In debian-lan-config < 0.26, configured too permissive ACLs for the Kerberos admin server allowed password changes for other Kerberos user principals.

For Debian 8 'Jessie', this problem has been fixed in version 0.19+deb8u2.

We recommend that you upgrade your debian-lan-config packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

In phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection exists in the user accounts page. A malicious user could inject custom SQL in place of their own username when creating queries to this page. An attacker must have a valid MySQL account to access the server.

For Debian 8 'Jessie', this problem has been fixed in version 4:4.2.12-2+deb8u8.

We recommend that you upgrade your phpmyadmin packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Multiple vulnerabilities have been discovered in the Xen hypervisor, which could result in denial of service, guest-to-host privilege escalation or information leaks.

In addition this update provides mitigations for the 'TSX Asynchronous Abort'speculative side channel attack. For additional information please refer to https://xenbits.xen.org/xsa/advisory-305.html

An input sanitization bypass was discovered in Wordpress, a popular content management framework. An attacker can use this flaw to send malicious scripts to an unsuspecting user.

For Debian 8 'Jessie', this problem has been fixed in version 4.1.29+dfsg-0+deb8u1.

We recommend that you upgrade your wordpress packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Included in Log4j 1.2, a logging library for Java, is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data.

For Debian 8 'Jessie', this problem has been fixed in version 1.2.17-5+deb8u1.

We recommend that you upgrade your apache-log4j1.2 packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

It was discovered that a hook script of ldm, the display manager for the Linux Terminal Server Project incorrectly parsed responses from an SSH server which could result in local root privilege escalation.

For Debian 8 'Jessie', this issue has been fixed in ldm version 2:2.2.15-2+deb8u1.

We recommend that you upgrade your ldm packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

It was discovered that a hook script of ldm, the display manager for the Linux Terminal Server Project, incorrectly parsed responses from an SSH server, which could result in local root privilege escalation.

Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, data exfiltration or cross-site scripting.

It was found that sa-exim, the SpamAssassin filter for Exim, allows attackers to execute arbitrary code if users are allowed to run custom rules. A similar issue was fixed in spamassassin, CVE-2018-11805, which caused a functional regression in sa-exim. This update restores the compatibility between spamassassin and sa-exim. The security implications of sa-exim's greylisting function are also documented in /usr/share/doc/sa-exim/README.greylisting.gz.

For Debian 8 'Jessie', this problem has been fixed in version 4.2.1-14+deb8u1.

We recommend that you upgrade your sa-exim packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, data exfiltration or cross-site scripting.

For Debian 8 'Jessie', these problems have been fixed in version 68.4.0esr-1~deb8u1.

We recommend that you upgrade your firefox-esr packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Several vulnerabilities were discovered in Wordpress, a web blogging tool. They allowed remote attackers to perform various Cross-Side Scripting (XSS) and Cross-Site Request Forgery (CSRF) attacks, create open redirects, poison cache, and bypass authorization access and input sanitation.

Simon Charette reported that the password reset functionality in Django, a high-level Python web development framework, uses a Unicode case-insensitive query to retrieve accounts matching the email address requesting the password reset. An attacker can take advantage of this flaw to potentially retrieve password reset tokens and hijack accounts.

For details please refer to https://www.djangoproject.com/weblog/2019/dec/18/security-releases/

It was found that certain cryptographic primitives in nss, the Network Security Service libraries, did not check the length of the input text. This could result in a potential heap-based buffer overflow.

For Debian 8 'Jessie', this problem has been fixed in version 2:3.26-1+debu8u10.

We recommend that you upgrade your nss packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

It was discovered that there were three vulnerabilities in Pillow, an imaging library for the Python programming language :

  - CVE-2019-19911: Prevent a denial of service     vulnerability caused by FpxImagePlugin.py calling the     range function on an unvalidated 32-bit integer if the     number of bands is large.

  - CVE-2020-5312: PCX 'P mode' buffer overflow.

  - CVE-2020-5313: FLI buffer overflow.

For Debian 8 'Jessie', these issues have been fixed in pillow version 2.6.1-2+deb8u4.

We recommend that you upgrade your pillow packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

It was reported that Netty, a Java NIO client/server framework, is prone to a HTTP request smuggling vulnerability due to mishandling whitespace before the colon in HTTP headers.

