sunrat Posted May 10, 2016 Share Posted May 10, 2016 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3572-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso May 09, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : websvn CVE ID : CVE-2016-1236 Nitin Venkatesh discovered that websvn, a web viewer for Subversion repositories, is susceptible to cross-site scripting attacks via specially crafted file and directory names in repositories. For the stable distribution (jessie), this problem has been fixed in version 2.3.3-1.2+deb8u2. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3573-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso May 09, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : qemu CVE ID : CVE-2016-3710 CVE-2016-3712 Debian Bug : 823830 Several vulnerabilities were discovered in qemu, a fast processor emulator. CVE-2016-3710 Wei Xiao and Qinghao Tang of 360.cn Inc discovered an out-of-bounds read and write flaw in the QEMU VGA module. A privileged guest user could use this flaw to execute arbitrary code on the host with the privileges of the hosting QEMU process. CVE-2016-3712 Zuozhi Fzz of Alibaba Inc discovered potential integer overflow or out-of-bounds read access issues in the QEMU VGA module. A privileged guest user could use this flaw to mount a denial of service (QEMU process crash). For the stable distribution (jessie), these problems have been fixed in version 1:2.1+dfsg-12+deb8u6. Link to comment Share on other sites More sharing options...
sunrat Posted May 10, 2016 Share Posted May 10, 2016 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3574-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso May 10, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libarchive CVE ID : CVE-2016-1541 Debian Bug : 823893 Rock Stevens, Andrew Ruef and Marcin 'Icewall' Noga discovered a heap-based buffer overflow vulnerability in the zip_read_mac_metadata function in libarchive, a multi-format archive and compression library, which may lead to the execution of arbitrary code if a user or automated system is tricked into processing a specially crafted ZIP file. For the stable distribution (jessie), this problem has been fixed in version 3.1.2-11+deb8u1. Link to comment Share on other sites More sharing options...
sunrat Posted May 11, 2016 Share Posted May 11, 2016 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3565-2 security@debian.org https://www.debian.org/security/ Sebastien Delafond May 11, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : monotone ovito pdns qtcreator softhsm Debian Bug : 823823 This updates fixes a regression introduced in botan1.10 by DSA-3565-1: packages depending on libbotan1.10 needed to be rebuilt against the latest version to function properly. For the stable distribution (jessie), this problem has been fixed in the following versions: monotone : 1.1-4+deb8u1 ovito : 2.3.3-3+deb8u1 pdns : 3.4.1-4+deb8u5 qtcreator : 3.2.1+dfsg-7+deb8u1 softhsm : 1.3.7-2+deb8u1 Link to comment Share on other sites More sharing options...
sunrat Posted May 12, 2016 Share Posted May 12, 2016 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3575-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff May 12, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libxstream-java CVE ID : CVE-2016-3674 It was discovered that XStream, a Java library to serialize objects to XML and back again, was susceptible to XML External Entity attacks. For the stable distribution (jessie), this problem has been fixed in version 1.4.7-2+deb8u1. For the testing distribution (stretch), this problem has been fixed in version 1.4.9-1. For the unstable distribution (sid), this problem has been fixed in version 1.4.9-1. Link to comment Share on other sites More sharing options...
sunrat Posted May 14, 2016 Share Posted May 14, 2016 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3576-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff May 13, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : icedove CVE ID : CVE-2016-1979 CVE-2016-2805 CVE-2016-2807 Multiple security issues have been found in Icedove, Debian's version of the Mozilla Thunderbird mail client: Multiple memory safety errors may lead to the execution of arbitrary code or denial of service. For the stable distribution (jessie), these problems have been fixed in version 38.8.0-1~deb8u1. For the unstable distribution (sid), these problems will be fixed soon. Link to comment Share on other sites More sharing options...
sunrat Posted May 15, 2016 Share Posted May 15, 2016 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3577-1 security@debian.org https://www.debian.org/security/ Alessandro Ghedini May 14, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : jansson CVE ID : CVE-2016-4425 Debian Bug : 823238 Gustavo Grieco discovered that jansson, a C library for encoding, decoding and manipulating JSON data, did not limit the recursion depth when parsing JSON arrays and objects. This could allow remote attackers to cause a denial of service (crash) via stack exhaustion, using crafted JSON data. For the stable distribution (jessie), this problem has been fixed in version 2.7-1+deb8u1. For the unstable distribution (sid), this problem has been fixed in version 2.7-5. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3578-1 security@debian.org https://www.debian.org/security/ Alessandro Ghedini May 14, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libidn CVE ID : CVE-2015-2059 It was discovered that libidn, the GNU library for Internationalized Domain Names (IDNs), did not correctly handle invalid UTF-8 input, causing an out-of-bounds read. This could allow attackers to disclose sensitive information from an application using the libidn library. For the stable distribution (jessie), this problem has been fixed in version 1.29-1+deb8u1. For the testing distribution (stretch), this problem has been fixed in version 1.31-1. For the unstable distribution (sid), this problem has been fixed in version 1.31-1. Link to comment Share on other sites More sharing options...
