[SECURITY] [DSA 5723-1] plasma-workspace security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5723-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff June 27, 2024 https://www.debian.org/security/faq - - Package: plasma-workspace CVE ID : CVE-2024-36041 Fabian Vogt discovered that the KDE session management server insufficiently restricted ICE connections from localhost, which could allow a local attacker to execute arbitrary code as another user on next boot. For the oldstable distribution (bullseye), this problem has been fixed in version 4:5.20.5-6+deb11u1. For the stable distribution (bookworm), this problem has been fixed in version 4:5.27.5-2+deb12u2. We recommend that you upgrade your plasma-workspace packages. For the detailed security status of plasma-workspace please refer to its security tracker page at: https://security-tracker.debian.org/tracker/plasma-workspace Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmZ9r5gACgkQEMKTtsN8 TjZUrRAAped6yEardsWDFEJgGZPtJzGItPSo1cS4u5J+DxNSOs5F0YWYpfgYk9Vq Ud92pF/ORYH4IVVUjKKDye6hVPufY1mu0Bibgl5OyZxgkrXLnnTRg69PAwqT1IZi 3L4ge8g+6zG3Y4j+e4kVOcgStvLnKXz8URQVCYvQB+VJWWfIJXl0YDJnHlX7hYhn Th2X1aUIryZs0reokkrofRIkcuPWZqth1Dgy1xmGBC2voCfrJ5g3Qu05nVFvnBFe QMV737XZxShKMbiV7oE7BXAZ3DuYU4OOXm14SvqTTwdNe/7zhhyz4GCmlIJHQu1u rTMPVODckBBAhc3dBjEPpAV5LJpEmoIoINsfp/ulArZkXifTl7sIBLcgodNsTPrE W6q5MU7u51XUDd4yYaa2PVT2U3xpPHaj4C5opbp7EwvoCN0Gj6m7BRhSWKl74joO QkWjRBxHcmv0zJPH0ttekpyjcwxPmGSSshVEbPYeG6Sw0Zwn9r6fT5749DP+iESf 7gDJhIxyxVG9o/p5sJOuGo9G43reGleQMigWwhfVt74Ing05o4sSIcqJkkmPNoIT MhkKHXRmKtDQOMsT74T/NX7zUGGZBpsmtZZq4Ze0zEvnVfMnxJc+n0WXIRLW+gid YFFHRXUY4T1vkcJKSLZpI3Kdp5xzMRPAVAn1sGrmnqkwZfcrWiA= =hKop -END PGP SIGNATURE-
[SECURITY] [DSA 5722-1] libvpx security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5722-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff June 26, 2024 https://www.debian.org/security/faq - - Package: libvpx CVE ID : CVE-2024-5197 It was discovered that multiple integer overflows in libvpx, a multimedia library for the VP8 and VP9 video codecs, may result in denial of service and potentially the execution of arbitrary code. For the oldstable distribution (bullseye), this problem has been fixed in version 1.9.0-1+deb11u3. For the stable distribution (bookworm), this problem has been fixed in version 1.12.0-1+deb12u3. We recommend that you upgrade your libvpx packages. For the detailed security status of libvpx please refer to its security tracker page at: https://security-tracker.debian.org/tracker/libvpx Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmZ8XGEACgkQEMKTtsN8 TjbR3xAAjCKV4coiR5I7kJJmjWma8XZvNs2U6UIr1TMuovp88eglwhfc/ppxfi+i 3K4+80Wznd+OqOwPvhOKDkSwR1H+Q1d7l3vRJnHvLOMVzjr8uziabk/P2GdszBWB yxFZ9K0iVJZyR0DDhn3gThBuSaPk8Y/9O0vP3ZWl/5cp66b3jdyOl/INVmwfylC8 tg2cFIeZJrGTbTI9avbhHvMaxbqvyLIaXM/hvewbN6I0yGhk3y2kasbkyEkDclcg QHzfQc20kPwgcWvJXD5ZD4MEHvXKvjhEfI7SRipgk2wFpxdrxRr/deA9+ZEvW5mn Ml0FkuAbOZp0MeqSu1/rWfqdAPy1q0nKJQgnTJ9uLskaYrL+ou/eNvhERD6Vdn5t Npa2pJlNlXkrmxmlUoLPmkgp9mO4EZ0xqaFqarj2KeYipUZMLdU1+19VsWkp+Ydm qmrQ1PSIbJ+M+sGCyrStR5V6MSe+FaIW1M+XmGvST98TrHj8MZvjBiqXjjGthhDm XHUhHfY4uM7ivurEjVcPiCJuD+YF7OfuFIxWP7Qoi50JJXeRpo1CYj4CaKwqXpbU QzocfXfiVm9v0I8xeJXhfTxV6K1lowYKTAcJ5u+rfUYYV/Q5nX1D5FqWFPjvNxtg GNF51gBbivEQNja1z7LFVSQs7QtiP6+gXuMFfrBMrhgA/ikO3Mk= =AYgJ -END PGP SIGNATURE-
[SECURITY] [DSA 5721-1] ffmpeg security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5721-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff June 26, 2024 https://www.debian.org/security/faq - - Package: ffmpeg CVE ID : CVE-2022-48434 CVE-2023-50010 CVE-2023-51793 CVE-2023-51794 CVE-2023-51798 Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed files/streams are processed. For the oldstable distribution (bullseye), these problems have been fixed in version 7:4.3.7-0+deb11u1. We recommend that you upgrade your ffmpeg packages. For the detailed security status of ffmpeg please refer to its security tracker page at: https://security-tracker.debian.org/tracker/ffmpeg Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmZ8XGAACgkQEMKTtsN8 TjayWQ//WBpVVtgWkhyjdpro2pRqJ1gOoRJHzHrx0NHBg1Taz1xL5UPj3YTzFJsf h73nAlbqe4uf4NjdcOzRjqsTEVXzIAyV34hh+4R0q9ct13e4f/iDxXKFlm/dNmux Lyx1lqT0C9yr7//XORM7zW3t7zaBMr/ZDzodw5ecndIqlqGoEH6IhPPAsPE2L2GA bFsN4RUeeI3XLbabWnGTB0DdAV/6oU7S9zb7D8uWuM351q9ihRloIQUNuWJdA2Te di85QDZdcM78BCIYwZ8gQpvimZG2GyF2erZni/qaOtp8JmhYHD9BdeIEe3fCNmeM R7FkNPHgr/f+h3Gu5/wXOutwtyswxH19R1GkdchPd3NtJhHeu1CY9Wf4OboCReCr x4N4Tqw36DUzGOy5mAdDfMyulli/bG5hItLG9krk2mNBI421xRnaSYzG2kvcUqNL FtxTPyhsr9Rh105y2eQjWjekTW4V8e/CdAvK/YkOgUtPqNob2LbZeoTu0Iig9zWw Ur8Brr/vUQvIGxudIoCpNXyD2VDcVMhAivDZRqdFOQoA7omDTIuO9peVF/71w27u 2ykEG8QZblkCjKLZXb1G1cpIq+VpGO7V0k92sKqw27npBPvqSXSwAsZ78pvL7Om+ FJdp/rcQngEApQEUgcIAEvae37Da57Cz+0TTnDHa4N/w8HGjH8w= =dG6V -END PGP SIGNATURE-
[SECURITY] [DSA 5715-2] composer regression update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5715-2 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff June 24, 2024 https://www.debian.org/security/faq - - Package: composer The update for composer released as DSA 5715 introduced a regression in the handling of git feature branches. Updated composer packages are now available to address this issue. For the oldstable distribution (bullseye), these problems have been fixed in version 2.0.9-2+deb11u4. The stable distribution (bookworm) is not affected. We recommend that you upgrade your composer packages. For the detailed security status of composer please refer to its security tracker page at: https://security-tracker.debian.org/tracker/composer Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmZ5vjkACgkQEMKTtsN8 TjbZPhAAlCCPInB2gsJz5gYa3aOq8nFpc/MT5oACPw+eWlClzPcg4dhNA5Uyr81b 399Vqd1u9YrxjNbFdeUEAbXSx+KsjIknl1qeCIpPCEKS9YViPL63zKGMTrG8b6Tb o/7Lobi5f33vCWVMm4GswCc3dSeA3pwuv/V14nhbbEi89ABrGNvlXT1MFfUpvlMb f4ixjnpbyHmkJQR8FI0LjNEj8pwcC6C4kBbtahfXwwDFRNKfRm/MD6KPbsAnOJdu UnCwmQv8WT1NiZ47oS+8Fku1CP3HI+47nF/XxRioeGf2bocksJUwQz782oHQlzRI MUkh73IuKYyKs9RltzH7Q38Ubw33invMDAvMAcU+w4agMuoYH8u7XbYked/2K0S6 T1tDsWO6uh5zyzkJ0s7xR0S/KbeHiQ0eoLM+GCqVv91rxvg6KRqKD8srN8WPgPKW +lBb0gRubptXpAb3Ptb/zxuPaGVUm4pn3Tltwf+oD6hLHJ0J/jcwECsU4g2+HNek Pbp2oOC5+4SxVbbOkXzp1XFLm2e3VUfTBJZqnv4vrKckmsojQs0NtA5fax4VHEiF dAacKmkPngiKrjHcjSxSam1SWO/Z/jgav9pW8Kcs1hQ1xTWv8cqLgtnF9OL6Kt2r I2q8Ub4IQ+gjX5uee9wIgbTQhwF2sMD7uhnmmI1yITttdB3uxKQ= =EuWI -END PGP SIGNATURE-
[SECURITY] [DSA 5717-1] php8.2 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5717-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff June 20, 2024 https://www.debian.org/security/faq - - Package: php8.2 CVE ID : CVE-2024-5458 It was discovered that user validation was incorrectly implemented for filter_var(FILTER_VALIDATE_URL). For the stable distribution (bookworm), this problem has been fixed in version 8.2.20-1~deb12u1. We recommend that you upgrade your php8.2 packages. For the detailed security status of php8.2 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/php8.2 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmZ0dO4ACgkQEMKTtsN8 TjZE3w/+MqMgfCFODFOJynqDrcdQ4cycenVYZc3LhR9Als8W1OViYT/oyXGGlCIY iETylmEKhZfm9jUDCLKu0wdFWPkUrpbABUZMGgIW4PG4F4eBxDCaLbtqoaQgyOJ5 wcx2f9MDtg+ST1NOpjRYUDoDaXapfSNefegUedXdapXgA3IrYFt2XnTo7su7eO5i 2lBCguFY2errAUqsM9IDrmryYVu43BelVVsxnL+qQ3WUeIxL8tQDBXTmB1g+cQRk wC1dHrXWok5op0cRR8Wv9gVW0hDugLt7r+mhOMPgo3AyB1eOKdvRvrUWEveLeH1P Mozki0nWfjKW0V5cE/0vKFY0Oxo9WJHo8lvWnx1S2Bd3Grrxps2oRT6NRGN8nsBM WcViPXZwAIu2Q+1vQUAnWB48zExV3vOOMdzoUw6ROy+N4fIfXH7GjycENOPb0jYi Ty94WeOLQcTAcjtlBZaa5YuZjPZBdsf98n0NC+NtK61pERD8wio8OLm7RtMcGy8T GgUQzMXDpkhaEceUA+k1HQiqOVGgq+GxXrAdOHBkElhwZ7/Oq0660T1hV3yDleJz hRbMLIXDbG/jTmbpHc3faGgY8PlYE8NPaHou61e1OA8Mn2dlZEJAn1pSPgJibIz0 MvGNx1AZPBF4TQg+qxbPzZjEO3xHoYyfQs7OOk87V5pVlSdoW1c= =th5l -END PGP SIGNATURE-
[SECURITY] [DSA 5715-1] composer security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5715-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff June 18, 2024 https://www.debian.org/security/faq - - Package: composer CVE ID : CVE-2024-35241 CVE-2024-35242 Two vulnerabilities have been discovered in Composer, a dependency manager for PHP, which could result in arbitrary command execution by operating on malicious git/hg repositories. For the oldstable distribution (bullseye), these problems have been fixed in version 2.0.9-2+deb11u3. For the stable distribution (bookworm), these problems have been fixed in version 2.5.5-1+deb12u2. We recommend that you upgrade your composer packages. For the detailed security status of composer please refer to its security tracker page at: https://security-tracker.debian.org/tracker/composer Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmZyAQwACgkQEMKTtsN8 TjYxTw//by7RwssfrKcrNXWHLSJjcCJLtIUfDCzp31pxo9z1uc2viR1QYgfGgIB6 yuUtjY0j8KDVBnvlpo8CTlt9Z5auzgQ0poGzshgKlvFcMwhzt7wQJtoF/mlO1dlA BUcUyZvv8YLyKA4oYfRIN9bLSsldTb6gSV1bBTVLZeCggWb69HsFHrDxGmpKbcX4 3a+QL+qkScNu6wm7AdEG6RHDwJTJuFh72RjsONrg172i/6zL8wVqbGEg1HRYiFCC TYTniZsTi1eqQRSNzqIrq61Z/PFHhE7IS7DpNLF+8nVdTFAolou89/VTJSXO/nQC KR0MN/xHlctKY7wDj4lM3IrqNY0RoG1s4V/EiUz9fzdBitFvozPXgf45h45ETfv7 7NVw8quKrIQGKUNRtRBoemqHJ3J6ZpmGHyR5MRBjLdlZqnY0LtIq5dbj/AZJE48t waKbP8KsV6Yt7CtXe/c6zbqlRjZsV4p+4qOQtDuSqO751k3gWSLMtgogT4cmKLRu hhobe/zInQIsiUKcAmYiUcTjv2BXnSz2XYNfBn4Sd4/J2Bn+vMRMlLPOj7U3ZOIz Zr5gWnSoJrUQEj68icbYHLG2jVGxLpZ+N3YlGEd+V+5N5sklR6Ggy5RjgPCB7at2 84WtvfU0EggKpgWhjoDx273K/EIVEAaEpvIUe3mhle1Tj3cdeYo= =oulZ -END PGP SIGNATURE-
[SECURITY] [DSA 5713-1] libndp security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5713-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff June 16, 2024 https://www.debian.org/security/faq - - Package: libndp CVE ID : CVE-2024-5564 A buffer overflow was discovered in libndp, a library implementing the IPv6 Neighbor Discovery Protocol (NDP), which could result in denial of service or potentially the execution of arbitrary code if malformed IPv6 router advertisements are processed. For the oldstable distribution (bullseye), this problem has been fixed in version 1.6-1+deb11u1. For the stable distribution (bookworm), this problem has been fixed in version 1.8-1+deb12u1. We recommend that you upgrade your libndp packages. For the detailed security status of libndp please refer to its security tracker page at: https://security-tracker.debian.org/tracker/libndp Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmZvJhIACgkQEMKTtsN8 TjaFxRAAoZ0KcqyXTKSql5dnEURXQPpbzVnjYd4xnEzbunVupRTJnFmDpF/huBYl +Owh85Et0uUvEwYZIGb5bt47jStw4iBHYSG7AaWWPWmlqPT2izu461AL1njjDJh0 i3BPGxTm1lY1k8tnUZkPp08BonJKnesSsogiFy51L0Apmug3/UJu9HrsUGGeVsI3 oFHgxQWAe92f/9mTzst0J1BoGYC66n2CUISVUBUmyCBBKiPWbzVX5fSMu5ZAgRCC m+8VcEgFG2zZmOxaWqhlKmWNcraAsJmi4Y4Isp7AsmYFjHogY/jURDf5Y/CcdGuK wyGThk0sU67kbEgQDkCW+40OGU+WuEE+5cU5FytNZzNunsu9BZM+YqwrtRHBZhmJ Mr1+io9pJaX/a2wQqiHxOsb8wKbWnykDmgXRHd3qAj/XzRjzipebfr+5N7wOee8J ritwniCimSSD3Uaev7HdFWO6DbhQZNH+EKpSgAZY0JlM96yIUafH6dwnH3NM/bBY P0iEbm+bXE8emF4XfkAU5TZuvPmsQgKCf8idgcHAE9a0jSv8e5bi4JNa0adLO+0B 9RtuOhRGjhTtkkzwYeU1/07vGnQrZasDjZoFgHcnrXqD8hDFVYX4z8T4pn0AMe1B XLaAx83D8JOX2SqP6qiiwOGViSDyZl/JUGQ/zmUf2rEDU6fXBic= =ilxi -END PGP SIGNATURE-
[SECURITY] [DSA 5712-1] ffmpeg security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5712-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff June 15, 2024 https://www.debian.org/security/faq - - Package: ffmpeg CVE ID : CVE-2023-50010 CVE-2023-51793 CVE-2023-51794 CVE-2023-51795 CVE-2023-51798 CVE-2024-31585 Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed files/streams are processed. For the stable distribution (bookworm), these problems have been fixed in version 7:5.1.5-0+deb12u1. We recommend that you upgrade your ffmpeg packages. For the detailed security status of ffmpeg please refer to its security tracker page at: https://security-tracker.debian.org/tracker/ffmpeg Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmZt3FoACgkQEMKTtsN8 TjZddQ/+M8SG7jUGvMp5yfB+cMC8/ycNNpZBVObPfxJPg8XYTEXq+ayMd0uGdQO8 AjaLh+Z7/OOJQ5ZpVHTMcE+bmCV+vAAoYyprz/uX8QstMKkiHZ2/SE/1zNrYuAMC JnmX8jTPNDMjFxoXYH/a2+QVmH5/Wo5GmCHStYRfIdVqkG11s76bcrVdYQ99zhek NfOErXzd70z6zdk6KIMHLpFHbJCDSsWlHQPPvDidaMrGyVIs6mfh6tfcBfmTTB3m wpsTs/Z9prDRFMZUsph4AkMncYO9vfgWwervOckVDMosfuoSMo26DvaKqDUho20s Ej5S4tcgzzJ+L68itXoAfMLIc7ErjX+sMNPQB7Q4HnXwKH5fXkPIhmMoOC6NUPoe 6DQpg0rabcJajdZM2wfnvpnyLf7dzCHjjTQD4CBL6vQp9U6MNK5nme/P5EjJAcI7 TdT3VfLsi0QCZRnX0B71meCTUzg1BXThnhUriAaLF2QIpFuJs0qMwos7GLFtGXAD 06WY6ctpiZ8F38v4y9W3O+FXOat8BBW3kOYc/FETEYXtjt9nnCy2AuwWrJ3oKNpE qaOI9ikfBbLxCXSW/G9RBSId6vK5tQeeypKY1sYwHRmVOeY8v7rtgi6x7uXHBktV sWTXFqtF3HlA8jLpJQjemMGNvLpGaOTK331IRNkSGygtcUrGAGQ= =nhZN -END PGP SIGNATURE-
[SECURITY] [DSA 5711-1] thunderbird security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5711-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff June 15, 2024 https://www.debian.org/security/faq - - Package: thunderbird CVE ID : CVE-2024-5688 CVE-2024-5690 CVE-2024-5691 CVE-2024-5693 CVE-2024-5696 CVE-2024-5700 CVE-2024-5702 Multiple security issues were discovered in Thunderbird, which could result inthe execution of arbitrary code. For the oldstable distribution (bullseye), these problems have been fixed in version 1:115.12.0-1~deb11u1. For the stable distribution (bookworm), these problems have been fixed in version 1:115.12.0-1~deb12u1. We recommend that you upgrade your thunderbird packages. For the detailed security status of thunderbird please refer to its security tracker page at: https://security-tracker.debian.org/tracker/thunderbird Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmZto9cACgkQEMKTtsN8 TjZXBhAAnSaDt9MYqXeJPvQm03CRoMX4NgoOoOX9Zx5lGKFHH44Ghy+ZbSc4jor6 wEIBlrw9TpE4Cvgi6dfAtRCP9owpOl5M75FK8/YDIudPq349SJbRZRGXs0CPY5fL zxG5WcLPqRGT9S5wm+LQ9u2BcyOOTyDa1ICl1JQ+vPOY0r/7jjojbbkPh61a3UTq JGbwPYhsE4DZW6CG5OsOvzoX8/9docjO/DnTg2X6SM11Ti7IK77VJ02aT4F1dEby TXD5SUWws1euRgLQBY0qaOB1kbXfQJTpx6StV7aaGVfC07qQyv+PZgW9xEpbGyIF oGcOtTHZStQHnbQRonChBYmWjkDahmrVET73VY1gpv6nggNy9z3RcTjyWzobHBX3 lfXJpvxtPF9/UpK2V6N5rd25F7Fq65Ldip8H/uCgJ2nL2u6qFSwrfujeaInoeDKk DpvkZXHJDFkim2uxjAnD1FVo88K4xa4cI8eUvN28VB1I0E+h4yHN4eIK3AgBlAiX +y9KoaMLVUdz29RZ/i2UngnX2K8V0P7Wqxk/SacMDiHuRt2LUt0yQQAmsSgb9CBb ajhbwAj/do+gsmroCz941w0O5pbmZ2Ggxqx8FiX223LwR7255IYj3qYWQd0kGXFr FxsZgxLryBMgBQuoDZVslO0rZ/klVZyDYS6S0C7+31lSfQAk7Og= =dDKM -END PGP SIGNATURE-
[SECURITY] [DSA 5709-1] firefox-esr security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5709-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff June 12, 2024 https://www.debian.org/security/faq - - Package: firefox-esr CVE ID : CVE-2024-5688 CVE-2024-5690 CVE-2024-5691 CVE-2024-5693 CVE-2024-5696 CVE-2024-5700 CVE-2024-5702 Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, the bypass of sandbox restrictions or an information leak. For the oldstable distribution (bullseye), these problems have been fixed in version 115.12.0esr-1~deb11u1. For the stable distribution (bookworm), these problems have been fixed in version 115.12.0esr-1~deb12u1. We recommend that you upgrade your firefox-esr packages. For the detailed security status of firefox-esr please refer to its security tracker page at: https://security-tracker.debian.org/tracker/firefox-esr Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmZp3moACgkQEMKTtsN8 Tjatxw/9FfA9OK9R93tp9VFpY58Wszpi7nJYMtGHiXnZTIrVX8ujEvWOcXic/iKx yetUGpakGs4IU2+sTXDRqHhRupSOGVM642pBeXrX/WAGyyqJ0xGuMXDDSjlPu745 UTywd2KEID9LxBCI6WOJXhiQXTpkA2oTJa63Hy1d04x19yCdlyMPvGFf6dvaZ5+C jzjPGmye+ym/SBkd+9eYafRqmauT+wn5N/SBHr+3EvY2Orssiw+0d1/HQ1Z+2n5/ dzNW/npF7TlFrXtOb6GkKNP+agY6HrbMqg+2WWm1LkrexlJSBPCTg3PxXv//ejm2 wd9eRyDyJnavwdDi4L4zXtMqLFouGFQdOYOB7qx+7yBfPUsp9arvMPaookrKxR5y HAjut/sbwODC6WJyWrEHP91OjFRrjkIK5YE2dgYrc5T03DMKW5oL0Ff4Pj+eUfbf fLyNQ2niC5MO9hO1H++u7sdWjQfZh6OrFEfw6Et1J/U5BIs7k5td4XvWtcyaTPHS mBtTV13yUV9In3ARt3Kl7KiszGp476mZe/FlAMYOfdvlDGHMSF9uOIf+m9G9pXg9 gAYzkvFDAJ+Gih+iDunPCSjvREpsjplmukK3bpNuHi1I7po4puUcVdNLSg9KjEUf wzBZhyAplATbnhZ22+pFssFKXgGxjEI9Ovw/5K4mX3Rgt3rb+zU= =9bhr -END PGP SIGNATURE-
[SECURITY] [DSA 5708-1] cyrus-imapd security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5708-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff June 11, 2024 https://www.debian.org/security/faq - - Package: cyrus-imapd CVE ID : CVE-2024-34055 Damian Poddebniak discovered that the Cyrus IMAP server didn't restrict memory allocation for some command arguments which may result in denial of service. This update backports new config directives which allow to configure limits, additional details can be found at: https://www.cyrusimap.org/3.6/imap/download/release-notes/3.6/x/3.6.5.html These changes are too intrusive to be backported to the version of Cyrus in the oldstable distribution (bullseye). If the IMAP server is used by untrusted users an update to Debian stable/bookworm is recommended. In addition the version of cyrus-imapd in bullseye-backports will be updated with a patch soon. For the stable distribution (bookworm), this problem has been fixed in version 3.6.1-4+deb12u2. We recommend that you upgrade your cyrus-imapd packages. For the detailed security status of cyrus-imapd please refer to its security tracker page at: https://security-tracker.debian.org/tracker/cyrus-imapd Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmZoliMACgkQEMKTtsN8 TjZehRAAmsG/uxV+I5d5ftA5Zt6vHzr+JGjjA9nOdRijRWI1eITjPIZV+IQgUszr rW/jgbYmRbzI1WNpHKp6bkB70s22bQjShw00MeLk1FSaQkTJyDIkA5sq/xiRM0Yn Ie8nVDaMhVpcYjfeFc/5ZKXZQoea4UiQpIKIGNdq/FHaY3vMja0xYvxVx+0BCrsc aRQrk/wyf7dBgS5HSiJpJruXOAW9zh3IBVF9IDXOpMDG266ymPUuIPmgRUwHjlwj TrWHkdiuHs6CO8zvETnukZOdJCebrfet6dE3/MFyt+Y3w+X6SLTzWD6quYV5rAp1 yaxHlwaeewXaBeX90OoRGL4wYElbl6NJPc2SKi3/uTuDHGzAExqXXzorhvGcmVgG SGmMlcSAp9CLNo9/VznMo8q3TJq6+RaJ1ivqh163fisQxsigsG3DjuBM0uBEHHXJ z/W7VCYVm1VcYsR3PCpfPI81Ds92SNHBf9HsDYI07fJV82BZ+EIPiXa6a9SAfI4+ dbG4C9Rz7tmh5XCVHBTg8ZxlJQhrF2S67ENI6IxjHjyLVfJiYVReEJ06GiytkcJ0 ZYzXu8pRjDP8s/jynCPGbmWbXSEEW6QykOWPT1qM2Uq5lGxZluKIKQySs+GJ6UJx guHK1eC2XCc4p9FDtEq6Nd0C593VPoYyf7CTqVKXfBL/N0uk/7U= =rPUU -END PGP SIGNATURE-
[SECURITY] [DSA 5707-1] vlc security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5707-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff June 11, 2024 https://www.debian.org/security/faq - - Package: vlc CVE ID : not yet available A buffer overflow was discovered in the MMS module of the VLC media player. For the oldstable distribution (bullseye), this problem has been fixed in version 3.0.21-0+deb11u1. For the stable distribution (bookworm), this problem has been fixed in version 3.0.21-0+deb12u1. We recommend that you upgrade your vlc packages. For the detailed security status of vlc please refer to its security tracker page at: https://security-tracker.debian.org/tracker/vlc Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmZolW0ACgkQEMKTtsN8 TjYXjQ//UMm9CCL7ivyD16+UEH9s7pub7+9V2NKFzU1Zfj4Ta1Ikfn6ECd1NXx+R vEs03+UPor090UGHllCSXxuRLhjbM7UuqlQu3orrVBKu7+ZojMEPKV33eCsB2t88 3qHEZ4ln2SgVlELeATeQIa8AAN3Zu1ryiw0RVvNzFVMdvpzSKtDsK8Ioi1qR6Om+ dHXZ27/vDgVu/seT7YXzZ4yKByiutPEgUIBsGFw0075siRycKn9jQg5yrtbGZPG0 xVQIT+6+e5pXgO7O/Mofb7SI6k/pedO+m1iXjeE5kfXmhBRpILWtzF+gwD/GPALz oj9VBgdRv+cf8YtwFlc8V2IamrLrQcNr/sSe5AtPkVjibL2QqI7D250qrX1Lrwp9 x6jfkkevx9AuMtlEM1o/vdzD2toVuOphKxGpcsH5skRiYf7BJ6W7qe6hth3YyQQd AziS1RZUsYKh0v/yotjAfykUcnBgnLwzzfq2G/+/R0vYHFz/PbVrA+bCPLSArPy6 0BXRgH5VQKl6yJwgst16Uq0Kke3zYhF55XHISjifjLh1rH/omzTH+OtXWLl6VvTk ELrw05ER7sBB4ufilThjMOv4qB2WgaAcJgaTWcKekTwdwcOi5OJvMjDcQeTtWsYm 3iub3jWGatY69JGqQPGfesHIxjZE2nlhdDdiAhOcPgS1u1+mZh0= =TPrH -END PGP SIGNATURE-
[SECURITY] [DSA 5705-1] tinyproxy security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5705-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff June 05, 2024 https://www.debian.org/security/faq - - Package: tinyproxy CVE ID : CVE-2023-49606 A use-after-free was discovered in tinyproxy, a lightweight, non-caching, optionally anonymizing HTTP proxy, which could result in denial of service. For the stable distribution (bookworm), this problem has been fixed in version 1.11.1-2.1+deb12u1. We recommend that you upgrade your tinyproxy packages. For the detailed security status of tinyproxy please refer to its security tracker page at: https://security-tracker.debian.org/tracker/tinyproxy Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmZgtJsACgkQEMKTtsN8 TjayjxAAv/O9LSl0hdPmdVluYepX1yso5nf8Qb42rSVNPfLegsy1gr/Q1NVPJjuy 471IezOPl6u/g8mg+3UquD6sRs5Q9vFc6seFWybo3TenVNNA2SMClwRAjJeuCWVW lEfAIpw0VTMpVh7cWqFuBBCOLJ0CMLXab/cXGib65L+jCxnmjTkvm3rXAfDxDec6 mF0UG0vQydGS7dBfMN86udhX3KMXQPY1lctG+6r0lhBnLC79+uJPHmfC6Qup18MS be80nB5pCc4kCk2+mbdGZ4UxnFW5sjKI40i9WAmw+7QRzunA6dgvqX6K9NINh3vr ol9yWcGMNVhdaw2OY1q37tlqc2DZmv6dUD3uQJ8QN7JKVjep+uukgzk99sLkgm6W Gxq815bQ1ExdFybxz+x4ixwJN5CoHlD9SjUONunPSq95wqYvkpMcmqDI2DMu3yRB Om7mOf9wePUnAFoqkQv3hUXX5VNfjnVPSYTh0ewNsj1mUv69flJBt9pmAQSuB24n 5SnnK4sRIQcVo/extDxtmLSNYqrKcM8FRD0mCGBv1CqyLHnYo9fLHdGzscO3GwzF FYBoH3Z6mVBpIICctWml0Sn5H1jr7/pu9pDmfmTGlJdyteW/XJLLtwLgu23CsFGW dcwTQPn8Uw21+qoFgullC94vsyvLjvn9yzTG59A0A6f5U9wODF0= =euKq -END PGP SIGNATURE-
