[SECURITY] [DLA 3809-1] libkf5ksieve security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3809-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk May 05, 2024 https://wiki.debian.org/LTS - - Package: libkf5ksieve Version: 4:18.08.3-2+deb10u1 CVE ID : CVE-2023-52723 Debian Bug : 1069163 A bug in libkf5ksieve, an email filtering library for KDE, exposed the user password in plaintext server logs. For Debian 10 buster, this problem has been fixed in version 4:18.08.3-2+deb10u1. We recommend that you upgrade your libkf5ksieve packages. For the detailed security status of libkf5ksieve please refer to its security tracker page at: https://security-tracker.debian.org/tracker/libkf5ksieve Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmY38fIACgkQiNJCh6LY mLHJtxAAneZwlfkC3B/xjtxgP5vccEcavRlM72J0vIzmel5dc0d+Uqtx8zeLNz2i aptRV5OlP8FJrgrWhaG48qXgIoMLG1sAmcUXv6cY0l1mgymS+r63miAnmmFc0tiY BOruGgxeDnnWfpiD9fPstFRufixZh5NjWc8JUg8JTHHfxcIydKuZeUneZ4fUvJru 15t1g4YDVI/pEcwBig4xa6ioRXP1VlF2WWLS+StRLjSkU1MrcKifOnJqNotHri9U ydRpQOT8AmpJYlxEBczIP6z0NwOjk1OyPHwKVsLwK2S1Fmlgkk1cIzLQK+oUAKdY 5Wx+1xkgT1lsKazO7aYEGIwcS8fCk+Agj9tK0XcwKrBcz9LA0WnDwUxL21EU41eV 5f4HznOg/0QjSmxJyXn2ngoOjX0PM3p3fEZ9YxSJQS9JlC7zOMf7n0fwKgKzG/lM TGiFx5wJWyo+QM3cyCdc+5Qh72Ty5OO1K28SbTeCdyo5dSF4/s9MblyegyJ957ri qCDj5s4IN9+T/1tw26OruLEU42un30CKIPTpKWQSzyq87/b+zSoHlrl7S1bXtXZ5 ZNlyp1ZPtJRconQ2NYbtgGpGz71KEyycestyV8xzpqnVgEAj1IzE8NF3w9kxKnn7 j59tk7EOQKGanbA9stAX5Gac9XAsQCKcL3tz+m5prBlkPCg6des= =+Y3G -END PGP SIGNATURE-
[SECURITY] [DLA 3807-1] glibc security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3807-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk May 04, 2024 https://wiki.debian.org/LTS - - Package: glibc Version: 2.28-10+deb10u3 CVE ID : CVE-2024-2961 Debian Bug : 1069191 Out-of-bounds write in the iconv ISO-2022-CN-EXT module has been fixed in the GNU C library. For Debian 10 buster, this problem has been fixed in version 2.28-10+deb10u3. We recommend that you upgrade your glibc packages. For the detailed security status of glibc please refer to its security tracker page at: https://security-tracker.debian.org/tracker/glibc Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmY1aigACgkQiNJCh6LY mLGjcxAAxBL18otZwuVuVB34Erd8NEPjiBRL5fGubQ5y2T3Amo8g/SY32KUR6Ud/ r/HZh3JYcYtwKLwRcMPszVCAAxB0dhSg4hwXgvh0LYEWL+Qdwccv1EjEDxxgYVCH ecDGYjl7dYoGrNlsf2R3IMhpX9W8fn08vdbvheSgIkFSIRwccvswftH/CFn06UBd TQxtyX0pbWljvHYUB/BxcOViHkrF1p7MS6XDG078d54EBzB0g7wwUyUzXN41myKN N1/2AWH7fVFbpp+zoiuw5cr1QspiOxWuqse3W0nzisGMMDIStjAFQol51eVrY2M0 DUmOYFETep/9Q9cwFTKz0czwChFgazCmKiVAnuV3pg3DAlSa8IBjKTy0VSLcBlcT Qaoh8nI67/aFKvzNKY1InuwHeokSJyPl8raWFpX1z7gDgvbthWJ9cHghdAQdIh22 7W2AAHw1l5ZHpbPacy5x9hWjQSxBo08AlqWFGWSFf+UXqo2y66PLa4aqlham7/Yj Umr2wyQGpmACV3RHVTEYhbjfZDAcYqdo/L0W6vrQU+AIl1kpIMZyHj23rSkmwdAC V+A8gUa33su6AQ6axSTEq1/JembE8bv/pqaJtYyBgjMX8cJ04UdNV1Z7NsPwelaK a2Qm312fOHDZ4AnfhYBZLC4QE01Z9J2fN4+kCUsJfPzqKA3qpiM= =Sg1j -END PGP SIGNATURE-
[SECURITY] [DLA 3800-1] ruby-rack security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3800-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk April 29, 2024https://wiki.debian.org/LTS - - Package: ruby-rack Version: 2.0.6-3+deb10u4 CVE ID : CVE-2024-25126 CVE-2024-26141 CVE-2024-26146 Debian Bug : 1064516 Multiple vulnerabilities were fixed in ruby-rack, an interface for developing web applications in Ruby. CVE-2024-25126 ReDoS in Content Type header parsing CVE-2024-26141 Reject Range headers which are too large CVE-2024-26146 ReDoS in Accept header parsing For Debian 10 buster, these problems have been fixed in version 2.0.6-3+deb10u4. We recommend that you upgrade your ruby-rack packages. For the detailed security status of ruby-rack please refer to its security tracker page at: https://security-tracker.debian.org/tracker/ruby-rack Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmYva/kACgkQiNJCh6LY mLHSPA/+I1ISd2y2JCz2jF7TqDA0MayRFxDWvaIMqT9fkhuQ0hsFD6CTHOYdttcI lQALes8XodZowqsI47wIUNxRwDTJ1jnOc0c7fSFWCstGC11St13GvVvOGoUYKuSX 9nL9cePVjyM8ETRbYrVmuNzdPAOCKPOFLWPHJBOQx/c6GEnPH1HJ+1rcrqgs1CNA 0JyozwyGwjkcxp0Q3dIFy91CJ1u6gl9VR0faDzF3vJiz0q7T9dU1Kb3MvjX1VtLO SKWYfCKNsKRvQ2oz89VEotK75bKT6+YrIkMcH4oTkT5E4ZLKw1m7pOWXr5Fn6tao oxt5pxBoiG65vsL5oHUdUGSQnP86udH4KQ2PjZELKqzjTzOZn3xPLu3WPi8p1Vrg KUtkcG+VAvEqHLsuwIHypgo6VmXbWBqH9G8IPa5D2oFT2B7J/bTQzbWaQC/K1cvt nnahHgAJuS3tCwb/nifbZnDyldmPWfH5+2z9elx3S3P7digtFJiw2qqqb94dN+Sc X8YTS8qfmH7rxopbGCn235SVJUnlthzpw35blueZiDIe1269uFZ7rMkeyQs92gt8 V3DHMqHR7RHnUu4Yq2GXNbcLLuZz9Dwe4Ey+Pgfdj+vybBasn81cJQIKxYXG80KN IpbYFFbovljJcGt2N00mrlkbe0vRuZvrX/foSGqsnQWSGFo0KwQ= =SpLy -END PGP SIGNATURE-
[SECURITY] [DLA 3799-1] trafficserver security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3799-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk April 28, 2024https://wiki.debian.org/LTS - - Package: trafficserver Version: 8.1.7-0+deb10u4 CVE ID : CVE-2024-31309 Debian Bug : 1068417 Potential DoS attacks have been fixed by rate limiting HTTP/2 CONTINUATION frames in Apache Traffic Server, an HTTP/1.1 and HTTP/2 compliant caching proxy server. For Debian 10 buster, this problem has been fixed in version 8.1.7-0+deb10u4. We recommend that you upgrade your trafficserver packages. For the detailed security status of trafficserver please refer to its security tracker page at: https://security-tracker.debian.org/tracker/trafficserver Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmYut80ACgkQiNJCh6LY mLFovhAAzymlGS/QkzER/awJHZgw4h4KqpQwvUJ3kPAtwG55/NPcFnpRdQ2tVRMj uMQpjm1XC5pC26gJRIrRDzr/KYFfU/OIYUXaQFb0OCSMxUT522KrWMxjH4ejaHle uqU7iKtSxe7Rxc/Mkug3bwLzB482KnjpvYNJ5EXJHTDsTD9PSlPGelv0jOEL3ufz KfFZR5dEnuMdRGXl6hUG2/TbqnYfPwSLU5fAz1cuF6haSRvf9FPKPi3+EP7T75y8 bqIRwzX954ujmrjRYpKS79JbOu+Av3U9mJrqVsidFSD1CgLTocO0CkN7P5WbON3p ruvgyIXVPsISJcYZNe7kuboflOdm1y0eU3ZC2/xOTcIuVdNeUDsZzhxXJ9yZZK/5 /LE0kFBzi4A+Oi0YZxJzPa/dOc28JtWc+LLsgh02qGttdcOo4+PDHoC6KxI8m+hO Nhg3l8ElKPSh+RN0yarpa30T0/9qGt52TSqcaqqsCv3ZREIuF7Gg3GhpKDYod0vn Rk3JKnN38RWdw5gBNwtZLmA0k00HyWFQvzsJtp1qfHWEh4DevW95WlKflaDfZ6Y0 aHZN3NxlQAmi9OdORUA/owXJx6UX4D0oy4hUNpPKoPhDtNorFyOL2x8NF7tZeo0U uBnL5oqkiXdnShd73ShkE/jiGlSqNt1SSwXeo5uEhWTxaFecmJQ= =TLeM -END PGP SIGNATURE-
[SECURITY] [DLA 3798-1] zabbix security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3798-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk April 28, 2024https://wiki.debian.org/LTS - - Package: zabbix Version: 1:4.0.4+dfsg-1+deb10u5 CVE ID : CVE-2024-22119 Improper form input field validation has been fixed in Zabbix, a network monitoring solution. For Debian 10 buster, this problem has been fixed in version 1:4.0.4+dfsg-1+deb10u5. We recommend that you upgrade your zabbix packages. For the detailed security status of zabbix please refer to its security tracker page at: https://security-tracker.debian.org/tracker/zabbix Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmYumJgACgkQiNJCh6LY mLHKUxAAqacLtwifnlnGmiucaTB1Ri5L6k9HPvaIz+sOA4taIJ/K88COvIF+UWXc 0IjGRcd6ejuUCszhe5a/muhA9NUCKTNdiupB+3da1OnAu6C//XUnaQJneaOBlvxR xQekZFu1javh50HrC0Wpywfq5VThHUkH1mbxoxAOhzPcbeOIgpuu7mCFSbpPOcGi DOXm+lKfoloqgJRwD6Oo2tUjvMvnGZOLYfb6O0jvDhAO5W1hbSF0ORUOmTbxFdk1 3eHyxykh35ezfIYbkhJ5B2oWmJ27DNpcU9V93PT0t0bO1TmsClb85wFAzI/ei5Np kc3bg8RvumwtI/8oLoAkSF7ghV/25+ghLbwaRNUq5TxpLZxDi51NQkceoWm0Nc8m xparljCgBDwDMpKtHNKRzkOF9c6UgVd4PfsdBwuRN0TLkyZuLQIbYe4dB6GLnCVL /5HBehLm3T1e5l2j7qHbpB2XIz6YHjdRcoiC2uBVeBBUQP8JprVNgvFGhMdJ63I3 /cz34Z7QhYW8Ck+nQ7Ffd10QYxfi7dzJX3tUSz6VOK8+3HQMC2RIBaUOSgKcdPVq ndmpTviXrIG/DccINvFpNpyIznjEgO55IzQUtLhZDDyDFqzkHLFfYwKCQHbOtwHK 2azur9ZC5u7lAertgaTIsMS59LTDeOb7Otp2OQNKe/6yn9YWFHo= =Mhpd -END PGP SIGNATURE-
[SECURITY] [DLA 3787-1] xorg-server security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3787-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk April 15, 2024https://wiki.debian.org/LTS - - Package: xorg-server Version: 2:1.20.4-1+deb10u14 CVE ID : CVE-2024-31080 CVE-2024-31081 CVE-2024-31083 Multiple vulnerabilities have been fixed in the Xorg X server. CVE-2024-31080 Heap buffer overread in ProcXIGetSelectedEvents() CVE-2024-31081 Heap buffer overread in ProcXIPassiveGrabDevice() CVE-2024-31083 Use-after-free in ProcRenderAddGlyphs() For Debian 10 buster, these problems have been fixed in version 2:1.20.4-1+deb10u14. We recommend that you upgrade your xorg-server packages. For the detailed security status of xorg-server please refer to its security tracker page at: https://security-tracker.debian.org/tracker/xorg-server Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmYdKiUACgkQiNJCh6LY mLEthBAAwekWU9GEvzW/hg14rAudN4FmDe31jh4QVqPpeZKcOLJfEhLyvLn/H+ae QqvK6DdCTlsxdihJJDwhyge8gjoEU6qgpifEnoE0/udcJZoqZ9VdvFzVioI2VQVj rsVmbreKlOmgpomFRtyI2VjxRRTjiqAZUpgd47AAxpHFYO1aNgBrJSkuB71lEA6Z oxBhFjJv7tDSC5bdXSqJxAeyg2Qs9W1PNF/G46+xvnWavtqe00304yphf83tA4Fa zjDy10bo1qnZP1rdOC546xD7hjInVy4nJ94DvkGZQB6MnbT/mT0AlqUgabd2R676 5DFawXphdRKQ2meSNjhvSKTKfXFImeNxhvAAFZTwtaDByTvWTXqztPe96mIjmCST NZRTol9M2xEfdBQRDaQIVmNwoKmLeOuxGfSXVGCwqBYUDtVntRFnCXJk4xrbrwmr Glz8y1D55QJQUdYqOk9yUJb/GCJrRRQAYi7HB0EMNubMhVMPY+mrZ/GCo5thCF7e q33n9AXdkkYghHIesNcz6hAyMablOmnWXZMGrzEqMQQNr3cYZ/gCz9ifH+ZW/y/q iQg7mA5tBytIk0CyztRuLkU8IrV6dW/AkrqeR9Nrad2p43LjJvVLzbqUmy94mGAd nCfpg0bu/N3C2RAWRyjDN76D5BEOPBEfYevbu3E8NS4tx3dC9yg= =Bs15 -END PGP SIGNATURE-
[SECURITY] [DLA 3786-1] pillow security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3786-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk April 10, 2024https://wiki.debian.org/LTS - - Package: pillow Version: 5.4.1-2+deb10u6 CVE ID : CVE-2024-28219 A buffer overflow in _imagingcms.c was fixed in Pillow, an image processing library for Python. For Debian 10 buster, this problem has been fixed in version 5.4.1-2+deb10u6. We recommend that you upgrade your pillow packages. For the detailed security status of pillow please refer to its security tracker page at: https://security-tracker.debian.org/tracker/pillow Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmYW/JIACgkQiNJCh6LY mLGV4g/+Mjsiv7qkJ3Q+itDho3j0CChxqNdk/nzeodIDVIOJKiJS3vDyIl+qO2Qd RHC4JRCh71stGIJzqs16bcScUFcq1QOxq3Y9x/4rxpZuwzbAaltjYkbu/CReGxCC KRZmYKbxVwUeQjCNZ/gzRA+YPT51CI1vavYH2ml/Pdh1VTkHY2xDm0fCBnFO6Y8g idjHOc5+b9tVjV0wX/aMMpocU87EJGUTwu8gLl5eHyuFzzPYzOviz2ZHV514nRgr 2I2Bjkiu1az2l/OjJLGVCgRKjGxcPL6xxENGcofIEFyKZNWxuNSNO1dWYl9N/7pk 6u0u3f8L8VeogsafLVMAAK4M39nBIyl5cSvLgz8qgWSUvNwHRLvEB2pN5elvPxqH y1ZtnQjmV7/MOyvGAIjxAz+VDF+X382yaQDxT2+qeOIPessTIytyeVsC0cs6/vmN o8PjE1b4KWFwmVcCJH7xJnxIBFWWuYSN/N4hfxh7JRLW0okrEfCxzBM9H2mh654x oQLkmITlSH7wd3NCUn7/EQVvqVfWCy+jC0fMyTfPzSaViUmGCvW44AlyDcMdx41E huPKV9RvXuW57zrEk9fUAZS4nowPFMI9/URlh5eWTLkcPcqjaTMkGjGw3wwL8t0y bFVZc3oxNY0Ug7pun+jW9gVsrOmZD192XjbKUjczgcPsSt09BpU= =8ogI -END PGP SIGNATURE-
[SECURITY] [DLA 3785-1] gtkwave security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3785-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk April 09, 2024https://wiki.debian.org/LTS - - Package: gtkwave Version: 3.3.98+really3.3.118-0+deb10u1 CVE ID : CVE-2023-32650 CVE-2023-34087 CVE-2023-34436 CVE-2023-35004 CVE-2023-35057 CVE-2023-35128 CVE-2023-35702 CVE-2023-35703 CVE-2023-35704 CVE-2023-35955 CVE-2023-35956 CVE-2023-35957 CVE-2023-35958 CVE-2023-35959 CVE-2023-35960 CVE-2023-35961 CVE-2023-35962 CVE-2023-35963 CVE-2023-35964 CVE-2023-35969 CVE-2023-35970 CVE-2023-35989 CVE-2023-35992 CVE-2023-35994 CVE-2023-35995 CVE-2023-35996 CVE-2023-35997 CVE-2023-36746 CVE-2023-36747 CVE-2023-36861 CVE-2023-36864 CVE-2023-36915 CVE-2023-36916 CVE-2023-37282 CVE-2023-37416 CVE-2023-37417 CVE-2023-37418 CVE-2023-37419 CVE-2023-37420 CVE-2023-37442 CVE-2023-37443 CVE-2023-37444 CVE-2023-37445 CVE-2023-37446 CVE-2023-37447 CVE-2023-37573 CVE-2023-37574 CVE-2023-37575 CVE-2023-37576 CVE-2023-37577 CVE-2023-37578 CVE-2023-37921 CVE-2023-37922 CVE-2023-37923 CVE-2023-38583 CVE-2023-38618 CVE-2023-38619 CVE-2023-38620 CVE-2023-38621 CVE-2023-38622 CVE-2023-38623 CVE-2023-38648 CVE-2023-38649 CVE-2023-38650 CVE-2023-38651 CVE-2023-38652 CVE-2023-38653 CVE-2023-38657 CVE-2023-39234 CVE-2023-39235 CVE-2023-39270 CVE-2023-39271 CVE-2023-39272 CVE-2023-39273 CVE-2023-39274 CVE-2023-39275 CVE-2023-39316 CVE-2023-39317 CVE-2023-39413 CVE-2023-39414 CVE-2023-39443 CVE-2023-39444 Debian Bug : 1060407 Multiple security issues have been fixed in the waveform viewer GTKWave by upgrading to a more recent upstream version. For Debian 10 buster, these problems have been fixed in version 3.3.98+really3.3.118-0+deb10u1. We recommend that you upgrade your gtkwave packages. For the detailed security status of gtkwave please refer to its security tracker page at: https://security-tracker.debian.org/tracker/gtkwave Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmYVo/gACgkQiNJCh6LY mLEsGg/9H3b0Nz25biz7BeN8mR7+qT2VLJ/W/y34CIXm5dpa7E8WiB6M7D1pGvLT +S6VnuR0+nHIPEsMG6gBi+Uv9wdvDAJm1FDesLRFa2TJmzQvhZ4JB6cXbRT+qZh/ Z51Qojvps+p1aY+BtanckR9Dk2V1kYiIqHOfUEjwYKrIeCPAyKXpTKu5U3N/Mz8n DE59xfnjiTyuRpR8lFY4418MywRNr2tya6OU/YcS1Ym9VbRyevOrSISPDqZi1vRR dVaRqCWDGjSzFwQ32d8AYsNwglzB3gHZjafFsi8OfgTNvO2H08Gld3COzh3R9YKw luBM9wH+Vysh2W4mQyJSibM8ZuKyX/Pyj8uGnrNuYnvYpF/2mr2EmvKtnP2CKFQI A1qqajFVtih/gNi6Y1iGjyRPI888ySIoxVuv13x1c3yS0MaY4ZPK/qplV4WfHnwl uSSEwOk68Ux+4YkNQeH01paie/2a6XBhtsNuvIl1SEVH4XY4Ngv7GRjbu6O25Cvs u8eSslfqUINF2pJiN35dMYeUMvjPnXgUMyre629MuWcxFElzT95b6qR5TLa9ENxa pM07aVY4zd4qDVVn1sjSrvOG/8Q2UEm+9WRFwhlieAUin8t0dwfWonhj9Oi3ZXXP FrEdG5ErxCsSwHlYdE7O07GulmkSd4ne7D2qHECzEMEfXRyGE6g= =MDlv -END PGP SIGNATURE-