sunrat Posted May 16, 2016 Share Posted May 16, 2016 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3579-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso May 16, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : xerces-c CVE ID : CVE-2016-2099 Debian Bug : 823863 Gustavo Grieco discovered an use-after-free vulnerability in xerces-c, a validating XML parser library for C++, due to not properly handling invalid characters in XML input documents in the DTDScanner. For the stable distribution (jessie), this problem has been fixed in version 3.1.1-5.1+deb8u2. For the testing distribution (stretch), this problem has been fixed in version 3.1.3+debian-2. For the unstable distribution (sid), this problem has been fixed in version 3.1.3+debian-2. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3580-1 security@debian.org https://www.debian.org/security/ Luciano Bello May 16, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : imagemagick CVE ID : CVE-2016-3714 CVE-2016-3715 CVE-2016-3716 CVE-2016-3717 CVE-2016-3718 Debian Bug : 823542 Nikolay Ermishkin from the Mail.Ru Security Team and Stewie discovered several vulnerabilities in ImageMagick, a program suite for image manipulation. These vulnerabilities, collectively known as ImageTragick, are the consequence of lack of sanitization of untrusted input. An attacker with control on the image input could, with the privileges of the user running the application, execute code (CVE-2016-3714), make HTTP GET or FTP requests (CVE-2016-3718), or delete (CVE-2016-3715), move (CVE-2016-3716), or read (CVE-2016-3717) local files. These vulnerabilities are particularly critical if Imagemagick processes images coming from remote parties, such as part of a web service. The update disables the vulnerable coders (EPHEMERAL, URL, MVG, MSL, and PLT) and indirect reads via /etc/ImageMagick-6/policy.xml file. In addition, we introduce extra preventions, including some sanitization for input filenames in http/https delegates, the full remotion of PLT/Gnuplot decoder, and the need of explicit reference in the filename for the insecure coders. For the stable distribution (jessie), these problems have been fixed in version 8:6.8.9.9-5+deb8u2. Link to comment Share on other sites More sharing options...
sunrat Posted May 17, 2016 Share Posted May 17, 2016 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3581-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso May 17, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libndp CVE ID : CVE-2016-3698 Debian Bug : 824545 Julien Bernard discovered that libndp, a library for the IPv6 Neighbor Discovery Protocol, does not properly perform input and origin checks during the reception of a NDP message. An attacker in a non-local network could use this flaw to advertise a node as a router, and cause a denial of service attack, or act as a man-in-the-middle. For the stable distribution (jessie), this problem has been fixed in version 1.4-2+deb8u1. Link to comment Share on other sites More sharing options...
sunrat Posted May 18, 2016 Share Posted May 18, 2016 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3582-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso May 18, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : expat CVE ID : CVE-2016-0718 Gustavo Grieco discovered that Expat, an XML parsing C library, does not properly handle certain kinds of malformed input documents, resulting in buffer overflows during processing and error reporting. A remote attacker can take advantage of this flaw to cause an application using the Expat library to crash, or potentially, to execute arbitrary code with the privileges of the user running the application. For the stable distribution (jessie), this problem has been fixed in version 2.1.0-6+deb8u2. Additionally this update refreshes the fix for CVE-2015-1283 to avoid relying on undefined behavior. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3583-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff May 18, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : swift-plugin-s3 CVE ID : CVE-2015-8466 Debian Bug : 822688 It was discovered that the swift3 (S3 compatibility) middleware plugin for Swift performed insufficient validation of date headers which might result in replay attacks. For the stable distribution (jessie), this problem has been fixed in version 1.7-5+deb8u1. For the testing distribution (stretch), this problem has been fixed in version 1.9-1. For the unstable distribution (sid), this problem has been fixed in version 1.9-1. Link to comment Share on other sites More sharing options...
sunrat Posted May 20, 2016 Share Posted May 20, 2016 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3584-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso May 19, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : librsvg CVE ID : CVE-2015-7558 CVE-2016-4347 CVE-2016-4348 Gustavo Grieco discovered several flaws in the way librsvg, a SAX-based renderer library for SVG files, parses SVG files with circular definitions. A remote attacker can take advantage of these flaws to cause an application using the librsvg library to crash. For the stable distribution (jessie), these problems have been fixed in version 2.40.5-1+deb8u2. For the testing distribution (stretch), these problems have been fixed in version 2.40.12-1. For the unstable distribution (sid), these problems have been fixed in version 2.40.12-1. Link to comment Share on other sites More sharing options...
sunrat Posted May 22, 2016 Share Posted May 22, 2016 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3585-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff May 22, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : wireshark CVE ID : CVE-2016-4006 CVE-2016-4079 CVE-2016-4080 CVE-2016-4081 CVE-2016-4082 CVE-2016-4085 Multiple vulnerabilities were discovered in the dissectors/parsers for PKTC, IAX2, GSM CBCH and NCP which could result in denial of service. For the stable distribution (jessie), these problems have been fixed in version 1.12.1+g01b65bf-4+deb8u6. For the testing distribution (stretch), these problems have been fixed in version 2.0.3+geed34f0-1. For the unstable distribution (sid), these problems have been fixed in version 2.0.3+geed34f0-1. Link to comment Share on other sites More sharing options...
