[SECURITY] [DLA 3835-1] roundcube security update
- Debian LTS Advisory DLA-3835-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Guilhem Moulin June 17, 2024 https://wiki.debian.org/LTS - Package: roundcube Version: 1.3.17+dfsg.1-1~deb10u6 CVE ID : CVE-2024-37383 CVE-2024-37384 Debian Bug : 1071474 Cross-site scripting (XSS) vulnerabilities were discovered in Roundcube, a skinnable AJAX based webmail solution for IMAP servers, which could allow a remote attacker to load arbitrary JavaScript code and might lead to privilege escalation or information disclosure. CVE-2024-37383 Valentin T. and Lutz Wolf of CrowdStrike discovered that Roundcube allows XSS via SVG animate attributes. CVE-2024-37384 Huy Nguyễn Phạm Nhật discovered that Roundcube allows XSS via list columns from user preferences. For Debian 10 buster, these problems have been fixed in version 1.3.17+dfsg.1-1~deb10u6. We recommend that you upgrade your roundcube packages. For the detailed security status of roundcube please refer to its security tracker page at: https://security-tracker.debian.org/tracker/roundcube Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS signature.asc Description: PGP signature
[SECURITY] [DLA 3832-1] pymongo security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3832-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Bastien Roucariès June 17, 2024 https://wiki.debian.org/LTS - - Package: pymongo Version: 3.7.1-1.1+deb10u1 CVE ID : CVE-2024-5629 An out-of-bounds read in the 'bson' module allowed deserialization of malformed BSON provided by a Server to raise an exception which may contain arbitrary application memory. For Debian 10 buster, this problem has been fixed in version 3.7.1-1.1+deb10u1. We recommend that you upgrade your pymongo packages. For the detailed security status of pymongo please refer to its security tracker page at: https://security-tracker.debian.org/tracker/pymongo Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQJFBAEBCgAvFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmZwIYsRHHJvdWNhQGRl Ymlhbi5vcmcACgkQADoaLapBCF+DpBAAghm8McmZjTlWyOKExpE8u0tGdyvkctO1 952YPy/RxqQWfYNcutJ0Nsimqj/8AbUJy6/E4t5tD+tLSU5+7PGxbBBtgsyGaG7a UVVlhAtuLm4qquONmZbW4bUR8vO4PFTOnWcCyBLmqigsiHoOZotQUm2EqbWgLHxo 63raFYaox3q/ZRl5UrTrtAGpP3iYBLKLPEZeS+Ay8e8Ug+IfqrNuakT9DFAOGTiJ cPjTrCmOnJ16+2dn4E/zhAMq4jBMcCLvT9042gKot7Hi5lmuyWdYNwATKlkau1y7 ghP5FxAMnxwJyTBi9zqPPBfyE+F8JdYHrbAlEwzDuLB75Gc7tjWfzQ0l29nn9hfa kiBky/uo39YZ3FC7hTA8mqK14gtjDB0JVD4I7+jEsOxX6+uJsadxamvHiZNkaxA/ oVyZ8Z06SS7JGU1uEKdj9bCqH/cz5FAADA5a705RuXgujP0jkczs86HAxCDJnSNX KQ2xQXJyiRiKikMadm1PUsjEx4eM73rBrIVlSvwam+LQi1SYWTgQ2NkwHRFF3pAx wMZdMFANhqszol7A7rebrQFivlL0m9ZNxw4EApM+uopw6AIEUEhGk2HPtX5wST+w bKHsOM2kXkB2iKa6V8LAfIANxY8+g+nbm5aFu+FgvCo9gL7VQx01NzOtRVIr3ML1 gK3/YoOlZds= =Ip7j -END PGP SIGNATURE-
[SECURITY] [DLA 3831-1] nano security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3831-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk June 17, 2024 https://wiki.debian.org/LTS - - Package: nano Version: 3.2-3+deb10u1 CVE ID : CVE-2024-5742 A symlink attack with emergency file saving has been fixed in the text editor nano. For Debian 10 buster, this problem has been fixed in version 3.2-3+deb10u1. We recommend that you upgrade your nano packages. For the detailed security status of nano please refer to its security tracker page at: https://security-tracker.debian.org/tracker/nano Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmZwFIgACgkQiNJCh6LY mLEAyRAAsSq2udw7C72rdFSnJScJ8YchyFY22rAglD2HXH/oUnzifPjj9Drh+6wC 58o8lCmuDPA3e40KGO3OPvFeAtWhdGF4tfdORI2AZx63+ZEwscGohEnlsRWlrrFz x7MxFZ1UsEi3SuQLY+WY+g9UCdse1Z5oBHcbQH796jf4XSKaZi7U1FLWSDBvlszj Pu6q/bRVJRw33/Cg/jLSZ2IEYCUWHLtFkF7Is5nRfDr/+0mUatJKAQgvBcPKazXx EDfk6Z+fs2re+nR8Ol8n4gIvNEQIeU+49j7U9hgdsFpOZFnhw7+mFM39eSSD3n8s JUT3dKt76zybax5KYlXVCMbOJ2/6srjSi614wHiBXxGdWJ/LDrGwfdPwq7srFB9x MCzArk+J3i5JUfnN3kmf5LppRtkJp3KgGLIHcKdfkZllGGBqVL45ClR2YPxO72Z4 r8UAxGGWnvBsaI2a/MATU/IR5D/zyK7TMG6HY1I5P12nbDtaot9okMTIT/M2Sx8J Pyoqx82vt7nTS1q47xlbXnnsZczCVx+fCssDaDjLOkQiDqTVnKyiw5+QefpG5DDK iKkmeCIEjebEc9BoQfXl4ASzr4FZwmeeU6QdPtPZaQQmPLQvIwz6LBfXIh3HV/fg VmJRnbTEypkG0Cs8Oq1DnrBzQCpIjd/BuUwLrOjb6ppBS4QQQu0= =GKYc -END PGP SIGNATURE-
