [sarge] - uw-imap 7:2002edebian1-11sarge1 NOTE: not fixed in testing at time of DSA (unfixed in sid) [11 Oct 2005] DSA-860-1 ruby - programming error {CVE-2005-2337} [woody] - ruby 1.6.7-3woody5 NOTE: fixed in testing at time of DSA (woody-only DSA) [10 Oct 2005] DSA-859-1 xli - buffer overflows {CVE-2005-3178} [woody] - xli 1.17.0-11woody2 [sarge] - xli 1.17.0-18sarge1 NOTE: not fixed in testing at time of DSA (unfixed in sid) [10 Oct 2005] DSA-858-1 xloadimage - buffer overflows {CVE-2005-3178} [woody] - xloadimage 4.1-10woody2 (bug #332524; medium) [sarge] - xloadimage 4.1-14.3 NOTE: not fixed in testing at time of DSA (too young) [10 Oct 2005] DSA-857-1 graphviz - insecure temporary file {CVE-2005-4803} [sarge] - graphviz 2.2.1-1sarge1 (low) NOTE: fixed in testing at time of DSA [10 Oct 2005] DSA-856-1 py2play - design error {CVE-2005-2875} [sarge] - py2play 0.1.7-1sarge1 (bug #326976; medium) NOTE: fixed in testing at time of DSA [10 Oct 2005] DSA-855-1 weex - format string vulnerability {CVE-2005-3150} [sarge] - weex 2.6.1-6sarge1 (bug #332424; medium) [woody] - weex 2.6.1-4woody2 (bug #332424; medium) NOTE: not fixed in testing at time of DSA (DSA fix propagated to sid) [09 Oct 2005] DSA-854-1 tcpdump - infinite loop {CVE-2005-1267} [sarge] - tcpdump 3.8.3-5sarge1 [woody] - tcpdump (not affected according to DSA) NOTE: fixed in testing at time of DSA [09 Oct 2005] DSA-853-1 ethereal - several {CVE-2005-2360 CVE-2005-2361 CVE-2005-2363 CVE-2005-2364 CVE-2005-2365 CVE-2005-2366 CVE-2005-2367} [woody] - ethereal 0.9.4-1woody13 [sarge] - ethereal 0.10.10-2sarge3 NOTE: not fixed in testing at time of DSA (not fixed in unstable) [08 Oct 2005] DSA-852-1 up-imapproxy - arbitrary code execution {CVE-2005-2661} [sarge] - up-imapproxy 1.2.3-1sarge1 NOTE: not fixed in testing at time of DSA (not fixed in unstable) [08 Oct 2005] DSA-851-1 openvpn - denial of service {CVE-2005-2531 CVE-2005-2532 CVE-2005-2533 CVE-2005-2534} [sarge] - openvpn 2.0-1sarge1 NOTE: fixed in testing at time of DSA [08 Oct 2005] DSA-850-1 tcpdump - denial of service {CVE-2005-1279} [woody] - tcpdump 3.6.2-2.9 NOTE: fixed in testing at time of DSA (woody-only DSA) [08 Oct 2005] DSA-849-1 shorewall - programming error {CVE-2005-2317} [woody] - shorewall (vulnerable code not yet present) [sarge] - shorewall 2.2.3-2 NOTE: fixed in testing at time of DSA [08 Oct 2005] DSA-848-1 masqmail - several {CVE-2005-2662 CVE-2005-2663} [woody] - masqmail 0.1.16-2.2 [sarge] - masqmail 0.2.20-1sarge1 NOTE: not fixed in testing at time of DSA (not fixed in unstable) [08 Oct 2005] DSA-847-1 dia - missing input sanitising {CVE-2005-2966} [sarge] - dia 0.94.0-7sarge1 (bug #330890; medium) [woody] - dia (not affected according to DSA) NOTE: not fixed in testing at time of DSA, missing sparc build, gcc-4.0 [07 Oct 2005] DSA-846-1 cpio - several {CVE-2005-1111 CVE-2005-1229} [woody] - cpio 2.4.2-39woody2 [sarge] - cpio 2.5-1.3 NOTE: fixed in testing at time of DSA [06 Oct 2005] DSA-845-1 mason - programming error {CVE-2005-3118} [woody] - mason 0.13.0.92-2woody1 [sarge] - mason 1.0.0-2.2 NOTE: fixed in testing at time of DSA [05 Oct 2005] DSA-844-1 mod-auth-shadow - programming error {CVE-2005-2963} [woody] - mod-auth-shadow 1.3-3.1woody.2 [sarge] - mod-auth-shadow 1.4-1sarge1 NOTE: not fixed in testing at time of DSA (missing m68k) [05 Oct 2005] DSA-843-1 arc - insecure temporary file {CVE-2005-2945 CVE-2005-2992} [sarge] - arc 5.21l-1sarge1 NOTE: fixed in testing at time of DSA [04 Oct 2005] DSA-842-1 egroupware - missing input sanitising {CVE-2005-2498} [sarge] - egroupware 1.0.0.007-2.dfsg-2sarge2 NOTE: fixed in testing at time of DSA [04 Oct 2005] DSA-841-1 mailutils - format string vulnerability {CVE-2005-2878} [woody] - mailutils (not affected according to DSA) [sarge] - mailutils 1:0.6.1-4sarge1 NOTE: not fixed in testing at time of DSA (missing arm) [04 Jul 2005] DSA-840-1 drupal - missing input sanitising {CVE-2005-2498} [sarge] - drupal 4.5.3-4 NOTE: fixed in testing at time of DSA [04 Oct 2005] DSA-839-1 apachetop - insecure temporary file {CVE-2005-2660} [sarge] - apachetop 0.12.5-1sarge1 NOTE: not fixed in testing at time of DSA (not built on m68k, waiting on gcc-4) [03 Oct 2005] DSA-838-1 mozilla-firefox - multiple vulnerabilities {CVE-2005-2701 CVE-2005-2702 CVE-2005-2703 CVE-2005-2704 CVE-2005-2705 CVE-2005-2706 CVE-2005-2707} [sarge] - mozilla-firefox 1.0.4-2sarge5 NOTE: not fixed in testing at time of DSA (not built on arm, silly RC bugs) [02 Oct 2005] DSA-837-1 mozilla-firefox - buffer overflow {CVE-2005-2871} [sarge] - mozilla-firefox 1.0.4-2sarge4 (medium; bug #327452) NOTE: not fixed in testing at time of DSA (not built on arm, silly RC bugs) [01 Oct 2005] DSA-836-1 cfengine2 - insecure temporary files {CVE-2005-2960 CVE-2005-3137} [sarge] - cfengine2 2.1.14-1sarge1 NOTE: not fixed in testing at time of DSA (unfixed in sid) NOTE: No bug exists for this issue [01 Oct 2005] DSA-835-1 cfengine - insecure temporary files {CVE-2005-2960 CVE-2005-3137} [woody] - cfengine 1.6.3-9woody1 [sarge] - cfengine 1.6.5-1sarge1 NOTE: not fixed in testing at time of DSA (unfixed in sid) NOTE: No bug exists for this issue [01 Oct 2005] DSA-834-1 prozilla - buffer overflow {CVE-2005-2961} [woody] - prozilla 1:1.3.6-3woody3 NOTE: Prozilla has been removed before Sarge release [30 Sep 2005] DSA-832-1 gopher - buffer overflows {CVE-2005-2772} [woody] - gopher 3.0.3woody4 [sarge] - gopher 3.0.7sarge2 NOTE: fixed in testing at time of DSA [30 Sep 2005] DSA-831-1 mysql-dfsg-4.1 - several {CVE-2005-2558} [sarge] - mysql-dfsg-4.1 4.1.11a-4sarge2 NOTE: not fixed in testing at time of DSA (waiting on gmp, missing builds) [30 Sep 2005] DSA-830-1 ntlmaps - wrong permissions {CVE-2005-2962} [sarge] - ntlmaps 0.9.9-2sarge1 NOTE: fixed in testing at time of DSA [30 Sep 2005] DSA-829-1 mysql - several {CVE-2005-2558} [woody] - mysql 3.23.49-8.14 NOTE: fixed in testing at time of DSA [30 Sep 2005] DSA-828-1 squid - several {CVE-2005-2917} [woody] - squid (not affected according to DSA) [sarge] - squid 2.5.9-10sarge2 NOTE: fixed in testing at time of DSA [07 Nov 2005] DSA-809-3 squid - assertion error {CVE-2005-2794} [woody] - squid 2.4.6-2woody11 [sarge] - squid 2.5.9-10sarge1 NOTE: fixed in testing at time of DSA NOTE: -1 and -2 had regressions [29 Sep 2005] DSA-827-1 backupninja - insecure temporary file creation {CVE-2005-3111} [sarge] - backupninja 0.5-3sarge1 (medium) NOTE: not fixed in testing at time of DSA (too young 1/2 days) [29 Sep 2005] DSA-826-1 helix-player - multiple {CVE-2005-1766 CVE-2005-2710} [sarge] - helix-player 1.0.4-1sarge1 (high) NOTE: not fixed in testing at time of DSA [29 Sep 2005] DSA-825-1 loop-aes-utils - privilege escalation {CVE-2005-2876} [sarge] - loop-aes-utils 2.12p-4sarge1 (medium) NOTE: fixed in testing at the time of the DSA [29 Sep 2005] DSA-823-1 util-linux - privilege escalation {CVE-2005-2876} [woody] - util-linux 2.11n-7woody1 (high) [sarge] - util-linux 2.12p-4sarge1 (high) NOTE: not fixed in testing at time of DSA [29 Sep 2005] DSA-822-1 gtkdiskfree - insecure temporary file creation {CVE-2005-2918} [sarge] - gtkdiskfree 1.9.3-4sarge1 (bug #328566; medium) NOTE: not fixed even in unstable at time of DSA [29 Sep 2005] DSA-824-1 clamav - infinite loop, buffer overflow {CVE-2005-2919 CVE-2005-2920} [sarge] - clamav 0.84-2.sarge.4 (high) NOTE: not fixed in testing at time of DSA [28 Sep 2005] DSA-797-2 zsync - buffer overflow {CVE-2005-1849 CVE-2005-2096} NOTE: An upload to fix a build failure on i386 [28 Sep 2005] DSA-821-1 python2.3 - integer overflow {CVE-2005-2491} [sarge] - python2.3 2.3.5-3sarge1 (medium) NOTE: not fixed in testing at time of DSA (waiting on gmp) NOTE: python2.3 is not in woody [24 Sep 2005] DSA-820-1 courier - missing input sanitising {CVE-2005-2820 CVE-2005-2769} [woody] - courier 0.37.3-2.7 (medium) [sarge] - courier 0.47-4sarge3 (medium) NOTE: fixed in testing at time of DSA NOTE: CVE-2005-2769 listed as fixed in the changelog, missing from NOTE: DSA. [23 Sep 2005] DSA-819-1 python2.1 - integer overflow {CVE-2005-2491} [woody] - python2.1 2.1.3-3.4 (medium) [sarge] - python2.1 2.1.3dfsg-1sarge1 (medium) NOTE: not fixed in testing at time of DSA (waiting on gmp) [22 Sep 2005] DSA-818-1 kdeedu - insecure temporary files {CVE-2005-2101} [sarge] - kdeedu 4:3.3.2-3.sarge.1 (low) NOTE: not fixed in testing at time of DSA NOTE: woody is not affected according to the DSA [22 Sep 2005] DSA-817-1 python2.2 - integer overflow {CVE-2005-2491} [woody] - python2.2 2.2.1-4.8 (bug #324531; medium) [sarge] - python2.2 2.2.3dfsg-2sarge1 (bug #324531; medium) NOTE: not fixed in testing at time of DSA (waiting on gmp) [19 Sep 2005] DSA-816-1 xfree86 - integer overflow {CVE-2005-2495} [woody] - xfree86 4.1.0-16woody7 [sarge] - xfree86 4.3.0.dfsg.1-14sarge1 NOTE: not fixed in testing at time of DSA (waiting on gcc, which is waiting on gmp) [16 Sep 2005] DSA-815-1 kdebase - programming error {CVE-2005-2494} [sarge] - kdebase 4:3.3.2-1sarge1 (bug #327039; medium) [woody] - kdebase (according to the DSA) NOTE: not fixed in testing at time of DSA (not even fixed in unstable) [15 Sep 2005] DSA-814-1 lm-sensors - insecure temporary file {CVE-2005-2672} [sarge] - lm-sensors 1:2.9.1-1sarge2 (bug #324193) [woody] - lm-sensors (according to DSA) NOTE: not fixed in testing at time of DSA (waiting on rrdtool, which is waiting on perl) [15 Sep 2005] DSA-813-1 centericq - several {CVE-2005-2369 CVE-2005-2370 CVE-2005-2448} [woody] - centericq (according to DSA) [sarge] - centericq 4.20.0-1sarge2 NOTE: fixed in testing in time of DSA [15 Sep 2005] DSA-812-1 turqstat - buffer overflow {CVE-2005-2658} [woody] - turqstat 2.2.1woody1 (medium) [sarge] - turqstat 2.2.2sarge1 (medium) NOTE: not fixed in testing at time of DSA (waiting on qt, borked on m68k) [21 Nov 2005] DSA-811-2 common-lisp-controller - design error {CVE-2005-2657} [woody] - common-lisp-controller (according to the DSA) [sarge] - common-lisp-controller 4.15sarge3 (bug #328633; medium) NOTE: Original sarge2 fix had regressions NOTE: fixed in testing at time of DSA [13 Sep 2005] DSA-810-1 mozilla - several {CVE-2004-0718 CVE-2005-1937 CVE-2005-2260 CVE-2005-2261 CVE-2005-2263 CVE-2005-2265 CVE-2005-2266 CVE-2005-2268 CVE-2005-2269 CVE-2005-2270} [sarge] - mozilla 2:1.7.8-1sarge2 (medium) NOTE: not fixed in testing at time of DSA (buggy and TBS) [13 Sep 2005] DSA-809-1 squid - several {CVE-2005-2794 CVE-2005-2796} [sarge] - squid 2.5.9-10sarge1 (medium) NOTE: not fixed in testing at time of DSA (too young) [12 Sep 2005] DSA-808-1 tdiary - design error {CVE-2005-2411} [sarge] - tdiary 2.0.1-1sarge1 (medium) NOTE: fixed in testing at time of DSA [12 Sep 2005] DSA-807-1 libapache-mod-ssl - acl restriction bypass {CVE-2005-2700} [woody] - libapache-mod-ssl 2.8.9-2.5 (medium) [sarge] - libapache-mod-ssl 2.8.22-1sarge1 (medium) NOTE: not fixed in testing at time of DSA (too young) [09 Sep 2005] DSA-806-1 gcvs - insecure temporary files {CVE-2005-2693} [woody] - gcvs 1.0a7-2woody1 (low) [sarge] - gcvs 1.0final-5sarge1 (low) NOTE: fixed in testing at time of DSA [08 Sep 2005] DSA-805-1 apache2 - several {CVE-2005-1268 CVE-2005-2088 CVE-2005-2700 CVE-2005-2728} [sarge] - apache2 2.0.54-5 (medium) NOTE: not fixed in testing at time of DSA (too young) [08 Sep 2005] DSA-804-2 kdelibs - insecure permissions {CVE-2005-1920} [sarge] - kdelibs 4:3.3.2-6.3 (medium) NOTE: fixed in testing at time of DSA NOTE: original fix from -1 was only included, not applied [07 Sep 2005] DSA-803-1 apache - programming error {CVE-2005-2088} [woody] - apache 1.3.26-0woody7 (medium) [sarge] - apache 1.3.33-6sarge1 (medium) NOTE: not fixed in testing at time of DSA (too young) [07 Sep 2005] DSA-802-1 cvs - insecure temporary files {CVE-2005-2693} [woody] - cvs 1.11.1p1debian-13 (low) NOTE: not exposed in sarge according to the DSA NOTE: fixed in testing at time of DSA [05 Sep 2005] DSA-801-1 ntp - programming error {CVE-2005-2496} [sarge] - ntp 1:4.2.0a+stable-2sarge1 (medium) [woody] - ntp (not affected according to DSA) NOTE: not fixed in testing at time of DSA (RC bugs) [02 Sep 2005] DSA-800-1 pcre3 - integer overflow {CVE-2005-2491} [woody] - pcre3 3.4-1.1woody1 [sarge] - pcre3 4.5-1.2sarge1 NOTE: not fixed in testing at time of DSA (glibc transition) NOTE: however, fixed in secure-testing archive [02 Sep 2005] DSA-799-1 webcalendar - input validation {CVE-2005-2717} [sarge] - webcalendar 0.9.45-4sarge2 (bug #326223; high) NOTE: not fixed in testing at time of DSA (coordinated disclosure) [02 Sep 2005] DSA-798-1 phpgroupware - several {CVE-2005-2498 CVE-2005-2600 CVE-2005-2761} [woody] - phpgroupware (according to the DSA) [sarge] - phpgroupware 0.9.16.005-3.sarge2 (high) NOTE: not fixed in testing at time of DSA (too young) [01 Sep 2005] DSA-797-1 zsync - buffer overflow {CVE-2005-1849 CVE-2005-2096} [sarge] - zsync 0.3.3-1.sarge.1 (medium) NOTE: fixed in testing at time of DSA [01 Sep 2005] DSA-796-1 affix - unsafe use of popen {CVE-2005-2716} [sarge] - affix 2.1.1-3 (medium) NOTE: not fixed in testing at time of DSA (glibc transition, builds) [01 Sep 2005] DSA-795-2 proftpd - format string error {CVE-2005-2390} [woody] - proftpd (not affected according to the DSA) [sarge] - proftpd 1.2.10-15sarge1 (medium) NOTE: fixed in testing at time of DSA NOTE: Initial -1 release had a build problem [01 Sep 2005] DSA-794-1 polygen - programming error {CVE-2005-2656} [sarge] - polygen 1.0.6-7sarge1 (low) NOTE: not fixed in testing at time of DSA (too young) [21 Aug 2005] DSA-779-2 mozilla-firefox - several NOTE: Essentially 1.0.6 with rolled-back version number, backported version had regressions {CVE-2005-2260 CVE-2005-2261 CVE-2005-2262 CVE-2005-2263 CVE-2005-2264 CVE-2005-2265 CVE-2005-2266 CVE-2005-2267 CVE-2005-2268 CVE-2005-2269 CVE-2005-2270} [sarge] - mozilla-firefox 1.0.4-2sarge3 (medium) NOTE: not fixed in testing at time of DSA (waiting on dependencies) NOTE: Fixed in DTSA, which will have the same regressions, should be checked/reverted [01 Sep 2005] DSA-793-1 courier - missing input sanitising {CVE-2005-2724} [woody] - courier 0.37.3-2.6 (medium) [sarge] - courier 0.47-4sarge2 (medium) NOTE: not fixed in testing at time of DSA (glibc transition, too young) [31 Aug 2005] DSA-792-1 pstotext - missing input sanitising {CVE-2005-2536} [woody] - pstotext 1.8g-5woody1 (medium) [sarge] - pstotext 1.9-1sarge1 (medium) NOTE: not fixed in testing at time of DSA (glibc transition, builds) [30 Aug 2005] DSA-791-1 maildrop - missing privilege release {CVE-2005-2655} [sarge] - maildrop 1.5.3-1.1sarge1 [woody] - maildrop (not affected according to the DSA) NOTE: not fixed in testing at time of DSA (glibc transition) NOTE: but fixed in secure-testing repo [30 Aug 2005] DSA-790-1 phpldapadmin - programming error {CVE-2005-2654} [sarge] - phpldapadmin 0.9.5-3sarge2 (medium) NOTE: fixed in testing at time of DSA [29 Aug 2005] DSA-789-1 php4 - several {CVE-2005-1751 CVE-2005-1921 CVE-2005-2498} [woody] - php4 4:4.1.2-7.woody5 (high) [sarge] - php4 4:4.3.10-16 (high) NOTE: not fixed in testing at time of DSA (not uploaded yet) [29 Aug 2005] DSA-788-1 kismet - several {CVE-2005-2626 CVE-2005-2627} [woody] - kismet (not affected according to DSA) [sarge] - kismet 2005.04.R1-1sarge1 (medium) NOTE: not fixed in testing at time of DSA (glibc transition) NOTE: but fixed in secure-testing repo [26 Aug 2005] DSA-787-1 backup-manager - insecure permissions and tempfile {CVE-2005-1855 CVE-2005-1856} [sarge] - backup-manager 0.5.7-1sarge1 (medium) NOTE: fixed in testing at time of DSA [26 Aug 2005] DSA-786-1 simpleproxy - format string vulnerability {CVE-2005-1857} [sarge] - simpleproxy 3.2-3sarge1 (medium) NOTE: not fixed in testing at time of DSA (embargoed disclosure) [25 Aug 2005] DSA-785-1 libpam-ldap - authentication bypass {CVE-2005-2641 CVE-2005-2069} [woody] - libpam-ldap (not affected according to DSA) [sarge] - libpam-ldap 178-1sarge1 (medium) NOTE: not fixed in testing at time of DSA (embargoed disclosure) [25 Aug 2005] DSA-784-1 courier - programming error {CVE-2005-2151} [woody] - courier (no SPF support) [sarge] - courier 0.47-4sarge1 (low) NOTE: not fixed in testing at time of DSA (glibc transition) [24 Aug 2005] DSA-783-1 mysql-dfsg-4.1 - insecure temporary file {CVE-2005-1636} [sarge] - mysql-dfsg-4.1 4.1.11a-4sarge1 (low) [23 Aug 2005] DSA-782-1 bluez-utils - missing input sanitising {CVE-2005-2547} [sarge] - bluez-utils 2.15-1.1 (high) NOTE: not fixed in testing at time of DSA (missing builds) [23 Aug 2005] DSA-781-1 mozilla-thunderbird - several {CVE-2005-0989 CVE-2005-1159 CVE-2005-1160 CVE-2005-1532 CVE-2005-2261 CVE-2005-2265 CVE-2005-2266 CVE-2005-2269 CVE-2005-2270} [sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.6 (medium) NOTE: not fixed in testing at time of DSA (missing builds) [22 Aug 2005] DSA-780-1 kdegraphics - wrong input sanitising {CVE-2005-2097} [woody] - kdegraphics (not affected according to DSA) [sarge] - kdegraphics 4:3.3.2-2sarge1 (bug #322458; low) NOTE: not fixed in testing at time of DSA (nor in unstable; C++ ABI transition) [21 Aug 2005] DSA-779-1 mozilla-firefox - several {CVE-2005-2260 CVE-2005-2261 CVE-2005-2262 CVE-2005-2263 CVE-2005-2264 CVE-2005-2265 CVE-2005-2266 CVE-2005-2267 CVE-2005-2268 CVE-2005-2269 CVE-2005-2270} [sarge] - mozilla-firefox 1.0.4-2sarge2 (medium) NOTE: not fixed in testing at time of DSA (build and deps) [19 Aug 2005] DSA-778-1 mantis - missing input sanitising {CVE-2005-2556 CVE-2005-2557} [sarge] - mantis 0.19.2-4 (medium) NOTE: not fixed in testing at time of DSA (nor unstable) [17 Aug 2005] DSA-777-1 mozilla - frame injection spoofing {CVE-2004-0718 CVE-2005-1937} [sarge] - mozilla 2:1.7.8-1sarge1 (medium) NOTE: not fixed in testing at time of DSA (waiting on builds) [16 Aug 2005] DSA-776-1 clamav - integer overflows, infinite loop {CVE-2005-2450} [sarge] - clamav 0.84-2.sarge.2 (medium) NOTE: not fixed in testing at time of DSA (waiting on dependencies) [12 Aug 2005] DSA-775-1 mozilla-firefox - frame injection spoofing {CVE-2004-0718 CVE-2005-1937} [sarge] - mozilla-firefox 1.0.4-2sarge1 (medium) NOTE: IMO the information about the sid fix in the DSA is wrong, pinged security@ NOTE: fixed in testing at time of DSA [12 Aug 2005] DSA-774-1 fetchmail - buffer overflow {CVE-2005-2335} [woody] - fetchmail (not affected according to DSA) [sarge] - fetchmail 6.2.5-12sarge1 (medium) NOTE: fixed in testing at time of DSA [11 Aug 2005] DSA-773-1 New amd64 packages fix several bugs NOTE: amd64 catch-up DSA, no new holes [03 Aug 2005] DSA-772-1 apt-cacher - missing input sanitising {CVE-2005-1854} [sarge] - apt-cacher 0.9.4sarge1 (high) NOTE: not fixed in testing at time of DSA (not uploaded to unstable yet) [01 Aug 2005] DSA-771-1 pdns - several {CVE-2005-2301 CVE-2005-2302} [sarge] - pdns 2.9.17-13sarge1 (medium) NOTE: not fixed in testing at time of DSA (too young) [29 Jul 2005] DSA-770-1 gopher - insecure tmpfile handling {CVE-2005-1853} [woody] - gopher 3.0.3woody3 [sarge] - gopher 3.0.7sarge1 NOTE: not fixed in testing at time of DSA (Debian server outage) [29 Jul 2005] DSA-769-1 gaim - memory alignment bug {CVE-2005-2370} [sarge] - gaim 1:1.2.1-1.4 (low) NOTE: not fixed in testing at time of DSA (?) [27 Jul 2005] DSA-768-1 phpbb2 - missing input validation {CVE-2005-2161} [sarge] - phpbb2 2.0.13+1-6sarge1 NOTE: not fixed in testing at time of DSA (Debian server outage) [27 Jul 2005] DSA-767-1 ekg - integer overflows {CVE-2005-1852} [sarge] - ekg 1:1.5+20050411-5 (medium) NOTE: not fixed in testing at time of DSA (Debian server outage) [26 Jul 2005] DSA-766-1 webcalendar - authorisation failure {CVE-2005-2320} [sarge] - webcalendar 0.9.45-4sarge1 (medium) NOTE: not fixed in testing at time of DSA (Debian server outage) [22 Jul 2005] DSA-765-1 heimdal - buffer overflow {CVE-2005-0469} [woody] - heimdal 0.4e-7.woody.11 (medium) NOTE: fixed in testing at time of DSA [21 Jul 2005] DSA-764-1 cacti - several {CVE-2005-1524 CVE-2005-1525 CVE-2005-1526 CVE-2005-2148 CVE-2005-2149} [woody] - cacti 0.6.7-2.5 (high) [sarge] - cacti 0.8.6c-7sarge2 (high) NOTE: fixed in testing at time of DSA NOTE: DSA information is incorrect, sid fix is 6f, not 6e [20 Jul 2005] DSA-763-1 zlib - buffer overflow {CVE-2005-1849} [woody] - zlib (vulnerable code introduced later) [sarge] - zlib 1:1.2.2-4.sarge.2 (medium) NOTE: not fixed in testing at time of DSA (only 1/2 days old, not built on s390) [19 Jul 2005] DSA-762-1 affix - several {CVE-2005-2250 CVE-2005-2277} [sarge] - affix 2.1.1-2 (medium) NOTE: not fixed in testing at time of DSA (only 2/2 days old) [19 Jul 2005] DSA-761-2 heartbeat - insecure temporary files {CVE-2005-2231} [woody] - heartbeat 0.4.9.0l-7.3 (medium) [sarge] - heartbeat 1.2.3-9sarge3 (medium) NOTE: not fixed in testing at time of DSA (only 0/2 days old) [18 Jul 2005] DSA-760-1 ekg - several {CVE-2005-1850 CVE-2005-1851 CVE-2005-1916} [sarge] - ekg 1:1.5+20050411-4 (low) NOTE: not fixed in testing at time of DSA (waiting on dependencies, not built on five archs) [18 Jul 2005] DSA-759-1 phppgadmin - missing input sanitising {CVE-2005-2256} [woody] - phppgadmin (not affected according to the DSA) [sarge] - phppgadmin 3.5.2-5 (medium) NOTE: not fixed in testing at time of DSA (only 0/10 days old) [18 Jul 2005] DSA-758-1 heimdal - buffer overflow {CVE-2005-2040} [woody] - heimdal 0.4e-7.woody.10 (medium) [sarge] - heimdal 0.6.3-10sarge1 (medium) NOTE: not fixed in testing at time of DSA (waiting on dependencies) [17 Jul 2005] DSA-757-1 krb5 - buffer overflow, double-free memory {CVE-2005-1689 CVE-2005-1174 CVE-2005-1175} [woody] - krb5 1.2.4-5woody10 (medium) [sarge] - krb5 1.3.6-2sarge2 (medium) NOTE: not fixed in testing at time of DSA (waiting on dependencies, not built on m68k) [14 Jul 2005] DSA-746-1 phpgroupware - remote command execution {CVE-2005-1921} [woody] - phpgroupware (high) [sarge] - phpgroupware 0.9.16.005-3.sarge0 (high) NOTE: fixed in testing at time of DSA [13 Jul 2005] DSA-756-1 squirrelmail - several {CVE-2005-1769 CVE-2005-2095} [woody] - squirrelmail 1:1.2.6-4 (medium) [sarge] - squirrelmail 2:1.4.4-6sarge1 (medium) NOTE: not fixed in testing at time of DSA (only 0/2 days old) [13 Jul 2005] DSA-755-1 tiff - buffer overflow {CVE-2005-1544} [woody] - tiff 3.5.5-7 (medium) NOTE: fixed in testing at time of DSA [13 Jul 2005] DSA-754-1 centericq - insecure temporary file {CVE-2005-1914} [woody] - centericq (not affected according to DSA) [sarge] - centericq 4.20.0-1sarge1 (low) NOTE: not fixed in testing at time of DSA (waiting on dependencies) [12 Jul 2005] DSA-753-1 gedit - format string {CVE-2005-1686} [woody] - gedit (not affected according to DSA) [sarge] - gedit 2.8.3-4sarge1 (low) NOTE: not fixed in testing at time of DSA (waiting on dependencies) [11 Jul 2005] DSA-752-1 gzip - several {CVE-2005-0988 CVE-2005-1228} [woody] - gzip 1.3.2-3woody5 NOTE: fixed in testing at time of DSA [11 Jul 2005] DSA-751-1 squid - IP spoofing {CVE-2005-1519} [woody] - squid 2.4.6-2woody9 NOTE: fixed in testing at time of DSA [10 Jul 2005] DSA-748-1 ruby1.8 - bad default value {CVE-2005-1992} [sarge] - ruby1.8 1.8.2-7sarge1 (medium) NOTE: not fixed in testing at time of DSA (waiting on dependencies) [11 Jul 2005] DSA-750-1 dhcpcd - out-of-bound memory access {CVE-2005-1848} [sarge] - dhcpcd 1:1.3.22pl4-21sarge1 NOTE: fixed in testing at time of DSA [10 Jul 2005] DSA-749-1 ettercap - format string error {CVE-2005-1796} [sarge] - ettercap 1:0.7.1-1sarge1 (medium) NOTE: fixed in testing at time of DSA [10 Jul 2005] DSA-747-1 egroupware - input validation error {CVE-2005-1921} [sarge] - egroupware 1.0.0.007-2.dfsg-2sarge1 (high) NOTE: not fixed in testing at time of DSA (only 1/2 days old) [10 Jul 2005] DSA-745-1 drupal - arbitrary command execution {CVE-2005-1921 CVE-2005-2106} [sarge] - drupal 4.5.3-3 (high) NOTE: fixed in testing at time of DSA [08 Jul 2005] DSA-744-1 fuse - programming error {CVE-2005-1858} [sarge] - fuse 2.2.1-4sarge2 NOTE: fixed in testing at time of DSA [08 Jul 2005] DSA-743-1 ht - buffer overflows, integer overflows {CVE-2005-1545 CVE-2005-1546} [woody] - ht 0.5.0-1woody4 [sarge] - ht 0.8.0-2sarge4 NOTE: fixed in testing at time of DSA [09 Jul 2005] DSA-742-1 cvs - buffer overflow {CVE-2005-0753} [woody] - cvs 1.11.1p1debian-12 NOTE: fixed in testing at time of DSA [07 Jul 2005] DSA-741-1 bzip2 - infinite loop {CVE-2005-1260} [woody] - bzip2 1.0.2-1.woody5 (low) NOTE: fixed in testing at time of DSA [06 Jul 2005] DSA-740-1 zlib - buffer overflow {CVE-2005-2096} [woody] - zlib (vulnerability was introduced later) [sarge] - zlib 1:1.2.2-4.sarge.1 (medium) NOTE: anything statically linking zlib needs rebuild NOTE: not fixed in testing at time of DSA (embargoed disclosure) [06 Jul 2005] DSA-739-1 trac - missing input sanitising {CVE-2005-2147} [sarge] - trac 0.8.1-3sarge2 (medium) NOTE: fixed in testing at time of DSA [19 May 2005] DSA-725-2 ppxp - missing privilege release {CVE-2005-0392} [sarge] - ppxp 0.2001080415-10sarge2 NOTE: fixed in testing at time of DSA [05 Jul 2005] DSA-738-1 razor - email header parsing error {CVE-2005-2024} [woody] - razor (not affected according to DSA) [sarge] - razor 2.670-1sarge2 (low) NOTE: not fixed in testing at time of DSA (not built on arm) [05 Jul 2005] DSA-737-1 clamav - various DOS vulnerabilities {CVE-2005-1922 CVE-2005-1923 CVE-2005-2056 CVE-2005-2070} [sarge] - clamav 0.84-2.sarge.1 (medium) NOTE: not fixed in testing at time of DSA (uploaded with low urgency only, one fix missing for sid) [05 Jul 2005] DSA-734-1 gaim - denial of service {CVE-2005-1269 CVE-2005-1934} [woody] - gaim (DSA: "does not seem to be affected") [sarge] - gaim 