[SECURITY] [DLA 3494-1] ruby-doorkeeper security update

2023-07-12 Thread Chris Lamb 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

- -
Debian LTS Advisory DLA-3494-1debian-...@lists.debian.org
https://www.debian.org/lts/security/   Chris Lamb
July 12, 2023 https://wiki.debian.org/LTS
- -

Package: ruby-doorkeeper
Version: 4.4.2-1+deb10u1
CVE ID : CVE-2023-34246
Debian Bug : 1038950

It was discovered that there was an issue in ruby-doorkeeper, a
OAuth2 provider for Ruby on Rails applications. Doorkeeper
automatically processed authorization requests without user consent
for public clients that have been previously approved, but public
clients are inherently vulnerable to impersonation as their identity
cannot be assured.

For Debian 10 buster, this problem has been fixed in version
4.4.2-1+deb10u1.

We recommend that you upgrade your ruby-doorkeeper packages.

For the detailed security status of ruby-doorkeeper please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/ruby-doorkeeper

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmSuo3oACgkQHpU+J9Qx
Hlix3g//YOh1bGBfnpEeeijsJZpoc0FVLDQP+OcdXnScaZEgtuUTQyQmHShV2Tny
ywgo4YTBvZEl6n9ZNqRspRr3AZapOXnccuho2TqtwQw71UOYXCrvXVt0wDK7k1VW
NsRBsugiCfGqURnryF9DjCSX2Dt4q6pUQFcbq0sj+285nw1Tzpf8dBVYjV6slyGu
n1IdsUk6WfHAtXs4krfv4UVzHQqqbdWZ7suv3xsXlrVXuFz7dxk9eXoF5bwyhYKu
V+F+HdloLGXy6dc3tFgHX6sr/rk2ALPMh0XaWRUEeAVEwRYaz5WSg/nJp74a6JSZ
TO9azjeN9ZSDSRi139T1g79U1I3InXf6WWOfj1q6UvV3l16a7eM36UyIblBoNS81
PsLlPONBHprSZq0uorna42Er8uJWt6ZqyOg+PnMRIVHQFgbA58TOuXZzS71Eng1d
Vyvr/y1+VPG3oo5imejTqFPUc7QupCfJukTNMHwsjoWVqgUx0qJXO5VCpbztfY5f
JAcLTQZYRlJwEQ9k36SNNDO49rH+x6iG5mzpJYQnHN2kTId1FZx433XKlgywGxys
MH/2iM+JJyF2pWqolGIi0VELiKriVCxQ7cUKmNXSQ93pa95GmC/EPj1to4LvoPLX
Q/M1gPsJEhcinJQYDKCjzOr8kBBsRAfYPpAGLk2oc/i31aymhtM=
=P9Fv
-END PGP SIGNATURE-

[SECURITY] [DLA 3490-1] thunderbird security update

2023-07-12 Thread Emilio Pozuelo Monfort 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

- -
Debian LTS Advisory DLA-3490-1debian-...@lists.debian.org
https://www.debian.org/lts/security/   Emilio Pozuelo Monfort
July 11, 2023 https://wiki.debian.org/LTS
- -

Package: thunderbird
Version: 1:102.13.0-1~deb10u1
CVE ID : CVE-2023-37201 CVE-2023-37202 CVE-2023-37207 CVE-2023-37208
 CVE-2023-37211

Multiple security issues were discovered in Thunderbird, which could
result in denial of service or the execution of arbitrary code.

For Debian 10 buster, these problems have been fixed in version
1:102.13.0-1~deb10u1.

We recommend that you upgrade your thunderbird packages.

For the detailed security status of thunderbird please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/thunderbird

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAmStBFkACgkQnUbEiOQ2
gwIHIg//XA1EZbcftc8XtcMnbziXtT6HvoqFc9w2BN0zl5hYj6RTAgVd25Wfkw9Y
cECmh4TVIkrWeyd7C3vmf/j29qH4/VHgeajBQVpvSqGylfKCvRnvCRS3yjuVrJ+x
8zCroOesS8rOy8GWrTUPK/W18sQBGvHPKXrOUJeb1Wv4brldl7jJsQtI2dQcOxpp
4mxnwUg/D0JSfaTja2zXQIh1If6aMjISU5U2RQnjzCosBY58WYKSF+mFM/mAm/EP
946pFb/vwcixUr1GR9Z7Yhq4c732zzhjhLUUfXbPOp0CU/Vb2W5Jyc0N/oIiRmWr
MXqWhMRR85aQ0uYJZk7QIZO1dHcaKcqVsvtN2c4Y2DEeZ74w0SohnDhXCUBQWPFI
BNoUaTEJeBIt4J1Bup8at0Yzrc1LwHzYxqp2pNsu70z3BfFC68LOUmfCvSwd0N9b
WFwvRgdghVsyZGdeugliaCCmDtePeovhmJ5bJnBk7uw5WMFVZbB8ysaTzVu4AmU/
WJj6XuYIK5JP+au6oGfAoNw9Dqd7ztylpwZWxgNcpiNPffjf8g0eJyRJIiJ0xGyk
Ui3xdyCr4N0N74UQ6LfI1xHIpzGfeRvRZHPcfCZHR8daXcmWAQAM4k6Pa/B/F8jJ
SVjk9qHKEfeYe2AkFfQMm0TeLItUPBLlcVj9jBtXQ/9f3Q6M2W8=
=+c7f
-END PGP SIGNATURE-