Re: [SECURITY] [DSA 3027-1] libav security update

To: debian-security@lists.debian.org
Subject: Re: [SECURITY] [DSA 3027-1] libav security update
From: Bruce Eason <beason@techduck.ca>
Date: Wed, 17 Sep 2014 17:30:55 -0600
Message-id: <[🔎] 20140917233055.GC3036@techduck.ca>
In-reply-to: <20140917195513.GB5735@pisco.westfalen.local> <20140917195431.GA5735@pisco.westfalen.local>

YIKES!! 

can i help?



On Wed, Sep 17, 2014 at 09:54:32PM +0200, Moritz Muehlenhoff wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> - -------------------------------------------------------------------------
> Debian Security Advisory DSA-3027-1                   security@debian.org
> http://www.debian.org/security/                        Moritz Muehlenhoff
> September 17, 2014                     http://www.debian.org/security/faq
> - -------------------------------------------------------------------------
> 
> Package        : libav
> CVE ID         : CVE-2013-7020
> 
> Several security issues have been corrected in multiple demuxers and 
> decoders of the libav multimedia library. A full list of the changes is 
> available at 
> http://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v0.8.15
> 
> For the stable distribution (wheezy), this problem has been fixed in
> version 6:0.8.16-1.
> 
> For the testing distribution (jessie), this problem has been fixed in
> version 6:11~alpha2-1.
> 
> For the unstable distribution (sid), this problem has been fixed in
> version 6:11~alpha2-1.
> 
> We recommend that you upgrade your libav packages.
> 
> Further information about Debian Security Advisories, how to apply
> these updates to your system and frequently asked questions can be
> found at: https://www.debian.org/security/
> 
> Mailing list: debian-security-announce@lists.debian.org
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
> 
> iQIcBAEBAgAGBQJUGeY1AAoJEBDCk7bDfE42YcgQALMeKRyCTYFGUw1Wa1THDwAc
> dCDJIFUreGuZZotF0zXryFTmtaE0VoGE1shwNkjYgJI4EM/RRAejE55UQadj4Kw0
> kQW17ruso1IK41/rIjZUBNGK2PGq8oX/nJ8qIAw+VS6wDUKDyaFi/sKiWHdOnnKx
> gUirXM2WrkCHz88Z0v5R+Xd1wrp6TvwPDuqdUsRAPybNpauqdf0tbazfjC6cctsT
> WOAcskXaXwUnUJeU+fWCq2HA1I10ldJsV2TeVrPXkMk6JJwiT7kKmNS7V8VpS48v
> KZm4tNIlZu/OhpyouxZuvujCIHyb/1S2sJKuPp5VOegXQPn68usptoJguOPJL+xo
> nEZbt37KCBn6PZvIazTpUGbpCASx9T/1ynWsNyQYFGT9/zJsYnL1E6h/0FXxAXqr
> lmG5jgPdm0XRCclfHAnNXcBfrmPIsUkRdgZOiTJSWQmAq28tNiKoZwfT1eM2piRj
> Dye6/3LK7+w0dNJi2uLIAYE+KpgXFBAgqwDCH5odhFdjTbXbBof9BDmtpc/ybf9Z
> TQoZ5AUI04DPjNhw2nhWI7fgRCoO/BqsMzcarwXSumGT6KH7TH78LSY4c/66jdm6
> MbcjipXChpCduwIH2ovUZq/p9qW4N6r9j+mqqTvowVlDt2yv0M6I09Ucjqble6HN
> jdpExqiFJvtG4sKqb02d
> =+a8r
> -----END PGP SIGNATURE-----
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> Archive: https://lists.debian.org/20140917195431.GA5735@pisco.westfalen.local
> 

On Wed, Sep 17, 2014 at 09:55:13PM +0200, Moritz Muehlenhoff wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> - -------------------------------------------------------------------------
> Debian Security Advisory DSA-3028-1                   security@debian.org
> http://www.debian.org/security/                        Moritz Muehlenhoff
> September 17, 2014                     http://www.debian.org/security/faq
> - -------------------------------------------------------------------------
> 
> Package        : icedove
> CVE ID         : CVE-2014-1562 CVE-2014-1567
> 
> Multiple security issues have been found in Icedove, Debian's version of
> the Mozilla Thunderbird mail and news client: Multiple memory safety 
> errors and use-after-frees may lead to the execution of arbitrary code 
> or denial of service.
> 
> For the stable distribution (wheezy), these problems have been fixed in
> version 24.8.0-1~deb7u1.
> 
> For the unstable distribution (sid), these problems will be fixed soon.
> 
> We recommend that you upgrade your icedove packages.
> 
> Further information about Debian Security Advisories, how to apply
> these updates to your system and frequently asked questions can be
> found at: https://www.debian.org/security/
> 
> Mailing list: debian-security-announce@lists.debian.org
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
> 
> iQIcBAEBAgAGBQJUGeY8AAoJEBDCk7bDfE42pqkP/ibbHZLP+85KXD+UNbWs4JM9
> t8BvPYnWGmFQwBT4pUD0uj6LgHyf/wHOHeatiBej5wP3GRLfkRpBfItNa8ujy+V6
> lhA1p1+sCTt8UlSOWRidoh1m0cnG7PZM3zFi2fsdparZuCYMM9wDOd206cOOGdoe
> Thl50ohEK1PSFgcRvRx9AJF5kwcEp8tieyxHqzTB7yAIATkAGa812+9G9QIpARrH
> iSgOW85X3nMIAQanDKbcXikFc6EgneMyJcqMtha24s3R3jut/q4ez25efKvTVM+g
> 0mZr+euJXYlWL+Rd1uiCePV0lDtaAkKTyNy1oIn5mHzVQ/KKkUkXGn6y+veE8Rdf
> ICjSx/sVRNLD634tLFgSS34W1CL6cVeMFNZTvuxplIIBE1RmTO4QStK6lnvqcNnB
> PIZL/k1NV4KWIcnk+Go9dF56vHENezB7b6AlE1vc8cwiYKnH3Ia68EKp6Lbwadu9
> H/fPIZq/27oeIxo8N3KHsBcfnRHlxtCe5t29gtFaeuCpsmQe8QyUorKiqyMGjTwv
> O1U3gwaXco76+dc1YhS6sMS6pn4Nqqg21OnrS5dGD3FCeXANBbmT5/DrSE8m4B7O
> 7bovLnSw3pQ61kc03timyIUSfkvVzLiNFORjkDJF1+44XykxllrmsENvlzwLTIoz
> boWFmcGexJk0LC1//hje
> =j5WK
> -----END PGP SIGNATURE-----
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> Archive: https://lists.debian.org/20140917195513.GB5735@pisco.westfalen.local
>

Reply to:

Follow-Ups:
- Re: [SECURITY] [DSA 3027-1] libav security update
  - From: Paul Wise <pabs@debian.org>

Prev by Date: Re: Checking for services to be restarted on a default Debian installation
Next by Date: Re: [SECURITY] [DSA 3027-1] libav security update
Previous by thread: Re: [SECURITY] [DSA 3021-1] file security update
Next by thread: Re: [SECURITY] [DSA 3027-1] libav security update
Index(es):
- Date
- Thread