275 matches found
CLSA-2026-1771597605 Fix CVE(s): CVE-2025-15367
SECURITY UPDATE: defect in poplib module, when passed a user-controlled command, commands can be injected using newlines - debian/patches/CVE-2025-15367.patch: Fix command injection by rejecting commands containing control characters - CVE-2025-15367...
CLSA-2026-1771329952 Fix CVE(s): CVE-2025-13601
SECURITY UPDATE: Heap-based buffer overflow - debian/patches/CVE-2025-13601.patch: Fix heap-based buffer overflow by correcting buffer size calculation in gescapeuristring - CVE-2025-13601...
ROOT-OS-DEBIAN-12-CVE-2025-1365 CVE-2025-1365 in rootio-elfutils - Patched by Root
Root has patched CVE-2025-1365 in the rootio-elfutils package for Root:Debian:12. Multiple fixed versions available...
CLSA-2026-1770982328 Fix CVE(s): CVE-2025-68973
SECURITY UPDATE: Possible memory corruption in the armor parser - debian/patches/CVE-2025-68973.patch: fix faulty double increment - CVE-2025-68973...
CLSA-2026-1769507907 Fix CVE(s): CVE-2024-50349
SECURITY UPDATE: Confusing users into sending their passwords to sites under the attacker’s control using crafted URLs - debian/patches/CVE-2024-50349.patch: also encode : in credentialformat, sanitize the user prompt - CVE-2024-50349...
CLSA-2026-1769015071 Fix CVE(s): CVE-2025-68973
SECURITY UPDATE: memory corruption in armor parser - debian/patches/CVE-2025-68973.patch: Fix faulty double increment in armorfilter function. - CVE-2025-68973...
DEBIAN-CVE-2025-12781
When passing data to the b64decode, standardb64decode, and urlsafeb64decode functions in the "base64" module the characters "+/" will always be accepted, regardless of the value of "altchars" parameter, typically used to establish an "alternative base64 alphabet" such as the URL safe alphabet. Th...
CLSA-2025-1766599555 Fix CVE(s): CVE-2025-14178
SECURITY UPDATE: Heap buffer overflow in arraymerge - debian/patches/CVE-2025-14178.patch: add validation to check if total element count exceeds HTMAXSIZE before allocation. - CVE-2025-14178...
CLSA-2025-1767120767 Fix CVE(s): CVE-2025-14178
SECURITY UPDATE: Heap buffer overflow in arraymerge - debian/patches/CVE-2025-14178.patch: add validation to check if total element count exceeds HTMAXSIZE before allocation. - CVE-2025-14178...
DEBIAN-CVE-2023-53812
In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: fix decoder disable pm crash Can't call pmruntimedisable when the architecture support sub device for 'dev-pm.dev' is NUll, or will get below crash log. 10.771551 pc : rawspinlockirq+0x4c/0xa0 10.771556 l...
CLSA-2025-1764321086 Fix CVE(s): CVE-2025-6297
SECURITY UPDATE: Directory permission cleanup vulnerability leading to DoS - debian/patches/CVE-2025-6297.patch: Fix cleanup for control member with restricted directories - CVE-2025-6297...
DEBIAN-CVE-2023-53764
In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Handle lock during peerid find ath12kpeerfindbyid requires that the caller hold the ab-baselock. Currently the WBM error path does not hold the lock and calling that function, leads to the following lockdepassertin...
CLSA-2025-1764773600 Fix CVE(s): CVE-2025-62171
SECURITY UPDATE: integer overflow vulnerability in BMP decoder on 32-bit systems - debian/patches/CVE-2025-62171.patch: add extra check to resolve issue on 32-bit systems caused by memory allocation failure - CVE-2025-62171...
CLSA-2025-1764324770 Fix CVE(s): CVE-2022-30688
SECURITY UPDATE: insecure regex patterns for interpreter detection - debian/patches/CVE-2022-30688.patch: prevent local privilege escalation by anchoring interpreter regex patterns - CVE-2022-30688...
CLSA-2025-1764324579 Fix CVE(s): CVE-2025-62171
SECURITY UPDATE: integer overflow vulnerability in BMP decoder on 32-bit systems - debian/patches/CVE-2025-62171.patch: add extra check to resolve issue on 32-bit systems - CVE-2025-62171...
DEBIAN-CVE-2025-40204
In the Linux kernel, the following vulnerability has been resolved: sctp: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this...
CLSA-2025-1762783856 Fix CVE(s): CVE-2024-38428
SECURITY UPDATE: mishandling of semicolons in userinfo - debian/patches/CVE-2024-38428.patch: properly re-implement userinfo parsing in src/url.c. - CVE-2024-38428...
CLSA-2025-1761849390 Fix CVE(s): CVE-2022-47695
SECURITY UPDATE: denial of service via bfdmachogetsyntheticsymtab in match-o.c - debian/patches/CVE-2022-47695.patch: Fix segmentation fault in comparesymbols function by excluding section and synthetic symbols before checking symbol flags - CVE-2022-47695...
CLSA-2025-1761576318 Fix CVE(s): CVE-2022-3520
SECURITY UPDATE: Heap-based Buffer Overflow in visual mode - debian/patches/CVE-2022-3520.patch: check that the column does not become negative - CVE-2022-3520...
CLSA-2025-1761323893 Fix CVE(s): CVE-2023-31484
SECURITY UPDATE: missing TLS certificate verification - debian/patches/fixes/CVE-2023-31484.patch: enable SSL/TLS cert checking in .../CPAN/HTTP/Client.pm - CVE-2023-31484...