It was discovered that there was a HTTP request smuggling vulnerability in waitress, pure-Python WSGI server.

If a proxy server is used in front of waitress, an invalid request may be sent by an attacker that bypasses the front-end and is parsed differently by waitress leading to a potential for request smuggling.

Specially crafted requests containing special whitespace characters in the Transfer-Encoding header would get parsed by Waitress as being a chunked request, but a front-end server would use the Content-Length instead as the Transfer-Encoding header is considered invalid due to containing invalid characters. If a front-end server does HTTP pipelining to a backend Waitress server this could lead to HTTP request splitting which may lead to potential cache poisoning or information disclosure.

For Debian 8 'Jessie', this issue has been fixed in waitress version 0.8.9-2+deb8u1.

We recommend that you upgrade your waitress packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

An issue has been found in igraph, a library for creating and manipulating graphs. A NULL pointer dereference vulneribility was detected in igraph_i_strdiff().

For Debian 8 'Jessie', this problem has been fixed in version 0.7.1-2+deb8u1.

We recommend that you upgrade your igraph packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Multiple buffer overflows have been fixed in jhead, a program to manipulate the non-image part of Exif compliant JPEG files.

For Debian 8 'Jessie', these problems have been fixed in version 1:2.97-1+deb8u2.

We recommend that you upgrade your jhead packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

An attacker who is logged into OTRS as an agent is able to list tickets assigned to other agents, which are in the queue where attacker doesn&rsquo;t have permissions.

For Debian 8 'Jessie', this problem has been fixed in version 3.3.18-1+deb8u12.

We recommend that you upgrade your otrs2 packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

An issues has been found in libbsd, a package containing utility functions from BSD systems.

In function fgetwln() an off-by-one error could triggers a heap buffer overflow.

For Debian 8 'Jessie', this problem has been fixed in version 0.7.0-2+deb8u1.

We recommend that you upgrade your libbsd packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update ships updated CPU microcode for some types of Intel CPUs.
In particular it provides mitigations for the TAA (TSX Asynchronous Abort) vulnerability. For affected CPUs, to fully mitigate the vulnerability it is also necessary to update the Linux kernel packages as released in DLA 1989-1.

For Debian 8 'Jessie', these problems have been fixed in version 3.20191115.2~deb8u1.

We recommend that you upgrade your intel-microcode packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Several issues were discovered in the Tomcat servlet and JSP engine, which could result in session fixation attacks, information disclosure, cross-site scripting, denial of service via resource exhaustion and insecure redirects.

It was discovered that debian-lan-config, a FAI config space for the Debian-LAN system, configured too permissive ACLs for the Kerberos admin server, which allowed password changes for other user principals.

This update provides a fixed configuration for new deployments, for existing setups, the NEWS file shipped in this update provides advice to fix the configuration.

Guido Vranken discovered an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli.

It was found that freeimage, a graphics library, was affected by the following two security issues :

  - CVE-2019-12211     Heap buffer overflow caused by invalid memcpy in     PluginTIFF. This flaw might be leveraged by remote     attackers to trigger denial of service or any other     unspecified impact via crafted TIFF data.

  - CVE-2019-12213     Stack exhaustion caused by unwanted recursion in     PluginTIFF. This flaw might be leveraged by remote     attackers to trigger denial of service via crafted TIFF     data.

It was discovered that the Title blacklist functionality in MediaWiki, a website engine for collaborative work, could by bypassed.

Several security bugs have been identified and fixed in php5, a server-side, HTML-embedded scripting language. The affected components include the exif module and handling of filenames with \0 embedded.

For Debian 8 'Jessie', these problems have been fixed in version 5.6.40+dfsg-0+deb8u8.

We recommend that you upgrade your php5 packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Multiple vulnerabilities have been found in imagemagick, an image processing toolkit.

CVE-2019-19948

Heap-buffer-overflow in WriteSGIImage (coders/sgi.c) caused by insufficient validation of row and column sizes. This vulnerability might be leveraged by remote attackers to cause denial of service or any other unspecified impact via crafted image data.

CVE-2019-19949

Heap-based buffer over-read (off-by-one) in WritePNGImage (coders/png.c) caused by missing length check prior pointer dereference. This vulnerability might be leveraged by remote attackers to cause denial of service via crafted image data.

For Debian 8 'Jessie', these problems have been fixed in version 8:6.8.9.9-5+deb8u19.