1:1.2.1-1.3 NOTE: not fixed in testing at time of DSA (not built on sparc) [01 Jul 2005] DSA-736-2 spamassassin - mail header parsing error {CVE-2005-1266} [woody] - spamassassin (not vulnerable according to DSA) [sarge] - spamassassin 3.0.3-2 NOTE: fixed in testing at time of DSA NOTE: Some architectures were not ready, that's why another DSA was NOTE: issued. [01 Jul 2005] DSA-736-1 spamassassin - mail header parsing error {CVE-2005-1266} [woody] - spamassassin (not vulnerable according to DSA) [sarge] - spamassassin 3.0.3-2 NOTE: fixed in testing at time of DSA [08 Jul 2005] DSA-735-2 sudo - pathname validation race {CVE-2005-1993} [woody] - sudo 1.6.6-1.3woody1 (medium) [sarge] - sudo 1.6.8p7-1.1sarge1 (medium) NOTE: fixed in testing at time of DSA NOTE: Some architectures were not ready, that's why another DSA was NOTE: issued. [01 Jul 2005] DSA-735-1 sudo - pathname validation race {CVE-2005-1993} [woody] - sudo 1.6.6-1.3woody1 (medium) [sarge] - sudo 1.6.8p7-1.1sarge1 (medium) NOTE: not fixed in testing at time of DSA [30 Jun 2005] DSA-733-1 crip - insecure temporary files {CVE-2005-0393} [sarge] - crip 3.5-1sarge2 (low) NOTE: not fixed in testing at time of DSA (reserved) [03 Jun 2005] DSA-732-1 mailutils - several {CVE-2005-1520 CVE-2005-1521 CVE-2005-1522 CVE-2005-1523} [woody] - mailutils 20020409-1woody2 NOTE: fixed in testing at time of DSA [02 Jun 2005] DSA-731-1 krb4 - buffer overflows {CVE-2005-0468 CVE-2005-0469} [woody] - krb4 1.1-8-2.4 NOTE: fixed in testing at time of DSA [27 May 2005] DSA-730-1 bzip2 - race condition {CVE-2005-0953} [woody] - bzip2 1.0.2-1.woody2 NOTE: fixed in testing at time of DSA [26 May 2005] DSA-729-1 php4 - missing input sanitising {CVE-2005-0525} [woody] - php4 4:4.1.2-7.woody4 NOTE: fixed in testing at time of DSA [25 May 2005] DSA-728-1 qpopper - missing privilege release {CVE-2005-1151 CVE-2005-1152} [woody] - qpopper 4.0.4-2.woody.5 NOTE: fixed in testing at time of DSA by security team [20 May 2005] DSA-727-1 libconvert-uulib-perl - buffer overflow {CVE-2005-1349} [woody] - libconvert-uulib-perl 0.201-2woody1 NOTE: fixed in testing at time of DSA [20 May 2005] DSA-726-1 oops - format string vulnerability {CVE-2005-1121} [woody] - oops 1.5.19.cvs.20010818-0.1woody1 NOTE: not in testing at time of DSA [19 May 2005] DSA-725-1 ppxp - missing privilege release {CVE-2005-0392} [woody] - ppxp 0.2001080415-6woody2 NOTE: not fixed in testing at time of DSA [18 May 2005] DSA-724-1 phpsysinfo - design flaw {CVE-2005-0870} [woody] - phpsysinfo 2.0-3woody2 NOTE: fixed in testing at time of DSA [09 May 2005] DSA-723-1 xfree86 - buffer overflow {CVE-2005-0605} [woody] - xfree86 4.1.0-16woody6 NOTE: not fixed in testing at time of DSA [09 May 2005] DSA-722-1 smail - buffer overflow {CVE-2005-0892} [woody] - smail 3.2.0.114-4woody1 NOTE: Package not in testing at time of DSA [06 May 2005] DSA-721-1 squid - design flaw {CVE-2005-1345} [woody] - squid 2.4.6-2woody8 NOTE: not fixed in testing at time of DSA [03 May 2005] DSA-720-1 smartlist - wrong input processing {CVE-2005-0157} [woody] - smartlist 3.15-5.woody.1 NOTE: fixed in testing at time of DSA [28 Apr 2005] DSA-719-1 prozilla - format string problems {CVE-2005-0523} [woody] - prozilla 1:1.3.6-3woody2 NOTE: fixed in testing at time of DSA [28 Apr 2005] DSA-718-1 ethereal - buffer overflow {CVE-2005-0739} [woody] - ethereal 0.9.4-1woody12 NOTE: fixed in testing at time of DSA [27 Apr 2005] DSA-717-1 lsh-utils - buffer overflow, typo {CVE-2003-0826 CVE-2005-0814} [woody] - lsh-utils 1.2.5-2woody3 NOTE: fixed in testing at time of DSA [27 Apr 2005] DSA-716-1 gaim - denial of service {CVE-2005-0472} [woody] - gaim 1:0.58-2.5 NOTE: fixed in testing at time of DSA [27 Apr 2005] DSA-715-1 cvs - several {CVE-2004-1342 CVE-2004-1343} [woody] - cvs 1.11.1p1debian-10 NOTE: not fixed in testing at time of DSA [26 Apr 2005] DSA-714-1 kdelibs - several {CVE-2005-1046} [woody] - kdelibs 4:2.2.2-13.woody.14 NOTE: not fixed in testing at time of DSA [21 Apr 2005] DSA-701-2 samba - integer overflows NOTE: only a bug in the backported fix to stable, testing is ok [21 Apr 2005] DSA-713-1 junkbuster - several {CVE-2005-1108 CVE-2005-1109} [woody] - junkbuster 2.0.2-0.2woody1 (bug #304793) [19 Apr 2005] DSA-712-1 geneweb - insecure file operations {CVE-2005-0391} [woody] - geneweb 4.06-2woody1 NOTE: fixed in testing at time of DSA [19 Apr 2005] DSA-711-1 info2www - missing input sanitising {CVE-2004-1341} [woody] - info2www 1.2.2.9-20woody1 NOTE: fixed in testing at time of DSA [18 Apr 2005] DSA-710-1 gtkhtml - null pointer dereference {CVE-2003-0541} [woody] - gtkhtml 1.0.2-1.woody1 NOTE: fixed in testing at time of DSA [15 Apr 2005] DSA-709-1 libexif - buffer overflow {CVE-2005-0664} [woody] - libexif 0.5.0-1woody1 (bug #298464) [15 Apr 2005] DSA-708-1 php3 - missing input sanitising {CVE-2005-0525} [woody] - php3 3:3.0.18-23.1woody3 (bug #302701) [13 Apr 2005] DSA-707-1 mysql - several {CVE-2004-0957 CVE-2005-0709 CVE-2005-0710 CVE-2005-0711} [woody] - mysql 3.23.49-8.11 NOTE: not fixed in testing at time of DSA [13 Apr 2005] DSA-706-1 axel - buffer overflow {CVE-2005-0390} [woody] - axel 1.0a-1woody1 NOTE: fixed in testing at time of DSA [04 Apr 2005] DSA-705-1 wu-ftpd - missing input sanitising {CVE-2005-0256} [woody] - wu-ftpd 2.6.2-3woody5 NOTE: DSA mentions CVE-2003-0854 as fixed, but this update only NOTE: contains a workaround. [04 Apr 2005] DSA-704-1 remstats - tempfile, missing input sanitising {CVE-2005-0387 CVE-2005-0388} [woody] - remstats 1.00a4-8woody1 NOTE: not fixed in testing at time of DSA [01 Apr 2005] DSA-703-1 krb5 - buffer overflows {CVE-2005-0468 CVE-2005-0469} [woody] - krb5 1.2.4-5woody8 [01 Apr 2005] DSA-702-1 imagemagick - several {CVE-2005-0397 CVE-2005-0759 CVE-2005-0760 CVE-2005-0762} [woody] - imagemagick 4:5.4.4.5-1woody6 [31 Mar 2005] DSA-701-1 samba - integer overflows {CVE-2004-1154} [woody] - samba 2.2.3a-15 [30 Mar 2005] DSA-700-1 mailreader - missing input sanitising {CVE-2005-0386} [woody] - mailreader 2.3.29-5woody2 NOTE: not fixed in testing at time of DSA [29 Mar 2005] DSA-699-1 netkit-telnet-ssl - buffer overflow {CVE-2005-0469} [woody] - netkit-telnet-ssl 0.17.17+0.1-2woody4 NOTE: not fixed in testing at time of DSA [29 Mar 2005] DSA-698-1 mc - buffer overflow {CVE-2005-0763} [woody] - mc 4.5.55-1.2woody6 NOTE: Seems to be a "fix the fix", correcting a previous DSA. [29 Mar 2005] DSA-697-1 netkit-telnet - buffer overflow {CVE-2005-0469} [woody] - netkit-telnet 0.17-18woody3 NOTE: not fixed in testing at time of DSA [22 Mar 2005] DSA-696-1 perl - design flaw {CVE-2005-0448} [woody] - perl 5.6.1-8.9 NOTE: fixed in testing at time of DSA NOTE: (sid version in DSA is 5.8.4-8, but 5.8.4-7 is more correct) [21 Mar 2005] DSA-695-1 xli - buffer overflow, input sanitising, integer overflow {CVE-2001-0775 CVE-2005-0638 CVE-2005-0639} [woody] - xli 1.17.0-11woody1 NOTE: not fixed in testing at time of DSA [21 Mar 2005] DSA-694-1 xloadimage - missing input sanitising, integer overflow {CVE-2005-0638 CVE-2005-0639} [woody] - xloadimage 4.1-10woody1 NOTE: not fixed in testing at time of DSA [14 Mar 2005] DSA-693-1 luxman - buffer overflow {CVE-2005-0385} NOTE: not fixed in testing at time of DSA NOTE: not in unstable at time of DSA though DSA claimed it was [woody] - luxman 0.41-17.2 [14 Mar 2005] DSA-662-2 squirrelmail - several NOTE: only an update to a prior DSA, did not affct sid/sarge. [08 Mar 2005] DSA-692-1 kppp - design flaw {CVE-2005-0205} [woody] - kdenetwork 4:2.2.2-14.7 NOTE: fixed in testing at time of DSA [07 Mar 2005] DSA-691-1 abuse - several {CVE-2005-0098 CVE-2005-0099} [woody] - abuse 2.00+-3woody4 NOTE: not in unstable/testing [25 Feb 2005] DSA-690-1 bsmtpd - missing input sanitising {CVE-2005-0107} [woody] - bsmtpd 2.3pl8b-12woody1 NOTE: not fixed in testing at time of DSA [23 Feb 2005] DSA-689-1 libapache-mod-python - missing input sanitising {CVE-2005-0088} [woody] - libapache-mod-python 2:2.7.8-0.0woody5 NOTE: fixed in testing at time of DSA [23 Feb 2005] DSA-688-1 squid - mising input sanitising {CVE-2005-0446} [woody] - squid 2.4.6-2woody7 NOTE: fixed in testing at time of DSA [21 Feb 2005] DSA-674-3 mailman - cross-site scripting, directory traversal NOTE: only fixed bug in DSA [18 Feb 2005] DSA-687-1 bidwatcher - format string {CVE-2005-0158} [woody] - bidwatcher 1.3.3-1woody1 NOTE: not fixed in testing at time of DSA [17 Feb 2005] DSA-686-1 gftp - missing input sanitising {CVE-2005-0372} [woody] - gftp 2.0.11-1woody1 NOTE: not fixed in testing at time of DSA [17 Feb 2005] DSA-685-1 emacs21 - format string {CVE-2005-0100} [woody] - emacs21 21.2-1woody3 NOTE: not fixed in testing at time of DSA [16 Feb 2005] DSA-684-1 typespeed - format string {CVE-2005-0105} [woody] - typespeed 0.4.4-8 NOTE: not fixed in testing at time of DSA [15 Feb 2005] DSA-683-1 postgresql - buffer overflows {CVE-2005-0245 CVE-2005-0247} [woody] - postgresql 7.2.1-2woody8 NOTE: fixed in testing at time of DSA [15 Feb 2005] DSA-682-1 awstats - missing input sanitising {CVE-2005-0363} [woody] - awstats 4.0-0.woody.2 NOTE: not fixed in testing at time of DSA [14 Feb 2005] DSA-681-1 synaesthesia - privilege escalation {CVE-2005-0070} [woody] - synaesthesia 2.1-2.1woody3 NOTE: does not apply for sarge, program is not setuid anymore [14 Feb 2005] DSA-680-1 htdig - unsanitised input {CVE-2005-0085} [woody] - htdig 3.1.6-3woody1 NOTE: fixed in testing at time of DSA [14 Feb 2005] DSA-679-1 toolchain-source - insecure temporary files {CVE-2005-0159} [woody] - toolchain-source 3.0.4-1woody1 NOTE: not fixed in testing at time of DSA [11 Feb 2005] DSA-678-1 netkit-rwho - missing input validation {CVE-2004-1180} [woody] - netkit-rwho 0.17-4woody2 NOTE: not fixed in testing at time of DSA [11 Feb 2005] DSA-677-1 sympa - buffer overflow {CVE-2005-0073} [woody] - sympa 3.3.3-3woody2 NOTE: not fixed in testing at time of DSA [11 Feb 2005] DSA-676-1 xpcd - buffer overflow {CVE-2005-0074} [woody] - xpcd 2.08-8woody3 NOTE: not fixed in testing at time of DSA [11 Feb 2005] DSA-674-2 mailman - cross-site scripting, directory traversal NOTE: only fixed bug in DSA [10 Feb 2005] DSA-675-1 hztty - privilege escalation {CVE-2005-0019} [woody] - hztty 2.0-5.2woody2 NOTE: not fixed in testing at time of DSA [10 Feb 2005] DSA-674-1 mailman - cross-site scripting, directory traversal {CVE-2004-1177 CVE-2005-0202} [woody] - mailman 2.0.11-1woody11 NOTE: not fixed in testing at time of DSA [10 Feb 2005] DSA-673-1 evolution - integer overflow {CVE-2005-0102} [woody] - evolution 1.0.5-1woody2 NOTE: fixed in testing at time of DSA [09 Feb 2005] DSA-672-1 xview - buffer overflows {CVE-2005-0076} [woody] - xview 3.2p1.4-16woody2 NOTE: not fixed in testing at time of DSA [08 Feb 2005] DSA-671-1 xemacs21 - format string {CVE-2005-0100} NOTE: not fixed in testing at time of DSA [woody] - xemacs21 21.4.6-8woody2 [08 Feb 2005] DSA-670-1 emacs20 - format string {CVE-2005-0100} [woody] - emacs20 20.7-13.3 NOTE: also affects emacs21 in unstable, fixed [04 Feb 2005] DSA-669-1 php3 - several {CVE-2004-0594 CVE-2004-0595} [woody] - php3 3:3.0.18-23.1woody2 NOTE: fixed in testing at time of DSA [04 Feb 2005] DSA-668-1 postgresql - privilege escalation {CVE-2005-0227} [woody] - postgresql 7.2.1-2woody7 NOTE: not fixed in testing at time of DSA [04 Feb 2005] DSA-667-1 squid - several {CVE-2005-0173 CVE-2005-0175 CVE-2005-0194 CVE-2005-0211} [woody] - squid 2.4.6-2woody6 NOTE: not fixed in testing at time of DSA [04 Feb 2005] DSA-666-1 python2.2 - design flaw {CVE-2005-0089} [woody] - python2.2 2.2.1-4.7 NOTE: not fixed in testing at time of DSA [04 Feb 2005] DSA-665-1 ncpfs - missing privilege release {CVE-2005-0013} [woody] - ncpfs 2.2.0.18-10woody2 NOTE: not fixed in testing at time of DSA [02 Feb 2005] DSA-664-1 cpio - broken file permissions {CVE-1999-1572} [woody] - cpio 2.4.2-39woody1 NOTE: not fixed in testing at time of DSA [02 Feb 2005] DSA-663-1 prozilla - buffer overflows {CVE-2004-1120} [woody] - prozilla 1:1.3.6-3woody3 NOTE: fixed in testing at time of DSA [01 Feb 2005] DSA-662-1 squirrelmail - several {CVE-2005-0104 CVE-2005-0152} [woody] - squirrelmail 1:1.2.6-3 NOTE: CVE-2005-0152 only exists in 1.2.6 version NOTE: fixed in testing at time of DSA [20 Apr 2005] DSA-661-2 f2c - insecure temporary files {CVE-2005-0017 CVE-2005-0018} [woody] - f2c 20010821-3.2 (bug #292792) NOTE: not fixed in testing at time of DSA [26 Jan 2005] DSA-660-1 kdebase - missing return value check {CVE-2005-0078} [woody] - kdebase 4:2.2.2-14.9 NOTE: fixed in testing at time of DSA [26 Jan 2005] DSA-659-1 libpam-radius-auth - information leak, integer underflow {CVE-2004-1340 CVE-2005-0108} [woody] - libpam-radius-auth 1.3.14-1.3 NOTE: 1/2 fixed in testing at time of DSA [25 Jan 2005] DSA-658-1 libdbi-perl - insecure temporary