sunrat Posted May 23, 2016 Share Posted May 23, 2016 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3586-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff May 23, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : atheme-services CVE ID : CVE-2016-4478 It was discovered that a buffer overflow in the XMLRPC response encoding code of the Atheme IRC services may result in denial of service. For the stable distribution (jessie), this problem has been fixed in version 6.0.11-2+deb8u1. For the testing distribution (stretch), this problem has been fixed in version 7.0.7-2. For the unstable distribution (sid), this problem has been fixed in version 7.0.7-2. Link to comment Share on other sites More sharing options...
sunrat Posted May 29, 2016 Share Posted May 29, 2016 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3587-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso May 27, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libgd2 CVE ID : CVE-2013-7456 CVE-2015-8874 CVE-2015-8877 Debian Bug : 824627 Several vulnerabilities were discovered in libgd2, a library for programmatic graphics creation and manipulation. A remote attacker can take advantage of these flaws to cause a denial-of-service against an application using the libgd2 library. For the stable distribution (jessie), these problems have been fixed in version 2.1.0-5+deb8u3. For the unstable distribution (sid), these problems have been fixed in version 2.2.1-1 or earlier. Link to comment Share on other sites More sharing options...
sunrat Posted May 31, 2016 Share Posted May 31, 2016 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3588-1 security@debian.org https://www.debian.org/security/ Luciano Bello May 29, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : symfony CVE ID : CVE-2016-1902 CVE-2016-4423 Two vulnerabilities were discovered in Symfony, a PHP framework. CVE-2016-1902 Lander Brandt discovered that the class SecureRandom might generate weak random numbers for cryptographic use under certain settings. If the functions random_bytes() or openssl_random_pseudo_bytes() are not available, the output of SecureRandom should not be consider secure. CVE-2016-4423 Marek Alaksa from Citadelo discovered that it is possible to fill up the session storage space by submitting inexistent large usernames. For the stable distribution (jessie), these problems have been fixed in version 2.3.21+dfsg-4+deb8u3. For the testing distribution (stretch), these problems have been fixed in version 2.8.6+dfsg-1. For the unstable distribution (sid), these problems have been fixed in version 2.8.6+dfsg-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3589-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso May 30, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : gdk-pixbuf CVE ID : CVE-2015-7552 CVE-2015-8875 Several vulnerabilities have been discovered in gdk-pixbuf, a toolkit for image loading and pixel buffer manipulation. A remote attacker can take advantage of these flaws to cause a denial-of-service against an application using gdk-pixbuf (application crash), or potentially, to execute arbitrary code with the privileges of the user running the application, if a malformed image is opened. For the stable distribution (jessie), these problems have been fixed in version 2.31.1-2+deb8u5. Link to comment Share on other sites More sharing options...
sunrat Posted June 2, 2016 Share Posted June 2, 2016 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3590-1 security@debian.org https://www.debian.org/security/ Michael Gilbert June 01, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : chromium-browser CVE ID : CVE-2016-1667 CVE-2016-1668 CVE-2016-1669 CVE-2016-1670 CVE-2016-1672 CVE-2016-1673 CVE-2016-1674 CVE-2016-1675 CVE-2016-1676 CVE-2016-1677 CVE-2016-1678 CVE-2016-1679 CVE-2016-1680 CVE-2016-1681 CVE-2016-1682 CVE-2016-1683 CVE-2016-1684 CVE-2016-1685 CVE-2016-1686 CVE-2016-1687 CVE-2016-1688 CVE-2016-1689 CVE-2016-1690 CVE-2016-1691 CVE-2016-1692 CVE-2016-1693 CVE-2016-1694 CVE-2016-1695 Several vulnerabilities have been discovered in the chromium web browser. CVE-2016-1667 Mariusz Mylinski discovered a cross-origin bypass. CVE-2016-1668 Mariusz Mylinski discovered a cross-origin bypass in bindings to v8. CVE-2016-1669 Choongwoo Han discovered a buffer overflow in the v8 javascript library. CVE-2016-1670 A race condition was found that could cause the renderer process to reuse ids that should have been unique. CVE-2016-1672 Mariusz Mylinski discovered a cross-origin bypass in extension bindings. CVE-2016-1673 Mariusz Mylinski discovered a cross-origin bypass in Blink/Webkit. CVE-2016-1674 Mariusz Mylinski discovered another cross-origin bypass in extension bindings. CVE-2016-1675 Mariusz Mylinski discovered another cross-origin bypass in Blink/Webkit. CVE-2016-1676 Rob Wu discovered a cross-origin bypass in extension bindings. CVE-2016-1677 Guang Gong discovered a type confusion issue in the v8 javascript library. CVE-2016-1678 Christian Holler discovered an overflow issue in the v8 javascript library. CVE-2016-1679 Rob Wu discovered a use-after-free issue in the bindings to v8. CVE-2016-1680 Atte Kettunen discovered a use-after-free issue in the skia library. CVE-2016-1681 Aleksandar Nikolic discovered an overflow issue in the pdfium library. CVE-2016-1682 KingstonTime discovered a way to bypass the Content Security Policy. CVE-2016-1683 Nicolas Gregoire discovered an out-of-bounds write issue in the libxslt library. CVE-2016-1684 Nicolas Gregoire discovered an integer overflow issue in the libxslt library. CVE-2016-1685 Ke Liu discovered an out-of-bounds read issue in the pdfium library. CVE-2016-1686 Ke Liu discovered another out-of-bounds read issue in the pdfium library. CVE-2016-1687 Rob Wu discovered an information leak in the handling of extensions. CVE-2016-1688 Max Korenko discovered an out-of-bounds read issue in the v8 javascript library. CVE-2016-1689 Rob Wu discovered a buffer overflow issue. CVE-2016-1690 Rob Wu discovered a use-after-free issue. CVE-2016-1691 