We recommend that you upgrade your imagemagick packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

It was discovered that there was a potential denial of service vulnerability in libxml2, the GNOME XML parsing library.

For Debian 8 'Jessie', this issue has been fixed in libxml2 version 2.9.1+dfsg1-5+deb8u8.

We recommend that you upgrade your libxml2 packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

An issue was discovered in libopensc/card-setcos.c in OpenSC, which has an incorrect read operation during parsing of a SETCOS file attribute.

For Debian 8 'Jessie', this problem has been fixed in version 0.16.0-3+deb8u2.

We recommend that you upgrade your opensc packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Stephan Zeisberg reported an out-of-bounds write vulnerability in the
_sasl_add_string() function in cyrus-sasl2, a library implementing the Simple Authentication and Security Layer. A remote attacker can take advantage of this issue to cause denial-of-service conditions for applications using the library.

An issue has been found in cups, the Common UNIX Printing System(tm).

An incorrect bounds check could lead to a possible out-of-bounds read and local information disclosure in the printer spooler.

For Debian 8 'Jessie', this problem has been fixed in version 1.7.5-11+deb8u7.

We recommend that you upgrade your cups packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Several vulnerabilities have recently been discovered in TightVNC 1.x, an X11 based VNC server/viewer application for Windows and Unix.

CVE-2014-6053

The rfbProcessClientNormalMessage function in rfbserver.c in TightVNC server did not properly handle attempts to send a large amount of ClientCutText data, which allowed remote attackers to cause a denial of service (memory consumption or daemon crash) via a crafted message that was processed by using a single unchecked malloc.

CVE-2018-7225

rfbProcessClientNormalMessage() in rfbserver.c did not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an integer overflow) via specially crafted VNC packets.

CVE-2019-8287

TightVNC code contained global buffer overflow in HandleCoRREBBP macro function, which could potentially have result in code execution. This attack appeared to be exploitable via network connectivity.

(aka CVE-2018-20020/libvncserver)

CVE-2018-20021

TightVNC in vncviewer/rfbproto.c contained a CWE-835: Infinite loop vulnerability. The vulnerability allowed an attacker to consume an excessive amount of resources like CPU and RAM.

CVE-2018-20022

TightVNC's vncviewer contained multiple weaknesses CWE-665: Improper Initialization vulnerability in VNC client code that allowed attackers to read stack memory and could be abused for information disclosure.
Combined with another vulnerability, it could be used to leak stack memory layout and in bypassing ASLR.

CVE-2019-15678

TightVNC code version contained heap buffer overflow in rfbServerCutText handler, which could have potentially resulted in code execution. This attack appeared to be exploitable via network connectivity.

(partially aka CVE-2018-20748/libvnvserver)

CVE-2019-15679

TightVNC's vncviewer code contained a heap buffer overflow in InitialiseRFBConnection function, which could have potentially resulted in code execution. This attack appeared to be exploitable via network connectivity.

(partially aka CVE-2018-20748/libvnvserver)

CVE-2019-15680

TightVNC's vncviewer code contained a NULL pointer dereference in HandleZlibBPP function, which could have resulted in Denial of System (DoS). This attack appeared to be exploitable via network connectivity.

CVE-2019-15681

TightVNC contained a memory leak (CWE-655) in VNC server code, which allowed an attacker to read stack memory and could have been abused for information disclosure. Combined with another vulnerability, it could have been used to leak stack memory and bypass ASLR. This attack appeared to be exploitable via network connectivity.

For Debian 8 'Jessie', these problems have been fixed in version 1.3.9-6.5+deb8u1.

We recommend that you upgrade your tightvnc packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

There has been an out-of-bounds write in Cyrus SASL leading to unauthenticated remote denial of service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash was ultimately caused by an off-by-one error in _sasl_add_string in common.c in cyrus-sasl.

For Debian 8 'Jessie', this problem has been fixed in version 2.1.26.dfsg1-13+deb8u2.

We recommend that you upgrade your cyrus-sasl2 packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

It was discovered that the lmtpd component of the Cyrus IMAP server created mailboxes with administrator privileges if the 'fileinto' was used, bypassing ACL checks.

While preparing a fix for CVE-2017-6314 an unknown symbol g_uint_checked_mul() was introduced.

