CLSA-2025-1755113204 Fix CVE(s): CVE-2025-29088

SECURITY UPDATE: denial of service issue due to incorrect memory allocations - debian/patches/CVE-2025-29088.patch: harden the SQLITEDBCONFIGLOOKASIDE interface against misuse, such as described in forum post 48f365daec Enhancements to the SQLITEDBCONFIGLOOKASIDE documentation - CVE-2025-29088...

DEBIAN-CVE-2025-55154

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-27 and 7.1.2-1, the magnified size calculations in ReadOneMNGIMage in coders/png.c are unsafe and can overflow, leading to memory corruption. This issue has been patched in...

DEBIAN-CVE-2025-55004

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-1, ImageMagick is vulnerable to heap-buffer overflow read around the handling of images with separate alpha channels when performing image magnification in ReadOneMNGIMage. This c...

CLSA-2025-1754940449 Fix CVE(s): CVE-2024-46901

SECURITY UPDATE: Insufficient validation of filenames against control characters in repositories served via moddavsvn - debian/patches/CVE-2024-46901.patch: fix moddavsvn denial-of-service via control characters in paths...

CLSA-2025-1754411479 Fix CVE(s): CVE-2025-48384

SECURITY UPDATE: security vulnerability - debian/patches/CVE-2025-48384.patch: quote values containing CR character in config to prevent unintended stripping of CR - CVE-2025-48384...

CLSA-2025-1754338599 Fix CVE(s): CVE-2025-6965

SECURITY UPDATE: aggregate term exceeding column count vulnerability - debian/patches/CVE-2025-6965.patch: fix a potential memory corruption if the number of aggregate terms in a query exceeds the maximum number of columns - CVE-2025-6965...

CLSA-2025-1753799801 Fix CVE(s): CVE-2025-32462

SECURITY UPDATE: unauthorized command execution on remote hosts - debian/patches/CVE-2025-32462.patch: restrict user from setting remote host for command unless listing privileges - CVE-2025-32462...

CLSA-2025-1753207140 Fix CVE(s): CVE-2025-48384

SECURITY UPDATE: security vulnerability discovered - debian/patches/CVE-2025-48384.patch: quote values containing CR character in config to prevent unintentional stripping when reading - CVE-2025-48384...

CLSA-2025-1753121050 Fix CVE(s): CVE-2025-48384

SECURITY UPDATE: security vulnerability addressed - debian/patches/CVE-2025-48384.patch: quote values containing CR character to prevent unintended behavior - CVE-2025-48384...

DEBIAN-CVE-2025-38279

In the Linux kernel, the following vulnerability has been resolved: bpf: Do not include stack ptr register in precision backtracking bookkeeping Yi Lai reported an issue 1 where the following warning appears in kernel dmesg: 60.643604 verifier backtracking bug 60.643635 WARNING: CPU: 10 PID: 2315...

DEBIAN-CVE-2025-38206

In the Linux kernel, the following vulnerability has been resolved: exfat: fix double free in delayedfree The double free could happen in the following path. exfatcreateupcasetable exfatcreateupcasetable : return error exfatfreeupcasetable : free -volutbl exfatloaddefaultupcasetable : return erro...

CLSA-2025-1750780819 Fix CVE(s): CVE-2025-31651

SECURITY UPDATE: Improper Neutralization of Escape, Meta, or Control Sequences vulnerability - debian/patches/CVE-2025-31651.patch: Enforces rewrite rules to preventing bypass of security constraints in specific configurations - CVE-2025-31651...

CLSA-2025-1750752721 Fix CVE(s): CVE-2025-24813

SECURITY UPDATE: Remote code execution - debian/patches/CVE-2025-24813.patch: Delete temporary file right after finishing request processing - CVE-2025-24813...

DEBIAN-CVE-2022-50186

In the Linux kernel, the following vulnerability has been resolved: ath11k: fix missing skb drop on htctxcompletion error On htctxcompletion error the skb is not dropped. This is wrong since the completionhandler logic expect the skb to be consumed anyway even when an error is triggered. Not...

DEBIAN-CVE-2022-50050

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Intel: hda: Fix potential buffer overflow by snprintf snprintf returns the would-be-filled size when the string overflows the given buffer size, hence using this value may result in the buffer overflow although it's...

DEBIAN-CVE-2022-50024

In the Linux kernel, the following vulnerability has been resolved: dmaengine: dw-axi-dmac: do not print NULL LLI during error During debugging we have seen an issue where axichandumplli is passed a NULL LLI pointer which ends up causing an OOPS due to trying to get fields from it. Simply print...

DEBIAN-CVE-2022-49987

In the Linux kernel, the following vulnerability has been resolved: md: call mdstopwrites in mdstop From the link 1, we can see raid1d was running even after the path raiddtr - mdstop - mdstop. Let's stop write first in destructor to align with normal md-raid to fix the KASAN issue. 1...

DEBIAN-CVE-2022-49970

In the Linux kernel, the following vulnerability has been resolved: bpf, cgroup: Fix kernel BUG in purgeeffectiveprogs Syzkaller reported a triggered kernel BUG as follows: ------------ cut here ------------ kernel BUG at kernel/bpf/cgroup.c:925! invalid opcode: 0000 1 PREEMPT SMP NOPTI CPU: 1 PI...

DEBIAN-CVE-2025-37926

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in ksmbdsessionrpcopen A UAF issue can occur due to a race condition between ksmbdsessionrpcopen and sessionrpcclose. Add rpclock to the session to protect it...

DEBIAN-CVE-2025-37839

In the Linux kernel, the following vulnerability has been resolved: jbd2: remove wrong sb-ssequence check Journal emptiness is not determined by sb-ssequence == 0 but rather by sb-sstart == 0 which is set a few lines above. Furthermore 0 is a valid transaction ID so the check can spuriously...