14410 matches found
[SECURITY] [DLA 2379-3] mediawiki regression update
Debian LTS Advisory DLA-2379-3 [email protected] https://www.debian.org/lts/security/ Roberto C. Sánchez November 21, 2020 https://wiki.debian.org/LTS Package : mediawiki Version : 1:1.27.7-1deb9u6 The update of mediawiki released as DLA-2379-2 contained a defect in the patch for...
[SECURITY] [DLA 2405-1] httpcomponents-client security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-2405-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany October 10, 2020 https://wiki.debian.org/LTS -...
[SECURITY] [DSA 4750-1] nginx security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4750-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso August 26, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4718-1] thunderbird security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4718-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff July 05, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4674-1] roundcube security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4674-1 [email protected] https://www.debian.org/security/ Sebastien Delafond May 05, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2179-1] jackson-databind security update
Package : jackson-databind Version : 2.4.2-2+deb8u14 CVE ID : CVE-2020-10968 CVE-2020-10969 CVE-2020-11111 CVE-2020-11112 CVE-2020-11113 CVE-2020-11619 CVE-2020-11620 Following CVEs were reported against the jackson-databind source package : CVE-2020-10968 FasterXML jackson-databind 2.x before...
[SECURITY] [DLA 2153-1] jackson-databind security update
Package : jackson-databind Version : 2.4.2-2+deb8u13 CVE ID : CVE-2020-10672 CVE-2020-10673 The following CVEs were reported against jackson-databind. CVE-2020-10672 FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to...
[SECURITY] [DLA 2140-1] firefox-esr security update
Package : firefox-esr Version : 68.6.0esr-1deb8u1 CVE ID : CVE-2019-20503 CVE-2020-6805 CVE-2020-6806 CVE-2020-6807 CVE-2020-6811 CVE-2020-6812 CVE-2020-6814 Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary...
[SECURITY] [DLA 2131-1] rrdtool security update
Package : rrdtool Version : 1.4.8-1.2+deb8u1 CVE ID : CVE-2014-6262 Multiple format string vulnerabilities in RRDtool, as used in Zenoss Core before 4.2.5 and other products, allow remote attackers to execute arbitrary code or cause a denial of service application crash via a crafted third argume...
[SECURITY] [DLA 2073-1] transfig security update
Package : transfig Version : 1:3.2.5.e-4+deb8u2 CVE ID : CVE-2018-16140 CVE-2019-14275 CVE-2019-19555 Several issues have been found in transfig, a XFig figure files converter. CVE-2018-16140 Buffer underwrite vulnerability in getline allows an attacker to write prior to the beginning of the buff...
[SECURITY] [DSA 4597-1] netty security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4597-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 03, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2038-2] x2goclient regression update
Package : x2goclient Version : 4.0.3.1-4+deb8u1 Debian Bug : 947129 A change introduced in libssh 0.6.3-4+deb8u4 which got released as DLA 2038-1 has broken x2goclients way of scping session setup files from client to server, resulting in an error message shown in a GUI error dialog box during...
[SECURITY] [DLA 1957-1] tzdata new upstream version
Package : tzdata Version : 2019c-0+deb8u1 This update includes the changes in tzdata 2018c. Notable changes are: - Brazil has canceled DST and will stay on standard time indefinitely. - Fijis next DST transitions will be 2019-11-10 and 2020-01-12 instead of 2019-11-03 and 2020-01-19. - Norfolk...
[SECURITY] [DSA 4532-1] spip security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4532-1 [email protected] https://www.debian.org/security/ Sebastien Delafond September 25, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4504-1] vlc security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4504-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff August 20, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1837-2] rdesktop regression update
Package : rdesktop Version : 1.8.6-0+deb8u2 Debian Bug : 930511 The update for rdesktop released as 1.8.6-0+deb8u1 introduced a regression which broke RDP protocol negotiation. Updated rdesktop packages are now available to correct this issue. For Debian 8 "Jessie", this problem has been fixed in...
[SECURITY] [DLA 1762-2] systemd regression update
Package : systemd Version : 215-17+deb8u13 In the recently uploaded systemd security update 215-17+deb8u12 via DLA-1762-1, a regression was discovered in the fix for CVE-2017-18078. The observation of Debian jessie LTS users was, that after upgrading to +deb8u12 temporary files would not have the...
[SECURITY] [DLA 1675-1] python-gnupg security update
Package : python-gnupg Version : 0.3.6-1+deb8u1 CVE ID : CVE-2019-6690 Alexander Kjäll and Stig Palmquist discovered a vulnerability in python-gnupg, a wrapper around GNU Privacy Guard. It was possible to inject data through the passphrase property of the gnupg.GPG.encrypt and gnupg.GPG.decrypt...
[SECURITY] [DSA 4213-1] qemu security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4213-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 29, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4164-1] apache2 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4164-1 [email protected] https://www.debian.org/security/ Stefan Fritsch April 03, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4127-1] simplesamlphp security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4127-1 [email protected] https://www.debian.org/security/ Thijs Kinkhorst March 02, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4060-1] wireshark security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4060-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 09, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1036-1] gsoap security update
Package : gsoap Version : 2.8.7-2+deb7u1 CVE ID : CVE-2017-9765 A vulnerability was discovered in gsoap, a library for the development of SOAP web services and clients, that may be exposed with a large and specific XML message over 2 GB in size. After receiving this 2 GB message, a buffer overflo...
