[SECURITY] [DSA 5579-1] freeimage security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5579-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff December 17, 2023 https://www.debian.org/security/faq - - Package: freeimage CVE ID : CVE-2020-21427 CVE-2020-21428 CVE-2020-22524 Multiple vulnerabilities were discovered in FreeImage, a support library for graphics image formats, which could result in the execution of arbitrary code if malformed image files are processed. For the oldstable distribution (bullseye), these problems have been fixed in version 3.18.0+ds2-6+deb11u1. For the stable distribution (bookworm), these problems have been fixed in version 3.18.0+ds2-9+deb12u1. We recommend that you upgrade your freeimage packages. For the detailed security status of freeimage please refer to its security tracker page at: https://security-tracker.debian.org/tracker/freeimage Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmV/P8AACgkQEMKTtsN8 TjZOgw//e8Bv/IaGizwfZv1pgt7WltqB7B/CcwaP4S1ARybOAEShsVvMUojq3ooc T8xG37LWJ6POh1w9Ks8mEtmhAcyap0L7oO+xUyBsvIy1Wqa+XK26AVeAtbSNyyr8 jIzfD/5B0cT8mhs7d3t1EhuLucB5n3VL2KWU3INRuo0Az7rBxrQO5lzT46dBJueJ DX4f5jIEVEbxvLCkox/COz0eQW2S0m+ry6qKnVf8F7lBBMEZQVzQrHI3sV5Eo9vK PGIBlQmf05qm04utwbOxKWCU3Aq+3aVt+5DJ62oGPBS/aLjsi3pN2wSay3kE/xV/ CUyV4N5R9NYPFqyPBC8gPgwDg1gOvIEFP1nXKpxWK+JtLRpZDg4Gl5Wmo9aE9Qin w7ajxY/MbtL+U0QsfqL2TKnZs0yVineV6aUffSZ6r64BK2FEVN5ZoRM4G59++8iE 45xX2QxM8DklmYc3Utyo2nmmckJNfwRnevTxesDHjxSUPMQe/gGtpFSiXmHK6LoQ Fxcv5+p8LS6JcRQINNXtcyHnRJt2jFsOKWZ5C84iNSy9tN+wtvR4dIOOSuGcxkmy DeIjFOMKXeYxqfqurWC0ipXJ39agh0Co4kqUXtPClpGg++/zVKZ3fNW6sQ/NVYKm Ej2YPY/39EWV894huQiXRkzpykOWIa/54Knpxz60FBID3s/7gU4= =zfhY -END PGP SIGNATURE-
[SECURITY] [DSA 5576-2] xorg-server security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5576-2 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso December 17, 2023 https://www.debian.org/security/faq - - Package: xorg-server CVE ID : CVE-2023-6377 The initial fix for CVE-2023-6377 as applied in DSA 5576-1 did not fully fix the vulnerability. Updated packages correcting this issue including the upstream merged commit are now available. For the oldstable distribution (bullseye), this problem has been fixed in version 2:1.20.11-1+deb11u10. For the stable distribution (bookworm), this problem has been fixed in version 2:21.1.7-3+deb12u4. We recommend that you upgrade your xorg-server packages. For the detailed security status of xorg-server please refer to its security tracker page at: https://security-tracker.debian.org/tracker/xorg-server Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmV+8INfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0RTSRAAmuUhWkJzbFNJZzIZxvPxX4grTvBw5TlvOs9VovPtHWmlvnqzIvA3Q47Z 6asqdnWqTgEamK3Bgb/+s6qOzqK4G8cRtP1dq1dvg/OimwKRY96x/Z6+aySW4UEC SPDroT7AXAEMPzYMbgsZh+SIfQLtevEKf0SiuFpF3/e5qWajpZspn+/1o/WEGvxY CqjX+fOrXTWaR17faUiV8fCyZn0ApXv/XSnimgSXniYiK8tmXWNMbl4lyhP1XTuc NP3wNU0NFmsOXJNtxqpz/IQUvS/OzkNye9v9s/usmigLBlVo7J0wwM7r2d/BMVpt PiwBgo6vFf67l53X7iSG6OkMWUazmO5K9xEGuOdHsmKkZg96V7mJPyuSfsk8vXrN aXsHBXk4EwbYFcGXpH8l62GJ5QwzhYnlwIvmGh+DuQbrI6bk/wOdTVe99PbduGm8 tftGQFryg9Uy5KHyegMl9zR7jT/KkE/hGEB9KCwyWVPYmUxAEo5WMRL0YFMH2R4n 4luimBbgLMTi7yWmkG7TLgfedPOvW6cJxs5Qnft0DH0q1sJVYinZ0nvfdCPROF2N +t2Ko/oDHSyD+ylX9h4VVKoI505cqvdn1mzGXRa8O7d0nyA0O5OPF+2MJPTlvn1d qmcbU1om+fKAdZdSIkHF4cZ3yymmQYoc0udUJk1q2csLOivks2A= =pTcv -END PGP SIGNATURE-