Atte Kettunen discovered a buffer overflow issue in the skia library. CVE-2016-1692 Til Jasper Ullrich discovered a cross-origin bypass issue. CVE-2016-1693 Khalil Zhani discovered that the Software Removal Tool download was done over an HTTP connection. CVE-2016-1694 Ryan Lester and Bryant Zadegan discovered that pinned public keys would be removed when clearing the browser cache. CVE-2016-1695 The chrome development team found and fixed various issues during internal auditing. For the stable distribution (jessie), these problems have been fixed in version 51.0.2704.63-1~deb8u1. For the testing distribution (stretch), these problems will be fixed soon. For the unstable distribution (sid), these problems have been fixed in version 51.0.2704.63-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3591-1 security@debian.org https://www.debian.org/security/ Luciano Bello June 01, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : imagemagick CVE ID : CVE-2016-5118 Debian Bug : 825799 Bob Friesenhahn from the GraphicsMagick project discovered a command injection vulnerability in ImageMagick, a program suite for image manipulation. An attacker with control on input image or the input filename can execute arbitrary commands with the privileges of the user running the application. This update removes the possibility of using pipe (|) in filenames to interact with imagemagick. It is important that you upgrade the libmagickcore-6.q16-2 and not just the imagemagick package. Applications using libmagickcore-6.q16-2 might also be affected and need to be restarted after the upgrade. For the stable distribution (jessie), this problem has been fixed in version 6.8.9.9-5+deb8u3. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3592-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff June 01, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : nginx CVE ID : CVE-2016-4450 It was discovered that a NULL pointer dereference in the Nginx code responsible for saving client request bodies to a temporary file might result in denial of service: Malformed requests could crash worker processes. For the stable distribution (jessie), this problem has been fixed in version 1.6.2-5+deb8u2. For the unstable distribution (sid), this problem has been fixed in version 1.10.1-1. Link to comment Share on other sites More sharing options...
sunrat Posted June 3, 2016 Share Posted June 3, 2016 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3593-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso June 02, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libxml2 CVE ID : CVE-2015-8806 CVE-2016-1762 CVE-2016-1833 CVE-2016-1834 CVE-2016-1835 CVE-2016-1836 CVE-2016-1837 CVE-2016-1838 CVE-2016-1839 CVE-2016-1840 CVE-2016-2073 CVE-2016-3627 CVE-2016-3705 CVE-2016-4447 CVE-2016-4449 CVE-2016-4483 Debian Bug : 812807 813613 819006 823405 823414 Several vulnerabilities were discovered in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause a denial-of-service against the application, or potentially the execution of arbitrary code with the privileges of the user running the application. For the stable distribution (jessie), these problems have been fixed in version 2.9.1+dfsg1-5+deb8u2. Link to comment Share on other sites More sharing options...
sunrat Posted June 5, 2016 Share Posted June 5, 2016 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3594-1 security@debian.org https://www.debian.org/security/ Michael Gilbert June 04, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : chromium-browser CVE ID : CVE-2016-1696 CVE-2016-1697 CVE-2016-1698 CVE-2016-1699 CVE-2016-1700 CVE-2016-1701 CVE-2016-1702 Several vulnerabilities have been discovered in the chromium web browser. CVE-2016-1696 A cross-origin bypass was found in the bindings to extensions. CVE-2016-1697 Mariusz Mlynski discovered a cross-origin bypass in Blink/Webkit. CVE-2016-1698 Rob Wu discovered an information leak. CVE-2016-1699 Gregory Panakkal discovered an issue in the Developer Tools feature. CVE-2016-1700 Rob Wu discovered a use-after-free issue in extensions. CVE-2016-1701 Rob Wu discovered a use-after-free issue in the autofill feature. CVE-2016-1702 cloudfuzzer discovered an out-of-bounds read issue in the skia library. For the stable distribution (jessie), these problems have been fixed in version 51.0.2704.79-1~deb8u1. For the testing distribution (stretch), these problems will be fixed soon. For the unstable distribution (sid), these problems have been fixed in version 51.0.2704.79-1. Link to comment Share on other sites More sharing options...
sunrat Posted June 6, 2016 Share Posted June 6, 2016 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3548-3 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso June 05, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : samba Debian Bug : 821002 822937 The upgrade to Samba 4.2 issued as DSA-3548-1 introduced several upstream regressions and as well a packaging regression causing errors on upgrading the packages. Updated packages are now available to address these problems. For the stable distribution (jessie), these problems have been fixed in version 2:4.2.10+dfsg-0+deb8u3. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3595-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso June 05, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : mariadb-10.0 CVE ID : CVE-2016-0640 CVE-2016-0641 CVE-2016-0643 CVE-2016-0644 CVE-2016-0646 CVE-2016-0647 CVE-2016-0648 CVE-2016-0649 CVE-2016-0650 CVE-2016-0655 CVE-2016-0666 CVE-2016-0668 Debian Bug : 823325 Several issues have been discovered in the MariaDB database server. The vulnerabilities are addressed by upgrading MariaDB to the new upstream version 10.0.25. Please see the MariaDB 10.0 Release Notes for further details: https://mariadb.com/kb/en/mariadb/mariadb-10024-release-notes/ https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ For the stable distribution (jessie), these problems have been fixed in version 10.0.25-0+deb8u1. Link to comment Share on other sites More sharing options...
