Security support for the chromium web browser is now discontinued
for the stable distribution (wheezy). Chromium upstream stopped
supporting wheezy’s build environment (gcc 4.7, make, etc.), so
there is no longer any practical way to continue building security
updates.
Category Archives: Debian
Debian Security Advisories
DSA-3147 openjdk-6 – security update
Several vulnerabilities have been discovered in OpenJDK, an
implementation of the Oracle Java platform, resulting in the execution
of arbitrary code, information disclosure or denial of service.
DSA-3146 requests – security update
Jakub Wilk discovered that in requests, an HTTP library for the Python
language, authentication information was improperly handled when a
redirect occured. This would allow remote servers to obtain two
different types of sensitive information: proxy passwords from the
Proxy-Authorization header
(CVE-2014-1830), or netrc passwords from the Authorization header
(CVE-2014-1829).
DSA-3145 privoxy – security update
Multiple vulnerabilities were discovered in Privoxy, a privacy enhancing
HTTP proxy, which might result in denial of service.
DSA-3144 openjdk-7 – security update
Several vulnerabilities have been discovered in OpenJDK, an
implementation of the Oracle Java platform, resulting in the execution
of arbitrary code, information disclosure or denial of service.
DSA-3143 virtualbox – security update
Two vulnerabilities have been discovered in VirtualBox, a x86
virtualisation solution, which might result in denial of service.
DSA-3142 eglibc – security update
Several vulnerabilities have been fixed in eglibc, Debian’s version of
the GNU C library:
DSA-3141 wireshark – security update
Multiple vulnerabilities were discovered in the dissectors/parsers for
SSL/TLS and DEC DNA, which could result in denial of service.
DSA-3140 xen – security update
Multiple security issues have been discovered in the Xen virtualisation
solution which may result in denial of service, information disclosure
or privilege escalation.
DSA-3138 jasper – security update
An off-by-one flaw, leading to a heap-based buffer overflow
(CVE-2014-8157), and an unrestricted stack memory use flaw
(CVE-2014-8158) were found in JasPer, a library for manipulating
JPEG-2000 files. A specially crafted file could cause an application
using JasPer to crash or, possibly, execute arbitrary code.