[SECURITY] [DSA 5704-1] pillow security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5704-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff June 05, 2024 https://www.debian.org/security/faq - - Package: pillow CVE ID : CVE-2023-44271 CVE-2023-50447 CVE-2024-28219 Multiple security issues were discovered in Pillow, a Python imaging library, which could result in denial of service or the execution of arbitrary code if malformed images are processed. For the oldstable distribution (bullseye), these problems have been fixed in version 8.1.2+dfsg-0.3+deb11u2. For the stable distribution (bookworm), these problems have been fixed in version 9.4.0-1.1+deb12u1. We recommend that you upgrade your pillow packages. For the detailed security status of pillow please refer to its security tracker page at: https://security-tracker.debian.org/tracker/pillow Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmZgtJUACgkQEMKTtsN8 TjZpSw//Ya0Ju4SEXNXTdbLtSMkJ/Mw76ooJgrvI3GaLSarant6LcK7WzyOnjbCH 9YKKPojJCyfa5RwBqphHU97dQ9apYmVRv5GVQdw7tjm+s0Uuu3oRMiE+S8c3FVBn Yl6nqiTAeQnGERWAnxH2be4P6p2izWaFgK4cBHY4Q958bivB3ebGgS8DfdtuhiQo 8tRdM0PREuF+xwiDb9UTRLqGGVNY+k8orkr7Imecu8IS2PakID4bnBB9AxwJ8hCC bRzNITaCh2c5BvovWNw8LADXH6mhYsnvWy0xlhDp7wrFuJBktzuXXLQuIxRkKcm0 QVO65rGFI7vrTMxdtxM7ORdnUa6OMxcOwTEYeQwVcQs4k4J7M3WTtH8rz9Bgtca1 DdY9foJw34bXitliJeekBibxoPbiQV+jluJAJOIvLVJ5eVeBKIowCsFmFgQbcHSb CgVA8khMMIcp4XFi3NypH2MkTJvJK+0RqchtaVmVFWoNnbamGoyr9Ml+YZbsLP22 kBBXSYw9MYCm8ZPN43owNhPHxD38rSg25hJYJOjVkLHoGZYMNse74xZkEaJpyPXk 5WS1QM7qYEcG1RK7a44E6xRXU4rLUfLJWCHPWsLLRTNVbKnm1EQsipbKnS4fGjc5 9dOD8HfNvRbwSpQ/+w9m3L/QU2F015d69UzgG1piGddGBdzLvdE= =oUWM -END PGP SIGNATURE-
[SECURITY] [DSA 5700-1] python-pymysql security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5700-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff May 29, 2024 https://www.debian.org/security/faq - - Package: python-pymysql CVE ID : CVE-2024-36039 An SQL injection was discovered in pymysql, a pure Python MySQL driver. For the oldstable distribution (bullseye), this problem has been fixed in version 0.9.3-2+deb11u1. For the stable distribution (bookworm), this problem has been fixed in version 1.0.2-2+deb12u1. We recommend that you upgrade your python-pymysql packages. For the detailed security status of python-pymysql please refer to its security tracker page at: https://security-tracker.debian.org/tracker/python-pymysql Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmZXZeAACgkQEMKTtsN8 TjY9cRAAkMErPcbiz3MnN7NmUuqkG/NmbuUM9smN4WZp8sF6kCsCm9G8M/dSioS+ IpZMFUv1DDELh2HtxWjvA+fqMTddY3CxINKmJEiMKPd8I02CjJsq1gArH8VVAaxN FQRyU69RA1hecMcQvR1lEssciddFfkzpe6E1SXK/Mp2JMNWmtpRJNUZ9khhIf4Pr thpForQN8EzQs8gJRQ/2rN48TgcAA/bGyS+W5PGJbb+1RjW5H4eaNo1HHgZNwJNc TjkylG9MV7nzC5ThCPb7ycrIadYPV/IAYqnh5qUHQnDDROFvWE1MDdn9cPxGYoDm Fk+/Sgxe9HXRE+Dr8/h0vb0tBBSqN6nBG/OBHKT3eKsDJVPt8TWkBuagsCvNFY3a 7Unu9NQC6NavUanspOacnY1W65BYHUq/5e/U0cLyZgJcPzaJSKeZHVsHLHLStqbK UCWVBpDxX+5eVd8v3hxGq32H3e71MKqoLV5FzWUzf77qe8SxhWJ+7YSUdYVpVjZX tronaUvPKTub8p2d32dAZOSQYTbeehQpb1pIoVBWNxAOi12xTz8y7qta/DspjF4T j3ks+9EiKtS7Bzf+jEQmYEI04RxRn/wdHRFhYjwaGsvhlaH221Y/w53fczJ5bj2z QODBJShGhuNmwpz9Jr7fvI+gZE3smVkMLWaJPl2BhtF2kAFB62s= =sLat -END PGP SIGNATURE-
[SECURITY] [DSA 5699-1] redmine security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5699-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff May 24, 2024 https://www.debian.org/security/faq - - Package: redmine CVE ID : CVE-2023-47258 CVE-2023-47259 CVE-2023-47260 Multiple cross-site scripting vulnerabilities were found in Redmine, a project management web application. For the stable distribution (bookworm), these problems have been fixed in version 5.0.4-5+deb12u1. We recommend that you upgrade your redmine packages. For the detailed security status of redmine please refer to its security tracker page at: https://security-tracker.debian.org/tracker/redmine Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmZQw0gACgkQEMKTtsN8 TjbXDhAAlwLX55/MEXwBGXK2/diyo0jALkcur3+674tfQQGzTDeOzN9LVxJLLSS6 FkgJEv/9bW/EjRpltBR64eqPjJC8JSmiqcEC7YU0paZi4gKyurBBy1F5hI2kHHFN M9KzjIh44Wak6W/3PtJHw8nClZMG2uJZFiXhqzrR1Gv+NWlFILhNyB1RGzB5hQYr 2/arb7tEj4heXGWtahrbzi7YZS5a0aREK0nQ7y09DCYpvlJTlpt3almGxPJhpbyz RTwhRMrOTOZJHfwAwxjND2xmblfvkeQxLrNbBBEO9NO18cN69lOMA/sG3haMMkVK RpZFIaEl+F8t0WIqlAog4JjiivrhkFL3Px4uthuD0HzAzxveHvC9rgqPWUOre2eL BONo74Wsx5kY+gY7RZyNJRQ7VRk71lRlqAlGSofJ9ckfOincXV8lT7DEEcki42Qh rx8Fw682z5m+ozyaI0FBK4yiKiZ44bgjIb166paoxhA+H9WiubhR70Z2SMUG2x7I qktbTa+oboSXOc2zYDFpIa5XWXWJz6OspHBxGE7JF+Zs/eRhxXsAJb/diJB6msgD GTFAmynvAifcfDHczRqG56AG8jVku4nIGT0Q7INAeukhdWUU5jyqYrcF0UoPa+c+ NW4g5CZNACKjpFAIwo+WJceUMsgVy8ZvIV/IRH12XtslD50K1yM= =Fejb -END PGP SIGNATURE-
[SECURITY] [DSA 5698-1] ruby-rack security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5698-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff May 24, 2024 https://www.debian.org/security/faq - - Package: ruby-rack CVE ID : CVE-2024-25126 CVE-2024-26141 CVE-2024-26146 Multiple security issues were found in Rack, an interface for developing web applications in Ruby, which could result in denial of service. For the oldstable distribution (bullseye), these problems have been fixed in version 2.1.4-3+deb11u2. For the stable distribution (bookworm), these problems have been fixed in version 2.2.6.4-1+deb12u1. We recommend that you upgrade your ruby-rack packages. For the detailed security status of ruby-rack please refer to its security tracker page at: https://security-tracker.debian.org/tracker/ruby-rack Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmZQw0YACgkQEMKTtsN8 TjaEDQ/+In6arFD5sCgR6IZW2RiwAgBlLY9SAPlcuSI4qYkoN3JDMsm3dWV38UEO IwhvEiNpOXRiHCi4V15Eo92I1ayKJIZYM9n5B1pjGQrci5tl1cnFIfhfkIEjRET7 OFRgL6TYgzsc5PKmlBNmff/yQOPXdw2q8dfgJkBb9Nc7GUxrhnsAdy/5mrW9NgSP erd65rYZ3NcGpSCiKcUcweatBalf2GycXFXSNzUlYw4nGuEOM5P4uyB8TI0lhaxy +hQA24fVGfKIldSHvQu4gs2jN2CaCNp4KyV5SkAtK7lBTxWMihmXwhzvpGeKF/AB okicqj4AC/T1BhjqS7S5/CjScmJwwkOcpaNhcqoI9wmFkx/bVYbQGmFuYPibziBH fBeucZhCFW2zhxSGYX/oWx/V4J3kBwMMUll4pI3AM0SEs/loeU3k+eLR7mq1ElcL t+IOmQpwNIIuvy/r8wvSySBLXu07b1lS29LMtqk3qXdb3HO6e2QznIdW6CatcewE c6uWOAzUBSFwvA1kgXWFqT9gj17RQ6VdMAdOw+5dkWIbJrWeJfiDdlT6R0KWpAfE xQFzLbywtKJAtOnS7v+jyBkPlTg5Rz6z7o6PCf5fYA42FnI6p5AAryPvEupbiE6N 72K1+8x+mDeiPFLlmrlP3tUsdhVwSfD5AEO+Qiyi04rYY7w55RM= =9BYJ -END PGP SIGNATURE-
[SECURITY] [DSA 5693-1] thunderbird security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5693-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff May 17, 2024 https://www.debian.org/security/faq - - Package: thunderbird CVE ID : CVE-2024-4367 CVE-2024-4767 CVE-2024-4768 CVE-2024-4769 CVE-2024-4770 CVE-2024-4777 Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code. For the oldstable distribution (bullseye), these problems have been fixed in version 1:115.11.0-1~deb11u1. For the stable distribution (bookworm), these problems have been fixed in version 1:115.11.0-1~deb12u1. We recommend that you upgrade your thunderbird packages. For the detailed security status of thunderbird please refer to its security tracker page at: https://security-tracker.debian.org/tracker/thunderbird Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmZHhvwACgkQEMKTtsN8 TjblehAAjdBymRSVaZikas4l3u+3RmsaSgg2CabDzMQI722DASHqseeqBvxTXrFC lLl0aFaweSIccV+G0Yh/Y446NofPibrAKQBOyMmo3U3pYkmYFwnJoJwrRyb+198F zt35McFfs6NZwWyve8BxezHvh5cCRQBn4PSwiVOtkf6aqmviW5jayyO86xb9SI5f 2CYNHzcoNpCqfxTxevkwJ4FOIYnvlKKIl72K2wXrCN99XSS2+mmJxhvrj/jG7zuR JDqCFlH08TXyAEklNxfQsdiojC2T2SLQT0U6viXxNjE6TicGSip3mFIvC1VD8ipP y+I1DZiSlYmxMqPfmQI/AO+sUGUUWKdenJPxevNZRppIG56yr6fhmWHuK6u6UnS4 DIwV2mc0a+mWzoG21otG2MJUBQJpulq8SnAmKE7UHLsVVSp+JysIgwq+4K4fOwbB 1oHFMaD/g9uFNjaBqRbkFpauaxcRpLqoP6L22qWM5fASuIYaxnvRmItbHPgHx8hA NND0bo7Fu5Uau4rr8pUfYdCWvYmCGhICc4jeXIeOAV/QtBYGuoLPiZ31iAFlro4m 4/CR0w3dUPTy7cUPMgU6akrvN0fuuznIjtQDyWuWRGG9JvmWPlN7vlSpT8vi0WDw 2zGD3owtPl0n0tvmSGZ+SRD9pVhzSOzPSEOCV2rJ8GHj1Zi3iOs= =8c2k -END PGP SIGNATURE-
[SECURITY] [DSA 5691-1] firefox-esr security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5691-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff May 15, 2024 https://www.debian.org/security/faq - - Package: firefox-esr CVE ID : CVE-2024-4367 CVE-2024-4767 CVE-2024-4768 CVE-2024-4769 CVE-2024-4770 CVE-2024-4777 Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or clickjacking. For the oldstable distribution (bullseye), these problems have been fixed in version 115.11.0esr-1~deb11u1. For the stable distribution (bookworm), these problems have been fixed in version 115.11.0esr-1~deb12u1. We recommend that you upgrade your firefox-esr packages. For the detailed security status of firefox-esr please refer to its security tracker page at: https://security-tracker.debian.org/tracker/firefox-esr Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmZE9HkACgkQEMKTtsN8 Tjbi6w//b/rdFGGSmnEzHq/+18x5CgOKUmQa/iJRj1H4LJ0XGBphsHvrFGg3Yp7w aUFq9yKGy2rNlkpxMJ6vpI3aMDmLnxMYY+fcdWqgJOwk08mw1aX0pod2TzuAW4dc Vfl8wKWTDpylLgiBsfa8gXKwf4rqLx3xObwZe/khgnM/8gcOXe6g3cOzH6YCeI+K BoZb6W+R9RnHOmvLDYY6hnUyWraZBFNNVfpyiBeqklC6SeLvyrXbsal/vKa8NnPg IwslILuyHZ2UpdetKzu1eSLWgr0gQabAkTZVKfwapRqopx4ZK78LiNtEK7g41Tlg cwQsA7Tpfy8Di1MxxDVZ9+RcoO7klaoY99ZTwRB2oeDaRrerxa3odDmvN1LdbZGS Ttrl1ZiMPH+H3/LgKrwOBvqQEdE++CN9J6Ct5A5eisZl7etIWG7xCOukxORL/zVF eBhzbkkOGT1RoXBcNEYlTKvCO915jfqKSHhPCTxRaeRxT1U6BcKOzHRmF8gPG8th 08KD4rMcYfT8499rdRursHq0y9Cqm5/CxjKm9oDF4wyIb/jeuNzBtmbZD7IZRer0 iWCSvRyvH/3IONc3FHQ/G1WBGH+0mh80ysvmuR8l9MCGyZ9TqmbaGfQXAnJfSWMO cttxZ9ER426nbzfLQ9dIIWQTwxJu+ga/DfxlbsMMT1wbXWkMeAM= =cQZH -END PGP SIGNATURE-
[SECURITY] [DSA 5690-1] libreoffice security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5690-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff May 15, 2024 https://www.debian.org/security/faq - - Package: libreoffice CVE ID : CVE-2024-3044 Amel Bouziane-Leblond discovered that LibreOffice's support for binding scripts to click events on graphics could result in unchecked script execution. For the oldstable distribution (bullseye), this problem has been fixed in version 1:7.0.4-4+deb11u9. For the stable distribution (bookworm), this problem has been fixed in version 4:7.4.7-1+deb12u2. We recommend that you upgrade your libreoffice packages. For the detailed security status of libreoffice please refer to its security tracker page at: https://security-tracker.debian.org/tracker/libreoffice Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmZE9HcACgkQEMKTtsN8 TjafDQ//Sk+rmcpKLiOqNIAbIgwFYGGFW/Fd+MK2XscOlzT9a0xr+BLSguIVkssJ vVlvl6z18D5xrCkLeMTsbKcgZYhsSyA6ehnOIclgDHoCCwdqNwfMLwL7xHM0Gw6B nu5P4CrVLqn4hm3awI5ynOFkKnWtR7RR5pM4hHxXicCQBNCvXEigkrySh4OzAY1P 0qUCsxGWiukTXfecoT4zhLfAS8iaNnQBIAZ4MKUM8C7cgYD149crmmiDhS1HihNg waQcz/YkbRGpsUJXjqgpeTXmdhq/GP0TRWnBrBPqEt+9l+/j3tcjHHJst506Y0O+ uF+NwK+7SuSHHAebowuam9sL99lTgQuf+NUnz1BxHWFvMeBtW+gAJRRXb8SiUIR2 OWBTyH8o0ovsxB4TfcjZcUleGZepgVDGvh5QJube5IvGGeHZCynjqIc/W9myCpot awCKzsf8so66rizMRIYj00Po5ScMwGAXOo9EQysK2/jVnew1+OqkeiNwslaWUqzF s7S6zA3HN41i5dVT/EJlsvXjqIT0r6NE9lNXPVD7yNfMUI4yjVFXiP6h3UALMpgn qodIXvwJoHb2BPCXc+ZphgHtlhyXs0YYYEbevLcdOe43YIX1mRyXK1mcbAuS1YgB VfHSXG+AYVGZXvu3ZLMwuk4z1FGnouCcpVBucG7RUB5m6cGPvpw= =qatu -END PGP SIGNATURE-
[SECURITY] [DSA 5688-1] atril security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5688-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff May 12, 2024 https://www.debian.org/security/faq - - Package: atril CVE ID : CVE-2023-52076 It was discovered that missing input sanitising in the Atril document viewer could result in writing arbitrary files in the users home directory if a malformed epub document is opened. For the oldstable distribution (bullseye), this problem has been fixed in version 1.24.0-1+deb11u1. This update also disables support for comic book archives, mitigating CVE-2023-51698. For the stable distribution (bookworm), this problem has been fixed in version 1.26.0-2+deb12u3. We recommend that you upgrade your atril packages. For the detailed security status of atril please refer to its security tracker page at: https://security-tracker.debian.org/tracker/atril Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmZAwWEACgkQEMKTtsN8 TjYqAw/+OF7wq08UNm4f0fbj/1xH8rFftCj/pnB1XGjkPiOPQA7cYDHUM0kRjEQt 4MDCxzQXs5gWOR20XhZUUij95xj2d29t99N9xRWdhoC49pWOfAUKRNojrt+aa/LX SzEd2tQTWD+RuFd0ODUVJ8EYwwTH+U+NA2qVRnrXVS2PT3rUIotdXjIUPPe+LII+ UX/wx3c8AKBk8UH+2bJJnLpZ26KqzcoQR4Qx4hClx0mvDFtmbKPANBeiiJSmy3er Y9VG7PSDqI0m+N67Sa5mOqOr9rVFNpqXJegSm/RIEvN/K3J+HKtxpkDyWIsG8tro ZxA53WanVGLjWVU9HnE+XtwMvEQcjlg2r/vaN/oisbdFzybbBFrvoITVBQTeKnMP GVI3IIPGRBlHYGFJpvhc25xZfVphYlqB9gVwDIlkIIPCa23fr4KilCK/k7fDTrF/ 3ae91LnzyLMIxBIIDmtEbdWxKxCnizZtTpZf0Tdy1srueqdW5FdqT0fl/SZqtWhJ 2g/uAROk4lOvs8H609it8UCK4X9PPZwYci7gzKHBpzQ5vuI+oAjL9EN41R4sahq6 Wl0Z7n5gFcsfpfKSkdFosLMylsfQ3h2Wfdw/obiXr9VYjIUQHBdQ6zUgOnwdhNp8 hvwY2WNDWrpwg2mu0cp8zRcCFLeHtfYcza9VWtiJcEa+6WAAemQ= =6TWQ -END PGP SIGNATURE-
[SECURITY] [DSA 5686-1] dav1d security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5686-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff May 09, 2024 https://www.debian.org/security/faq - - Package: dav1d CVE ID : CVE-2024-1580 Nick Galloway discovered an integer overflow in dav1d, a fast and small AV1 video stream decoder which could result in memory corruption. For the oldstable distribution (bullseye), this problem has been fixed in version 0.7.1-3+deb11u1. For the stable distribution (bookworm), this problem has been fixed in version 1.0.0-2+deb12u1. We recommend that you upgrade your dav1d packages. For the detailed security status of dav1d please refer to its security tracker page at: https://security-tracker.debian.org/tracker/dav1d Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmY84YwACgkQEMKTtsN8 TjbRiRAAvuyxl16M5vv5sRP7cBXJOG1AXtEAmw7uId5GNiRIrIPPs9JuP8fPBqxH +tasEIF7Il88KgSKDt+ZYa2R3iG57KQNjTxCvZ5XZ9rlOhb1C1Z69Qm7beYXFpTa sygIteKYzvrW3qvcDvmqsYuLd8ZDIPFhLeb5XbBdm2a+vE1dhvdyYwMj+MZP2Sq7 ZwCEd/ez6pKhsrZZjOWcoDeH/64CBnpNy/tpXW1KDvS0TsfWdlJbvG+3USBNaGq9 rk+jc1XKcKlYmPV4VKxrlUvuWFGv+s99pPNGWhE8Xf84DlssGj2Hi+m6QUHSfqxB tf+YiArHjLPihgW8CGnNZ7vJBAjUO26pwwxZcx6AemsjyJAynqcd9c38SDDwvTZu ka+mhJwZbrVcJqe5NU2jmrbzV6RpJtTzmCeZwuvSlmUxH36p9fVYhEIaeflaRtIi dDnnVo2ervwAKPDfVnIt+X6bHnF6m+GGIw8I1+6RhNulUQhwivNtbGXhp/9vf3e1 TmDr0awyY2yG7v2Qv1SSzQGQA4W5ARMb/DliFFZTpvRDzEp1iuVyduPO0y8bWORN hIsAjirq1DhzHBxquZY4tHBi3AfoVGO09Yh3ZE/KyMP/98P5XU3gH4xLsz3PziHH 15GWSpxkcjgFblNOYdtYrp4K+8YC0fB7cuKEIWaHRO5CCgx/UHs= =59hW -END PGP SIGNATURE-
[SECURITY] [DSA 5677-1] ruby3.1 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5677-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff May 03, 2024 https://www.debian.org/security/faq - - Package: ruby3.1 CVE ID : CVE-2024-27280 CVE-2024-27281 CVE-2024-27282 Several vulnerabilities have been discovered in the interpreter for the Ruby language, which may result in information disclosure, denial of service or the execution of arbitrary code. For the stable distribution (bookworm), these problems have been fixed in version 3.1.2-7+deb12u1. We recommend that you upgrade your ruby3.1 packages. For the detailed security status of ruby3.1 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/ruby3.1 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmY1PxYACgkQEMKTtsN8 TjZftBAAoJ8Fvgz0vhJl8HNpozdLc7nyThu/dZ8QCcSLgCt1xJQYModeC+1PnQds wTnEXDjWKTVB4N+xot663SmdnKptCgqqI9zb7ZLZQodo9euZAOyT/cXmaa7+/QPg kULr3rGco8xh2yirKLhoEwpOvVQ7dKePc66Pnj1ni9mnMRCYPRjfXrBsPHkt+KiH 2MAHdeP5Na5rWzlXvKS7W5hRU8siovSnqg5Apc8Zx1MKuOI2ni7dm0i9s9DeWsNT J54Y5Q+6QxqpajzmowL3dQNHJHebyzRbBWhqOhmQojVkyIY2s0WOOHXRD6gS+wwE MJGVnluBTAuUHn8JMXHX5A2I5d8vhDkUq1QZZxSjNbNqU/FXKuyfAGKQNvtedesu 10nfq5StWPoV24aKBp+bMuopO6jVExXNvAmPHTpXC59a2N3WBmUuXOas4tJHBTfJ 6XgP6JX8hom24/LUjrS1xOlfCt5BEKoU6FICVv3Vx3Uc8yeBD2/bSxaY/qbotnN7 EgdZ6MhzAga2OxMzSqJJ7iUZLBg3C2A1AdoQRYfp8i9NFu8vvd3Ra3pjn38ELJUa xQAvpFw6xhuYsY4HyIcHqQ3SnrFRH3DrEHjncD2L9iRZktpKpRJJ5os/Fs1Wd4gJ wfGic7yfmKOyDQYRPrZgWyyezwHsWy1YeffVXATlBJHvvuXiuFY= =+u3s -END PGP SIGNATURE-
[SECURITY] [DSA 5674-1] pdns-recursor security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5674-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff April 25, 2024https://www.debian.org/security/faq - - Package: pdns-recursor CVE ID : CVE-2024-25583 It was discovered that PDNS Recursor, a resolving name server, was susceptible to denial of service if recursive forwarding is configured. For the stable distribution (bookworm), this problem has been fixed in version 4.8.8-1. We recommend that you upgrade your pdns-recursor packages. For the detailed security status of pdns-recursor please refer to its security tracker page at: https://security-tracker.debian.org/tracker/pdns-recursor Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmYqrogACgkQEMKTtsN8 TjbKDg//bFtgtpr7H0WEGL6u5aHSqnIU5HNnKDW3rCy7OdHE6GHrnhADszvImyiH +IkLXb7uEdoL+Hy4A8ymr9KS+w2Ai90NYAjhYexWuTi4Kse0oKGkPYIEfAmeybf6 zduxdsKJUU7x92VwnMybQN9E6g+a0b6c+UyFYPZpUAywTqU5aT4ZH1KwjwFeu1Ab 1Uj0ySEWdd/qe/ZHS6rWB0SKWTjv15L+lx2IcO6dPDQtZA8B9SpOoTQWtIwroQtx eZrdH/V9O1D796TFFyrrr1afJCBb++nH7f191qDPrkLCaC7/EhVxEqKrbTHaVwqh OmsSR9kxvvC9wSA+FshgBfJEFSyPbX7TGOvBNjMBVGr1R/NpQeDY4L9Ta1fz6z0E UpTCuer+QU9bo5A1LMbC4sEwoGRD2/oSdmgiXSnBfJ7HXsrUUVqTeTmkMDSXwAd7 WFI68awRnNuqC4CqOvynbLc19QeH8TDWNpB4dwVevrXjEdVgQANSAJmcOhN/dyyn C5WoIDOXPHc9TNtGROxhP84Nj5gKgrkCh3bG5uEHycIT0S+PIWZDJvYAm6YoZKX4 6jZqgGSrz5/Foa0dvOlriQRFtVPpODsNSkVce8Uwvyonc1SxvytcNMugEjBP4ePG XruQ2wy+RZ4VXJvYNnQImrJ1Vvi0CCygRcK4e/4qaq8o3/fofvk= =PwIZ -END PGP SIGNATURE-
[SECURITY] [DSA 5672-1] openjdk-17 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5672-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff April 22, 2024https://www.debian.org/security/faq - - Package: openjdk-17 CVE ID : CVE-2024-21011 CVE-2024-21012 CVE-2024-21068 CVE-2024-21094 Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in denial of service or information disclosure. For the oldstable distribution (bullseye), these problems have been fixed in version 17.0.11+9-1~deb11u1. For the stable distribution (bookworm), these problems have been fixed in version 17.0.11+9-1~deb12u1. We recommend that you upgrade your openjdk-17 packages. For the detailed security status of openjdk-17 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/openjdk-17 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmYmcqoACgkQEMKTtsN8 TjYjzw/+MwGuvMC25asTYdrFA08Ir85aJ3hj14N43NoquAO/i9NIZaGYv7sau1xp boHiGg9QnDkXbV/5CGwsnRUNsvHrgC8t17Tjebh795s/v22Z+77pePTiaXC9Sj06 lnVaDYX/WWfCSJL2p5teKgzL032hN4Crmihkmg/wSvwSi8q4k/lIMBZFg2JfTZS3 buZiqaviUH0jJZUnbJYtlPasC9YNnCO9WAzHTC1TfLDS9ATLymCHAeBs0Heny2W1 V68xbN+nVsAa6+kwUZCU8wppwaE+Uvnc+SO4mra8PrhPdw//AiU8/ZplKH2fNYfA lgkId/itLJKqlELvm7h8WhGvi4QvbDvB/QYveW8phYwWWeoHPOUGLqJZDbxk0w96 PjTDgiwHzkjMKSp+Y9Eb2XKrhz2l5poBPsKy8e0qkF+I+euALwoEPZs2YZ3jcIE6 l5RR00UiYPLZLfvZ93HQKjlo85QyjByruHWIxo3hrK1oFo71vMFsBXpafRP6qOre txnkSd/i1yzeHTZmmyUnIF05G5EUVMTaRBrsCVTONA6rAK69+GQrWj87bkrhZEcu vuuyoFiNDi4zEO09y70QbIyrPjc0bD7gKdvxKVlzTovdIYcU7paMIVdFmIliF4GQ lkO5hWE+7aUZzr0JvD2TilUGUXRheqE0e6e3CbGZnNmCMi7doIQ= =seiM -END PGP SIGNATURE-
