Debian 10166 Published by

The following updates has been released for Debian:

[DLA 905-1] ghostscript security update
[DSA 3832-1] icedove security update



[DLA 905-1] ghostscript security update

Package : ghostscript
Version : 9.05~dfsg-6.3+deb7u5
CVE ID : CVE-2016-10219 CVE-2016-10220 CVE-2017-5951

ghostscript is vulnerable to multiple issues that can lead
to denial of service when processing untrusted content.

CVE-2016-10219

Application crash with division by 0 in scan conversion code triggered
through crafted content.

CVE-2016-10220

Application crash with a segfault in gx_device_finalize() triggered
through crafted content.

CVE-2017-5951

Application crash with a segfault in ref_stack_index() triggered
through crafted content.

For Debian 7 "Wheezy", these problems have been fixed in version
9.05~dfsg-6.3+deb7u5.

We recommend that you upgrade your ghostscript packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

[DSA 3832-1] icedove security update

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3832-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
April 20, 2017 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : icedove
CVE ID : CVE-2017-5373 CVE-2017-5375 CVE-2017-5376 CVE-2017-5378
CVE-2017-5380 CVE-2017-5383 CVE-2017-5390 CVE-2017-5396
CVE-2017-5398 CVE-2017-5400 CVE-2017-5401 CVE-2017-5402
CVE-2017-5404 CVE-2017-5405 CVE-2017-5407 CVE-2017-5408
CVE-2017-5410

Multiple security issues have been found in Thunderbird, which may may
lead to the execution of arbitrary code or information leaks.

With this update, the Icedove packages are de-branded back to the official
Mozilla branding. With the removing of the Debian branding the packages
are also renamed back to the official names used by Mozilla.

The Thunderbird package is using a different default profile folder,
the default profile folder is now '$(HOME)/.thunderbird'.
The users profile folder, that was used in Icedove, will get migrated
to the new profile folder on the first start, that can take a little bit
more time.

Please read README.Debian for getting more information about the
changes.

For the stable distribution (jessie), these problems have been fixed in
version 1:45.8.0-3~deb8u1.

We recommend that you upgrade your icedove packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/