[Monitoring] 2 Debian package update(s) for quigon.federez.net

apticron report [Tue, 07 Apr 2015 17:38:13 +0200] ======================================================================== apticron has detected that some packages need upgrading on: quigon.federez.net [ 160.228.155.65 ] The following packages are currently pending an upgrade: arj 3.10.22-10+deb7u1 mailman 1:2.1.15-1+deb7u1 ======================================================================== Package Details: Lecture des fichiers de modifications (« changelog »)... --- Modifications pour arj --- arj (3.10.22-10+deb7u1) wheezy-security; urgency=high * Non-maintainer upload by the Security Team with patches from Guillem Jover * Fix buffer overflow from size under user control. This is causing free() on an invalid pointer. Fixes: CVE-2015-2782 (Closes: #774015) * Fix absolute path directory traversal. Fixes: CVE-2015-0557 (Closes: #774435) * Fix symlink directory traversal. Fixes: CVE-2015-0556 (Closes: #774434) -- Salvatore Bonaccorso <carnil(a)debian.org> Fri, 03 Apr 2015 20:21:46 +0200 --- Modifications pour mailman --- mailman (1:2.1.15-1+deb7u1) wheezy-security; urgency=high * Fix security issue: path traversal through local_part. Affects installations which use an Exim or Postfix transport instead of fixed aliases; attacker needs to be able to place files on the local filesystem. (CVE-2015-2775, Closes: 781626) -- Thijs Kinkhorst <thijs(a)debian.org> Mon, 06 Apr 2015 18:17:34 +0200 ======================================================================== You can perform the upgrade by issuing the command: apt-get dist-upgrade as root on quigon.federez.net -- apticron