[SECURITY] [DLA 3774-1] gross security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3774-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk March 25, 2024https://wiki.debian.org/LTS - - Package: gross Version: 1.0.2-4.1~deb10u1 CVE ID : CVE-2023-52159 Debian Bug : 1067115 Stack-based buffer overflow has been fixed in gross, a server for greylisting emails. For Debian 10 buster, this problem has been fixed in version 1.0.2-4.1~deb10u1. We recommend that you upgrade your gross packages. For the detailed security status of gross please refer to its security tracker page at: https://security-tracker.debian.org/tracker/gross Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmYBfMIACgkQiNJCh6LY mLEwqBAAu8CmSpBQmV2hn6+hYVgd1thR2JxTFgbkjVlW13cT4J5SwV2u2LJtU1Mi dN5QUz6FN60BZSVk+JKh1k9aIKR/4zM3wbiT4AfI/DxYHL9duJ8oE4dHuhYPJOlj 7it89jdDvuNkDlRSP5uOuEr0CckYQ77PVBX7VSHrzEmLHOTcL00hGtIKI8qDwWiS Dey3LTDh5mE9HKFapLZMFUgKjqF1TGX6FLppuymjqwpz/boDgzt3UmkWV7bEzSWE IY5LSi95O0GvDpa1WJGspimQIPdvNjZ65uWQ9jNe3tm1QM5fMqk8vv9VyNqOHTTg EQkF7yiDJ3BLAfLTCB6Ra7zu4/3k6l+T7lQSp2QSKiNXg8fboSiAKv/7p3QWlvII ik/eCdSVXaFD1NS65P7IJUeE9oNe8g850+fziBJNN5sGjDtTviLu5vms43spD0OS 2yRC2hNhj3RaOWZfOsLd734y0mIxx8TctUR9eDgRd/o1pERBxi0e/fZSLkyaqBZQ YwYmIsqrPoPOVPMUdSv0mLw+VdIZaELtywCxNfdcvSPhPkmlfxApj11/sQCjFgoT Svhk5/3shww+GB91rEdUciIv4bAtHytbJX0ey7SAHJYOpM7klX9bP8G+SCwyGzo8 aNk0IhHR6UYuhOq3vI5bsmep1WUCxjxk3U7ZAm5+X8zDwrTtJqA= =S4nf -END PGP SIGNATURE-
[SECURITY] [DLA 3772-1] python3.7 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3772-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk March 24, 2024https://wiki.debian.org/LTS - - Package: python3.7 Version: 3.7.3-2+deb10u7 CVE ID : CVE-2023-6597 CVE-2024-0450 Two vulnerabilities have been fixed in the Python 3 interpreter. CVE-2023-6597 tempfile.TemporaryDirectory failure to remove dir CVE-2024-0450 quoted-overlap zipbomb DoS For Debian 10 buster, these problems have been fixed in version 3.7.3-2+deb10u7. We recommend that you upgrade your python3.7 packages. For the detailed security status of python3.7 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/python3.7 Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmYAoHIACgkQiNJCh6LY mLFLBhAAl4hp5bxyoVUX5ju/DYAHCEunfTCk9qImA+EyyU/miBXht+l2gO+9SKwc krPDAZICfTLISNDWUvhM+E6OCCB4rcivc+wRAMU4xkYb0RqtX/FGockRRZOiul2O GFPy96vpY5A3y8dVW/n7vIQG9Flys1ktdYAVIzd7qitcb5W54+PikauTK89Ph4Tk xl6wuni24BU2zcxRiqr/F3GOi1H+j29uoPJh9XFCcUHz1DzJKxDHg5DF0M+jbi1U cebugv5xMFsGe0uRkQfAZ0OHtusLKqrO7rOFQteWk0oq9mDqfPQnRLdnCPUW4sEm X/3ohOk+57ZmrNKSXzy2LA1nmQWQThQyeQM44A5LQ3mFgQc9UFvzwuO5bjvWDp5x SdjkOtSO97PfrvEY3Vu161f8dEk3UcckjnxKGghL5b0Mklc8szgdDbYvZ2pvv1N9 X9xlc+Cej26fQQnUOjnzRwnWm3o7KpKVkbJlzc9a5uOuJfFyty5/ATyLqFTX/CXF KPLxo6Y7QduyVVUBJuLvZnR5Gweolm3nFwjck+DZ/8ZjoczKeF0wwqduMeVUiLTr X7FGzA90gdEXoj8UOzvGxQY9f2dMfHU8vT74PLyYsgV2ur2WNefowhlyYh7MRrLm /Ce8barFNPip0d4s7di1GufKB9aDN+RN6+9JFpBtYZVo5qnWW3g= =jMmp -END PGP SIGNATURE-
[SECURITY] [DLA 3771-1] python2.7 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3771-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk March 24, 2024https://wiki.debian.org/LTS - - Package: python2.7 Version: 2.7.16-2+deb10u4 CVE ID : CVE-2024-0450 The zipfile module was vulnerable to “quoted-overlap” zip-bombs in the Python 2 interpreter. For Debian 10 buster, this problem has been fixed in version 2.7.16-2+deb10u4. We recommend that you upgrade your python2.7 packages. For the detailed security status of python2.7 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/python2.7 Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmYAnrkACgkQiNJCh6LY mLHrCxAAmKn7dXeyFszkXoJ2sORjLQ/Y4qJb0C5Qg5JRCqRaAh0UcNNgxjX2/Ptl 26GcGdmE3BRKBhGblTn5LD23gGV8ppFXRfGmhTk1A6yGv+pFz6dRleQXutcFv5Jp dWVteB6Zv9bs3ed5EI4SojK9MmJJ/76d0AjFTjy0cT+CVitkGuDb6PMrZNaiPuvx sM/1P+mYrJY5SKVi8lM8ANYHEckmsnFTn5wVIp9oXzS+OP2ctilXlth9wH0optcH VZhMWwme/WwplVtcYGC1Jo1D+x3G/ruON/WgforaLaCWtozawVJJ8TH/c7aX+Oo/ LfPiwzdP6sOXIxMU7ttuoXUk/M/m2VVI3ECB5QSNBd7Uw00glc0vsOXFVn/DCxbL eQGRQRFoKlb2ZmqBu97UnBcns2L0spD/MA/BkVZmQfwxD3KevGtDhLloZGBGwLSZ amqBtQKFqCw9B7ZxKw06//1NI8gGCCubcHCCtZKPqWWJqG07jT3/A7IyeOMnmwEf oJTPK/XfGzBY/w8obz6dDJDoWwNp6DG6YyyDa40KbhNdy6HRPlgL3eRq6k7XOsTk 4c8qsLgK8OCL42zP7WGH5diwsxgrj0pQwuCwM2IJaKGUjZUpOja4j9x25ay4Y0Td hYnk7qMNp9EL4GfjoJc4EKc5AOwVfIqHrm6lXcwICTDba3TKRTk= =icBc -END PGP SIGNATURE-
[SECURITY] [DLA 3764-1] postgresql-11 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3764-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk March 18, 2024https://wiki.debian.org/LTS - - Package: postgresql-11 Version: 11.22-0+deb10u2 CVE ID : CVE-2024-0985 In the PostgreSQL database server, a late privilege drop in the REFRESH MATERIALIZED VIEW CONCURRENTLY command could allow an attacker to trick a user with higher privileges to run SQL commands. For Debian 10 buster, this problem has been fixed in version 11.22-0+deb10u2. We recommend that you upgrade your postgresql-11 packages. For the detailed security status of postgresql-11 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/postgresql-11 Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmX4Yg4ACgkQiNJCh6LY mLEIJg/+OfExJJZecgBVJtTu1n+D9sGUALx7+R6pcQrWSzXQR+7S5LePTPVuk7gS EliV7Dled3K09h2RxgmNTsjOR7GjPt44Hp4F64R8OgeWJmmFrdu+ZYq/YfdBzhL4 eZS6fvwJgF2IuGfpYPCtk2oyrLtTggx9xQvzY/97G0X7MbK+C6gHZNswlU0l3OBk XpC6KpqM+YDXQa95/YKzocNE24GW0bwyZXL0FBjfQooS1XxBb4rMPPCJpbX4E+6e +RNkiWy0Pt/s04UvkzsL7iQ3Jfddq1Slhgl3NlSl/232/t3yGPaNysoMTtwr1YpI ZvCRPntQFDff9tyI22N++0FSEhY7Z+vhKKXtNJq9ZtYz/4mX7rgY13bUZt9SF6EV SypTdXNJf9C+/cIHNM0wCPIo0Nx6170phjrVEuVTRQETZVHAMJ6O6kDgKvfpkV3k 1kzvYTIfByHFfmvaZjrfdAi1v4D5MHlRMy78PYGVt1kbrk0sxGMlWWr2TcKol0j9 4d1hokCoWLTCewfXehLxYNMHUZ7CiXJ9m1wm5WzUa1ONPHiIu3PqS1rPzR5HiQNl yYcDSe1a8CEKJtalSU7o1bYzBruZ0G6YGjnPsLxXBpq313BvrKxMyvQmoHFWSGnV BTH5pFvhlkk0LUBOI3FColt22iq85Xdseuy0z3K+Lv4mHxjsOyM= =btd4 -END PGP SIGNATURE-
[SECURITY] [DLA 3762-1] unadf security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3762-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk March 15, 2024https://wiki.debian.org/LTS - - Package: unadf Version: 0.7.11a-4+deb11u1~deb10u1 CVE ID : CVE-2016-1243 CVE-2016-1244 Debian Bug : 838248 Two vulnerabilities have been fixed in unADF, a tool to extract files from an Amiga Disk File dump. CVE-2016-1243 arbitrary code execution via long pathname CVE-2016-1244 arbitrary code execution via shell metacharacters in directory names For Debian 10 buster, these problems have been fixed in version 0.7.11a-4+deb11u1~deb10u1. We recommend that you upgrade your unadf packages. For the detailed security status of unadf please refer to its security tracker page at: https://security-tracker.debian.org/tracker/unadf Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmX0iesACgkQiNJCh6LY mLEa5A//dCcRQ/F3RSGxGnTYA+jEBts+ScHNFoQ7vypF48L8j2lehek8bnlonCIj Wx9otRF+HCnWOWxriGw/h9E1vfIizU2mNZF9eGqjy5nGeAcRmziiX64mzCViuQyp 79YoWwNVqe0CfZDnsCJh7Pajmv9RPAAhwiOzYZ2neZzEBNrsawejA7s8pE4pw3Yw QrSV12ZWh/XhiFVy1k/UHXhXRhiarz5z8ViBPY17gsfB3M4tDMNofOV/sVajt7NS awKLemJMIevWt8a4+cIDder0UhXJRcElUy69DYL9X9XxFdaOWl4nTwpC6X1iyEd/ avnDJK22P9KsMPqGGOBpQX6WJunVfw2N3ygfmEXcxITqdYCSMRQECK011Atu7ceC bka0CurZSeDa8rGRebjqLEfyWPaukj/xRyJzQk/8VYq8PADQix2Hn/3/1q0GyP6F yfZCbYT7Wr+kOKHD7uQMeI9b6OrpNZ7ZxHcFq1kP9Nuhsjz9DQgo6RPkEAo5vbJo AdhW0dMBWqZ8rKXt0dXYZUUTV9O1zzoP4slKeDXstNHHqZTIm0aiBcqGDp6SsLZi Vq6hb9L8u1qhfsPK/VgiPef58QvjCYUVEFAc1/pcXw4MCQBc7bcmaVgsHNR32rSO ZFY6fHkNND5weYuktNK5wjWRsA6I2PKMX9/zaAQM0qaKYB3BYnY= =3U3n -END PGP SIGNATURE-
[SECURITY] [DLA 3760-1] node-xml2js security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3760-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk March 14, 2024https://wiki.debian.org/LTS - - Package: node-xml2js Version: 0.2.8-1.1+deb11u1~deb10u1 CVE ID : CVE-2023-0842 Debian Bug : 1034148 Prototype pollution has been fixed in node-xml2js, an XML to JavaScript object converter. For Debian 10 buster, this problem has been fixed in version 0.2.8-1.1+deb11u1~deb10u1. We recommend that you upgrade your node-xml2js packages. For the detailed security status of node-xml2js please refer to its security tracker page at: https://security-tracker.debian.org/tracker/node-xml2js Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmXzWLYACgkQiNJCh6LY mLGCXQ/+OGOGr54c9cTgUSbvQ7owfIcFUG5xpvIAWa2NdKXMyOiANMBNOu9Ugod6 gZdyDhXGw8hlhF5EnSIXVUEo8a9SoJcL47eCXW+rgV7q8+TkOBUDn2UI+fw55Zca oADxq3lfsG01PrRVRpr+DoGpNV0wzt+uZP3Z3c+AHKaKmdiavVzUc07ebFq99NUg 9teJwhNODx/NIeZBBkWetR0XRaLWmzOtKLB4X/nt4k6lvBmbH9ZqftoNxAwbFn3a 6LsBHhS3OGiIJqdaSuUAFO+hMeU1Bka0ia1QBM8j5tqSAPn7t0Q3Rz7OQP1dOq3V dnJHLI3TEhr2j48ZJMLRgpA87bEK50rSjhxumqyqCqtNLuKq/PHXQ8mYcPFrYO9a JhOF7vHiA+4QsDOICHebGsvNxRLiWFjObqcW34UnyyeC5m3lNPKEeNE3gZRXPpqD zZ01UzMkmP/BoI1TnxqMdCd4gCwYEY1jJAo6EaNkdxe2DHDBvvh9/mvIPIxVr2Kc FPZtNEVUB7QV5TsZdnJPBn4RmqQ/xyydcfXiREcCA5r01UFXhqqv3zhdGBwly5uy jGD+YGmXt6LZvkQhDo8VWfESvR7KX4iq1ACNtNj7EkCBqC/TP4ewgZ/QmvY8wvHI /uETBCZODFZ+nUsjjZ4srU7dlAlReoGoh6tNeiGU1qmgYCMoxjk= =aSei -END PGP SIGNATURE-
[SECURITY] [DLA 3759-1] qemu security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3759-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk March 11, 2024https://wiki.debian.org/LTS - - Package: qemu Version: 1:3.1+dfsg-8+deb10u12 CVE ID : CVE-2023-2861 CVE-2023-3354 CVE-2023-5088 Multiple vulnerabilities have been fixed in the machine emulator and virtualizer QEMU. CVE-2023-2861 9pfs did not prohibit opening special files on the host side CVE-2023-3354 remote unauthenticated clients could cause denial of service in VNC server CVE-2023-5088 IDE guest I/O operation addressed to an arbitrary disk offset might get targeted to offset 0 instead For Debian 10 buster, these problems have been fixed in version 1:3.1+dfsg-8+deb10u12. We recommend that you upgrade your qemu packages. For the detailed security status of qemu please refer to its security tracker page at: https://security-tracker.debian.org/tracker/qemu Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmXvPusACgkQiNJCh6LY mLEpLQ//aGHe1oAqi/qNG1F16/1bA9DJ5jhVr+OmRhNSddCIrelqsOBlBo+l09vV UxbWFSOheTfOj9QZS2q9WG3I2rA8EGz7lliMX9wOoPg2K/hxWMuhbvjmz2ZkFAOX QhuSH6dqUf7F0AqiHWTcIoMzJp7yXwh7S0kPjsIS34sdclTu4+gTGJSQoG0jR5Jz /jaNr8wMVNKpAWnSEuoEnUXwS3E5GoEJ6P/BUprCVKG5QEdn9IwCIkObELZi6K06 HG5b/r8WsWoF7THte6TfJp7MI0T8xCUGmAavUXtjCe5WenEAOfzzMjzVQuQYIyae fAr4zk/Y0quph9G/BlnMx2rI+7KQcm0SXE+KKz8qCMffA8dP8GAiEcZkJl/QjpGZ KgTYwaXXhcXOTDsTD7i3guHT2wQdxvSO39ScOHssxsz3+ijoMhl036mG2QN/Y8vf 3CZg4F4uJ2q7N4q6viZC+TR06rpq227uvJEYGSPiUtOkSDX28GbLDBPNcHept3SM /BkaDvcPqA+tkIRw2GBeX/SKNMZ0WNo3RUI1SL+9MiPoi+AcI0ZoIZRNdht1IIeb Uh8t0YYOnNL9K6hqrmp3ikNxNavX85RPqcPdEGdITi+1mWnZ+x+gs6zdIjOn9Pb0 EigLFMck+BB3IzVjoSe4rl9yqedlpbDZ/+gPC1PhvxB6lVXRjy4= =4xcX -END PGP SIGNATURE-
[SECURITY] [DLA 3755-1] tar security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3755-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk March 09, 2024https://wiki.debian.org/LTS - - Package: tar Version: 1.30+dfsg-6+deb10u1 CVE ID : CVE-2023-39804 Debian Bug : 1058079 Incorrect handling of extension attributes in PAX archives has been fixed in the GNU tar archiving utility. For Debian 10 buster, this problem has been fixed in version 1.30+dfsg-6+deb10u1. We recommend that you upgrade your tar packages. For the detailed security status of tar please refer to its security tracker page at: https://security-tracker.debian.org/tracker/tar Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmXs0w0ACgkQiNJCh6LY mLGTSxAAkExlVbFmIvkgQaHazTxhgdtC0cFwQVw+GfhR21bnG2Xu628nf6ELJkYJ WD+JUofSkPI1CskzITV77SGE3T2Cd5NHcW92qCNAMlV363jT43ezAIxNgk8nUQco M3yme6X+OHsRyqSlemosfm3BnbPvp9qegGYS9vmgh+GkfLPkbVpPAtUH1rVkaMUB 54XOjxmuB9DvN9lhFYfmgX41WiLmlRfMcBkDUrf7fpcQSrpkpNSuy8fwzTNF/XZ9 znW9Wf7TNLDI5eZyKInneeYYY46I7eq6YEmHXKxoKOMU4SOc4al7rkyB4ER8LtxH kGrG9qmLWrt2NfYOUzOMXU8IL71ua54jkofFkp7koZlyAu4OwFft1r8Xbosdnfm6 MnSKjaNTeHZEkabhwmr/vJhqpTU0Oy8Cd+HaR4FdwtFPZyNfbiqrHESeego33K8u vPH+ZLDOdRUQcrZ3tD2oozX2FzLfx0DlOf5ssmAFfEvubezFpJWwylo4IZLpv5Ot /J0bXQgdFqLfRif2acYLK2Y41cheQqdCxVrry5kgrZkN+mEQSHOUb5zt7QLSNSqn p4tWxlAeIqZgSQebW6OLmRmJOJM8Og1rYWRDNbjA5x5V94fr0BvAJzjav7TkaoEB itWh65wYK+YvxIaX005wVzxepcZZVsUKvbrz1kTQc8/QzuhrMAk= =4LDX -END PGP SIGNATURE-
[SECURITY] [DLA 3754-1] fontforge security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3754-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk March 08, 2024https://wiki.debian.org/LTS - - Package: fontforge Version: 1:20170731~dfsg-1+deb10u1 CVE ID : CVE-2020-5395 CVE-2020-5496 CVE-2024-25081 CVE-2024-25082 Debian Bug : 948231 1064967 Multiple vulnerabilities have been fixed in the font editor FontForge. CVE-2020-5395 Use-after-free in SFD_GetFontMetaData() CVE-2020-5496 Buffer overflow in Type2NotDefSplines() CVE-2024-25081 Spline Font command injection via crafted filenames CVE-2024-25082 Spline Font command injection via crafted archives or compressed files For Debian 10 buster, these problems have been fixed in version 1:20170731~dfsg-1+deb10u1. We recommend that you upgrade your fontforge packages. For the detailed security status of fontforge please refer to its security tracker page at: https://security-tracker.debian.org/tracker/fontforge Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmXqScIACgkQiNJCh6LY mLGnbxAAjqsbQsra6fVc4VcatB/sNeM6/Ox7oK79y3TKKasq0/rcyY3eB47Jf+// 8nz3Uz+aM/NNCBXTdtVcJ8gws78dfvwlBacwZ8NcA0ZhSrw4NyW6neWHGpqoKwbh 0s2+PdI257mg47C/72hJj/L/S+QGwk7oS5Y0tsjIV0r/wKowxJX39qkg29AqzaWX CIXdNp/QhkKekAkQhksNPr7om4BqoAxrpjq6NrPATsOhFhFScKUenINgBqoI2nT3 5meC1Ctp3zFVZSNJZxfigDyNCxUKadYGpovpXPZrbUEV5FJrOlU9Y3CsDNAM6ojg tSOIe/ityqxxd20/MklZakRdAGzmOKuGkEgjR0+vm+w64XDblGCkV1UVG9WPnFV+ VcPPUalX0J/2gimT1YmXoNgrJ/5SqXFNks2FcYtH6fUCyx5WIQHZWxevNe2zhmtS lj3u6cuh3FcZkzewJMcx6CykIh4p9yDEiKTmx2V2ZCJ/BwJ5PVJ5hkUPwFdWUlJh Al/zZxvJdbeB4Aab6Ai5DosLBtHxiIYmK4HtcVXm7iJ5u34ZIAtZ35uRPmtwpDLi JxqU12QzPnYtwbBX1WdBhoGCQ/jwLy7N2gIWQlqU5n9rI1R4os+pVQ0/RLp7vlZ8 IzMGfWxKXU3ld/uoAGMQTfZdtJUXz0Xff10V2NK9oEkZqDCnm44= =eNmN -END PGP SIGNATURE-