[SECURITY] [DSA 5671-1] openjdk-11 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5671-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff April 22, 2024https://www.debian.org/security/faq - - Package: openjdk-11 CVE ID : CVE-2024-21011 CVE-2024-21012 CVE-2024-21068 CVE-2024-21085 CVE-2024-21094 Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in denial of service or information disclosure. For the oldstable distribution (bullseye), these problems have been fixed in version 11.0.23+9-1~deb11u1. We recommend that you upgrade your openjdk-11 packages. For the detailed security status of openjdk-11 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/openjdk-11 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmYmH9YACgkQEMKTtsN8 TjaKAA//fw8DPGbtJdWNqxvG+mFaHqdTCuy+kBfa63IJ2pdM0q8e4vI4QwwvKYks dFsDL4u/wX9VKSUxcFyrX1lfP1gcZkFClVGDU2u/t4rbDCNpyRHRxxO7On9Q/EJ8 cRH7ncEi1BeSSMYgPAF2Bnm8KNDD4TRBH94MMpppAopPsesBsibP/8oNjjk2X2MT Cdt0VZ+NH+lb93OW2bKyd0toU75I1/yuN4Xc4m+iUgDFnYLadkYBiUoyL/p2BMas myXpEgxrdOj4x/yiOCi8LwIwFkB2BnQtjYfYKk5c1l4c40TaGzkYHHFTfTLYsq5i LSzPRwMnysiHPZvVQTMaUQrGZRG1Qm6v5mrvSpLq8uiypz9gDTY1xmJ01U+iDnfl lpBhqXjhHOdep3XOT0pbcHYtd4xuO2nxiNb0rv3NyfJfEUqe3y1gaa0GOuBPzKJV jda9g4lzu0GLGxuQ+fHfPKjXMJRyeVisis1XxZ1kEcJIArOE+vOwngTwpQf1n0Pm 8gVGKmZm5pmbC/CQCy9gai6UBeaH13cIYxQylL6lD1kBjardVAB0C3u3jaNKGPlJ Rqn2ZhV+XahLlK93D4bOEEg5eh4U5iNRG4OwiN/iIQmSoSUDcFRktLuEQQSwkQ+d O5KAw8SwwpPgKwIM176O+xeCdkPPjWbBosnHmkrvfEmw3zWFRNY= =i85/ -END PGP SIGNATURE-
[SECURITY] [DSA 5670-1] thunderbird security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5670-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff April 22, 2024https://www.debian.org/security/faq - - Package: thunderbird CVE ID : CVE-2024-2609 CVE-2024-3302 CVE-2024-3852 CVE-2024-3854 CVE-2024-3857 CVE-2024-3859 CVE-2024-3861 CVE-2024-3864 Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code. For the oldstable distribution (bullseye), this problem has been fixed in version 1:115.10.1-1~deb11u1. For the stable distribution (bookworm), this problem has been fixed in version 1:115.10.1-1~deb12u1. We recommend that you upgrade your thunderbird packages. For the detailed security status of thunderbird please refer to its security tracker page at: https://security-tracker.debian.org/tracker/thunderbird Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmYmEi4ACgkQEMKTtsN8 TjYidA/+PvxudnviZz8CZMPFH9PTFAVbrhZKW0Ns4GS+Y4+oSZJycTroYQSukfE0 Suame/p8jYTCkeKhQ+oF1cjPgVbEmgpAx4aMXHeRTMpsTNUA/S1xdcnqalEWL/4m TJJuB2jLIdq8b0fKnbsK4jItc5N5IyXKubQ51SUl+IkVi3LCohChMhv8lx3XfSZd p/x5JXXkoG7fbjVcpy+G55hS3DemUGe9p2fZyT7cXdeq7C6KhKbf42i41iZysc7h Osa/rYVw1rCAoDg46/lBEoUydXsagYQMk9BQkWLygwn45zll2JBDL/shjwTTUL97 jj166GcimA3L3NA6tt062XDrlF2dELxSbtX6Cgef+6BBDt8f4xsk+AjCLdZN5bQ4 /C7DVhzrLUecTxp93vapLsmQAlSc/7F3aXJD6mNfrIX4qG1iREhjt09bxmuDua5W du4ppHPqTioWPP1aCFnXp1G3UFkcW/Q6gp54sfJOWla+S2bBaq/2AS4qMq8rCz1Y I52XYMWMQ4lCfC2ObeGfkPaOLWcYIGn8s8tYCp1ke6AHbKhivz+ccUZ5nZT6GdL9 kBitHRL4bPKgXXKKUYxdNwOngVV6AuoX+JRhwyFH4vmKjBH6YnqiK8WHUd0sWXsI 3QFiYZCplDAL30vLOw8vk5oq2j2T6SgmzO/AkOI+0oN7MaB7F8U= =9I0b -END PGP SIGNATURE-
[SECURITY] [DSA 5669-1] guix security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5669-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff April 22, 2024https://www.debian.org/security/faq - - Package: guix CVE ID : CVE-2024-27297 It was discovered that insufficient restriction of unix daemon sockets in the GNU Guix functional package manager could result in sandbox bypass. For the oldstable distribution (bullseye), this problem has been fixed in version 1.2.0-4+deb11u2. For the stable distribution (bookworm), this problem has been fixed in version 1.4.0-3+deb12u1. We recommend that you upgrade your guix packages. For the detailed security status of guix please refer to its security tracker page at: https://security-tracker.debian.org/tracker/guix Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmYmEj0ACgkQEMKTtsN8 TjadOg//QNwxj1LaUW92byZO1DaMWzwnPElHIwwgTUIWj2NCxZQbumPb6PF0AnYq n15GcHY1y3jvJ9VnvLI7uns82Gtjqhr9m/sfrDnX/9JPlLBNXTdjQ3/mpECUp6aU BvN+kmw4irmsfXqtWR33nrdxID+/mCuDfDHM0Cl64JSbrntqOhpRbkML3DNOdWs0 h6BeIhFRoGkLLzh2M8U9uyivrLwrlf8ONem4kmn0xtRowc2Y/0GSg/fJIJPwR3/K j8FmuydKkm3oVNITr2z2f+b9mzSxXbC7tOgoA6o7Vuxc3Ha7cGn9DojFWKV5DCPv VFMKjeos9ELIetmSA/GtSMqTn5rV2QlRWHvUnxtGTyewHsz4j/cXXo5F59f+t2zB LZ8aAlzbM5c5/ZVhQVNnuzY8ueaPkOAyFkdawPjSTis0S0KYjgz9/4F8peYNEyJ7 GUgS2b9aXp3j1dLPKjXDXHXUNL3quemK3aUZCZElgsGN6oHZnOvf/t04jL9BN0/o gL7wShs2ZsS/AQ7HRQ+OuYTTcs8patbgitCKI74u8oS/ArrG/U4TfgKhwqFaAICX x5cJFreSKzhTQWIhGaxPY73s1zDy5KyLBQjQ67DPbqqYcCC0SwrUFegYrOllORnj TLlkkG7vkelx/PxYqzy+YrWeoHt/jdSTR8j5bn1XEYPa/4MZrIg= =0oSL -END PGP SIGNATURE-
[SECURITY] [DSA 5666-1] flatpak security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5666-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff April 19, 2024https://www.debian.org/security/faq - - Package: flatpak CVE ID : CVE-2024-32462 Gergo Koteles discovered that sandbox restrictions in Flatpak, an application deployment framework for desktop apps, could by bypassed in combination with xdg-desktop-portal. For the oldstable distribution (bullseye), this problem has been fixed in version 1.10.8-0+deb11u2. For the stable distribution (bookworm), this problem has been fixed in version 1.14.4-1+deb12u1. We recommend that you upgrade your flatpak packages. For the detailed security status of flatpak please refer to its security tracker page at: https://security-tracker.debian.org/tracker/flatpak Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmYirHgACgkQEMKTtsN8 TjZ/fw/9HJrZuS4dqi625mS1MsYCcYWOUnpq/9PeEHBovQjGaygh48cfY6JcPaTt yl+IhIzJHIPakCQZtUfl8SdAvWEjMYxoXgd4caBsJ7FGw4Z29ZeEfr1850/RD5Do u4kviFrtAmPm1mfUYqo/fzMIZxeNqLY3inYygfTp4/WCqS7uLsiLAsrhNZua2mwc UKnTbax8+na6YhUyOWLhh5r6aOoIdg831gEtyj1ZN4/4HUU2iPA8V2gebmEt+Z9W PFDh2GqRegExaKqg9HaZd9Olr9kjvRBHs3Kt4gUF97e6hcoxf1MlM06SDgc2rPhq it3kOgI+BdYGSyY/1oGBS4otW+1jjz+/48TXuvkkR82hnoLcDW6yGGMVxNx76W/g P/m93+A1dh6HdFq3JgMjqOivM7A+HU+5UpFyC+yyk0bfS8umwl7aXdmllabCkcs1 7/0Mhoc7u+OxaNoSK/EHwVT28th7X0pKbvQFEhqTP8dHAgwKe2Pdy7kVkptuX9cL wuuOgyDNHyyAaJzdtmpAmWrEk+7amqjq3YT2uPPwFcvOVa7OHBz6VIHeQ3gv8JSh VyR0OYWWEqgGgCQUZkgvVKvGsT7Oxd68Dmgb3dIHqAL9HIFLoFybZno6tj20rkqk coiKnCuLaqig3M0NoizxJVTbOZ7/kY96wRM8HPtkGL7G/cgsZ3o= =VYOY -END PGP SIGNATURE-
[SECURITY] [DSA 5663-1] firefox-esr security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5663-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff April 17, 2024https://www.debian.org/security/faq - - Package: firefox-esr CVE ID : CVE-2024-2609 CVE-2024-3302 CVE-2024-3852 CVE-2024-3854 CVE-2024-3857 CVE-2024-3859 CVE-2024-3861 CVE-2024-3864 Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or clickjacking. For the oldstable distribution (bullseye), these problems have been fixed in version 115.10.0esr-1~deb11u1. For the stable distribution (bookworm), these problems have been fixed in version 115.10.0esr-1~deb12u1. We recommend that you upgrade your firefox-esr packages. For the detailed security status of firefox-esr please refer to its security tracker page at: https://security-tracker.debian.org/tracker/firefox-esr Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmYgA9AACgkQEMKTtsN8 TjbBUhAAl/geju5M86Ho+fhEGd2/QmcBQ/XikOAU7GaPpvWJuNA0oMLuHg49NtH8 crvGXpFX/bTYzfMP5VDDPI0aGNJN93R3Jld7dnPya2K9N2zuF+7YURaTIz7V+P4M 5vRsZWlaNEYXpKHfoaIKzF9La8PBaqEKJIU3MRzakp8X0QqLwzd/PKcvP6VBkNiN mqGcVskMmlsnxKlv0K9IpzrNqPGnlLQHY60x1CoP0IWSHEmIfoTfuvsxClCP0dA7 O0DHp7qgafeJ3SiOx72fo6mkocA5ll7IsWeIt9cq65gPqNlXJnJUn4qEdh4zP8EF KPRNddY15oxm4+BAd7U38IW7JB1UVCta57ldShUo73NhMZPcI04gnDqbijCya/KS gAhYgqhpgzB5MzeHQbeJ54aeb3LLjgyT4q+Fy7HmTp9JKK+Ic8hfG9kyYX0/X+Ql 7LzWyXtl+Z8iK4nXAlO+EmZurijrBpzM7XTqRR993ezz0cNvAl2t8DkZ930Jt1Dy EOmVWbjmJl5NerY7qBjA86ttkzcTQ03JdTksorY8qeNu+gbUc195e6buRBBmMfOG B+i+0gmf9Xdm6nfHY2BPytHXmjAOs8+kmAx/0cW5zju1nzX8CiQ0+L+NGcfK0dVm 5axSlYwNwFM/FKVbGstZSfyJ0dfCp/33HOX4ZXGOsg2kmsfnJxU= =7/dJ -END PGP SIGNATURE-
[SECURITY] [DSA 5662-1] apache2 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5662-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff April 16, 2024https://www.debian.org/security/faq - - Package: apache2 CVE ID : CVE-2023-31122 CVE-2023-38709 CVE-2023-43622 CVE-2023-45802 CVE-2024-24795 CVE-2024-27316 Multiple vulnerabilities have been discovered in the Apache HTTP server, which may result in HTTP response splitting or denial of service. For the oldstable distribution (bullseye), these problems have been fixed in version 2.4.59-1~deb11u1. For the stable distribution (bookworm), these problems have been fixed in version 2.4.59-1~deb12u1. We recommend that you upgrade your apache2 packages. For the detailed security status of apache2 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/apache2 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmYewy0ACgkQEMKTtsN8 Tja35g//YmcqUVOEofpDGsuxzNCW4N4w/9UKJ3Qevb+/+1Vr+HiA1YCckFIOAEVe Utic9aNRH3ujZpUWMSW4BDAvRma/iirXSEiuPc6C8YAgjFo7olgAhBgvDEKyHsD1 cRIVk4GkwL/de0axePNugR4bX+N+ZpQkCDm1i9S54L+LoS/n73MJLkY2LIxzxZi0 SuQ//DiAa7Q6fwN5jl1emRA28KMm72luOndiL7WuO+EdCF8HmkwhQwk0fjryCxru 9xHu+k/Xk0Xqnl4AXAe9ghCxxb6/sYrYJvIFR0RxNcViRuIwC+ce1TwISYSfUphu q8kvfXmllI+FhUGG88KJMLl/7SO1oEEfUEtmWantxmPIjcBbx0fMbWtGxphXlzVW /V7w9aqaHg3eBQIg+9EfFIW++/fk9HEHIRU5j98x7Du/KuMJQGv1T+8/diGOSzof yGALRvHiTaOZGmgs2d6ng1y3t21/UJbQD7dxsGEigdBxCim62FxPm701nQ+aAdd9 OWOqJJi48Z9CLpyIqFIF3T1pJ3G2kU9rWocJ1gaJMIH28pimgIMD1pM79uNA9cIl uxvmpT+ND9vhI9iCI9in9z6HosrKDlHdTGW8DgYUJmJNVS5QWEr0ivxarhaxff1S 1xGJrU+t+Bo7mYzhM6vgdOA7YQp13ljMSPPu9dyd+j6W0sFfQUU= =GLD7 -END PGP SIGNATURE-
[SECURITY] [DSA 5661-1] php8.2 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5661-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff April 15, 2024https://www.debian.org/security/faq - - Package: php8.2 CVE ID : CVE-2023-3823 CVE-2023-3824 CVE-2024-2756 CVE-2024-3096 Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in secure cookie bypass, XXE attacks or incorrect validation of password hashes. For the stable distribution (bookworm), these problems have been fixed in version 8.2.18-1~deb12u1. We recommend that you upgrade your php8.2 packages. For the detailed security status of php8.2 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/php8.2 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmYdfYMACgkQEMKTtsN8 TjbrZxAAotqJ1fIulmY7fP/Ll2Gb/aoswnUqZTNiZH/yrzwX86cggI61EaWXc/JW 7O5i7+U4y63ZIl5M6HVFk5bNgnj6Rwl5bT+jz8dbqLKkphIkT0754h1bdXCaW73r iiNztNclAITPYMOntY7TEWZuqS2p4cNjUuHYoPiqCLU8ASMoi/z2DHFWBc6uBLRR RqbhbdFbWeekzc6nt+JZmEVD9JLXsh8kO4/f5o1pbCx6pYerWM1Win5AW6ZBSNMd 5xO5DTP3F/RX7BEyH7rTQ0y2TRCY4qk2LKG4cojqidgHIpCiTiFiKvk9W3EJZdKe brzHyBgEixzCImvYze68j0M0ruxWiTTozKEn9Tj7DSPNoD+vB6U8kGAqmG3b5q+p w9BSCQ+AZ25HvDqdasH8gaj8Ji4xAhWxVutQRrSbhcf3xKu8Y6taz3ANIRXBmgjE ARhK9p4b66KauAxG5GavWQQQprcbzt0deGUK6WkxigQ04l38kIrD9XIXnMHBEH4/ Aas8E6zv8+j+18RdPaSGDGTAvuJD/C9GQjWfIvRXYVjUKarlWgtrgDoxGIMlOIHh RwgyJdZzJAx2vAY2o1CYmtIS59zReqwK+rAtogFi2RIoruVPGLccgxcqJOtvJF7M XGBAVp+3Wi4SFK5QHu1ISlngw+LkNJdkz1yXcUVI6vLt0QQEt94= =xxUv -END PGP SIGNATURE-
[SECURITY] [DSA 5660-1] php7.4 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5660-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff April 15, 2024https://www.debian.org/security/faq - - Package: php7.4 CVE ID : CVE-2023-3823 CVE-2023-3824 CVE-2024-2756 CVE-2024-3096 Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in secure cookie bypass, XXE attacks or incorrect validation of password hashes. For the oldstable distribution (bullseye), these problems have been fixed in version 7.4.33-1+deb11u5. We recommend that you upgrade your php7.4 packages. For the detailed security status of php7.4 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/php7.4 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmYdfYIACgkQEMKTtsN8 Tjavcw//TgnidCQ8c0hut2Ni6PP87fZH1uZZM+gAjUxS46UpNjsDtlu9WwXAxH09 +uq0tg/dvKQLkC5W5gnUBiYhiOVoo9U75QP8oK2EYXyswXuEsb9tUhI/hEYr7KYa NHPRbSxZoowi6hKpXXpjoXc/+J9nghykSL9WeADJw4qP6QTclN274IfSujpmx6z+ YqApbtW8wzACmHpdvXfCge09NHiN0Z/U8mpd99JBNIYGJGaSDmGNrnGMzBhOms+P TCqQQZPWgWh4RlggNSlslEadGN1huf1KpdHlPvSEfRavmzloX1Vt+XUrJM47nkD3 y6y5TtckhGm7horXlskSovkNQZoa5G8NhAT1trzhfP07QJWJBrcc8MZzJQYiwlqZ Af/zY8/UcusrJj3Y8BdkfbdWb69PA6sC2qTDuj48p7adgYBZ5YOwmrC4dcwdRd9l aGqnZAhk1htX19Gzt1gYL2wDPMU+2x+F0rbemXGS6UwRmrkSlTiWVka+T5y+JpC8 lLXFR2dwF2KAdUK4dWPd5QUrNb0Tk9dBcEZuyLRevindp7gCKLx/1y/RsrNxT8b1 yW5yUp9jtePFa83+jNyojvURlC0SAgTcwEUhltob4vsTAccZZSza3cxOlqzC7ysN d0TKz20rTZFKreygYyIXfmHHaWoYbiK5IEy1ogOVho9SXUYJ7Mc= =ZcwU -END PGP SIGNATURE-
[SECURITY] [DSA 5659-1] trafficserver security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5659-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff April 14, 2024https://www.debian.org/security/faq - - Package: trafficserver CVE ID : CVE-2024-31309 Bartek Nowotarski discovered that Apache Traffic Server, a reverse and forward proxy server, was susceptible to denial of service via HTTP2 continuation frames. For the oldstable distribution (bullseye), this problem has been fixed in version 8.1.10+ds-1~deb11u1. For the stable distribution (bookworm), this problem has been fixed in version 9.2.4+ds-0+deb12u1. We recommend that you upgrade your trafficserver packages. For the detailed security status of trafficserver please refer to its security tracker page at: https://security-tracker.debian.org/tracker/trafficserver Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmYcGbUACgkQEMKTtsN8 TjZEQw//YeLDMyZ2KnFxSaZbRAv/UkFNmOsYEwNtYn7xDTdogl3jRWNgqye4wwK2 IHB9H4r3n91yBEmQ8CeRTMk07/VI1salyaXHPy5lCK+FuBEp4g5pWT6aCAb6z1KW xfD7AUzFbnLOvLCINvNcnDrYQAn+qaVUxXaD4ArvzjFEfw+AMDNCEnRsiQs83lPz Dr5Bm48WYK9MAJteuDoFbWYHjcpyY0ZNxj7VtZP6cSKBqDXcPOjaUZysJjDX3cXq CHEioz3X35SJa+GckVD90h7wzDSHZSaDflUVLc4wwZ5ZNZkzOBKwCvurh52f79hV VjRjlO9UzY+VNuBOqtgP8nX9ByTNDkcsa7Rojgv56km58OIheALPoDHJiTpEWt2C PhxwV3oFYNQzBu2akbCdW+s+ir8p4uS4BxK6B6gz+lfnFuQ+L1MIJtlSDoPu08IY f79aYJKMA33+hXL1rjCggWu1EfofQpQMB/yJkxK/dN4A2xKI91XJshIUPQAcScjD HYnomfBAPzcbiRlYgjJS9WXR7gckX5fKjR9MPOD4t9vaGpy+wMARAFNRxCVBnl/Q LsRkpwoAznbqGknXtWsbqNjhkRaLIpLG29YS6gBD4c4D8Q5WKgU7hNC+m4ZZK49u 495fwFbQi2nVzn3boCTNIeJDvqrZ0pRePIl97zjzyhxg8PFrgLA= =XO+d -END PGP SIGNATURE-
[SECURITY] [DSA 5655-1] cockpit security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5655-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff April 04, 2024https://www.debian.org/security/faq - - Package: cockpit CVE ID : CVE-2024-2947 It was discovered that Cockpit, a web console for Linux servers, was susceptible to arbitrary command execution if an administrative user was tricked into opening an sosreport file with a malformed filename. For the stable distribution (bookworm), this problem has been fixed in version 287.1-0+deb12u1. We recommend that you upgrade your cockpit packages. For the detailed security status of cockpit please refer to its security tracker page at: https://security-tracker.debian.org/tracker/cockpit Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmYO+CkACgkQEMKTtsN8 Tjah6w/+KMkDnUZXuYjUaF6XZLi05PEH8S60u4MYNu0kDIgNAaxfOvwJC9FiIOXf BWDA8q3GofBgAozeHpBIr/c654yn8mCu8/w6eX/j4eDK+5Obj+BGUBvBNxOt2hZK 7rPmv7Dklz0mF0yFqGG9f+/MOT3HZU4tN4CZK37kbFUBvIbgf1X3vWVbJrdWBn/6 yI6O7bogx4B0eG233Yc7jnSNTU6V2PfD9Eo8PpxwUnLB6ybgfhcgjmxbyTRp8UwK gfvon2XDI1BpcO7EJUf1XssNm7E7LdH8ZgWclOL7mHLym4nL9vOAPHY5ST1wfGlw eTuvIYda/lOUc2Tu5K/r5YaWczVfNG4hhIAOAtJfHOAbog1+pJ73Ic4MPDCPkMyV 994xEwyyFo5a1xJl5+BGnXjAuEQDJ8Jf7W9axI9TNqmsQusEt77jr17o0gDiX9JG idXh60sPLMoXO/SvzzI7Yw6SGOMBdu+q1QzoXezPa8ZU14ihXswbM/m01J8pg9ab xA8RHVsyHMfF8L6YYbTLIqpMzhpDsxEeHF7MDvbMAMwKPLOM3nxZe4eC9/7glrHS 5VHlWzpJ+V8H/ndCvCkkAKDTEEAxQEmrVDXJxP5hzRM4BtX4TlzAFWZDF/aw8CLw 71x/Ene8Kp7SaNfNZfBhv9D2LZ95Eec38bFQoNT6+fphei3xv6M= =cD4W -END PGP SIGNATURE-
[SECURITY] [DSA 5653-1] gtkwave security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5653-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff April 03, 2024https://www.debian.org/security/faq - - Package: gtkwave CVE ID : CVE-2023-32650 CVE-2023-34087 CVE-2023-34436 CVE-2023-35004 CVE-2023-35057 CVE-2023-35128 CVE-2023-35702 CVE-2023-35703 CVE-2023-35704 CVE-2023-35955 CVE-2023-35956 CVE-2023-35957 CVE-2023-35958 CVE-2023-35959 CVE-2023-35960 CVE-2023-35961 CVE-2023-35962 CVE-2023-35963 CVE-2023-35964 CVE-2023-35969 CVE-2023-35970 CVE-2023-35989 CVE-2023-35992 CVE-2023-35994 CVE-2023-35995 CVE-2023-35996 CVE-2023-35997 CVE-2023-36746 CVE-2023-36747 CVE-2023-36861 CVE-2023-36864 CVE-2023-36915 CVE-2023-36916 CVE-2023-37282 CVE-2023-37416 CVE-2023-37417 CVE-2023-37418 CVE-2023-37419 CVE-2023-37420 CVE-2023-37442 CVE-2023-37443 CVE-2023-37444 CVE-2023-37445 CVE-2023-37446 CVE-2023-37447 CVE-2023-37573 CVE-2023-37574 CVE-2023-37575 CVE-2023-37576 CVE-2023-37577 CVE-2023-37578 CVE-2023-37921 CVE-2023-37922 CVE-2023-37923 CVE-2023-38583 CVE-2023-38618 CVE-2023-38619 CVE-2023-38620 CVE-2023-38621 CVE-2023-38622 CVE-2023-38623 CVE-2023-38648 CVE-2023-38649 CVE-2023-38650 CVE-2023-38651 CVE-2023-38652 CVE-2023-38653 CVE-2023-38657 CVE-2023-39234 CVE-2023-39235 CVE-2023-39270 CVE-2023-39271 CVE-2023-39272 CVE-2023-39273 CVE-2023-39274 CVE-2023-39275 CVE-2023-39316 CVE-2023-39317 CVE-2023-39413 CVE-2023-39414 CVE-2023-39443 CVE-2023-39444 Claudio Bozzato discovered multiple security issues in gtkwave, a file waveform viewer for VCD (Value Change Dump) files, which may result in the execution of arbitrary code if malformed files are opened. For the oldstable distribution (bullseye), these problems have been fixed in version 3.3.104+really3.3.118-0+deb11u1. For the stable distribution (bookworm), these problems have been fixed in version 3.3.118-0.1~deb12u1. We recommend that you upgrade your gtkwave packages. For the detailed security status of gtkwave please refer to its security tracker page at: https://security-tracker.debian.org/tracker/gtkwave Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmYNpa8ACgkQEMKTtsN8 TjaBoRAAm9RrMuWHsKODDA8KffviTPutfYnisOLvciRUZqUHbvYQExE0o/G/JMUh 21d80NA0jdkZgkGePfnoLRKy95fGu6hL0jgNBt8A/Irmx+uji00MjD+sFAAH42Zm DrrKRRmDmUywuOyNVWDm2Zr0LlbjAEvXmdwA6bRO6CueaWGYXYuTn3JQZCUNfsHr ciLi6qY5LsR7kEH866ue9PqDxb8Zfmnqm+C/OZZQT3yevXwENANkXR731O7tLuYh LWr4WC9DfXzfyG5MYQkbQ989XhUUCPBOYfZIRCqAuh45lFrorNGY7WE+DtLgdeoM q9DlRylsTuMW38A+AtON9TnH4o8fXQWoLI+g4MoVddxmJucDrTnBVESnqIMXSxh+ YZ6zCNcpRZWdviYxvLXQsbqiE/29XPpxkkSyFvvQumnSRILhgyjF8p+urUbHN6/S 8dF7TEa2lAZ0aQcKiz4xXFSlbGGjKx236CKuW8RYTpTc+Sp/x+1RxeF8cw00tfKZ Rl2/1BsAbI4bg/Mvf1XwmH5GM4OQB8O3yQIgaU880rSnCyP+S4F8uAR+09JoOSdc Ab+sm8qDvQjrh+qJ0meU75mWQI8eiEczhdY+DtB+mtfHd8GIjNDaNM7u7vHTHA9w QAitcjd/hlMhBtYyP8aZzUpSYMfA6AjySmwDFLU/URgKi687yWM= =Dwin -END PGP SIGNATURE-
[SECURITY] [DSA 5652-1] py7zr security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5652-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff April 02, 2024https://www.debian.org/security/faq - - Package: py7zr CVE ID : CVE-2022-44900 A directory traversal vulnerability was discovered in py7zr, a library and command-line utility to process 7zip archives. For the oldstable distribution (bullseye), this problem has been fixed in version 0.11.3+dfsg-1+deb11u1. We recommend that you upgrade your py7zr packages. For the detailed security status of py7zr please refer to its security tracker page at: https://security-tracker.debian.org/tracker/py7zr Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmYMRY4ACgkQEMKTtsN8 Tja00w/+Kfo8CeMftEP0Lx8z1kkRcnnZstkzOg75jCxH9VYJ23gJ3zR3kd54F5+6 vTvJ/Hk8hSZq2HovxYnAeyBv/VM/vZKWiyOc7XRvXliTVZockofgMbfxRS4UplYP pJ9m74xRV6zOBKHfZKYsQQOKb4rMdFmSgGB3yd+oPrqaA8sNBAlsAQmV/UWkOR5m NDNiSw5E/s4wUhmVkh8/8XKDqqi6E+icog/BiVf8oEE7tWlpjdko2dD80EeLpNSS K+esheWnhdURxtGoM+zZYyfA42/cQ1dKXYzz2rh1fHl+ZmsT0kOu+19uG25SUEuu XLooXqXt/N2QCSsu3ICWAdX9ExBtaAMRg8lhEgKqjp1KzNON/RX3mn7pLx1Bdxk5 u+dU98wqzu4g9YvD4ObypScrtXaXY7XX7OUYquIcsMWRmzXya3Em4DGyNZk7R6Ie VFi5r4p76+qhmW+ao6IIW5OqhGVIkEZFMQRo5Cz9p5d67UaEupVWq0UkdQ9X7y00 hQ6Xo3HikP1otdsEqB0ZcwEtju1t4air+IDWopKpZsWqiP+Mc9BiRX2RAo8Pxrpy IIYDtMDgW2e0dht+AfqmGaQukoHZXTYkaoRLAj2/PlEIr7M8bgstFNvyJ2QqDoPk fFQf+pfo5/yQawk5hFvj9FUMvTl8JZk3ajWIuZgP/9J9lXozNyo= =R89L -END PGP SIGNATURE-
