[SECURITY] [DLA 3775-1] firefox-esr security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-3775-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort March 25, 2024https://wiki.debian.org/LTS - - Package: firefox-esr Version: 115.9.1esr-1~deb10u1 CVE ID : CVE-2023-5388 CVE-2024-0743 CVE-2024-2607 CVE-2024-2608 CVE-2024-2610 CVE-2024-2611 CVE-2024-2612 CVE-2024-2614 CVE-2024-2616 CVE-2024-29944 Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or information disclosure, bypass of content security policies or spoofing. For Debian 10 buster, these problems have been fixed in version 115.9.1esr-1~deb10u1. We recommend that you upgrade your firefox-esr packages. For the detailed security status of firefox-esr please refer to its security tracker page at: https://security-tracker.debian.org/tracker/firefox-esr Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAmYBmt8ACgkQnUbEiOQ2 gwJwEhAAmyRjcvzEvVABt3uxa4OjpFBc9DX/4VCN3hGFYvNwwgs2ISdZefClY6ru okS56UBLGArB6kCm7JEn2dbRTveEKSX5QMSuK8f8d3dttF6Prdb7iry0kbmNwG0B VXD2MR2hue/LxGh69utkYMHAOdXFCOpq6h/qOq5RigoJY2Vj9Q2Y+XhHsTL6r5OX V+ek5V8ndV0Ul6FIgxy/uLG2EU5yvF+aGMuWJhI3FJtOtwswHZ8kLB+oU/H0+zbJ eZceFSM91CO89V1GrHUzex22RjH9qgYyYJp86Cn9SDYCbtxeF9gFBuSlJtznr5pt sfzEiQS4GF4b1/P/V6lfmWZ7KwBSX4reSAodkJDbmMBGRBivYBLNjihVQaUROOM6 iKHEEcGqA1SQ1jJI/s466a5ElwAUAX3QWhDK/8C5kBhUceXtTFZdjlI6BdJYy7ev EHXfhGRUiLOHFXa01nACuvyWCdkEfuUJm6MrBgXgtDKK63s0zpeSzVa5P3bThkAT kBvZm8og2l5EpSu4zkLZZsNly4mDvPMNZY9fsAFlNyMHrICeU+YvpW1h7A8VkgYE wzF3ePBQMRAbtCA56CW5Ck+eBWgDxUWFI32ozEc/hzuIffXyNYldI46MkIq/Y/39 J6f97aDmOXD/76GriYtND8CTTVCY2nYIt0ZPtxdr51B/8+NsEBw= =6Jci -END PGP SIGNATURE-
[SECURITY] [DLA 3774-1] gross security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3774-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk March 25, 2024https://wiki.debian.org/LTS - - Package: gross Version: 1.0.2-4.1~deb10u1 CVE ID : CVE-2023-52159 Debian Bug : 1067115 Stack-based buffer overflow has been fixed in gross, a server for greylisting emails. For Debian 10 buster, this problem has been fixed in version 1.0.2-4.1~deb10u1. We recommend that you upgrade your gross packages. For the detailed security status of gross please refer to its security tracker page at: https://security-tracker.debian.org/tracker/gross Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmYBfMIACgkQiNJCh6LY mLEwqBAAu8CmSpBQmV2hn6+hYVgd1thR2JxTFgbkjVlW13cT4J5SwV2u2LJtU1Mi dN5QUz6FN60BZSVk+JKh1k9aIKR/4zM3wbiT4AfI/DxYHL9duJ8oE4dHuhYPJOlj 7it89jdDvuNkDlRSP5uOuEr0CckYQ77PVBX7VSHrzEmLHOTcL00hGtIKI8qDwWiS Dey3LTDh5mE9HKFapLZMFUgKjqF1TGX6FLppuymjqwpz/boDgzt3UmkWV7bEzSWE IY5LSi95O0GvDpa1WJGspimQIPdvNjZ65uWQ9jNe3tm1QM5fMqk8vv9VyNqOHTTg EQkF7yiDJ3BLAfLTCB6Ra7zu4/3k6l+T7lQSp2QSKiNXg8fboSiAKv/7p3QWlvII ik/eCdSVXaFD1NS65P7IJUeE9oNe8g850+fziBJNN5sGjDtTviLu5vms43spD0OS 2yRC2hNhj3RaOWZfOsLd734y0mIxx8TctUR9eDgRd/o1pERBxi0e/fZSLkyaqBZQ YwYmIsqrPoPOVPMUdSv0mLw+VdIZaELtywCxNfdcvSPhPkmlfxApj11/sQCjFgoT Svhk5/3shww+GB91rEdUciIv4bAtHytbJX0ey7SAHJYOpM7klX9bP8G+SCwyGzo8 aNk0IhHR6UYuhOq3vI5bsmep1WUCxjxk3U7ZAm5+X8zDwrTtJqA= =S4nf -END PGP SIGNATURE-
[SECURITY] [DLA 3773-1] freeipa security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-3773-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Chris Lamb March 25, 2024https://wiki.debian.org/LTS - - Package: freeipa Version: 4.7.2-3+deb10u1 CVE ID : CVE-2024-1481 Debian Bug : 1065106 It was discovered that there was a command-line injection issue in the FreeIPA identity, authentication and audit framework. A specially crafted HTTP request could have lead to a Denial of Service (DoS) attack and/or data exposure. For Debian 10 buster, this problem has been fixed in version 4.7.2-3+deb10u1. We recommend that you upgrade your freeipa packages. For the detailed security status of freeipa please refer to its security tracker page at: https://security-tracker.debian.org/tracker/freeipa Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmYBWjMACgkQHpU+J9Qx Hlg6qw/9Fv0av7JVEiXIxH+g6SUBYOdtbBdibavhmLcB8MWo4YuMYNODZwgaUTDI M1XuWyoYvWhNY8yL5V4MxN3YF0jb3c4hhNoaAIhuIVvbRuQ297nNMvDXeid/pyde YG8+Uhi+gTqdsWS5ofCcE/BWmqn08/4t/es4o5D4mUh5k5EqQDqY+odZPJ77ikqs 55ZPXPLqqwGYJobTE83h1TKJuHvCFEcKrgvqmayFis0YO7fBqiecOZyOF7kvpomK bmkqfYs7kBSdhBvaZymV+4yH2F/AHUunuT7owIjUB8QrRJKC2wNDHO7juDYtVjOO Gp/xFPNI82YEt3lBjRjHf0CZMyoYc2YKnH8v9vfMlD4zG/85MqfXME6IuBLLCXJk nKNFEHhYF0ir9VGSZHRsDmb2Y3WYHK5VGmoRPwlUla60M4MDjl/S2AqjkbsR8LJJ TcVHEtZIH+aXeZsAXg9j5ZxLZwpWoQlPVWO5T32/0NzQyo5SMG7SsCbpGqH5RUQu ry/+gAmNGvqlkUc8joNOgOLGkm10G6cByH308zfeU6GNUWZRSV6HRSEp0QCimIjN PhK20HJZ5Un1BxmNs9vk3vxUWkPHheOrDibMt7HtFp7LxxywpKz/RwDwTbb2IPdy 31eTPV+SJNapnGQVOYmmqRKkMNeJ8lu/mU02DkbmGT5f25ViiJk= =PTcn -END PGP SIGNATURE-