[SECURITY] [DLA 3753-1] yard security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3753-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk March 06, 2024https://wiki.debian.org/LTS - - Package: yard Version: 0.9.16-1+deb10u1 CVE ID : CVE-2019-1020001 CVE-2024-27285 Debian Bug : 945369 1065118 Two vulnerabilities were fixed in YARD, a documentation tool for the Ruby programming laguage. CVE-2019-1020001 Arbitrary path traversal and file access in yard server CVE-2024-27285 Cross-Site Scripting in generated frames.html For Debian 10 buster, these problems have been fixed in version 0.9.16-1+deb10u1. We recommend that you upgrade your yard packages. For the detailed security status of yard please refer to its security tracker page at: https://security-tracker.debian.org/tracker/yard Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmXo49MACgkQiNJCh6LY mLEyTg/+PNYSVvH+2sniZv0cTA8bCYdKZ4esv21v3LjfoXkV8eQUzsGFxj/wCRfs MG/roq1v+VV9eFrnEZXFZbQUloECK1TgSGL3z7uHBzgVIyKaE2Mcwm4HeoALG+03 9A5ZkRG7OsCpVHL6RB2bGQsHfZYS4n8CEYGIfGXHA2jLEsYwMNMKyMlkVENLH9f3 YMfodhZZVG4sv2CrxFBEUHC5SOhoKYaascYC8BI3gwoQZIHTwLkBA+c8ml3Fh39p i+cppcug1BdacJJUO7Jn0TxXn9gz1u4/6C7LAxKEADiLpMGB9AfDMO4ggSBLWr2U n6A8EnGiXm8OOVR+0XIO18QcgQIZrFS/GBzJtE5bGXAlmtTuBRxlOqliJo7aSCVl BgGVg/CdfpEgjVqemCSPArUPQQ05jxfyaZk2YMIwb24DSMrx+83faezsktIRh0pj zdeM+VejGGVLt+Z+u0Bdj7K4crGIJlVIHxFLDSmxPsIhlxix4xpTna8TyXb77k/X 72/AmXTtXp4lBoGuPQOMYvAYYuxXyowhxs3rnz8KmKxiL/U0el/pJQ64rfe6TGEz nLa3Np6V46OaI6n1Um1QB66IU2rdM0XRO/yLP1RvaEEynlTBFxEyPEc6fVFok5FA eyuARTCam9EnaFD1oHY4HmwYiORO99POnA0WTZzWtTaTYb6Bf00= =CRhG -END PGP SIGNATURE-
[SECURITY] [DLA 3752-1] libuv1 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3752-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk March 05, 2024https://wiki.debian.org/LTS - - Package: libuv1 Version: 1.24.1-1+deb10u2 CVE ID : CVE-2024-24806 Debian Bug : 1063484 Improper Domain Lookup in uv_getaddrinfo() has been fixed in libuv, an asynchronous event notification library. For Debian 10 buster, this problem has been fixed in version 1.24.1-1+deb10u2. We recommend that you upgrade your libuv1 packages. For the detailed security status of libuv1 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/libuv1 Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmXnlLAACgkQiNJCh6LY mLGafRAAiEqTBLP40PAuRrN6nF1NU6XrpH1amKTGMt4kWuMUAsjyC3pn62rAMjJV Ec15GbBoTgJ2Oq7BeO/RAKTCIoPNhRwpfH6egQPyhvU8Q/GlPrukO3JKTMw+54Al IAcZuQW9CiAP9t3ohZ5COpzHT13EcvNvhNJijB000w1B650u/f2J5bJNkZF5xVNU 4ZVCuPacFc8k6WCzY5VpjlTGU4QRaG8yOfEUc6roYI3+860Nek1PoBwKGrxgIwr/ m7WwfB4OS826fxIOjzq7/W4it7pTdKbhQEfj+YjbyTYakpXnxaqC33km+JECV7PS BNK4nZ12FaBrC9x1hhSV85JBAEMQA6BkvaOZjGSjzmeovNqGXyTwzGDvF3Cy7VSP t1+7oihLEddElJ27Aw4p5vsT8NBF1CaEEfHLQZkSFaD/vdLHVRJd/l7N0cz5NC/6 txNKhETv+z+AD3xrF75RcbUOMcrGCGSCwR1OvOvcncQAVUUh2JD5QmoxfxqyUX3E wxBYrodXmyIIUX8jwLpDf4kR84qFfTpAYXQYzyNdE35W1XNlUAFwr0WhhkcJIf+6 yQpzWUIm43Ink9Izbx1k9PuooQWA0DUI7Z9ZZY56fNy9Qg5CiVLKA4BqAfVmQr0K AyERRnMC7fTm2D7r9mas8sGSXDIlszupGUCRxaF50HwHAdS6eDE= =DQHZ -END PGP SIGNATURE-
[SECURITY] [DLA 3746-1] wireshark security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3746-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk February 29, 2024 https://wiki.debian.org/LTS - - Package: wireshark Version: 2.6.20-0+deb10u8 CVE ID : CVE-2023-4511 CVE-2023-4513 CVE-2023-6175 CVE-2024-0208 Multiple vulnerabilities hav been fixed in the network traffic analyzer Wireshark. CVE-2023-4511 BT SDP dissector infinite loop CVE-2023-4513 BT SDP dissector memory leak CVE-2023-6175 NetScreen file parser crash CVE-2024-0208 GVCP dissector crash For Debian 10 buster, these problems have been fixed in version 2.6.20-0+deb10u8. We recommend that you upgrade your wireshark packages. For the detailed security status of wireshark please refer to its security tracker page at: https://security-tracker.debian.org/tracker/wireshark Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmXhGmYACgkQiNJCh6LY mLG0OA/8DAFLm55Zi1CXqeQ6UE17XW8+RF1zqWgLV0RyghH5AK7vOVdGmynQ8rXV UoIc86ONvl5KooQOzUVQRSdY60g0Vd+PYf6KLd/yeiDoYNjuPcRdWWQ8UwC59FMr Ndkt4SBxiZzwOD29p4X6S7resXOVeMUEn4wGEfBzTd6SSwraRZIj1SBJ319wK51r GfWfPvX2bO3FAr50PiGoJHa7NKo/y4xnKAzgsSmottqMAKFFA2rIweR/GnrnyCJQ /7fRb2ExJgWk0IjzZ/m0OrqladGnQv1jjjKUxQD3kQjOYXVnSTzwL6ffBJS9PbeE Pmjmu9tPcMnzM9gGjZZqPszEbtbV2AuImBEbgIZKIgBBSafzqNBrrXbjC8oEa5vp Lsf6++rj+L+X7LivLwJ30UeLnR6hH9OcauxAp3uuWcUELdXVrT3lrKBYAPuB0gbi OhiiqtzCzljQ2rGpcWiwcQtvicuKlUClbPf0k9CYEmFRVLgc1WqdYY8fnctreQLG DuawYlEH7WVVfpstjmHkdBfFdy3PAPw+pI09X2moF6cMXk9//4AtEs1P9Si8wqwH 2HHO6cIXqeIDlC7PmlWgTl1O1fl+sKml5KMd5NR6WERIp1rryB/Rw8Yj4/v+P91q ZqKRplpbI3BQ01mPuK2j5W8vAbNG5k2dK+nfrCyKAfiPYv7/oFc= =tkiZ -END PGP SIGNATURE-
[SECURITY] [DLA 3745-1] gsoap security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3745-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk February 29, 2024 https://wiki.debian.org/LTS - - Package: gsoap Version: 2.8.75-1+deb10u1 CVE ID : CVE-2020-13574 CVE-2020-13575 CVE-2020-13576 CVE-2020-13577 CVE-2020-13578 Debian Bug : 983596 Multiple vulnerabilities have been fixed in the gSOAP toolkit for developing Web services. CVE-2020-13574 WS-Security plugin denial-of-service CVE-2020-13575 WS-Addressing plugin denial-of-service CVE-2020-13576 WS-Addressing plugin code execution CVE-2020-13577 WS-Security plugin denial-of-service CVE-2020-13578 WS-Security plugin denial-of-service For Debian 10 buster, these problems have been fixed in version 2.8.75-1+deb10u1. We recommend that you upgrade your gsoap packages. For the detailed security status of gsoap please refer to its security tracker page at: https://security-tracker.debian.org/tracker/gsoap Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmXhGQEACgkQiNJCh6LY mLHMNhAAkUh9ib9q4bSBG8Z61dPTBx2y6/D8EY9YhpllW7FsTEYdM1LfprUCRg+M mY307xjP036dykdVHjKjwJl3LnlohRGkJmcAUIfwsMgouwUFDHryzHGaxkhgnMmb nh+tKL7JfBQlWMYc6xaQ/DHBlLVnsXHGQnQp1KN28tO/EZReK7YMPkl7G5M//RkG XQVBbg+fiPUpI/y9SQuw+aCKfx3sJF6yzjOWKC2WPEwrMkwTQqsTQkaYhXchio7b H5VjmSraboHub5CKzmLrpS/eljGyRQIYT83eMZ0H/JhWbXPw8BaiAN/ZDAUN+Wri xAejJiXDtnLT5affkj0ruZY/q3P2ScoLzDhcxFKEwu4wgFaLqqxaNS1G8fI/cRkq xT8jpCFYZXu1pBhiM8Q6SgeZs6B0JnNKT7xcYDMKqVITc4td+ZVuZ5Zf/VMo6FqH XvM/rjK3WY4upTzcfxAeY7SPb++pXgvuC491tfegPRiIUROnS/aYcEyeRbm1arRX uDfTxqWb9XS+keZrHyI/L8woRyRkMS/m6H3s25fiWorw6K27OGrYe6ZjCE6KhiDQ 5IEXHtGkO9wmav7TtsDOmJx/tKE5h0PtD2MJJRi+R04qaZiEpXtNSmV/26jSYe1Q 1PjkUZ050zMxpmDip9HAmE1hNGSk3n/E3fncnBPcEnLBvufdFsY= =ho6t -END PGP SIGNATURE-
[SECURITY] [DLA 3692-1] curl security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3692-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk December 19, 2023 https://wiki.debian.org/LTS - - Package: curl Version: 7.64.0-4+deb10u8 CVE ID : CVE-2023-28322 CVE-2023-46218 Debian Bug : 926148 1036239 1057646 Two security issues were found in Curl, an easy-to-use client-side URL transfer library and command line tool. Additionally, the command line tool does now: - - display the Debian revision in "curl --version", and - - does no longer output verbose "Expire in" messsages with "curl -v" CVE-2023-28322 POST-after-PUT confusion. CVE-2023-46218 Cookie mixed case PSL bypass. For Debian 10 buster, these problems have been fixed in version 7.64.0-4+deb10u8. We recommend that you upgrade your curl packages. For the detailed security status of curl please refer to its security tracker page at: https://security-tracker.debian.org/tracker/curl Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmWFnOgACgkQiNJCh6LY mLGLNg//dymkoaezjlABzQ7FL2puQquo/2kJE4VBzMYyLVdBahT6CKN4rR8Bnc0v rkmX1KWAQ6GaBaznr+tg2BjpfBjJEypC+6E5xWBYrOkslFfEHx2V20UzOTLaoe24 Ybh52AFEkCLDim3fZpBFAX1Altd/j+9DIZ4xLnIx5gdrTqsSfhJaTJso/hPQeXzR gyCwJ8mATeEusA2IVWksGUEC59QgZExO+uLdX+UIxVBorDwUYrnJYkLuRpoR0Y1q XfkqtEJDfhRkdSrvYL9N8KIfzgbPTnyLVgmDQK4frQk8ngE1LG9mBS/uegPWMo6a OBRux9kFEHJh9hwlZ8xC96yMOxliC9/AwIHQNJhzsE6szL/x6eq7YBSfqywqobXM HGwzf0wiScC776pR03u7QxKZ3FEv6n0GJoiqzYiaacbJtSBqSQlaOGCHHbzwbljh 7ASYr4/lZ/+dhb4Y3RQeUpB9sfoG60CN2v9uGBoH04L7wHLb+F7v2kg7020wmQ6A wQOL4pMvT9sMzYuCdmVwcqeK5G9pKhfHW4dEBjouK8TP2nAb9uTBK5nqHHdyBn75 s7Jt8bQAoI2399RV6e+d9hOEIPRyhW1SbbPw2Cl06pCNou1JijyDuJozu9bvlB4n maDYfUEFcxiD+tf5TkxC/4O3DU8enPHJS6u41oyeuTiKXCBHvIg= =WAy/ -END PGP SIGNATURE-
[SECURITY] [DLA 3679-1] vlc security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3679-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk November 30, 2023 https://wiki.debian.org/LTS - - Package: vlc Version: 3.0.20-0+deb10u1 CVE ID : CVE-2023-47359 CVE-2023-47360 Two vulnerabilities in the MMS over HTTP protocol have been fixed in the VLC media player, which has also been upgraded to the latest upstream version. CVE-2023-47359 Heap buffer overflow in the MMSH module. CVE-2023-47360 Integer underflow in the MMSH module. For Debian 10 buster, these problems have been fixed in version 3.0.20-0+deb10u1. We recommend that you upgrade your vlc packages. For the detailed security status of vlc please refer to its security tracker page at: https://security-tracker.debian.org/tracker/vlc Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmVpIQ4ACgkQiNJCh6LY mLGHLg/9GBSxTXHx2fj1c5Nqa9pFsMwLVgEt1YBUnsbHHlQFvbJT+MnjswrBZR/2 PjsiCCqqN0Yf0803h8Bf2JGxZRq/e+yBn0wfWke1mIl8Gb2o/IGmAW5xsUq1klZA 0n8/8Rdyych4XqiGIrdnhaxDwRH7ASFuRArFPXggtQEBFRxn5NMdRlxlq8Ks+Oy5 CSAfybAbF8Pyr7B08wr5KyI71BC+3UZZoMMqvuGqqNQvwX9aZX9MkBCJHz8WgwC3 CDHzXhhCjDYqvEOC8aaJRe4sI9TJ+yv6Tz1HFVqlbig9fzlb+kiY1hOSR0yVSQf2 dJyIRCmRDdh5VYDwhSEGh12LuF5TXSJ168chOabrp0TWp0s4rlq4AQhfRwSTMv5O MGCaMuNpjQhg8sxJ5HYnklbGe39+x/Es4kFSkcMzf1V86OpiEIdXdj8NFRvEf1tk h+b1UrIX9nWhuI02IHSx8J56Oa/8qZLjgDDnSds4/IMmJNYX35RNYxaY3melN8AD UNuSk9YI1arrfFqmB7fNQpwzG26usrUibDcf5lgxQiZoBgF/dzHAxjdjYbLQd6vq 681S5+BXeTXfqge5SqFlWrxVXSOjofmE5yWLVBbKKlwasNDfqYkxJZCsAMSmwQKq 4tfFPcbhV8x29lCDJbK9WMYI2P80tpWG853w+X0nf9Q5G+c+NkE= =aEDz -END PGP SIGNATURE-
[SECURITY] [DLA 3677-1] gimp-dds security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3677-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk November 30, 2023 https://wiki.debian.org/LTS - - Package: gimp-dds Version: 3.0.1-1+deb10u1 CVE ID : CVE-2023-1 File parsing heap buffer overflow was fixed in gimp-dds, a DDS (DirectDraw Surface) plugin for GIMP. For Debian 10 buster, this problem has been fixed in version 3.0.1-1+deb10u1. We recommend that you upgrade your gimp-dds packages. For the detailed security status of gimp-dds please refer to its security tracker page at: https://security-tracker.debian.org/tracker/gimp-dds Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmVow0gACgkQiNJCh6LY mLEOJBAAvqpSjn6g4ulfjlIA4sePAHiJVmCK/wmVNV0O/2toAATaD1z0toOAGKVL X5zejwN6GPrc+u2n3SGuadaQNf7/82GJQwMoQ3znIglFq9JYSrXQoSlC4L9cn5ta tghVqU2ghcDUmmNHxsqmDqmD3llAUnQsi+R99Y+4utczez3QuTKqPyutZ3ORaXZ0 4b2odzUX+Sk8vNC/3WAl2Nky10SjgH+v9EAJ6vw8ZzthU024S9Oz5FRd1pn5kSzq jxTHjSGMii56lKl9DMjMImX6yt+/eAJFSn94BCSrNcTwXHBw9ryg+ZyyCPno4YU2 xXgQQT3bxdlHPNalRLYKtKzO9voPehFJ+YwcREzDcD1gB0A/sKa4MhPQGjfeEPHH MJaraHZH1ZdCMGvgNF/2rA6zG9K/Fj2o0qilE5rcab/Mdsfvmqko+ExQNkrZbifc IqB2Ij4/Iwec7oAXIBof83RRpE6X6aqeYIyl5iLRWt0K19KewKlsDfTKy1Mev563 Lk1rL8dTA1Od6w9SeEn+sSVw4uPeHpFB1cGQsHG9oleERM73g5dJPPtrerS/jJy0 STPiY+QvK+S9lmXvnoqjtwJalhsWm57iCdYibA55gx77TCH6wh5oOc8EILaK+uBa xQ2YluoHZeg8EMrAG3wbskIZ4KXQN9OPUwBc4f0fRMrK7Nr9woA= =S3D+ -END PGP SIGNATURE-
[SECURITY] [DLA 3659-1] gimp security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3659-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk November 21, 2023 https://wiki.debian.org/LTS - - Package: gimp Version: 2.10.8-2+deb10u1 CVE ID : CVE-2022-30067 CVE-2023-2 CVE-2023-4 Debian Bug : 1055984 Multiple vulnerabilities were fixed in GIMP, the GNU Image Manipulation Program. CVE-2022-30067 Out-of-memory with crafted XCF file. CVE-2023-2 PSD file parsing buffer overflow. CVE-2023-4 PSP file parsing buffer overflow. For Debian 10 buster, these problems have been fixed in version 2.10.8-2+deb10u1. We recommend that you upgrade your gimp packages. For the detailed security status of gimp please refer to its security tracker page at: https://security-tracker.debian.org/tracker/gimp Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmVcy2IACgkQiNJCh6LY mLHQ8A//W7sJPAeccuOZV7eB7TDmg+fFHX0qjD/VafZHYwu/0PTHR9DMSbvrX/ca HObdHU6uRz9QWYKqPGQfroSuNsrO2qQ1pVqRPAcEK2ISBeVvhad9UHx35sx9hpjQ QaLk4bLjV0BmeVCYL0mm62YbonMY+toBQMcSpP0z3+JpDIt3y6mfFH6WH6tjDrqU 0FpoNCc/GswYzQm4qvH6cZYE65vbfMesDkQXHEVIrt/QioVoGPSZMI3pmNoefL4G W8/sgrPMTNcK69qT73IvLoAItfPd5scYQ6sIn0JRnfcJqODa3FWhJuvTs4GKVhwZ yjmTBabVUJzDZAOJvtEEe8xtsk9Ew8vnDA57YfRSHBWl+9i8FPwD+UD36ntl+C1m LWNJzkyfLe2Kwz6rnLr+ktNDvdeFRyj6nJIfBc0XgbEOsoCRvTcuhMoyWJXwmYCK FLDjQhkApQxidsiWNxzL4Sun/K8Nsasd8IrPCnXXAcjR1YEF2II1yzcTyvZ9+ZFR UM34q2uj9/eOR9jMwsMUF8yk6NOx5n3FXXPFTAGLbIGvHMsjU8QH3iAjy1dlFLrL F/FcUWfz7Hf7nJ0VhWq1M2f0W9WLZs3o2xqdXb3ZaKYOVO7FfDQYTb0/euw9+Rbo o5Hy+Nugy0RV1uwMgWnyumWRncUPiuJQAS8rfsdrxGcr3/4Bvpg= =iWr4 -END PGP SIGNATURE-
[SECURITY] [DLA 3645-1] trafficserver security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3645-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk November 05, 2023 https://wiki.debian.org/LTS - - Package: trafficserver Version: 8.1.7-0+deb10u3 CVE ID : CVE-2023-41752 CVE-2023-44487 Debian Bug : 1054427 Two vulnerabilities were fixed in Apache Traffic Server, a reverse and forward proxy server. CVE-2023-41752 s3_auth plugin exposes AWSAccessKeyId CVE-2023-44487 HTTP/2 Rapid Reset denial of service For Debian 10 buster, these problems have been fixed in version 8.1.7-0+deb10u3. We recommend that you upgrade your trafficserver packages. For the detailed security status of trafficserver please refer to its security tracker page at: https://security-tracker.debian.org/tracker/trafficserver Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmVIDjkACgkQiNJCh6LY mLEKohAAtx3YoqeYkdky8CbG4ugl6ToAqEF9EuoKa7IgCIKZL2qUZKrg+DYcweNS yiRN1nV57xXUH1qHLQC9HUrWJSyOrZZsNToSDS67PZ7kyAoYBmc8REK0x8HhKTTW 3e93vVZd30N2F03WvLEpUHE612FkDjeQDivcxZosV0ku4ssnAWM14nEPoHJlT45G V4gptaAGPgrpj6cBDpS2Rdgc6xwt383PXav8saUoaFnG+NZI4CYmy8tvHu14X6fD R64thdudmrYk2mKnT6SBFrDAoseBDJs6L8YxBu0CCFGF5lOiYKmkZUBNxxeY+uW7 smjds4URS5A1jG4+NBH+U0ZcKGUP880sLWBHBdeyAFFXwn7InhzJEjkPi37d2Yge bOOFHj+kD6gbMm+SgRg6QZvdiZIxmavFnQPUPGKi9y3xufelQ6gdCV8kXRt/wR4b ZnaPK2HNrzcNKquLlznn81G3ESbuHZXCmpPDZ0mha10nPe7xDTw60dHUe0Azg1if J5gAW0Q7QKocuk2kGFRiH6gszMx8CKVIzA2aJfide+a08M0+nXEyHYSp9o/kP9FQ EGDIwC5TtM+qnlzRDjoNjN1sa2sMMXgOpC47gvXW4LA23ps3mFMS30Te7VIdnRK/ vA4SbzWBl2R/OXuBNZv28ENL1uGwVCtaN6wqKaBKt9HusqRxUUA= =pSKR -END PGP SIGNATURE-