[SECURITY] [DSA 5651-1] mediawiki security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5651-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff March 31, 2024https://www.debian.org/security/faq - - Package: mediawiki CVE ID : not yet available Two security issues were discovered in MediaWiki, a website engine for collaborative work, which could result in cross-site scripting or denial of service. For the oldstable distribution (bullseye), this problem has been fixed in version 1:1.35.13-1+deb11u2. For the stable distribution (bookworm), this problem has been fixed in version 1:1.39.7-1~deb12u1. We recommend that you upgrade your mediawiki packages. For the detailed security status of mediawiki please refer to its security tracker page at: https://security-tracker.debian.org/tracker/mediawiki Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmYJtD4ACgkQEMKTtsN8 TjZxJA//c0hvMWL9Z5zN5rxn3K+Zc6SL9EjbOsWuOcpGWInkdNGKFL1ohLsoWKo5 tZRA/KuGv9LNMJU/StYbb10s7yuSsHWnJ3/DXXs7LV9voOam4SCyOQoSQ1/VOL2I pdzycN9algbPXxMUYTu9NA1ogSFrjLvdFDpcEmzl2bnhlVLV554a1DeLY7S9PFyH 7Z89KbcDq/SJg1qXArvUNyCPnfdEAdfJgzuOoFECGDOwloFEy89zShZK03FiylJ+ o0kGzDOk0Knk9cE1vkdLlDVpBg9YaQpA9S4Pv6dCEQm3TYvFPqX6sbeO0l7cX8TL KntrON2ElMrATzV2o269RuB7CLoIX4KIIG61pEkWDM/ZAvzvPox8XbZqgnNVZiBZ c02SXuvJ0W0HsBhh5mHHSGznWXvh6DxD/pVWR4+TWzs4Il/vdfCStMu8Oaw1Bjnq sJkIgHK3SSGIuxfMYGsiJZ4eK40fJ6+v7b7m2mtaHgpSEgCZyn0dtr70OwkH0slr 7BTpwnWQ/1svGB2aPQ82Wip+dJuap/xRI60tnbT8ipM17Vq8ECeL65ef4R+Atf6L 4cC7TQCMXI66XU/ZYSUpiOs2qYDI9aqzT90EgyQkRnJbbIh4xDd3mqSFIxXVR4d/ J5poHPiVo9Gr8LVldyfDNa2OCdxhJ74DyY+qkgaH43Yb0CmFEak= =YhNf -END PGP SIGNATURE-
[SECURITY] [DSA 5647-1] samba security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5647-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff March 24, 2024https://www.debian.org/security/faq - - Package: samba CVE ID : CVE-2022-2127 CVE-2022-3437 CVE-2023-4091 CVE-2023-34966 CVE-2023-34967 CVE-2023-34968 Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix, which might result in denial of service or information disclosure. For the oldstable distribution (bullseye), these problems have been fixed in version 2:4.13.13+dfsg-1~deb11u6. We recommend that you upgrade your samba packages. For the detailed security status of samba please refer to its security tracker page at: https://security-tracker.debian.org/tracker/samba Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmYAipIACgkQEMKTtsN8 TjZGmg//cF9sreV4nxOrR4r7HU8pfvMNlIJVyVdAYKaoLVZjZim3Fgb7/7wMZbL5 fHDg1KJ9geMUoVJyIRkm+v3IxjTcdFPSl5OY8uRpFFQU7wtzvLvH+qc+50YKUwKv Ur/mCQAffDO33RVHAQbWBKwdsSqyALT33zojGXM8srV+SGp/4KiNV0CL/uo38ACZ lNRMpf0mXkbuaZbIQ7vlKytr9OnFXjKw8OjKM65EQ0vZ7durxiBxYzJ+wolGl2it yIZEJF9X6X3oefZVPdgTEYYTntPWYsW0doQlrlRFuhNB+J3Lbxd2MobSVH5BRYQO G15tZWd3v0NkeSmptOtTcd5HavBrY/S744J5WPvF4W6YCQaTo7LxZNa2TyMDRLL4 gtHPSZ3HXUAIFb08gB3dO75Gymm+PKdRIfXpt4ZMldQpgql730y7GDP3eultnrU3 N157iY3ejDNK439v7WTHI1oW6HjyyPT6OScp2uHOk7IJAVCM1UMPxRqtklNc5I6k qnWUmDG0v4EeYeVVxh4kTwA2XxuNNABgts7DShgXj3EwEySSx43+YGLJKSmNOrwn XZXr3XFZI0vbARNRczEFTay/ltZA2zrop97vYg5oQkUaXS9w7pBmwTVwK8MnctXH ydMG+VSUMCSCai/A78wlVPPhCytB4lLaBUdST+uVhQ01HXyWdAo= =0hpr -END PGP SIGNATURE-
[SECURITY] [DSA 5644-1] thunderbird security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5644-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff March 21, 2024https://www.debian.org/security/faq - - Package: thunderbird CVE ID : CVE-2023-5388 CVE-2024-0743 CVE-2024-1936 CVE-2024-2607 CVE-2024-2608 CVE-2024-2610 CVE-2024-2611 CVE-2024-2612 CVE-2024-2614 CVE-2024-2616 Multiple security issues were discovered in Thunderbird, which could result in denial of service, the execution of arbitrary code or leaks of encrypted email subjects. For the oldstable distribution (bullseye), these problems have been fixed in version 1:115.9.0-1~deb11u1. For the stable distribution (bookworm), these problems have been fixed in version 1:115.9.0-1~deb12u1. We recommend that you upgrade your thunderbird packages. For the detailed security status of thunderbird please refer to its security tracker page at: https://security-tracker.debian.org/tracker/thunderbird Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmX8hhAACgkQEMKTtsN8 TjaPmQ/+MTNu1OKBG0MkU8R2C+yhcuJUjtzb61MQNZR0H/0eDli0iOT0KzNSt5Hg kV9EIM/OrLSTaWjSP0ZCP5LwOvXSe+ziyHBmmXDd6UAOkzequdqZqnrWxwJENo0G vb8tQYRGjKGtKGXwKTNOut+Ap33NzwHoX2ERqLyDT9Ta46N2bJGwwWgiiYH340d0 Mlfu/CgOdGSo3oKgsY7zbiFylDt+uTK5vXINbQQjaIkuh4II/ScixXfUw8ipNYb7 8jAkWoQkNFHTTf1jPiFFUULpfW0MfBFdxE6Fv9VrJzfUP/mCRHel9A8tsVWTnBKT 0pcHF8lVLWEvgs/OSsvgybD1Iu6/sLck4hELskhTyKKY2yPcAl5cAfo9z/FmknUw lHaDFJw7cLMoG0oJustQFXltvnptzSuxwzi+dcCk7UBz3ggouGv369Vl+q2BaOJ1 7tA0LT9rnFvzC9qllX0oFeD1REFBDwQUFszJ3JN3ltr/Z/3n8Alsa63wxbRU+e80 bMc6ZADmQIypTa23JihaYA7c3sGxCFo7q9phlb6Lm39BZwIF3x6YxcHvgz4oIrDZ kfB3bE/F0eyz6Z0UkPczuwNj+bedjFsdapAtqYWPV13w14euj5GoYBwO+p4y5C+c egxECd6L+avOw0KgO2OpZ5VhnVdncRC/8TPu0y9UIIdFz6vZMGc= =zIpz -END PGP SIGNATURE-
[SECURITY] [DSA 5643-1] firefox-esr security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5643-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff March 21, 2024https://www.debian.org/security/faq - - Package: firefox-esr CVE ID : CVE-2023-5388 CVE-2024-0743 CVE-2024-2607 CVE-2024-2608 CVE-2024-2610 CVE-2024-2611 CVE-2024-2612 CVE-2024-2614 CVE-2024-2616 Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or information disclosure, bypass of content security policies or spoofing. For the oldstable distribution (bullseye), these problems have been fixed in version 115.9.0esr-1~deb11u1. For the stable distribution (bookworm), these problems have been fixed in version 115.9.0esr-1~deb12u1. We recommend that you upgrade your firefox-esr packages. For the detailed security status of firefox-esr please refer to its security tracker page at: https://security-tracker.debian.org/tracker/firefox-esr Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmX8hg4ACgkQEMKTtsN8 TjZaQRAAiv9/1XXyf7adkJH/OKTE/0i+V76myrlzPZ0Akg3KmzRl3oELVmIGL8rx /jBxqQCz2Ulab/1gY9a4EWWrIhkFstli7cyBFz0kQlKhOLTks5txS6gEyLfEbHke tZFw+k/pf7Kxfpmnr9/GM4k9bGhg4dD1/mpAdKYqGlD/ZPpwEJt51Q1mn3SPJNkM ukjLGiFE9iht5GEhIXb7Pw/nTYl0RDAGtHv6x3Gkg/4F9jbG2J7vRzmo5JQ4LMHI 7NRgcQOrVcfNiNLYz0Ayd9Tam4mjokq4+u3VhLb5G9disnYzXSAe5UlonmlHqFDN swPkjkh+Pu2g1TJ1CRTUStvemv97I4iC7eHBTQLYYFBcC49s8Igbd4WipdygM9Ke Gr6hDbr9GMgzGI52yf3CVbEebqdgnGf21jSUhVCqDu51z2ZX6nQxLclzYrcmzhi8 r0BOrrDtMP9u1A9M/jjm9zbeEiPCtrQTA0G8WLqlSeH2vMj2ys5c0DRNftu1KOkJ LDmPZAyakEnk6omL6YpR3RE2dU5aAUsA6KF00Cm6jRm8meUmUesaqauMjjT+o2z9 BsvjbFVGiOhCm3o8esrxYKmuV5ybh0zGMky0+c9WRb9SA9YQ8QTOp8CKdicohsVW 9pdu6kwrsbilcaCfaLk60po7xzl52g9RTYEyknr05yzpJIC06mE= =ZJGt -END PGP SIGNATURE-
[SECURITY] [DSA 5626-2] pdns-recursor regression update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5626-2 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff March 20, 2024https://www.debian.org/security/faq - - Package: pdns-recursor One of the upstream changes in the update released as DSA 5626 contained a regression in the zoneToCache function. Updated pdns-recursor packages are available to correct this issue. For the stable distribution (bookworm), this problem has been fixed in version 4.8.7-1. We recommend that you upgrade your pdns-recursor packages. For the detailed security status of pdns-recursor please refer to its security tracker page at: https://security-tracker.debian.org/tracker/pdns-recursor Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmX7NHgACgkQEMKTtsN8 TjYmWA/9Giw5BeLyYAgiOstBqROGI0vIGwEIC+0/mQxKLlQ690kcEOcJ6qczMN9l RIspdi5xsLyXJzWNU3TMVNS9v9V+hlg14W3U11Roi9DmkL3haBTCKozFElAqsNTB pYyEVjweac5L72BdFGqVhcpwIz9huj+C+YtHqHzsCpGFaVAZaLjwkBsairmSryFO V4L3wpXtQLWxGEjpY844PSBWQNm5ptRsyJ80jpYSe/0E86QyDafb/keRad8JX1zq i/eF4rGySXXCnnh34dpxoP94RI5+UPF/dcgQBBP60dqUcw3P8QWG7VsEzqL4J6lg Rnu5OlanQTVp4JzVtarx+6LAX3VWIR/DD2yTf9W3zcHo+FgphaHnPJbPGDKXpE9H eypWuG/3lc94rIWBh8c6iiE7luOBNOovHJHEZXny91oJQjNqIkb3rc/pGn5IIHna Cankt2CHhVhM3md9S0UsmStu+wtMloR8P1JnbVYjhWEG/LyACIynmf7z6V+eaEcN XVtpuf/lDcP3Muf8Mpfp2HuSzoH4+EdvkrZIW85A2/3hJoFNu50vSAaU2CbkP1K4 +WtpqKENkodCl4eyZSSg/CZmjd+PI3DJXLXeRbF9u5+5F3hGyKDFJptA2bUjS3ST m6bBp9Yj/sCMdYB2a3NcOQwKu1kSqTpDwzfs6GJHq9nX9CV2YZg= =xkb9 -END PGP SIGNATURE-
[SECURITY] [DSA 5642-1] php-dompdf-svg-lib security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5642-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff March 20, 2024https://www.debian.org/security/faq - - Package: php-dompdf-svg-lib CVE ID : CVE-2023-50251 CVE-2023-50252 CVE-2024-25117 Three security issues were discovered in php-svg-lib, a PHP library to read, parse and export to PDF SVG files, which could result in denial of service, restriction bypass or the execution of arbitrary code. For the stable distribution (bookworm), these problems have been fixed in version 0.5.0-3+deb12u1. We recommend that you upgrade your php-dompdf-svg-lib packages. For the detailed security status of php-dompdf-svg-lib please refer to its security tracker page at: https://security-tracker.debian.org/tracker/php-dompdf-svg-lib Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmX7NGEACgkQEMKTtsN8 TjYo5w/+Pg6R1qOP4p3GoBWg9kiHwZBLx/tkHW2FCGaKd4sDPboHvT73kzX3LEPn 5R+hBOGW07jB9VKn5icPte+UH/pTyl+5CKHG/4r8U8wNru83/mHqOmjsyneVBSMy 1wX8RLVYQ0vtm2AEF6a97bYydQC206YMnmoiaw90CWNib8k88Uvj3+OL+j8TcL7X 1F88/QU/dzHejJ3Qrto9ImOBYryemKIIt/BgRNJ9Dl1yaEgSs8CiYEMDmJ0Wg10m pbH9MUIqmbGlrnJsfILMe0x9x9aut1QXxzFpyY9cEWgnM3khyZsdg2NAuak+VXoL 2OIFZKtgqZh8/1SvTMTzr3ayDB3zAACtZGa+ZCXA0FXeEekY9IOmEoIICRX70QOi l9/F4RCPv45yaWSRBuG5nJcGogEfdpVEYURWDqs483PzVaQSE/rXCg4+xfaKG3f2 91h2rp9+tIj4Vrlbu6YDu7hYQARaa1b/SD3aM6iqfxO6c5c0gHgKJmZOjRg6N1Cl xsSI+RhDJrw9N9YTZyzyunAV04gpdZVpOdqKH/YWI1NqB/VlpCvsOF0Hd7hh2T7R i0yUR65f1zZIs3UfdJ3MiNMgnJdi05ZnOIvNWxN9ZzgAOSlyjIl6qRtRDikcUewu bpBPzDuaLYPepVr60QIPHap7XNCohdRP0no5ows2pXgMzl3YCQU= =OY4q -END PGP SIGNATURE-
[SECURITY] [DSA 5640-1] openvswitch security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5640-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff March 14, 2024https://www.debian.org/security/faq - - Package: openvswitch CVE ID : CVE-2023-3966 CVE-2023-5366 Debian Bug : 1063492 Two vulnerabilities were discovered in Open vSwitch, a software-based Ethernet virtual switch, which could result in a bypass of OpenFlow rules or denial of service. For the oldstable distribution (bullseye), these problems have been fixed in version 2.15.0+ds1-2+deb11u5. This update also adresses a memory leak tracked as CVE-2024-22563. For the stable distribution (bookworm), these problems have been fixed in version 3.1.0-2+deb12u1. We recommend that you upgrade your openvswitch packages. For the detailed security status of openvswitch please refer to its security tracker page at: https://security-tracker.debian.org/tracker/openvswitch Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmXy+NgACgkQEMKTtsN8 TjasEQ//V4q2/qeHlZk+Sr/73jLvDOA7u6O+FxGGi+LHBiYIoUlD+E2jEq/pAzaK /hlpHCKO1g5bkf7/TcA9TaMyxo498LmT6/TX6SNB+lxOcJQlS8KyT/JtNQt31nk4 LND1IU/WFliMdNQoqwYgZVp6innCmb2hTYcxTKeGeQndnaTRIGo/FShxgCBZHwOJ KB39eg0hQCDgx1DzfkA0e9u/I7Vq4MKEitV5u1H+Uf9embZaUsfwJCSaeshuxmp4 U20r2V9hxXVYrhAeFWYGiDEY+Di4O9fDOVLw2An19ncQjDquLfRYqdys8AMxzi3+ Vm0VasMAmZlEhdjcSjtotMI3tjgLcWGOz8BGdBUTAKK0FMtzPHLMhjfJ/cpC6jxZ 19ZJcD3OUDIA6nf4CZjW4BOCImukqm9EUJtcQFZAGONdkelNYiz6V5R6IpbAVtLP Vkx5yyWWEPXau6eZKhKO0aMcBiAGUYs2LI0rmrmPBdTtQcZJmTx7U+jZiPO6Dx0Y P5DMwY23Z8GWPZeDX/2C8HBPqAMKfsWzIOEcXJ0HlAnVyJnC7XGBb+q4W+RFDWhc XYbi40SyyHrDqYBg/ne7WxEnmzfMk3F9cqRCn+owV2lbYxYRKIDZngyg2JK3sdjM UfnFE+5D8QRvxQQMYM9H8q3iBzR1KVEi6cpUUoTZCz6qI5rcH6E= =ZEHS -END PGP SIGNATURE-
[SECURITY] [DSA 5635-1] yard security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5635-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff March 04, 2024https://www.debian.org/security/faq - - Package: yard CVE ID : CVE-2024-27285 Aviv Keller discovered that the frames.html file generated by YARD, a documentation generation tool for the Ruby programming language, was vulnerable to cross-site scripting. For the oldstable distribution (bullseye), this problem has been fixed in version 0.9.24-1+deb11u1. For the stable distribution (bookworm), this problem has been fixed in version 0.9.28-2+deb12u2. We recommend that you upgrade your yard packages. For the detailed security status of yard please refer to its security tracker page at: https://security-tracker.debian.org/tracker/yard Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmXmMwMACgkQEMKTtsN8 TjYteA/+OJKIMLYc36uSErez5guFT6OYcCINkwjm8Uv+7S9lkBp3aq80agghHHPw oghyZaW/2VohG/nDEFXh5g/NUPNFT+/044ymLsSMgJOF8C80+K6xJ7C/lHBeqYOM IjxzWuooWe0pL7ZLMpZHIipvbVtlS/M+GkjBudPMptMdk8hxfX3zlNgzJqxvZdE7 dOu/eTqUOc+aOXRo7NPXkYfqkzkJxwy6DFnkRMrVd9IvHcYOs3Aw0EQE92QTsB68 etFwakgmZZOzLW1ubkYJWGXGKq0ASWuGOlSUGjx62KiGWR53iIGUhY4VEQRUDjmP OVDoxOePO1Vr0W6UPqbsrGqSyKwpU8lqQKqAGbOJyw5XsnOjhu/fk1q9J3DRA/oa 8fc/6Vgt+Ys8nOj1YHW+SbxjseRnGFraPqq88ICJ1Lg/UsxHn1RcO1dozClKI+Fx LlbyZMFETA1yfy2+iHu6go5jQDTjQHuLk4aUzSAf1y6a8507QWyQSThB+9gehIs+ GxTLRzYIOTgB40xrE5vaouVvZb5Qg9j9P1j2DY3+R8+ig+15nnMaVRSAQFaXl+9V yn3STUox9lvhxBB7tCYEWV4P6IPQqjwsNWMKZR0gfmpJxrql3cUCkFTH68prMfWN bPYfsqVrnVkWQMzkqb1NvAdyYP3TJYEDdG1oI09vIye4d6VXbW4= =CnLF -END PGP SIGNATURE-
[SECURITY] [DSA 5633-1] knot-resolver security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5633-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff February 27, 2024 https://www.debian.org/security/faq - - Package: knot-resolver CVE ID : CVE-2023-46317 CVE-2023-50387 CVE-2023-50868 It was discovered that malformed DNSSEC records within a DNS zone could result in denial of service against Knot Resolver, a caching, DNSSEC- validating DNS resolver. For the stable distribution (bookworm), these problems have been fixed in version 5.6.0-1+deb12u1. We recommend that you upgrade your knot-resolver packages. For the detailed security status of knot-resolver please refer to its security tracker page at: https://security-tracker.debian.org/tracker/knot-resolver Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmXeVDMACgkQEMKTtsN8 TjZ+PA//danYWvHrMi+Bo5EZHFBRrUHi6lCIE3jW/Nt+qEkZdJ17QV2rvGoiTtrx JQmt8PjlJxMG28Vyw6O8SIOzLgKivqR2FazvQ9XWFm+8VEAfB+mWjYjyQAgJ/T9C RPoo1lbrc6NFgZzBtz3gTN7H/Q0sdSWWTATvCAJfGXujToMA3oJjrNvidla8prE3 zkMSGHvZyaP21iyn7cPmE9VOK628R13VOo6gKne+Wf9NDqJ7MnwE1lBFjqo7E/ah soWDGPYNe2MxNi5S76XINU7NRDyibDCN+vmF6KPb66cBN5HkChlEFejd/5qsCjWq IMWMrfYNvcttvTkx73D7jVHKEkV/EaxoNVVXvzeSTGdsjvt/1ySQrK3uhWrpFQ4a 72B5Oxtuk6NRCjFV9rJkoTfZ1SCpms+OVoG4nwVHxGfZGZefJ5O7u2q9r2r4HD4d 5Bv+F+d+ey9ZCtHN2qL9AfBWapxdsGLAnb8r5Sp9HQQtMsm2o2XDD6dvJ/TF8g6k ukROl796cUPU5j1mR+/voPBaMhZoLDpFtBCmmQ0it+bDrIBYUxxkgZHG/h/M25sc GYwB4hzob1psHZvvuUAtT+l6+/WHTlKqTmOVgJ0/J3f+RKtihK5obqGS3VYXHsCe tlWG79kejlzm6HlIISRANCZ6AtcpR1Ao3GBXYPnwL3xs4R7qvLU= =QRSI -END PGP SIGNATURE-
[SECURITY] [DSA 5630-1] thunderbird security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5630-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff February 23, 2024 https://www.debian.org/security/faq - - Package: thunderbird CVE ID : CVE-2024-1546 CVE-2024-1547 CVE-2024-1548 CVE-2024-1549 CVE-2024-1550 CVE-2024-1551 CVE-2024-1552 CVE-2024-1553 Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code. For the oldstable distribution (bullseye), these problems have been fixed in version 1:115.8.0-1~deb11u1. For the stable distribution (bookworm), these problems have been fixed in version 1:115.8.0-1~deb12u1. We recommend that you upgrade your thunderbird packages. For the detailed security status of thunderbird please refer to its security tracker page at: https://security-tracker.debian.org/tracker/thunderbird Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmXY2ywACgkQEMKTtsN8 TjaW9xAArkLgPB17t1jSCCm7U0jzbPKFTVdq0gHcPnwnTr2gtyoa7Ev5MpEa8ykm 3x7xrmTtYHY2Pnz5kHYo/D0bBOfNE4bvOlYcPtzi9WG+N5BOJwsYdfA7IRY6kDtu HlNoywMpX43EoKYYSKxiwE37HyIjBlcvRh3bs9lr7nBvqyYKr2IHXbXgC89VxYm/ ijszn2DH+kU0+P/0rKVO1GFyxJXHKTyP9Y2xsHHZURRiqKbGP+NWO+cuIqmqibq5 HFkLAdlkOfog4QJW0OjMkKCHMtTF8lJYMOslfGYwBCGVRQPIWWALizvs8ORxpzub 4B3wgNxsKcCHrfoyXW+AfvI4faFnZLKG0iqPu2YOaBIYQmHVNmEAzws96wBL2Jsc 9qF6LLakZGDSXrx52J813Q2Sov420lhqoRG7Pe4j2aDUmxApYDAVbTqOcvQXpxer 3CqugQc1uKtVqgF/oMLD1qi5C/fOtsTSdkmrLTPqn9KlI9i4u2Nu7Hg1+aCt4Q23 eB7fF5ZuH554Fohvd1rCpjWBhe1mt6fOLtx+PYHirJLgkG4/M0yPg9yT74sCCvpP fmlTO14kBNU676S0pfproABZDY+iyfyCEEcZp0UBfcwrrsIqgXaUj9ghrvfY4Iff VVAhkPeDOrsSgDZob+3UO7qCP62vL0KmN8vPGU+g/e/8gr/48oA= =I9lx -END PGP SIGNATURE-
[SECURITY] [DSA 5628-1] imagemagick security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5628-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff February 22, 2024 https://www.debian.org/security/faq - - Package: imagemagick CVE ID : CVE-2021-3610 CVE-2022-1115 CVE-2023-1289 CVE-2023-1906 CVE-2023-3428 CVE-2023-5341 CVE-2023-34151 Debian Bug : 1013282 1036999 This update fixes multiple vulnerabilities in Imagemagick: Various memory handling problems and cases of missing or incomplete input sanitising may result in denial of service, memory disclosure or potentially the execution of arbitrary code if malformed image files are processed. For the oldstable distribution (bullseye), these problems have been fixed in version 8:6.9.11.60+dfsg-1.3+deb11u3. For the stable distribution (bookworm), these problems have been fixed in version 8:6.9.11.60+dfsg-1.6+deb12u1. We recommend that you upgrade your imagemagick packages. For the detailed security status of imagemagick please refer to its security tracker page at: https://security-tracker.debian.org/tracker/imagemagick Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmXXmJoACgkQEMKTtsN8 TjZ4oA//dcUTeog3Pl7y1vg7o0IRWkWMbHtamfOavzrUPt+r9LFc1B0HAxUhrtet r7svk5r2WlQjMjcANg19F1hVqGAx+WVKFz15ydmzugU7TWoudZdSyE0gcAQfW4mg UeiU+MnhcOyIfJJuV+EQD3JvsfLmRzMGG5WzDTkTbe+y78paXrskMY/y5vhSPlnR +3wyqdZ0R1urzoVpShj1fullrmTTUnTr3/kxTXm5S1LBjcMwpdMoRTFJBuOXlPSa jA+dDkpeer/UiBIH0piaUmxByG2BtzDGjvvi6BlohqvpERFrqfsb59+Scimi3arr vYHELehJTqM+jUvg3VehSGTFId6qsGVsM0eKUFtFMdlL016U34LICfP+FDlP1DJ0 VKyab9UDyU6Zf7aWiVnJt6GQdicIQ64hsvVBuj3u90WcI63qR6RybuxmGhBfIJs+ VkG23qv8DjrvRpFesUaTvbOfMOJ3q0OvXIF9TMx5CNimPuEc8esg2Ktzdoaiy7Vj gmNewYaGRqrLDLsK48pJx4qLz4WfvRLVZPWnKuyUaQaRsybsSdFx+r8id/utJ6sW 6I8H9KouHflKPZhzccnMGHZJFD1H/DzQHAbCvUz8yKaA+OMU5RgcsGWawmRhavDW fXzfUyMSJYV57voszyQmrBMOSzQHi/f0SIBqFtK928ATLXHY/bs= =KFsb -END PGP SIGNATURE-
[SECURITY] [DSA 5627-1] firefox-esr security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5627-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff February 21, 2024 https://www.debian.org/security/faq - - Package: firefox-esr CVE ID : CVE-2024-1546 CVE-2024-1547 CVE-2024-1548 CVE-2024-1549 CVE-2024-1550 CVE-2024-1551 CVE-2024-1552 CVE-2024-1553 Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, information disclosure or spoofing. For the oldstable distribution (bullseye), these problems have been fixed in version 115.8.0esr-1~deb11u1. For the stable distribution (bookworm), these problems have been fixed in version 115.8.0esr-1~deb12u1. We recommend that you upgrade your firefox-esr packages. For the detailed security status of firefox-esr please refer to its security tracker page at: https://security-tracker.debian.org/tracker/firefox-esr Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmXWMR4ACgkQEMKTtsN8 TjaDlA//fDAeX2ygNbo0sLoW1clJPeTW3g+xEc/azTf/0Cpgcr6epyy1GUKlTwMC TFpYhSga9kHs8OyFyaDhePcqisszk37WL6SVG0dgGb4NoRk+D8VHVu5y017jUIL3 FEsHfeWqgD8/+G1LFJ2ulDjQDiLf3ADq+8T63gMkDlS4ox1mmJHlPQ9JIpBx0wE6 hVLJiXxe2a8yNkst3CWET8P9SzJCSHDSrY1zuQrf2OtrFxQwYy0R5B/TOmuHHPvi 911pM4T9awdnDFYKWaVR0w1KOnoEtmeFgcmxwe3rcv/smCcmU8UN7AqmGFGPeYvb j+qLXXZQji/4btm4e8YDHVWwuKxuvJP0BcEqkJ/nsxzYre2k5xfBZ+BJvucM7oKu uImvP/t4mEP5twLmqN46ACr8FoJsG+pMJsTmWERtI3qCgBDkNQejaYJhwb25/N3G pO9RVsAd/szaVkd/tvqUBlva/oISs/4N7n6GgPw/AuAMDKmXcsB6ZFrxNWGWsMdT aeTvcl+Cvh1Ads9ZC/LI9K89L2fhx36EyNnPFnrrEa8D3ykscP0PbPaILdIG/mqq DD+oB1CQK0qI7YWrg2KfRlfPDEuew1oBhdwcWIIHm6bBUaL26tihOHfTTx4d2A3T HOaoLcih3/np2rGQfR4BLVWyaky0l4rfm/9GyLN/hZmKXqsX7WU= =PblS -END PGP SIGNATURE-
[SECURITY] [DSA 5626-1] pdns-recursor security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5626-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff February 18, 2024 https://www.debian.org/security/faq - - Package: pdns-recursor CVE ID : CVE-2023-50387 CVE-2023-50868 It was discovered that malformed DNSSEC records within a DNS zone could result in denial of service against PDNS Recursor, a resolving name server. For the stable distribution (bookworm), these problems have been fixed in version 4.8.6-1. We recommend that you upgrade your pdns-recursor packages. For the detailed security status of pdns-recursor please refer to its security tracker page at: https://security-tracker.debian.org/tracker/pdns-recursor Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmXSMZcACgkQEMKTtsN8 TjaCXA//RzokD4ns3XxUhHK3Q3i2KDp1Y1c2sbZzSRXw0Lw7K8xrCqZDksURciCk ThiKqF+F3sKHaRt2Agj99DwWJ7fC+BuHJ0s73yRsrKX7HL6At/z1XE+Cw4UU775c 3pydDoS+hTfLGbSLgnpdKg7do/u9uZ29tMpTWv6QpNl5mF0irsKnbYdz9XEe9SaJ nlj5tpBYhptZP4AlmDXbWr4tIjx01X3JWOqKbsT8/08JYqd0AcKlihsqs4Wv1ggB mRBo4/1YjPD3ONgqrswikehbd9dMtzyFIJy6Yjo/HxVe1RnQH39rx4PzdkezP9MX 4Ug6a2vzcqy3E3kGBgetQ6e7FETnV+94XFN2UfUtmBWjiTmU84k3+isgb8Xe+liF FVx86OZbUlkQ+tRgsNHw3uSsJf+5J3kr9Bacs4xdvZXxMSz5JrG484/YUd1wHVb3 S/bv0vC7/BLhletXBhoz3MBa0m7qntNFexJyYoe2AYD1WLTfl10IuiZwpO6lnolj 2XIIulORIhi72TdC4L7ZE6/fZr3XilMA4Y06ODlAQw3hpwf66YcOjuTC2lgrqoX0 9zyGrO3j729rW/O5JASnSR5jFv6eXV9a+YEqN7f6vgTjiE0GABpAdQ8CSp95WVLi s51UtQ37FZdPp27/2lCFAd4UMnrJmDnVpsPTVFyNjQoBuKYdf8Y= =rNYz -END PGP SIGNATURE-