[SECURITY] [DLA 871-1] python3.2 security update
Package : python3.2 Version : 3.2.3-7+deb7u1 CVE ID : CVE-2016-0772 It was discovered that there was a TLS stripping vulnerability in the smptlib library distributed with the CPython interpreter. The library did not return an error if StartTLS failed, which might have allowed man-in-the-middle...
[SECURITY] [DSA 3794-3] munin regression update
------------------------------------------------------------------------- Debian Security Advisory DSA-3794-3 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso March 03, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3730-1] icedove security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3730-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 11, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3582-1] expat security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3582-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 18, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DLA 360-1] linux-2.6 security update
Package : linux-2.6 Version : 2.6.32-48squeeze17 CVE ID : CVE-2013-7446 CVE-2015-7799 CVE-2015-7833 CVE-2015-7990 CVE-2015-8324 This update fixes the CVEs described below. CVE-2013-7446 Dmitry Vyukov discovered that a particular sequence of valid...
[SECURITY] [DSA 3344-1] php5 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3344-1 [email protected] https://www.debian.org/security/ Sebastien Delafond August 27, 2015 https://www.debian.org/security/faq -...
[SECURITY] [DSA-2141-4] New lighttpd packages fix regression
------------------------------------------------------------------------ Debian Security Advisory DSA-2141-4 [email protected] http://www.debian.org/security/ Stefan Fritsch January 12, 2011 http://www.debian.org/security/faq -...
[BSA-121] Security Update for python-django
Colin Watson uploaded new packages for python-django which fixed the following security problems: CVE-2024-45230 Potential denial-of-service vulnerability in django.utils.html.urlize. urlize and urlizetrunc were subject to a potential denial-of-service attack via very large inputs with a specific...
[SECURITY] [DSA 5521-1] tomcat10 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5521-1 [email protected] https://www.debian.org/security/ Markus Koschany October 10, 2023 https://www.debian.org/security/faq -...
[SECURITY] [DSA 5045-1] thunderbird security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5045-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 14, 2022 https://www.debian.org/security/faq -...
[SECURITY] [DSA 5000-2] openjdk-11 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5000-2 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 22, 2021 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4936-1] libuv1 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4936-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff July 05, 2021 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4874-1] firefox-esr security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4874-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 24, 2021 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2536-1] libsdl2 security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-2536-1 [email protected] https://www.debian.org/lts/security/ Thorsten Alteholz January 30, 2021 https://wiki.debian.org/LTS -...
[SECURITY] [DSA 4836-1] openvswitch security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4836-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 22, 2021 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4803-1] xorg-server security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4803-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 04, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4793-1] firefox-esr security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4793-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 18, 2020 https://www.debian.org/security/faq -...
[SECURITY][DLA 2431-1] libonig security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-2431-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany November 05, 2020 https://wiki.debian.org/LTS -...
[SECURITY] [DSA 4728-1] qemu security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4728-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff July 19, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2232-1] python-httplib2 security update
Package : python-httplib2 Version : 0.9+dfsg-2+deb8u1 CVE ID : CVE-2020-11078 In httplib2, an attacker controlling unescaped part of uri for httplib2.Http.request could change request headers and body, send additional hidden requests to same server. This vulnerability impacts software that uses...
[SECURITY] [DLA 2228-2] json-c regression update
Package : json-c Version : 0.11-4+deb8u2 CVE ID : CVE-2020-12762 Debian Bug : 960326 The json-c shared library had an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbufmemappend. This follow-up version now uses an upstream sanctioned patch that was...
[SECURITY] [DLA 1712-1] libsndfile security update
Package : libsndfile Version : 1.0.25-9.1+deb8u4 CVE ID : CVE-2019-3832 It was found that the fix for CVE-2018-19758 was incomplete. That has been addressed in this update. The description for CVE-2018-19758 follows: A heap-buffer-overflow vulnerability was discovered in libsndfile, the library f...
[SECURITY] [DLA 1389-1] apache2 security update
Package : apache2 Version : 2.2.22-13+deb7u13 CVE ID : CVE-2017-15710 CVE-2018-1301 CVE-2018-1312 Debian Bug : Several vulnerabilities have been found in the Apache HTTPD server. CVE-2017-15710 Alex Nichols and Jakob Hirsch reported that modauthnzldap, if configured with AuthLDAPCharsetConfig,...
[SECURITY] [DLA 1153-1] icedove/thunderbird security update
Package : thunderbird Version : 1:52.4.0-1deb7u1 CVE ID : CVE-2017-7793 CVE-2017-7805 CVE-2017-7810 CVE-2017-7814 CVE-2017-7818 CVE-2017-7819 CVE-2017-7823 CVE-2017-7824 CVE-2017-7825 Multiple security issues have been found in the Mozilla Thunderbird mail client: Multiple memory safety errors,...
[SECURITY] [DSA 3804-1] linux security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3804-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso March 08, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DLA 499-1] php5 security update
Package : php5 Version : 5.4.45-0+deb7u3 CVE ID : CVE-2015-8865 CVE-2015-8866 CVE-2015-8878 CVE-2015-8879 CVE-2016-4070 CVE-2016-4071 CVE-2016-4072 CVE-2016-4073 CVE-2016-4343 CVE-2016-4537 CVE-2016-4539 CVE-2016-4540 CVE-2016-4541 CVE-2016-4542 CVE-2016-4543 CVE-2016-4544 CVE-2015-8865 The...
[SECURITY] [DSA 3263-1] proftpd-dfsg security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3263-1 [email protected] http://www.debian.org/security/ Sebastien Delafond May 19, 2015 http://www.debian.org/security/faq -...