[SECURITY] [DLA 3626-1] krb5 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3626-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk October 22, 2023 https://wiki.debian.org/LTS - - Package: krb5 Version: 1.17-3+deb10u6 CVE ID : CVE-2023-36054 Debian Bug : 1043431 Potential freeing of an uninitialized pointer in kadm_rpc_xdr.c was fixed in krb5, the MIT implementation of the Kerberos network authentication protocol. For Debian 10 buster, this problem has been fixed in version 1.17-3+deb10u6. We recommend that you upgrade your krb5 packages. For the detailed security status of krb5 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/krb5 Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmU1iw4ACgkQiNJCh6LY mLGWpg//edsxfJgl+SQnNIY1p1jr05MJBQ/y0YQ9Gh44AM6BvkwOdrZK5haCx83z VzYyJ3f95rY3fkdoC6E0uh5Q68mVfLpN7+gMiYRQ9QOj59hFrxr6d/b13AnnE5GG +YvP1lWXianKKxg0AI6mLbRBKYsrPXv+UyIT49fRycJX+Ia9VJc4xAzT5nQQ5jUe T1FpypluuIBoHAl+dHB1HHEaeBkUmgPtK+Lx3ZcDUgXqlxhcAGYRDTya38lbkT6p pa2C18t23GNwaGi6HzfFn7Fk5o+Uf/q7hkS0msW17yKN5/vA00QcV5uIL7auDrHL JHdmnCmFCAtgK6pop4U3UXWY12ybaj0kgO+ELTPpo7+LQ1sdDQcpZwfpWiDRhWYM htxaUROjjkfLW2JVt/Nj7dfHCyiZCIRsMvhUpI0O/cRW7Rp9Ar9oKw6RGfwELloj G6XDIhY/E6jUwJEkVVDDWtHy0BtgUBhYSOgpjnMy7ududVEJHJc/5JT0XHZHPyvb A3W3fzVvpXEKZULbnbbVrLAUC9v37w27Ywx0B8Po5FpYnyLCzA81Ol+Ci1rq6o0l Qm/Ljh0kMrdUZ0Nrz6uLc6pf4pT942aQba/tMHkjZ473nokiC/E8qevhQOaf0jxM Wv6sd9vg+/WhD8u2VsTMt3ZfzFp7nERkXBiHuOPdf1NaRABP0l4= =ufsH -END PGP SIGNATURE-
[SECURITY] [DLA 3620-1] poppler security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3620-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk October 16, 2023 https://wiki.debian.org/LTS - - Package: poppler Version: 0.71.0-5+deb10u3 CVE ID : CVE-2020-23804 CVE-2022-37050 CVE-2022-37051 Several vulnerabilities have been fixed in poppler, a PDF rendering library. CVE-2020-23804 Stack overflow in XRef::readXRefTable() CVE-2022-37050 Crash in PDFDoc::savePageAs() CVE-2022-37051 Crash in the pdfunite tool For Debian 10 buster, these problems have been fixed in version 0.71.0-5+deb10u3. We recommend that you upgrade your poppler packages. For the detailed security status of poppler please refer to its security tracker page at: https://security-tracker.debian.org/tracker/poppler Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmUtIVUACgkQiNJCh6LY mLFCbg/9EeMkqDSl+BeHiGlhEdIoJzs2HTah8PhXqbsEzzJnyig+JlEn3d4oe404 y+nrhA2LhrkJFFdElAtWynNL0xk3DWbKZ5FNL9CrdQvJhRshKNumlupAqk4xbvpn pt2ukISdCrdtEIRKRtyceXmGCYEJsUjvNMkiQ+8MzdwhOO0dgKjO4hmSbEwlMAPy 4L7sZA3lxS8OHBJh0fymTG2Oo2rV7fZoy0Kw/JuJglE7mn/4acYYJUHS9BDr3T44 EHy6STxY9lva4dtsx1svDQjhIf4L2pDtP99kyEPzNOEJPQnaT6QJbuYPGSEVeE8D tbUiRNG35efjccYZLnULKmxSFYT2XzBaazFNCUQhzZeeuZH9BwDn4nALSARaXwuO 2jO7yI13E6fye8L4StphnVJYSZbMg8O56ZDMBuozQG9uHica2YoldA3Rvnz10w8k bdXY/4c9SF7D1KdMHy45CcWEdLHDrOoZF7OcZ9fcwzhRsPCRz4xhjmmIaMycoCCH 4WuzLPXnG8WwbkYDpuHAMW+hixzvWNJIdarkgpzhhxoL8KZBFhUsOaUq9K3tcO7d AZGzWEtfhlFNh1fFtRb0UFkrdF5ooWJ7GRCZbAHaE6Tvl1YhxeGU+B7S8EX79GIO YNtIPSRMhSg35+hVMy1YNGIId8ma4CauOs3rCGfeDacq2iSjg3Y= =m81V -END PGP SIGNATURE-
[SECURITY] [DLA 3595-1] trafficserver security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3595-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk September 30, 2023https://wiki.debian.org/LTS - - Package: trafficserver Version: 8.1.7-0+deb10u2 CVE ID : CVE-2022-47185 CVE-2023-33934 Debian Bug : 1043430 Several cases of improper input validation were fixed in Apache Traffic Server, a reverse and forward proxy server. For Debian 10 buster, these problems have been fixed in version 8.1.7-0+deb10u2. We recommend that you upgrade your trafficserver packages. For the detailed security status of trafficserver please refer to its security tracker page at: https://security-tracker.debian.org/tracker/trafficserver Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmUYaBMACgkQiNJCh6LY mLHAIA//UN20KxnJ9FEB1WIeCCkt1fFmijDsY+4pK0KMhwMfOArKt3Ji29tuYODL KiO0JKmbeZN02ihyBGPLNqo/cf4+Y+gkcE2znM4CSsYOJOnWl3P7Y8N1mUpnfTC1 n7lGvEWxcfVDhe6TKRzeKI3LiMj6+tMgjEMTUFZDw0x9HPCrHTK6Hc0D+rFM1WHX ApvDDqx7cSEf22nvWYuLNrs0rC+bsmwf5UvPi6PbSmAhR/8p9fA7zqYDJ7CSBKfx lUsKa1VErF2/0mq8UovSb5q7K1nOnUIcCDZ97lBsnbLJnLvGOqC/e+jl6z2uHB9j bv4+2pdW3vLpun7cNA0WXYOOsmajj8HOO1WUHb2JL8+30czoGc1rGD4Wx0sLjL5p e9rJS3p0p7gQF3ssEq0maIE0g/evm3NQuR+9xbs0JwF1dAjDtkIJvsxspioGqAnm zB8v57s4HARSzDI20jejYYTLmOpWvtCjLlTAwYDql1uL5QG58fyt5LyNzc3PXikk FuaawI9JKPb6sJYFypMMMv/e8jkEy5PI56vzQY7ebbhIvoHA77gAFTalRl9DUSdm heA7+uegO4VWN9uLdOwRpTLKk0hfL5Ussq7C/KUmqn77ES6nG/8gwGSbJgbAO/vc 444vmN5HYW2mG8ZldEoLFvpVH3KGYXAEnrG07bMLig9ws3cUZiQ= =p+mB -END PGP SIGNATURE-
[SECURITY] [DLA 3593-1] gerbv security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3593-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk September 30, 2023https://wiki.debian.org/LTS - - Package: gerbv Version: 2.7.0-1+deb10u3 CVE ID : CVE-2021-40393 CVE-2021-40394 CVE-2023-4508 Debian Bug : 1050560 Several vulnerabilities were fixed in gerbv, a viewer for the Gerber format for printed circuit board (PCB) design. CVE-2021-40393 RS-274X format aperture macro variables out-of-bounds write CVE-2021-40394 RS-274X aperture macro outline primitive integer overflow CVE-2023-4508 Out-of-bounds memory access when referencing external files For Debian 10 buster, these problems have been fixed in version 2.7.0-1+deb10u3. We recommend that you upgrade your gerbv packages. For the detailed security status of gerbv please refer to its security tracker page at: https://security-tracker.debian.org/tracker/gerbv Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmUYLdkACgkQiNJCh6LY mLEQTw/+OU03D+zLa18vxE9nniphfE9ZU9vKBuS6OykOwF13U4gN8TQJr7uDUe9U zL57Tb6KsnVWDR0cCCaHiAMlIWYK4zAbTeJfTaZ6w7UzVwj6R0bmuG/jfpCB5Q0o 0BiRukZSo5RVZXuStHZoo7b7kfhzkVcN8muBiQssWEIL2KGKMd7gwcULTWRkiWUS ztov1wJIuvgd6o75zARUyE2fepykIqluocG+Nvri0rPjO/xdOqLjfJscYJzLKQvJ 7tuM04V39FRGUplL5GOiM3cN5UVfaYQjm7pPYYIZPG2jZJsbVu9eF4sPpbt/5AhB +95XWNi91M+ZBDuLB1g4qLuoD4CQyVICjdXRSErEH6SyktBuoqkIAJ+GMjcVN4eP Gy7nSZ/d5VIf8Um4G+fSBgzUlRrWaS2Mkq88Y7SlFwsBn6C7xJp63Qab0jrGylxy 68Blcl0UtBVZb5SBzQXmVilX0q+cjqoeyP5TcWku0+jlls6s4k7LiBCRkR9V/3ub 4LTwZCZvGdhmtOQGUcYz4nbRa29w6gw684n5QJLiEmqTxy5HLNTuSQmHIwm82cQs okgOWptJ2RipJDMXJrJljIBzardT2BDR2CUrqUA4ZcrPj8OiSAzUHz/UhOfyo7oi 9fCjMK3F9jleiomNXYkUYDCCE4WH4TF1KwGd+LQBROpO2jZpXME= =ioTb -END PGP SIGNATURE-
[SECURITY] [DLA 3552-1] gst-plugins-ugly1.0 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3552-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk August 31, 2023 https://wiki.debian.org/LTS - - Package: gst-plugins-ugly1.0 Version: 1.14.4-1+deb10u2 Debian Bug : 1043501 Demuxer vulnerabilities have been fixed in the RealMedia demuxers for the GStreamer media framework. For Debian 10 buster, this problem has been fixed in version 1.14.4-1+deb10u2. We recommend that you upgrade your gst-plugins-ugly1.0 packages. For the detailed security status of gst-plugins-ugly1.0 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/gst-plugins-ugly1.0 Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmTxC7EACgkQiNJCh6LY mLHG3hAAza80y6Q9Lbl4j9OUoOJnY3+cRQ9egM/c/2PIO+qY5IAuqO0gcOfhqZiU VYV2vyRDlm15CKJndyobVlRa7NHpZgMPcLQKbML942uz1+RvoHtwNZFyg5+9JYiI o8CE3qVe6bHEHb75zqBhABbiy2dm5KgiStrB4tibi7eNbBpmT0CAkV8px2Qkzefu wIYrxCT8Xt/LRHXL+fQ5/tkfxCsaTB9SZXu1jp4oPAeYVXhEsfR4GptRVBfN/6Ho 9ex4R3AMdsEI5WCGSXJ4oFEp18z6tHlZ9kJrWQJCST4vbXaQ3KZelmkN6LKVBLJv z6yt8FL0TtMKl6oN0QYWznJnYP8kmRQui59pANvFsgdf7EBMAWgf8f7fJxnOn+b3 NpiSSnzYsM18OPsNK9EZ2K4JLepIGNIgaDQgx/SUbSv9Q4IxTmPQ7p5LbYS7bnDX x9lGse741m3T7HQ56E5BKpJ7uN16Xor3LBbBAQKVP6InpKEqAVRR/88EfO6ydF3J W3RYDgVNReE7zKqB7N4vTGCeC1HjeH/10QPKN3RKTWQfDwn68Kr7vpqvLaf8Zi0M wbU+tp0wQWQL4VgCF6gY83e0z+4dqVxGsZ/eM9dXVsLBs4PP3+8vbjRRunl9P11f deIANaMYM+gVTpQIxGDIZ8p7qbg6rSi9HwbZtVlPrYSm5PGFebs= =n25n -END PGP SIGNATURE-
[SECURITY] [DLA 3528-1] poppler security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3528-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk August 14, 2023 https://wiki.debian.org/LTS - - Package: poppler Version: 0.71.0-5+deb10u2 CVE ID : CVE-2020-36023 CVE-2020-36024 Two vulnerabilities have been fixed in poppler, a PDF rendering library. CVE-2020-36023 Infinite loop in FoFiType1C::cvtGlyph() CVE-2020-36024 NULL dereference in FoFiType1C::convertToType1() For Debian 10 buster, these problems have been fixed in version 0.71.0-5+deb10u2. We recommend that you upgrade your poppler packages. For the detailed security status of poppler please refer to its security tracker page at: https://security-tracker.debian.org/tracker/poppler Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmTaIEIACgkQiNJCh6LY mLGoyA//a8PphFLZov5tqkW/iEW5HOWahoXKfxJts3nV7WcbyeRHG9YoqGVJftuN 1G4bLMIaL4IkD9LumOlzt08a9ABi93gozlpIdmcbTPc+j4RBYifEMcIHbtu1+ZEk isgeIgNepMeD6+2WtGvcD5U94KolmFeLzxgMnYEn++8WME4FRbnReA0rnM/oc4Wh h5zNI3EVv/A2Zdlf+N3Q8BBCzV/heDiAfHZkPszdOC0q0H7qwyqAPmDNj9R51WoU tVO1I1C9mz6uDUIF9FMdaof8e3H5BqhDZ7Vp6sv1bDyxOgD35cX+C+uE5S6httQT espwdel2I3Yx50XhDII0luljZh4oarMAOWwhKVWDICfa1E20dBrdvTQ/6/OSKqWW j8sjXIv3VK9RYMF7cUi2kOWZktmGqDJ2MIjepNyDKgoCNyhvpHhdKicCdx5YQLVe NkZ0e1vKwos/r8Z0I31qtXA2Vdc/jy9WfZFIMwiQjXtVQ1uiA7KE4qNw25pnOW43 q/b/8JIsIM70sMlkeQRvMLDVRqdvGWy63Ll1dE28q64F1PB9jTovoZyBJRVMSphH uOkOpfY2Z2TnkWyAY8NJDPRC90n9Z0gcsUhSLIEtS/tAMQJo6kzCslIGiLD0yKvn mE8D6F/ZUTRCrT2Bl72+eXmxlYoLgQr3zT1ZvUSZkF4qW1xFhjA= =Etbr -END PGP SIGNATURE-
[SECURITY] [DLA 3519-1] ghostscript security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3519-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk August 07, 2023 https://wiki.debian.org/LTS - - Package: ghostscript Version: 9.27~dfsg-2+deb10u8 CVE ID : CVE-2023-38559 Debian Bug : 1043033 A buffer overflow in devn_pcx_write_rle() has been fixed in Ghostsciprt, an interpreter for the PostScript language and PDF files. For Debian 10 buster, this problem has been fixed in version 9.27~dfsg-2+deb10u8. We recommend that you upgrade your ghostscript packages. For the detailed security status of ghostscript please refer to its security tracker page at: https://security-tracker.debian.org/tracker/ghostscript Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmTQ+k4ACgkQiNJCh6LY mLHlERAAkaqbJpuy0NwqH2wgGu36XLgI7rLmKonC0MaSIFp9GmrQ2kGKnpbOPKeT EBCUyYUmMt56VGCXgE8ajvCVzJpyzVIVjATiYRj5lNK/stNw5Af3dNFAmnjah8Kx 58i7Hrk8tjhdGMxS4il1e1nFpIUTvKSqZ3PaNXP0Ue/r8NeN67VGddG+9xX/YLt+ /cVksGOhQhyBQ+SqwXMDuQSgL+lhq7Ys9uc/eZRhk5QVY3nErodVS2cOG6go4vPj Wg1eeu4rCyWCZfIkS/EDTcROLKvEIGktZ2QXnqbsmXGTRbKI80Uvil4CBLaQfFJK 40mWs/YB/7fdFtWlUf8I6YfH5fGv3PBIt1hAn7VobjuqSlFIxN2xhjFtrkY2lAFg NnCxXTtTbnKRjZqcVHZy7rlm/WkTEz7LONgOHrky5VYG/Mbwk1i/fA7SB7IaiQKi gIZWdHGeMEq+yGf/Hjv8/KVc1PbLCzgeKeeJMsg8G9qJr+8XpSabxUBx0GCg2lke 5iy2MFlGHezGpVbE0cfi7wDozcgkS9e8C2W7babnD5H4cMife4QD6GYQFZ69K5GE 2doNA/FM+cr1dGZuQYdklngOKVh+VuYtB4umqjvmZ/wXoYe0HhNpEjcozrIeZqX7 7kJ3iMRwoxwUsETVM0fG4wpPPCS8JnaOVkjm6mINLsfaU1GLwVI= =LtjG -END PGP SIGNATURE-
[SECURITY] [DLA 3517-1] pdfcrack security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3517-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk August 06, 2023 https://wiki.debian.org/LTS - - Package: pdfcrack Version: 0.16-3+deb10u1 CVE ID : CVE-2020-22336 A stack overflow in the MD5 function has been fixed in pdfcrack, a tool for recovering passwords and content from PDF files. For Debian 10 buster, this problem has been fixed in version 0.16-3+deb10u1. We recommend that you upgrade your pdfcrack packages. For the detailed security status of pdfcrack please refer to its security tracker page at: https://security-tracker.debian.org/tracker/pdfcrack Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmTPifQACgkQiNJCh6LY mLHyfw/8D099jKTHK8Xy1DzYlbxbRg/lklNG20W2x2OylicTkMqjwDda1h5w51Gv j+nP0Pgl+/AEP2DNo3blnA+14M2uAmjvy02wfT75nwTF+TvKBTx3iuWC2jFYk2RD aLeJlHWR8FpDjbpldAFpbxAEiJZDvg2BZYEQILp3ihTSwqcYgNzAWqUPgvwlQClc iGAivW9tsb5h6VUAkIuDUtASyozRRwinsVlyNXxcZGEK1keR2QBGzfb8WgHNsDgN H/CBfMrA9mvRulmUUy1T+PuUfegSusSd8nyX1e4lCnroP1wPYGNgJ3Mw8wtPUN+U NdIEQsurw0efGxyZWrj6wHaBwaAs16WV+qVhgLchN9tM31JSvOJB+a0Gh+3uqLeZ RY6HjSSRVtSlu1vsj5SCj2ifHaQJknb+45mIkr5jwZlcOMHSVwMLp5kYTdE/uadY UW5BnnFYJiE2pEoER6I2UFB3ljQQQZxMg4ExmU5GPZSupvDNj9L+m0Wzw8Tdhj1a 6ld2hWTCLOA0BvFJksOs21UhFhVA8xFXtKkX5UUGuATPzTg0Pgi0kwjKNFb5QRV5 v1AOPH3fsoyvxGmvhFvM7+t1g0J0+F9AjVYzTDP/ry5w7rbmTr6bFli2Il2sdR2b J50dELJsFKWIDxJEVnLBSH0pzT+g5tjAitsicSolFeMM9qmQPc8= =fPYG -END PGP SIGNATURE-
[SECURITY] [DLA 3513-1] tiff security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3513-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk July 31, 2023 https://wiki.debian.org/LTS - - Package: tiff Version: 4.1.0+git191117-2~deb10u8 CVE ID : CVE-2023-2908 CVE-2023-3316 CVE-2023-3618 CVE-2023-25433 CVE-2023-26965 CVE-2023-26966 CVE-2023-38288 CVE-2023-38289 Debian Bug : 1040945 Multiple vulnerabilities were found in tiff, a library and tools providing support for the Tag Image File Format (TIFF). CVE-2023-2908 NULL pointer dereference in tif_dir.c CVE-2023-3316 NULL pointer dereference in TIFFClose() CVE-2023-3618 Buffer overflow in tiffcrop CVE-2023-25433 Buffer overflow in tiffcrop CVE-2023-26965 Use after free in tiffcrop CVE-2023-26966 Buffer overflow in uv_encode() CVE-2023-38288 Integer overflow in tiffcp CVE-2023-38289 Integer overflow in raw2tiff For Debian 10 buster, these problems have been fixed in version 4.1.0+git191117-2~deb10u8. We recommend that you upgrade your tiff packages. For the detailed security status of tiff please refer to its security tracker page at: https://security-tracker.debian.org/tracker/tiff Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmTISiQACgkQiNJCh6LY mLE4oxAAsLoU6HtnZqYIurv0h/+D1aJ1AkSSlp9pfLvJiuPl5nWa5h5E+jYEGkK1 O39SOJNVXoDqixLv4LfCqhyGWffY8NZB+d9fidV5lHml7PwOjsLECAN2to4WJW7m tsCzG0STEwGn9W1kS12zGBKJt8La+h8V4T4ZrCZIW41RzkOhmUhFYIpKCrB1Z0qs Z2wGLR2zBnMBr9RiwGVEHKiogZgOYr0VS0g0pZasDFGR++ra/JZfjotzIxmWTt4v Nkued+JWymGMmieiM93SHPA6BRbWI3fU0bQ4mKXuJppMBy0wDL3DXdu9HG+NlU9T U9WVWLoY5xqUGBaYaMirDcVslPTjYAuTyCiUtHIlkv8EV+6Eafl1CBZnzNPdyGId wuMxCHPQjAScUue3WpYX8hd2xSpgC1M0q+CLUde1sav7v9idOJFNe4jZ656cMcKY 6NS5ZxIwHEj8GnbN15qvkpuvIfsrOfXQhkNr9TLE4iOs2V4bSBWumGK7FsML7uMR HfHtZk1CYojq59yQFNIbV58oqLghsmDuJBgQOEOTnS9Kau0Bbjum5+I/LSlmdweF Qjpv1ARfc5SMoDYSA6/Yl0Zwx0j58hWopK2wDyzY6HQduTCNk4XkRWHROCEaSmiC G2wKf9KsM6lgruHhHNB1r817J5bwNZ42X6ClGvP5Je+WHBJffyY= =GGoQ -END PGP SIGNATURE-