[SECURITY] [DSA 5625-1] engrampa security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5625-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff February 16, 2024 https://www.debian.org/security/faq - - Package: engrampa CVE ID : CVE-2023-52138 It was discovered that Engrampa, an archive manager for the MATE desktop environment was susceptible to path traversal when handling CPIO archives. For the oldstable distribution (bullseye), this problem has been fixed in version 1.24.1-1+deb11u1. For the stable distribution (bookworm), this problem has been fixed in version 1.26.0-1+deb12u2. We recommend that you upgrade your engrampa packages. For the detailed security status of engrampa please refer to its security tracker page at: https://security-tracker.debian.org/tracker/engrampa Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmXPt5UACgkQEMKTtsN8 TjbksQ//Z9KOWMfFl2573e7OiFZZ3JFF4MTU1KsvV0/ZGkpmIAvbZyH4Fbj53a90 gCeUhsK1/mPYudsn47+Fh/3nz1j9XxJAEBwzMjvIG/G0H0ntZ84MKptSFLxbnce7 ViGv7td7Wfu1D+MXzAtjTuF2s3eQpo1DmWLxm/Q8TcXwuW+1Mfk2OTvoiMZSWV8f cCSIyA2CXzRga7x0O02KbKwueVNSqrsQFlilZ2TnSPXzNKlLTblwf07kBBkrJbAo Vg1iFVQArWKayBoiPPrf71fp6ijrZ8mau/RShiXAA8NLwTd/ffnB9hcOewUCJmjf eeDcPJrCV8zUY7BmRb9LFbEphidAyLvqJjCLrXHgE+HS21DOLYQkOdZX8RasZ/oV +NTtroknD3hU6OSqgHZwkaGJXJ16t+4k/a8n1UomUVTFsxn6DzXcD7OEHax48MaB rRuF1W4OKsdugsKYQAu7D/jrakZI1fuQhx/l51E8LqYsegpclsAfiuTnfJcUIXqX 8DRzTTCwG9jvzdpIY1qvCmXNrAAnbk6Uw8ufQyAjZKxlQ+AShtFnZYLuajWqh6bg +ZDaCIalqru4l0MSOShKHhxaT8uwXDWpmuzWw7MAYuioZV6mYayABrzQnCzMysNm 42VrzzLM3KAfJF6fqzosjtxHOHrwG3DjmDXwR5S6HMAqieXdGeE= =mXRg -END PGP SIGNATURE-
[SECURITY] [DSA 5624-1] edk2 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5624-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff February 14, 2024 https://www.debian.org/security/faq - - Package: edk2 CVE ID : CVE-2023-48733 Mate Kukri discovered the Debian build of EDK2, a UEFI firmware implementation, used an insecure default configuration which could result in Secure Boot bypass via the UEFI shell. This updates disables the UEFI shell if Secure Boot is used. For the oldstable distribution (bullseye), this problem has been fixed in version 2020.11-2+deb11u2. For the stable distribution (bookworm), this problem has been fixed in version 2022.11-6+deb12u1. This update also addresses several security issues in the ipv6 network stack (CVE-2022-36763, CVE-2022-36764, CVE-2022-36765, CVE-2023-45230, CVE-2023-45229, CVE-2023-45231, CVE-2023-45232, CVE-2023-45233, CVE-2023-45234, CVE-2023-45235) We recommend that you upgrade your edk2 packages. For the detailed security status of edk2 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/edk2 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmXNGWIACgkQEMKTtsN8 TjaBVg/8D3psWKk7kf9Ht+2Bbfsp5cN63qKRPAXTDjGELCp+98Dd7CUaZnCCxA4w W0xAqWdHWkx+PbgyLJ3aPzttL//yk3ZIBEXl6pw/o2jicFlf7ds1zlJFZJbfl63h Vb9cJCjrgnPgH6SLfQeHckad5876LE78xl5mukRyL3ZWeSHOBRavFvct14H2qDAM quXtQKHtw6NOVc3ZciSHbBhjNG+hhPJL0eZ6HSDf2MI5ulYjMcNwgVm7jEwOGq4l VUowCNbJ71PzI5T26H2HqDkQTCFEEZJzjt3PDStVT7hnhVpbUqtvJxjHYruuWzPI FwpjIyA9LkQqP4CRVgK/6+FeuE/F28iUkrStXzPYAXPUzJ7GWSFfz16ViyuUJf6s pWpMhcruIwBnH1iLQt68hFodiCcJeQaim3u3cQfFsE4YvlTPzj9NddoBzXsCdG81 EfeFH9/J1iEkKxQ76Ocw8TiLhVe2C09MVqIKCB9YDf1ESR6TaBV7Hdx0Dh7XOVc9 +symHPmLP/0Bt7rIQXCi/aYz96qtl5/wHSWiEWRCogSUOJ05OEF+/QJqWWIrim4Z 9RMW9BZCGJBaUi83Ye+HUdxjnZkpT5kMiEH2y7CY85R5fuBMn4GC8gf66hcxT4mi lzLMpt/jtdH3h0J9MKFq85TlPf9pxGAF/o3Neg5KtSmYVKqbkIs= =yQYY -END PGP SIGNATURE-
[SECURITY] [DSA 5623-1] postgresql-15 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5623-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff February 14, 2024 https://www.debian.org/security/faq - - Package: postgresql-15 CVE ID : CVE-2024-0985 It was discovered that a late privilege drop in the "REFRESH MATERIALIZED VIEW CONCURRENTLY" command could allow an attacker to trick a user with higher privileges to run SQL commands with these permissions. For the stable distribution (bookworm), this problem has been fixed in version 15.6-0+deb12u1. We recommend that you upgrade your postgresql-15 packages. For the detailed security status of postgresql-15 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/postgresql-15 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmXNGWEACgkQEMKTtsN8 TjaTTA/9HOtLP5LdqTGsquzchn+w+V3WH/WqapW1lw0FZ6UbihaV5E+v1ssef7ty Fyr+LsvD7g2gjE6YE+ABGxrYy67rnZWh79TWSK77ReXwzT8Ccz87itxrvUgkVelo d0fRlQKWPAtlYOgKAEUcflHzATrf9XJmcr8TdCtISVHAn7kWpdv+kwWUrvp7ZAVm Q1rBvTMZKPkP6GRvrSii51FlKaPa8JFmdu9LIPy1WR/ynipxdx3wn/R+hmZ2SHFN 18KmBd5vAmG8WyvYWGrWx2IntguW0oqC6Lo9pdqgsbC3Uve8RnGfnqP+tLwsB44Q 82C7uOX3EGDJEAonMXSrgu3jO1v9rjfHF0Gh2Ji6TNmqXwx4bxsMWC6qgqKap4mS Y0htECp9juezF9/aaT5zKMynXOpF7U0YmWU5uNW83PZNHJvULYof3SjHvqfnAL6Z ZxA5TYcAvm2xD/FFsjzJiLC+hDTCD/nm1R6W/em0qWL7EKhifJFUGjSo5GT8jtc/ d3dLHPEXAk/SLeXtnSvLmsHIM3T+hl7cmWl37D4tg3XvyztgGC1Blbama81bTAEO uj0/ZE+UiMJC2ORywlJljlTlgbaHljBwc3S+H6vaPIDOstDtZLZf46o/x/A2fC97 Pe59M7w8Salwdp7HZTOIkhFz4cdyMKMb/yd/3jZN9M2jdj6KVao= =suSm -END PGP SIGNATURE-
[SECURITY] [DSA 5622-1] postgresql-13 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5622-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff February 14, 2024 https://www.debian.org/security/faq - - Package: postgresql-13 CVE ID : CVE-2024-0985 It was discovered that a late privilege drop in the "REFRESH MATERIALIZED VIEW CONCURRENTLY" command could allow an attacker to trick a user with higher privileges to run SQL commands with these permissions. For the oldstable distribution (bullseye), this problem has been fixed in version 13.14-0+deb11u1. We recommend that you upgrade your postgresql-13 packages. For the detailed security status of postgresql-13 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/postgresql-13 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmXNGV8ACgkQEMKTtsN8 TjYPYBAAlJuqv8akj+o9j/7gYbpr2LNymLYvhDuHDtHjMMSoT5zBYxCMtKtgc84v aEFLrm+1CAejvV+8kOTN8cbFF2CSacfFKDV2/9JJY/dxKZ50QL92QNPnZ6aq7KeM /iX8Sqp58dey+/VyNy9S8Mv2fVRN8g7UprR+hBKNyqtMAW7np+C5LUgOLYJc4Iqc DPHTTAcMKSYn5vCCQrF7QbCKEzT9KDena7xax6HPR+8F5EI0TIBXL97naslyoLKK oHrZPDl7hDUxw+IBYfpcMHZWQCSpCP50OUDnZBcPVRCatbki6pDdM6lymXhDWxbh uRlBAUmuPRozP8qrfh+m2EBb2aRDz2QJlmehrY8J+j0tM0dJi1dX34SSqLd3nFyZ /24KZoNwkAXbb+OBZD1jsu1IMxWvZm3QhlGRUXnXF7AyJiKQDaOz2b1W9B19Fmm3 z6bQaEbgGf0MTtT/IpEwDMqGrnkl210KA/qVl1gFSbLETGjPh0rLY8ANuKNLGuDs 1yPEULUBm0G7ZO7JgjlfMvZLlbNotz0Jl5jKr0uGdT+q8H8NxDUT7UJlDiUNDXm0 D0LK1vzhr86fGRW9lG8a+OntOpnHPrWbFi5mVTIcuPmd6ekIvOCTeAg6dLliuLcf fFlWOUD20Xxsz8M0Xkd4NEAod67bk4NWzbHA0XSVa6M0z2u1lok= =Kp2y -END PGP SIGNATURE-
[SECURITY] [DSA 5621-1] bind9 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5621-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff February 14, 2024 https://www.debian.org/security/faq - - Package: bind9 CVE ID : CVE-2023-4408 CVE-2023-5517 CVE-2023-5679 CVE-2023-6516 CVE-2023-50387 CVE-2023-50868 Several vulnerabilities were discovered in BIND, a DNS server implementation, which may result in denial of service. For the oldstable distribution (bullseye), these problems have been fixed in version 1:9.16.48-1. For the stable distribution (bookworm), these problems have been fixed in version 1:9.18.24-1. We recommend that you upgrade your bind9 packages. For the detailed security status of bind9 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/bind9 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmXMcl8ACgkQEMKTtsN8 TjZIvg//cFDic8ui1mjgizp0lnhPN3ckeYRMWPVXCdq6MZR8JOOB5q2EGd+dBhDm TOI2ZCPXzjmFRywwkAVowf5iGVT9cczSXyUUr773w4B9MdYAvVc/RZOZVQtz/45w /qnj+sx7drh71ffkQmGf6xJz1hj6NwBK6faprNmyA81gTVvoE2aDBfY5d2gRa0m/ xKSVbO+DN2Tmh9wAMqXyf+pSQjUNopllUaEo1otLP1TRA/5LnL2UrLiCt0B7Jn9q 3QdrYDS9hke9+p9uuoWEIpS/oiNlxnL2bxE4CdAWy93J6qllSUfJo4RQbIcgySCr dESH7fvCk3walvIkq6mQldB6M5JDUYrY/j0IkA/HptIx3R3+CbBJYu/5ark7/XHV KaTzw5aoerv8JK8NljRlXuG86r/lTjRmObr7WiHBssxgsenfrGcAyXQoKusRwZAS gbzh6CiZmg9Ihaqf1DixQ5R/9G/qlyQWDIfXVpevmyBmYPHKymIK2fMHjXTqF/6x BzwzmuKQJGm4Gf4X9gYmvMNx9gh6dqK+hJf6/3ifzuZ4Wx5XMp2ZnlRBENvVfzF/ Kk07ej+1UE8QcYAdNSynXQqFmo5+kfGHemtZRmKzqECPJoVYFSWJ09FTXsXo/8je 0wDkgZfhuaQ7lhfiXEztFz2dmzOrlc18NUSXyaWhzQFHqP53fQc= =mhef -END PGP SIGNATURE-
[SECURITY] [DSA 5619-1] libgit2 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5619-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff February 09, 2024 https://www.debian.org/security/faq - - Package: libgit2 CVE ID : CVE-2024-24577 CVE-2024-24575 Two vulnerabilities were discovered in libgit2, a low-level Git library, which may result in denial of service or potentially the execution of arbitrary code. For the oldstable distribution (bullseye), this problem has been fixed in version 1.1.0+dfsg.1-4+deb11u2. For the stable distribution (bookworm), this problem has been fixed in version 1.5.1+ds-1+deb12u1. We recommend that you upgrade your libgit2 packages. For the detailed security status of libgit2 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/libgit2 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmXGeNgACgkQEMKTtsN8 TjatpBAAtY1nwqlQFnE//mah+rLfyeOtoM0XutnWZasAALawlg6h9RKMaOy7R1D3 MKk5o4i5U7KqQih6YtCTy4JDfgZzJ+kCVXD5uEWEW6qRZGnEMXYtgrAUkG7VNCcG MwGei4nQFf1ZyCsP1ShaWyXa/sVkLtVYvqrWdXRSxf9p5Ky3lQh3cd9GXK3sWUbn zF3UK0ZFkocEmIX4qLE60s1bMQb/IrlgXguSutMqC5EHiVRhBvINmf3zC+ggLvk5 fNre4rKns7RizMrkBKYFVwCeCXaBtKYhyE7T3otWu5mGsanE1c7aGTZDIH9HpRsT 1JR9W5XI5HcDusajDJNy5v+Wl2/ohIfB3kECsfPITVql832X5DtqSNazNLA0RnYu AOa+7wElLrh6X2yFrahViOmie4smfc97LznpPhAXqy++jxnnYDTLUK/BCX3bIp5R kCTz5s6fsi64/2SO9KQscw+zKzKHSrIuPU42JYxfpo17kVDWfhU0mUbyygKFQmSK UQndaGUYpLXk7Iv4aoAXXRlWjV21uxxByKziDfHalTfthp2BjTmVdEutD/cc6Uwk 9OJFnCMPBat07l4HlOypv0iYddNj7HVqOvgQz7NUuYLuDvC8VwdLgy4XyI8HnKmF OpMv04eqbwbTnv8uKvvvFMOMLWUEkS081a5tHmdVx0mJWInRW5k= =ixWD -END PGP SIGNATURE-
[SECURITY] [DSA 5616-1] ruby-sanitize security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5616-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff February 05, 2024 https://www.debian.org/security/faq - - Package: ruby-sanitize CVE ID : CVE-2023-36823 It was discovered that ruby-sanitize, a whitelist-based HTML sanitizer, insufficiently sanitised
[SECURITY] [DSA 5615-1] runc security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5615-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff February 04, 2024 https://www.debian.org/security/faq - - Package: runc CVE ID : CVE-2024-21626 It was discovered that runc, a command line client for running applications packaged according to the Open Container Format (OCF), was suspectible to multiple container breakouts due to an internal file descriptor leak. For the oldstable distribution (bullseye), this problem has been fixed in version 1.0.0~rc93+ds1-5+deb11u3. For the stable distribution (bookworm), this problem has been fixed in version 1.1.5+ds1-1+deb12u1. We recommend that you upgrade your runc packages. For the detailed security status of runc please refer to its security tracker page at: https://security-tracker.debian.org/tracker/runc Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmW/2/oACgkQEMKTtsN8 TjbbzxAAh2354+lngRRQ7hLtEYgFa8SrkJmgIAMPvR5S1fNWh60wOdUG1690Quzx Qm19ZpcF/QJFw6yefECYHWMzmqBJiv2WNadGOT7S9YqZ+ILz/ohwA+1HjH92F/Xl 5BTA+Rg9O2hTSqGdDUB8qPpz0/mBin89m1B0y6xpLgF2C/3NiNkOeiuSmVcMsAc/ h64VovNPuRGz3/VcPPyO85avjL6ZXEA9L48dPoliTzonNOk+DRgYb4YsFTP1T0Rc yrchTLljMkCx2l8gVWKD0BLtH8wDO12kOAlAtnPN9ufB9FXfe9axobvOYalYzOca 5/kvRVZ246GwyUG+OM9y01AJsZzKMHnqcT8T3q27FRGu9OFYMN0gONnTLiwEYrjx onzBApm0OPg5XqflRTxVL154tIQi9jmyxGDsHdRmtBCeQw2B7bvoX/bpFijcjvP3 FLSWkKmduGocrYm4FgnwiYgh4714fo56HZG4x9u+Y4iplPQWlnv9dEVAzw/oUGr+ z0s1TJLfZYEZSpmju2e7afiZbRHdB7YBx8wj02R7yIJJF2sF3tk5eo2UpRJzBSwa olek8b4PcQBsT5h8UAmT0z6WhSFOXwjhmkMD61OFUoPEmWlXJz9VbbWuqmd4R23i Yq3r9nkaieQutrbc+i7EXMUT42ogZgOFBG1mQPXeL8PECXfnazs= =H2CG -END PGP SIGNATURE-
[SECURITY] [DSA 5613-1] openjdk-17 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5613-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff February 01, 2024 https://www.debian.org/security/faq - - Package: openjdk-17 CVE ID : CVE-2024-20918 CVE-2024-20919 CVE-2024-20921 CVE-2024-20926 CVE-2024-20932 CVE-2024-20945 CVE-2024-20952 Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in side channel attacks, leaking sensitive data to log files, denial of service or bypass of sandbox restrictions. For the oldstable distribution (bullseye), these problems have been fixed in version 17.0.10+7-1~deb11u1. For the stable distribution (bookworm), these problems have been fixed in version 17.0.10+7-1~deb12u1. We recommend that you upgrade your openjdk-17 packages. For the detailed security status of openjdk-17 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/openjdk-17 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmW8HJwACgkQEMKTtsN8 Tjbt9A//Xgt7dwtzkBgkxjJ9Tq6pqQGqYzQQjID6xmyta+/oZ9FJzPojV+1I7z7Y eOOYrXHmCU9EM30Gbwtt4aEBbz1lvAk1mYC5Ob5TE+oYS/r76REJS89IqkNpmlpW FMzQICgPDHPE1Vm3HyitF6Xy9CLOFZBeH0wELhzuHAIOd4rb+XqQsW8JW4V12ZoL AVHoP5U2PGBPWVbyEY06LTgyEe06L+XX1zSiPnRnhdeTs7YD69SxMUP9AF7QvfIz OvzLw0u0M4g7KNzZ+43OJOdlbq76KzfcqfkoxWA3902vYewfyncx5HVCNpCQdrES It9Xjqojmda7dh0V9EIGP3HHFufjWnJTOegPqeJ2RV03LkpOygg1W+XEHn32fcA1 EtqDYUW67jsu81dYZs2wc2YqALJfjYjeUKBdcRD91MUqn7uBpCfPd9Yo1rrO2dqy eBgQeI7itzdM+bEtCkuVcnyCWr4rXK4kt2xpIdkcwUZxCosQ7FX/TchvyPvDk2LQ SMg2azCSAhcrv7aB/jzxlvSF/iRzQipdLmRgc4H+8TY0lG43m7xzHlyu3TXerDNI BQGktkWo6182rScrO+t0brfcCpTxUQwGyBrHh7SQURdvffZPCJ36/7YmjGSWZi4q afr6OfTCGDlt/BcE5fhROsA7OKNgwumUz9hqSK3mCFBDmhDQDTw= =Suvn -END PGP SIGNATURE-
[SECURITY] [DSA 5610-1] redis security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5610-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff January 29, 2024 https://www.debian.org/security/faq - - Package: redis CVE ID : CVE-2022-24834 CVE-2023-36824 CVE-2023-41053 CVE-2023-41056 CVE-2023-45145 Multiple security issues were discovered in Redis, a persistent key-value database, which could result in the execution of arbitrary code or ACL bypass. For the stable distribution (bookworm), these problems have been fixed in version 5:7.0.15-1~deb12u1. We recommend that you upgrade your redis packages. For the detailed security status of redis please refer to its security tracker page at: https://security-tracker.debian.org/tracker/redis Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmW4FTMACgkQEMKTtsN8 TjZJvBAAhC0xNfda1GVgbCT3iTVM6qoD5UD+ZzXbpvvn2FKApdD4prQdJyC4FHGv KX8V14qgqPb51nh9quOAmP07J6dCYlc8zesAq3VuffkspetRBw5NGfnlixgB7QXQ 0/QTinQf7ErInV1BdfJVWPJ0PAxIVj3SkkiE+TysY5xkTijn+KcnnAKsbTiUYvwA Ah8q27XYI4w5YWdSh87cA/hL5lfmWyzefPnp7rIrk/nHvkYs54/Rs6PuJaJ3tv4O Q3lfOotxvSzWKaNAQRlzPbgZsdl+HRTvmZUALDnZEr4ETD0T+lvkjU+srI7mndUm k9LvSxzcoUetQZEZLq/764jGurNysfxmHmiAEflzj1BC9OpDh4mm7bYFpFqqGZ9R P7Mvsh5Qae6lyWdqwhiumr60fjdzHYj/6ckeUDlnHgbOVHoultnMTQ8Px6GuWoEm K4JIrKZVjIS2FQ7V8sIBu38sGx+054RJeMqR6iO5bHzulwRJ0bIE8gh/47Elfszi fMoZtFPnjW/PA0YnyWfWLWVLYwrwaIa7oP27atuz1LQX6reUO1t0zdwZN1YedU8p UxLHBYyozjQIVbV94QnPETRd6QQoNdtKdFcTrINYgQRiyvcjJGqaQ4VwL0Cw9tpr DvFCM9x/OWVwT6ZTspYPWJ6qjBB9x8e9GBG2w0wSC1yeAc0zDoU= =IDW1 -END PGP SIGNATURE-
[SECURITY] [DSA 5606-1] firefox-esr security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5606-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff January 24, 2024 https://www.debian.org/security/faq - - Package: firefox-esr CVE ID : CVE-2024-0741 CVE-2024-0742 CVE-2024-0746 CVE-2024-0747 CVE-2024-0749 CVE-2024-0750 CVE-2024-0751 CVE-2024-0753 CVE-2024-0755 Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, phishing, clickjacking, privilege escalation, HSTS bypass or bypass of content security policies. For the oldstable distribution (bullseye), these problems have been fixed in version 115.7.0esr-1~deb11u1. For the stable distribution (bookworm), these problems have been fixed in version 115.7.0esr-1~deb12u1. We recommend that you upgrade your firefox-esr packages. For the detailed security status of firefox-esr please refer to its security tracker page at: https://security-tracker.debian.org/tracker/firefox-esr Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmWxXEUACgkQEMKTtsN8 TjZPIQ/+PSv6op0tJDa5J/C5jJo3w7dic4eb29gwL0NawP7UCWyi5gV5T0auzFDG hWkdc11XhCOFmVdObwcwLMnlx+VYQV4262ZwO1bUDjFa959Cw9i4uVlacqzOIUbx dfFUyIIH92LZd7P0ln5OCmyKrw0CR/cgKacTYen3U6VGyOB1V7ux7IudUh2v19V+ VH5pUhLxWPi8ff9PMkC10j0GUwKZI2QncJo5990yg8tKgXrhVC7DXU/R97WQ9+Fw qBb6RBezjIGK+rgfPrXSIX7rMVvjNTd0r22bqCr3jk/gJEt/u/oWbPETNUOTXlhO e7R4SIobP9GIhiSlHmY8ZHovbvvy5xfayW4GmlFj6JKZ3hxLdJ3PDwwTulH52v+w PuTo6yWeSE8TJFFps0jxN5gKwp6G0dpdixLYrG1ntLqUeDwDlcvp6b+KuzTB+Iyf kVrGIXX/8mPJIHXGU2bFFHJL0i/JX34aKno1G9O8TWHGg5K3KHXhkKmoWklaiwt5 Fe71c215JuPVY2dDetCyrM+MubDRX9NxpW41K2fonou37xVquIqpj5WKjw9HacIl pIpBCNzs2vbOI0uTV2cUEJnsv1TPvaDa4VnKm9tF6IfGpyFoW5muAichyBJTieN5 ramWR2qDHSdqOMAUSADO5aoGUv8Mn8L5+k2BJHsCLfHU4Xe1MwM= =0gOJ -END PGP SIGNATURE-
[SECURITY] [DSA 5605-1] thunderbird security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5605-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff January 24, 2024 https://www.debian.org/security/faq - - Package: thunderbird CVE ID : CVE-2024-0741 CVE-2024-0742 CVE-2024-0746 CVE-2024-0747 CVE-2024-0749 CVE-2024-0750 CVE-2024-0751 CVE-2024-0753 CVE-2024-0755 Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code. For the oldstable distribution (bullseye), these problems have been fixed in version 1:115.7.0-1~deb11u1. For the stable distribution (bookworm), these problems have been fixed in version 1:115.7.0-1~deb12u1. We recommend that you upgrade your thunderbird packages. For the detailed security status of thunderbird please refer to its security tracker page at: https://security-tracker.debian.org/tracker/thunderbird Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmWxXEMACgkQEMKTtsN8 TjabORAAufeVNXQu18MM2epKU8y1w/D8oztoHxyXYHG0AO25IOOoGqBDE5Q09F7+ MaB78beDZlM53kJzENvIDG16RZ8NB+ZjanyNibCKJXNIRxGz16gEJWgS78zjURSX evT3UGbUPSHkJxgPTb3McuF9dC3MPgvHbZHONrGln019tRWj1q4Q2Z7hM1vZcfMJ 4ULnzecRvgu2UoIXpvLGlvsy+haNxcQK01GNj0Ab4TPoJ7wCAh+XChgXzmSFl8/X YR4U6AK7EIhwg/T1tWR74EUlmmL8rt5xJ+Juad6OO6rmoPucF65N/SGdNrwIUesO mJ8xQE+JCZ/b6MJf7Rif/jFHICq0Q78PcoB0mgzMk9gry1DEy2RJTV8a6Bccsvly 2RIZmv4BSeDqxFiaGJBgY6PyiAilYQdu4BO+B8gm0rwbY3sgrVFB9GloRL/Sf7yr Z+Sy1KradsS0Xwu+71Zhhh+Gnk7/nkYQKR9bOicgeZhzIPAUu9p2azT3VCDRcDCd PMnhBzWRk80DXuRkzdysulxw+fbIkLfw+rEkmW+WOmexREwI3RLH7WzpxBqXw4we XWauiQoNAwucyQvc15QbYpAcgVAYyQEs3Fucx6XBlfdV4FnODMc6chGquhVaha8x wWSGNfeME+wGhlSyZjH3uYNpLO+Fb8X7yXzbGRXbC2B1rQBeftc= =8Bax -END PGP SIGNATURE-
[SECURITY] [DSA 5604-1] openjdk-11 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5604-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff January 23, 2024 https://www.debian.org/security/faq - - Package: openjdk-11 CVE ID : CVE-2024-20918 CVE-2024-20919 CVE-2024-20921 CVE-2024-20926 CVE-2024-20945 CVE-2024-20952 Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in side channel attacks, leaking sensitive data to log files, denial of service or bypass of sandbox restrictions. For the oldstable distribution (bullseye), these problems have been fixed in version 11.0.22+7-1~deb11u1. We recommend that you upgrade your openjdk-11 packages. For the detailed security status of openjdk-11 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/openjdk-11 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmWwM5UACgkQEMKTtsN8 TjbmKBAAvEmFMe7zYi8hPaIwWVkgA903gIFGrRFTTA625pefdI5XyqHeXffqNa9d gdHnXCs3LZd/9MrO6sJ/hEeiT8sy2ib/SwM5JIQDoz2tK/1YIpZpCPffbsKuJN7u EaoSJX1fXsoBUI6y7FZecJZPdbMuLZTc9NOwU3SKjsXn98wgr8s6R7st+22m8wNa t4a5dMwp7SeGPNy8o25l+Ps0aYA9lz3xsXJXkAmoh+3+6H79UD8T6nlXkwF98BqD NtedI2ZFKckCJUzE+bAIWKx8e1pZSDeif8d10H+rO7y6DikV9JJ9+Q6V9yRmGqfS v1/Hs8+BVEIlX/XuXrbrQCRQYpIEhR2IytlpqKsV+RnSGZXITff+xNiA8JDCaRd3 9R/af4VUAuLbN0G4wos1UBGVtuDqq8zKF9JHAWs1/OhV5BBRlQVumP0i21Aor31s XypJGK7i9ggDpJDNFCRbWGP/1ckvRt4qk5g36WtBJaLZLovOQq+0uhIXsA2u5Tz+ FLffJUshqkfWvXP/ovckf12ka4w7B7HsqusQM7yJQTaKqAvM7GaAOxK/TMN516zH XJPnJuK1hDK1C4c+87avnWRz01tbZuGQl6Aviauqvwazr8pmMqBXpO+GqI9Zya4S +d931oP/6HDBGsHa0J1kiVtZ8Bf9jj7uDxmv6nKd/iOQSJCNapQ= =lPGw -END PGP SIGNATURE-
