Debian 9843 Published by

The following two updates has been released by Freexian for Debian GNU/Linux 7 Extended LTS:

ELA-1-1 git security update
Etienne Stalmans discovered that git, a fast, scalable, distributed revision control system, is prone to an arbitrary code execution vulnerability exploitable via specially crafted submodule names in a .gitmodules file.

ELA-2-1 openjdk-7 security update
Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in denial of service, sandbox bypass, execution of arbitrary code or bypass of JAR signature validation.

To enable Extended LTS on your Debian GNU/Linux 7 installation, visit this page: How to use Extended LTS



ELA-1-1 git security update

Package git
Version 1:1.7.10.4-1+wheezy7
Related CVE CVE-2018-11235
Etienne Stalmans discovered that git, a fast, scalable, distributed revision control system, is prone to an arbitrary code execution vulnerability exploitable via specially crafted submodule names in a .gitmodules file.

For Debian 7 Wheezy, these problems have been fixed in version 1:1.7.10.4-1+wheezy7.

We recommend that you upgrade your git packages.

ELA-2-1 openjdk-7 security update

Package openjdk-7
Version 7u181-2.6.14-1~deb7u1
Related CVE CVE-2018-2790 CVE-2018-2794 CVE-2018-2795 CVE-2018-2796 CVE-2018-2797 CVE-2018-2798 CVE-2018-2799 CVE-2018-2800 CVE-2018-2814 CVE-2018-2815
Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in denial of service, sandbox bypass, execution of arbitrary code or bypass of JAR signature validation.

For Debian 7 Wheezy, these problems have been fixed in version 7u181-2.6.14-1~deb7u1.

We recommend that you upgrade your openjdk-7 packages.