[SECURITY] [DSA 4650-1] qbittorrent security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4650-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso April 02, 2020https://www.debian.org/security/faq - - Package: qbittorrent CVE ID : CVE-2019-13640 Debian Bug : 932539 Miguel Onoro reported that qbittorrent, a bittorrent client with a Qt5 GUI user interface, allows command injection via shell metacharacters in the torrent name parameter or current tracker parameter, which could result in remote command execution via a crafted name within an RSS feed if qbittorrent is configured to run an external program on torrent completion. For the oldstable distribution (stretch), this problem has been fixed in version 3.3.7-3+deb9u1. For the stable distribution (buster), this problem has been fixed in version 4.1.5-1+deb10u1. We recommend that you upgrade your qbittorrent packages. For the detailed security status of qbittorrent please refer to its security tracker page at: https://security-tracker.debian.org/tracker/qbittorrent Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl6GTpBfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0Txwg/+I2tAvqqhct6WQO6WmFiiZJ4oSln/T6mD7Te8uQ1CPNntPShgqEYkOhdq 3sm103nYeeMMsSXLCUss7uSIvkrhyfxMUZF4VkfVMVVn/knK5YHuQgFcyQ98K+zL rLL2tJyA6Dm/0i+qdqYemu9wW6NiCOTDom4QO/eY18Z3nlNBFWMl70QfOxruCPb0 ffWHW9SG4wZpiEBJ+b4IKQ3Id4i6+ySEHKTKiO5tuKnctaXTYE+6gTyZ3GsrEhyN snHl8R8i4CwZ5Depd0O1H3LXnuJaoeRP25yW8uAmoUeK1QlKiao6PoKx3VGSpRWa +jSWSB/02pyR/ackPcwJW8ZwceMjidoKQ5j+89Zw//GA0bDjj+xYtTSTgGDfs2t+ qbBWOaI8F8g45bzZobYdZ9ETG3wHP8pj+t5/ewaLgq6coNOoVbt+nolDS0jokOPp ad5DJH1ZdjrBnVlHD5d7F8qHVzZqPawSUqPb/KyRK0bGFVk355pAcp/sMjiIngGN PJtkr7u5ywrUWRuB+hy5AMLohCm8GIKFawJo4/179seWyv3awjrR3reZqN3kY0B3 NC1AI8As7mPRe6QtTa1GZeEBBUkK4U4yzItz8sIZTUdkmieRLFj9Ayo33sn2fw0M TiBEqokd1Galh5IiqbsytT52eEf48ymI+mHogwtk1tgM4SqFax8= =4BiN -END PGP SIGNATURE-
[SECURITY] [DSA 4651-1] mediawiki security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4651-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff April 02, 2020https://www.debian.org/security/faq - - Package: mediawiki CVE ID : CVE-2020-10960 It was discovered that some user-generated CSS selectors in MediaWiki, a website engine for collaborative work, were not escaped. The oldstable distribution (stretch) is not affected. For the stable distribution (buster), this problem has been fixed in version 1:1.31.7-1~deb10u1. We recommend that you upgrade your mediawiki packages. For the detailed security status of mediawiki please refer to its security tracker page at: https://security-tracker.debian.org/tracker/mediawiki Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl6GTzAACgkQEMKTtsN8 TjZ4KA//d4YE+pbwN/DmJ66nM8eMazlXp8Cbeazu3kfRZ/E/UrmPoloJ7zic2j1a yl18Bh7xu0sPdsFmqsANguH6dWDJNiFrxRNMcwvBNGJk6UC6RWp4gc+b5Q7kW0vd VoVSCHjbOLBET8j5jSU25nhZASK35YYBxcVqyDDKzC7s7/lfOUxfGC6W13UhJdxd 6qJvtRFcfUKCzbwJEuxSb961hVmtDX5/mwo5iupDSScl5rdt8/Sz2ZpHIxrSfpcp 6LK+WHydFrCwZ+W4TtaS5ro+hNvk2UDe1/s9aIgbSrc6y92xVV+O+mHZ9vGooCf8 +/fj9TblQz5IeBHPZ51II/8YyTiGZ5GuWJVEgQoMtBkBdx55wWu14eBb+XVW78b+ JkxIUJHCTOYcscfYnZX36DxbFkbH2+5HvYN3D7WGEFWSZq/orpAdtHvW56nUv+Tg sI844e4Z055uqeB93+KNzmK1xilPc7Trh7DCJwD4fRQFRDft6Oy9Pkok2fdPzOeL mX1KSdoFxa8WwpyhijrsF9WbVPGuItX0iVzgGFQOwTVyFwE0eKsKvLCjaCrE6rQY yyDNWRnReeDaRvbuC4asOhTNGhm0VmK+WTIA5090A7d7eT+9amQ+Ki5yM+pqygvq Nxvfw1ZK2AhRxLYR7mdkNV0/KQwmwWIBYPSYCFoyMepDlGryotY= =MpI/ -END PGP SIGNATURE-
[SECURITY] [DSA 4649-1] haproxy security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4649-1 secur...@debian.org https://www.debian.org/security/ Sebastien Delafond April 02, 2020https://www.debian.org/security/faq - - Package: haproxy CVE ID : CVE-2020-11100 Felix Wilhelm of Google Project Zero discovered that HAProxy, a TCP/HTTP reverse proxy, did not properly handle HTTP/2 headers. This would allow an attacker to write arbitrary bytes around a certain location on the heap, resulting in denial-of-service or potential arbitrary code execution. For the stable distribution (buster), this problem has been fixed in version 1.8.19-1+deb10u2. We recommend that you upgrade your haproxy packages. For the detailed security status of haproxy please refer to its security tracker page at: https://security-tracker.debian.org/tracker/haproxy Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQEzBAEBCgAdFiEEAqSkbVtrXP4xJMh3EL6Jg/PVnWQFAl6F5I0ACgkQEL6Jg/PV nWQPtAgAlebr3o7KaSYcMAfJCsEzCJKPT5tqk+tpcELkDjm3XJgXh8o8+pUfz4x8 I/cz/+sDy6CsSLUrR0699PH9c1EYwhfkyeqxaPg0+BrjSarIAkkJVGIjdSS9in51 ws+JwEUEncLku26MnZO81Ju6HM/tsw+2FitOMYwyU34qrwyaggtD6JBlZjfqk/7M 71YQmYASrWxUwYh3GSLlHC8u3BDyTD/aU8xbgn85LIwX6uXYl/V4iI9DzR3pk5cr 7Flylu15T/W4+7iQ0QSmGgMVPJp4G6Koi2Lj0LiorGIc4L8iq8EpGvjU3t9sBig6 q9nPtEOTeL7QSky9m1sKFjcLgSfGoA== =31YW -END PGP SIGNATURE-