[SECURITY] [DSA 5589-1] nodejs security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5589-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff December 27, 2023 https://www.debian.org/security/faq - - Package: nodejs CVE ID : CVE-2023-23918 CVE-2023-23919 CVE-2023-23920 CVE-2023-30581 CVE-2023-30588 CVE-2023-30589 CVE-2023-30590 CVE-2023-32002 CVE-2023-32006 CVE-2023-32559 CVE-2023-38552 CVE-2023-39333 Debian Bug : 1031834 1039990 1050739 1054892 Multiple vulnerabilities were discovered in Node.js, which could result in HTTP request smuggling, bypass of policy feature checks, denial of service or loading of incorrect ICU data. For the stable distribution (bookworm), these problems have been fixed in version 18.19.0+dfsg-6~deb12u1. In addition node-undici has been updated in version 5.15.0+dfsg1+~cs20.10.9.3-1+deb12u3 to ensure compatibility with the updated Node version. We recommend that you upgrade your nodejs packages. For the detailed security status of nodejs please refer to its security tracker page at: https://security-tracker.debian.org/tracker/nodejs Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmWMn90ACgkQEMKTtsN8 TjZhAQ/+NzOxtDTy7SnnKGRNeFo7V1CJWQEH6smafl/mbmyiBA/+4v16bmNhvCgF aQvBCYxsAeCHj+gqY+lesaF1WP4cAz1wewaEAr/Z7oMQ7z+2b7xT7tcCtnN+n+W2 elN0Jok+KlNtaI/WD9diyCTHubCf6/Yv1Qbzw0ojl+0RC+J199Kka3yB156BeZsl bWnCRRWfbnARLWJj1nKgggAoEcoclFhvY/2tkKzgrDEvRHGPKW9vNGWB0J4huZd4 9px9O3BhOVpmFzyI19hv5ukVsvgUcJsWfWAtKmW0t9YGX/b7dl2lz7ryhuGXnutA +oZ39sz5E9mOcWgBkbMkerVl9VN33QcZWWu3QxxRBMTkvvZui04p8c4YTYdhdagU cRTGqKioJFeStboCk8zurcaHGZet6ozRHty0AmGAKCFjFNPtwJAVtdJFdprP9iPE Ke+o+piDqzXBeFZ/FRpd7GZQG12iYjPJ/dy7mVU/L3IRe3IO40qWgSy0fvDOLJ6k fEEMKwUtZaUebgFFbCI7AbPbK65nHyl0kAwDhx+ui1taHY4SrKYrxSeGlVYxHbBA OOFnxN1xofl7N+rCHwZCKjmvMOjdwkKNDX+Ib5wxL6MTOW0u/2muFwkcnFWuTW8g X2o+YfVkCqHhdAhaSx1mFmzL4HKGoXMv5zjfwtThdl9VDIw3CxM= =TZEm -END PGP SIGNATURE-
[SECURITY] [DSA 5587-1] curl security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5587-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff December 23, 2023 https://www.debian.org/security/faq - - Package: curl CVE ID : CVE-2023-46218 CVE-2023-46219 Two security issues were discovered in Curl: Cookies were incorrectly validated against the public suffix list of domains and in same cases HSTS data could fail to save to disk. For the oldstable distribution (bullseye), these problems have been fixed in version 7.74.0-1.3+deb11u11. For the stable distribution (bookworm), these problems have been fixed in version 7.88.1-10+deb12u5. We recommend that you upgrade your curl packages. For the detailed security status of curl please refer to its security tracker page at: https://security-tracker.debian.org/tracker/curl Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmWHL5wACgkQEMKTtsN8 TjZQ6g//Vkn19s5W4JDyQToH46D/GS8HU0yFFxl2FCTaQNVwipu0/o7MXJhn/bGP SvSJUXXszXOrYNQXNLxnAb5HLkG98FZD+SNMLhz329ggYnUa3yOYjFnU5xbacRQV tw7UN79ouX8bPCE6zJMuGqC6aA6JC7/RDTw15E3nqHeUtZagRK/y6Pp6lOXBveo0 +fRb3opi+hMeSMr4QC+zw2pAxCYn2mRaZl7a42vxZ4iiuEfjTxMzYdJZSqosmd4a PIMcYtl8e1AmyDxD154rOzIVMobokcgx1CCmpPYbipiCuY2mp1Srm9GttSQSRTR0 buk0GJxjcsk+QU6HNJ58UHHSGiVhWlMr370kT3cotO0YDvtVBeF8vSdrP8zmNoKQ IyBW9WP56XHgUvd+t7YN7tlUH11r9yZBZ04DAgGmW/QzLu6JHzmwKJx9JxxDr34y Y+mimCp9wI/ft3C0i/uarT1q6AsXA/LNXc1pqdU8QuXrJg2lAaMqqU8YT8l6iVi5 i169oP0oezvOii5R/vw3cd/zzpKsNVwLyZfUWATYLRqzpbUbr94MsPCS+7fKOawY hCnAhUxx6/aDIWZmlVXkFtxbkskkBe9TTgc4nD0WVev7gPyImzSKzoaWYRMnsGMV DbdJgai96T4lXYI2PM2Gh4mZDdjqC4jubvSKJaM4MNF5Pq6VHf0= =rARX -END PGP SIGNATURE-
[SECURITY] [DSA 5583-1] gst-plugins-bad1.0 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5583-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff December 21, 2023 https://www.debian.org/security/faq - - Package: gst-plugins-bad1.0 CVE ID : not yet available A buffer overflow was discovered in the AV1 video plugin for the GStreamer media framework, which may result in denial of service or potentially the execution of arbitrary code if a malformed media file is opened. The oldstable distribution (bullseye) is not affected. For the stable distribution (bookworm), this problem has been fixed in version 1.22.0-4+deb12u4. We recommend that you upgrade your gst-plugins-bad1.0 packages. For the detailed security status of gst-plugins-bad1.0 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/gst-plugins-bad1.0 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmWEkCMACgkQEMKTtsN8 TjZOGQ/+P4p0HpeYQLjyb0UwvQ8XuLMd0BHI9AeBXAAvm2apCwIALqqTeMZ86YId XE/QiVqFccIMJ4GiyQyiSZLcS9py9RDLzw/y3pefi8n1gZdfLBJEvJtlYsPV0FD2 /a71aMG2hHqK2ez45mvsLJmGbanBaslC6cbJ5+/Y8psWBDq28VYEp3Zb5HnuHy2U 7lZIpZ1cQeChaE7ef+Qbnep6c8Lxyjf4fyBj2K5PqgsFuxqwCzzkPQDDA6A5AAUI DsdA27iTthBAOKjFJvh3TPuEdnFtMZghsYo0YU8OoJl47/gJhx36gFFivyudWYKN IHxOVbyNsmAphUDfwUyJUxKKbcFgx59AvTNSD2v2N7ulehYIN3GWjRgLtm30HX45 fPMhzoVQJHTBLmqtUviKc9pJPPV4bctt82p5iuCQ8DZHHImtYsJQbbBzzpjtv9DA zXRp/XyJoZwCLuIvwvcc0kYMo0E7CkGFHWfMJvVFmAkokc4N1bw3F/PEolhrlXwE Kx25Zif6HlX2QR7ReADL/fe9JdJqGYjLkq9KXHteg4VLpBx6cB+6Wcie76ONeA5C MWzancxEwMN2gSXymwB7gAtA3dKA2Dct34Gm0rdnRVR2Iafy4YyaIVbszUvHX5XB LHTHg0UNz7plbefH3kPBVCCz/G/AwHeK0DNusO8HNIwQAVZyV60= =6D0j -END PGP SIGNATURE-
[SECURITY] [DSA 5582-1] thunderbird security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5582-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff December 21, 2023 https://www.debian.org/security/faq - - Package: thunderbird CVE ID : CVE-2023-6856 CVE-2023-6857 CVE-2023-6858 CVE-2023-6859 CVE-2023-6860 CVE-2023-6861 CVE-2023-6862 CVE-2023-6864 CVE-2023-6873 CVE-2023-50761 CVE-2023-50762 Multiple security issues were discovered in Thunderbird, which could result in denial of service, the execution of arbitrary code or spoofing of signed PGP/MIME and SMIME emails. For the oldstable distribution (bullseye), these problems have been fixed in version 1:115.6.0-1~deb11u1. For the stable distribution (bookworm), these problems have been fixed in version 1:115.6.0-1~deb12u1. We recommend that you upgrade your thunderbird packages. For the detailed security status of thunderbird please refer to its security tracker page at: https://security-tracker.debian.org/tracker/thunderbird Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmWEkCEACgkQEMKTtsN8 TjYB8xAAiSFGWOK6s+7YGuc28bu4EEUHG2sUXJ9g43AD9DftxhVlz1fh2GbyXxpL Dyoq3rrZU3n8bVQTWLcfRcdLYOZlMNEaxN8K89lGRfh+864anLQIGGII3gsCC8qS 3Wx96W9Ydh4++iM55Yopc9SNAFKUKXONYU8dxolSYsDAwkhw4iU97TjURsImOTzm npyAIvVbG7Uf3HEnyb98KRr8OgbzdkJpg/JFKj5NLxX8QJ1kKpV9/8uYKRxdehNh ljlYXt2j5fqaL1jXXcOMkEuMgXjUl5Hq2dh6owEPkfHDRMMLLypsuCXDz+i4mAyY QGgrdNYshf876OT4cmf2O3d/lXExWdcALWGRd3/tLSB7KIoRUtit/+OZT6/jVvSj r4g4vfQvQHC7JlvUmrglmKrHQ3J4b0TEeMN3GIrUadMFSVG2C8pfS23e91AtF6Jy eg00ZvP8/voUiHWymJTgJesDxHsHK1ZRMqulaIHwNuS+DieOW2mqNmb/exuJ4v35 XwIFCrMBzmOkxDrfdiSLciXA2+qcdKW7QM+hK2hEzZBaw31OHgHTPZwzd2sMx9UD rKaejR/xKIMRgscqQcdISdsQTCmbFO98/iyiUXUF+j+itvdqrnaAn8ZEMtPj1dm5 4YzDuuZrWDrQ/IYxUz66x7NzQFAZKJc41toPY3u5aIx+lXOQZyA= =DbG4 -END PGP SIGNATURE-
[SECURITY] [DSA 5581-1] firefox-esr security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5581-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff December 20, 2023 https://www.debian.org/security/faq - - Package: firefox-esr CVE ID : CVE-2023-6856 CVE-2023-6857 CVE-2023-6858 CVE-2023-6859 CVE-2023-6860 CVE-2023-6861 CVE-2023-6862 CVE-2023-6863 CVE-2023-6864 CVE-2023-6865 CVE-2023-6867 Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, sandbox escape or clickjacking. For the oldstable distribution (bullseye), these problems have been fixed in version 115.6.0esr-1~deb11u1. For the stable distribution (bookworm), these problems have been fixed in version 115.6.0esr-1~deb12u1. We recommend that you upgrade your firefox-esr packages. For the detailed security status of firefox-esr please refer to its security tracker page at: https://security-tracker.debian.org/tracker/firefox-esr Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmWDPxAACgkQEMKTtsN8 TjYfeRAAql+aZ6PpAM1Fq4Cp1IlvDQc8BYNuKrjn9/4xYgq/bAnQyRGj1I0viHP2 dUdZl6CcndqE6NVgm1mYpCQ/TZJpwSSxnoXf46bB/lGNg17Cw7T8gWI5uUSs1K63 UOYNMr8HlCF35qZpU0+TrsL+q3qRdkOQOxRLSFHNhxuUQ+44pUJYKDVg6vKjHU91 oQEfjzmcgn2Z+tL/zyrt4s57XUGpZNm6Vmg/TUftXL5+CDodCNPRnIw0JBYWu2yf J3tj6cuCw6jDAcAouAsDcd8CbK28Bf6h2zUossRGVjSfNWeoshK2qe9L3/wlQB62 s0wrJ1MimP9k1y9xS4Iy85vf2BDDnVQBNgMR8mKnwt63Jhngpx8JW8oTbBKzx1oi EZkShw3CDWuCx7ooMnR8glwybPJqXMyZbt8H7dMO3IFEwD2dfNzVfwyEUq4JAOzC PasLEwCekXrTTxeZoYdTW4y8c5c4GEd9nvO8Hdk9iV/zbD1uhpgy0g6oQXciAzSH 6Rm92u2+HPwNOFjZAJMOi9eyqtdj9PqwHZ1uraXhtqCz8peD/Sg+YZCAXt0lLyVM +WbQqJOyH5n1POeEHbEikv1iMLXRw+Vkkbzr3u9laTdQ9Yn1b/ZfVblG6/N+hhlL LXYBXyYfrU4L6DMTnUave299Cq1fb8RPWVefcqAv6DoQX0P1GHc= =8/zE -END PGP SIGNATURE-
[SECURITY] [DSA 5579-1] freeimage security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5579-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff December 17, 2023 https://www.debian.org/security/faq - - Package: freeimage CVE ID : CVE-2020-21427 CVE-2020-21428 CVE-2020-22524 Multiple vulnerabilities were discovered in FreeImage, a support library for graphics image formats, which could result in the execution of arbitrary code if malformed image files are processed. For the oldstable distribution (bullseye), these problems have been fixed in version 3.18.0+ds2-6+deb11u1. For the stable distribution (bookworm), these problems have been fixed in version 3.18.0+ds2-9+deb12u1. We recommend that you upgrade your freeimage packages. For the detailed security status of freeimage please refer to its security tracker page at: https://security-tracker.debian.org/tracker/freeimage Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmV/P8AACgkQEMKTtsN8 TjZOgw//e8Bv/IaGizwfZv1pgt7WltqB7B/CcwaP4S1ARybOAEShsVvMUojq3ooc T8xG37LWJ6POh1w9Ks8mEtmhAcyap0L7oO+xUyBsvIy1Wqa+XK26AVeAtbSNyyr8 jIzfD/5B0cT8mhs7d3t1EhuLucB5n3VL2KWU3INRuo0Az7rBxrQO5lzT46dBJueJ DX4f5jIEVEbxvLCkox/COz0eQW2S0m+ry6qKnVf8F7lBBMEZQVzQrHI3sV5Eo9vK PGIBlQmf05qm04utwbOxKWCU3Aq+3aVt+5DJ62oGPBS/aLjsi3pN2wSay3kE/xV/ CUyV4N5R9NYPFqyPBC8gPgwDg1gOvIEFP1nXKpxWK+JtLRpZDg4Gl5Wmo9aE9Qin w7ajxY/MbtL+U0QsfqL2TKnZs0yVineV6aUffSZ6r64BK2FEVN5ZoRM4G59++8iE 45xX2QxM8DklmYc3Utyo2nmmckJNfwRnevTxesDHjxSUPMQe/gGtpFSiXmHK6LoQ Fxcv5+p8LS6JcRQINNXtcyHnRJt2jFsOKWZ5C84iNSy9tN+wtvR4dIOOSuGcxkmy DeIjFOMKXeYxqfqurWC0ipXJ39agh0Co4kqUXtPClpGg++/zVKZ3fNW6sQ/NVYKm Ej2YPY/39EWV894huQiXRkzpykOWIa/54Knpxz60FBID3s/7gU4= =zfhY -END PGP SIGNATURE-
[SECURITY] [DSA 5574-1] libreoffice security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5574-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff December 11, 2023 https://www.debian.org/security/faq - - Package: libreoffice CVE ID : CVE-2023-6185 CVE-2023-6186 Reginaldo Silva discovered two security vulnerabilities in LibreOffice, which could result in the execution of arbitrary scripts or Gstreamer plugins when opening a malformed file. For the oldstable distribution (bullseye), these problems have been fixed in version 1:7.0.4-4+deb11u8. For the stable distribution (bookworm), these problems have been fixed in version 4:7.4.7-1+deb12u1. We recommend that you upgrade your libreoffice packages. For the detailed security status of libreoffice please refer to its security tracker page at: https://security-tracker.debian.org/tracker/libreoffice Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmV3VjIACgkQEMKTtsN8 TjbwORAAuB60r1xUa5p57zhnUoQUsbnl/TvmwcHNX9mL8AgXgwN2ni0j5YdwpVbP lAuMHf/LaoHrOeHQM+rxV9ATErW28I7hHc2Iyys9nUVv8vKwqhu5U1bTloNUIH4t UcqxZS49ydLgAV6YqcycPJZMXQBq7N4rcWLf0oIS+3aR3ZW1bPcydOQuLUe9eTT1 9V8hSpn3w58xKn/f9kfhvCW4xjm8TICMqmHGFznUgr2zUvFIIL4jlQyWIOtC8vcv X/PGr5hCVOiUeFgnGltiEe6KKJoVuBzrO1FDnewVetsqzqUlWzJ4djyMiKn0rFDn voo0DNA1HO32jQi1KNDmPYSyRr5h3VneYJSAfUdpW3Q5pX2KxaCgzKGLV58rr+qy fzEd9Z2DqCP9tiBYZmzFQRQ7WsTHiKHV1gKD+jTVO0thpGAZvh5XLS5JBs7FnrlV x4DCaXQLkLhshv9dsevSq2ssyzcfhUCuvA5m+tbXeZGmukulwH70sUZSCj2Uz7bN niUWUfu/kM/Y8SmynZYvNO0+daVAn32EY7xXmnTvNykRRuXDkL0r7mE4UXLfbWPi sEZbANWHJGWeVT3Ucbroko66UMnygl/0TIzqZifo3wJTBEEVExmVlvunsnnsdl0x ZPm2DUMhs/3T5xd0nP0ySCzM1BsF302PocN+I9M/LkaMhk6/X0U= =yhb9 -END PGP SIGNATURE-
[SECURITY] [DSA 5571-1] rabbitmq-server security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5571-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff December 01, 2023 https://www.debian.org/security/faq - - Package: rabbitmq-server CVE ID : CVE-2023-46118 It was discovered that missing input sanitising in the HTTP API endpoint of RabbitMQ, an implementation of the AMQP protocol, could result in denial of service. For the oldstable distribution (bullseye), this problem has been fixed in version 3.8.9-3+deb11u1. For the stable distribution (bookworm), this problem has been fixed in version 3.10.8-1.1+deb12u1. We recommend that you upgrade your rabbitmq-server packages. For the detailed security status of rabbitmq-server please refer to its security tracker page at: https://security-tracker.debian.org/tracker/rabbitmq-server Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmVqQcwACgkQEMKTtsN8 TjYyAg/+JsQaCGn5vhqe5bKN6WmJpnfR+WYTx9FtAfitkOcBb+s+g0dWudOS1kDC In+gUtelwMXozX1uAt3XNTicHCY9tRaa8fNXG2nAkwq11p6Te20ZO1tbg6/OOtml FsXO2yGszhWaqUwkw9GseSBpVyu5lr0cdFIrqdelzGFwXdAiVnlV5rWbvC1IgsWy L6dZLs+OZcrnIvPEG2lRHt8+0dvFh0p4bwFpKJXxnmBREMXH46D/RgyejkxNkqnt acLala7coqO4ePsYFrCeXrP1IoC8VRtk5iz1jFSOqiPQY1q9nG10iiL2CnOPAJ8w 6H5kEzoP8zHzZo2pWvcmQVtzaQ3IEh8xhF/jkiw248Fzf6spjxRM2Pa6XXtWmpUt NNQUps8vzbQOC7gNPDvYsy8ZgE7HlOj+fzG0v9Ny3YGPUTfG6Ag98pOZtko/QO8v 5MIiYlMwxEb57wotAYXXYELO4IW6SI8EGisT5oaNjCfKRGDdg83GfUnhVPC2lT9j f29RbECgxjFh0YHV0Kd4sLzWKxV8eXtSMYi2aZCdahoyuk/9JejoevgdgcudsBaJ LEXCNepqwpYdLyPxYAySpuo3WzyVgzjbR94zQGH1Z1xAumXdnFNhQH6riomKERZU wg7tUWcOGCyu1ey/h2+zaHPscvSm0DmlZS2lXMgpY3OQTfFsXVw= =vX+w -END PGP SIGNATURE-
[SECURITY] [DSA 5570-1] nghttp2 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5570-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff December 01, 2023 https://www.debian.org/security/faq - - Package: nghttp2 CVE ID : CVE-2023-44487 It was discovered that libnghttp2, a library implementing the HTTP/2 protocol, handled request cancellation incorrectly. This could result in denial of service. For the oldstable distribution (bullseye), this problem has been fixed in version 1.43.0-1+deb11u1. For the stable distribution (bookworm), this problem has been fixed in version 1.52.0-1+deb12u1. We recommend that you upgrade your nghttp2 packages. For the detailed security status of nghttp2 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/nghttp2 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmVqQcgACgkQEMKTtsN8 TjbEqA//QDCmDN5CLJGvcajpO5Ys2AbOXT+i7cTVhPDjFSnNs0CajiY/ay2qfYNX 2L5Bk5XPbFmLWD1QhvpMysXYFOJKxyqzhhTU23Ha2cQS4M5t2SHzkoKPyD+Vk6wg BF2TwwlZiSJTMcQqMcw2OAUAfwwaxPVIT0wB8VNY/I7HO3pvTKXSFl9Wb0Y2RzZT kL8ci804D57Uqi45dM391V4B3UfoQ/EK+bYhbu8qDfp3/gL7gclRy2+v+by1JwsN RUKM+nbb4eB0L7XM4rWmZrB4o0Tp5KblwNYRmUh7aCxqIuHRvwzRmQYoEB0KXJ7j Udv0/cUISbjkcIZ+lTIduhWRRvQxjo6M9rB0Tk6jFjTwXWRpWKPcYBYz1L8QKN+x lizyctsoT6TJR+IeJmbAfkY8hcTT1j/PZSn1udnRCodpXjUccn8cot4NlU6VWtzw X5hZCYGTlyeY3oKuPusES6bNsYqzJNp4ObU0xOTvES/ru8Zmiz/76Eufg3+oDo3S gYKVFcchgp0mk20owdWHTadQpIfQFoJkL2FWYWFhXuTGTe30R9bsMIbDddaD3cYs 6p7AiwYljhYYWqaVmRCAhiGerpun18NZhKUlV7ZMF8yQflrVddPqoVTVQEpWx6ZL cuJ2u/oag8DdQsfXrQvZWcVWdp77itr+ZeBhm7Xok0+jPDscFDo= =P2Nw -END PGP SIGNATURE-
[SECURITY] [DSA 5568-1] fastdds security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5568-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff November 27, 2023 https://www.debian.org/security/faq - - Package: fastdds CVE ID : CVE-2023-42459 Debian Bug : 1054163 It was discovered that incorrect memory management in Fast DDS, a C++ implementation of the DDS (Data Distribution Service) might result in denial of service. The oldstable distribution (bullseye) is not affected. For the stable distribution (bookworm), this problem has been fixed in version 2.9.1+ds-1+deb12u2. We recommend that you upgrade your fastdds packages. For the detailed security status of fastdds please refer to its security tracker page at: https://security-tracker.debian.org/tracker/fastdds Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmVk6wsACgkQEMKTtsN8 Tja2FRAAqpa1Zek52KcYiyQSucpEe6ZLajVfzKeGKvieFrfcf491GDYno3sQhF5w 2uWRyZ3I1OjJk9uuFWj4ql2IwNs3nudefqR8OCEQk4oSZfnWBX4UWTMiuCncE1+g YobKkoWlGDGjpS36lT/GX+L9nfq46ERgZYPqQJjLb6xU+vJzGMo29LVGVDliF4VX 5n7DZlVbnAWb+swXPp0sIIV/F5EPpdgbygisPSAVynCxF4eFqxQfiCOpkXkBdzKF 27RSsJQJggfDaXiz11t8zkhWWJQU3pDyrRn79NfkyXc0IPNH4q2C0+vQZ4bHQLFD 8NuoQqZ5Olqx9Z742z8+jXWpphP7nvEcEhItNFnZNE3EBqJ8T8Aum1NWC4vRSQIR 8G/Ii9pd8dU7yTBGNbTSqyM8yTzMu4oEuvT309YVC4q3E2P51ZwUpgr7edPZRsXy +T8DgzVGgyB+iSVhxmmlUK0encc9O3JfVb0a8mCfM2DUSICJCTkXPYpZB5N4En57 g8P/AF2u74Rq/y/SFwoJAZyE789wXDQOLTZJSQBmFbCSL+mLNe/8W8ZAl75TS2fE 2YulahAVceLuy64TLXnOGNHmUiWFeoSY7Ad/NSQyjpCssPP7VcC5sJC94YgEsFey 2/0mf72nviY4cT5K7D8f2cVnTR74Tc4ICVxbe2SMect/x8IRP/E= =eh2N -END PGP SIGNATURE-
[SECURITY] [DSA 5566-1] thunderbird security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5566-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff November 26, 2023 https://www.debian.org/security/faq - - Package: thunderbird CVE ID : CVE-2023-6212 CVE-2023-6209 CVE-2023-6208 CVE-2023-6207 CVE-2023-6206 CVE-2023-6205 CVE-2023-6204 Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code. For the oldstable distribution (bullseye), these problems have been fixed in version 1:115.5.0-1~deb11u1. For the stable distribution (bookworm), these problems have been fixed in version 1:115.5.0-1~deb12u1. We recommend that you upgrade your thunderbird packages. For the detailed security status of thunderbird please refer to its security tracker page at: https://security-tracker.debian.org/tracker/thunderbird Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmViiyoACgkQEMKTtsN8 TjaZUhAAmpG5pqXk0eb9Lq/+PjBe6TjmyaZ1NUbrqnaD7Nygcq3CakX7vrLtlfT0 M8JUiqHBIpAKZr5E/bs62bZDrf3EGzWJdnHkPs/pI9mpqYMPHxKuuJdOxNSnx216 R5DUTMe945XodklRslY6gUjuPGlYIpmGSQwMSDnwCgGGWbJ2aRwML3wS56dgv/gd Uu7tsD7TBa7BoSTdwB5/J2faaGfptCcTTv5mBk4I4+sdUVo0c1Bzuy5oCVrwUpoB PtGKH/lRYyUW9S24O4yN26Up4UYbK212gAiiYdcoXCGxCzcmOuxKjPp4e4qxlR6F DYndBKM0zRJF+bIaeGQPgEcU0iCwq8GNcYykDeezUPV3OwA10oHVZZyJjHHEPIlT 5Q6fbwWlFRqnjfmktJHWwlkQNSi/jI7UiGnnrWKNDtiNyRkfhawHPBwRDhZPxk2c E9drKQix9kt9OnJ9cWyrHwLa59VgZQmJ/swFBXZaxpetobNivCa1t0lCpbor jEV2RCrWrd1+AEDiXJxOpU9owLCp4RcBHDnDD+rL+s+CAo341HRhLVj0mYBWQcH3 VtdGUxoKOfqUNZ1pw7uNNixNh3pJT2elJGn3c029nbNYFAGwrmUDoBt3+EKvj387 s8QcNcCJCbqdyFqs1v3nQDXHe4zzcTohEIkt16dOPWLpfWodqoY= =o6QP -END PGP SIGNATURE-
[SECURITY] [DSA 5562-1] tor security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5562-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff November 22, 2023 https://www.debian.org/security/faq - - Package: tor CVE ID : not yet available It was discovered that Tor was susceptible to a crash during handshake with a remote relay, resulting in denial of service. For the oldstable distribution (bullseye), support for tor is now discontinued. Please upgrade to the stable release (bullseye) to continue receiving tor updates. For the stable distribution (bookworm), this problem has been fixed in version 0.4.7.16-1. We recommend that you upgrade your tor packages. For the detailed security status of tor please refer to its security tracker page at: https://security-tracker.debian.org/tracker/tor Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmVeVPMACgkQEMKTtsN8 TjbMIA/9EhW1HGw07Hn4iLfT369mukHIEN8TNTS1hGwRKJAf0yZFnqdqdKJ7EsBI NIh8LlaHxq09JmMN92oMSvenMMrmpCYCRL2UicPTO59ChueUmIH9gLgr1EqWly2b /A09bfCc3TXA35XDzdFWHuI6k6BV6YVQXfeJP4Xxqg+wrYoXSKq1urhtCIT8+11m mylwKsE0uaIAatMhpLRDPCc4yp0brQTklup+bn7GMpgQbbyuPHazJMYmU7qgRh2u 9KPa7XMTt1mpx/b55TRQ2EatVwpHukY131putTfV195i96yD/wECZ9R/ey/maF17 EGDq+FtnTus1ePuZmV5eVAZRe1+4wOlUoUggVysJUsor6CYIJ0gTwdozXRzFfR4n kfF+odUBhJAivLvPi9UB0iLo3o3c0l83l0tHRsCVC3TtBo1svo8Q4Ri9p8U1ajmK h8AaNHzGgxwdmot5vbTkyO/Hy4tR7Z3PTWne2OsiL0NcQdQZ1/Cxbcr0h3BFF0fk YtQhG4pMa7luQxQC4GSAVQqKqB4IR4RnSHflCpQcbNm3g9UyYv6G4m6RmVfRuSla G04TOz3MkLqzdn3iKLsyMbQw2Ojq6CWRUYa4QazjIb6owFjQnarUGKDxlnKtJW2W 4IJVCi0Wgt2HwmgCtXjOEqtyhdPhlCGNEViocseong99Mz0Sm6E= =H3jh -END PGP SIGNATURE-
