apticron report [Wed, 08 Apr 2015 16:44:06 +0000] ======================================================================== apticron has detected that some packages need upgrading on: baldrick [ 138.231.142.239 2a01:240:fe3d:4:62:61ff:fe6c:6401 138.231.142.239 ] [ 2a01:240:fe3d:4:62:61ff:fe6c:6401 ] The following packages are currently pending an upgrade: libgd2-xpm 2.0.36~rc1~dfsg-6.1+deb7u1 libxml2 2.8.0+dfsg1-7+wheezy4 ======================================================================== Package Details: Lecture des fichiers de modifications (« changelog »)... --- Modifications pour libgd2 (libgd2-xpm) --- libgd2 (2.0.36~rc1~dfsg-6.1+deb7u1) wheezy-security; urgency=high * Fix NULL pointer dereference when reading XPM files with a crafted color table as per CVE-2014-2497 (Closes: #744719) * Fix buffer read overflow when reading invalid GIF files as per CVE-2014-9709 -- Alessandro Ghedini <ghedo(a)debian.org> Wed, 01 Apr 2015 15:50:38 +0200 --- Modifications pour libxml2 --- libxml2 (2.8.0+dfsg1-7+wheezy4) wheezy-security; urgency=high * Non-maintainer upload by the Security Team. * Add missing required patches for CVE-2014-3660. The two upstream commits a3f1e3e5712257fd279917a9158278534e8f4b72 and cff2546f13503ac028e4c1f63c7b6d85f2f2d777 are required in addition to the commit be2a7edaf289c5da74a4f9ed3a0b6c733e775230 to fix CVE-2014-3660 due to changes in the use of ent->checked. Fixes "libxml2: CVE-2014-3660 patch makes installation-guide FTBFS". (Closes: #774358) * Refresh cve-2014-3660.patch patch * Refresh cve-2014-3660-bis.patch patch -- Salvatore Bonaccorso <carnil(a)debian.org> Sat, 04 Apr 2015 11:01:18 +0200 ======================================================================== You can perform the upgrade by issuing the command: apt-get dist-upgrade as root on baldrick -- apticron