The following two updates has been released for Debian GNU/Linux:
Debian GNU/Linux 7 Extended LTS:
ELA-125-1 glib2.0 security update
Debian GNU/Linux 8 LTS:
DLA 1812-1: doxygen security update
Debian GNU/Linux 7 Extended LTS:
ELA-125-1 glib2.0 security update
Debian GNU/Linux 8 LTS:
DLA 1812-1: doxygen security update
ELA-125-1 glib2.0 security update
Package: glib2.0
Version: 2.33.12+really2.32.4-5+deb7u1
Related CVE: CVE-2019-12450
The file_copy_fallback() function/method in gio/gfile.c in GNOME GLib did not properly restrict file permissions while a copy operation was in progress. Instead, default permissions were used. A similar issue of the need of tigher permissions was also spotted still unfixed in the keyfile settings (gio/gkeyfilesettingsbackend.c).
For Debian 7 Wheezy, these problems have been fixed in version 2.33.12+really2.32.4-5+deb7u1.
We recommend that you upgrade your glib2.0 packages.
Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/
DLA 1812-1: doxygen security update
Package : doxygen
Version : 1.8.8-5+deb8u1
CVE ID : CVE-2016-10245
Insufficient sanitization of the query parameter in search_opensearch.php
could lead to reflected cross-site scripting or iframe injection.
For Debian 8 "Jessie", this problem has been fixed in version
1.8.8-5+deb8u1.
We recommend that you upgrade your doxygen packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