sunrat Posted June 7, 2016 Share Posted June 7, 2016 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3596-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso June 06, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : spice CVE ID : CVE-2016-0749 CVE-2016-2150 Several vulnerabilities were discovered in spice, a SPICE protocol client and server library. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2016-0749 Jing Zhao of Red Hat discovered a memory allocation flaw, leading to a heap-based buffer overflow in spice's smartcard interaction. A user connecting to a guest VM via spice can take advantage of this flaw to cause a denial-of-service (QEMU process crash), or potentially to execute arbitrary code on the host with the privileges of the hosting QEMU process. CVE-2016-2150 Frediano Ziglio of Red Hat discovered that a malicious guest inside a virtual machine can take control of the corresponding QEMU process in the host using crafted primary surface parameters. For the stable distribution (jessie), these problems have been fixed in version 0.12.5-1+deb8u3. Link to comment Share on other sites More sharing options...
sunrat Posted June 8, 2016 Share Posted June 8, 2016 ------------------------------------------------------------------------ The Debian Project https://www.debian.org/ Updated Debian 8: 8.5 released press@debian.org June 4th, 2016 https://www.debian.org/News/2016/20160604 ------------------------------------------------------------------------ The Debian project is pleased to announce the fifth update of its stable distribution Debian 8 (codename "jessie"). This update mainly adds corrections for security problems to the stable release, along with a few adjustments for serious problems. Security advisories were already published separately and are referenced where available. Please note that this update does not constitute a new version of Debian 8 but only updates some of the packages included. There is no need to throw away old "jessie" CDs or DVDs but only to update via an up-to-date Debian mirror after an installation, to cause any out of date packages to be updated. Those who frequently install updates from security.debian.org won't have to update many packages and most updates from security.debian.org are included in this update. New installation media and CD and DVD images containing updated packages will be available soon at the regular locations. Upgrading to this revision online is usually done by pointing the aptitude (or apt) package tool (see the sources.list(5) manual page) to one of Debian's many FTP or HTTP mirrors. A comprehensive list of mirrors is available at: https://www.debian.org/mirror/list The complete lists of packages that have changed with this revision: http://ftp.debian.org/debian/dists/jessie/ChangeLog The current stable distribution: http://ftp.debian.org/debian/dists/stable/ Proposed updates to the stable distribution: http://ftp.debian.org/debian/dists/proposed-updates stable distribution information (release notes, errata etc.): https://www.debian.org/releases/stable/ Security announcements and information: https://security.debian.org/ [188] 188: https://www.debian.org/security/ ------------------------------------------------------------------------ The Debian Project https://www.debian.org/ Updated Debian 7: 7.11 released press@debian.org June 4th, 2016 https://www.debian.org/News/2016/2016060402 ------------------------------------------------------------------------ The Debian project is pleased to announce the eleventh (and final) update of its oldstable distribution Debian 7 (codename "wheezy"). This update mainly adds corrections for security problems to the oldstable release, along with a few adjustments for serious problems. Security advisories were already published separately and are referenced where available. The packages from DSA 3548 are not included in this point release for technical reasons, as are some architectures for DSA 3547, DSA 3219, DSA 3482 and DSA 3246. All other security updates released during the lifetime of "wheezy" that have not previously been part of a point release are included in this update. Please note that this update does not constitute a new version of Debian 7 but only updates some of the packages included. There is no need to throw away old "wheezy" CDs or DVDs but only to update via an up-to-date Debian mirror after an installation, to cause any out of date packages to be updated. Those who frequently install updates from security.debian.org won't have to update many packages and most updates from security.debian.org are included in this update. New installation media and CD and DVD images containing updated packages will be available soon at the regular locations. Upgrading to this revision online is usually done by pointing the aptitude (or apt) package tool (see the sources.list(5) manual page) to one of Debian's many FTP or HTTP mirrors. A comprehensive list of mirrors is available at: https://www.debian.org/mirror/list The complete lists of packages that have changed with this revision: http://ftp.debian.org/debian/dists/wheezy/ChangeLog The current oldstable distribution: http://ftp.debian.org/debian/dists/oldstable/ Proposed updates to the oldstable distribution: http://ftp.debian.org/debian/dists/oldstable-proposed-updates oldstable distribution information (release notes, errata etc.): https://www.debian.org/releases/oldstable/ Security announcements and information: https://security.debian.org/ [127] 127: https://www.debian.org/security/ Link to comment Share on other sites More sharing options...