[SECURITY] [DLA 3497-1] pypdf2 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3497-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk July 14, 2023 https://wiki.debian.org/LTS - - Package: pypdf2 Version: 1.26.0-2+deb10u2 CVE ID : CVE-2023-36810 Quadratic runtime with malformed PDFs missing xref marker has been fixed in PyPDF2, a pure Python PDF library. For Debian 10 buster, this problem has been fixed in version 1.26.0-2+deb10u2. We recommend that you upgrade your pypdf2 packages. For the detailed security status of pypdf2 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/pypdf2 Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmSxthkACgkQiNJCh6LY mLFjvRAApnyrNsqRi2+tFb1HJgqgMj8nmFk+HFleyWTZjP/z6iR1h917B/vQnHz1 byT+IYMknVhXKduf+mOiYItWE5tNGpXMwZtgX3yXnnvYLNcKR/SuN900vWx3OSf/ fIbe2hLJtHuo9CEopv6GxFo4k2aZFD5dqRxXPeyq1BGHL0/T6b6PiZ6bLGIkATiq ZWcWOMWZuaMX/t1wrJs0EC5LlgbowKs2acvxUsjcKYqX+SyDxHgdSgRvmnCfHlIu dnW1HtqxozRjgx7uMtCvh6yYsVHr3rozSrS4hODiYmxSJnoe5uSILL7bFni3wWYK YE13xtlZrVemqEZ1PHojZ3oZ4KSSW2jaBkc06ybI1C6LGoJwmYiJuC6RqaceVtaQ ZyHWm4d6T8OozEIL48pmHsM+05/DQOcaaTEnJlLQH8d+xELYdd75ZYSJUkDIUPbc zt/Q9S+dkkDDscqp8o+OgvjAmIeGrIMvIsKB2UDjq43LLUM28zk3fnY0OsoFlUxY jHCn1JTz4Y1HojgmTbQ2UN2UDZITWTrwJG1m+JhP/Z4YEwT2JQSXQAIQs6zUik5i QfORKXZ7UyB08FMXQ6yndtyRbbqogjVuZC9ctzm+RzxImE7/vDpkQOne3PPk8oaM uF13GQBRyRrMj9pIQszHo4JQwkNWWDQoM96wuuVYIlf659G7eZk= =sBpG -END PGP SIGNATURE-
[SECURITY] [DLA 3477-1] python3.7 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3477-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk June 30, 2023 https://wiki.debian.org/LTS - - Package: python3.7 Version: 3.7.3-2+deb10u5 CVE ID : CVE-2015-20107 CVE-2020-10735 CVE-2021-3426 CVE-2021-3733 CVE-2021-3737 CVE-2021-4189 CVE-2022-45061 Several vulnerabilities were fixed in the Python3 interpreter. CVE-2015-20107 The mailcap module did not add escape characters into commands discovered in the system mailcap file. CVE-2020-10735 Prevent DoS with very large int. CVE-2021-3426 Remove the pydoc getfile feature which could be abused to read arbitrary files on the disk. CVE-2021-3733 Regular Expression Denial of Service in urllib's AbstractBasicAuthHandler class. CVE-2021-3737 Infinite loop in the HTTP client code. CVE-2021-4189 Make ftplib not trust the PASV response. CVE-2022-45061 Quadratic time in the IDNA decoder. For Debian 10 buster, these problems have been fixed in version 3.7.3-2+deb10u5. We recommend that you upgrade your python3.7 packages. For the detailed security status of python3.7 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/python3.7 Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmSfQHAACgkQiNJCh6LY mLFENA/9GmRVfnKG5p47RlAX2dibE+2fBguKS9U9CnvRcal/2UdxZ+viFNQfzAlH mHpNcd3btQujxjeXba5BFiIJlVCL4osKItRuMRyfipj08W2+GQBoy/lNYbROAJ9r HziNN0ixV9HKymcKwIpiFp7pE2wM+xMjhlITIFiojZ5VAGDncXWL40tHcjJ3hEqY p3wDLflPqncp/Te83BooXGgkDVh1xycacrpvSRRdqgLC2cahODLy5t8WiU7jdQsI 84TPOMFvAqyH9JWGBMt+scejm912tuCkNP+BYr7jn/5wU+M+Bb2VZqlI1c9f723o D9idXWgka0ArMaIQI3sog1PehXL/01ZUD2vFWFYIccXeCuTT3tgM/JROYGvK3Ftn gEJiaZfr2J5Z0F8S8mcy59E9vNmIkIqD4QIjOk7/B2Wnn/WcoNs70GjybDLURD5a JwxQrDY5kf9WgeuiTWVhwRVtfy54eXHPKWMJ5bDbT2DztxQZ2jPDeZW204SP1M+9 5uokvXfEfYyEtr6s77xfJVf2zhKLkVflokgeOjDJh3hhz/ypRXVJ9GVaYNkPnvwj nU23kvCVCBGcGYt72dvcH1Xx5UEpAqw/IEwq1C2CRSxaz7B/SrmppeDEkE8E6ZL4 g3lmJWtuPS7iMCOucA2szaYDVuOuWxIozCaTHT4vn42LKuVWQ6k= =we+R -END PGP SIGNATURE-
[SECURITY] [DLA 3475-1] trafficserver security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3475-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk June 30, 2023 https://wiki.debian.org/LTS - - Package: trafficserver Version: 8.1.7-0+deb10u1 CVE ID : CVE-2022-47184 CVE-2023-30631 CVE-2023-33933 Debian Bug : 1038248 Several vulnerabilities were discovered in Apache Traffic Server, a reverse and forward proxy server. CVE-2022-47184 The TRACE method can be used to disclose network information. CVE-2023-30631 Configuration option to block the PUSH method in ATS didn't work.< CVE-2023-33933 s3_auth plugin problem with hash calculation. For Debian 10 buster, these problems have been fixed in version 8.1.7-0+deb10u1. We recommend that you upgrade your trafficserver packages. For the detailed security status of trafficserver please refer to its security tracker page at: https://security-tracker.debian.org/tracker/trafficserver Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmSeEncACgkQiNJCh6LY mLEplg/7BHuPeRC3Bd32PVvFLE9saV4LJpXVUBNH9RYT6cHbByzFMkrxZ8xAbZQD X7aKZAMQ6/v00fKl9YkPt2qh0D9t3WdFH8Pf1sCy0CP4JzbDItgYaqNtWUTOAgkb ikeckqwpxLth3PyL7yCzkrQfIQrUs1eoHMwGfTxinvadC3uXW3FvUzzBGuHQfp5/ wPlx4yVl/q5yS+Ylu8Vrb6tyTeTHx+/ihrzX5VM1HL+FEhHjob28l2ywKXfca0eX GYjJVH6Q5umFI1aOOGAHtA1Vz+DsjGmw2JxjbVOsOpm2z9TuZMyIxoUd7fLhptdg oCar3nlVPUbOzSrsuiLKy9sHH8Mj0CeczeRIAq4knrndaafRPrRNqhpdmMAJbwXU jvNZHSp4Q0Gc5mU+2SYCuUY3MToAiwqt6F1bn7LyT4MUhBnfORm4hS+55ELdIySH MsVllqRoMcWaNebzyufcmRTJbW/CXpAab4gak1NKMQoVCDnqY8495zkNh1EX1j7g vIgBCU0XWhyt/n6tpPYnFpSdyU90FaeuQbw1v/jFOYjvlcVARmpa09Z9iidrnE4T KbEX9euckCVMvPPJt+GVLM2oEVK8XqP0dUc/5rHGkOuedFYOnqQYqLUI8OJ0EGdY nTvgFctIk9decFqJre/Z3O63H0tm27kIupcmnOQUlnF228+4Qk8= =Y4Ee -END PGP SIGNATURE-
[SECURITY] [DLA 3474-1] systemd security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3474-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk June 29, 2023 https://wiki.debian.org/LTS - - Package: systemd Version: 241-7~deb10u10 CVE ID : CVE-2022-3821 Debian Bug : 1021644 A buffer overrun in format_timespan() has been fixed in systemd, the default init system in Debian. Additionally, fixes for getting property OnExternalPower via D-Bus and a memory leak on daemon-reload are also included. For Debian 10 buster, this problem has been fixed in version 241-7~deb10u10. We recommend that you upgrade your systemd packages. For the detailed security status of systemd please refer to its security tracker page at: https://security-tracker.debian.org/tracker/systemd Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmSd8CwACgkQiNJCh6LY mLGm0A/+NXdEY8of4q94EDuk4W7N4GzHQ4LX7FjGZ7gwg0/pHJitrOfnc39sOv+B KV0zwU8azBQ5x1bM1wcId+pNmCC57dszJJIlqNIP9tmJR3niPXfyyGE59TqlJfXq y1ltcN7sV40rTcSpjHeqGq8Pf1BTOFWncv28Lu/FIRqjpsBO0jaCJMBzgeMteaAz JHrYx5uN8dp/hwKKgF6GqKW1/1oGErEBwDNiRMjEaZQFTcs/F6ns1E+zE9P/ppaT lByYFbxVqq9g9iwbRLPEh+UJlmHxf7V541OQ5ViViGdIwysVe49IOf3hcu85PE8J c596UFzikMotdcGOZUvFK2R1HvosVUqMlScQZiqGHZAZSdTLLt/P/NckGrIms2Xt X/nzQwpM6+Cb4VMOhK/1DxkztCrcGK4/5BIwJCI030RxVpEg3S2JidX399Solivu WAiu7BNl4Go3guVTT3+CwHmvNmSx2INrkahSnk2nzwK7uZuZeu6/w34cghROLjg0 hr1Fzp0MvtrS27JVHK3KCfvKod33ZBkNNEIthbAqR4wzVXCWvuW9hVJ7V4YluRwj 4OqyUR1ulMLyeRXbBjsa4NnKdKpBVHH1P+RO+T2lebSVGBjcYo7y79qZt8XQPsow nxf4ngPlR3GdMGpOxgPji/QBY0NamyDJLEnnPyLp+tg0wI/xYtI= =nig5 -END PGP SIGNATURE-
[SECURITY] [DLA 3472-1] libx11 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3472-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk June 26, 2023 https://wiki.debian.org/LTS - - Package: libx11 Version: 2:1.6.7-1+deb10u3 CVE ID : CVE-2023-3138 Debian Bug : 1038133 Missing input validation in various functions may have resulted in denial of service in various functions provided by libx11, the X11 client-side library. For Debian 10 buster, this problem has been fixed in version 2:1.6.7-1+deb10u3. We recommend that you upgrade your libx11 packages. For the detailed security status of libx11 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/libx11 Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmSZuvYACgkQiNJCh6LY mLEUWw//T4+UW57/SKvFsQ8Dvb8Q85KOM4qCiIKRyNbCLy4kswHYTZWraIEZqU33 4EtKzyqbP9t1k8oQkqJqwk97SDjcQ8JsL7kXihYIR7AgeuoZB6kp0hBqJXmMt1JV OVOmyAq+E97ntAKrUrSD5068YoSfDOv9uVBAY/2TABbng+Z+tW5p7l0ubknfCDJi mHfHboencPU0wIz3eP/vBCY/8AEuH/f4o6EAGb40y3VH4tBnwmd0jzj7jb+x6cE3 I7Kb9m3BowKZ37sySd6BPg9An/AlPs30erHVr5Kzfh/1gBQVRMZ2NWCiI7/8EFqE pXAcTmdKGXvGvGdp6E1TSXf52RBuBZRN41Q9N4Be6uu7Pi1mYr3pFbIhGYQEaSO5 IHD5E0cfkQclcLNOEwBLJmyt+YT5fVNZNUDw773Rz1U7IHKPqZJZwU59i5IYH6ah xWmHwdnkz94/wQbbZ/hLxC0zGA5wl2FabZ3YztImf3X9zNqeiZ3EU/BybTk2gauy djIf9ciFHjwGx2dg38jpiY0Fy4E40HKaGn7Kg5WtSbzC1BpRleT/+O5lopBFjtFr upqTyhPl8jKtgWKVxUY0gP67p0kvw66av+m3ibzpZwMEuXOZgDHP2ZU0oX+LE486 To5dxlZePJ5kxPt6tGF6QEeM31OoSA1VkpykaghQJOZ41/gwCZo= =5P6t -END PGP SIGNATURE-
[SECURITY] [DLA 3470-1] owslib security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3470-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk June 25, 2023 https://wiki.debian.org/LTS - - Package: owslib Version: 0.17.1-1+deb10u1 CVE ID : CVE-2023-27476 Debian Bug : 1034182 In OWSLib, a Python client library for Open Geospatial web services, the XML parser did not disable entity resolution which could lead to arbitrary file reads from an attacker-controlled XML payload. For Debian 10 buster, this problem has been fixed in version 0.17.1-1+deb10u1. We recommend that you upgrade your owslib packages. For the detailed security status of owslib please refer to its security tracker page at: https://security-tracker.debian.org/tracker/owslib Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmSYiM0ACgkQiNJCh6LY mLELOg/+Keop2FuqZy4UyyYsa3f6EZDUn3Nucc5cUIMppbzUC1CchtBW3QPaBaDI q+iNwFOShjFeSzGTvmlsXVEG8t4AARoM4Kt/sjaseMTxoP5GQI/QS2eRTFUJBpJg uVqKF7gcUCrEjDvxX9oQ6nx+kPMFIwmCLALDiKoE1s59t9t8i4yyh0UrfE8jvNDT +pd6PEZFuzEdZJghJvi8qZhaWv27vlOVKmZE1A9Kgn+5cQ1H0jZ8pv3cQd8ju1ss /E0fExwenWd4niBg1sG9V71FgZKM6r3iPXIAqKpbDFvREJlhMGKUDvWrfQC/gHIq P8qhjCiZsbii3T6hiSfRnGy5BT9p4Z81GMR0UIR3K7xU4Em5nOUUliQnT8yJhPaq 1crGQiI4YEhCZTeRdWeNQaaRKSDfBzTIDBrA76cyre9ZHQoy85ea+uKLOm5fVf/C cN3bKlZxs+ceaH6qNz9cs8RsEpznHUC6YgdPZqGUG2hbdyjN6bJIiKP0oyXb6nuW ZlsxkZQ8ZmTFY/DUu5njj//itKhHBoukmakAD5lpaV3WOGxDgOpIlFhjluQJqkDN BepJYT6gcZIL0z/SK5sAWtl2i3fSui1dhcW0x5rfkYohVGKQdxdpOvt3ps6hWz7X axTOr5EeOXwyoiCrLnnJlEW8ZdNtnkLZ5GoHD5Uv6p/QQ7s86jQ= =AjNS -END PGP SIGNATURE-
[SECURITY] [DLA 3445-1] cpio security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3445-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk June 04, 2023 https://wiki.debian.org/LTS - - Package: cpio Version: 2.12+dfsg-9+deb10u1 CVE ID : CVE-2019-14866 CVE-2021-38185 Debian Bug : 941412 992045 Two vulnerabilities were fixed in GNU cpio, a program to manage archives of files. CVE-2019-14866 Improper validation of input files when generatingtar archives. CVE-2021-38185 Arbitrary code via crafted pattern file. For Debian 10 buster, these problems have been fixed in version 2.12+dfsg-9+deb10u1. We recommend that you upgrade your cpio packages. For the detailed security status of cpio please refer to its security tracker page at: https://security-tracker.debian.org/tracker/cpio Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmR88CIACgkQiNJCh6LY mLFEnw//dJUPmrc9TF3gc0O8DcOf7y1dre2POsQzNm3NVBFsewVro5EM61s3pQAE dt6k3wY5fxEzlu63ul8/ADPhKDWFhmOY2lUznxG9svjC/yVFFeFQXPLc/PAyqsrm DezOIsi/WCCCtOLjrdeRera19urF9/lc70ANdIEgN4MmH1YG2tOk/c2Jd3SQMHpF 8RzYcPCCQB3+7YcMtei++WSxNaFT8ELWxIE6B6rDnpTps3whFQhDAfkNWmId+yUG 6UB6fO0HsqY3oRyEx4oatpYM+ua9xPDf6ydV3mIbOwV6TgcwjglVgeoP08Rzpwto w7dNQoM9WKrzPxXgB8hiRXzPPW70/vtQ7kd+J1ygDVhSl4QXEtPoTyva5eXb4KMR WWAbi0uG7nznI6iJ0Z/3egS3yY5Jh7s+BH14t74wnZ8zVp6HCO16Lpyyo48F30em CkBXxbpfzBFdRv1anK0GdIcB/Kt2poPYiCjZxvlyzvwMYwJfVnKEH5hwekbvxrnc EEEHiDRU2vIZs5vHikYQDWenTRqX7XnuzIvFJYV/lYKvtwPuUZS4cC+F1a3SDSZV OKmiCr+GLtjbngYQUZKasibYd3a6ePH89loOWA9e/jbkG2LpJwhy7e74SqrGsVLS qHzOeW5su6Nn+ETBIoZ6CRrsF5p5ZprAjofnOkS0lRjFh/pXw8c= =j8tT -END PGP SIGNATURE-
[SECURITY] [DLA 3443-1] wireshark security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3443-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk June 03, 2023 https://wiki.debian.org/LTS - - Package: wireshark Version: 2.6.20-0+deb10u7 CVE ID : CVE-2023-2856 CVE-2023-2858 CVE-2023-2879 CVE-2023-2952 Several vulnerabilities were fixed in the network traffic analyzer Wireshark. CVE-2023-2856 VMS TCPIPtrace file parser crash CVE-2023-2858 NetScaler file parser crash CVE-2023-2879 GDSDB infinite loop CVE-2023-2952 XRA dissector infinite loop For Debian 10 buster, these problems have been fixed in version 2.6.20-0+deb10u7. We recommend that you upgrade your wireshark packages. For the detailed security status of wireshark please refer to its security tracker page at: https://security-tracker.debian.org/tracker/wireshark Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmR7al4ACgkQiNJCh6LY mLFJAA/9ExrJ3MmOC50fnlIppkSDpLkd8Zgw4aYZgnl5bndRFidextFF2rAuCYdD H0kGmBRaOUFl0saNdsUoMARgWTV+K8uY8pBy6xasTbDZhPxSPOfzTXAQUNlgtvg5 04BbiFHqkyn3KG8od2iMDLQz0SRJJCuQLLOMupS494hCm9S7YFPXJQIXR1V2ukaG P9NFe84rGVbO7+5E5WkUDil1yhuy6uTXl3ja9mk26b6PUXL6W0Fp8iEE0yo/jz/h 5H6qS4t57x/NnKizUiPJNRhNE0rYGiSVumL3mn9U8KFtbUd3NpGVJlNfsTVQFqK9 WygUYg+YbdN7c8w3M1HBF+OKTj1o3h5/8yqbLQbDWjM+RxkOoXcmJKOFV/a/k8PN Yet+YQHBAy5aJVftwJbTQGBGmelmgYBjt0rmQhYAjWLYC4ZIHA59PeSa5FlI4f7b NzOB39Q0CrEws2tlK/pOVGjsPRCtG85FAI6ACD97VGRAqjdUPvkMRreQw1y1Ks+K 7BqeTUSoKwMYTHDk2+xc/J4iYE7C5kLGUeMrmGqqOaodP4MzuvJl4rowkTn/FWyX 3NowQuU+0famaLB0oaR0f+n47NzUqVySYsS32CYNbM3e5KA0xeHJLuHEbT+n1tLv Ab8vAp4Gtm5YuxLxhZ1nD3WyR7hITYej7OGVt1UL/Oinl+dgkRo= =0K2X -END PGP SIGNATURE-