file {CVE-2005-0077} [woody] - libdbi-perl 1.21-2woody2 NOTE: not fixed in testing at time of DSA [25 Jan 2005] DSA-657-1 xine-lib - buffer overflow {CVE-2004-1379} [woody] - xine-lib 0.9.8-2woody2 NOTE: fixed in testing at time of DSA [25 Jan 2005] DSA-656-1 vdr - insecure file access {CVE-2005-0071} [woody] - vdr 1.0.0-1woody2 NOTE: not fixed in testing at time of DSA [25 Jan 2005] DSA-655-1 zhcon - missing privilege release {CVE-2005-0072} [woody] - zhcon 1:0.2-4woody3 NOTE: not fixed in testing at time of DSA [21 Jan 2005] DSA-654-1 enscript - several {CVE-2004-1184 CVE-2004-1185 CVE-2004-1186} [woody] - enscript 1.6.3-1.3 NOTE: not fixed in testing at time of DSA [21 Jan 2005] DSA-653-1 ethereal - buffer overflow {CVE-2005-0084} [woody] - ethereal 0.9.4-1woody11 NOTE: not fixed in testing at time of DSA [21 Jan 2005] DSA-652-1 unarj {CVE-2004-0947 CVE-2004-1027} [woody] - unarj 2.43-3woody1 NOTE: package was in non-free, different code base [20 Jan 2005] DSA-651-1 squid - buffer overflow, integer overflow {CVE-2005-0094 CVE-2005-0095} [woody] - squid 2.4.6-2woody5 NOTE: not fixed in testing at time of DSA [20 Jan 2005] DSA-650-1 sword - missing input sanitising {CVE-2005-0015} [woody] - sword 1.5.3-3woody2 NOTE: not fixed in testing at time of DSA [20 Jan 2005] DSA-649-1 xtrlock - buffer overflow {CVE-2005-0079} [woody] - xtrlock 2.0-6woody2 NOTE: fixed in testing at time of DSA [19 Jan 2005] DSA-648-1 xpdf - buffer overflow {CVE-2005-0064} [woody] - xpdf 1.00-3.4 NOTE: not fixed in testing at time of DSA [19 Jan 2005] DSA-647-1 mysql - insecure temporary files {CVE-2005-0004} [woody] - mysql 3.23.49-8.9 NOTE: not fixed in testing at time of DSA [19 Jan 2005] DSA-646-1 imagemagick - buffer overflow {CVE-2005-0005} [woody] - imagemagick 4:5.4.4.5-1woody5 NOTE: not fixed in testing at time of DSA [19 Jan 2005] DSA-645-1 cupsys - buffer overflow {CVE-2005-0064} NOTE: cupsys not affected in sarge, though other programs are vulnerable NOTE: see CVE/list [woody] - cupsys 1.1.14-5woody12 NOTE: not fixed in testing at time of DSA [18 Jan 2005] DSA-644-1 chbg - buffer overflow {CVE-2004-1264} [woody] - chbg 1.5-1woody1 NOTE: fixed in testing at time of DSA [18 Jan 2005] DSA-643-1 queue - buffer overflows {CVE-2004-0555} [woody] - queue 1.30.1-4woody2 NOTE: not fixed in testing at time of DSA [17 Jan 2005] DSA-642-1 gallery - several {CVE-2004-1106} [woody] - gallery 1.2.5-8woody3 NOTE: fixed in testing at time of DSA [17 Jan 2005] DSA-641-1 playmidi - buffer overflow {CVE-2005-0020} [woody] - playmidi 2.4-4woody1 NOTE: not fixed in testing at time of DSA [17 Jan 2005] DSA-640-1 gatos - buffer overflow {CVE-2005-0016} [woody] - gatos 0.0.5-6woody3 NOTE: not fixed in testing at time of DSA [14 Jan 2005] DSA-639-1 mc - several {CVE-2004-1004 CVE-2004-1005 CVE-2004-1009 CVE-2004-1090 CVE-2004-1091 CVE-2004-1092 CVE-2004-1093 CVE-2004-1174 CVE-2004-1175 CVE-2004-1176} NOTE: unstable not vulnerable according to DSA NOTE: DSA was wrong.. [woody] - mc 4.5.55-1.2woody5 NOTE: not fixed in testing at time of DSA [13 Jan 2005] DSA-638-1 gopher - several {CVE-2004-0560 CVE-2004-0561} [woody] - gopher 3.0.3woody2 NOTE: gopherd binary package removed post-woody [13 Jan 2005] DSA-637-1 exim-tls - buffer overflow {CVE-2005-0021} [woody] - exim-tls 3.35-3woody3 NOTE: not in sarge [12 Jan 2005] DSA-636-1 glibc - insecure temporary files {CVE-2004-0968} [woody] - glibc 2.2.5-11.8 NOTE: fixed in testing at time of DSA [12 Jan 2005] DSA-635-1 exim - buffer overflow {CVE-2005-0021} [woody] - exim 3.35-1woody4 NOTE: exim4 fixed in testing at time of DSA NOTE: exim not fixed in testing at time of DSA [11 Jan 2005] DSA-634-1 hylafax - weak hostname and username validation {CVE-2004-1182} [woody] - hylafax 1:4.1.1-3.1 NOTE: fixed in testing at time of DSA [11 Jan 2005] DSA-633-1 bmv - insecure temporary file {CVE-2003-0014} [woody] - bmv 1.2-14.2 NOTE: fixed in testing at time of DSA [10 Jan 2005] DSA-632-1 linpopup - buffer overflow {CVE-2004-1282} [woody] - linpopup 1.2.0-2woody1 NOTE: fixed in testing at time of DSA [10 Jan 2005] DSA-631-1 kdelibs - unsanitised input {CVE-2004-1165} [woody] - kdelibs 4:2.2.2-13.woody.13 NOTE: not fixed in testing at time of DSA [10 Jan 2005] DSA-630-1 lintian - insecure temporary directory {CVE-2004-1000} [woody] - lintian 1.20.17.1 NOTE: not fixed in testing at time of DSA [07 Jan 2005] DSA-629-1 krb5 - buffer overflow {CVE-2004-1189} [woody] - krb5 1.2.4-5woody7 NOTE: not fixed in testing at time of DSA [06 Jan 2005] DSA-628-1 imlib2 - integer overflows {CVE-2004-1026} [woody] - imlib2 1.0.5-2woody2 NOTE: not fixed in testing at time of DSA [06 Jan 2005] DSA-627-1 namazu2 - unsanitised input {CVE-2004-1318} [woody] - namazu2 2.0.10-1woody3 NOTE: not fixed in testing at time of DSA [06 Jan 2005] DSA-626-1 tiff - unsanitised input {CVE-2004-1183} [woody] - tiff 3.5.5-6.woody5 NOTE: not fixed in testing at time of DSA [05 Jan 2005] DSA-625-1 pcal - buffer overflows {CVE-2004-1289} [woody] - pcal 4.7-8woody1 NOTE: not fixed in testing at time of DSA [05 Jan 2005] DSA-624-1 zip - buffer overflow {CVE-2004-1010} [woody] - zip 2.30-5woody2 NOTE: fixed in testing at time of DSA [04 Jan 2005] DSA-623-1 nasm - buffer overflow {CVE-2004-1287} [woody] - nasm 0.98.28cvs-1woody2 [03 Jan 2005] DSA-622-1 htmlheadline - insecure temporary files {CVE-2004-1181} [woody] - htmlheadline 21.8-3 NOTE: not in unstable [31 Dec 2004] DSA-621-1 cupsys - buffer overflow {CVE-2004-1125} [woody] - cupsys 1.1.14-5woody11 [30 Dec 2004] DSA-620-1 perl - insecure temporary files / directories {CVE-2004-0452 CVE-2004-0976} [woody] - perl 5.6.1-8.8 [30 Dec 2004] DSA-619-1 xpdf - buffer overflow {CVE-2004-1125} [woody] - xpdf 1.00-3.3 [24 Dec 2004] DSA-618-1 imlib - buffer overflows, integer overflows {CVE-2004-1025 CVE-2004-1026} [woody] - imlib 1.9.14-2woody2 [24 Dec 2004] DSA-617-1 libtiff - insufficient input validation {CVE-2004-1308} [woody] - tiff 3.5.5-6.woody3 [23 Dec 2004] DSA-616-1 telnetd-ssl - format string {CVE-2004-0998} [woody] - netkit-telnet-ssl 0.17.17+0.1-2woody3 [22 Dec 2004] DSA-615-1 debmake - insecure temporary file {CVE-2004-1179} [woody] - debmake 3.6.10.woody.1 [21 Dec 2004] DSA-614-1 xzgv - integer overflows {CVE-2004-0994} [woody] - xzgv 0.7-6woody2 [21 Dec 2004] DSA-613-1 ethereal - infinite loop {CVE-2004-1142} [woody] - ethereal 0.9.4-1woody9 [20 Dec 2004] DSA-612-1 a2ps - unsanitised input {CVE-2004-1170} [woody] - a2ps 1:4.13b-4.2 [20 Dec 2004] DSA-611-1 htget - buffer overflow {CVE-2004-0852} [woody] - htget 0.93-1.1woody1 [17 Dec 2004] DSA-610-1 cscope - insecure temporary file {CVE-2004-0996} [woody] - cscope 15.3-1woody2 [14 Dec 2004] DSA-609-1 atari800 - buffer overflows {CVE-2004-1076} [woody] - atari800 1.2.2-1woody3 [14 Dec 2004] DSA-608-1 zgv - integer overflows, unsanitised input {CVE-2004-1095 CVE-2004-0999} [woody] - zgv 5.5-3woody1 [10 Dec 2004] DSA-607-1 xfree86 - several {CVE-2004-0914} [woody] - xfree86 4.1.0-16woody5 [08 Dec 2004] DSA-606-1 nfs-utils - wrong signal handler {CVE-2004-1014} [woody] - nfs-utils 1.0-2woody2 [06 Dec 2004] DSA-605-1 viewcvs - settings not honored {CVE-2004-0915} [woody] - viewcvs 0.9.2-4woody1 [03 Dec 2004] DSA-604-1 hpsockd - missing input sanitising {CVE-2004-0993} [woody] - hpsockd 0.6.woody1 [01 Dec 2004] DSA-603-1 openssl - insecure temporary file {CVE-2004-0975} [woody] - openssl 0.9.6c-2.woody.7 [29 Nov 2004] DSA-602-1 libgd2 - integer overlow {CVE-2004-0941 CVE-2004-0990} NOTE: different from fixes from earlier DSA for these CVEs; 2004-0941 new [woody] - libgd2 2.0.1-10woody2 [29 Nov 2004] DSA-601-1 libgd1 - integer overflow {CVE-2004-0941 CVE-2004-0990} NOTE: different from fixes from earlier DSA for these CVEs; 2004-0941 new [woody] - libgd 1.8.4-17.woody4 [25 Nov 2004] DSA-599-1 tetex-bin - integer overflows {CVE-2004-0888} [woody] - tetex-bin 1.0.7+20011202-7.3 [25 Nov 2004] DSA-598-1 yardradius - buffer overflow {CVE-2004-0987} [woody] - yardradius 1.0.20-2woody1 [25 Nov 2004] DSA-597-1 cyrus-imapd - buffer overflow {CVE-2004-1012 CVE-2004-1013} [woody] - cyrus21-imapd 1.5.19-9.2 [24 Nov 2004] DSA-596-2 sudo - missing input sanitising {CVE-2004-1051} [woody] - sudo 1.6.6-1.3 [24 Nov 2004] DSA-595-1 bnc - buffer overflow {CVE-2004-1052} [woody] - bnc 2.6.4-3.3 [17 Nov 2004] DSA-594-1 apache - buffer overflows {CVE-2004-0940} [woody] - apache 1.3.26-0woody6 [16 Nov 2004] DSA-593-1 imagemagick - buffer overflow {CVE-2004-0981} [woody] - imagemagick 5.4.4.5-1woody4 [12 Nov 2004] DSA-592-1 ez-ipupdate - format string {CVE-2004-0980} [woody] - ez-ipupdate 3.0.11b5-1woody2 [09 Nov 2004] DSA-591-1 libgd2 - integer overflows {CVE-2004-0990} [woody] - libgd 1.8.4-17.woody3 [woody] - libgd2 2.0.1-10woody1 [09 Nov 2004] DSA-590-1 gnats - format string vulnerability {CVE-2004-0623} [woody] - gnats 3.999.beta1+cvs20020303-2 [09 Nov 2004] DSA-589-1 libgd - integer overflows {CVE-2004-0990} [woody] - libgd 1.8.4-17.woody3 [08 Nov 2004] DSA-588-1 gzip - insecure temporary files {CVE-2004-0970} [woody] - gzip 1.3.2-3woody3 [08 Nov 2004] DSA-587-1 freeamp - buffer overflow {CVE-2004-0964} [woody] - freeamp 2.1.1.0-4woody2 NOTE: Was later renamed to zinf [08 Nov 2004] DSA-586-1 ruby - infinite loop {CVE-2004-0983} [woody] - ruby 1.6.7-3woody4 [05 Nov 2004] DSA-585-1 shadow - programming error {CVE-2004-1001} [woody] - shadow 20000902-12woody1 [04 Nov 2004] DSA-584-1 dhcp - format string vulnerability {CVE-2004-1006} [woody] - dhcp 2.0pl5-11woody1 [03 Nov 2004] DSA-583-1 lvm10 - insecure temporary directory {CVE-2004-0972} [woody] - lvm10 1.0.4-5woody2 [02 Nov 2004] DSA-582-1 libxml - buffer overflow {CVE-2004-0989} [woody] - libxml 1.8.17-2woody2 [woody] - libxml2 2.4.19-4woody2 [01 Nov 2004] DSA-581-1 xpdf - integer overflows {CVE-2004-0888} [woody] - xpdf 1.00-3.2 [01 Nov 2004] DSA-580-1 iptables - missing initialisation {CVE-2004-0986} [woody] - iptables 1.2.6a-5.0woody2 [01 Nov 2004] DSA-579-1 abiword - buffer overflow {CVE-2004-0645} [woody] - abiword 1.0.2+cvs.2002.06.05-1woody2 [01 Nov 2004] DSA-578-1 mpg123 - buffer overflow {CVE-2004-0982} [woody] - mpg123 0.59r-13woody4 [29 Oct 2004] DSA-577-1 postgresql - symlink vulnerability {CVE-2004-0977} [woody] - postgresql 7.2.1-2woody6 [29 Oct 2004] DSA-576-1 squid - multiple {CVE-1999-0710 CVE-2004-0918} [woody] - squid 2.4.6-2woody4 [28 Oct 2004] DSA-575-1 catdoc - insecure temporary file {CVE-2003-0193} [woody] - catdoc 0.91.5-1.woody3 [28 Oct 2004] DSA-574-1 cabextract - missing directory sanitising {CVE-2004-0916} [woody] - cabextract 0.2-2b [21 Oct 2004] DSA-573-1 cupsys - integer overflows {CVE-2004-0888} [woody] - cupsys 1.1.14-5woody10 [21 Oct 2004] DSA-572-1 ecartis - multiple {CVE-2004-0913} [woody] - ecartis 0.129a+1.0.0-snap20020514-1.3 [20 Oct 2004] DSA-571-1 libpng3 - buffer overflows, integer overflow {CVE-2004-0599} [woody] - libpng3 1.2.1-1.1.woody.9 [20 Oct 2004] DSA-570-1 libpng - integer overflow {CVE-2004-0599} [woody] - libpng 1.0.12-3.woody.9 [18 Oct 2004] DSA-569-1 netkit-telnet-ssl - invalid free(3) {CVE-2004-0911} [woody] - netkit-telnet-ssl 0.17.17+0.1-2woody2 [16 Oct 2004] DSA-568-1 cyrus-sasl-mit - unsanitised input {CVE-2004-0884} [woody] - cyrus-sasl-mit 1.5.24-15woody3 [15 Oct 2004] DSA-567-1 tiff - heap overflows {CVE-2004-0803 CVE-2004-0804 CVE-2004-0886} [woody] - tiff 3.5.5-6woody1 [14 Oct 2004] DSA-566-1 cupsys - unsanitised input {CVE-2004-0923} [woody] - cupsys 1.1.14-5woody7 [13 Oct 2004] DSA-565-1 sox - buffer overflows {CVE-2004-0557} [woody] - sox 12.17.3-4woody2 (bug #262083) [13 Oct 2004] DSA-564-1 mpg123 - missing user input sanitising {CVE-2004-0805} [woody] - mpg123 0.59r-13woody3 [12 Oct 2004] DSA-563-3 cyrus-sasl - unsanitised input {CVE-2004-0884} [woody] - cyrus-sasl 1.5.27-3.1woody5 (bug #275432) NOTE: 563-1 and 563-2 had problems on sparc/arm and with sendmail [11 Oct 2004] DSA-562-2 mysql - several vulnerabilities {CVE-2004-0835 CVE-2004-0836 CVE-2004-0837} [woody] - mysql 3.23.49-8.8 [11 Oct 2004] DSA-561-1 xfree86 - integer and stack overflows {CVE-2004-0687 CVE-2004-0688} [woody] - xfree86 4.1.0-16woody4 [07 Oct 2004] DSA-600-1 samba - arbitrary file access {CVE-2004-0815} [woody] - samba 2.2.3a-14.1 [07 Oct 2004] DSA-560-1 lesstif1-1 - integer and stack overflows {CVE-2004-0687 CVE-2004-0688} [woody] - lesstif1-1 0.93.18-5 [06 Oct 2004] DSA-559-1 net-acct - insecure temporary file {CVE-2004-0851} [woody] - net-acct 0.71-5woody1 [06 Oct 2004] DSA-558-1 libapache-mod-dav - null pointer dereference {CVE-2004-0809} [woody] - libapache-mod-dav 1.0.3-3.1 [04 Oct 2004] DSA-557-1 pppoe - missing privilegue dropping {CVE-2004-0564} [woody] - rp-pppoe 3.3-1.2 [03 Oct 2004] DSA-556-1 netkit-telnet - invalid free(3) {CVE-2004-0911} [woody] - netkit-telnet 0.17-18woody2 [30 Sep 2004] DSA-555-1 freenet6 - file permissions {CVE-2004-0563} [woody] - freenet6 0.9.6-1woody2 [27 Sep 2004] DSA-554-1 sendmail - pre-set password {CVE-2004-0833} [woody] - sendmail 8.12.3-7.1 [27 Sep 2004] DSA-553-1 getmail - symlink vulnerability {CVE-2004-0880 CVE-2004-0881} [woody] - getmail 2.3.7-2 [22 Sep 2004] DSA-552-1 imlib2 - unsanitised input {CVE-2004-0802} [woody] - imlib2 1.0.5-2woody1 [21 Sep 2004] DSA-551-1 lukemftpd - incorrect internal variable handling {CVE-2004-0794} [woody] - lukemftpd 1.1-1woody2 [20 Sep 2004] DSA-550-1 wv - buffer overflow {CVE-2004-0645} [woody] - wv 0.7.1+rvt-2woody3 (bug #264972) [17 Sep 2004] DSA-549-1 gtk+2.0 - multiple holes {CVE-2004-0782 CVE-2004-0783 CVE-2004-0788} [woody] - gtk+2.0 2.0.2-5woody2 [26 Oct 2005] DSA-548-2 imlib - unsanitised input {CVE-2004-0817} [woody] - imlib 1.9.14-2woody3 [sarge] - imlib 1.9.14-16.2 NOTE: Initial -1 fix was incomplete [16 Sep 2004] DSA-547-1 imagemagick - buffer overflows {CVE-2004-0827} [woody] - imagemagick 5.4.4.5-1woody3 [16 Sep 2004] DSA-546-1 gdk-pixbuf - several vulnerabilities {CVE-2004-0753 CVE-2004-0782 CVE-2004-0788} [woody] - gdk-pixbuf 0.17.0-2woody2 [15 Sep 2004] DSA-545-1 cupsys - denial of service {CVE-2004-0558} [woody] - cupsys 1.1.14-5woody6 [14 Sep 2004] DSA-544-1 webmin - insecure temporary directory {CVE-2004-0559} [woody] - webmin 0.94-7woody3 [31 Aug 2004] DSA-543-1 krb5 -- several vulnerabilities {CVE-2004-0642 CVE-2004-0643 CVE-2004-0644 CVE-2004-0772} [woody] - krb5 1.2.4-5woody6 [31 Aug 2004] DSA-458-3 python2.2 - buffer overflow {CVE-2004-0150} [woody] - python2.2 2.2.1-4.6 NOTE: Previous DSA had regressions [30 Aug 2004] DSA-542-1 qt - unsanitised input {CVE-2004-0691 CVE-2004-0692 CVE-2004-0693} [woody] - qt-copy 3.0.3-20020329-1woody2 [25 Aug 2004] DSA-541 icecast-server - cross site scripting {CVE-2004-0781} [woody] - icecast-server 1:1.3.11-4.2 [18 Aug 2004] DSA-540 mysql-dfsg - insecure file creation {CVE-2004-0457} [woody] - mysql 3.23.49-8.7 [18 Aug 2004] DSA-539 kdelibs - denial of service {CVE-2004-0689} [woody] - kdelibs 4:2.2.2-13.woody.12 [17 Aug 2004] DSA-538 rsync - unauthorised directory traversal and file access {CVE-2004-0792} [woody] - rsync 2.5.5-0.6 [16 Aug 2004] DSA-537 ruby - insecure file permissions {CVE-2004-0755} [woody] - ruby 1.6.7-3woody3 [04 Aug 2004] DSA-536 libpng - several vulnerabilities {CVE-2004-0597 CVE-2004-0598 CVE-2004-0599 CVE-2004-0768} [woody] - libpng 1.0.12-3.woody.7 [woody] - libpng3 1.2.1-1.1.woody.7 [02 Aug 2004] DSA-535 squirrelmail - several vulnerabilities {CVE-2004-0519 CVE-2004-0520 CVE-2004-0521 CVE-2004-0639} [woody] - squirrelmail 1:1.2.6-1.4 [22 Jul 2004] DSA-534 mailreader - directory traversal {CVE-2002-1581} [woody] - mailreader 2.3.29-5woody1 [22 Jul 2004] DSA-533 courier - cross-site scripting {CVE-2004-0591} [woody] - courier 0.37.3-2.5 [22 Jul 2004] DSA-532 libapache-mod-ssl - several vulnerabilities {CVE-2004-0488 CVE-2004-0700} [woody] - libapache-mod-ssl 2.8.9-2.4 [20 Jul 2004] DSA-531 php4 - several vulnerabilities {CVE-2004-0594 CVE-2004-0595} [woody] - php4 4.1.2-7 [17 Jul 2004] DSA-530 l2tpd - buffer overflow {CVE-2004-0649} [woody] - l2tpd 0.67-1.2 [17 Jul 2004] DSA-529 netkit-telnet-ssl - format string {CVE-2004-0640} [woody] - netkit-telnet-ssl 0.17.17+0.1-2woody1 [17 Jul 2004] DSA-528 ethereal - denial of service {CVE-2004-0635} [woody] - ethereal 0.9.4-1woody8 [03 Jul 2004] DSA-527 pavuk - buffer overflow {CVE-2004-0456} NOTE: DSA is incorrect; pavuk is in sarge and unstable. [woody] - pavuk 0.9pl28-1woody1 [03 Jul 2004] DSA-526 webmin - several vulnerabilities {CVE-2004-0582 CVE-2004-0583} [woody] - webmin 0.94-7woody2 [24 Jun 2004] DSA-525 apache - buffer overflow {CVE-2004-0492} [woody] - apache 1.3.26-0woody5 [19 Jun 2004] DSA-524 rlpr - several vulnerabilities {CVE-2004-0393 CVE-2004-0454} [woody] - rlpr 2.02-7woody1 [19 Jun 2004] DSA-523 www-sql - buffer overflow {CVE-2004-0455} [woody] - www-sql 0.5.7-17woody1 [19 Jun 2004] DSA-522 super - format string vulnerability {CVE-2004-0579} [woody] - super 3.16.1-1.2 [18 Jun 2004] DSA-521 sup - format string vulnerability {CVE-2004-0451} [woody] - sup 1.8-8woody2 [16 Jun 2004] DSA-520 krb5 - buffer overflows {CVE-2004-0523} [woody] - krb5 1.2.4-5woody5 [15 Jun 2004] DSA-519 cvs - several vulnerabilities {CVE-2004-0416 CVE-2004-0417 CVE-2004-0418} [woody] - cvs 1.11.1p1debian-9woody7 [14 Jun 2004] DSA-518 kdelibs - unsanitised input {CVE-2004-0411} [woody] - kdelibs 4:2.2.2-13.woody.10 [10 Jun 2004] DSA-517 cvs - buffer overflow {CVE-2004-0414} [woody] - cvs 1.11.1p1debian-9woody6 [07 Jun 2004] DSA-516 postgresql - buffer overflow {CVE-2004-0547} [woody] - postgresql 7.2.1-2woody5 [05 Jun 2004] DSA-515 lha - several vulnerabilities {CVE-2004-0234 CVE-2004-0235} [woody] - lha 1.14i-2woody1 [04 Jun 2004] DSA-514 kernel-image-sparc-2.2 - failing function and TLB flush {CVE-2004-0077} [woody] - kernel-source-2.2.20 2.2.20-5woody3 [03 Jun 2004] DSA-513 log2mail - format string {CVE-2004-0450} [woody] - log2mail 0.2.5.2 [02 Jun 2004] DSA-512 gallery - unauthenticated access {CVE-2004-0522} [woody] - gallery 1.2.5-8woody2 [30 May 2004] DSA-511 ethereal - buffer overflows {CVE-2004-0176} [woody] - ethereal 0.9.4-1woody7 [29 May 2004] DSA-510 jftpgw - format string {CVE-2004-0448} [woody] - jftpgw 0.13.1-1woody1 [29 May 2004] DSA-509 gatos - privilege escalation {CVE-2004-0395} [woody] - gatos 0.0.5-6woody1 [22 May 2004] DSA-508 xpcd - buffer overflow {CVE-2004-0402} [woody] - xpcd 2.08-8woody2 [19 May 2004] DSA-507 cadaver - buffer overflow {CVE-2004-0398} [woody] - cadaver 0.18.0-1woody3 [19 May 2004] DSA-506 neon - buffer overflow {CVE-2004-0398} [woody] - neon 0.19.3-2woody5 [19 May 2004] DSA-505 cvs - heap overflow {CVE-2004-0396} [woody] - cvs 1.11.1p1debian-9woody4 [18 May 2004] DSA-504 heimdal - missing input sanitising {CVE-2004-0434} [woody] - heimdal 0.4e-7.woody.9 [13 May 2004] DSA-503 mah-jong - missing argument check {CVE-2004-0458} [woody] - mah-jong 1.4-3 [11 May 2004] DSA-502 exim-tls - buffer overflow {CVE-2004-0399 CVE-2004-0400} [woody] - exim-tls 3.35-3woody2 [07 May 2004] DSA-501 exim - buffer overflow {CVE-2004-0399 CVE-2004-0400} [woody] - exim 3.35-1woody3 [01 May 2004] DSA-500 flim - insecure temporary file {CVE-2004-0422} [woody] - flim 1.14.3-9woody1 [01 May 2004] DSA-499 rsync - directory traversal {CVE-2004-0426} [woody] - rsync 2.5.5-0.5 [30 Apr 2004] DSA-498 libpng - out of bound access {CVE-2004-0421} [woody] - libpng 1.0.12-3.woody.5 [woody] - libpng3 1.2.1-1.1.woody.5 [29 Apr 2004] DSA-497 mc - several vulnerabilities {CVE-2004-0226 CVE-2004-0231 CVE-2004-0232} [woody] - mc 4.5.55-1.2woody3 [29 Apr 2004] DSA-496 eterm - missing input sanitising {CVE-2003-0068} [woody] - eterm 0.9.2-0pre2002042903.3 [26 Apr 2004] DSA-495 linux-kernel-2.4.16-arm - several vulnerabilities {CVE-2003-0127 CVE-2004-0003 CVE-2004-0010 CVE-2004-0109 CVE-2004-0177 CVE-2004-0178} [woody] - kernel-source-2.4.16 2.4.16-1woody2 [woody] - kernel-patch-2.4.16-arm 20040419 [woody] - kernel-image-2.4.16-lart 20040419 [woody] - kernel-image-2.4.16-netwinder 20040419 [woody] - kernel-image-2.4.16-riscpc 20040419 [21 Apr 2004] DSA-494 ident2 - buffer overflow {CVE-2004-0408} [woody] - ident2 1.03-3woody1 [21 Apr 2004] DSA-493 xchat - buffer overflow {CVE-2004-0409} [woody] - xchat 1.8.9-0woody3 [18 Apr 2004] DSA-492 iproute - denial of service {CVE-2003-0856} [woody] - iproute 20010824-8woody1 [17 Apr 2004] DSA-491 linux-kernel-2.4.19-mips - several vulnerabilities {CVE-2004-0003 CVE-2004-0010 CVE-2004-0109 CVE-2004-0177 CVE-2004-0178} [woody] - kernel-source-2.4.19 2.4.19-4.woody2 [woody] - kernel-patch-2.4.19-mips 2.4.19-0.020911.1.woody4 [17 Apr 2004] DSA-490 zope - arbitrary code execution {CVE-2002-0688} [woody] - zope 2.5.1-1woody1 [17 Apr 2004] DSA-489 linux-kernel-2.4.17-mips+mipsel - several vulnerabilities {CVE-2004-0003 CVE-2004-0010 CVE-2004-0109 CVE-2004-0177 CVE-2004-0178} [woody] - kernel-source-2.4.17 2.4.17-1woody3 [woody] - kernel-patch-2.4.17-mips 2.4.17-0.020226.2.woody6 [woody] - kernel-patch-2.4.17-mipsel 2.4.17-0.020226.2.woody6 [16 Apr 2004] DSA-488 logcheck - insecure temporary directory {CVE-2004-0404} [woody] - logcheck 1.1.1-13.1woody1 [16 Apr 2004] DSA-487 neon - format string {CVE-2004-0179} [woody] - neon 0.19.3-2woody3 [16 Apr 2004] DSA-486 cvs - several vulnerabilities {CVE-2004-0180 CVE-2004-0405} [woody] - cvs 1.11.1p1debian-9woody2 [14 Apr 2004] DSA-485 ssmtp - format string {CVE-2004-0156} [woody] - ssmtp 2.50.6.1 [14 Apr 2004] DSA-484 xonix - failure to drop privileges {CVE-2004-0157} [woody] - xonix 1.4-19woody1 [14 Apr 2004] DSA-483 mysql - insecure temporary file creation {CVE-2004-0381 CVE-2004-0388} [woody] - mysql 3.23.49-8.6 [14 Apr 2004] DSA-482 linux-kernel-2.4.17-apus+s390 - several vulnerabilities {CVE-2004-0003 CVE-2004-0010 CVE-2004-0109 CVE-2004-0177 CVE-2004-0178} [woody] - kernel-source-2.4.17 2.4.17-1woody3 [woody] - kernel-patch-2.4.17-apus 2.4.17-5 [woody] - kernel-patch-2.4.17-s390 2.4.17-2.woody.4 [woody] - kernel-image-2.4.17-s390 2.4.17-2.woody.4 [14 Apr 2004] DSA-481 linux-kernel-2.4.17-ia64 - several vulnerabilities {CVE-2004-0003 CVE-2004-0010 CVE-2004-0109 CVE-2004-0177 CVE-2004-0178} [woody] - kernel-image-2.4.17-ia64 011226.17 [14 Apr 2004] DSA-480 linux-kernel-2.4.17+2.4.18-hppa - several vulnerabilities {CVE-2004-0003 CVE-2004-0010 CVE-2004-0109 CVE-2004-0177 CVE-2004-0178} [woody] - kernel-image-2.4.17-hppa 32.4 [woody] - kernel-image-2.4.18-hppa 62.3 [14 Apr 2004] DSA-479 linux-kernel-2.4.18-alpha+i386+powerpc - several vulnerabilities {CVE-2004-0003 CVE-2004-0010 CVE-2004-0109 CVE-2004-0177 CVE-2004-0178} [woody] - kernel-source-2.4.18 2.4.18-14.3 [woody] - kernel-image-2.4.18-1-alpha 2.4.18-15 [woody] - kernel-image-2.4.18-1-i386 2.4.18-13 [woody] - kernel-image-2.4.18-i386bf 2.4.18-5woody8 [woody] - kernel-patch-2.4.18-powerpc 2.4.18-1woody5 [06 Apr 2004] DSA-478 tcpdump - denial of service {CVE-2004-0183 CVE-2004-0184} [woody] - tcpdump 3.6.2-2.8 [06 Apr 2004] DSA-477 xine-ui - insecure temporary file creation {CVE-2004-0372} [woody] - xine-ui 0.9.8-5 [06 Apr 2004] DSA-476 heimdal - cross-realm {CVE-2004-0371} [woody] - heimdal 0.4e-7.woody.8.1 [05 Apr 2004] DSA-475 linux-kernel-2.4.18-hppa - several vulnerabilities {CVE-2003-0961 CVE-2003-0985 CVE-2004-0077} [woody] - kernel-image-2.4.18-hppa 62.1 [03 Apr 2004] DSA-474 squid - ACL bypass {CVE-2004-0189} [woody] - squid 2.4.6-2woody2 [03 Apr 2004] DSA-473 oftpd - denial of service {CVE-2004-0376} [woody] - oftpd 0.3.6-6 [03 Apr 2004] DSA-472 fte - several vulnerabilities {CVE-2003-0648} [woody] - fte 0.49.13-15woody1 [02 Apr 2004] DSA-471 interchange - missing input sanitising {CVE-2004-0374} [woody] - interchange 4.8.3.20020306-1.woody.2 [01 Apr 2004] DSA-470 linux-kernel-2.4.17-hppa - several vulnerabilities {CVE-2003-0961 CVE-2003-0985 CVE-2004-0077} [woody] - kernel-image-2.4.17-hppa 32.3 [29 Mar 2004] DSA-469 pam-pgsql - missing input sanitising {CVE-2004-0366} [woody] - pam-pgsql 0.5.2-3woody2 [24 Mar 2004] DSA-468 emil - several vulnerabilities {CVE-2004-0152 CVE-2004-0153} [woody] - emil 2.1.0-beta9-11woody1 [23 Mar 2004] DSA-467 ecartis - several vulnerabilities {CVE-2003-0781 CVE-2003-0782} [woody] - ecartis 0.129a+1.0.0-snap20020514-1.2 [18 Mar 2004] DSA-466 linux-kernel-2.2.10-powerpc-apus - failing function and TLB flush {CVE-2004-0077} [woody] - kernel-source-2.2.10 2.2.10-2 [woody] - kernel-image-2.2.10-powerpc-apus 2.2.10-13woody1 [17 Mar 2004] DSA-465 openssl - several vulnerabilities {CVE-2004-0079 CVE-2004-0081} [woody] - openssl 0.9.6c-2.woody.6 [woody] - openssl094 0.9.4-6.woody.4 [woody] - openssl095 0.9.5a-6.woody.5 [16 Mar 2004] DSA-464 gdk-pixbuf - broken image handling {CVE-2004-0111} [woody] - gdk-pixbuf 0.17.0-2woody1 [12 Mar 2004] DSA-463 samba - privilege escalation {CVE-2004-0186} [woody] - samba 2.2.3a-13 [12 Mar 2004] DSA-462 xitalk - missing privilege release {CVE-2004-0151} [woody] - xitalk 1.1.11-9.1woody1 [11 Mar 2004] DSA-461 calife - buffer overflow {CVE-2004-0188} [woody] - calife 2.8.4c-1woody1 [10 Mar 2004] DSA-460 sysstat - insecure temporary file {CVE-2004-0108} [woody] - sysstat 5.0.1-1 [10 Mar 2004] DSA-459 kdelibs - cookie path traversal {CVE-2003-0592} [woody] - kdelibs 4:2.2.2-6woody3 [woody] - kdelibs-crypto 4:2.2.2-13.woody.9 [08 Mar 2004] DSA-457 wu-ftpd - several vulnerabilities {CVE-2004-0148 CVE-2004-0185} [woody] - wu-ftpd 2.6.2-3woody4 [06 Mar 2004] DSA-456 linux-kernel-2.2.19-arm - failing function and TLB flush {CVE-2004-0077} [woody] - kernel-source-2.2.19 2.2.19.1-4woody1 [woody] - kernel-patch-2.2.19-arm 20040303 [woody] - kernel-image-2.2.19-netwinder 20040303 [woody] - kernel-image-2.2.19-riscpc 20040303 [03 Mar 2004] DSA-455 libxml - buffer overflows {CVE-2004-0110} [woody] - libxml 1.8.17-2woody1 [woody] - libxml2 2.4.19-4woody1 [02 Mar 2004] DSA-454 linux-kernel-2.2.22-alpha - failing function and TLB flush {CVE-2004-0077} [woody] - kernel-source-2.2.22 2.2.22-1woody1 [woody] - kernel-image-2.2.22-alpha 2.2.22-2 [02 Mar 2004] DSA-453 linux-kernel-2.2.20-i386+m68k+powerpc - failing function and TLB flush {CVE-2004-0077} [woody] - kernel-source-2.2.20 2.2.20-5woody3 [woody] - kernel-image-2.2.20-i386 2.2.20-5woody5 [woody] - kernel-image-2.2.20-reiserfs-i386 2.2.20-4woody1 [woody] - kernel-image-2.2.20-amiga 2.20-4 [woody] - kernel-image-2.2.20-atari 2.2.20-3 [woody] - kernel-image-2.2.20-bvme6000 2.2.20-3 [woody] - kernel-image-2.2.20-mac 2.2.20-3 [woody] - kernel-image-2.2.20-mvme147 2.2.20-3 [woody] - kernel-image-2.2.20-mvme16x 2.2.20-3 [woody] - kernel-patch-2.2.20-powerpc 2.2.20-3woody1 [29 Feb 2004] DSA-452 libapache-mod-python - denial of service {CVE-2003-0973} [woody] - libapache-mod-python 2:2.7.8-0.0woody2 [27 Feb 2004] DSA-451 xboing - buffer overflows {CVE-2004-0149} [woody] - xboing 2.4-26woody1 [27 Feb 2004] DSA-450 linux-kernel-2.4.19-mips - several vulnerabilities {CVE-2003-0961 CVE-2003-0985 CVE-2004-0077} [woody] - kernel-source-2.4.19 2.4.19-0.020911.1.woody3 [woody] - kernel-patch-2.4.19-mips 2.4.19-4.woody1 [24 Feb 2004] DSA-449 metamail - buffer overflow, format string bugs {CVE-2004-0104 CVE-2004-0105} [woody] - metamail 2.7-45woody.2 [22 Feb 2004] DSA-448 pwlib - several vulnerabilities {CVE-2004-0097} [woody] - pwlib 1.2.5-5woody1 [22 Feb 2004] DSA-447 hsftp - format string {CVE-2004-0159} [woody] - hsftp 1.11-1woody1 [21 Feb 2004] DSA-446 synaesthesia - insecure file creation {CVE-2004-0160} [woody] - synaesthesia 2.1-2.1woody1 [21 Feb 2004] DSA-445 lbreakout2 - buffer overflow {CVE-2004-0158} [woody] - lbreakout2 2.2.2-1woody1 [20 Feb 2004] DSA-444 linux-kernel-2.4.17-ia64 - missing function return value check {CVE-2004-0077} [woody] - kernel-image-2.4.17-ia64 011226.16 [19 Feb 2004] DSA-443 xfree86 - several vulnerabilities {CVE-2003-0690 CVE-2004-0083 CVE-2004-0084 CVE-2004-0106 CVE-2004-0093 CVE-2004-0094} [woody] - xfree86 4.1.0-16woody3 [19 Feb 2004] DSA-442 linux-kernel-2.4.17-s390 - several vulnerabilities {CVE-2003-0001 CVE-2003-0244 CVE-2003-0246 CVE-2003-0247 CVE-2003-0248 CVE-2003-0364 CVE-2003-0961 CVE-2003-0985 CVE-2004-0077 CVE-2002-0429} [woody] - kernel-patch-2.4.17-s390 0.0.20020816-0.woody.2 [woody] - kernel-image-2.4.17-s390 2.4.17-2.woody.3 [18 Feb 2004] DSA-441 linux-kernel-2.4.17-mips+mipsel - missing function return value check {CVE-2004-0077} [woody] - kernel-patch-2.4.17-mips 2.4.17-0.020226.2.woody5 [18 Feb 2004] DSA-440 linux-kernel-2.4.17-powerpc-apus - several vulnerabilities {CVE-2003-0961 CVE-2003-0985 CVE-2004-0077} [woody] - kernel-source-2.4.17 2.4.17-4 [woody] - kernel-patch-2.4.17-apus 2.4.17-4 [18 Feb 2004] DSA-439 linux-kernel-2.4.16-arm - several vulnerabilities {CVE-2003-0961 CVE-2003-0985 CVE-2004-0077} [woody] - kernel-image-2.4.16-lart 2.4.16-20040204 [woody] - kernel-image-2.4.16-netwinder 2.4.16-20040204 [woody] - kernel-image-2.4.16-riscpc 2.4.16-20040204 [woody] - kernel-patch-2.4.16-arm 20040204 [18 Feb 2004] DSA-438 linux-kernel-2.4.18-alpha+i386+powerpc - missing function return value check {CVE-2004-0077} [woody] - kernel-source-2.4.18 2.4.18-14.2 [woody] - kernel-image-2.4.18-1-alpha 2.4.18-14 [woody] - kernel-image-2.4.18-1-i386 2.4.18-12.2 [woody] - kernel-image-2.4.18-i386bf 2.4.18-5woody7 [woody] - kernel-patch-2.4.18-powerpc 2.4.18-1woody4 [11 Feb 2004] DSA-437 cgiemail - open mail relay {CVE-2002-1575} [woody] - cgiemail 1.6-14woody1 [08 Feb 2004] DSA-436 mailman - several vulnerabilities {CVE-2003-0991 CVE-2003-0965 CVE-2003-0038} [woody] - mailman 2.0.11-1woody7 [06 Feb 2004] DSA-435 mpg123 - heap overflow {CVE-2003-0865} [woody] - mpg123 0.59r-13woody2 [05 Feb 2004] DSA-434 gaim - several vulnerabilities {CVE-2004-0005 CVE-2004-0006 CVE-2004-0007 CVE-2004-0008} [woody] - gaim 0.58-2.4 [04 Feb 2004] DSA-433 kernel-patch-2.4.17-mips - integer overflow {CVE-2003-0961} [woody] - kernel-patch-2.4.17-mips 2.4.17-0.020226.2.woody4 [03 Feb 2004] DSA-432 crawl - buffer overflow {CVE-2004-0103} [woody] - crawl 4.0.0beta23-2woody1 [01 Feb 2004] DSA-431 perl - information leak {CVE-2003-0618} [woody] - perl 5.6.1-8.6 [28 Jan 2004] DSA-430 trr19 - missing privilege release {CVE-2004-0047} [woody] - trr19 1.0beta5-15woody1 [26 Jan 2004] DSA-429 gnupg - cryptographic weakness {CVE-2003-0971} [woody] - gnupg 1.0.6-4woody1 [20 Jan 2004] DSA-428 slocate - buffer overflow {CVE-2003-0848} [woody] - slocate 2.6-1.3.2 [19 Jan 2004] DSA-427 linux-kernel-2.4.17-mips+mipsel - missing boundary check {CVE-2003-0985} [woody] - kernel-patch-2.4.17-mips 2.4.17-0.020226.2.woody3 [18 Jan 2004] DSA-426 netpbm-free - insecure temporary files {CVE-2003-0924} [woody] - netpbm-free 2:9.20-8.4 [16 Jan 2004] DSA-425 tcpdump - multiple vulnerabilities {CVE-2003-1029 CVE-2003-0989 CVE-2004-0055 CVE-2004-0057} [woody] - tcpdump 3.6.2-2.7 [16 Jan 2004] DSA-424 mc - buffer overflow {CVE-2003-1023} [woody] - mc 4.5.55-1.2woody2 [15 Jan 2004] DSA-423 linux-kernel-2.4.17-ia64 - several vulnerabilities {CVE-2003-0001 CVE-2003-0018 CVE-2003-0127 CVE-2003-0461 CVE-2003-0462 CVE-2003-0476 CVE-2003-0501 CVE-2003-0550 CVE-2003-0551 CVE-2003-0552 CVE-2003-0961 CVE-2003-0985} [woody] - kernel-image-2.4.17-ia64 kernel-image-2.4.17-ia64 [13 Jan 2004] DSA-422 cvs - remote vulnerability [woody] - cvs 1.11.11 [12 Jan 2004] DSA-421 mod-auth-shadow - password expiration {CVE-2004-0041} [woody] - mod-auth-shadow 1.3-3.1woody.1 [12 Jan 2004] DSA-420 jitterbug - improperly sanitised input {CVE-2004-0028} [woody] - jitterbug 1.6.2-4.2woody2 [09 Jan 2004] DSA-419 phpgroupware - missing filename sanitising, SQL injection {CVE-2004-0016 CVE-2004-0017} [woody] - phpgroupware 0.9.14-0.RC3.2.woody3 [07 Jan 2004] DSA-418 vbox3 - privilege leak {CVE-2004-0015} [woody] - vbox3 0.1.7.1 [07 Jan 2004] DSA-417 linux-kernel-2.4.18-powerpc+alpha - missing boundary check {CVE-2003-0961 CVE-2003-0985} [woody] - kernel-patch-2.4.18-powerpc 2.4.18-1woody3 [woody] - kernel-image-2.4.18-1-alpha 2.4.18-12 [06 Jan 2004] DSA-416 fsp - buffer overflow, directory traversal {CVE-2003-1022 CVE-2004-0011} [woody] - fsp 2.81.b3-3.1woody1 [06 Jan 2004] DSA-415 zebra - denial of service {CVE-2003-0795 CVE-2003-0858} NOTE: [woody] - zebra 0.92a-5woody2 NOTE: (newer zebra source package is totally unrelated) [06 Jan 2004] DSA-414 jabber - denial of service {CVE-2004-0013} [woody] - jabber 1.4.2a-1.1woody1 [06 Jan 2004] DSA-413 linux-kernel-2.4.18 - missing boundary check {CVE-2003-0985} [woody] - kernel-source-2.4.18 2.4.18-14.1 [woody] - kernel-image-2.4.18-1-i386 2.4.18-12.1 [05 Jan 2004] DSA-412 nd - buffer overflows {CVE-2004-0014} [woody] - nd 0.5.0-1woody1 [05 Jan 2004] DSA-411 mpg321 - format string vulnerability {CVE-2003-0969} [woody] - mpg321 0.2.10.2 [05 Jan 2004] DSA-410 libnids - buffer overflow {CVE-2003-0850} [woody] - libnids 1.16-3woody1 [05 Jan 2004] DSA-409 bind - denial of service {CVE-2003-0914} [woody] - bind 1:8.3.3-2.0woody2 [05 Jan 2004] DSA-408 screen - integer overflow {CVE-2003-0972} [woody] - screen 3.9.11-5woody1 [05 Jan 2004] DSA-407 ethereal - buffer overflows {CVE-2003-0925 CVE-2003-0926 CVE-2003-0927 CVE-2003-1012 CVE-2003-1013} [woody] - ethereal 0.9.4-1woody6 [05 Jan 2004] DSA-406 lftp - buffer overflow {CVE-2003-0963} [woody] - lftp 2.4.9-1woody2 [30 Dec 2003] DSA-405 xsok - missing privilege release {CVE-2003-0949} [woody] - xsok 1.02-9woody2 [04 Dec 2003] DSA-404 rsync - heap overflow {CVE-2003-0962} [woody] - rsync 2.5.5-0.2 [01 Dec 2003] DSA-403 kernel-image-2.4.18-1-alpha, kernel-image-2.4.18-1-i386, kernel-source-2.4.18 - local root exploit {CVE-2003-0961} [woody] - kernel-image-2.4.18-1-alpha 2.4.18-11 [woody] - kernel-image-2.4.18-1-i386 2.4.18-12 [woody] - kernel-source-2.4.18 2.4.18-14 [17 Nov 2003] DSA-402 minimalist - unsanitised input {CVE-2003-0902} [woody] - minimalist 2.2-4 [17 Nov 2003] DSA-401 hylafax - format strings {CVE-2003-0886} [woody] - hylafax 4.1.1-1.3 [11 Nov 2003] DSA-400 omega-rpg - buffer overflow {CVE-2003-0932} [woody] - omega-rpg 0.90-pa9-7woody1 [10 Nov 2003] DSA-399 epic4 - buffer overflow {CVE-2003-0328} [woody] - epic4 1.1.2.20020219-2.2 [10 Nov 2003] DSA-398 conquest - buffer overflow {CVE-2003-0933} [woody] - conquest 7.1.1-6woody1 [07 Nov 2003] DSA-397 postgresql - buffer overflow {CVE-2003-0901} [woody] - postgresql 7.2.1-2woody4 [29 Oct 2003] DSA-396 thttpd - missing input sanitizing, wrong calculation {CVE-2002-1562 CVE-2003-0899} [woody] - thttpd 2.21b-11.2 [15 Oct 2003] DSA-395 tomcat4 - incorrect input handling {CVE-2003-0866} [woody] - tomcat4 4.0.3-3woody3 [11 Oct 2003] DSA-394 openssl095 - ASN.1 parsing vulnerability {CVE-2003-0543 CVE-2003-0544 CVE-2003-0545} [woody] - openssl095 0.9.5a-6.woody.3 [01 Oct 2003] DSA-393 openssl - denial of service {CVE-2003-0543 CVE-2003-0544 CVE-2003-0545} [woody] - openssl 0.9.6c-2.woody.4 [29 Sep 2003] DSA-392 webfs - buffer overflows, file and directory exposure {CVE-2003-0832 CVE-2003-0833} [woody] - webfs 1.17.2 [28 Sep 2003] DSA-391 freesweep - buffer overflow {CVE-2003-0828} [woody] - freesweep 0.88-4woody1 [26 Sep 2003] DSA-390 marbles - buffer overflow {CVE-2003-0830} [woody] - marbles 1.0.2-1woody1 [20 Sep 2003] DSA-389 ipmasq - insecure packet filtering rules {CVE-2003-0785} [woody] - ipmasq 3.5.10c [19 Sep 2003] DSA-388 kdebase - several vulnerabilities {CVE-2003-0690 CVE-2003-0692} [woody] - kdebase 4:2.2.2-14.7 [18 Sep 2003] DSA-387 gopher - buffer overflows {CVE-2003-0805} [woody] - gopher 3.0.3woody1 [18 Sep 2003] DSA-386 libmailtools-perl - input validation bug {CVE-2002-1271} [woody] - libmailtools-perl 1.44-1woody1 [18 Sep 2003] DSA-385 hztty - buffer overflows {CVE-2003-0783} [woody] - hztty 2.0-5.2woody1 [17 Sep 2003] DSA-384 sendmail - buffer overflows {CVE-2003-0681 CVE-2003-0694} [woody] - sendmail 8.12.3-6.6 [woody] - sendmail-wide 8.12.3+3.5Wbeta-5.5 [17 Sep 2003] DSA-383 ssh-krb5 - possible remote vulnerability {CVE-2003-0693 CVE-2003-0695 CVE-2003-0682} [woody] - openssh-krb5 3.4p1-0woody4 [16 Sep 2003] DSA-382 ssh - possible remote vulnerability {CVE-2003-0693 CVE-2003-0695 CVE-2003-0682} [woody] - openssh 1:3.4p1-1.woody.3 [13 Sep 2003] DSA-381 mysql - buffer overflow {CVE-2003-0780} [woody] - mysql 3.23.49-8.5 [12 Sep 2003] DSA-380 xfree86 - buffer overflows, denial of service {CVE-2003-0063 CVE-2003-0071 CVE-2002-0164 CVE-2003-0730} [woody] - xfree86 4.1.0-16woody1 [11 Sep 2003] DSA-379 sane-backends - several vulnerabilities {CVE-2003-0773 CVE-2003-0774 CVE-2003-0775 CVE-2003-0776 CVE-2003-0777 CVE-2003-0778} [woody] - sane-backends 1.0.7-4 [07 Sep 2003] DSA-378 mah-jong - buffer overflows, denial of service {CVE-2003-0705 CVE-2003-0706} [woody] - mah-jong 1.4-2 [04 Sep 2003] DSA-377 wu-ftpd - insecure program execution {CVE-1999-0997} [woody] - wu-ftpd 2.6.2-3woody2 [04 Sep 2003] DSA-376 exim - buffer overflow {CVE-2003-0743} [woody] - exim 3.35-1woody2 [woody] - exim-tls 3.35-3woody1 [29 Aug 2003] DSA-375 node - buffer overflow, format string {CVE-2003-0707 CVE-2003-0708} [woody] - node 0.3.0a-2woody1 [26 Aug 2003] DSA-374 libpam-smb - buffer overflow {CVE-2003-0686} [woody] - libpam-smb 1.1.6-1.1woody1 [16 Aug 2003] DSA-373 autorespond - buffer overflow {CVE-2003-0654} [woody] - autorespond 2.0.2-2woody1 [16 Aug 2003] DSA-372 netris - buffer overflow {CVE-2003-0685} [woody] - netris 0.5-4woody1 [11 Aug 2003] DSA-371 perl - cross-site scripting {CVE-2003-0615} [woody] - perl 5.6.1-8.3 [08 Aug 2003] DSA-370 pam-pgsql - format string {CVE-2003-0672} [woody] - pam-pgsql 0.5.2-3woody1 [08 Aug 2003] DSA-369 zblast - buffer overflow {CVE-2003-0613} [woody] - zblast 1.2pre-5woody2 [08 Aug 2003] DSA-368 xpcd - buffer overflow {CVE-2003-0649} [woody] - xpcd 2.08-8woody1 [08 Aug 2003] DSA-367 xtokkaetama - buffer overflow {CVE-2003-0652} [woody] - xtokkaetama 1.0b-6woody2 [05 Aug 2003] DSA-366 eroaster - insecure temporary file {CVE-2003-0656} [woody] - eroaster 2.1.0.0.3-2woody1 [05 Aug 2003] DSA-365 phpgroupware - several vulnerabilities {CVE-2003-0504 CVE-2003-0599 CVE-2003-0657} [woody] - phpgroupware 0.9.14-0.RC3.2.woody2 [04 Aug 2003] DSA-364 man-db - buffer overflows, arbitrary command execution {CVE-2003-0620 CVE-2003-0645} [woody] - man-db 2.3.20-18.woody.4 [03 Aug 2003] DSA-363 postfix - denial of service, bounce-scanning {CVE-2003-0468 CVE-2003-0540} [woody] - postfix 1.1.11-0.woody3 [02 Aug 2003] DSA-362 mindi - insecure temporary file {CVE-2003-0617} [woody] - mindi 0.58.r5-1woody1 [01 Aug 2003] DSA-361 kdelibs, kdelibs-crypto - several vulnerabilities {CVE-2003-0459 CVE-2003-0370} [woody] - kdelibs 4:2.2.2-13.woody.8 [woody] - kdelibs-crypto 4:2.2.2-6woody2 [01 Aug 2003] DSA-360 xfstt - several vulnerabilities {CVE-2003-0581 CVE-2003-0625} [woody] - xfstt 1.2.1-3 [31 Jul 2003] DSA-359 atari800 - buffer overflows {CVE-2003-0630} [woody] - atari800 1.2.2-1woody2 [31 Jul 2003] DSA-358 linux-kernel-2.4.18 - several vulnerabilities {CVE-2003-0461 CVE-2003-0462 CVE-2003-0476 CVE-2003-0501 CVE-2003-0550 CVE-2003-0551 CVE-2003-0552 CVE-2003-0018 CVE-2003-0619 CVE-2003-0643} [woody] - kernel-source-2.4.18 2.4.18-13 [woody] - kernel-image-2.4.18-1-i386 2.4.18-11 [woody] - kernel-image-2.4.18-i386bf 2.4.18-5woody4 [woody] - kernel-image-2.4.18-1-alpha 2.4.18-10. [31 Jul 2003] DSA-357 wu-ftpd - remote root exploit {CVE-2003-0466} [woody] - wu-ftpd 2.6.2-3woody1 [30 Jul 2003] DSA-356 xtokkaetama - buffer overflows {CVE-2003-0611} [woody] - xtokkaetama 1.0b-6woody1 [30 Jul 2003] DSA-355 gallery - cross-site scripting {CVE-2003-0614} [woody] - gallery 1.2.5-8woody1 [29 Jul 2003] DSA-354 xconq - buffer overflows {CVE-2003-0607} [woody] - xconq 7.4.1-2woody2 [29 Jul 2003] DSA-353 sup - insecure temporary file {CVE-2003-0606} [woody] - sup 1.8-8woody1 [22 Jul 2003] DSA-352 fdclone - insecure temporary directory {CVE-2003-0596} [woody] - fdclone 2.00a-1woody3 [16 Jul 2003] DSA-351 php4 - cross-site scripting {CVE-2003-0442} [woody] - php4 4:4.1.2-6woody3 [15 Jul 2003] DSA-350 falconseye - buffer overflow {CVE-2003-0358} [woody] - falconseye 1.9.3-7woody3 [14 Jul 2003] DSA-349 nfs-utils - buffer overflow {CVE-2003-0252} [woody] - nfs-utils 1:1.0-2woody1 [11 Jul 2003] DSA-348 traceroute-nanog - integer overflow, buffer overflow {CVE-2003-0453} [woody] - traceroute-nanog 6.1.1-1.3 [08 Jul 2003] DSA-347 teapop - SQL injection {CVE-2003-0515} [woody] - teapop 0.3.4-1woody2 [08 Jul 2003] DSA-346 phpsysinfo - directory traversal {CVE-2003-0536} [woody] - phpsysinfo 2.0-3woody1 [08 Jul 2003] DSA-345 xbl - buffer overflow {CVE-2003-0535} [woody] - xbl 1.0k-3woody2 [08 Jul 2003] DSA-344 unzip - directory traversal {CVE-2003-0282} [woody] - unzip 5.50-1woody2 [08 Jul 2003] DSA-343 skk, ddskk - insecure temporary file {CVE-2003-0539} [woody] - skk 10.62a-4woody1 [woody] - ddskk 11.6.rel.0-2woody1 [07 Jul 2003] DSA-342 mozart - unsafe mailcap configuration {CVE-2003-0538} [woody] - mozart 1.2.3.20011204-3woody1 [07 Jul 2003] DSA-341 liece - insecure temporary file {CVE-2003-0537} [woody] - liece 2.0+0.20020217cvs-2.1 [06 Jul 2003] DSA-340 x-face-el - insecure temporary file [woody] - x-face-el 1.3.6.19-1woody1 [06 Jul 2003] DSA-339 semi - insecure temporary file {CVE-2003-0440} [woody] - semi 1.14.3.cvs.2001.08.10-1woody2 [woody] - wemi 1.14.0.20010802wemiko-1.3 [29 Jun 2003] DSA-338 proftpd - SQL injection {CVE-2003-0500} [woody] - proftpd 1.2.4+1.2.5rc1-5woody2 [29 Jun 2003] DSA-337 gtksee - buffer overflow {CVE-2003-0444} [woody] - gtksee 0.5.0-6 [29 Jun 2003] DSA-336 linux-kernel-2.2.20 - several vulnerabilities {CVE-2002-1380 CVE-2002-0429 CVE-2003-0001 CVE-2003-0127 CVE-2003-0364 CVE-2003-0246 CVE-2003-0244 CVE-2003-0247 CVE-2003-0248} [woody] - kernel-source-2.2.20 2.2.20-5woody2 [woody] - kernel-image-2.2.20-i386 2.2.20-5woody3 [28 Jun 2003] DSA-335 mantis - incorrect permissions {CVE-2003-0499} [woody] - mantis 0.17.1-3 [28 Jun 2003] DSA-334 xgalaga - buffer overflows {CVE-2003-0454} [woody] - xgalaga 2.0.34-19woody1 [27 Jun 2003] DSA-333 acm - integer overflow {CVE-2002-0391} [woody] - acm 5.0-3.woody.1 [27 Jun 2003] DSA-332 linux-kernel-2.4.17 - several vulnerabilities {CVE-2002-0429 CVE-2003-0001 CVE-2003-0127 CVE-2003-0244 CVE-2003-0246 CVE-2003-0247 CVE-2003-0248 CVE-2003-0364} [woody] - kernel-source-2.4.17 2.4.17-1woody1 [woody] - kernel-patch-2.4.17-mips 2.4.17-0.020226.2.woody2 [27 Jun 2003] DSA-331 imagemagick - insecure temporary file {CVE-2003-0455} [woody] - imagemagick 4:5.4.4.5-1woody1 [23 Jun 2003] DSA-330 tcptraceroute - failure to drop root privileges {CVE-2003-0489} [woody] - tcptraceroute 1.2-2 [20 Jun 2003] DSA-329 osh - buffer overflows {CVE-2003-0452} [woody] - osh 1.7-11woody1 [19 Jun 2003] DSA-328 webfs - buffer overflow {CVE-2003-0445} [woody] - webfs 1.17.1 [19 Jun 2003] DSA-327 xbl - buffer overflows {CVE-2003-0451} [woody] - xbl 1.0k-3woody1 [19 Jun 2003] DSA-326 orville-write - buffer overflows {CVE-2003-0441} [woody] - orville-write 2.53-4woody1 [19 Jun 2003] DSA-325 eldav - insecure temporary file {CVE-2003-0438} [woody] - eldav 0.0.20020411-1woody1 [18 Jun 2003] DSA-324 ethereal - several vulnerabilities {CVE-2003-0428 CVE-2003-0429 CVE-2003-0431 CVE-2003-0432} [woody] - ethereal 0.9.4-1woody5 [16 Jun 2003] DSA-323 noweb - insecure temporary files {CVE-2003-0381} [woody] - noweb 2.9a-7.3 [16 Jun 2003] DSA-322 typespeed - buffer overflow {CVE-2003-0435} [woody] - typespeed 0.4.1-2.2 [13 Jun 2003] DSA-321 radiusd-cistron - buffer overflow {CVE-2003-0450} [woody] - radiusd-cistron 1.6.6-1woody1 [13 Jun 2003] DSA-320 mikmod - buffer overflow {CVE-2003-0427} [woody] - mikmod 3.1.6-4woody3 [12 Jun 2003] DSA-319 webmin - session ID spoofing {CVE-2003-0101} [woody] - webmin 0.94-7woody1 [12 Jun 2003] DSA-318 lyskom-server - denial of service {CVE-2003-0366} [woody] - lyskom-server 2.0.6-1woody1 [11 Jun 2003] DSA-317 cupsys - denial of service {CVE-2003-0195} [woody] - cupsys 1.1.14-5 [11 Jun 2003] DSA-316 nethack - buffer overflow, incorrect permissions {CVE-2003-0358 CVE-2003-0359} [woody] - nethack 3.4.0-3.0woody3 [woody] - slashem 0.0.6E4F8-4.0woody3 [11 Jun 2003] DSA-315 gnocatan - buffer overflows, denial of service {CVE-2003-0433} [woody] - gnocatan 0.6.1-5woody2 [11 Jun 2003] DSA-314 atftp - buffer overflow {CVE-2003-0380} [woody] - atftp 0.6.1.1.0woody1 [11 Jun 2003] DSA-313 ethereal - buffer overflows, integer overflows {CVE-2003-0356 CVE-2003-0357} [woody] - ethereal 0.9.4-1woody4 [09 Jun 2003] DSA-312 kernel-patch-2.4.18-powerpc - several vulnerabilities {CVE-2002-0429 CVE-2003-0001 CVE-2003-0127 CVE-2003-0244 CVE-2003-0246 CVE-2003-0247 CVE-2003-0248} [woody] - kernel-patch-2.4.18-powerpc 2.4.18-1woody1 [08 Jun 2003] DSA-311 linux-kernel-2.4.18 - several vulnerabilities {CVE-2002-0429 CVE-2003-0001 CVE-2003-0127 CVE-2003-0244 CVE-2003-0246 CVE-2003-0247 CVE-2003-0248 CVE-2003-0364} [woody] - kernel-source-2.4.18 2.4.18-9 [woody] - kernel-image-2.4.18-1-i386 2.4.18-8 [woody] - kernel-image-2.4.18-i386bf 2.4.18-5woody1. [08 Jun 2003] DSA-310 xaos - improper setuid-root execution {CVE-2003-0385} [woody] - xaos 3.0-23woody1 [06 Jun 2003] DSA-309 eterm - buffer overflow {CVE-2003-0382} [woody] - eterm 0.9.2-0pre2002042903.1 [06 Jun 2003] DSA-308 gzip - insecure temporary files {CVE-1999-1332 CVE-2003-0367} [woody] - gzip 1.3.2-3woody1 [27 May 2003] DSA-307 gps - multiple vulnerabilities {CVE-2003-0361 CVE-2003-0360 CVE-2003-0362} [woody] - gps 0.9.4-1woody1 [19 May 2003] DSA-306 ircii-pana - buffer overflows, integer overflow {CVE-2003-0321 CVE-2003-0322 CVE-2003-0328} [woody] - ircii-pana 1.0-0c19-1.1 [15 May 2003] DSA-305 sendmail - insecure temporary files {CVE-2003-0308} [woody] - sendmail 8.12.3-6.4 [15 May 2003] DSA-304 lv - privilege escalation {CVE-2003-0188} [woody] - lv 4.49.4-7woody2 [15 May 2003] DSA-303 mysql - privilege escalation {CVE-2003-0073} [woody] - mysql 3.23.49-8.4 [07 May 2003] DSA-302 fuzz - privilege escalation {CVE-2003-0261} [woody] - fuzz 0.6-6woody1 [07 May 2003] DSA-301 libgtop - buffer overflow {CVE-2001-0928} [woody] - libgtop 1.0.13-3.1 [06 May 2003] DSA-300 balsa - buffer overflow {CVE-2003-0167} [woody] - balsa 1.2.4-2.2 [06 May 2003] DSA-299 leksbot - improper setuid-root execution {CVE-2003-0262} [woody] - leksbot 1.2-3.1 [02 May 2003] DSA-298 epic4 - buffer overflows {CVE-2003-0323} [woody] - epic4 1.1.2.20020219-2.1 [01 May 2003] DSA-297 snort - integer overflow, buffer overflow {CVE-2003-0033 CVE-2003-0209} [woody] - snort 1.8.4beta1-3.1 [30 Apr 2003] DSA-296 kdebase - insecure execution {CVE-2003-0204} [woody] - kdebase 2.2.2-14.4 [30 Apr 2003] DSA-295 pptpd - buffer overflow {CVE-2003-0213} [woody] - pptpd 1.1.2-1.4 [23 Apr 2003] DSA-294 gkrellm-newsticker - missing quoting, incomplete parser {CVE-2003-0205 CVE-2003-0206} [woody] - gkrellm-newsticker 0.3-3.1 [23 Apr 2003] DSA-293 kdelibs - insecure execution {CVE-2003-0204} [woody] - kdebase 4:2.2.2-13.woody.7 [22 Apr 2003] DSA-292 mime-support - insecure temporary file creation {CVE-2003-0214} [woody] - mime-support 3.18-1.3 [22 Apr 2003] DSA-291 ircii - buffer overflows {CVE-2003-0323} [woody] - ircii 20020322-1.1 [17 Apr 2003] DSA-290 sendmail-wide - char-to-int conversion {CVE-2003-0161} [woody] - sendmail-wide 8.12.3+3.5Wbeta-5.4 [17 Apr 2003] DSA-289 rinetd - incorrect memory resizing {CVE-2003-0212} [woody] - rinetd 0.61-1.1 [17 Apr 2003] DSA-288 openssl - several vulnerabilities {CVE-2003-0147 CVE-2003-0131} [woody] - openssl 0.9.6c-2.woody.3 [15 Apr 2003] DSA-287 epic - buffer overflows {CVE-2003-0324} [woody] - epic 3.004-17.1 [14 Apr 2003] DSA-286 gs-common - insecure temporary file {CVE-2003-0207} [woody] - gs-common 0.3.3.0woody1 [14 Apr 2003] DSA-285 lprng - insecure temporary file {CVE-2003-0136} [woody] - lprng 3.8.10-1.2 [12 Apr 2003] DSA-284 kdegraphics - insecure execution {CVE-2003-0204} [woody] - kdegraphics 3.8.10-1.2 [11 Apr 2003] DSA-283 xfsdump - insecure file creation {CVE-2003-0173} [woody] - xfsdump 2.0.1-2 [09 Apr 2003] DSA-282 glibc - integer overflow {CVE-2003-0028} [woody] - glibc 2.2.5-11.5 [08 Apr 2003] DSA-281 moxftp - buffer overflow {CVE-2003-0203} [woody] - moxftp 2.2-18.1 [07 Apr 2003] DSA-280 samba - buffer overflow {CVE-2003-0201 CVE-2003-0196} [woody] - samba 2.2.3a-12.3 [07 Apr 2003] DSA-279 metrics - insecure temporary file creation {CVE-2003-0202} NOTE: Potato-only vulnerability, package was removed from woody. [04 Apr 2003] DSA-278 sendmail - char-to-int conversion {CVE-2003-0161} [woody] - sendmail 8.12.3-6.3 [03 Apr 2003] DSA-277 apcupsd - buffer overflows, format string {CVE-2003-0098 CVE-2003-0099} [woody] - apcupsd 3.8.5-1.1.1 [03 Apr 2003] DSA-276 linux-kernel-s390 - local privilege escalation {CVE-2003-0127} [woody] - kernel-patch-2.4.17-s390 0.0.20020816-0.woody.1.1 [woody] - kernel-image-2.4.17-s390 2.4.17-2.woody.2.2 [02 Apr 2003] DSA-275 lpr-ppd - buffer overflow {CVE-2003-0144} [woody] - lpr-ppd 0.72-2.1 [28 Mar 2003] DSA-274 mutt - buffer overflow {CVE-2003-0167} [woody] - mutt 1.3.28-2.2 [28 Mar 2003] DSA-273 krb4 - Cryptographic weakness {CVE-2003-0138 CVE-2003-0139} [woody] - krb4 1.1-8-2.3 [28 Mar 2003] DSA-272 dietlibc - integer overflow {CVE-2003-0028} [woody] - dietlibc 0.12-2.5 [27 Mar 2003] DSA-271 ecartis - unauthorized password change {CVE-2003-0162} [woody] - ecartis 0.129a+1.0.0-snap20020514-1.1 [27 Mar 2003] DSA-270 linux-kernel-mips - local privilege escalation {CVE-2003-0127} [woody] - kernel-patch-2.4.17-mips 2.4.17-0.020226.2.woody1 [woody] - kernel-patch-2.4.19-mips 2.4.19-0.020911.1.woody1 [26 Mar 2003] DSA-269 heimdal - Cryptographic weakness {CVE-2003-0138} [woody] - heimdal 0.4e-7.woody.8 [25 Mar 2003] DSA-268 mutt - buffer overflow {CVE-2003-0140} [woody] - mutt 1.3.28-2.1 [24 Mar 2003] DSA-267 lpr - buffer overflow {CVE-2003-0144} [woody] - lpr 2000.05.07-4.3 [24 Mar 2003] DSA-266 krb5 - several vulnerabilities {CVE-2003-0028 CVE-2003-0072 CVE-2003-0082 CVE-2003-0138 CVE-2003-0139} [woody] - krb5 1.2.4-5woody4 [21 Mar 2003] DSA-265 bonsai - several vulnerabilities {CVE-2003-0152 CVE-2003-0153 CVE-2003-0154 CVE-2003-0155} [woody] - bonsai 1.3+cvs20020224-1woody1 [19 Mar 2003] DSA-264 lxr - missing filename sanitizing {CVE-2003-0156} [woody] - lxr 0.3-3 [17 Mar 2003] DSA-263 netpbm-free - math overflow errors {CVE-2003-0146} [woody] - netpbm-free 2:9.20-8.2 [15 Mar 2003] DSA-262 samba - remote exploit {CVE-2003-0085 CVE-2003-0086} [woody] - samba 2.2.3a-12.1 [14 Mar 2003] DSA-261 tcpdump - infinite loop {CVE-2003-0093 CVE-2003-0145} [woody] - tcpdump 3.6.2-2.4 [13 Mar 2003] DSA-260 file - buffer overflow {CVE-2003-0102} [woody] - file 3.37-3.1.woody.1 [12 Mar 2003] DSA-259 qpopper - mail user privilege escalation {CVE-2003-0143} [woody] - qpopper 4.0.4-2.woody.3 [10 Mar 2003] DSA-258 ethereal - format string vulnerability {CVE-2003-0081} [woody] - ethereal 0.9.4-1woody3 [04 Mar 2003] DSA-257 sendmail - remote exploit {CVE-2002-1337} [woody] - sendmail 8.12.3-5 [woody] - sendmail-wide 8.12.3+3.5Wbeta-5.2 [28 Feb 2003] DSA-256 mhc - insecure temporary file {CVE-2003-0120} [woody] - mhc 0.25+20010625-7.1 [27 Feb 2003] DSA-255 tcpdump - infinite loop {CVE-2003-0108 CVE-2002-0380} [woody] - tcpdump 3.6.2-2.3 [27 Feb 2003] DSA-254 traceroute-nanog - buffer overflow {CVE-2002-1051 CVE-2002-1364 CVE-2002-1386 CVE-2002-1387} [woody] - traceroute-nanog 6.1.1-1.2 [24 Feb 2003] DSA-253 openssl - information leak {CVE-2003-0078} [woody] - openssl 0.9.6c-2.woody.2 [21 Feb 2003] DSA-252 slocate - buffer overflow {CVE-2003-0056} [woody] - slocate 2.6-1.3.1 [14 Feb 2003] DSA-251 w3m - missing HTML quoting {CVE-2002-1335 