It was discovered that missing input sanitising in the Atril document viewer could result in writing arbitrary files in the users home directory if a malformed epub document is opened. https:/...
https://lists.debian.org/debian-security-announce/2024/msg00098.html
A security issue was discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure. Google is aware that an exploit for CVE-2024-4671 ...
https://lists.debian.org/debian-security-announce/2024/msg00097.html
The following vulnerabilities have been discovered in the WebKitGTK web engine: CVE-2023-42843 Kacper Kwapisz discovered that visiting a malicious website may lead to address bar spoofing. ...
https://lists.debian.org/debian-security-announce/2024/msg00095.html
The update for glib2.0 released as DSA 5682-1 caused a regression in ibus affecting text entry with non-trivial input methods. Updated glib2.0 packages are available to correct this issue. htt...
https://lists.debian.org/debian-security-announce/2024/msg00094.html
Nick Galloway discovered an integer overflow in dav1d, a fast and small AV1 video stream decoder which could result in memory corruption. https://security-tracker.debian.org/tracker/DSA-5686-1...
https://lists.debian.org/debian-security-announce/2024/msg00096.html
Security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure. https://security-tracker.debian.org/tracker/DSA...
https://lists.debian.org/debian-security-announce/2024/msg00092.html
Several security vulnerabilities have been discovered in Wordpress, a popular content management framework, which may lead to exposure of sensitive information to an unauthorized actor in WordPr...
https://lists.debian.org/debian-security-announce/2024/msg00093.html
Alicia Boya Garcia reported that the GDBus signal subscriptions in the GLib library are prone to a spoofing vulnerability. A local attacker can take advantage of this flaw to cause a GDBus-based ...
https://lists.debian.org/debian-security-announce/2024/msg00091.html
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. https://security-tracker.debian.org/tracker/DS...
https://lists.debian.org/debian-security-announce/2024/msg00089.html
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. https://security-tracker.debian.org/tracker/DS...
https://lists.debian.org/debian-security-announce/2024/msg00090.html
Several vulnerabilities have been discovered in the interpreter for the Ruby language, which may result in information disclosure, denial of service or the execution of arbitrary code. https:/...
https://lists.debian.org/debian-security-announce/2024/msg00086.html
Several vulnerabilities were discovered in nscd, the Name Service Cache Daemon in the GNU C library which may lead to denial of service or the execution of arbitrary code. https://security-tra...
https://lists.debian.org/debian-security-announce/2024/msg00087.html
Several vulnerabilities were discovered in less, a file pager, which may result in the execution of arbitrary commands if a file with a specially crafted file name is processed. https://securi...
https://lists.debian.org/debian-security-announce/2024/msg00088.html
Security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure. https://security-tracker.debian.org/tracker/DSA...
https://lists.debian.org/debian-security-announce/2024/msg00085.html
Security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure. https://security-tracker.debian.org/tracker/DSA...
https://lists.debian.org/debian-security-announce/2024/msg00084.html
It was discovered that PDNS Recursor, a resolving name server, was susceptible to denial of service if recursive forwarding is configured. https://security-tracker.debian.org/tracker/DSA-5674-...
https://lists.debian.org/debian-security-announce/2024/msg00083.html
Charles Fol discovered that the iconv() function in the GNU C library is prone to a buffer overflow vulnerability when converting strings to the ISO-2022-CN-EXT character set, which may lead to d...
https://lists.debian.org/debian-security-announce/2024/msg00082.html
It was discovered that insufficient restriction of unix daemon sockets in the GNU Guix functional package manager could result in sandbox bypass. https://security-tracker.debian.org/tracker/DS...
https://lists.debian.org/debian-security-announce/2024/msg00078.html
Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code. https://security-tracker.debian.org/tracker/DSA-5670-1
https://lists.debian.org/debian-security-announce/2024/msg00079.html
Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in denial of service or information disclosure. https://security-tracker.debian.org/tracker/DSA-5671-...
https://lists.debian.org/debian-security-announce/2024/msg00080.html
Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in denial of service or information disclosure. https://security-tracker.debian.org/tracker/DSA-5672-...
https://lists.debian.org/debian-security-announce/2024/msg00081.html
Security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure. https://security-tracker.debian.org/tracker/DSA...
https://lists.debian.org/debian-security-announce/2024/msg00077.html
Gergo Koteles discovered that sandbox restrictions in Flatpak, an application deployment framework for desktop apps, could by bypassed in combination with xdg-desktop-portal. https://security-...
https://lists.debian.org/debian-security-announce/2024/msg00075.html
Several security vulnerabilities have been discovered in the Tomcat servlet and JSP engine. CVE-2023-46589 Tomcat 9 did not correctly parse HTTP trailer headers. A trailer header that excee...
https://lists.debian.org/debian-security-announce/2024/msg00076.html
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or clickjacking. https://security-tracker.debian....
https://lists.debian.org/debian-security-announce/2024/msg00072.html
Jetty 9 is a Java based web server and servlet engine. It was discovered that remote attackers may leave many HTTP/2 connections in ESTABLISHED state (not closed), TCP congested and idle. Eventua...
https://lists.debian.org/debian-security-announce/2024/msg00073.html
Several security vulnerabilities have been discovered in the Tomcat servlet and JSP engine. CVE-2023-46589 Tomcat 10 did not correctly parse HTTP trailer headers. A trailer header that exce...
https://lists.debian.org/debian-security-announce/2024/msg00074.html
Multiple vulnerabilities have been discovered in the Apache HTTP server, which may result in HTTP response splitting or denial of service. https://security-tracker.debian.org/tracker/DSA-5662-...
https://lists.debian.org/debian-security-announce/2024/msg00070.html
The update of cockpit released in DSA 5655-1 did not correctly built binary packages due to unit test failures when building against libssh 0.10.6. This update corrects that problem. https://s...
https://lists.debian.org/debian-security-announce/2024/msg00071.html
Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in secure cookie bypass, XXE attacks or incorrect validation of passwor...
https://lists.debian.org/debian-security-announce/2024/msg00069.html