[SECURITY] [DSA 5561-1] firefox-esr security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5561-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff November 22, 2023 https://www.debian.org/security/faq - - Package: firefox-esr CVE ID : CVE-2023-6204 CVE-2023-6205 CVE-2023-6206 CVE-2023-6207 CVE-2023-6208 CVE-2023-6209 CVE-2023-6212 Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, information leaks or clickjacking. For the oldstable distribution (bullseye), these problems have been fixed in version 115.5.0esr-1~deb11u1. For the stable distribution (bookworm), these problems have been fixed in version 115.5.0esr-1~deb12u1. We recommend that you upgrade your firefox-esr packages. For the detailed security status of firefox-esr please refer to its security tracker page at: https://security-tracker.debian.org/tracker/firefox-esr Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmVeU2MACgkQEMKTtsN8 TjYaBQ//Q0UIc5rK8lkm+CPkloFz8UCwFthZyP5d32mjMI/LzO0mk/JqYc/8n/NI +eJ34GLzLW1oaF/puNSGtITtwWL3908/qXiE/EfEZSW+NBUV2wRZrchUYuwXSP+S xxxXKE0+LcuQhfLja/LZMvvB8CNPAT1+zaLmG/CRu/8VN++e8wE+daBbaYg0KOKd vgDtYDNX+3aV7CEuDfQLbRPJh+RN0AGusDXhMLJdn5FQC4q3mielHIxCm8dMf/DV PR5ugVPxCIhm4r13zAaTsqI4zQzIAEKss/PZ09Jv0Rn30kFWRr5Jmhv2yWX0HhAg bx2Ot/LySgHoQkfHjREkYrdV7tS3lh2qraiDZUChuNIR5QxUwn/TA6mXLSCUDk7o sXTJa/+lAOo0a838cFPNBLYgQxYopWUo6OAu4331nJyNPpvlPbTdZnUpH4UOgBUj oD/mEq41JwDPkjweP4bYV5TmdHAlPBxnv2ELLcsEavAJRiCcroqEl26rd8CPUFH0 eO1UgSdGZw9HOjW0+OOZQQVYeLHLdMIrbUL5jIPpix1N1aa/IEc7aXzYa8O1F5Qk I5bcFJ/7yLy7NZs+jXWs53z78bJc1mRoQWs45KQlfAGXtljFYhXIvHy6O45jWi6R /yr5DJYZhOPhfCkXjh8tWUcKcLhFF5jzZImjPk97TSjkeCoidMI= =q4yZ -END PGP SIGNATURE-
[SECURITY] [DSA 5559-1] wireshark security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5559-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff November 19, 2023 https://www.debian.org/security/faq - - Package: wireshark CVE ID : CVE-2023-6174 CVE-2023-6175 A vulnerability was discovered in the SSH dissector of Wireshark, a network protocol analyzer, which could result in denial of service or potentially the execution of arbitrary code. For the stable distribution (bookworm), these problems have been fixed in version 4.0.11-1~deb12u1. We recommend that you upgrade your wireshark packages. For the detailed security status of wireshark please refer to its security tracker page at: https://security-tracker.debian.org/tracker/wireshark Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmVaYm8ACgkQEMKTtsN8 Tjbp5A//TSNrnxYrdW4XklOocknIwdtDtzt3AcXA6MLRlWmXnR9I3JWAnfWG84ez lXM/p3kLRN2bzfYVqhL2MpCNQzDyrTpx+0GWSImkPy520WlIrC64GHOqffIffDeF +28bQfdhbI13Kcfc9F7/PLIA9VvzqoFPHlCVdJhxvaCCJHBN2HefNC4fnEKlpU+Z I/68nzvzZsJG5K3tcdUp9BDYr8eRqmfWwuIteTBqfZ13ohvU8lYK6TNZah+NiGoS UmLGtf/5QMXeytiIVDkul5+b206ckvotm2EZQXtZntjZijPbLI1Fh8rPAuVDEbmB QOwYYc7OKlNDKl3GM2bnMXbJaNDBJ2YJk2hO5OfTankrnY54LX7R3D0WBhsDRb7X 4tx9shgWOm23aigUj0ebR5jVmaDMYAOMEr5U9juPa8LBRu9gQWRbuuwADTcjsGQi YhjqKoGrCErSInuQUyNSgmyBQgeA4uQipSLpQozt42u2CfBJb5te+sI/USF9xK6x usF5BZK+5leinGLQyDd/wMn8gx/UzbDcvjuT3XMek+1fJjVfzLehorwt+Ck4yXc9 edKRFS86ZRVSchFVmZUFREGszNQAwWUbtlXfeLBIF8yNqp7E9qTMyjBpCplk/Vnb 3va6wJhMCYTUAgBYVjQ2P6tCPyQJHB8HrXgexcBluGBuu1q2b4M= =sLQ/ -END PGP SIGNATURE-
[SECURITY] [DSA 5555-1] openvpn security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA--1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff November 15, 2023 https://www.debian.org/security/faq - - Package: openvpn CVE ID : CVE-2023-46849 CVE-2023-46850 Two vulnerabilities were discovered in openvpn, a virtual private network application which could result in memory disclosure or denial of service. The oldstable distribution (bullseye) is not affected. For the stable distribution (bookworm), these problems have been fixed in version 2.6.3-1+deb12u2. We recommend that you upgrade your openvpn packages. For the detailed security status of openvpn please refer to its security tracker page at: https://security-tracker.debian.org/tracker/openvpn Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmVVGAAACgkQEMKTtsN8 TjZneg//bSgv5wdYUyFUWMI0hIYO/uV7bSCpUoJa6RG7BlPQ5zihVq6kw5MA+Dq2 psZYDGcQZwM7Dne+bYChAFBL7+QrXLANLrZVHKyOeA5gRpDvlquGNR4D3ZloMVIt xdWpmHPAutHdWdTifZ390toJCWKKZTPRvxrohiirHVIQH03VYCFCupJYyZTFMOes vfz1t6wPoiAGlPvAkMXBHzCPAkRjOcz6S01V/dQPQbvo6oW9MNHCT+Upfj0M74rV Z9v8fpbnXzonoNoIDm7YQud+fIEDIr63m2kB0M31qO8jdWsvLrBgtseX6VO5Ni03 UBeDAPTId8foPomxvhvl/8jcoMF/u3N3tivR2n9pV3vZKN1c08cH2vYnlal2Q9i+ 5W2EDoshUKHbMznmDsB98ByOglVK671mAyyb5ycfb3deXnpYX3fDWSBCBBBzKTgX W7xSSK0gFb/GLaHl7vmK4bjKv0qrTBDlEX+d84lI6f+zYwOBFyU+u3fITyKPCMp8 SqPUfdNg77Ijco7YKZdofi9U549uqqKW8dT5HMZglo8yG1H8w/7LFG+Df8hZ+dp4 qJQ7tYBEZP8J4XlY1btaPE6F9JKqZSkvUW5jPmFNzfU/Apb0b0dvnfFRr0/BhkFL 0fYxClI1C61qRavE+mqYjt1o9+IwZdS6tBxReZG15D+XoMvdFf0= =8EOr -END PGP SIGNATURE-
[SECURITY] [DSA 5552-1] ffmpeg security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5552-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff November 12, 2023 https://www.debian.org/security/faq - - Package: ffmpeg CVE ID : CVE-2022-4907 Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed files/streams are processed. For the stable distribution (bookworm), this problem has been fixed in version 7:5.1.4-0+deb12u1. We recommend that you upgrade your ffmpeg packages. For the detailed security status of ffmpeg please refer to its security tracker page at: https://security-tracker.debian.org/tracker/ffmpeg Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmVRHAcACgkQEMKTtsN8 TjarbhAArIXbV7G++JFpuwnvfFkrmTxT9W9k7puRlFLmnErCKQ4S2GHAd4FmOuTy UDdqIMYtqpRDV30VIQu+TXSmt95Fbms7WStzbcN37s2nELdKWObMYMg60Lhscuji JZOJvZGtd4m+btn0Oj71ajcumwOBiqGu8mNI8HBa2gMWQ8z1aol9TzfmcuKE0am4 OmheqN3I76wXncSWj8lFqJujD7YESx8liLCBNJ3Lt7lsG9B7Dv9iDcyhADMjX8V5 A84OP1eKVEfiTxfHGN+ibFQp3gnopCqTIWf4VXmi+UMBJqvaNyOuKG50pl2qh1dl Xq1CIc7mHqrZbMWi7phvunozyOj+o5uzBCtdqZ/jEr5htqGNyXONqzSZUmm+n39m Z5IxZG1DVJ9eZiJNwCBqJ1xOvWYGnT2YOVOIWUhCi3jUIlq809mgZ2bVslN6XqMh 8TAEKZ03fuDIlutCHX39fs7hKg0f6GEFQAoN1Kp8G82WSa/qEhJC/3yQcAn3x3dP IPzickWnizYyDXgbO15DnfbG2hPioxI8taXPRBibSkGssXYDyiuHQ4T0x+L39svl 5cXdISCpjO/D3U5EsO1M3/4j02lOfEaOlgNCySF/oWWXhXFqybtAcArYVPN8fxfO aWPx96f+VwN4aFl+WlOLP+u2rY9VxLUVWh1lElr8h7cC2wgwClU= =V1mm -END PGP SIGNATURE-
[SECURITY] [DSA 5550-1] cacti security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5550-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff November 08, 2023 https://www.debian.org/security/faq - - Package: cacti CVE ID : CVE-2023-39357 CVE-2023-39359 CVE-2023-39361 CVE-2023-39362 CVE-2023-39364 CVE-2023-39365 CVE-2023-39513 CVE-2023-39515 CVE-2023-39516 CVE-2023-39514 CVE-2023-39512 CVE-2023-39510 CVE-2023-39366 Multiple security vulnerabilities have been discovered in Cacti, a web interface for graphing of monitoring systems, which could result in cross-site scripting, SQL injection, an open redirect or command injection. For the oldstable distribution (bullseye), these problems have been fixed in version 1.2.16+ds1-2+deb11u2. For the stable distribution (bookworm), these problems have been fixed in version 1.2.24+ds1-1+deb12u1. We recommend that you upgrade your cacti packages. For the detailed security status of cacti please refer to its security tracker page at: https://security-tracker.debian.org/tracker/cacti Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmVMDYgACgkQEMKTtsN8 TjYzmhAAny8lZgRdlKAadeOGxULyDwZMzGhq9zoHUX2otN3nwIuQEotG6m9/Lc3+ IQNpase5cNYZZMlF7lA5u34cbHNmnVnraEARUnU1PwsFOjAamv8JWxEfyGEV/V0f Saj7TNBYarHBGGHXhX1uFYQXMyVSTGNWmof7AmvhHol+CqgxSfzhq5i/ue+dtnNA fx1pZ+SzznBJsndUeltEi8CdsIqcdGlldO0UWIj9G0pF2Fs6bvfi9heVKF1D1Wax UzjUZUdmSgzNZ3d6RAjhfA7ButjKdViaKjE93ARfOcl1I5kvR2whqe6RILkx+7Nq oQ/JdR1uYbg7wmKPb5+zivmJWk+PBXXlncSTkzuUC9JTx/ypO5x4/op0SD/hz2YH hFonL4Y2tSgQGiAuBqYwWTBjy6NyX+59lKSrbNF2Dt1GdTtR1Dwvzxe8NneEV+kD MwgTEli9D0QDYu8pF6b8OegkK0UJk/gu6w/88xF+E4zTvoFjeXI/Wp9c0sN0zqgy UIWnLyhv5PVYa5TJt1W0RK9QmZyNJ6uLv0xS4LKf28TYU4rI8ilw4/w8lDFE3ox7 pUuSa52b2cK5R5I9UXCwIuT+RQZD9QMu8/MFgbmBlI0fXol7Qr7BblK7vEy+HADg XcJQXJxhDcsIfy5YXNj1N1ps3My/FUD/Ui1gCM/4zt9sg9OMiJ4= =Exbi -END PGP SIGNATURE-
[SECURITY] [DSA 5549-1] trafficserver security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5549-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff November 05, 2023 https://www.debian.org/security/faq - - Package: trafficserver CVE ID : CVE-2022-47185 CVE-2023-33934 CVE-2023-39456 CVE-2023-41752 CVE-2023-44487 Several vulnerabilities were discovered in Apache Traffic Server, a reverse and forward proxy server, which could result in denial of service or information disclosure. For the oldstable distribution (bullseye), these problems have been fixed in version 8.1.9+ds-1~deb11u1. For the stable distribution (bookworm), these problems have been fixed in version 9.2.3+ds-1+deb12u1. We recommend that you upgrade your trafficserver packages. For the detailed security status of trafficserver please refer to its security tracker page at: https://security-tracker.debian.org/tracker/trafficserver Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmVH8qoACgkQEMKTtsN8 TjbxOhAAkZMjvXgCcE1d9hO03bcOOVEU8dm3D7POoeIVqmZlgHRH6Q7xh1E3ER+C dl2Nix0Y+8KiCP9JjL6K9yzNcMpmeQ1M6QYD8HJxyj/ihVpWv+SMrdelVyYG5BPM ClWLHzNk6oQm3fMWE//EXm6vxoXOust61gTjhjozV7D1VvWYvLdDt/w59I+wHHc2 XIJ9gVakNvVrmdB2ItEwrYmPrRA6uECB3ag3xP4Wh1H9SkwVgcbBW6ZrgmPAjVQO UTxdCYJuoWkYavr6bolxUG833DfnJRPk9mZJVCdvX4FJnNI6Mp/XGWQ0KNx8K2Xj u6bG//dTJ948q0i5c4thWlCuKkalpZAJ3KxcFyZo6Io1QjCaSN49Rj1agCuiJp4r nmbh0GAlebvOypuiOZieJEEbTIhJpgF1hCLS2jy/Eo8qLP7Iodvr2US7JNwVEirj v0GZx9w9uyFYKfNgRDlJDdaJsmi+2YfbXO4uxp8rFNUY3acL/P8mTsMJohiWjNuH q+/hY7egr7igRPSe+zl2m/tpx1zlPxH761qMqdTVNwztE4t09vW4crPrQ8siwmC1 0HCyGef7R8eNqlODCwpeG1wC+DXHzx00FWUG1r24lNGf7koFnsuALJBPGRptbHqm v6z+piRi8deQNb1vCsQXBzsXjVrK+i/MAAjNixnvTJ9BnVh2ZPY= =gKYQ -END PGP SIGNATURE-
[SECURITY] [DSA 5548-1] openjdk-17 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5548-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff November 05, 2023 https://www.debian.org/security/faq - - Package: openjdk-17 CVE ID : CVE-2023-22025 CVE-2023-22081 Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in denial of service. For the oldstable distribution (bullseye), these problems have been fixed in version 17.0.9+9-1~deb11u1. For the stable distribution (bookworm), these problems have been fixed in version 17.0.9+9-1~deb12u1. We recommend that you upgrade your openjdk-17 packages. For the detailed security status of openjdk-17 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/openjdk-17 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmVH8rMACgkQEMKTtsN8 Tjahiw/+KV2CipWhe7kpI5GXnMkCH9lOIYYv6S/zSu3RpB/zEH72QoAfJVRPazNy 6ubJtk1kbrkc/mo6RFRw+0yVuo8czZ2NiVYc7E+pmVdCu1QT+M1BlV6xhN9KntpY pw2V+/+toyi0lmMRl13FgMC9loUdBHJO7zHbfNCKZAQHoBt1JK1UChwKDUC+UeGr 0A/4wk5gMaKLMizr5nSEXsJS1D0cnAeqogIU42G6MdHTQnF1dTtXOtA3VbS+AnAl cPea29ALDnpruizp/7pBCu4q9hGvCrKYHxZ5ZIwfS7shfYSN0qqAtqmsw8ZSnAp6 MlPwbdKfYWFhujvT3prQEtgPqowK+sMjSRHvjZyXIYrYK6/ORduckVpSHN3Ue3V7 UcFKiZvVrub6YB9nFB0fbHs7FL4N/Eb75n8B5OzaHM1RrH12NNKWw9aghHEMofQB Isai5wglPnERZqDOYuUnrwxBfsRKGbRsYl86wYCnDBYSDtO5o6Fdp5daZBtm40dl fo4GoM2FVlkIFKR/xLviQ/l+q8bc3jOcT4ZtgiVlYHD5YuunT9pMxOYHHMF4NeP7 ve+hB46m3GxVgeu50L3e7bOLEDbsMwXbhzN+IvR1IBNuwEvXUWy0jg4GZJQ30u7b l10rG4HjAvcL0U/axHmQcaKZWwd9cc9EfbQMUTJ5UzuSN9YcutA= =vysv -END PGP SIGNATURE-
[SECURITY] [DSA 5545-1] vlc security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5545-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff November 02, 2023 https://www.debian.org/security/faq - - Package: vlc CVE ID : not yet available An out-of-bounds write was discovered in the MMS demuxer of the VLC media player. For the oldstable distribution (bullseye), this problem has been fixed in version 3.0.20-0+deb11u1. For the stable distribution (bookworm), this problem has been fixed in version 3.0.20-0+deb12u1. We recommend that you upgrade your vlc packages. For the detailed security status of vlc please refer to its security tracker page at: https://security-tracker.debian.org/tracker/vlc Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmVEH5kACgkQEMKTtsN8 TjYMow/+KOrk/MxdRYRFak834AI5p0eEiDJIJm9mdZmoW50O2w6ojYzhXMaMor91 FYcE7EqhwbxIUnXayeMkRYktH0ihPVQA6J/Gzn3IVGVRR9Qk/er1YjHmTgaGRz64 2138+QB3YoZuYYcbTOMDfKLihDRIjW9qt1SSJibOS5qXOlYQ/YTYdNSSUu4xt7at tLUDL/fYyuCiRGk9dkh0joc6UHzymufLHjN0YE63izBIx6LrygGLpueRqgGsphJG kf8KtZa7mE7aLidn/6RCEKf+egBvVukF7oFU9YrlNo2pChdpacB1f6Yj6p1kmHiM QifST6ZCVc+n4FkwpVfPMVxs/XWzuJDtqV6nOKQE0omNfbHDjYRykGkzWqIJVPl5 ysHSYGf00I0YO6eiA7oXkfv6QKItHw3XS1PtXczlJVJE7GkrO9h9n+tgaq50Qq9L 3dfHxHgifCLk6wkSls42GRpvpmChsI1rLNQBYE2+BqHeygeshmntJAjhZpKBSTIj dEJq2QdKW2S2YngN0FAdWvH1UhgtaZmiKCmflNbMij+4tuE09OGZyTyMcqZh0dt3 1S4jNLlzk5BqAjeEgkn/SJYFI5bhItHLnDsglJAsQHdFpRX2DObMZmmfRRVjFGSx a8aTO/mMpPzyg2IxQwt08XZlj5diO25Gtvdt8W17MCQ3W+Y7bEQ= =5Fzr -END PGP SIGNATURE-
[SECURITY] [DSA 5544-1] zookeeper security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5544-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff October 31, 2023 https://www.debian.org/security/faq - - Package: zookeeper CVE ID : CVE-2023-44981 Damien Diederen discovered that SASL quorum peer authentication within Zookeeper, a service for maintaining configuration information, was insufficiently enforced in some configurations. For the oldstable distribution (bullseye), this problem has been fixed in version 3.4.13-6+deb11u1. For the stable distribution (bookworm), this problem has been fixed in version 3.8.0-11+deb12u1. We recommend that you upgrade your zookeeper packages. For the detailed security status of zookeeper please refer to its security tracker page at: https://security-tracker.debian.org/tracker/zookeeper Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmVBUggACgkQEMKTtsN8 TjaJAQ//RJ2xwJfLXiLajonTRcY6uhLmMT65GCkzbaVs+WExii/Ip1RWLTh4LScQ G/OkOQGEs4OhlxSEBzkQJTSuEvY42AU4aBBSjollcA7HmlXZIJCabuZ69CWWOBJW 4Ad57iIi1orRhVjt7Yyd2puZlDeKisnwmPB4kJeYUPGxIWFe8FXnHfrUEUs3xexu gjJoMNXQ1xLEjtg8pRCbgDtxZEeuV0Bycbcd/TZj5m8j9UcwXRcA+IX7usHQXYH8 fCFTfl+GtWE2/5sOnsVpSK5/u6l2FabvkdswzcehShNAAdamj1i4SCF/p3yGSgw1 FoW7Lsz7rPXRBzlo8x4iAa9X4ykqHByowt3H4GwJcOS66E2+7AUhrZFRzTDq0npC 9/xQ0orwWwMd1jRBKTWob2H/FMyjcZnRB+eeT1fERTHPQWXAuFkqDzh5YOMevWgx /YP8nfEAAiVWtLiJ45VhUJcjyM9lqoGL9d3YoUVHVmsFu8UI3W0WsM7eQaz18Ql2 FQ315O7eFhK2VY7NTwlKgsFdA3pMtR3oYPXgsUHJVhZJHT7wT/ZJsd5CEVSo/wwk s14xoVC/vOmhOaUBoPI2wvqzF85tJ1DNhnN3qSq79cLO2e3I4/XJwApAUarELzcO e5J/T7PxF2YyCzmUvdGoOZimzaYMtt+xRIoplqXcrSOJW2X5BGA= =f4nP -END PGP SIGNATURE-
[SECURITY] [DSA 5543-1] open-vm-tools security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5543-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff October 31, 2023 https://www.debian.org/security/faq - - Package: open-vm-tools CVE ID : CVE-2023-34058 CVE-2023-34059 Two security issues have been discovered in the Open VMware Tools, which could result in privilege escalation. For the oldstable distribution (bullseye), these problems have been fixed in version 2:11.2.5-2+deb11u3. For the stable distribution (bookworm), these problems have been fixed in version 2:12.2.0-1+deb12u2. We recommend that you upgrade your open-vm-tools packages. For the detailed security status of open-vm-tools please refer to its security tracker page at: https://security-tracker.debian.org/tracker/open-vm-tools Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmVBVQYACgkQEMKTtsN8 TjYsrg/9F9eIADdIEeqnR+hc0Dc9YE6yK49aTbADMw3CBAARSRKHtcDsWjqcnRON hvzZapmYQ64g7Cxp5/8eD+NnL/69zf+hYV171QJVJ62gfnY0jISZ2hsvqDFWkZK2 D3CxX+8OVrwAJClFgE7BztjkWE8xl7KkpdD4EsbODZeFbGRvq5/fMrfltfZ+iik6 5RcHLXWtWVPQ5B/HPkL02D6iMleB3USl9r92EhM94dGVpziW37a/mPlsm/MjWFVp XXXEXSGX23t33A8iihBLJxroPNLcTG5KKl725zocg4VSmxuzUOX1DbtSNWP+jKfb SrB+a3F6Y2VWN1R2F1sv0zEjpsJmkFysIMa7NN1ngPM+L8F/A7aD8HPgjmYObAmj UQdSTm/C4Zl7XqyHR13i3uJI9XPa4lys7B8RwY6MOJIDOy3UMiFhRlw/G9m0WNLF JLlsbQPr5so/WqKln7bDaMBJLdRyMv1o8yR+5hSBqwu1rnsIBv8EDWwiIAmBYmzw MOkNdi+N3gaK+5q5pwQM5rJmN4/pWNzb0kWOH8Is/ZuYIAie1mjYFUngG0Ef49b/ Hsq5Se4cShDvl/WZDYWuyyy4azbjI00ukWXbj81/c7jw0lwzosthtV0piEJO2oQh 3ymplyXXtPQedQ1nwgOHBx4eb3dSsYRAj71Blbf9BLD8UdndywA= =VMwp -END PGP SIGNATURE-
[SECURITY] [DSA 5538-1] thunderbird security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5538-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff October 27, 2023 https://www.debian.org/security/faq - - Package: thunderbird CVE ID : CVE-2023-5721 CVE-2023-5724 CVE-2023-5725 CVE-2023-5728 CVE-2023-5730 CVE-2023-5732 Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code. For the oldstable distribution (bullseye), these problems have been fixed in version 1:115.4.1-1~deb11u1. For the stable distribution (bookworm), these problems have been fixed in version 1:115.4.1-1~deb12u1. We recommend that you upgrade your thunderbird packages. For the detailed security status of thunderbird please refer to its security tracker page at: https://security-tracker.debian.org/tracker/thunderbird Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmU8/MIACgkQEMKTtsN8 TjYydw/5AYVlXQCfZjiLfnVEk+KVVib53rJGc+eR3QtpcpzO6l73fPgRKWbBylM1 GEwu8ua6NxQ8rk2SEfA9QFwRj3EE3OBVIDOMNA7RO+UNWYqHtYYHZiif73q/7Y12 k3gvdKpAZny67bFYSSTxu1Y0yTGmZu0HdIbIc46pfu6kdqJFvqabskEDRZ+IKKOD dLdbJ48xY5GjmLaqJ4YX0Mm8x9CO9ILrCjkqjnwz+D/5Tpafue3+tQscJ276eMbw qCGlEctLX5HywcpL3W5mSWnLwZZpoOjYdTKyJDW+hTMNTFUqsuoZDylbqiUdxBjU ZRenTXMjKOCFATjD3vkJHF6eGZzYIhE92fTmlBeF+j40xbGXW7nq+F4XLl7gtziC YzbGxXgG4tvChrt56iMaixt80axt5wVosc2mx+7m+u6aD+ulNKHh0bKP6dchEATY stomlKurwR45IyrBdq7EhppUkObV3tpUm7b6h/3LK2wbI2OUwl2lz8wRNXNct04Z 75LfgyYQE/Mkcffay3IL1Ej7qBq7u8URxmvYXJ9OO148ihJTCdv7qYI9w/ltSB9s gW76DXOoW+9t6RSCP7ftCsx2QEW5sdq0V4tTptIlEuAFJ29ORoQ1xDyc4bQlvqWn lLO1vbZmk2iZfEzg6JYX9ceG6AL4HY8sHDe1TlcUEOyVsB89obg= =IfPw -END PGP SIGNATURE-
[SECURITY] [DSA 5537-1] openjdk-11 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5537-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff October 27, 2023 https://www.debian.org/security/faq - - Package: openjdk-11 CVE ID : CVE-2023-22067 CVE-2023-22081 Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in bypass of sandbox restrictions or denial of service. For the oldstable distribution (bullseye), these problems have been fixed in version 11.0.21+9-1~deb11u1. We recommend that you upgrade your openjdk-11 packages. For the detailed security status of openjdk-11 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/openjdk-11 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmU74DgACgkQEMKTtsN8 Tjbrug/+K+/T0ydiyOhIQ/4s4rrQr2YBx0miVGaBTFjuAEw/YduTbIT4eLsJsWOZ eQ2dg2ZkIFtW1Ngs7QUaA7WgAjgAu7tnW90rZYFiQalcxPlwAmnSWZSYM9SSaW9p /AHARm8uSQ0YKjlnskCEDVXODVggzOQLpvVF2oA8MA+1Rtb6hnl1W4u+IDXvhXCZ zniKheuAe/G9iz0nY8wHgEVNfIc1KO+MKFyD8Z655kH8qgGuMcyORGYDFDX4l6lu orc/dA15dr90pokg0TD/2L2dIbkEsj0zOePzU6yZsYTBgQ878Y8gdJnCirpSS/Za CKWAOSX+fARW+wVUsscvpUh/TcDyHEKh8EjA05ahaiqp6/gvScz8H9rbebYw32gl FEu89JMgfDLAI137YLqkfOWhLIKvCzZ+u+drpg7Hf0yjDU0dPWWzc0KHd/asClDx yec5N5zlDCI7eGvY2zxH0TsGqiyed2GVTPi1TR3FWRRvlCC1uKiZF9vdmQZTubDz qpjR7gGbVIyGfn6lYDOxqhOTq7ftoJ3+BjCBxuaxZmHBtw2QzQCb8pJalQj1D2Ig qsMBAt92pdD+3DyXjEYnFHNRr330uDiVg2ZeadatRkm+VwiI+pJGwkl+1Xrom1Mg 2SQkeNtiY5IO3lGAjIhU8b0TkbrgdMoM3j0zI4dQkX8+BRV5YKM= =UEly -END PGP SIGNATURE-
[SECURITY] [DSA 5535-1] firefox-esr security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5535-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff October 25, 2023 https://www.debian.org/security/faq - - Package: firefox-esr CVE ID : CVE-2023-5721 CVE-2023-5724 CVE-2023-5725 CVE-2023-5728 CVE-2023-5730 CVE-2023-5732 Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, clickjacking, spoofing or information leaks. For the oldstable distribution (bullseye), these problems have been fixed in version 115.4.0esr-1~deb11u1. For the stable distribution (bookworm), these problems have been fixed in version 115.4.0esr-1~deb12u1. We recommend that you upgrade your firefox-esr packages. For the detailed security status of firefox-esr please refer to its security tracker page at: https://security-tracker.debian.org/tracker/firefox-esr Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmU5Z1kACgkQEMKTtsN8 TjadIw//WpIFeCszG20DdDXl0HDi9sjn9bctL0ff5buoeWGMx3JHJa2D9vauwDLx nZFzPMfrr8W8ZUZpvFxl1u0n+n9BAfIkPMsjURbDZu6+wembDeVB8d5B2KH667UX hIHeaiEBrkT3wH0alq6HpkaoYkTipfkyerEIcKp2s0AB9L4qpr7RvGaCuyTTzR4F m4UUCEja1aAFcywlLwDlyNJksNqHfU+LMeLIDIx/FjrT07C7fEB0KCcNNHRXYyEh MLDfmxUkrR/QIopQfsXohLDkodzU+K2J7rpjkgk5StbhLVnh3DVkANpALthySM65 iovuDUXCoD7kCpIjshYxYtRioLYtiilRIVudOZ3uU/9TYN7sDXvFiN3OS1gOYk8a MIzHZHLKcp17VBHGP3z7tRlO5p5r/79jFq2aPuY++rIOCrf/rYMnykukgDEx2i6R 8bpEfen1P5c7qbPWHqTAxo1EdDmSHGiDpxuhQ4ql+G3xDREoQgaFHWv6IwyBdcGt eMNHSj++gy+p9Hcfh84ynzgpoHcl1tbpVeHw/356sKgJRbsIfYZapk3IPEvziWPt GBsZzMqVxxq4cM8yietTi8YXB83Xtutbf5QPUgPmCaHKW7icFI3zkcbhjqxO1GHJ T06MsvqLnv8WtDQBPV42NcksVn6ccW0Ydrc+1JyJ2xwF8YpZaN8= =DQzK -END PGP SIGNATURE-
