Debian 9858 Published by

The following updates has been released for Debian 7 LTS:

[DLA 512-1] mantis security update
[DLA 513-1] nspr security update



[DLA 512-1] mantis security update

Package : mantis
Version : 1.2.18-1+deb7u1
CVE ID : CVE-2016-5364

It was discovered that there was an XSS vulnerability in custom
field management in mantis, a web-based bug tracking system.

For Debian 7 "Wheezy", this issue has been fixed in mantis version
1.2.18-1+deb7u1.

We recommend that you upgrade your mantis packages.

[DLA 513-1] nspr security update

Package : nspr
Version : 2:4.9.2-1+deb7u4
CVE ID : CVE-2016-1951

It was discovered that there was a buffer overflow in a sprintf
utility within nspr, the NetScape Portable Runtime library.

For Debian 7 "Wheezy", this issue has been fixed in nspr version
2:4.9.2-1+deb7u4.

We recommend that you upgrade your nspr packages.