DEBIAN-CVE-2026-42851

Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.0, a program able to write bytes to a kitty terminal — a remote SSH peer, a downloaded file viewed with cat, a log line, an email body rendered in less, an issue body in a TUI, etc. — can cause kitty to execute...

DEBIAN-CVE-2026-52859

Vim is an open source, command line text editor. Prior to version 9.2.0565, the updatesnapshot function in src/terminal.c copies the visible terminal screen into the scrollback buffer when a snapshot is taken. For each screen cell it walks the cell's chars array with no upper bound, stopping only...

[SECURITY] [DSA 6341-1] ironic security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6341-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 11, 2026 https://www.debian.org/security/faq -...

Debian dsa-6341 : ironic-api - security update

The remote Debian 12 / 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6341 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6341-1 [email protected]...

Debian dsa-6337 : chromium - security update

The remote Debian 12 / 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6337 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6337-1 [email protected]...

Debian dsa-6330 : charon-cmd - security update

The remote Debian 12 / 13 host has packages installed that are affected by a vulnerability as referenced in the dsa-6330 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6330-1 [email protected] https://www.debian.org/security/...

DEBIAN-CVE-2026-49219

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-24, an incorrect parsing of the filename can result in a policy bypass and read files disallowed by a security policy using a symlink. This issue has been patched i...

DEBIAN-CVE-2026-48110

Russh is a Rust SSH client & server library. From version 0.34.0 to before version 0.61.0, several russh client and server message handlers decoded attacker-controlled SSH strings, name-lists, and byte fields into owned allocations before applying field-specific bounds. A remote SSH peer could se...

[SECURITY] [DSA 6336-1] jackson-core security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6336-1 [email protected] https://www.debian.org/security/ Markus Koschany June 10, 2026 https://www.debian.org/security/faq -...

Debian dsa-6334 : gir1.2-poppler-0.18 - security update

The remote Debian 12 / 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6334 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6334-1 [email protected]...

Debian dsa-6335 : libcrypto3-udeb - security update

The remote Debian 12 / 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6335 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6335-1 [email protected]...

[SECURITY] [DSA 6333-1] mistral security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6333-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 09, 2026 https://www.debian.org/security/faq -...

DEBIAN-CVE-2026-46332

In the Linux kernel, the following vulnerability has been resolved: greybus: gb-beagleplay: bound bootloader receive buffering cc1352bootloaderrx appends each serdev chunk into the fixed rxbuffer before parsing bootloader packets. The helper can keep leftover bytes between callbacks and may recei...

DEBIAN-CVE-2026-11787

A flaw was found in 389 Directory Server. The ldaputf8prev function reads bytes before the start of a buffer without bounds checking, causing a heap buffer over-read in string filter parsing that may influence internal filter processing behavior...

DEBIAN-CVE-2026-41838

IDs for WebSocket sessions in the spring-websocket module are not cryptographically unpredictable, which may be possible to exploit in combination with inadequate authorization rules. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 throug...

DEBIAN-CVE-2026-11681

Use after free in Ozone in Google Chrome on Linux prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

DEBIAN-CVE-2026-11659

Integer overflow in UI in Google Chrome on Linux prior to 149.0.7827.103 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

DEBIAN-CVE-2026-11655

Integer overflow in Media in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

DEBIAN-CVE-2026-11633

Use after free in Bluetooth in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code via a malicious peripheral. Chromium security severity: Critical...

[SECURITY] [DSA 6330-1] strongswan security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6330-1 [email protected] https://www.debian.org/security/ Yves-Alexis Perez June 08, 2026 https://www.debian.org/security/faq -...