[SECURITY] [DSA 5529-1] slurm-wlm security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5529-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff October 17, 2023 https://www.debian.org/security/faq - - Package: slurm-wlm CVE ID : CVE-2023-41914 Francois Diakhate discovered that several race conditions in file processing of the Simple Linux Utility for Resource Management (SLURM), a cluster resource management and job scheduling system, could result in denial of service by overwriting arbitrary files. For the stable distribution (bookworm), this problem has been fixed in version 22.05.8-4+deb12u1. In addition slurm-wlm-contrib also needed to be patched in version 22.05.8-4+deb12u1. We recommend that you upgrade your slurm-wlm packages. For the detailed security status of slurm-wlm please refer to its security tracker page at: https://security-tracker.debian.org/tracker/slurm-wlm Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmUu09cACgkQEMKTtsN8 TjYLvQ/+PoZsG4d9hYxJ7I1DEI3/bnTmuMdEUOpUXi65QQ/1KPNTfDFzH71QqXwQ IW30N5LG/rXk7/fsWSwlQswr6QEAisDZgUMgWzpSkpkBGF66ERjcDeFlddv8eyXp tfXX4eXax08otqLD5ToD8zP2c29eqxEFGR+wNJ6oQMtEUv/yOz5uK4hOtTMKjUcz oHPlcju4TL63zNivoTj8KqHy3Arr6OVF1I7ZXXZEWUls85nCyUUS2Rihrn9gGJ/O Da9bJrngEH57G5VjAgA9qVvm2a1B7CtEEaoaPJDtKlUnqCX3Va/1H3Gx4Eip9FS+ 9cT/UYU6PStFEratNp7wU33mUTlqAViyH+3oqcp4YF9L5iuySK1tbmgxuIJ8h2PF zW1HM7pY0V+/jF8ERWOqkrXwGSpDCYIDxjoOkrkdYbT3JHufQClDAnSlyhSJpBXX GYYwEc5a2ERibDz16zf/kiKcv5VrwsxoKi14EHSu1JK6rkiFw1YOopK0OZsvxpfN PQ26EK5iGQl119mZyNpQ2xxnHnioFevamIDxNiLAsjLB/fzYNDK/m2NUwVIAU3/z Up0YDFcGR9EMp9J+6xk1nGkyPDzT7V8/TPCg/eBCZUbrQBKOOgc4YIT1R2qBXpp3 WmBg4KrAbj+TYh8Jwa99jYcP3+Ld3XsYhwswPgh3KPNy+xkUG0M= =gGoL -END PGP SIGNATURE-
[SECURITY] [DSA 5528-1] node-babel7 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5528-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff October 16, 2023 https://www.debian.org/security/faq - - Package: node-babel7 CVE ID : CVE-2023-45133 Debian Bug : 1053880 William Khem-Marquez discovered that using malicious plugins for the the Babel JavaScript compiler could result in arbitrary code execution during compilation For the oldstable distribution (bullseye), this problem has been fixed in version 7.12.12+~cs150.141.84-6+deb11u1. For the stable distribution (bookworm), this problem has been fixed in version 7.20.15+ds1+~cs214.269.168-3+deb12u1. We recommend that you upgrade your node-babel7 packages. For the detailed security status of node-babel7 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/node-babel7 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmUtbwUACgkQEMKTtsN8 TjYapA//Vuqb5K/bR0A/QrHahZ4kkNNHN/5ooZA+AWdb0wh2yMhEnRsBRn4dCR6y ZloOzHKq2GUFSFyQzOs3IdNKAiT4wfXsAHe1pOO/pH+cbJvKREHYKU3gq7oKlvih MZnAtXi4CsF2W+qnIUyOsF4q2JbcE5KYdK6zej7R+nu2IlSfddMoSbz/ogkmw64S doMM9KeAWNl53UM0pmOH38n7k3n3W4WI3xJq87tzB0l2QJEghNWB2UuqdnsSCxiU UBhrSAzIPGsvrq317e3sVmDtJcJKmTbKg38qwsojDF2fUyIWtn4VCJwsYG+yuGA4 xousmIcKBheDoDmPBSU0uTxm4YxCtlVjAX664wKuCVrMWtCkII5xG4QQ+klpDjP+ 12zMiJY5+CrE+29Jfk4zYnIuu4wdp8pa0QVR4DStaxj9AHAZtlFBkz2BIbK6917G 127QpuG+NaVHMWBkDDr5+DZOpzN4jIuRW+fM6oOtFzAWkzy5Hd7KdMVsUJGA4GFs ywfkRTnJC7DSsH+gVCzso/5hXn7q4LM5628A05X4+KAzQoc+wJT6p9o/VBGs7OcB /9nQF/AYSd2ISxF03ruZ+arHA/A8RWq0mxKY8jTGdJON2omKw5lmoZdQ2RYplVfH TZilImDfbdzCRRJwCnS9qqYb8p1ydM0WB4Jz21ZEI3jmEe/OyIE= =c0aQ -END PGP SIGNATURE-
[SECURITY] [DSA 5526-1] chromium security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5526-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff October 12, 2023 https://www.debian.org/security/faq - - Package: chromium CVE ID : CVE-2023-5218 CVE-2023-5473 CVE-2023-5474 CVE-2023-5475 CVE-2023-5476 CVE-2023-5477 CVE-2023-5478 CVE-2023-5479 CVE-2023-5481 CVE-2023-5483 CVE-2023-5484 CVE-2023-5485 CVE-2023-5486 CVE-2023-5487 Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure. For the oldstable distribution (bullseye) the updates need an additional toolchain update. When completed, fixes will be made available as 118.0.5993.70-1~deb11u1. For the stable distribution (bookworm), these problems have been fixed in version 118.0.5993.70-1~deb12u1. We recommend that you upgrade your chromium packages. For the detailed security status of chromium please refer to its security tracker page at: https://security-tracker.debian.org/tracker/chromium Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmUoLQkACgkQEMKTtsN8 TjbT1w//SZOz5ggSz+pko8nfcD8AFJ7C1s4z145zm5I7fK/7rrISgq3VGcV/iZEw KhVz9CNCuDsyEW1sL9pB7piGdS4jBIvoQQ3Eu197ReS+Ln/l9wDj6xftGafGX3ve ypRVROQF1RUn0P0mevGkLVh3ECcFFEA4eIST+6IDWqOG/rZbPy1hxui+n8RgEQ8M D6hMZuJw4gB+LSB/Xf8zeguqbLfqizz3Z+N158c4pYXbwqlwEzmU7bJxuh/3zokz o9Ze+Y7H0KzKDADHY2U3DH0OGv5gW5aDZ+x2ozPpXzA+iD8JLj7JV+oilOQuD7YU jRi0L+hMDjaHIVFWgZVn9yLAKXNZPRQ+H52ZeWr2Pxl7HzJr18FroXG3Vp7XZgsB 2nOt5/Ko/7K7LbjnCMhUWzqMwq93uH9IQRgnKiHK8lAJw8hG8siCbNiIYhLlvUJ8 F1l7WijdSjpu3E5jRTHTYrHJCjXC8v/M+1p5b0IPzBG98GzZzNMibmzSGy11PITL /fMZpMU2ngyOI1OeXAG0gJM7r0NkiUOliThR7cLXiIfaHReVA5BzKfUR3HqtECzz qu8MeoLoohqJ9NILpz5FzXkEm89wuT93G6GwUraUD9tOLnn4+v7uI+bOTh83CRuh fYmHSIJTzmB1ULZuxfBl9MZ8zLFJhlmFvp/E5Rzik3+AchnEH8U= =HjjW -END PGP SIGNATURE-
[SECURITY] [DSA 5525-1] samba security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5525-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff October 11, 2023 https://www.debian.org/security/faq - - Package: samba CVE ID : CVE-2023-3961 CVE-2023-4091 CVE-2023-4154 CVE-2023-42669 CVE-2023-42670 Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix, which might result in denial of service, information disclosure or privilege escalation. For the stable distribution (bookworm), these problems have been fixed in version 2:4.17.12+dfsg-0+deb12u1. We recommend that you upgrade your samba packages. For the detailed security status of samba please refer to its security tracker page at: https://security-tracker.debian.org/tracker/samba Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmUm5ZQACgkQEMKTtsN8 TjbcbRAAqOaI9Jxx/E7BqJBYFkbXikQJp/EIGs79DXeeR/iPdElJVSPgEe6FdJh4 rpQlYQM8cHq/satLr0/6nLLBAAEg8QKuibBI2qQXnHBKeY2U5NRjOo0IGDEJYfQX DxGtt/A11LGmx5tZTOMkMPtAr6wqwcVu0dBLNwD5V1FIV1iynoDwjxOVAYJSlpBh fwfwAF70SMByQI81+4L4oRqHQIfgrQEppguFBIrjJp038teTRaDA4KWwBATexdwi EwdyppYelMJX57BxW4TBIaEwup2LX37Dt+d52xD4NtTEX5+bauygZIFrV7KAFOi/ 3gMcCmFwHVe13vxCz8Idy+OQSUpAXUIHbi0bEr4w0ahF0N6+A5E/SC196X4/YL1x T+92RVviiRO6X5QZZ1ye6gPdlUiB+2shRtSkHL4ymYFvlhPEkDKSSHHzN+VVm05W yJD4vK+sfrgW5UPDoi+feuIVkr79n2VLJNhkl7RcphGMd2n6580UjpoIW65HrtwE YwxPJWJWq6w1tFj2D+PuIrNeGFAaBHy64slNym6aHNwiN8M2NpZm/5YnlFz5cS5P S1W3l8bLDwdH4jOzuiafQdVIiMF+sr3RSWklPSXZsWLjLj2RS1KYfuAtcgZPrTfe YuKGJkQ5xPeIvTni8MhTCNt6QDG8G+SU1y6vKDdegK25ih4No/w= =OHBQ -END PGP SIGNATURE-
[SECURITY] [DSA 5524-1] libcue security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5524-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff October 11, 2023 https://www.debian.org/security/faq - - Package: libcue CVE ID : CVE-2023-43641 Kevin Backhouse discovered an out-of-bounds array access in Libcue, a library for parsing CD metadata, which could result in the execution of arbitrary code. For the oldstable distribution (bullseye), this problem has been fixed in version 2.2.1-3+deb11u1. For the stable distribution (bookworm), this problem has been fixed in version 2.2.1-4+deb12u1. We recommend that you upgrade your libcue packages. For the detailed security status of libcue please refer to its security tracker page at: https://security-tracker.debian.org/tracker/libcue Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmUm5a4ACgkQEMKTtsN8 TjbTjQ//USLpGR9QpAIp6HVz5CUfOOYS3SabPbdNIxIxFj7B175rHH+7ZwFcu1Ox 2D2AIS7jOEaMoD6H5ixmk01jG9pe1puF660Fx7f9tZkmyGhJMdHF6UmG76B/vGNm FZToXeIYFvQu54iGUSYgl99r8kQIeRPIF3AImgQnShVSSJDBBDgOqr0pWfMLoHiV 5M2v2U4RQmpjw7IKXNr5gcS7mTt/Kyhba8x2WzPcG8SMew5/8/TRjxU1b+DH58Es FoJ1Ou9p2oFcYJpuEklcfilW04kEyDJ5JVyj8AOXkfuwECVehH4iOofAJdKcb/ZX 2KvUdZZh+niWet59ZleJ4nvJedtAjJcFkLa9NEyfJewOkZB/FBq7vMNv+aVQqhRA REoFnA0mIRaupFSbS8wYCEDL9mavBFMv8nv/5mQ1AyDrC/pk3QcNf0qnOsJFPMAK /lBxC3775CWN0tIVFtBhxX8bsdquYQlBUzzG8cr3usLYvT1OwK07nVj+SDKRimTu GeRuBZGa08GZ7cjrlXvqLNBHWISaRgX7BjY53rDVKhg3qLJJ3xj9KneN2JJkkat8 /xGXBpNkiU23D33YTFYA5CRXzAJO/T6MMHAzmqDIZ9e79oRG8WazOwUCLjCLfCgh LY4brLsT86IwYCrlw9SxyfDXZelFO8xa+vkhUl/68os95udZ0NU= =zzmh -END PGP SIGNATURE-
[SECURITY] [DSA 5523-1] curl security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5523-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff October 11, 2023 https://www.debian.org/security/faq - - Package: curl CVE ID : CVE-2023-38545 CVE-2023-38546 Two security issues were found in Curl, an easy-to-use client-side URL transfer library and command line tool: CVE-2023-38545 Jay Satiro discovered a buffer overflow in the SOCKS5 proxy handshake. CVE-2023-38546 It was discovered that under some circumstances libcurl was susceptible to cookie injection. For the oldstable distribution (bullseye), these problems have been fixed in version 7.74.0-1.3+deb11u10. For the stable distribution (bookworm), these problems have been fixed in version 7.88.1-10+deb12u4. We recommend that you upgrade your curl packages. For the detailed security status of curl please refer to its security tracker page at: https://security-tracker.debian.org/tracker/curl Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmUmR4AACgkQEMKTtsN8 TjbtKBAAtJ6fPT/1ZwS+elK/8gzKI3xJFgfS6k/F5o5go30i82fFGK8k7aZNzTrw NQAPQ+DdWN4Nvm65qHXf8ME6jSNpnfmSSJ7k/RWVet8BJ3gMxOyBUOqAzK8CP5y1 xW4Dnma3+EfA4g+f0fiJ8d5xTie29P+uo7qvKeUg1eCAbsUhoEortvkOtKSm/9wh hHq6h12LXFrDArEuOzKJZk58bo9xeMe/1BV3YdGh63lrRsz/RR/zFd51OLqn5Dgl eJRGwHe7pXIbaCI3mncEa0y6PHQMCZWrKdQxQC5BL4Ggut+Y2nVRMexZKzLD83Rl nrrD8LknLAr9QSNBjoMdf1s1rR7vboKNxYFtXcGf6nqFECQuSL4VihbJMIltUzpc LE4ppZxmrOs0Q78SFP+Xq5w1zMHg+2NIRx7EHDaGObvv4t3l/PoOXWI81wPxioKa zzxLAEVDI2Sfc6Qw/a1GmiIkEbEjhCW+LBUeOhLEfzd56W/7enCGrRFzrS6hKsbz Ibp2lPt6755ixpFsJ8PsVTEZ8C9jV41n8tL06BEG8+wSAc+1cHMJQ+0ceQxuXiTF Lrorm4rKgx76o8naAG+wPeg3rUawadAkhQzyUXKC1HqEDqcdIJhM+GL4qNI+ErPr E2w1K1Qo0g+1CUcYHdNTP6O3IklUwBiyJJeSn5q/AWZYH8aKdKc= =+znC -END PGP SIGNATURE-
[SECURITY] [DSA 5520-1] mediawiki security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5520-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff October 10, 2023 https://www.debian.org/security/faq - - Package: mediawiki CVE ID : CVE-2023-3550 CVE-2023-45359 CVE-2023-45360 CVE-2023-45361 CVE-2023-45362 CVE-2023-45363 CVE-2023-45364 Multiple security issues were discovered in MediaWiki, a website engine for collaborative work, which could result in cross-site scripting, denial of service or information disclosure For the oldstable distribution (bullseye), these problems have been fixed in version 1:1.35.13-1~deb11u1. For the stable distribution (bookworm), these problems have been fixed in version 1:1.39.5-1~deb12u1. We recommend that you upgrade your mediawiki packages. For the detailed security status of mediawiki please refer to its security tracker page at: https://security-tracker.debian.org/tracker/mediawiki Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmUlpMAACgkQEMKTtsN8 TjYoOA//bCjltcLtXiq3v62Fmsi3nzMDOhxYvLip6E4lzp3qxP7/UzjbSDycdRjV r9oy77BkYZSAGNrf1zuHP7NLnKy8WwtBslQeFpBsUncbOr/0oc/xZFZWSEqlthjp 9duWZFp8G+idAfAKRT2NIeNRC6posp42/ZDgOsCUBqGD9A8zcS55fT1X6owc1ADd 8288iCMC7xA6oNJ2pePYXvdl3otMqxdhNUImQVJXhf850I5bL7LP+5IYr5e845jG T7Ulk8Kn4BgDvvZREqGEX1g49+1GK7Ri/9P+Ju50G4Y54JjIHMP2msF2c1QQF1A8 3fIeoQGPaFy8ApVLGkslxY39oh4yGtF5udo6pBzxtlvOwyaMG3xUpquqATbSVulK QuoiCun2N7fpLtt7P8yUDyjPG0XqJll74svScO9dsaIDkpvwbQ/KPKD0G/N5rnXu VrB9S4H1DttLJ7g03/gP4jDh/zww5sfzrH/pvAuzhNn4+jQ7j03FQ4tpEB18XXo2 tzJGpb/fQhTvwrDUCoWJFSMl3nAhzzHwDkamZ6lnY7kmHNIp5zI4ZUVElcRYj/1s 9HRFNpSZbdKrTAZnDlJEmQw2YHrCYM2Q+A2P5bEZuUBt43N9fMrVeynQImTalEA3 V7lWyklp9PynpxlwbNA5VzUipDBtt9sQ61ld9xRjoliyNrDx9bI= =ekTI -END PGP SIGNATURE-
[SECURITY] [DSA 5517-1] libx11 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5517-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff October 05, 2023 https://www.debian.org/security/faq - - Package: libx11 CVE ID : CVE-2023-43785 CVE-2023-43786 CVE-2023-43787 Multiple security vulnerabilities were discovered in libx11, the X11 client-side library, which may result in denial of service or the execution of arbitrary code. For the oldstable distribution (bullseye), these problems have been fixed in version 2:1.7.2-1+deb11u2. For the stable distribution (bookworm), these problems have been fixed in version 2:1.8.4-2+deb12u2. We recommend that you upgrade your libx11 packages. For the detailed security status of libx11 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/libx11 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmUe/SEACgkQEMKTtsN8 TjYVyw//XICOLb5ZAfQBjWuhJvJkM7SN1pjd2Iulvqz2sNgAzSninvda2n6458BB 41fs6J5dIkCIGVWJ2/4hwBXuMMc4HO7KTTs+BW9WGBJOwd7ZpwTpvxe07M+kOPt2 iqebM5dd5QO+ifh6AHTZ3amPliKfCCUcItYN1aMpolB5N/LJBdMa8j/ebU11pu5T GLreIskc+k4/lrJ/22Nr5SsGj0xTnXYrvBPcB6CX+aX7J1uWLyu6ZP5mBzmgjA+F I9SH5XGzQ3l2F29tp/xJUg9lwYp7Ij+vpNP/DWLo+QC2F5Q6II0ZG9wlEA1KiYR9 l2rf7OVhtBWkaUZoVTyaSX+isj0i1BCZgyic84y/vlfVODuwAMY6K7ggZS9J+Hmd YUvBLk8YTXFTfPZeQzglEw7U9Ia6fkV9dKeOHCrFlLelTz2umBmGfIT/WdOwSk5q czheJsayd9VhcxOExDoqRmhOhdslI5R0p2VMcr5N5qLzPaPnvhTWw3XeirlfKu1+ SeMVGbdXF3+iWIbPtXuqOUBOmxu48HfZ/6/WyondTGN9qpTPdUgdYpHeVielziT8 WYo4q88zyaDMYIEj3Jpo+/9QHD+c60VBjumebW8F3Shat/Xq0qOWHWI4u3J5ZOXN XJTfVGEGgtWxancMQeQxu4oejxyO8zAVbo47uDs3juuUw3kJ58Y= =YNpi -END PGP SIGNATURE-
[SECURITY] [DSA 5516-1] libxpm security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5516-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff October 05, 2023 https://www.debian.org/security/faq - - Package: libxpm CVE ID : CVE-2023-43788 CVE-2023-43789 Multiple security vulnerabilities were discovered in libxpm, the X11 pixmap library, which may result in denial of service or the execution of arbitrary code. For the oldstable distribution (bullseye), these problems have been fixed in version 1:3.5.12-1.1+deb11u1. For the stable distribution (bookworm), these problems have been fixed in version 1:3.5.12-1.1+deb12u1. We recommend that you upgrade your libxpm packages. For the detailed security status of libxpm please refer to its security tracker page at: https://security-tracker.debian.org/tracker/libxpm Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmUe/VYACgkQEMKTtsN8 TjZ6fw/8DuvSCC62gLDWFxk+u7E0Jw4jJkd+I3LBarfScOGNp5H9DCJhynjmyIYM 9LT2MFWja+QOXEbJWva9G+nUSI/E34+1EgAX8oo4jOVuHJzIFApXvEeYKE5zuEKB bIAXJgtgoDn44l8YbC8Np9LhbjlyJdIkLWpkl8kLQ5DXcZXrKensGnnSYjGZqvIP tC4n/gwFfyrBVGd77yd/y6r38aUd5drJyLfiTDmR75fNz1yLjd51anlP1pBdy8fs xgTJW3T2SEh6iHFIu3EvroJTFz9WrOW1z3RyTMhkkIFzAiKW3aCiWqE0AP6okBMM Pw/QWCIiQrlLGRtStgfL5N+dTa1XWdDkR9EDjtszigXYnxNkqdHzA+R8NkXZorX4 r5R2Thltqd3Et3Jy1DsttU4PfALjcAH2qlGZ9xJBOisREz96XKCSQVMi7gDbZW5l 9vMeXQq15sAHH+HquGjONrS10JpgfE0Jvuff0+10vJskZxBPOBNnNlxMz6NWVrZh cTe7hmOJm//Cdxiy582IkIMNn2IY5tRXPoDeYarAtTvcrDDE495XY8jDhZKgNE5P BqBXcpQnrAUl5L4S3PIUJYF+r9Wnyf46OmwMLH3mR5zf7TgpwAlaRLONBPTK72JT LklBbYTz6coBYrEGGGdwVuRlPjU+zifY3fwGTm5zXd6MLCfXx1U= =nUCe -END PGP SIGNATURE-
[SECURITY] [DSA 5515-1] chromium security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5515-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff October 04, 2023 https://www.debian.org/security/faq - - Package: chromium CVE ID : CVE-2023-5346 A security issue was discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure. For the oldstable distribution (bullseye), this problem has been fixed in version 117.0.5938.149-1~deb11u1. For the stable distribution (bookworm), this problem has been fixed in version 117.0.5938.149-1~deb12u1. We recommend that you upgrade your chromium packages. For the detailed security status of chromium please refer to its security tracker page at: https://security-tracker.debian.org/tracker/chromium Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmUdr/sACgkQEMKTtsN8 TjYWYQ/9EgGVg8+3uma9IEAt2ISwgRTSNL9Ud/ul/3L9Hfo1CVBKLyyb/hgnKuMc BgTSD/qmtcxEGLHuBLY7R+fxoWkDEAyQLsPQcT7lYWNcV3/N9Kxf5JIaNCUx+44B 7+nMgD1tw1h8Bob+VdcPdrRQofn8FL3lAj0cyfzveJHImEL/2VG3R0T1eb46pUT/ paeTvO2jYNdtPH9xB8VvDquQ1igBUx8EjYo+rn6LEsztfke/mwA0NPi2OhAwTcj7 KQxatB1pfkyDza+fTUuLRGKX2JfCPb8pbKfMJIsNCzHykjzcAbxGXkutjYwpocjL MZcaXs74WCqUfQqOjNdmPZav5uMynJAyiqhh0pBEBwPjd3BISpm0aXJ+hWzR4N2/ Zp4q0t+ISQv52EHaF2GMKTnFnpz4wS+6j4oXcccr8AVLEWwRe5o+YdiOT8FB0aHR GtK5n1smXpqjJXz3RnfiODC3PfhCrassPT9KBYsGxIrbMVDi8YGr6DC6oIe9v82D buKviNvPTrhisxmREw1uSGrDEJ1ZMlvSxCy8tFE5SAOvVXD2t/8300NJRxSYSTgW 3aXHiB4BWWuuIH1B+5Uj+v/rS2wPV1ZftmFHXgzAL95Hu8va2VtU0bL+dQhvQ5i2 Tpp5zWPNTcRvxHKLyCQyOJIIB+Ukrbe1ltu76mHJj+aJVjBa45E= =iaPP -END PGP SIGNATURE-
[SECURITY] [DSA 5513-1] thunderbird security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5513-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff October 03, 2023 https://www.debian.org/security/faq - - Package: thunderbird CVE ID : CVE-2023-5176 CVE-2023-5171 CVE-2023-5169 Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code. Debian follows the Thunderbird upstream releases. Support for the 102.x series has ended, so starting with this update we're now following the 115.x series. For the oldstable distribution (bullseye), this problem has been fixed in version 1:115.3.1-1~deb11u1. For the stable distribution (bookworm), this problem has been fixed in version 1:115.3.1-1~deb12u1. We recommend that you upgrade your thunderbird packages. For the detailed security status of thunderbird please refer to its security tracker page at: https://security-tracker.debian.org/tracker/thunderbird Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmUcNcoACgkQEMKTtsN8 TjZmHhAAr7ya5dB5IymhUm/RIfS9vESvPBNTvOLSbVZEaJuYsnSUNQavKF5s1p0K e2235Y2J9HJ/Dlq8QG/hp5V1dalCpMwhnUJXwjpYfRtDcYB9vCVCyi2vSmo74Ob/ o27DqrMaR8wXUlanNsKUk2fIeNE0ilaiFxDyjLkdXRKYfj4cDdGXdvZ9XP7h+mBY kSF/o+4nHf7CizPBXQEGjIftbISMlttKTyXNHlTmBb1Kv2ky+pBq/EkJcQYsp9Ww lxGi68gUQm+vGMpDyDPK6yLwTGF92KXXn9zuBwKEBdqxl3riden7m1vCKGoUeWhB /kr/h44/UHF3iyETu9uumyT9v3GRo2Gn7lO0SPhzlqZc0IttPa9WVcI2InzccBWF pJKsEnHp3ykVj7+mLoHLdMTDdLqBbib8Obw6lXsRKw5iydvPhd40Rvkn3G8sACzN 1Lg0McMsmEbW0DlqP7F/ieD6nvtAoMbLsIuD+9N5mhtMWBb2jcxOHGKpnZtisa9q hio1T8zv6wNIo8QNstmt0LOBvUa/islf2UF7wh1VNIsSwgQ1E7NLx5sJXzjBj52u hb9OUsCJt3knBDhyOYtrxSeXMrcCpZCNY4LuFg0fKbFv2wHwpaAXoT0e4qXLxLYF /WRvTWw1lPlXQtT7XY3UhQNiNDHhlYN0gZLgRpiCFzOnFhWs3mM= =CP7k -END PGP SIGNATURE-
[SECURITY] [DSA 5509-1] firefox-esr security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5509-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff September 29, 2023https://www.debian.org/security/faq - - Package: firefox-esr CVE ID : CVE-2023-5217 A buffer overflow in VP8 media stream processing has been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code. For the oldstable distribution (bullseye), this problem has been fixed in version 115.3.1esr-1~deb11u1. For the stable distribution (bookworm), this problem will be fixed via the libvpx source package, Firefox ESR in Bookworm links dynamically against libvpx. We recommend that you upgrade your firefox-esr packages. For the detailed security status of firefox-esr please refer to its security tracker page at: https://security-tracker.debian.org/tracker/firefox-esr Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmUXDYAACgkQEMKTtsN8 TjbJSRAAsv7xfSOoUGua0jPwrm84IUtEhshl1L3KhatogD2HbIIVZzDOBjcpR4oQ wXGtLUjJJTnwZPwey9tNQQAzIBtPA+u/0Eow2eeUyqtUSEIqBUImdMH6m8GYqQ+Z uGdyvSa+IvbffJqPf4LzzCIZoxo9qQyz6F6K0xQ6c0kv2CCRYpDQHAgP4/E/VNfd OGhoTYhgRinAjeVY/I91hxfYm4783EMoc7L7vXgjOWxXNiPllmAIddCKlIdtgW02 fq0lsqOljRfPYsAbc9xe1aVZlCVi+6nJj/jDxhqENn4XLAVJYdZr6W8hevQLADGu wzrTyACeusDaSHdW64X15TDnY8z5wOP/Vj4T9CpRhkQ396fn1eq+x4HF/iUim4of pDBtb1xa/jAT+OuejqATdku8XvNzZ4l6KkJ7PuotMHvIXxsduNtesPmPUvFWeprC umojh6SbVhlf8YnM6c0c6spMyp3nKqHS59vDkzhKYbz50eFnNw0/q3OvZHndXZOi EjMxCR2GcElaejC8MAei4NuZm57VM5sfSqAUOCOZ1RJNRwsP6HkohmKNfklryjDj BMNudjRuPjVYX6d3Qoi1krDszjvRa+ui6ZljoKrKQFLg2SDEhbxt9akey/ZBr1lq EYNj6QubPNMlkVHYySVcv+IsEK2yww2S9CmCifLrKbNeOoE9o6I= =CrEb -END PGP SIGNATURE-