Debian 10158 Published by

The following updates has been released for Debian:

[DLA 819-1] mysql-5.5 security update
[DLA 820-1] viewvc security update
[DSA 3784-1] viewvc security update
[DSA 3785-1] jasper security update



[DLA 819-1] mysql-5.5 security update

Package : mysql-5.5
Version : 5.5.47-0+deb7u2
CVE ID :
Debian Bug : #854713


It has been found that the C client library for MySQL
(libmysqlclient.so) has use-after-free vulnerability which
can cause crash of applications using that MySQL client.

For Debian 7 "Wheezy", these problems have been fixed in version
5.5.47-0+deb7u2.

We recommend that you upgrade your mysql-5.5 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

[DLA 820-1] viewvc security update

Package : viewvc
Version : 1.1.5-1.4+deb7u1
CVE ID : CVE-2017-5938
Debian Bug : 854681

Thomas Gerbet discovered that viewvc, a web interface for CVS and
Subversion repositories, did not properly sanitize user input. This
issue resulted in a potential Cross-Site Scripting vulnerability.

For Debian 7 "Wheezy", these problems have been fixed in version
1.1.5-1.4+deb7u1.

We recommend that you upgrade your viewvc packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

[DSA 3784-1] viewvc security update

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3784-1 security@debian.org
https://www.debian.org/security/ Sebastien Delafond
February 09, 2017 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : viewvc
CVE ID : CVE-2017-5938
Debian Bug : 854681

Thomas Gerbet discovered that viewvc, a web interface for CVS and
Subversion repositories, did not properly sanitize user input. This
problem resulted in a potential Cross-Site Scripting vulnerability.

For the stable distribution (jessie), this problem has been fixed in
version 1.1.22-1+deb8u1.

For the unstable distribution (sid), this problem has been fixed in
version 1.1.26-1.

We recommend that you upgrade your viewvc packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

[DSA 3785-1] jasper security update

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3785-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
February 09, 2017 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : jasper
CVE ID : CVE-2016-1867 CVE-2016-8654 CVE-2016-8691 CVE-2016-8692
CVE-2016-8693 CVE-2016-8882 CVE-2016-9560

Multiple vulnerabilities have been discovered in the JasPer library
for processing JPEG-2000 images, which may result in denial of service
or the execution of arbitrary code if a malformed image is processed.

For the stable distribution (jessie), these problems have been fixed in
version 1.900.1-debian1-2.4+deb8u2.

We recommend that you upgrade your jasper packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/