Debian LTS Linux Distribution - Page 7
Find the information you need for your favorite open source distribution .
Debian LTS: DLA-3675-1: zbar security update
zbar, a barcode and qrcode scanner was vulnerable. CVE-2023-40889
Debian LTS: DLA-3678-1: horizon security update - CORRECTED
[ NB: The original message sent included the wrong DLA reference ID. This message corrects the reference ID in the subject line. Everything else about the content of the former message, including the CVE identified as fixed and the version of the package in which it is fixed,
Debian LTS: DLA-3679-1: vlc security update
Two vulnerabilities in the MMS over HTTP protocol have been fixed in the VLC media player, which has also been upgraded to the latest upstream version. CVE-2023-47359
Debian LTS: DLA-3676-1: horizon security update
Phan Nguyên Long discovered an Open Redirect vulnerability in horizon, a web application to control an OpenStack cloud, which could lead to phishing.
Debian LTS: DLA-3676-1: libde265 security update
Multiple issues were found in libde265, an open source implementation of the h.265 video codec. CVE-2023-27102
Debian LTS: DLA-3677-1: gimp-dds security update
File parsing heap buffer overflow was fixed in gimp-dds, a DDS (DirectDraw Surface) plugin for GIMP. For Debian 10 buster, this problem has been fixed in version
Debian LTS: DLA-3674-1: thunderbird security update
Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code. For Debian 10 buster, these problems have been fixed in version
Debian LTS: DLA-3673-1: gst-plugins-bad1.0 security update
An issue has been found in gst-plugins-bad1.0, which contains several GStreamer plugins from the "bad" set. The issue is related to use-after-free of some pointers within the MXF
Debian LTS: DLA-3672-1: postgresql-multicorn PEP440 update
postgresql-mulicorn python version was non conformant to PEP440, and may break unreleated software like pip, a python package manager, used for local development of python packages.
Debian LTS: DLA-3671-1: mediawiki security update
Multiple vulnerabilities were found in mediawiki, a website engine for collaborative work, that could lead to information disclosure, privilege escalation, or denial of service.
Debian LTS: DLA-3670-1: minizip security update
An issue has been found in minizip, a compression library. When using long filenames, an integer overflow might happen, which results in a heap-based buffer overflow in zipOpenNewFileInZip4_64().
Debian LTS: DLA-3669-1: cryptojs security update
Thomas Neil James Shadwell reported that cryptojs, a collection of cryptographic algorithms implemented in JavaScript, had default PBKDF2 settings 1000 times weaker than when specified back in 1993, and 1.3M times weaker than OWASP's current recommendations.
Debian LTS: DLA-3668-1: opensc security update
Vulnerabilities were found in opensc, a set of libraries and utilities to access smart cards, which could lead to application crash or PIN bypass.
Debian LTS: DLA-3667-1: python-requestbuilder PEP440 version update
python-requestbuilder python version was non conformant to PEP440, and may break unreleated software like pip, a python package manager, used for local development of python packages.
Debian LTS: DLA-3666-1: reportbug PEP440 version update
Python version reported by reportbug, a debian tool for bug reporting was incorrect (not PEP440 compliant) and may break unreleated software like pip, a python package manager, used for local development of python packages.
Debian LTS: DLA-3665-1: node-json5 security update
node-json5 a pure javascript implementation of JSON5 standard, was vulnerable to prototype injection during parsing. For Debian 10 buster, this problem has been fixed in version
Debian LTS: DLA-3662-1: freeimage security update
Multiple vulnerabilities were discovered in freeimage, library for graphics image formats. CVE-2020-21427
Debian LTS: DLA-3664-1: symfony security update
Pierre Rudloff discovered a potential XSS vulnerability in Symfony, a PHP framework. Some Twig filters in CodeExtension use `is_safe=html` but do not actually ensure their input is safe. Symfony now escapes the output of the affected filters.
Debian LTS: DLA-3663-1: strongswan security update
It was discovered that there was a potential buffer overflow in strongswan, a IPsec-based VPN (Virtual Private Network) server. A vulnerability related to processing public Diffie-Hellman key
Debian LTS: DLA-3661-1: firefox-esr security update
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, information leaks or clickjacking.
