Debian 9844 Published by

The following updates has been released for Debian:

[DLA 726-1] libdatetime-timezone-perl new upstream version
[DLA 727-1] gst-plugins-good0.10 security update
[DSA 3727-1] hdf5 security update



[DLA 726-1] libdatetime-timezone-perl new upstream version

Package : libdatetime-timezone-perl
Version : 1:1.58-1+2016j

This update includes the changes in tzdata 2016j for the
Perl bindings. For the list of changes, see DLA-725-1.

For Debian 7 "Wheezy", these problems have been fixed in version
1:1.58-1+2016j.

We recommend that you upgrade your libdatetime-timezone-perl packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

[DLA 727-1] gst-plugins-good0.10 security update

Package : gst-plugins-good0.10
Version : 0.10.31-3+nmu1+deb7u1
CVE ID : CVE-2016-9634 CVE-2016-9635 CVE-2016-9636

Chris Evans discovered that the GStreamer 0.10 plugin used to decode
files in the FLIC format allowed execution of arbitrary code. Further
details can be found in his advisory at
https://scarybeastsecurity.blogspot.de/2016/11/0day-exploit-advancing-exploitati
on.html

This update removes the insecure FLIC file format plugin.

For Debian 7 "Wheezy", these problems have been fixed in version
0.10.31-3+nmu1+deb7u1.

We recommend that you upgrade your gst-plugins-good0.10 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

[DSA 3727-1] hdf5 security update

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3727-1 security@debian.org
https://www.debian.org/security/ Sebastien Delafond
November 30, 2016 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : hdf5
CVE ID : CVE-2016-4330 CVE-2016-4331 CVE-2016-4332 CVE-2016-4333
Debian Bug : 845301

Cisco Talos discovered that hdf5, a file format and library for
storing scientific data, contained several vulnerabilities that could
lead to arbitrary code execution when handling untrusted data.

For the stable distribution (jessie), these problems have been fixed in
version 1.8.13+docs-15+deb8u1.

For the testing distribution (stretch) and unstable distribution
(sid), these problems have been fixed in version 1.10.0-patch1+docs-1.

We recommend that you upgrade your hdf5 packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/