sunrat Posted June 8, 2016 Share Posted June 8, 2016 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3597-1 security@debian.org https://www.debian.org/security/ Luciano Bello June 07, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : expat CVE ID : CVE-2012-6702 CVE-2016-5300 Two related issues have been discovered in Expat, a C library for parsing XML. CVE-2012-6702 It was introduced when CVE-2012-0876 was addressed. Stefan Sørensen discovered that the use of the function XML_Parse() seeds the random number generator generating repeated outputs for rand() calls. CVE-2016-5300 It is the product of an incomplete solution for CVE-2012-0876. The parser poorly seeds the random number generator allowing an attacker to cause a denial of service (CPU consumption) via an XML file with crafted identifiers. You might need to manually restart programs and services using expat libraries. For the stable distribution (jessie), these problems have been fixed in version 2.1.0-6+deb8u3. For the unstable distribution (sid), these problems have been fixed in version 2.1.1-3. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3598-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff June 07, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : vlc CVE ID : CVE-2016-5108 Patrick Coleman discovered that missing input sanitising in the ADPCM decoder of the VLC media player may result in the execution of arbitrary code if a malformed media file is opened. For the stable distribution (jessie), this problem has been fixed in version 2.2.4-1~deb8u1. For the unstable distribution (sid), this problem has been fixed in version 2.2.4-1. Link to comment Share on other sites More sharing options...
sunrat Posted June 10, 2016 Share Posted June 10, 2016 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3599-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso June 09, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : p7zip CVE ID : CVE-2016-2335 Debian Bug : 824160 Marcin 'Icewall' Noga of Cisco Talos discovered an out-of-bound read vulnerability in the CInArchive::ReadFileItem method in p7zip, a 7zr file archiver with high compression ratio. A remote attacker can take advantage of this flaw to cause a denial-of-service or, potentially the execution of arbitrary code with the privileges of the user running p7zip, if a specially crafted UDF file is processed. For the stable distribution (jessie), this problem has been fixed in version 9.20.1~dfsg.1-4.1+deb8u2. For the testing distribution (stretch), this problem has been fixed in version 15.14.1+dfsg-2. For the unstable distribution (sid), this problem has been fixed in version 15.14.1+dfsg-2. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3600-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff June 09, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : firefox-esr CVE ID : CVE-2016-2818 CVE-2016-2819 CVE-2016-2821 CVE-2016-2822 CVE-2016-2828 CVE-2016-2831 Multiple security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, buffer overflows and other implementation errors may lead to the execution of arbitrary code or spoofing. Wait, Firefox? No more references to Iceweasel? That's right, Debian no longer applies a custom branding. Please see these links for further information: https://glandium.org/blog/?p=3622 https://en.wikipedia.org/wiki/Mozilla_software_rebranded_by_Debian Debian follows the extended support releases (ESR) of Firefox. Support for the 38.x series has ended, so starting with this update we're now following the 45.x releases and this update to the next ESR is also the point where we reapply the original branding. Transition packages for the iceweasel packages are provided which automatically upgrade to the new version. Since new binary packages need to be installed, make sure to allow that in your upgrade procedure (e.g. by using "apt-get dist-upgrade" instead of "apt-get upgrade"). For the stable distribution (jessie), these problems have been fixed in version 45.2.0esr-1~deb8u1. For the unstable distribution (sid), these problems have been fixed in version 45.2.0esr-1. Link to comment Share on other sites More sharing options...
sunrat Posted June 13, 2016 Share Posted June 13, 2016 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3601-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff June 13, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : icedove CVE ID : CVE-2016-2806 Multiple security issues have been found in Icedove, Debian's version of the Mozilla Thunderbird mail client: Multiple memory safety errors may lead to the execution of arbitrary code or denial of service. Debian follows the extended support releases (ESR) of Thunderbird. Support for the 38.x series has ended, so starting with this update we're now following the 45.x releases. For the stable distribution (jessie), this problem has been fixed in version 1:45.1.0-1~deb8u1. For the testing distribution (stretch), this problem has been fixed in version 1:45.1.0-1. For the unstable distribution (sid), this problem has been fixed in version 1:45.1.0-1. Link to comment Share on other sites More sharing options...
sunrat Posted June 14, 2016 Share Posted June 14, 2016 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3602-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso June 14, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : php5 CVE ID : CVE-2013-7456 CVE-2016-3074 CVE-2016-4537 CVE-2016-4538 CVE-2016-4539 CVE-2016-4540 CVE-2016-4541 CVE-2016-4542 CVE-2016-4543 CVE-2016-4544 CVE-2016-5093 CVE-2016-5094 CVE-2016-5095 CVE-2016-5096 Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development. The vulnerabilities are addressed by upgrading PHP to the new upstream version 5.6.22, which includes additional bug fixes. Please refer to the upstream changelog for more information: https://php.net/ChangeLog-5.php#5.6.21 https://php.net/ChangeLog-5.php#5.6.22 For the stable distribution (jessie), these problems have been fixed in version 5.6.22+dfsg-0+deb8u1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3603-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff June 14, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libav CVE ID : CVE-2016-3062 Several security issues have been corrected in multiple demuxers and decoders of the libav multimedia library. A full list of the changes is available at https://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v11.7 For the stable distribution (jessie), this problem has been fixed in version 6:11.7-1~deb8u1. Link to comment Share on other sites More sharing options...
sunrat Posted June 16, 2016 Share Posted June 16, 2016 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3604-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff June 16, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : drupal7 CVE ID : not yet available A privilege escalation vulnerability has been found in the User module of the Drupal content management framework. For additional information, please refer to the upstream advisory at https://www.drupal.org/SA-CORE-2016-002 For the stable distribution (jessie), this problem has been fixed in version 7.32-1+deb8u7. For the unstable distribution (sid), this problem has been fixed in version 7.44-1. Link to comment Share on other sites More sharing options...
