[SECURITY] [DLA 3445-1] cpio security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3445-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk June 04, 2023 https://wiki.debian.org/LTS - - Package: cpio Version: 2.12+dfsg-9+deb10u1 CVE ID : CVE-2019-14866 CVE-2021-38185 Debian Bug : 941412 992045 Two vulnerabilities were fixed in GNU cpio, a program to manage archives of files. CVE-2019-14866 Improper validation of input files when generatingtar archives. CVE-2021-38185 Arbitrary code via crafted pattern file. For Debian 10 buster, these problems have been fixed in version 2.12+dfsg-9+deb10u1. We recommend that you upgrade your cpio packages. For the detailed security status of cpio please refer to its security tracker page at: https://security-tracker.debian.org/tracker/cpio Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmR88CIACgkQiNJCh6LY mLFEnw//dJUPmrc9TF3gc0O8DcOf7y1dre2POsQzNm3NVBFsewVro5EM61s3pQAE dt6k3wY5fxEzlu63ul8/ADPhKDWFhmOY2lUznxG9svjC/yVFFeFQXPLc/PAyqsrm DezOIsi/WCCCtOLjrdeRera19urF9/lc70ANdIEgN4MmH1YG2tOk/c2Jd3SQMHpF 8RzYcPCCQB3+7YcMtei++WSxNaFT8ELWxIE6B6rDnpTps3whFQhDAfkNWmId+yUG 6UB6fO0HsqY3oRyEx4oatpYM+ua9xPDf6ydV3mIbOwV6TgcwjglVgeoP08Rzpwto w7dNQoM9WKrzPxXgB8hiRXzPPW70/vtQ7kd+J1ygDVhSl4QXEtPoTyva5eXb4KMR WWAbi0uG7nznI6iJ0Z/3egS3yY5Jh7s+BH14t74wnZ8zVp6HCO16Lpyyo48F30em CkBXxbpfzBFdRv1anK0GdIcB/Kt2poPYiCjZxvlyzvwMYwJfVnKEH5hwekbvxrnc EEEHiDRU2vIZs5vHikYQDWenTRqX7XnuzIvFJYV/lYKvtwPuUZS4cC+F1a3SDSZV OKmiCr+GLtjbngYQUZKasibYd3a6ePH89loOWA9e/jbkG2LpJwhy7e74SqrGsVLS qHzOeW5su6Nn+ETBIoZ6CRrsF5p5ZprAjofnOkS0lRjFh/pXw8c= =j8tT -END PGP SIGNATURE-
[SECURITY] [DLA 3444-1] mariadb-10.3 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3444-1debian-...@lists.debian.org https://www.debian.org/lts/security/Otto Kekäläinen June 03, 2023 https://wiki.debian.org/LTS - - Package: mariadb-10.3 Version: 1:10.3.39-0+deb10u1 CVE ID : CVE-2022-47015 Debian Bug : 1034889 Latest MariaDB minor maintenance release 10.3.39 included a fix for the following security vulnerability: CVE-2022-47015 Spider storage engine vulnerable to Denial of Service For Debian 10 buster, this problem has been fixed in version 1:10.3.39-0+deb10u1. Additionally the backwards incompatible libmariadb API change has been reverted (Closes: #1031773). We recommend that you upgrade your mariadb-10.3 packages. For the detailed security status of mariadb-10.3 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/mariadb-10.3 Note! According to https://mariadb.org/about/#maintenance-policy this was the last minor maintenance release for MariaDB 10.3 series. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEmbRSsR88dMO0U+RvvthEn87o2ogFAmR8NOwACgkQvthEn87o 2ojY8g/9EFfktd26pC/yrzWnXHCM+kDzHw1jdXKKgl89ndN/9cEXEh0Sj9okQkDU 9SniYtg/w4qcfdOxHu6k6bWfIyMtNPSS/kfk54PRTm+EEIowwOYLYGRTP1RjLNQL X9N+LzTRt34coiNnSjYPue08bJe4Qg8ugyMInqhXIvmZXc47jwl2frTFdbQzeWFH bL6GIOgbK4U5SgfLQwdPjluUF0XOxv8t2fJWvZfijicO9LgdfxKg+axiHnDJaqNx 3jb6C/HSdp+AGx0IQ2EN10Lv9XdTd6oldOCw7IGxVTeuhtP+pT4Nfbx3L/oFr3Iv IXYNJVNtMaLgQcFE8POY395U6cE+ZgSkyHqBwYtlZ5uFfsJqF/t2rWgUs+Bu39c0 Cd6OgSNsPhgorbVt4g6p2/f9pBtNAt0a8VoR8jJAidkdznWrKDDmvY4lK1ecikv8 OS8K596u6cByolu4hDcHF4z5MRk1GXI1wMuj6G1Q/aQdjH/0D01wx6caN/xtxy11 UZUSuhqj+Ynn6rcZiLuuRHr34X3LZrLZT2xbVRAShTw9/xickfQO59QLJE0fofWv XAXsTVBKZ3wB2j71Rz8Zt/XfCWdxMwI+Dd8T5n8AqiGPzjDdUOKS1U2ZKTVL4nf5 a7qGSDBl1st2nE05D5hoGdh+0/NIGgUyTTfQJN4KiqRKeOFSyJI= =wgVz -END PGP SIGNATURE-
[SECURITY] [DLA 3444-1] mariadb-10.3 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 From: Otto Kekäläinen To: debian-lts-announce@lists.debian.org Subject: [SECURITY] [DLA 3444-1] mariadb-10.3 security update - - Debian LTS Advisory DLA-3444-1debian-...@lists.debian.org https://www.debian.org/lts/security/Otto Kekäläinen June 03, 2023 https://wiki.debian.org/LTS - - Package: mariadb-10.3 Version: 1:10.3.39-0+deb10u1 CVE ID : CVE-2022-47015 Debian Bug : 1031773 Latest MariaDB minor maintenance release 10.3.39 included a fix for the following security vulnerability: CVE-2022-47015 Spider storage engine vulnerable to Denial of Service For Debian 10 buster, this problem has been fixed in version 1:10.3.39-0+deb10u1. Additionally the backwards incompatible libmariadb API change has been reverted (Closes: #1031773). We recommend that you upgrade your mariadb-10.3 packages. For the detailed security status of mariadb-10.3 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/mariadb-10.3 Note! According to https://mariadb.org/about/#maintenance-policy this was the last minor maintenance release for MariaDB 10.3 series. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEmbRSsR88dMO0U+RvvthEn87o2ogFAmR8Mn0ACgkQvthEn87o 2ogVHw//RhyuyqoTkBYxsgvLlYepDypfKKz4Y2/evmj3Ysw+hLBKc1DQ9sGLvaZs GlX5f9QXx5eWZfeZdPM2UeEng4BWHcE2TUsdJsApGnxEcZbfh4Nouhqm4ipSnzaD EOzjNfpnlHKpF7seHw0Nnrw32foBjyB+JWbbRTZ5junUN0ob1bYRE5QDo4Kf8oXS DccJJgpayGSn0f/vsfFBJznI5CCUGXkuwjgl79TPNdEV8FA6gklqbMsDFGBvefDg kOaCZD8uISoXT8lbxOHXllue4+G6PLKo4eOe8QlE2F1TKVpSZvhszHg7dpiiGVT4 mO+oS344eFMqjGpUHC1TsiNgs68kDEV3apDL9vs6774TNVQe5HcZnz4UmyI6s2FD sqmdONvTe/Q+KP50s3ViL6Xk/viOQZNJcQp1OIEJoEdPyMs9wnmYNp09OKd/dhKM jrjxq6FkvnCdM0JhB/Wj0nLA1XDRWvk4NOaCamp4BjJq2VZjeVl6O/3QSTam5U/v aZZjith2AJNj13W8keeV304fExBRJG8NbEpG7pbeRHTxsJ1lGGC4TLZghy+yPEyj F/9BJzVnuCS6gCwrIxMOZb9kPDxdkK3kp+sNj4NRN7pOVDfWqzsSHKJJzmlJlrT+ zgIXSlrOoYy2mrIznFD0JnxH6qtiCXpdjineA33f/Jg+1t649A8= =cG/2 -END PGP SIGNATURE-