For Debian 8 'Jessie', this problem has been fixed in version 2.31.1-2+deb8u9.

We recommend that you upgrade your gdk-pixbuf packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

It was discovered that debian-edu-config, a set of configuration files used for the Debian Edu blend, configured too permissive ACLs for the Kerberos admin server, which allowed password changes for other user principals.

It was discovered that there was a potential account hijack vulnerabilility in Django, the Python-based web development framework.

Django's password-reset form used a case-insensitive query to retrieve accounts matching the email address requesting the password reset.
Because this typically involves explicit or implicit case transformations, an attacker who knew the email address associated with a user account could craft an email address which is distinct from the address associated with that account, but which -- due to the behavior of Unicode case transformations -- ceases to be distinct after case transformation, or which will otherwise compare equal given database case-transformation or collation behavior. In such a situation, the attacker can receive a valid password-reset token for the user account.

To resolve this, two changes were made in Django :

  - After retrieving a list of potentially-matching accounts     from the database, Django's password reset functionality     now also checks the email address for equivalence in     Python, using the recommended identifier-comparison     process from Unicode Technical Report 36, section     2.11.2(B)(2).

  - When generating password-reset emails, Django now sends     to the email address retrieved from the database, rather     than the email address submitted in the password-reset     request form.

For more information, please see :

https://www.djangoproject.com/weblog/2019/dec/18/security-releases/

For Debian 8 'Jessie', this issue has been fixed in python-django version 1.7.11-1+deb8u8.

We recommend that you upgrade your python-django packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

It was discovered that debian-edu-config, the package containing the configuration files and scripts for Debian Edu (Skolelinux), contained an insecure configuration for kadmin, the Kerberos administration server. The insecure configuration allowed every user to change other users' passwords, thus impersonating them and possibly gaining their privileges.

The bug was not exposed in the officially documented user management frontends of Debian Edu, but could be abused by local network users knowing how to use the Kerberos backend.

For Debian 8 'Jessie', this problem has been fixed in version 1.818+deb8u3.

We recommend that you upgrade your debian-edu-config packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

It was discovered that python-ecdsa, a cryptographic signature library for Python, incorrectly handled certain signatures. A remote attacker could use this issue to cause python-ecdsa to either not warn about incorrect signatures, or generate exceptions resulting in a denial-of-service.

Several vulnerabilities have been discovered in the interpreter for the Ruby language, which could result in unauthorized access by bypassing intended path matchings, denial of service, or the execution of arbitrary code.

An issue has been found in harfbuzz, an OpenType text shaping engine.

Due to a buffer over-read, remote attackers are able to cause a denial of service or possibly have other impact via crafted data.

For Debian 8 'Jessie', this problem has been fixed in version 0.9.35-2+deb8u1.

We recommend that you upgrade your harfbuzz packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Two issues have been found in libvorbis, a decoder library for Vorbis General Audio Compression Codec.

2017-14633

In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability exists in the function mapping0_forward() in mapping0.c, which may lead to DoS when operating on a crafted audio file with vorbis_analysis().

2017-11333

The vorbis_analysis_wrote function in lib/block.c in Xiph.Org libvorbis 1.3.5 allows remote attackers to cause a denial of service (OOM) via a crafted wav file.

For Debian 8 'Jessie', these problems have been fixed in version 1.3.4-2+deb8u3.

We recommend that you upgrade your libvorbis packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

A change introduced in libssh 0.6.3-4+deb8u4 (which got released as DLA 2038-1) has broken x2goclient's way of scp'ing session setup files from client to server, resulting in an error message shown in a GUI error dialog box during session startup (and session resuming).

For Debian 8 'Jessie', this problem has been fixed in x2goclient version 4.0.3.1-4+deb8u1.

We recommend that you upgrade your x2goclient packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Multiple security issues have been found in Thunderbird which could potentially result in the execution of arbitrary code.

Two vulnerabilities were discovered in spamassassin, a Perl-based spam filter using text analysis.

CVE-2018-11805

Malicious rule or configuration files, possibly downloaded from an updates server, could execute arbitrary commands under multiple scenarios.

CVE-2019-12420

Specially crafted mulitpart messages can cause spamassassin to use excessive resources, resulting in a denial of service.

For Debian 8 'Jessie', these problems have been fixed in version 3.4.2-0+deb8u2.

