[Monitoring] 12 Debian package update(s) for quigon.federez.net

apticron report [Mon, 23 Sep 2019 22:38:05 +0200] ======================================================================== apticron has detected that some packages need upgrading on: quigon.federez.net [ 160.228.155.65 ] The following packages are currently pending an upgrade: libapache2-mod-php7.0 7.0.33-0+deb9u5 libdatetime-timezone-perl 1:2.09-1+2019c libexpat1 2.2.0-2+deb9u3 libexpat1-dev 2.2.0-2+deb9u3 php7.0 7.0.33-0+deb9u5 php7.0-cli 7.0.33-0+deb9u5 php7.0-common 7.0.33-0+deb9u5 php7.0-json 7.0.33-0+deb9u5 php7.0-ldap 7.0.33-0+deb9u5 php7.0-opcache 7.0.33-0+deb9u5 php7.0-readline 7.0.33-0+deb9u5 tzdata 2019c-0+deb9u1 ======================================================================== Package Details: apt-listchanges : Lecture des fichiers de modifications (« changelog »)... apt-listchanges : journaux des modifications (« changelogs ») ------------------------------------------------------------- --- Modifications pour expat (libexpat1 libexpat1-dev) --- expat (2.2.0-2+deb9u3) stretch-security; urgency=high * Non-maintainer upload by the Security Team. * xmlparse.c: Deny internal entities closing the doctype (CVE-2019-15903) (Closes: #939394) -- Salvatore Bonaccorso <carnil(a)debian.org> Thu, 19 Sep 2019 23:43:05 +0200 --- Modifications pour libdatetime-timezone-perl --- libdatetime-timezone-perl (1:2.09-1+2019c) stretch; urgency=medium * Update to Olson database version 2019c. This update contains contemporary changes for Fiji and Norfolk Island. -- gregor herrmann <gregoa(a)debian.org> Sat, 14 Sep 2019 16:09:21 +0200 --- Modifications pour php7.0 (libapache2-mod-php7.0 php7.0 php7.0-cli php7.0-common php7.0-json php7.0-ldap php7.0-opcache php7.0-readline) --- php7.0 (7.0.33-0+deb9u5) stretch-security; urgency=medium * Backported security fixes from PHP 7.1.29: - EXIF: . Fixed bug #77950 (Heap-buffer-overflow in _estrndup via exif_process_IFD_TAG). - Mail: . Fixed bug #77821 (Potential heap corruption in TSendMail()). * Backported from 7.1.30 - EXIF: . Fixed bug #77988 (heap-buffer-overflow on php_jpg_get16). (CVE-2019-11040) - GD: . Fixed bug #77973 (Uninitialized read in gdImageCreateFromXbm). (CVE-2019-11038) - Iconv: . Fixed bug #78069 (Out-of-bounds read in iconv.c:_php_iconv_mime_decode() due to integer overflow). (CVE-2019-11039). - SQLite: . Fixed bug #77967 (Bypassing open_basedir restrictions via file uris). * Backported from 7.1.31 - EXIF: . Fixed bug #78256 (heap-buffer-overflow on exif_process_user_comment). (CVE-2019-11042) . Fixed bug #78222 (heap-buffer-overflow on exif_scan_thumbnail). (CVE-2019-11041) - Phar: . Fixed bug #77919 (Potential UAF in Phar RSHUTDOWN). - SQLite: . Upgraded to SQLite 3.28.0. * Backported from 7.1.32 - mbstring: . Fixed CVE-2019-13224 (don't allow different encodings for onig_new_deluxe) - pcre: . Fixed bug #75457 (heap use-after-free in pcrelib) -- Ondřej Surý <ondrej(a)sury.org> Wed, 18 Sep 2019 11:55:34 +0200 php7.0 (7.0.33-0+deb9u4) stretch-security; urgency=medium * Update d/watch for new php.net pages * Backported from 7.1.28 - EXIF: . (CVE-2019-11034) Fixed bug #77753 (Heap-buffer-overflow in php_ifd_get32s). . (CVE-2019-11035) Fixed bug #77831 (Heap-buffer-overflow in exif_iif_add_value). - SQLite3: . Added sqlite3.defensive INI directive. * Backported from PHP 7.1.29 - EXIF: . (CVE-2019-11036) Fixed bug #77950 (Heap-buffer-overflow in _estrndup via exif_process_IFD_TAG). - Mail: . Fixed bug #77821 (Potential heap corruption in TSendMail()). * Backported from 7.1.30 - EXIF: . (CVE-2019-11040) Fixed bug #77988 (heap-buffer-overflow on php_jpg_get16). - GD: . (CVE-2019-11038) Fixed bug #77973 (Uninitialized read in gdImageCreateFromXbm). - Iconv: . (CVE-2019-11039) Fixed bug #78069 (Out-of-bounds read in iconv.c:_php_iconv_mime_decode() due to integer overflow). - SQLite: . Fixed bug #77967 (Bypassing open_basedir restrictions via file uris). -- Ondřej Surý <ondrej(a)sury.org> Sun, 09 Jun 2019 11:25:27 +0200 --- Modifications pour tzdata --- tzdata (2019c-0+deb9u1) stretch; urgency=medium * New upstream version, affecting the following future timestamps: - Fiji's next DST transitions will be 2019-11-10 and 2020-01-12 instead of 2019-11-03 and 2020-01-19. - Norfolk Island will observe Australian-style DST starting in spring 2019. The first transition is on 2019-10-06. -- Aurelien Jarno <aurel32(a)debian.org> Wed, 18 Sep 2019 00:40:44 +0200 ======================================================================== You can perform the upgrade by issuing the command: apt-get dist-upgrade as root on quigon.federez.net -- apticron