[SECURITY] [DLA 3409-1] libapache2-mod-auth-openidc security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3409-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk April 30, 2023https://wiki.debian.org/LTS - - Package: libapache2-mod-auth-openidc Version: 2.3.10.2-1+deb10u2 CVE ID : CVE-2019-20479 CVE-2021-32785 CVE-2021-32786 CVE-2021-32791 CVE-2021-32792 CVE-2023-28625 Debian Bug : 991580 991581 991582 991583 1033916 Several vulnerabilities were fixed in libapache2-mod-auth-openidc, an OpenID Connect Relying Party implementation for Apache. CVE-2019-20479 Insufficient validatation of URLs beginning with a slash and backslash. CVE-2021-32785 Crash when using an unencrypted Redis cache. CVE-2021-32786 Open Redirect vulnerability in the logout functionality. CVE-2021-32791 AES GCM encryption in used static IV and AAD. CVE-2021-32792 XSS vulnerability when using OIDCPreservePost. CVE-2023-28625 NULL pointer dereference with OIDCStripCookies. For Debian 10 buster, these problems have been fixed in version 2.3.10.2-1+deb10u2. We recommend that you upgrade your libapache2-mod-auth-openidc packages. For the detailed security status of libapache2-mod-auth-openidc please refer to its security tracker page at: https://security-tracker.debian.org/tracker/libapache2-mod-auth-openidc Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmRO2icACgkQiNJCh6LY mLGkPhAAg1hWzk52AhdbiwRuEj9zyyZKJd7ZQYDjbBMgOlgSXG28XtS8tTEp8oKP /hyWoyyczyqkdVwv3UAoOwOcuXa8Fr9bcCdF/KWZsONFtAXaf1+IOvQmyg+orf5P G4xG7EtMIXKb/JF0zNEov7dAr2TP1bAlE1lIdDbsNje+0lV7irXumnx8BVAoDJ0j 3Ea8ptrtDknTXNf8hEx7TNR5XoSi8soeaAZw0ckHVK7t9P+YLvd4HWBt1xwU4w5q SryyVRgYe0s68AA2aIQYj205Zx4f5auLwkR+GPvW0cpoqUAbiy27JqBW2AysB5qO GsFwUfUn9nVj6ViJxhEbW9KnrMRb2Xy2FqfGVqU9rMuEkTUjAbsUzTYWa2RccULJ q4QskZrhowYqw7JhhOOyAbM0pU6RW9y0PWte7uQzfbw0mtK9vPLtnpPIBI0tPjg+ veko0oRGwS3FU4oAa3jWS8VOJhlR//lB5RpgMRqhd/Dm68+81UQ8+2lBSLRbfuXg Le7CmV33DIuwixr6HCfSCrvSk4PpQm/GQDKgYo+LuVr+LNZ0J+NDdvbFfLRhV5NX TvliSq3nfnfxSjQ/s8DdF+8StSVW2nOjPwfPQ3TK1VtFUpwWFl+d93vcr/uoh9yb GJaFLbWVYjNu6EavWs/pqb+W7Qq5G7XTeE9Mdxq2KgE07ePuOwc= =Tb3N -END PGP SIGNATURE-
[SECURITY] [DLA 3408-1] jruby security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3408-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk April 30, 2023https://wiki.debian.org/LTS - - Package: jruby Version: 9.1.17.0-3+deb10u1 CVE ID : CVE-2017-17742 CVE-2019-16201 CVE-2019-16254 CVE-2019-16255 CVE-2020-25613 CVE-2021-31810 CVE-2021-32066 CVE-2023-28755 CVE-2023-28756 Debian Bug : 972230 1014818 Several vulnerabilities were fixed in JRuby, a Java implementation of the Ruby programming language. CVE-2017-17742 CVE-2019-16254 HTTP Response Splitting attacks in the HTTP server of WEBrick. CVE-2019-16201 Regular Expression Denial of Service vulnerability of WEBrick's Digest access authentication. CVE-2019-16255 Code injection vulnerability of Shell#[] and Shell#test. CVE-2020-25613 HTTP Request Smuggling attack in WEBrick. CVE-2021-31810 Trusting FTP PASV responses vulnerability in Net::FTP. CVE-2021-32066 Net::IMAP did not raise an exception when StartTLS fails with an an unknown response. CVE-2023-28755 Quadratic backtracking on invalid URI. CVE-2023-28756 The Time parser mishandled invalid strings that have specific characters. For Debian 10 buster, these problems have been fixed in version 9.1.17.0-3+deb10u1. We recommend that you upgrade your jruby packages. For the detailed security status of jruby please refer to its security tracker page at: https://security-tracker.debian.org/tracker/jruby Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmRO1mAACgkQiNJCh6LY mLEQLRAAvxLEfO+mmRT5U57RfK6OG6r9lrHwkR1wjSkBhuvnQpoNs6npgT47xVdt avPQYwwu9wL3Tb02NmlBKRmv1UWDo1xQTL8ows++4V1QakLnUsv1K84VSQkFCmBN cWSQwIbXHYgL0HU/LqadlCmn8+NwAJJZLZ8/TCtokgAfiuEXKJIaywzHmA9iDwK3 SFvGA1lxKZo+xbNqJhsyIUxmi0ukn43dMiqxqoeMSuZPlaG9EBvyIXNN7ayktjfR cnZDr7EaB/W+CjHWECXJkx2gPoRYNjb3CtxsVP7kBXxYyUZQ0dcDxJi+N2wabYic GAsv8YPPqCzIYXjXsDI9IZop1zQ86XM2hu+64XN9eI56k+gev45376vFjlXIFeYA P9JwmYS9h6Ru1kvqShFxHULpPMIOMFMakDmxtFuW3NyjG5GYlWvnYs7jTC7OYP0Y vvBP3f35EtBsP+/ksVfLxH5e1jbk43lnD1poiJe8UzCB5maYRUSZ1/A8BgQN3lFc AuZWnKwOcXrjtnD0wki1h6864Hte3BpvoLGa4DwQu6RJGrOuJoHy++aRI87UIcHZ hRd3VDdXABGT3pZp+D2b5QDUrS1TtOaATfmQxAaAghV+i2JNrwT2PF477m3ecJ5c pSGPmcH+5zF+9tVjQ+FmbmBs1r5nB8+U7gizq9D1ubvxuE0EuRs= =6QoI -END PGP SIGNATURE-
[SECURITY] [DLA 3407-1] jackson-databind security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3407-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk April 30, 2023https://wiki.debian.org/LTS - - Package: jackson-databind Version: 2.9.8-3+deb10u5 CVE ID : CVE-2020-10650 One more gadget type (ignite-jta) is being blocked in the Jackson Data Processor library for processing JSON and other data formats in Java. For Debian 10 buster, this problem has been fixed in version 2.9.8-3+deb10u5. We recommend that you upgrade your jackson-databind packages. For the detailed security status of jackson-databind please refer to its security tracker page at: https://security-tracker.debian.org/tracker/jackson-databind Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmROmXgACgkQiNJCh6LY mLE29g//UkSshHJf5MIW1qHrx8eGnWhLjOy6BrY3LiIRqvl0+7lQxZ8h5z5Q6PQR XeBvQG1b6TEPM7U61RJRZxRT2BtEUaEeLKOGblzlGPhWibJIgrQ1s9+vN7/aKETv VEJXgyivxYdLL8KeXGlo9NWJj3lvF1RxyG0gpcKS7PawOBT+Wngx7RtWauv5HZL7 huu9KzmBoW5uaANTeaiYgn6Q22q11w9mf5G+83Km+cYRw60Ge8TOkPaqvcJVe9J8 Bj4GUIHBPjZ3c5Uj/ALCrNjq+TfdxVsIDNKNIF3koIvAOiz6O9k+BHM09Muu3t0I 5K/1RYAMbXBlgUjVa1eHVUa3b9OJPy0ZOK8cFxtEaxQR5cmOxA9KvCI4FhTiS5SM Rgl3licyjhx5V8onk2/CdYSN7K32SKFdXSkJZJXHv1E/43i7kXcqK2r6Prr/rc5X 6IN4Wv09HLKSCEDLtvQNfIW2Xo+3S3M4M3hJ5v+oeexJvZIKlHOL6QEbZkGfTabz 5EerV4X1IT7ysYS5/18iiTQlg/S3ywH/SaN+6sH9o28j+3enIXmO2JKStFa0grMh HTMDG37lQT0wl4dlO+rPUVof4pT4O6NkkODXpyBEm4D4HNtD3rwqv5URqBGtZHwf uN0ByVNMyWZ45bi2jRoGyBMoBmdrBO8QQMOTSYaJeV91c0e5/VY= =uaw3 -END PGP SIGNATURE-
[SECURITY] [DLA 3402-1] wireshark security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3402-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk April 29, 2023https://wiki.debian.org/LTS - - Package: wireshark Version: 2.6.20-0+deb10u6 CVE ID : CVE-2023-1161 CVE-2023-1992 CVE-2023-1993 CVE-2023-1994 Debian Bug : 1033756 1034721 Several vulnerabilities were fixed in the network traffic analyzer Wireshark. CVE-2023-1161 ISO 15765 dissector crash CVE-2023-1992 RPCoRDMA dissector crash CVE-2023-1993 LISP dissector large loop vulnerability CVE-2023-1994 GQUIC dissector crash For Debian 10 buster, these problems have been fixed in version 2.6.20-0+deb10u6. We recommend that you upgrade your wireshark packages. For the detailed security status of wireshark please refer to its security tracker page at: https://security-tracker.debian.org/tracker/wireshark Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmRNaOIACgkQiNJCh6LY mLH5tQ//bLVYAnS45mCE2ByQjh84oCzM8RMnv97jt3h0Qx6VZ0MjI7qbvxgwme7y DPBsgleP5agbj/EC/8HnLkz4HDgqdjxHc/E/eWrSllWq+H8hnu/lGd+f3Pt5sAsT VD4O48ILCPKBNlsd5ifUv/2H4ntxu2b1lF+sTjsBxzaAbM94F/XV/8YRZdjvTq7I 1MlTS7GfrjW9Bg0EqxTrzwudZotEKqY/PSgyVOgeBXGz864H5Uz8LUB0DWWixQeO Ykq6T5B5kDqYM4VMurj9ah7FzliN80KJMBJ9DvLV44qo4IXOuk84UNaEZ+GSOu+o J3sp8rMQBHxlWOT5vt4nYsx7vp4AlYf6VOqOryGZ0vQxltQzpcjo2xZl+BCtXJ3O YbVFOdhSg8WotwbK01e1TQokBWb54ilzBN29sUJFBp60Xs1b63TasVorOBUSbFGp iUiSDVr3WqnZQ9TIHpiotb99StWWpIK74nKbTyHs9YRjpJHZ4glab68j8Ut0DqSU drEDlu82bAallFPzSUoBVNfPBD0pJpIMrf8pVjpJHePLTRw24MgRWHgnbUxF362C PSmrJ2Eq30InBpWvawghsWmA9Z4yeQiL5/kTavGLtEpjS7UD/W3kVHzxPU1X7+gP VNUbG2rwXEQHjYhgwAlTsnzUtltE3ocAcMCqfDU5bIO+qdSGFQs= =ORXr -END PGP SIGNATURE-
[SECURITY] [DLA 3377-1] systemd security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3377-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk March 31, 2023https://wiki.debian.org/LTS - - Package: systemd Version: 241-7~deb10u9 CVE ID : CVE-2023-26604 Local privilege escalation for some sudo configurations has been fixed in systemd, the default init system in Debian. For Debian 10 buster, this problem has been fixed in version 241-7~deb10u9. We recommend that you upgrade your systemd packages. For the detailed security status of systemd please refer to its security tracker page at: https://security-tracker.debian.org/tracker/systemd Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmQnSOQACgkQiNJCh6LY mLHN4BAAqkkjvOaVNrQf4yvcK/nzdi2b/BB1vHfLxUNzaMjZDYDQcWuE7xl7fuOV PnEEEnxOCJCbUfYuo/rEBRpFPQuBmeTbFvqKeoZibHhp3YXKrYOUan5PJBsUZVML RkULZXX+LwJZo+cTJC/lhNgnzlbeGS5ylgTCVPMpzb52+usA5HgAv7fOfhy7ZqwH fW33iq3ybRYmAPtjZiM2W427VuEDGJN4q8tyiTyLyg/oC+Od/yLvku5lJBqsXJvj yuSXpn1QPnmRjDmOOjn2ZUzdF+lkiDqFpe1iKPWiZ7ShRZwBLj78kOKf+PF3IPnp OPTiWIJvfZ4rMQk3pnrhG3APn0YmVe83mQf23LMXPYRkjTfRQgyiuzEZb0+/DWbX fodOcvR7CP/VAt7wtE3vutnWeTSHlQibgroJMt8ylnK7iM+USAPcDZVQh4eTFyIw IZ912HvPEG29UbIjyRmsXoLiv+iYfSJhnCBB0LI6ja8FaWEMKwgL390leEywROOD WcCo4yu9KxbZR4m4lQFEaU0PNB6bjy/IN0JKFXYmmpeBzPnTDL0rFDyOWcpAC9Q1 O5Kw8TOpJ06zodJrZD0skDaDVkxheD9Lq9CRicIfhuRsejiluxa/GLS1quqtIa91 OUEFJhkCs3d3x0tWKyIZXLkRF3Q5AJJefjgvuNylyr2SYw8gG3c= =WI01 -END PGP SIGNATURE-
[SECURITY] [DLA 3343-1] mono security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3343-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk February 24, 2023 https://wiki.debian.org/LTS - - Package: mono Version: 5.18.0.240+dfsg-3+deb10u1 CVE ID : CVE-2023-26314 Debian Bug : 972146 Triggering arbitrary code execution was possible due to .desktop files registered as application/x-ms-dos-executable MIME handlers in the open source .NET framework Mono. For Debian 10 buster, this problem has been fixed in version 5.18.0.240+dfsg-3+deb10u1. We recommend that you upgrade your mono packages. For the detailed security status of mono please refer to its security tracker page at: https://security-tracker.debian.org/tracker/mono Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmP51+cACgkQiNJCh6LY mLEVUg//SxvSPQUHmgCUSDx48KWq4dvQ/HdQsyKmo/3uUOhoU9+BmeK+dj0Spv+7 YVPMfKe+9aYG29ufKIh3O1Yk07eRtii4z3b0WnffUnhIbV58AziqutlKzhr6k4r/ NIB0zzg1+7XLUlViBJW3TV9JpytR+hObvRQnsSTEA70EEYPoRqmjql5RbC5gS+wU ed6ZamPQoVvgbAng6j3rzsjYsfAkMM1rRukAeyPnJ6BRKUEsUsluLBsCX6OrBCRR CaebbNo4d7sxUy2GoRMKNd+NJV0Tr0JjZ4oZpXD2sdxmkJ2UGaXVheOY428UDHNW zeEFSq3dNu1GFSrjJE2YNcuIxJnB6J6k1/CaJbDLP/pls+5bgANcPiw089gRm1tq WxjXEn3FAqQCwawGWJe5NTNXRRLZFC+CoHlS8YGzjWJI51n3LECJSbGxnWXfS7Nz Rt/qbuCY6RtdJJOkTsI+itEdJEer8txfqAakEVFs6TWCX9MXMVy+f6N3V8BN9wHZ nCc7GyL1h27Zx+p8Ie1QkfA588B8LDkfuPRQrHZKrr/aTJlkUUYm6e0uBRc55pDG G5ZrsIuIC67hmrLa8T0EJsoh5GoJ5xixTR7kFbI2dc4Wu+HQIO6Rf7AdxKZPVmSO tbCQF+g20q7yBW3iJi2mDxqidrH4/wIxIBpF+O0wLTDKF2CP1kY= =A9BJ -END PGP SIGNATURE-
[SECURITY] [DLA 3341-1] curl security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3341-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk February 24, 2023 https://wiki.debian.org/LTS - - Package: curl Version: 7.64.0-4+deb10u5 CVE ID : CVE-2023-23916 Debian Bug : 1031371 HTTP multi-header compression denial of service has been fixed in curl, a command line tool and library for transferring data with URLs. For Debian 10 buster, this problem has been fixed in version 7.64.0-4+deb10u5. We recommend that you upgrade your curl packages. For the detailed security status of curl please refer to its security tracker page at: https://security-tracker.debian.org/tracker/curl Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmP4nKwACgkQiNJCh6LY mLHRPhAArz0793ekL6VwFNcpFbPfRmM0YracDoKoF/6p3zrJ5QVNiFEGuAn1p5gB Gx8dk718Jdu4Ph+sMed48a5B1k1z8Qp4v9xNlt2B+aHFFQez5fkyP8ZyUAyhUaiu nzEbm2eAT5LsoI8URdwRpjDYnZj0IBYJu1jt38tqQoBzUikWV6eC3yeh9NYFUNYB ZYFqJi+bOOpsptLvUAfRXHXToC+7nmsBLQdWr3lrELWfwhhJD+HAU/YI5FaP6Fa5 f8AiVgvYAugoF1IQHuPpBepUwZOynYgTBTBffG3ca4NRsbfDt1Z9GL7Z0/q4rNNB J53eihMmPRzxVoODsuHtwRjGkMQXO/7YeVAfHbYCUwGut2haWRcW3SDf82kI36cF mFojO6cV7n37ylZ2C1XHFM23599DnTvGtVESBY5mpKkhrI7redTWl+BC8n8vuwfW 7bdvXr/0iO0UKBpdnPTyEqEhZ/y9gFnBTk1f0LezpJxa7DHvXmSSJ1c2FJWzRPsn fEPB16KG8x1qMoiDQgzp8KMDH1QCbRbO1phSnOGkDQH5eFmLdiOHADvIi0OwFttO kfupn4rhurXdaB8DHpkRfhlzOyFLGoPZ08FFoJcPBbqDm+IcSr3RSyiYN+FJD+SE PBv582qxKfboCkW99jcHIWfYg0P2rC12HkNpP2hemXhpzsQjI/s= =JgEq -END PGP SIGNATURE-
[SECURITY] [DLA 3339-1] binwalk security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3339-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk February 23, 2023 https://wiki.debian.org/LTS - - Package: binwalk Version: 2.1.2~git20180830+dfsg1-1+deb10u1 CVE ID : CVE-2022-4510 Code execution through crafted PFS filesystems was fixed in binwalk, a tool and Python module for analyzing binary blobs and executable code. For Debian 10 buster, this problem has been fixed in version 2.1.2~git20180830+dfsg1-1+deb10u1. We recommend that you upgrade your binwalk packages. For the detailed security status of binwalk please refer to its security tracker page at: https://security-tracker.debian.org/tracker/binwalk Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmP3wl0ACgkQiNJCh6LY mLFL5Q/+Pgv+fZRt1RDImeWKoQv/Di0bCIiMkHP7hLSFMV/oui4rajQECxIZD4As d0lP4UbR0WYozwHZVXTcd5eydh2zoLr58+LsPuwqI++zW5FvctLpG4St3Y/oe6Mf 1ZYviCyttsPERsq7q5nMNsyFsC7aGhzjUTC+CDtKcH+RJEHiX0xw8QKLM3FrgR67 NuFaKN5vv4Wqq5FikQS8+Fbo4kzRT8onJigflgZ6rLNor3ZBzXHK3a4j2EduLKCS LF1AjFHCEg/oUQpnamPu+2dCnQkQQAwploamW52LrDBVRgM6vjNY9vXoaeuJNCqe 76BXfExx4GIDGC3+LCkcNIYCooNc4rY/ur8RiTJtzw21Y+JDGe7+umklfq82SV1y /zRHl0agtj5NxIQED53RsvyvObHyMaBkOpLv+45pHSD0daAx4wY8yG0fT8wKOPiR 5+1e9x+Wq53DPB3YSDiJSrduOvBSWwXlh2wEdLwaootOJYuU3Iy6FosuGN0tvKWk NKuTJpMoJ3K9u48DaZX7osZTLzNQZz0bybxAlBVXeCrhPJk4ujnbycykoPZlorfk VfPAadl6w/3h5+bl6eDOIoxjJXqCiQzhOJIgMi1HN8dgxvTx+DPxkEnRAsWMtLrK /vAznJejVidjvhnonye0x5epgLAnxsPNmEZMwPgruRTIf88+P20= =7W0c -END PGP SIGNATURE-
