[SECURITY] [DSA 5466-1] ntpsec security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5466-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso August 04, 2023 https://www.debian.org/security/faq - - Package: ntpsec CVE ID : CVE-2023-4012 Debian Bug : 1038422 It was discovered that ntpd in ntpsec, a secure, hardened, and improved implementation derived from the original NTP project, could crash if NTS is disabled and an NTS-enabled client request (mode 3) is received. For the stable distribution (bookworm), this problem has been fixed in version 1.2.2+dfsg1-1+deb12u1. We recommend that you upgrade your ntpsec packages. For the detailed security status of ntpsec please refer to its security tracker page at: https://security-tracker.debian.org/tracker/ntpsec Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmTMiPdfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0QCoRAAiCGW5caem2KkAZjuk/GUZ6Gd1/FIiyU5rYJQ403XJs3rfB4plt1FiEjM dNy3TpoUXmngXKhuJTmEEtRvCjkP1mw6CytsWqhPAJSPuHznLYsdbm9wUBA3vVec 2efb31KXaye3L764GgardYuKSei2i+FtToejls72qFjAxXSPreYaSbTXHUMpTqI3 1vMpG8fDhijJP3Ax1JSsGOwHxnudg9/WPGrkVnRlJ0VTWxDJchVGGOvUaXyy13qu ZYI3YK8cBWQVTu7SSVNiEpZ1LxoBTw84mNoDoVCpoW72oNiZGYoA4Ff45JoSQz0m j73Vqd6j2+E8xZdwri/f483XTd+KVbimomSZZ5ks8eE9+X35LZxA7vfdEuhrD0Qh VuDO3z7TTqRMhW5aAWjNs27uH6tynxNvw4ShEi0iegLkZH930Q7dHe6CptJvQcem lzdE0teNRlg7+/W+h64QyY7wrqBou+Hkv+lP+gABUfzjS10YwY5ZrzwBdPTvFS7/ /esIhIf72Mg1FTNJvC2s6TirOnxu90b6JjabAcObBkXDmL/KlEid7Rl67sTvaLV/ V+9c6Jy9NXlvyoXvBJJ7cOTkKYok1LowIwvtzEiwFBiZCeA+B4g8rgePL7ZiPOAz Uuq7kwDMj5hU+jYfVs2iAcavWpXBIOgryKibn2wNkQW+NxjSMA4= =L3OU -END PGP SIGNATURE-
[SECURITY] [DSA 5465-1] python-django security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5465-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff August 03, 2023 https://www.debian.org/security/faq - - Package: python-django CVE ID : CVE-2023-36053 Seokchan Yoon discovered that missing sanitising in the email and URL validators of Django, a Python web development framework, could result in denial of service. For the oldstable distribution (bullseye), this problem has been fixed in version 2:2.2.28-1~deb11u2. This update also addresses CVE-2023-23969, CVE-2023-31047 and CVE-2023-24580. For the stable distribution (bookworm), this problem has been fixed in version 3:3.2.19-1+deb12u1. We recommend that you upgrade your python-django packages. For the detailed security status of python-django please refer to its security tracker page at: https://security-tracker.debian.org/tracker/python-django Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmTMEXoACgkQEMKTtsN8 TjYgbA//QyvH70qUWpZtGBT19rQ8JQdcHCdh/FqlsosbYFwKwc+jZNfqyZWr45oM VKQvi8vggxPGXs9LfQb1LhWxsBzhNzCrvN24z7vSqWNensHVBA3NNaGkSDASsIXF Z/LvO0bMjdk0QQ5774CjhoixTBx5SmYy/oapTNeHrZv8geF+E5ga3+r2/lDLNZEf IFFMkfJRhoXuKS/cKKtfDnz37YDr0a8tAXDb/RbGvfu4igjDLWCMnq2aOmx2UaS2 euvOlWknhv0r72Skp8ipLx5ykcEJ4WmD3LuNZbXZQNqbsYO9FX2yoXGJqwnuLvTH g/JCnYwrkUEDTcBAY8pbQ/MRM4yIYRxqEnQEyV8HIouajLgFKDtCJCG7Rii/axav cnBiNqgnp8Vg6/F0jKjJOEe4lnVl7xufAQcLTs2aUk9B2WlqKEpAF2xgPc1SdPXe tdXy57N2R20Ft3jOS/s2V5YaButrGB0bKa7ktkpSez6Cr9FpNGSSP9G6sjoggRFc DSwHR9FIsX68cHE9DsCVE5J1PLAbJwqQiGl7s1ViDf1Ab4mMmdShPMOWB4mX57wx TcoAdxts6wgjotNwjEwOPEhYOSSAwxjGgeTvs3La4+nrjpFcq7Hg2Ot/FNBq0WsD st/oPfeZ/Lt/teUT36m5crWOovRMAAXKMSpg/KQ8L9b3HDrlwUE= =ozYQ -END PGP SIGNATURE-
[SECURITY] [DSA 5464-1] firefox-esr security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5464-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff August 03, 2023 https://www.debian.org/security/faq - - Package: firefox-esr CVE ID : CVE-2023-4045 CVE-2023-4046 CVE-2023-4047 CVE-2023-4048 CVE-2023-4049 CVE-2023-4050 CVE-2023-4055 CVE-2023-4056 Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, bypass of the same-origin policy, spoofing or sandbox bypass. For the oldstable distribution (bullseye), these problems have been fixed in version 102.14.0esr-1~deb11u1. For the stable distribution (bookworm), these problems have been fixed in version 102.14.0esr-1~deb12u1. We recommend that you upgrade your firefox-esr packages. For the detailed security status of firefox-esr please refer to its security tracker page at: https://security-tracker.debian.org/tracker/firefox-esr Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmTL4ygACgkQEMKTtsN8 TjZ2nQ//YUyg2nEzvoHNRQHE9ezAxjfXUqkQjS7IEfavk7APQzLq4hvNcnkOab7u 6vRimyFObl5o07byVlrDSUUENk7JivvX4HWd7h+CwJAb9Q+XE0qtHMovtbpwlut9 nH/C5nUvtVHXok1A33fDvcYTqKX/5fb+v+LkJQudm7k1CIwqJxPyXkgJ8SHFuqBI B2s72mGrKM5Ha+woca17+eI8VhHQwXBgnVQRpxK5AeAUwDchez2Pd9xr6R6RBmzi inRfzvo0CPtKp3WqFEDJHUCGx3k/mmlTbN9V4gQM/TZKi2Vr2qM+zvcEvWn684nK EHG6bm+u4EUytxAyFw0FsawsbL3ceJXYwPeddX1C2agW8bkfJgs1Eou33Dl+mu8s vG/IrT08C/udNreiWQWIyELZvIZ8RJoKDyqZB6IOtkdDbkH1IzxaciTZRuJGgmj3 rGWC02+W2tdoTN1p6GVLF5W0e6GvhYDjB+VVU2MWtqRaaE0l4v8vThHWQmfSHQKw dj8Wil62GumlC1h511SB1p1mQFHtSpBtuHWyZ4Nq3ZACiYfvJlDvq0y1nShE8Ek/ CZvyrCm5vMPW1k8UYyNoRyfo239T5/iC9lYF+1A3NqrI3f5se60/lmc5e+TQ/FzG 2CAOoVdi8EEdCpNkjyt3jkpZo4942ITTO2GZyzm1E6HQUTBY4do= =Co4j -END PGP SIGNATURE-