sunrat Posted June 19, 2016 Share Posted June 19, 2016 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3605-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso June 19, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libxslt CVE ID : CVE-2015-7995 CVE-2016-1683 CVE-2016-1684 Debian Bug : 802971 Several vulnerabilities were discovered in libxslt, an XSLT processing runtime library, which could lead to information disclosure or denial-of-service (application crash) against an application using the libxslt library. For the stable distribution (jessie), these problems have been fixed in version 1.1.28-2+deb8u1. Link to comment Share on other sites More sharing options...
sunrat Posted June 25, 2016 Share Posted June 25, 2016 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3606-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff June 24, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libpdfbox-java CVE ID : CVE-2016-2175 It was discovered that pdfbox, a PDF library for Java, was susceptible to XML External Entity attacks. For the stable distribution (jessie), this problem has been fixed in version 1:1.8.7+dfsg-1+deb8u1. For the testing distribution (stretch), this problem has been fixed in version 1:1.8.12-1. For the unstable distribution (sid), this problem has been fixed in version 1:1.8.12-1. Link to comment Share on other sites More sharing options...
sunrat Posted June 28, 2016 Share Posted June 28, 2016 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3607-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso June 28, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : linux CVE ID : CVE-2015-7515 CVE-2016-0821 CVE-2016-1237 CVE-2016-1583 CVE-2016-2117 CVE-2016-2143 CVE-2016-2184 CVE-2016-2185 CVE-2016-2186 CVE-2016-2187 CVE-2016-3070 CVE-2016-3134 CVE-2016-3136 CVE-2016-3137 CVE-2016-3138 CVE-2016-3140 CVE-2016-3156 CVE-2016-3157 CVE-2016-3672 CVE-2016-3951 CVE-2016-3955 CVE-2016-3961 CVE-2016-4470 CVE-2016-4482 CVE-2016-4485 CVE-2016-4486 CVE-2016-4565 CVE-2016-4569 CVE-2016-4578 CVE-2016-4580 CVE-2016-4581 CVE-2016-4805 CVE-2016-4913 CVE-2016-4997 CVE-2016-4998 CVE-2016-5243 CVE-2016-5244 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2015-7515, CVE-2016-2184, CVE-2016-2185, CVE-2016-2186, CVE-2016-2187, CVE-2016-3136, CVE-2016-3137, CVE-2016-3138, CVE-2016-3140 Ralf Spenneberg of OpenSource Security reported that various USB drivers do not sufficiently validate USB descriptors. This allowed a physically present user with a specially designed USB device to cause a denial of service (crash). CVE-2016-0821 Solar Designer noted that the list 'poisoning' feature, intended to mitigate the effects of bugs in list manipulation in the kernel, used poison values within the range of virtual addresses that can be allocated by user processes. CVE-2016-1237 David Sinquin discovered that nfsd does not check permissions when setting ACLs, allowing users to grant themselves permissions to a file by setting the ACL. CVE-2016-1583 Jann Horn of Google Project Zero reported that the eCryptfs filesystem could be used together with the proc filesystem to cause a kernel stack overflow. If the ecryptfs-utils package is installed, local users could exploit this, via the mount.ecryptfs_private program, for denial of service (crash) or possibly for privilege escalation. CVE-2016-2117 Justin Yackoski of Cryptonite discovered that the Atheros L2 ethernet driver incorrectly enables scatter/gather I/O. A remote attacker could take advantage of this flaw to obtain potentially sensitive information from kernel memory. CVE-2016-2143 Marcin Koscielnicki discovered that the fork implementation in the Linux kernel on s390 platforms mishandles the case of four page-table levels, which allows local users to cause a denial of service (system crash). CVE-2016-3070 Jan Stancek of Red Hat discovered a local denial of service vulnerability in AIO handling. CVE-2016-3134 The Google Project Zero team found that the netfilter subsystem does not sufficiently validate filter table entries. A user with the CAP_NET_ADMIN capability could use this for denial of service (crash) or possibly for privilege escalation. Debian disables unprivileged user namespaces by default, if locally enabled with the kernel.unprivileged_userns_clone sysctl, this allows privilege escalation. CVE-2016-3156 Solar Designer discovered that the IPv4 implementation in the Linux kernel did not perform the destruction of inet device objects properly. An attacker in a guest OS could use this to cause a denial of service (networking outage) in the host OS. CVE-2016-3157 / XSA-171 Andy Lutomirski discovered that the x86_64 (amd64) task switching implementation did not correctly update the I/O permission level when running as a Xen paravirtual (PV) guest. In some configurations this would allow local users to cause a denial of service (crash) or to escalate their privileges within the guest. CVE-2016-3672 Hector Marco and Ismael Ripoll noted that it was possible to disable Address Space Layout Randomisation (ASLR) for x86_32 (i386) programs by removing the stack resource limit. This made it easier for local users to exploit security flaws in programs that have the setuid or setgid flag set. CVE-2016-3951 It was discovered that the cdc_ncm driver would free memory prematurely if certain errors occurred during its initialisation. This allowed a physically present user with a specially designed USB device to cause a denial of service (crash) or possibly to escalate their privileges. CVE-2016-3955 Ignat Korchagin reported that the usbip subsystem did not check the length of data received for a USB buffer. This allowed denial of service (crash) or privilege escalation on a system configured as a usbip client, by the usbip server or by an attacker able to impersonate it over the