[SECURITY] [DLA 3334-1] sofia-sip security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3334-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk February 22, 2023 https://wiki.debian.org/LTS - - Package: sofia-sip Version: 1.12.11+20110422.1-2.1+deb10u3 CVE ID : CVE-2022-47516 Debian Bug : 1031792 Denial of service (crash) via a crafted UDP message that leads to internal assert was fixed in sofia-sip, a SIP (Session Initiation Protocol) User-Agent library. For Debian 10 buster, this problem has been fixed in version 1.12.11+20110422.1-2.1+deb10u3. We recommend that you upgrade your sofia-sip packages. For the detailed security status of sofia-sip please refer to its security tracker page at: https://security-tracker.debian.org/tracker/sofia-sip Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmP2jAcACgkQiNJCh6LY mLEFOBAAkvG34l8lF2GQghUJ0XB6Bfk2RaYl3d2kkawzgtpSDzL/Bdefuen1RZG+ KkQupgUyvdCLkYNSQjDQLli4Pxzr3A4iud47eeBlk9IGzTPpx4NNSPITeQSOoqLT UvP9Pjx5Car/ivM1Mr47VxYIh5uNPeq0djtHs6hp3u7sZOcN7V/saX0UidfVXO+F uozkss2bBb4XqTHaepDiqMItViDQfzBcusPMUFXQ6L3wPmGhdxZRNvhfp+J6Qn9o L/a/ncrjJGb0dYgWIQPFDFjV8qQvOVxAS1jPkzm6QuEhDjDJT7z9vY5/VSNxyDx/ euHrwoa6S3mfLjkGkZjoWXWEwzxUBBtexU89nsLJqKnqoPICs7hh0YVsFrGx0Td6 Mfbq4KcLjNE0Llbz8zdNu0DMHtifbvFu0e5XnyvUyWGjDit7HNLVeEs+5Z++S5ir tK3hJJ8yhNfMwVaU+/9115jayRvBkroOnGarRm5ttle/fraGtw7+JVaZ1CqtxSIT 2hP7APSA8Ngy7RtrgwDQ3JuShSdjk2zLt26/b6ZtmxOxHYkBhFo+iZwRreEWRlr1 BLyd2YZ/sfoYYXsf5GaitNJ9mnU+2TvlQ3d4OSO48GcP7BZSul12OWQgF4j/SmsU GDW4wI/xGrb7osWKdNxE0CqWNpZ7ZUbOPsiIWXObTyWFF8dzMWA= =juJl -END PGP SIGNATURE-
[SECURITY] [DLA 3332-1] apr-util security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3332-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk February 21, 2023 https://wiki.debian.org/LTS - - Package: apr-util Version: 1.6.1-4+deb10u1 CVE ID : CVE-2022-25147 An Integer Overflow or Wraparound vulnerability was fixed in apr_base64() in the Apache Portable Runtime Utility Library. For Debian 10 buster, this problem has been fixed in version 1.6.1-4+deb10u1. We recommend that you upgrade your apr-util packages. For the detailed security status of apr-util please refer to its security tracker page at: https://security-tracker.debian.org/tracker/apr-util Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmP1IskACgkQiNJCh6LY mLELfw//SC753I6+9XM8DBZhNZCA2g8YaQOK+lrZTdd1tKelcgMKEANtlltZKq9j okWf8aC5X5Fkti6Sb6A0HoMYxKhAVCxSRu4JNZOyrY3zsWjmom294mWWgh6R7m5b M6D8V+u3S1tauaM1nGudteslUsXTjkntW2bUhlI/kHZUxTHxposcL9zDCYyXwWPR XIadaxfX4uPgnSeHa13CZoRHdydBALQZxz+7+A4Y8BvqXTHdouqSYSondR9t3SaJ NB2QDn+GQoeF/biIdV7bCruHCWGiKNvNI8vBg8OS521XtaOiQe+UECKDWjfp+Iut DetQya+PwGUYrsNPzKtIFHD+s8jQWq/fyH9ztpI8O8nzDg2gjh8EMnQ8BXeeE8sv mcEmF3VzZlxlkcB6Pv0ytAerkXO6SL2kZYalMcptQ9Uh6uwZbnVpobsickcdbT5R uGJAcFY5ditPoP+OAQihqzzNI8DkrBlDOoH8lxOlwG1EOoM1xZKjrz9UEMdo5cib BnLFbN4UOV4SD3kG7nxAb7/3R0tjHRS8CIefESO7TIuwi4oIPw03AlEaeAO8zZ38 hsLgFLVRM9/zxMj4flWKcAegCW5PYaGiFj5aC9IpNfX9qpc3luH2ET+gKFP29FgJ 8KSD9UKjRSpCVQ4pMmeaJrSezxbnJqBm1Q4lShsLW5tzXLRMjs0= =HFVp -END PGP SIGNATURE-
[SECURITY] [DLA 3305-1] libstb security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3305-1debian-...@lists.debian.org https://www.debian.org/lts/security/Adrian Bunk January 31, 2023 https://wiki.debian.org/LTS - - Package: libstb Version: 0.0~git20180212.15.e6afb9c-1+deb10u1 CVE ID : CVE-2018-16981 CVE-2019-13217 CVE-2019-13218 CVE-2019-13219 CVE-2019-13220 CVE-2019-13221 CVE-2019-13222 CVE-2019-13223 CVE-2021-28021 CVE-2021-37789 CVE-2021-42715 CVE-2022-28041 CVE-2022-28042 Debian Bug : 934966 1014530 1023693 1014531 1014532 Several vulnerabilities have been fixed in the libstb library. CVE-2018-16981 Heap-based buffer overflow in stbi__out_gif_code(). CVE-2019-13217 Heap buffer overflow in the Vorbis start_decoder(). CVE-2019-13218 Division by zero in the Vorbis predict_point(). CVE-2019-13219 NULL pointer dereference in the Vorbis get_window(). CVE-2019-13220 Uninitialized stack variables in the Vorbis start_decoder(). CVE-2019-13221 Buffer overflow in the Vorbis compute_codewords(). CVE-2019-13222 Out-of-bounds read of a global buffer in the Vorbis draw_line(). CVE-2019-13223 Reachable assertion in the Vorbis lookup1_values(). CVE-2021-28021 Buffer overflow in stbi__extend_receive(). CVE-2021-37789 Heap-based buffer overflow in stbi__jpeg_load(). CVE-2021-42715 The HDR loader parsed truncated end-of-file RLE scanlines as an infinite sequence of zero-length runs. CVE-2022-28041 Integer overflow in stbi__jpeg_decode_block_prog_dc(). CVE-2022-28042 Heap-based use-after-free in stbi__jpeg_huff_decode(). For Debian 10 buster, these problems have been fixed in version 0.0~git20180212.15.e6afb9c-1+deb10u1. We recommend that you upgrade your libstb packages. For the detailed security status of libstb please refer to its security tracker page at: https://security-tracker.debian.org/tracker/libstb Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmPZj1IACgkQiNJCh6LY mLH+lA/8DtWLi71FsiGFnOVokrZsHnR8eVDQiK5ldjmLgiynRzEeZfNMwYjG86xH hsmk6SVeFI8CEKeXzJq36BOcP2VCpq/lR4WYfPkl7U2txnheTQTUjIn7mXG4GQOB M5XtW2EZTKyh5E/ei51cVRQBOCssKMPGpV1VkPSA1DmWZjPN9c0OOJEwsJzq3tHZ 2HqtNzyzFruk8oHDRfATJCko1N+6LtKVMEu8sgJTrwVNSetY2YjBikoJP4BvCxFb gHB90EBh7ezvvgCQ2152YRtTTuLcK0C1cUgVu+47JRPVBkciVj49hHN6QgoHZPpa EvJr7tFKkAW9oKVF2N8bM+NH4GIRtNpwpWXCiQn7TXLXEPAtJzr2HE7TLX4hQcry i04SfrPXiTlvHjNXx7h81B5q7ZmWncNsIXAr9f2nmrEMP8s4zUtujJ3d7qs94bFp Rf09VPlWfw/ZVBMvSd3xz8u/igKvKC1GlVz8nrcRdWYeyUWSIKSnJP/f4coTPmXI 6zweAyWRVYQgh7Em7fKXRw1Q9w8JqBMPVXRqfRMjodgKG3gKA2OafIgMOhERr0CQ aiVj0v4Ln9guDTkJpfSI4nmfmU6EGldfE5K7SMB8NrExWiebjN3y5JBM7hzB3aKe 4TKx3dppa0hHd5e4jdlY/AepKtjSBgWgSc38OqA8C1/fGk1qNzc= =Qh3l -END PGP SIGNATURE-
[SECURITY] [DLA 3304-1] fig2dev security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3304-1debian-...@lists.debian.org https://www.debian.org/lts/security/Adrian Bunk January 31, 2023 https://wiki.debian.org/LTS - - Package: fig2dev Version: 1:3.2.7a-5+deb10u5 CVE ID : CVE-2020-21529 CVE-2020-21531 CVE-2020-21532 CVE-2020-21676 CVE-2021-32280 Debian Bug : 960736 Brief introduction CVE-2020-21529 Stack buffer overflow in bezier_spline(). CVE-2020-21531 Global buffer overflow in conv_pattern_index(). CVE-2020-21532 Global buffer overflow in setfigfont(). CVE-2020-21676 Stack-based buffer overflow in genpstrx_text(). CVE-2021-32280 NULL pointer dereference in compute_closed_spline(). For Debian 10 buster, these problems have been fixed in version 1:3.2.7a-5+deb10u5. We recommend that you upgrade your fig2dev packages. For the detailed security status of fig2dev please refer to its security tracker page at: https://security-tracker.debian.org/tracker/fig2dev Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmPZfasACgkQiNJCh6LY mLEk/Q//T02qlyAq+Twq3plI4lm1DvzTm7L6pj/ZxSgs1uKPdG29S/HRktCeyDCP ZkSPMeWqiV9XSPP2YcFpegX1V4GbFoX4N42OiuLzHE/ErMzeCBEhq7aySx5bx8Qn 58kFoDJh+JU1F1VGzqzMN/oGVJREEt5CTzminjWFKixr1ajF+XIFtuQW7Z2gSs0F NOjEVTHM7xKQMa17LKHMB3migMXd1zHlsb87uBc73TJfQNQSYvUuyUzWHFtPcPGO DDiy4oFe3hnQvap6+WE9+F2Ly+Cuvk3SMcc1SsnLFOGpDvYd/2L2GrD8Z8BJPmDm sAyMuXW3sgj7ApI4Ay+6z9T+m1JYhOyeEuQ4wXRaijLS/hPzRoRS8hRx5aKX2KVp HDRx/1oGgC+O4YlDRzQJ1kg81Fm3p8B/WefW/s1b+kfo0g4R9Winhcq+h4jtTUwQ NQNSG9JbbZt/vxZlba7McX4qiobtvD14E1JooQc3HNMIcWOPZ/cNnmqAuiDb0W/K 9cdj0FxDEQcZvyEk08Atk0xMuJ+cxD/9NSgDsCKya+yXTcyuzmZ4N9i1uBkAzw42 uXhrJWGHTOOhY5nLfNynkO/sbK+LDM77DCrxY10TgqevkXLTINkjmx3Fuot6iGMi ys6my+7YaQ1itnZlVJBd8i3Sj2HX0CI8Hirp3WT864kVMSBFT+E= =xKq8 -END PGP SIGNATURE-
[SECURITY] [DLA 3292-1] sofia-sip security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3292-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk January 29, 2023 https://wiki.debian.org/LTS - - Package: sofia-sip Version: 1.12.11+20110422.1-2.1+deb10u2 CVE ID : CVE-2023-22741 Debian Bug : 1029654 Missing message length and attributes length checks when handling STUN packages have been fixed in sofia-sip, a SIP (Session Initiation Protocol) User-Agent library. For Debian 10 buster, this problem has been fixed in version 1.12.11+20110422.1-2.1+deb10u2. We recommend that you upgrade your sofia-sip packages. For the detailed security status of sofia-sip please refer to its security tracker page at: https://security-tracker.debian.org/tracker/sofia-sip Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmPW35QACgkQiNJCh6LY mLEZTRAArYLhMDrxRQ7OFWIhUP7EAk74GGRvVk+qn7D6EAPOLsYxFWaTjQhdAwha absf8/YiQOwEAOrEeOYGvOwH0QPN7NGwrkrfl7MnZAwyMUuIhmt1fxptdcvfCMI2 VTo8iONYgVHooY5VSPUUWbMp1O409vrzoCpcsiVRQvhrjJefg4wq5Va28YA9IpVp kzTmLhNMocFc+qEKyfHWgIKS2AZECoWczmagi8AQC2wWzVfiNcUmQI7sJzn70Clr +CwlI+RIIEkeZ/MRni7MBJavnJ0XdIlv+4sHjhl4ok1VOIpxdDojFjfNE2cUF2XB bnY8tN3NmLVi7X0xdbzsOgaznRTE80I3Y8oHjMlbPBtCH9D+viqYiumqdiDYLCCa 72RTh38YlxoD/0C1iTzQ6/TylZ2wCMHZgCVA/53TojHcFC6hHOPADI7oH54t0z/H SzP4OEtkL+SY+7ipMpepi6WT33QcuUPnhlQKvfV6avUPbe6AsMPsUpZKw/2hO1Fb PQseIQRqpyT7cc6n5T6Jt5sN4x35W3DdJ7fGWSBVF+VaQTgYHRo78TFlX9HzZ8wO 2ooX+FHt9oEITZvAMctq/fYU7B7aQvZznrO/EPTXGd8fmOaxt05uFRwsm/lEZ9Rc f5TEQsA6pXT/qipgmG46YhYwqCnBV9V8axoIG+HWH7gjqAPecgI= =cyF1 -END PGP SIGNATURE-
[SECURITY] [DLA 2873-1] aria2 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-2873-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk December 31, 2021 https://wiki.debian.org/LTS - - Package: aria2 Version: 1.30.0-2+deb9u1 CVE ID : CVE-2019-3500 Debian Bug : 918058 In the download utility aria2, --log was leaking HTTP user credentials in local log file. For Debian 9 stretch, this problem has been fixed in version 1.30.0-2+deb9u1. We recommend that you upgrade your aria2 packages. For the detailed security status of aria2 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/aria2 Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmHON5sACgkQiNJCh6LY mLGcIQ//XnKdaUg3sADTTp+2yGSw5hsB4nzoQfM8YN4NU8NbCky1xxZ5ZoQciw7K vE65ULgJ7hiWBR/GEDMJdmAhwyHewsOWDojotYdNqLpf3gQy7t1sAyx4zkN+Fvqp jS2J/xSlqRgNPf5mYqUS5Rg5IhRI96QKTtUvwWWpYXbC5Z3Rd4eHfxpU2BzCmizI LSbjNiTDIwp+e54mnZNxhEHHDzzMAMUQ6UWi2fs2j1enXhhche4cJOvqs2MstF3U yZLnVNqaq7E5v4OcTtQxTqDZ2lt0rZLpfBpdBC1N0nUtrwcGBOlNpnP/huzAygHJ stnmIHhFmwMOwXi8dSaIfDUk8YkYEZi08PMCUm+B3w0CyzsjRnKdVL28oRmFevTC hgdkWIQYrVf/aRIMdPKJLkQaqZVglDjTWXZFRJXwUEWYzlLhQrAXpdQsq7Sqg6vJ wV1eoHBpuFvfu0+JLfGSJCPngj4POYjT0Fqul5sdvlQHT0BW5AAPNrJnd53KAlAK tArQ3yFiMRww6yLJBd6LUCmzlzU2BIzgn0bLyIXvwj7JFF9e9iCcaS8kb6y9SJAl b54YTsqaNlNkTLcgpOnojpxlsTH2HoAAuR8pm2zJaex262mYUNmbYQoF0cD3F7Uf r/aBaPVxDe0iOgRmM0o/Bd5PtLwqNbQ35FsuHElVaFjqbzuhLcU= =kGn2 -END PGP SIGNATURE-
[SECURITY] [DLA 2872-1] agg security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-2872-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk December 31, 2021 https://wiki.debian.org/LTS - - Package: agg Version: 2.5+dfsg1-11+deb9u1 CVE ID : CVE-2019-6245 Debian Bug : 919322 Stack overflow due to infinite recursion was fixed in agg, the Anti-Grain Geometry graphical toolkit. For Debian 9 stretch, this problem has been fixed in version 2.5+dfsg1-11+deb9u1. We recommend that you upgrade your agg packages. For the detailed security status of agg please refer to its security tracker page at: https://security-tracker.debian.org/tracker/agg Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmHOMFwACgkQiNJCh6LY mLEiNxAAljmjwxAahZFf7RJQnmNJbi2vqnqvaibTNEnsUXBb+NEl34Ih5WuReAAx VBLtCjOBdQ2JY6JV30hO/zroC/YgFXAo8m4IXTIOUtAxwQZnzpHT26bfMoDvQr9y MSnroh53ZCQbfmkjTkIG4nmrqKuy1HJd5qXHsgORKb86GSFaCY6u8zGg5ODjC0rS seWVMPIMGJ3aCc1LYtEBBatn9nIFLG0nLkwW/2NsExTqWsc6mO4oFyeocIcewgPs fT4tPIWYWRWC5mbiY1wXPGiB8CThAZa6C0HhCe4VFTRvn2TJtG+rL60mKYp8YDfB KQVGRWAcBuGi2riBrO6kDbev3mCmZC1LSXdmWO0sIQqjwFcZoeJ24v8AVet3Hw/y +S4+c2Xqqp0B8647lIsQgbrxUelxGRDPNM+D3n8mIGMz4tBt2792eGsNgMyK+bg0 LJuvZTZuD8roMW7s5oczxEco8l3Yd6iP6iXZACmklx5v0ZRJ+gZtcbOck4qgPSnW i6Kt/S/U37awT1Y323Hj10MWJjgTiqY0MACxf4vm/PtUKOWypDu9/IO94POJThuM ODUXQOudo1DKN/GPI0WD5Ucqe7iToFEgiXYt58pHphZal4WFIDo+BE33yh4scjmP lePgjXtUJ3fxVh8onTd+T36EH8ZsRJM3VTLNwlNlhD4YwBhUkUI= =m0lz -END PGP SIGNATURE-
[SECURITY] [DLA 2868-1] advancecomp security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-2868-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk December 29, 2021 https://wiki.debian.org/LTS - - Package: advancecomp Version: 1.20-1+deb9u1 CVE ID : CVE-2018-1056 CVE-2019-8379 CVE-2019-8383 CVE-2019-9210 Debian Bug : 889270 923416 928729 928730 Several vulnerabilities have been fixed in the AdvanceCOMP recompression utilities. CVE-2018-1056 Out-of-bounds heap buffer read in advzip. CVE-2019-8379 NULL pointer dereference in be_uint32_read(). CVE-2019-8383 Invalid memory access in adv_png_unfilter_8(). CVE-2019-9210 Integer overflow in advpng with invalid PNG size. For Debian 9 stretch, these problems have been fixed in version 1.20-1+deb9u1. We recommend that you upgrade your advancecomp packages. For the detailed security status of advancecomp please refer to its security tracker page at: https://security-tracker.debian.org/tracker/advancecomp Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmHM1kgACgkQiNJCh6LY mLGJlBAAswPtPEg2XbjxgdH6NaMi68OB2rx5/GbSMMAoWMscFA39DdbJnRupRvXR Q3yq6EzgcUBhFvvGku6hqiLz7f8eaavYKlDHeTye+cWdRxb5xYUmEnu+FEacDSRs aWmSxYimMi33Mtpc3F01TWMAmyOjSAZHja+Je2FqpJ8IRL6GQHqt/e0qeYLzolUL 1hd0OpsTNKIzhcFILeH9D0w70/JAVDb91Oi8D6cukOKDnuUWK/gjyll60odOB0CH oy5ua/ArRggTMC0be8w18NafD6wOaG9r4jVAM075FW6XP3EjxnsLD50nTIY2XhGB UMQhx29P8QRs12E20soycMIUxkiksoBLarSbq+tRLCRo303bXY8IvO5INw1tFHuK 1xe/N7OeVLQl82p6QvxMexymYvtUB/xp/OXWn50ARgPbKTlMrsdYcvFwqjRthlsl On6m4EnkItMFZLCCOTqaV1RdNSFLQpij1BU501nY8SdGX/Gb4ttA4nrGlLeT7q5Z QuZ8a+9JMSI89cK1xrd2MA1u3DEhLj9jmsV2jG3yWUZRxJHYIWJ6nx/7/C0M7z1L LGuiqQd4XMcbxeoDqb8Gab9hivxfpLKUIqD0jR0UCY60P4WbbQmcQ923qljonGZR ew151zJv2wOHtAfCyNRpXCmN/ExyCK3/b2LRUO82zVXZK3wzDV4= =qhuc -END PGP SIGNATURE-
