[SECURITY] [DLA 2513-1] p11-kit security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-2513-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk January 04, 2021 https://wiki.debian.org/LTS - - Package: p11-kit Version: 0.23.3-2+deb9u1 CVE ID : CVE-2020-29361 CVE-2020-29362 Several memory safety issues affecting the RPC protocol were fixed in p11-kit, a library providing a way to load and enumerate PKCS#11 modules. CVE-2020-29361 Multiple integer overflows CVE-2020-29362 Heap-based buffer over-read For Debian 9 stretch, these problems have been fixed in version 0.23.3-2+deb9u1. We recommend that you upgrade your p11-kit packages. For the detailed security status of p11-kit please refer to its security tracker page at: https://security-tracker.debian.org/tracker/p11-kit Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAl/yvcAACgkQiNJCh6LY mLHQXQ//YDgTayEeMTasveCEOlR8dV4EougKZjLYohWCDGlFUVIWPVSqtumYfRUy DtpHbpKRaKYTv8Kd2+hKzYAvRCWoMM5zx6Bqam8w/LaOT140zeRqI1gAo4XTn9zk vyXczZaXnGbuaMbyIe4h3kZNfuyJDg3OGwOH3Ygb3UxKJIbsN1EiqD+/DfrtQws0 LakKLTwPjI6oO8ZxM9SCAUAB3QS/eKSnDxGrcElnzU3Mq7dRhiilIuD6DVWRlHmz 7ZWizhF0nCvr8agUnrygJwaBblckA9PghmTm0B7dP8GIK7nC2X/FofM1NWGJTnvG ORcKFqd4GInSuJ59KKs32FTN9GzhMPmEUWkv22bQkquktRBxi4b/5D0CoqRPJmfp m11nyzQhXQWe0fgpLCRhM2PFOT6g0esaMkSGXRYvEf0TF3zhbp3zC7XReg6oXUkd eX5393su0tURg2xIHTxtxv6B8xv1ins27mCLxkGL9a6BHQtleSvYV/80fFjU2Q6j izp3olcPBjJfyCUTxm90YujVo8xfB0AkXJHu3IQ23E9GmdLmKOtu3osZeYbNgvip 99WcxgmyYv1iuo8u7dj3TvZdKEuga4MWTufd+HVuuYtCLpvzOc7q1sZxBsjq8O9D dtoLFzZ4T2J0e08rWVk8lQeZSj45/Knp2oIkYJChgCAOYNiW/kI= =BZW4 -END PGP SIGNATURE-
[SECURITY] [DLA 2514-1] flac security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-2514-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk January 04, 2021 https://wiki.debian.org/LTS - - Package: flac Version: 1.3.2-2+deb9u1 CVE ID : CVE-2017-6888 CVE-2020-0499 Debian Bug : 897015 977764 Two vulnerabilities were fixed in flac, the library for the Free Lossless Audio Codec. CVE-2017-6888 Memory leak via a specially crafted FLAC file CVE-2020-0499 Out of bounds read due to a heap buffer overflow For Debian 9 stretch, these problems have been fixed in version 1.3.2-2+deb9u1. We recommend that you upgrade your flac packages. For the detailed security status of flac please refer to its security tracker page at: https://security-tracker.debian.org/tracker/flac Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAl/yvxQACgkQiNJCh6LY mLHBSQ//cODr3VnDq7p/H/g3KP3F4fzZBEhCGDsz79vklKvlIyod+YsELDoWixM1 Yt7VJRFdoeWL0D2Y6ftEocs6ttiSBnN5FHVDMroQUd+MG98/Cw4QvIWI0ZXvWYIn 5/dI78zNvVcCllpp2DolC9Ozjc0LgCha0o1cja5Pej3ybf5hSMFKdjvZp6L2Y5YO 68jWVoutY07wcTk1/q/AhxTB9RyYn6kpxUzGWNT0quqky93MaUf023R1eHXUsATv QCiBbfCTBLMRzF9ueSDL5xC9Pvo51ugSoJNKIc/6Vt/g9wKFlshodO38aN3+iEZj 0RdVqqR7BHsc0CPsk4gVIsvmLamFJDuZDw/Cwwl5djWlj2BgGpwGc0aw2fIkG28O yzNUck4Wwt9Tg261qot3LW29wgeKVryBhi6570XVRJT3HmJmAURib31zOSxr8Hfb hr1dmXd3uwmXg5cSsTwJ6ICBOJ/GhWCRefei9paRVGaNLsf1i6XRv1HNbcDYJTnH Vq2DYq3tbgQV7gwuEAo/nzY9AIlFlKgAWdA/BhZ74QV/+x1QKElA39VUBIlXChQe Oh1w/h07EP9+RISJ8gSsID0tLXIcX7aQADtGHAqKuOJZWbT5FcGZOmufxAkxm+eo y9GVJIhtHo3eDGxH2eNZO/XHE39kRY5llz6yhU67hPFjEEW5O5U= =KOLi -END PGP SIGNATURE-
[SECURITY] [DLA 2512-1] libhibernate3-java security update
- Debian LTS Advisory DLA-2512-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Markus Koschany January 03, 2021 https://wiki.debian.org/LTS - Package: libhibernate3-java Version: 3.6.10.Final-6+deb9u1 CVE ID : CVE-2020-25638 A flaw was found in hibernate-core. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. For Debian 9 stretch, this problem has been fixed in version 3.6.10.Final-6+deb9u1. We recommend that you upgrade your libhibernate3-java packages. For the detailed security status of libhibernate3-java please refer to its security tracker page at: https://security-tracker.debian.org/tracker/libhibernate3-java Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS signature.asc Description: This is a digitally signed message part