CVE-2002-1348} [woody] - w3m 0.3-2.4 [12 Feb 2003] DSA-250 w3mmee-ssl - missing HTML quoting {CVE-2002-1335 CVE-2002-1348} NOTE: not in sid/sarge [11 Feb 2003] DSA-249 w3mmee - missing HTML quoting {CVE-2002-1335 CVE-2002-1348} [woody] - w3mmee 0.3-2.4 [31 Jan 2003] DSA-248 hypermail - buffer overflows {CVE-2003-0057} [woody] - hypermail 2.1.3-2.0 [30 Jan 2003] DSA-247 courier-ssl - missing input sanitizing {CVE-2003-0040} [woody] - courier 0.37.3-3.3 [29 Jan 2003] DSA-246 tomcat - information exposure, cross site scripting {CVE-2003-0042 CVE-2003-0043 CVE-2003-0044} [woody] - tomcat 3.3a-4woody.1 [28 Jan 2003] DSA-245 dhcp3 - ignored counter boundary {CVE-2003-0039} [woody] - dhcp3 3.0+3.0.1rc9-2.2 [27 Jan 2003] DSA-244 noffle - buffer overflows {CVE-2003-0037} [woody] - noffle 1.0.1-1.1 [24 Jan 2003] DSA-243 kdemultimedia - several vulnerabilities {CVE-2002-1393} [woody] - kdemultimedia 2.2.2-8.2 [24 Jan 2003] DSA-242 kdebase - several vulnerabilities {CVE-2002-1393} [woody] - kdebase 2.2.2-14.2 [24 Jan 2003] DSA-241 kdeutils - several vulnerabilities {CVE-2002-1393} [woody] - kdeutils 2.2.2-9.2 [23 Jan 2003] DSA-240 kdegames - several vulnerabilities {CVE-2002-1393} [woody] - kdegames 2.2.2-2.2 [23 Jan 2003] DSA-239 kdesdk - several vulnerabilities {CVE-2002-1393} [woody] - kdesdk 2.2.2-3.2 [23 Jan 2003] DSA-238 kdepim - several vulnerabilities {CVE-2002-1393} [woody] - kdepim 2.2.2-5.2 [22 Jan 2003] DSA-237 kdenetwork - several vulnerabilities {CVE-2002-1393} [woody] - kdenetwork 2.2.2-14.6 [22 Jan 2003] DSA-236 kdelibs - several vulnerabilities {CVE-2002-1393} [woody] - kdelibs 2.2.2-13.woody.6 [22 Jan 2003] DSA-235 kdegraphics - several vulnerabilities {CVE-2002-1393} [woody] - kdegraphics 2.2.2-6.10 [22 Jan 2003] DSA-234 kdeadmin - several vulnerabilities {CVE-2002-1393} [woody] - kdeadmin 2.2.2-7.2 [21 Jan 2003] DSA-233 cvs - doubly freed memory {CVE-2003-0015} [woody] - cvs 1.11.1p1debian-8.1 [20 Jan 2003] DSA-232 cupsys - several vulnerabilities {CVE-2002-1366 CVE-2002-1367 CVE-2002-1368 CVE-2002-1369 CVE-2002-1371 CVE-2002-1372 CVE-2002-1383 CVE-2002-1384} [woody] - cupsys 1.1.14-4.3 [17 Jan 2003] DSA-231 dhcp3 - stack overflows {CVE-2003-0026} [woody] - dhcp3 3.0+3.0.1rc9-2.1 [16 Jan 2003] DSA-230 bugzilla - insecure permissions, spurious backup files {CVE-2003-0012 CVE-2003-0013} [woody] - bugzilla 2.14.2-0woody4 [15 Jan 2003] DSA-229 imp - SQL injection {CVE-2003-0025} [woody] - imp 2.2.6-5.1 [14 Jan 2003] DSA-228 libmcrypt - buffer overflows and memory leak {CVE-2003-0031 CVE-2003-0032} [woody] - libmcrypt 2.5.0-1woody1 [13 Jan 2003] DSA-227 openldap2 - buffer overflows and other bugs {CVE-2002-1378 CVE-2002-1379 CVE-2002-1508} [woody] - openldap2 2.0.23-6.3 [10 Jan 2003] DSA-226 xpdf-i - integer overflow {CVE-2002-1384} [woody] - xpdf (xpdf-i is only a dummy package) [09 Jan 2003] DSA-225 tomcat4 - source disclosure {CVE-2002-1394} [woody] - tomcat4 4.0.3-3woody2 [08 Jan 2003] DSA-224 canna - buffer overflow and more {CVE-2002-1158 CVE-2002-1159} [woody] - canna 3.5b2-46.2 [07 Jan 2003] DSA-223 geneweb - information exposure {CVE-2002-1390} [woody] - geneweb 4.06-2 [06 Jan 2003] DSA-222 xpdf - integer overflow {CVE-2002-1384} [woody] - xpdf 1.00-3.1 [03 Jan 2003] DSA-221 mhonarc - cross site scripting {CVE-2002-1388} [woody] - mhonarc 2.5.2-1.3 [02 Jan 2003] DSA-220 squirrelmail - cross site scripting {CVE-2002-1341} [woody] - squirrelmail 1.2.6-1.3 [31 Dec 2002] DSA-219 dhcpcd - remote command execution {CVE-2002-1403} NOTE: Woody doesn't have dhcpd [30 Dec 2002] DSA-218 bugzilla - cross site scripting {CVE-2002-2260} [woody] - bugzilla 2.14.2-0woody3 [27 Dec 2002] DSA-217 typespeed - buffer overflow {CVE-2002-1389} [woody] - typespeed 0.4.1-2.1 [24 Dec 2002] DSA-216 fetchmail - buffer overflow {CVE-2002-1365} [woody] - fetchmail 5.9.11-6.2 [23 Dec 2002] DSA-215 cyrus-imapd - buffer overflow {CVE-2002-1580} [woody] - cyrus-imapd 1.5.19-9.1 [20 Dec 2002] DSA-214 kdenetwork - buffer overflows {CVE-2002-1306} [woody] - kdenetwork 2.2.2-14.5 [19 Dec 2002] DSA-213 libpng - buffer overflow {CVE-2002-1363} [woody] - libpng 1.0.12-3.woody.3 [woody] - libpng3 1.2.1-1.1.woody.3 [17 Dec 2002] DSA-212 mysql - multiple problems {CVE-2002-1373 CVE-2002-1374 CVE-2002-1375 CVE-2002-1376} [woody] - mysql 3.23.49-8.2 [13 Dec 2002] DSA-211 micq - denial of service {CVE-2002-1362} [woody] - micq 0.4.9-0woody3 [13 Dec 2002] DSA-210 lynx - CRLF injection {CVE-2002-1405} [woody] - lynx 2.8.3-1.1 [woody] - lynx-ssl 2.8.3.1-1.1 [12 Dec 2002] DSA-209 wget - directory traversal {CVE-2002-1344} [woody] - wget 1.8.1-6.1 [12 Dec 2002] DSA-208 perl - broken safe compartment {CVE-2002-1323} [woody] - perl 5.6.1-8.2 [11 Dec 2002] DSA-207 tetex-bin - arbitrary command execution {CVE-2002-0836} [woody] - tetex-bin 1.0.7+20011202-7.1 [10 Dec 2002] DSA-206 tcpdump - denial of service {CVE-2002-1350} [woody] - tcpdump 3.6.2-2.2 [10 Dec 2002] DSA-205 gtetrinet - buffer overflow [woody] - gtetrinet 0.4.1-9woody1.1 [05 Dec 2002] DSA-204 kdelibs - arbitrary program execution {CVE-2002-1281 CVE-2002-1282} [woody] - kdelibs 2.2.2-13.woody.5 [04 Dec 2002] DSA-203 smb2www - arbitrary command execution {CVE-2002-1342} [woody] - smb2www 980804-16.1 [03 Dec 2002] DSA-202 im - insecure temporary files {CVE-2002-1395} [woody] - im 141-18.1 [02 Dec 2002] DSA-201 freeswan - denial of service {CVE-2002-0666} [woody] - freeswan 1.96-1.4 [22 Nov 2002] DSA-200 samba - remote exploit {CVE-2002-1318} [woody] - samba 2.2.3a-12 [19 Nov 2002] DSA-199 mhonarc - cross site scripting {CVE-2002-1307} [woody] - mhonarc 2.5.2-1.2 [18 Nov 2002] DSA-198 nullmailer - denial of service {CVE-2002-1313} [woody] - nullmailer 1.00RC5-16.1woody2 [15 Nov 2002] DSA-197 courier - buffer overflow {CVE-2002-1311} [woody] - courier 0.37.3-2.3 [14 Nov 2002] DSA-196 bind - several vulnerabilities {CVE-2002-0029 CVE-2002-1219 CVE-2002-1220 CVE-2002-1221} [woody] - bind 8.3.3-2.0woody1 [13 Nov 2002] DSA-195 apache-perl - several vulnerabilities {CVE-2002-0839 CVE-2002-0840 CVE-2002-0843 CVE-2001-0131 CVE-2002-1233} [woody] - apache-perl 1.3.26-1-1.26-0woody2 [12 Nov 2002] DSA-194 masqmail - buffer overflows {CVE-2002-1279} [woody] - masqmail 0.1.16-2.1 [11 Nov 2002] DSA-193 kdenetwork - buffer overflow {CVE-2002-1247} [woody] - kdenetwork 4:2.2.2-14.2 [08 Nov 2002] DSA-192 html2ps - arbitrary code execution {CVE-2002-1275} [woody] - html2ps 1.0b3-1.1 [07 Nov 2002] DSA-191 squirrelmail - cross site scripting {CVE-2002-1131 CVE-2002-1132 CVE-2002-1276} [woody] - squirrelmail 1.2.6-1.1 [07 Nov 2002] DSA-190 wmaker - buffer overflow {CVE-2002-1277} [woody] - wmaker 0.80.0-4.1 [06 Nov 2002] DSA-189 luxman - local root exploit {CVE-2002-1245} [woody] - luxman 0.41-17.1 [05 Nov 2002] DSA-188 apache-ssl - several vulnerabilities {CVE-2002-0839 CVE-2002-0840 CVE-2002-0843 CVE-2001-0131 CVE-2002-1233} [woody] - apache-ssl 1.3.26.1+1.48-0woody3 [04 Nov 2002] DSA-187 apache - several vulnerabilities {CVE-2002-0839 CVE-2002-0840 CVE-2002-0843 CVE-2001-0131 CVE-2002-1233} [woody] - apache 1.3.26-0woody [01 Nov 2002] DSA-186 log2mail - buffer overflow {CVE-2002-1251} [woody] - log2mail 0.2.5.1 [31 Oct 2002] DSA-185 heimdal - buffer overflow {CVE-2002-1235} [woody] - heimdal 0.4e-7.woody.5 [30 Oct 2002] DSA-184 krb4 - buffer overflow {CVE-2002-1235} [woody] - krb4 1.1-8-2.2 [29 Oct 2002] DSA-183 krb5 - buffer overflow {CVE-2002-1235} [woody] - krb5 1.2.4-5woody3 [28 Oct 2002] DSA-182 kdegraphics - buffer overflow {CVE-2002-0838} [woody] - kdegraphics 2.2.2-6.8 [22 Oct 2002] DSA-181 libapache-mod-ssl - cross site scripting {CVE-2002-1157} [woody] - libapache-mod-ssl 2.8.9-2.1 [21 Oct 2002] DSA-180 nis - information leak {CVE-2002-1232} [woody] - nis 3.9-6.1 [18 Oct 2002] DSA-179 gnome-gv - buffer overflow {CVE-2002-0838} [woody] - gnome-gv 1.1.96-3.1 [17 Oct 2002] DSA-178 heimdal - remote command execution {CVE-2002-1225 CVE-2002-1226} [woody] - heimdal 0.4e-7.woody.4 [17 Oct 2002] DSA-177 pam - serious security violation {CVE-2002-1227} [woody] - pam [sarge] - pam [16 Oct 2002] DSA-176 gv - buffer overflow {CVE-2002-0838} [woody] - gv 3.5.8-26.1 [15 Oct 2002] DSA-175 syslog-ng - buffer overflow {CVE-2002-1200} [woody] - syslog-ng 1.5.15-1.1 [14 Oct 2002] DSA-174 heartbeat - buffer overflow {CVE-2002-1215} [woody] - heartbeat 0.4.9.0l-7.2 [09 Oct 2002] DSA-173 bugzilla - privilege escalation {CVE-2002-1196} [woody] - bugzilla 2.14.2-0woody2 [08 Oct 2002] DSA-172 tkmail - insecure temporary files {CVE-2002-1193} [woody] - tkmail 4.0beta9-8.1 [07 Oct 2002] DSA-171 fetchmail - buffer overflows {CVE-2002-1175 CVE-2002-1174} [woody] - fetchmail-ssl 5.9.11-6.1 [woody] - fetchmail 5.9.11-6.1 [04 Oct 2002] DSA-170 tomcat4 - source code disclosure {CVE-2002-1148} [woody] - tomcat4 4.0.3-3woody1 [25 Sep 2002] DSA-169 htcheck - cross site scripting {CVE-2002-1195} [woody] - htcheck 1.1-1.1 [18 Sep 2002] DSA-168 php - bypassing safe_mode, CRLF injection {CVE-2002-0985 CVE-2002-0986} [woody] - php3 3.0.18-23.1woody1 [woody] - php4 4.1.2-5 [16 Sep 2002] DSA-167 kdelibs - cross site scripting {CVE-2002-1151} [woody] - kdelibs 4:2.2.2-13.woody.3 [13 Sep 2002] DSA-166 purity - buffer overflows {CVE-2002-1124} [woody] - purity 1-14.2 [12 Sep 2002] DSA-165 postgresql - buffer overflows {CVE-2002-0972 CVE-2002-1398 CVE-2002-1400 CVE-2002-1401 CVE-2002-1402} [woody] - postgresql 7.2.1-2woody2 [10 Sep 2002] DSA-164 cacti - arbitrary code execution {CVE-2002-1477 CVE-2002-1478} [woody] - cacti 0.6.7-2.1 [09 Sep 2002] DSA-163 mhonarc - cross site scripting {CVE-2002-0738} [woody] - mhonarc 2.5.2-1.1 [06 Sep 2002] DSA-162 ethereal - buffer overflow {CVE-2002-0834} [woody] - ethereal 0.9.4-1woody2 [04 Sep 2002] DSA-161 mantis - privilege escalation {CVE-2002-1115 CVE-2002-1116} [woody] - mantis 0.17.1-2.5 [03 Sep 2002] DSA-160 scrollkeeper - insecure temporary file creation {CVE-2002-0662} [woody] - scrollkeeper 0.3.6-3.1 [28 Aug 2002] DSA-159 python - insecure temporary files {CVE-2002-1119} [woody] - python1.5 1.5.2-23.1 [woody] - python2.1 2.1.3-3.1 [woody] - python2.2 2.2.1-4.1 [27 Aug 2002] DSA-158 gaim - arbitrary program execution {CVE-2002-0989} [woody] - gaim 0.58-2.2 [23 Aug 2002] DSA-157 irssi-text - denial of service {CVE-2002-0983} [woody] - irssi-text 0.8.4-3.1 [22 Aug 2002] DSA-156 epic4-script-light - arbitrary script execution {CVE-2002-0984} [woody] - epic4-script-light 2.7.30p5-1.1 [17 Aug 2002] DSA-155 kdelibs - privacy escalation with Konqueror {CVE-2002-0970} [woody] - kdelibs 2.2.2-13.woody.2 [15 Aug 2002] DSA-154 fam - privilege escalation {CVE-2002-0875} [woody] - fam 2.6.6.1-5.2 [14 Aug 2002] DSA-153 mantis - cross site code execution and privilege escalation {CVE-2002-1114 CVE-2002-1113 CVE-2002-1112 CVE-2002-1111 CVE-2002-1110} [woody] - mantis 0.17.1-2.2 [13 Aug 2002] DSA-152 l2tpd - missing random seed {CVE-2002-0872 CVE-2002-0873} [woody] - l2tpd 0.67-1.1 [13 Aug 2002] DSA-151 xinetd - pipe exposure {CVE-2002-0871} [woody] - xinetd 1:2.3.4-1.2 [13 Aug 2002] DSA-150 interchange - illegal file exposition {CVE-2002-0874} [woody] - interchange 4.8.3.20020306-1.woody.1 [13 Aug 2002] DSA-149 glibc - integer overflow {CVE-2002-0391} [woody] - glibc 2.2.5-11.1 [12 Aug 2002] DSA-148 hylafax - buffer overflows and format string vulnerabilities {CVE-2002-1049 CVE-2002-1050 CVE-2001-1034} [woody] - hylafax 1:4.1.1-1.1 [08 Aug 2002] DSA-147 mailman - cross-site scripting {CVE-2002-0388 CVE-2002-0855} [woody] - mailman 2.0.11-1woody4 [08 Aug 2002] DSA-146 dietlibc - integer overflow {CVE-2002-0391} [woody] - dietlibc 0.12-2.4 [07 Aug 2002] DSA-145 tinyproxy - doubly freed memory {CVE-2002-0847} [woody] - tinyproxy 1.4.3-2woody2 [06 Aug 2002] DSA-144 wwwoffle - improper input handling {CVE-2002-0818} [woody] - wwwoffle 2.7a-1.2 [05 Aug 2002] DSA-143 krb5 - integer overflow {CVE-2002-0391} [woody] - krb5 1.2.4-5woody1 [05 Aug 2002] DSA-142 openafs - integer overflow {CVE-2002-0391} [woody] - openafs 1.2.3final2-6 [01 Aug 2002] DSA-141 mpack - buffer overflow {CVE-2002-1425} [woody] - mpack 1.5-7woody2 [05 Aug 2002] DSA-140 libpng - buffer overflow {CVE-2002-0660 CVE-2002-0728} [woody] - libpng 1.0.12-3.woody.2 [woody] - libpng3 1.2.1-1.1.woody.2 [01 Aug 2002] DSA-139 super - format string vulnerability {CVE-2002-0817} [woody] - super 3.16.1-1.2 [01 Aug 2002] DSA-138 gallery - remote exploit {CVE-2002-1412} [woody] - gallery 1.2.5-7 [30 Jul 2002] DSA-137 mm - insecure temporary files {CVE-2002-0658} [woody] - mm 1.1.3-6.1 [30 Jul 2002] DSA-136 openssl - multiple remote exploits {CVE-2002-0655 CVE-2002-0656 CVE-2002-0657 CVE-2002-0659} [woody] - openssl094 0.9.4-6.woody.2 [woody] - openssl095 0.9.5a-6.woody.1 [woody] - openssl 0.9.6c-2.woody.1 [02 Jul 2002] DSA-135 libapache-mod-ssl -- buffer overflow / DoS {CVE-2002-0653} [woody] - libapache-mod-ssl 2.8.9-2