network. A system configured as a usbip server might be similarly vulnerable to physically present users. CVE-2016-3961 / XSA-174 Vitaly Kuznetsov of Red Hat discovered that Linux allowed the use of hugetlbfs on x86 (i386 and amd64) systems even when running as a Xen paravirtualised (PV) guest, although Xen does not support huge pages. This allowed users with access to /dev/hugepages to cause a denial of service (crash) in the guest. CVE-2016-4470 David Howells of Red Hat discovered that a local user can trigger a flaw in the Linux kernel's handling of key lookups in the keychain subsystem, leading to a denial of service (crash) or possibly to privilege escalation. CVE-2016-4482, CVE-2016-4485, CVE-2016-4486, CVE-2016-4569, CVE-2016-4578, CVE-2016-4580, CVE-2016-5243, CVE-2016-5244 Kangjie Lu reported that the USB devio, llc, rtnetlink, ALSA timer, x25, tipc, and rds facilities leaked information from the kernel stack. CVE-2016-4565 Jann Horn of Google Project Zero reported that various components in the InfiniBand stack implemented unusual semantics for the write() operation. On a system with InfiniBand drivers loaded, local users could use this for denial of service or privilege escalation. CVE-2016-4581 Tycho Andersen discovered that in some situations the Linux kernel did not handle propagated mounts correctly. A local user can take advantage of this flaw to cause a denial of service (system crash). CVE-2016-4805 Baozeng Ding discovered a use-after-free in the generic PPP layer in the Linux kernel. A local user can take advantage of this flaw to cause a denial of service (system crash), or potentially escalate their privileges. CVE-2016-4913 Al Viro found that the ISO9660 filesystem implementation did not correctly count the length of certain invalid name entries. Reading a directory containing such name entries would leak information from kernel memory. Users permitted to mount disks or disk images could use this to obtain sensitive information. CVE-2016-4997 / CVE-2016-4998 Jesse Hertz and Tim Newsham discovered that missing input sanitising in Netfilter socket handling may result in denial of service. Debian disables unprivileged user namespaces by default, if locally enabled with the kernel.unprivileged_userns_clone sysctl, this also allows privilege escalation. For the stable distribution (jessie), these problems have been fixed in version 3.16.7-ckt25-2+deb8u2. Link to comment Share on other sites More sharing options...
sunrat Posted June 30, 2016 Share Posted June 30, 2016 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3608-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff June 29, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libreoffice CVE ID : CVE-2016-4324 Aleksandar Nikolic discovered that missing input sanitising in the RTF parser in Libreoffice may result in the execution of arbitrary code if a malformed documented is opened. For the stable distribution (jessie), this problem has been fixed in version 1:4.3.3-2+deb8u5. For the testing distribution (stretch), this problem has been fixed in version 1:5.1.4~rc1-1. For the unstable distribution (sid), this problem has been fixed in version 1:5.1.4~rc1-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3609-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff June 29, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : tomcat8 CVE ID : CVE-2015-5174 CVE-2015-5345 CVE-2015-5346 CVE-2015-5351 CVE-2016-0706 CVE-2016-0714 CVE-2016-0763 CVE-2016-3092 Multiple security vulnerabilities have been discovered in the Tomcat servlet and JSP engine, which may result in information disclosure, the bypass of CSRF protections, bypass of the SecurityManager or denial of service. For the stable distribution (jessie), these problems have been fixed in version 8.0.14-1+deb8u2. For the unstable distribution (sid), these problems have been fixed in version 8.0.36-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3610-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso June 29, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : xerces-c CVE ID : CVE-2016-4463 Debian Bug : 828990 Brandon Perry discovered that xerces-c, a validating XML parser library for C++, fails to successfully parse a DTD that is deeply nested, causing a stack overflow. A remote unauthenticated attacker can take advantage of this flaw to cause a denial of service against applications using the xerces-c library. Additionally this update includes an enhancement to enable applications to fully disable DTD processing through the use of an environment variable (XERCES_DISABLE_DTD). For the stable distribution (jessie), this problem has been fixed in version 3.1.1-5.1+deb8u3. Link to comment Share on other sites More sharing options...
sunrat Posted July 1, 2016 Share Posted July 1, 2016 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3611-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso June 30, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libcommons-fileupload-java CVE ID : CVE-2016-3092 The TERASOLUNA Framework Development Team discovered a denial of service vulnerability in Apache Commons FileUpload, a package to make it easy to add robust, high-performance, file upload capability to servlets and web applications. A remote attacker can take advantage of this flaw by sending file upload requests that cause the HTTP server using the Apache Commons Fileupload library to become unresponsive, preventing the server from servicing other requests. For the stable distribution (jessie), this problem has been fixed in version 1.3.1-1+deb8u1. For the testing distribution (stretch), this problem has been fixed in version 1.3.2-1. For the unstable distribution (sid), this problem has been fixed in version 1.3.2-1. Link to comment Share on other sites More sharing options...
Recommended Posts