The following two updates has been released for Debian 7 LTS:
[DLA 474-1] dosfstools security update
[DLA 475-1] python-tornado security update
[DLA 474-1] dosfstools security update
[DLA 475-1] python-tornado security update
[DLA 474-1] dosfstools security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Package : dosfstools
Version : 3.0.13-1+deb7u1
CVE IDs : CVE-2015-8872 CVE-2016-4804
It was discovered that there was an invalid memory and heap overflow
vulnerability in dosfstools, a collection of utilities for making and
checking MS-DOS FAT filesystems.
For Debian 7 "Wheezy", this issue has been fixed in dosfstools version
3.0.13-1+deb7u1.
We recommend that you upgrade your dosfstools packages.
[DLA 475-1] python-tornado security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Package : python-tornado
Version : 2.3-2+deb7u1
CVE ID : CVE-2014-9720
It was discovered that python-tornado, a Python web framework and
asynchronous networking library, was susceptible for the BREACH attack.
The XSRF token is now encoded with a random mask on each request. This
makes it safe to include in compressed pages without being vulnerable.
For Debian 7 "Wheezy", these problems have been fixed in version
2.3-2+deb7u1.
We recommend that you upgrade your python-tornado packages.