We recommend that you upgrade your spamassassin packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Multiple security issues have been found in Thunderbird which could potentially result in the execution of arbitrary code.

For Debian 8 'Jessie', these problems have been fixed in version 1:68.3.0-2~deb8u1.

We recommend that you upgrade your thunderbird packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Two vulnerabilities were discovered in spamassassin, a Perl-based spam filter using text analysis.

  - CVE-2018-11805     Malicious rule or configuration files, possibly     downloaded from an updates server, could execute     arbitrary commands under multiple scenarios.

  - CVE-2019-12420     Specially crafted mulitpart messages can cause     spamassassin to use excessive resources, resulting in a     denial of service.

A vulnerability was discovered in the SPIP publishing system, which could result in unauthorised writes to the database by authors.

The oldstable distribution (stretch) is not affected.

ID	Name	Severity
132941	Debian DLA-2063-1 : debian-lan-config security update	High
132940	Debian DLA-2060-1 : phpmyadmin security update	High
132875	Debian DSA-4602-1 : xen - security update (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)	High
132874	Debian DLA-2067-1 : wordpress security update	High
132777	Debian DLA-2065-1 : apache-log4j1.2 security update	High
132776	Debian DLA-2064-1 : ldm security update	High
132761	Debian DSA-4601-1 : ldm - security update	High
132760	Debian DSA-4600-1 : firefox-esr - security update	Medium
132759	Debian DLA-2062-1 : sa-exim security update	High
132758	Debian DLA-2061-1 : firefox-esr security update	Medium
132736	Debian DSA-4599-1 : wordpress - security update	High
132699	Debian DSA-4598-1 : python-django - security update	Medium
132682	Debian DLA-2058-1 : nss security update	High
132681	Debian DLA-2057-1 : pillow security update	High
132635	Debian DSA-4597-1 : netty - security update	Medium
132593	Debian DLA-2056-1 : waitress security update	High
132592	Debian DLA-2055-1 : igraph security update	Medium
132591	Debian DLA-2054-1 : jhead security update	Medium
132590	Debian DLA-2053-1 : otrs2 security update	Medium
132514	Debian DLA-2052-1 : libbsd security update	High
132513	Debian DLA-2051-1 : intel-microcode security update	Low
132427	Debian DSA-4596-1 : tomcat8 - security update	High
132426	Debian DSA-4595-1 : debian-lan-config - security update	High
132425	Debian DSA-4594-1 : openssl1.0 - security update	Medium
132424	Debian DSA-4593-1 : freeimage - security update	Medium
132423	Debian DSA-4592-1 : mediawiki - security update	Medium
132422	Debian DLA-2050-1 : php5 security update	Medium
132421	Debian DLA-2049-1 : imagemagick security update	High
132420	Debian DLA-2048-1 : libxml2 security update	Medium
132406	Debian DLA-2046-1 : opensc security update	Low
132347	Debian DSA-4591-1 : cyrus-sasl2 - security update	Medium
132346	Debian DLA-2047-1 : cups security update	Medium
132345	Debian DLA-2045-1 : tightvnc security update	High
132344	Debian DLA-2044-1 : cyrus-sasl2 security update	Medium
132326	Debian DSA-4590-1 : cyrus-imapd - security update	Low
132325	Debian DLA-2043-2 : gdk-pixbuf regression update	Medium
132269	Debian DSA-4589-1 : debian-edu-config - security update	High
132268	Debian DLA-2042-1 : python-django security update	Medium
132267	Debian DLA-2041-1 : debian-edu-config security update	High
132110	Debian DSA-4588-1 : python-ecdsa - security update	Medium
132109	Debian DSA-4587-1 : ruby2.3 - security update	High
132108	Debian DSA-4586-1 : ruby2.5 - security update	High
132107	Debian DLA-2040-1 : harfbuzz security update	High
132106	Debian DLA-2039-1 : libvorbis security update	Medium
132105	Debian DLA-2038-2 : x2goclient regression update	High
132082	Debian DSA-4585-1 : thunderbird - security update	Medium
132081	Debian DLA-2037-1 : spamassassin security update	High
132080	Debian DLA-2036-1 : thunderbird security update	Medium
132063	Debian DSA-4584-1 : spamassassin - security update	High
132062	Debian DSA-4583-1 : spip - security update	Medium

Debian Local Security Checks Family for Nessus