CLSA-2026-1776069613 Fix CVE(s): CVE-2026-3441, CVE-2026-3442

SECURITY UPDATE: buffer overflow in xcoff linker - debian/patches/CVE-2026-3441CVE-2026-3442.patch: properly bounds check XTYLD xscnlen index in xcofflinkaddsymbols - CVE-2026-3441 SECURITY UPDATE: out-of-bounds read in xcoff linker - debian/patches/CVE-2026-3441CVE-2026-3442.patch: sanity check...

CLSA-2025-1761673667 Fix CVE(s): CVE-2019-20044

SECURITY UPDATE: insecure privilege dropping vulnerability - debian/patches/CVE-2019-20044-.patch: improve error handling in setopt command, add OpenSSH-based setresuid/setresgid wrappers, simplify and secure privilege dropping logic, add comprehensive tests for PRIVILEGED option - CVE-2019-20044...

CLSA-2025-1760020311 Fix CVE(s): CVE-2025-9714

SECURITY UPDATE: uncontrolled recursion leading to stack overflow via crafted XPath expressions - debian/patches/CVE-2025-9714.patch: Make XPath depth check work with recursive invocations to prevent stack overflows - CVE-2025-9714...

CLSA-2025-1759864577 Fix CVE(s): CVE-2025-6020

SECURITY UPDATE: fix privilege escalation in pamnamespace - debian/patches-applied/CVE-2025-6020-pre.patch: prerequisite changes - debian/patches-applied/CVE-2025-6020.patch: enforce proper handling of instance directory symlinks to prevent mounting arbitrary paths - CVE-2025-6020...

CLSA-2025-1748282295 Fix of 34 CVEs

SECURITY UPDATE: Misc vulnerability fixes - CVE-2019-12418, CVE-2019-17563, CVE-2020-1935, CVE-2020-11996, CVE-2020-13934, CVE-2020-13935, CVE-2020-13943, CVE-2020-17527, CVE-2021-24122, CVE-2021-30639, CVE-2021-30640, CVE-2021-33037, CVE-2021-42340, CVE-2021-43980, CVE-2022-25762, CVE-2022-34305...

CLSA-2025-1747689263 Fix CVE(s): CVE-2025-32414, CVE-2025-32415

SECURITY UPDATE: Out-of-bounds memory access in Python API bindings - debian/patches/CVE-2025-32414.patch: Limit character reads and reserve buffer space for UTF-8 encoding to prevent overflow - CVE-2025-32414 SECURITY UPDATE: Heap buffer under-read in XML schema validation -...

CLSA-2025-1744116044 Fix CVE(s): CVE-2016-8614

SECURITY UPDATE: improper verification of key fingerprints in aptkey module - debian/patches/CVE-2016-8614.patch: fix use of long key IDs for delete, check for keyid presence and fix keyid length for verification. Fix reversed order of return values in parsekeyid function - CVE-2016-8614...

Fedora 41 : man2html (2025-538f2e492d)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-538f2e492d advisory. Refresh patches Add -std=gnu17 to CFLAGS to fix the build 042-man2html-CVE-2021-40647.patch Add more patches from Debian Tenable has extracted the preceding...

Fedora 40 : man2html (2025-a778f51bce)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-a778f51bce advisory. Refresh patches Add -std=gnu17 to CFLAGS to fix the build 042-man2html-CVE-2021-40647.patch Add more patches from Debian Tenable has extracted the preceding...

CLSA-2025-1741286028 Fix CVE(s): CVE-2023-42795

SECURITY UPDATE: Incomplete Cleanup vulnerability in Tomcat - debian/patches/CVE-2023-42795.patch: Improve handling of failures during recycle methods - CVE-2023-42795...

CLSA-2025-1740131776 Fix CVE(s): CVE-2024-12747

SECURITY UPDATE: race condition during rsync's handling of symbolic links - debian/patches/CVE-2024-12747.patch: prevent symlink race preventing a normal file from being replaced by a symlink - CVE-2024-12747 debian/rules, debian/patches/series: use series file to manage patches...

CLSA-2025-1739812201 Fix CVE(s): CVE-2024-3596

SECURITY UPDATE: Generate and verify message MACs in libkrad - debian/patches/CVE-2024-3596.patch: implement support for Message-Authenticator in libkrad - CVE-2024-3596 debian/control: add package Recommends to krb5-doc...

CLSA-2024-1734708244 Fix of 15 CVEs

OpenJDK 11.0.25 release, build 9. - CVE-2024-21131, CVE-2024-21138, CVE-2024-21140, CVE-2024-21144, CVE-2024-21145, CVE-2024-21147, CVE-2024-21208, CVE-2024-21210, CVE-2024-21217, CVE-2024-21235. - Release notes: https://mail.openjdk.org/pipermail/jdk-updates-dev/2024-October/038512.html -...

CLSA-2024-1727287657 Fix CVE(s): CVE-2021-37370, CVE-2021-37371, CVE-2024-37370, CVE-2024-37371

SECURITY UPDATE: fix GSS vulnerabilities - debian/patches/CVE-2021-37370.patch: prevent modification of Extra Count field in GSS krb5 wrap CFX wrap token to avoid appearing truncated to application header - debian/patches/CVE-2021-37371.patch: fix invalid memory reads during GSS message token...

CLSA-2024-1716485825 Fix CVE(s): CVE-2023-5764

SECURITY UPDATE: template injection allows code injection through specially crafted files - debian/patches/CVE-2023-5764.patch: avoid evaluate unsafe conditions - debian/patches/CVE-2023-5764-ext-tests.patch: addional tests - CVE-2023-5764...

CLSA-2024-1709562163 Fix CVE(s): CVE-2023-50387, CVE-2023-50868

SECURITY UPDATE: KeyTrap denial of service vulnerability - debian/patches/CVE-2023-50387-20230-50868.patch: Fix DNSSEC verification complexity issue by updating verification function signatures. - debian/patches/CVE-2023-50387-fix-1.patch: Allow the original CVE-2023-50387 patch to work if multip...

CLSA-2023-1702573569 Fix of 5 CVEs

SECURITY UPDATE: Update to 5.7.44 to fix security issues - CVE-2023-22053, CVE-2023-22084, CVE-2023-22015, CVE-2023-22026, CVE-2023-22028 debian/patches/offroottests.patch: disable mysqlddaemon and mysqldsafe tests under root due to known issues with these tests...

CLSA-2023-1697816288 Fix CVE(s): CVE-2023-41358, CVE-2023-41360

SECURITY UPDATE: bgpd/bgppacket.c can read the initial byte of the ORF header in an ahead-of-stream situation - debian/patches/CVE-2023-41360.patch: don't read the first byte of ORF header if we are ahead of stream. - CVE-2023-41360 SECURITY UPDATE: bgpd/bgppacket.c processes NLRIs if the attribu...

CLSA-2023-1697016696 Fix CVE(s): CVE-2023-4863, CVE-2023-4836

SECURITY UPDATE: Heap buffer overflow - debian/patches/CVE-2023-4863-pre.patch: prepare sources to be patched - debian/patches/CVE-2023-4863-1.patch: first, BuildHuffmanTable is called to check if the data is valid. If it is and the table is not big enough, more memory is allocated. This will mak...

CLSA-2023-1693419616 Update of alt-php

Fixed possible memory leak - debian/patches/fix-possible-memory-leak.patch: added DestroyDrawInfo call when StringToList returns error...