[SECURITY] [DLA 2857-2] postgis regression update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-2857-2debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk December 29, 2021 https://wiki.debian.org/LTS - - Package: postgis Version: 2.3.1+dfsg-2+deb9u2 The regression of postgresql-9.6-postgis-2.3-scripts being empty in 2.3.1+dfsg-2+deb9u1 has been fixed. For Debian 9 stretch, this problem has been fixed in version 2.3.1+dfsg-2+deb9u2. We recommend that you upgrade your postgis packages. For the detailed security status of postgis please refer to its security tracker page at: https://security-tracker.debian.org/tracker/postgis Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmHM1K8ACgkQiNJCh6LY mLGTmRAAk5GtFnRkQyZq9FDdbPVd/412jxAatE0T+e2fxeUp4EwoEHHg64cwsRVx YnUBEfmdA+EyaECceMvJRggyjETl8YF8KM2MMoBxPC7bpVKU0JfCtCGfwrJ1J9SP bM2jmiNc0nG9ZnwvxxZt+kolxGjUaKQWIFpoEcGD4pmphxTVaJIN/WtKt0FRjBrL VbINNBFhnz5ys1R0CvTYco6zWL/Y8EcnZ7a60lGMLZD5mBpJkNNDsda6nzHmP1Ft l5t7gUqZIDwCGCJ43ROyRp1wGEstCBlDL1vAiqkR/CO1TLxGUd5HBCoqN6qSxwVh 2pr6unfWfz8gYRFURJK6u1Tz7qxeSqKjWfjWBcFc56To13Hu1wHF//VPBfnDU/K6 yDV7gYlPKSzA83t9lKByUTj2Z5kbY+493UVlRFpyCP4mMFfn1vxAUjLS5zGlwkRr c5SWKRaFe+2yDCXAr7ZPKS7y/bjsML7fb1GoRmYOJ0wZ+0jXkpcocpcxtFFU7BT2 SaF4Sel035dFzFfJDzO+N4iMGzGZTFYWjwSnuj6sJHvFIlZWuKwK5blaD8zTzN9J w6Z5pOWCOATG/SS06CPTvjWX1mVrTd3t8LeD+NzrZQ9XupSOS8uRU03QAoULmeB4 xGV/XDAJO5OUHpLS+DKuYsXOiQEb2YIWyvtgbRuyfrpYBsBAI2E= =9xL7 -END PGP SIGNATURE-
[SECURITY] [DLA 2866-1] uw-imap security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-2866-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk December 29, 2021 https://wiki.debian.org/LTS - - Package: uw-imap Version: 8:2007f~dfsg-5+deb9u1 CVE ID : CVE-2018-19518 Debian Bug : 914632 Access to IMAP mailboxes through running imapd over rsh and ssh is now disabled by default in uw-imap, the University of Washington IMAP Toolkit. Code using the library can enable it with tcp_parameters() after making sure that the IMAP server name is sanitized. For Debian 9 stretch, this problem has been fixed in version 8:2007f~dfsg-5+deb9u1. We recommend that you upgrade your uw-imap packages. For the detailed security status of uw-imap please refer to its security tracker page at: https://security-tracker.debian.org/tracker/uw-imap Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmHMlvEACgkQiNJCh6LY mLFUfw/9H/LAGXUhspgih47P8cNXQfRjooTEmrR3Y5zWx1zqJn4rWd6GMsOKtKeD hgaG3aGmLU6+mrdsvElmRn3uFzbzIffQmTeOkpKZTwEKCWikaAP6qo004V4tONVb 6NDG+kacIlqOcSBCioq/rXohz2WFCU8gEoxytCVCYCn0yeeKpuJI9T0hTRRAT72/ FXrlL3OLsy3j/2yMFAN8nGLprx+hxSeL8fOx4FXejza2/OIM+m9n31v2t5uNj0kx ohTfw9f059hALN2XTNuBIL7GDotlAhCB+goxKvLZsSadLolxg9bj27d3FHAjIylg zkN+DSLIWcDt5oVmvHNc7LaASnQIb3GJJpB/Qw7sKjoXMsrer97LIGLgVX6Zc3Bi QcI0wBJMw+trgHTcyM+kW2gWOrbkmnchfUb++ZGr1+UugbopRzU/rtxzGc65BLq3 Mqtndc002h3QXc9ra+0NsWLzxLWCuybROCQykw0DkO6DA5wx+lYNvRb9yQt6ul+E fsqLAEFpellIEVntOq3dxxfOvE9lDBh72fmG7d0dv1YHNTpnJOXr0jf+jBKzZ7+X Pu69dkjSbzHmvGtm2dFcUrOA951x+NPzu4TxiYZXaDTWh+Y3Ei6fu2TKmsWOWDQJ iYt01xc0RNv9Uqp2HQvvZqY9Ey3DufUi8y/eedznrSS7iQ0M1fY= =5uuh -END PGP SIGNATURE-
[SECURITY] [DLA 2865-1] resiprocate security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-2865-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk December 29, 2021 https://wiki.debian.org/LTS - - Package: resiprocate Version: 1:1.11.0~beta1-3+deb9u2 CVE ID : CVE-2017-11521 CVE-2018-12584 Debian Bug : 869404 905495 Two vulnerabilities were fixed in the reSIProcate SIP stack. CVE-2017-11521 The SdpContents::Session::Medium::parse function allowed remote attackers to cause a denial of service. CVE-2018-12584 The ConnectionBase::preparseNewBytes function allowed remote attackers to cause a denial of service or possibly execute arbitrary code when TLS communication is enabled. For Debian 9 stretch, these problems have been fixed in version 1:1.11.0~beta1-3+deb9u2. We recommend that you upgrade your resiprocate packages. For the detailed security status of resiprocate please refer to its security tracker page at: https://security-tracker.debian.org/tracker/resiprocate Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmHMaVgACgkQiNJCh6LY mLFOUhAAtfuH7ymIjfJOtlgw0Z3ivQ3t/4QD2wE0/DNhsdKLrvuwlNcljz+QO/Va ux86u72ATrvNUj9w3hu7OnXlgvzCSMNii8/21z0v0ENnXokDoVm0f3kJm3AQBavm PaYHfhORHYphP4y+fs11RYtDmGyWF5W0uqYa3jC9Vso1/4Kd0PuekcOJt06JZA5W C1qkOmgWzUN7vRoGRrDRnLS8uNZ95CVCbAtq5dQBwCJ7KO8yNdTZBcjugivLDV82 ipxENbERaTODSIsDx3XMzB1zYb+9NPsStzqsDNPX53ay6HAQ6T+ZGdrQRcwNtKgp NoYwnVb19YOiebkQd/NvoUCJuoZ1ttJ5MIQ/GzJF3aG/CirZu2VZwire+jXHyCgO G/lvvRXifjzYaULGpT15G4J9S9GFx78bWtM53aVDHwAZ9nJxl/2XVvyDgFz0ECQz 6cPxaVUO13AV3xgaBZDvG4P0xKGSX1eSQGQtJto+pK4JuvA1fbFfeuwLEQW5MD/w HzN0WGKnAbku0a4VQDw6rMnZp8glBpoUqNlfECuMVomd6w4zyIwqNhlIf0mJlL1U 2fQbC/RrgwUV6ESfotO4+w5CSqaYAOj63WkLP00nNV17F7K1X7GztKbUfB3I+RfJ 22KJg/XAbLSCmwhGZQY2MggsBSDrztO97WXMZtHftyPEi9J2FKQ= =uuTe -END PGP SIGNATURE-
[SECURITY] [DLA 2861-1] rdflib security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-2861-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk December 28, 2021 https://wiki.debian.org/LTS - - Package: rdflib Version: 4.2.1-2+deb9u1 CVE ID : CVE-2019-7653 Debian Bug : 921751 The python-rdflib-tools package (tools for converting to and from RDF) had wrappers that could load Python modules from the current working directory, allowing code injection. For Debian 9 stretch, this problem has been fixed in version 4.2.1-2+deb9u1. We recommend that you upgrade your rdflib packages. For the detailed security status of rdflib please refer to its security tracker page at: https://security-tracker.debian.org/tracker/rdflib Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmHLDykACgkQiNJCh6LY mLF50g//TKenyICoR8VH6nTWHsY5rg1p21HXNEmQ+CpleWPPbgY1yATUj4UQmj2K jOOVZ/dyzFJ6CcAx8ocHEOcIa67KHIMLWqogDMJ33kMJdUDGmPi79sZBGI7ZL94T g09uGPdOxpIhv8lijpdKiIx0JxCUYUilm+V2IKliJEjlBo7ZS452FM7ynIEWO6Fo hJHvKtJhrvBtPHFDuYS2x/toOyavJI1mKlsRq2518v06ii29a0cWuM3zyAr5yHs6 Xhv9VPZOXOoRvbXm34RJdAxvMlQ5aJ1LeU7sJhJLaBHhGYnJZ82S9D1GefKdu49u BIdn1SKFonap9n+CJyytpiKL/CE8McpmmPjQaQyAu756g7YK35oPwJ3OfCheyDbS 7qEECoNbu5/M6amCiZjyXdBSD+AYTbhzI42dTmMHfJcBmt/+7lGyI2GUBH9aLAGp ZgJ6jsoluD3Aj4lMAyBNZHSoU+xb6fmohChMoateJiVaaDc27duI+d6weZfqWrzq vZseHwXPPvhauH/MRnRe7wKMnEU5jIBQK/hQGbX6dH9lhkB+94qLNi8HFc43s52I 3942nnjQHt7afLlXRPHL58GPN+Hx+TvWZyMikewkdYKcbhn4jAglwP/1QFpeLIda d0XNsYutfovs74QP9jb01pWouasqDMGKD0jYzAM8yp1eDZL07Yg= =r7t7 -END PGP SIGNATURE-
[SECURITY] [DLA 2857-1] postgis security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-2857-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk December 28, 2021 https://wiki.debian.org/LTS - - Package: postgis Version: 2.3.1+dfsg-2+deb9u1 CVE ID : CVE-2017-18359 In PostGIS, which adds support for geographic objects to the PostgreSQL database, denial of service via crafted ST_AsX3D function input was fixed. For Debian 9 stretch, this problem has been fixed in version 2.3.1+dfsg-2+deb9u1. We recommend that you upgrade your postgis packages. For the detailed security status of postgis please refer to its security tracker page at: https://security-tracker.debian.org/tracker/postgis Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmHKOLIACgkQiNJCh6LY mLGyFQ/9Hn/I6qKpYOawYcBOTyypvRvXfQbqBvfTqReteexTNcQIsfWYUiIVK2nD Dl7N4v2pbARUb83C/q7uR0AcRj43QMTEUPJBhPTianvcTqFt5QYNhLRqNm9n2LVw VYDU5z9r8pDV+8T7jI7NrSBBfnXBcWWl2ApTUCCWWeyqfh1Zh46JiZSFiFUtlvhr gjC8WmEriBt8pD/nCGvt/XjE6k5KO6aKxY/Wnr+kisy9ACWep8HJXGFDorN/br/R LIMn/yTbpInDLOb2uvYJrsZ/fuLbegxq4h93ZhzW7j+w4Ktx9Ct7LqH+DTPscwG4 USFsWHW1xyrwn1TXsnJTH5FjrR63ow0d9mclzT7aop4h4qzj7rklOTtUS5t3b4kC aI2DrPM1vsabeNER2M2AlGvivy9i+60XbANZTswYAYppyxGjfHqfW3UABupTOW2Q zsaf619/UG1hu1XTP6lZSxQuhr+l4RrrwKeZdj0PDEWn5q9+QhGpttoScZ4vE2sa NtsQfkDHAIe2ePJMPQaNeMQDnehLEdboMVH0i8D5kpv9gHB2CGvDzSgeOAhxlVoX KEB9dTaFqhtpI6BzHY1PDnxBerhjMpFgkkI3RcOYbXdlf+ghxxyjOYzg4RJM5f0T Dql9VYQ/bdN6hY81YV9HMUzrOSOAK7BrJDzdZfRp6ZeR6yIn3as= =8wL9 -END PGP SIGNATURE-
[SECURITY] [DLA 2856-1] okular security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-2856-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk December 27, 2021 https://wiki.debian.org/LTS - - Package: okular Version: 4:16.08.2-1+deb9u2 CVE ID : CVE-2020-9359 Debian Bug : 954891 Code execution via an action link in a PDF document was fixed in the KDE document viewer Okular. For Debian 9 stretch, this problem has been fixed in version 4:16.08.2-1+deb9u2. We recommend that you upgrade your okular packages. For the detailed security status of okular please refer to its security tracker page at: https://security-tracker.debian.org/tracker/okular Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmHKI1UACgkQiNJCh6LY mLGu8A//U5qqPeqPtdtTFGNpiPuuMtXVhZOTuzTWZGPM8MVQewoT59Wl2twilCTq xdHV0EOP6V6ADAkIVjeqCU2SgHSvT6RujHpIfQ+PPalSPuw8URQ3phiO4UYb85nM gr8RcfYVNYnTZY0fRtrsviuFxReD9Lu2K5D0y8wF5vEmDLZiCNVosmj+J+SS8iWL Y0qHaG3/dQCtARjGT9i8JqXbNaV4SLs2w4yRzGTofL2ycxVHsbKviemwqUymhdMs FQOg1yoEU0wXHszRVTOLxIlxQ4Un8FDDk+va/Mzl36fWP256R+aBlCMavS3XD+1z 0MaAPgsC3kBWhz+g+42iqAAgxSe7E8C+eLwrce+6cOWNE1UkTB01GckaHQJjs6oO xlhkB/qOkTo+TJ6VxIcSwgKlKSrSVUNPxXMLqcRYYOAFz2socktBq1n3c3SDOEFQ lw0ttv/f+mVoZKKEcEsAftS16rgGAtm9/cqOucqHv2fIDDc94oasCyotBUM6VDF9 TqC9vw0+2WHrJbUjRcAOr2sIQ+8ve3QZ8YxSu71AygbEPyuKOdZmGhnxYBvwjJpU peAMs5Lafh4Z3EI1SLTDaHonIt1I+Ev7Syjqykd8tdXNdN57+AJTaWOK8S7TAbuy 4psGJbmh8SQV7OT2EJlaQioyyGZ4xc4vYqLc/LzuKdyr5Ys2V6g= =0jin -END PGP SIGNATURE-
[SECURITY] [DLA 2855-1] monit security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-2855-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk December 27, 2021 https://wiki.debian.org/LTS - - Package: monit Version: 1:5.20.0-6+deb9u2 CVE ID : CVE-2019-11454 CVE-2019-11455 Debian Bug : 927775 Two vulnerabilities were fixed in monit, a utility for monitoring and managing Unix systems. CVE-2019-11454 Persistent cross-site scripting in http/cervlet.c CVE-2019-11455 Buffer over-read in Util_urlDecode in util.c For Debian 9 stretch, these problems have been fixed in version 1:5.20.0-6+deb9u2. We recommend that you upgrade your monit packages. For the detailed security status of monit please refer to its security tracker page at: https://security-tracker.debian.org/tracker/monit Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmHKEYQACgkQiNJCh6LY mLHZRA/8CeDnL7MklFtIaYe/gle1v3d+uepa8qflBP+ev7/uKu6I6yo6k6oYBfiZ rICvlwJvxBhQl0svaCEzdKzB3tOq/9TYfY8pbGFsmkUjJ7uNVtEAUPjV/EQjQRyf 050PjNNTTzLaGih1/JOE/EpZIUYr3dcGoDgPtOzZvG8FUPz5PkpxOX24yqg1LP5l cJHCJLiI5MPgpyqNKRrJrtEbcY7Dwgp44UGhRblWAVD27IEitMIRlVfQIcjr09zG zf5eGaXf5Pyjn6NE04RaHkyZhoW37w4o09AND4pU2phcnaTuCkm1c9KntYbRGgEd HYOGml1uaJxJ/qxiqrdpCEUQcdfGPcwuySSHDsiOTpJ+NKUQcpCuzY8YYUvBpciG x1JAdYoi0Slxo3lNxUdIf8Htnfn+lF0OryyNOZi6i8ijX4XKzJ+cEtMsCxQ0qXcJ sIMrzN4GH0k8tWI6s/pxqgTQfzPC8FRYG/nidhUOkJl8L7T1urPfvJVir4KVeuBA 9G5d9rtHPXS2d6sEmL6MtRX06Cz7R915ujR0VlUAaHPVvOdYGBcMKH/CXZwtSk1n aEzs2ClHmvDTLP8yrJxIxMT4fbhVLKnv/4ehBWBAE84qIhTuZwNordhn2aa4tajZ DTd6sH6B15n3FHZnZxr109BVGco5+dHcVTtx8xRGOagUvVOtUMY= =x7Im -END PGP SIGNATURE-
[SECURITY] [DLA 2851-1] libextractor security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-2851-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk December 26, 2021 https://wiki.debian.org/LTS - - Package: libextractor Version: 1:1.3-4+deb9u4 CVE ID : CVE-2019-15531 Debian Bug : 935553 Invalid read for malformed DVI files was fixed in GNU libextractor, a library that extracts meta-data from files of arbitrary type. For Debian 9 stretch, this problem has been fixed in version 1:1.3-4+deb9u4. We recommend that you upgrade your libextractor packages. For the detailed security status of libextractor please refer to its security tracker page at: https://security-tracker.debian.org/tracker/libextractor Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmHIxbkACgkQiNJCh6LY mLF6eRAAlRIutXMZIvGM67b1xFnKqLMSrMw8YtErELWFNi25x8qV0fELQJbGQQJw ycdm6Nb1BMSbMOzlkKbhJ9pF7U3WSvD9JVlmRPs0BHAB8AiDAbZEk5EaSU6nE1bI U/J57XYXU9+LZnuC31EXP3YYaTzr9RHw9OkbRf66SfVF79wT0Pya/iBvBjfI0qmV 10k8JqIwDyileioDbFALqU+J5L9MeQoJ/aJO3OsJB8h13+KwB3+TbJjQTC/3yI5h 0Wa6390fbd3jOtVBJ74ViG6Ep1cNnERX38Aa6DN+88PeYBS4CMlxQ7Gzxk/iBpP8 Tx9QOMkNWoh7I9oZo3eOJ3eksseCzKQOuzDgZ5yQv/C9sXCt5EFIOrkUB/S71wuX Ae/h6OyGQwnjnZJZLg32Zr5AK+YKvLPb/l7fZANI7/c0ADXAH2oMyDTSJ74FDQZ4 7uTI4wHqjX9RYYz18vZTTSaI4/oan6ee19B7dMmH1X1DTxZvG+7TJKDyjJgou7Mv wmwTl+/O4Bavq4G+D5YOFkJA7jIRH9lZfYG5jJcom72mHBn0DpBtklUApNGqbns5 sq+J1JwC1TmhWFPysQMSHngyfCBe1dNE2pgUaP8tIraMwWpK7IzQdjx3Q317kghl EcfJzd9foBSuDnlNAGdLqtl8lN95bCFRYVk2VFb4gdfudGfV6/A= =IkFl -END PGP SIGNATURE-
[SECURITY] [DLA 2849-1] wireshark security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-2849-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk December 26, 2021 https://wiki.debian.org/LTS - - Package: wireshark Version: 2.6.20-0+deb9u2 CVE ID : CVE-2021-22207 CVE-2021-22235 CVE-2021-39921 CVE-2021-39922 CVE-2021-39923 CVE-2021-39924 CVE-2021-39925 CVE-2021-39928 CVE-2021-39929 Debian Bug : 987853 Several vulnerabilities were fixed in the network traffic analyzer Wireshark. CVE-2021-22207 Excessive memory consumption in the MS-WSP dissector. CVE-2021-22235 Crash in the DNP dissector. CVE-2021-39921 NULL pointer exception in the Modbus dissector. CVE-2021-39922 Buffer overflow in the C12.22 dissector. CVE-2021-39923 Large loop in the PNRP dissector. CVE-2021-39924 Large loop in the Bluetooth DHT dissector. CVE-2021-39925 Buffer overflow in the Bluetooth SDP dissector. CVE-2021-39928 NULL pointer exception in the IEEE 802.11 dissector. CVE-2021-39929 Uncontrolled Recursion in the Bluetooth DHT dissector. For Debian 9 stretch, these problems have been fixed in version 2.6.20-0+deb9u2. We recommend that you upgrade your wireshark packages. For the detailed security status of wireshark please refer to its security tracker page at: https://security-tracker.debian.org/tracker/wireshark Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmHIwmAACgkQiNJCh6LY mLHgMg/+Kd1wRS3kNX5Qxvf3Zi/+kAWLOcLGeTzsuXG6Gxvokyh957PV6TiCe+N2 J3m1h0oZQECWrPf/4l/m2I3adA6P7xlOX2ozO5PbtRPju1+FmqY8fs4mEDEgrR5d z608Cvyl32Y+vffze9/rpSK6UzLzW7QnKX5SKRNt6q03q2pnAOjT7ED79AAZXPL0 b3mTHQsiAQO93t+6D0dXf8oUjZ/FFM2anTDPbRcGQu5f32pFv+KCLWEMDUwdA8Nx iVbVk/FL+tMKtd/kABUFwa3gpYDbm/1fH9kHFEamElOsv+R9qFzITgnZr+tKRb6P 1AP8FJhLwcNMSk8FXK7BEIOIfxOTh3I/9eC4KLOznKIfGqPYSrQmFJIqJ/l5xyej PXyo/Ygf58OQbeLSZkOiTlq5yhJmxOj/G81sDx0VxBgnt6JStBo3Vhqlz2Tj0nYp WuOLFUW+k74NpG0rtfFU8hJjdrKzvvqGhS6XBmDuH9RThKwi/xyPEhZI+DQxL06n l1qaJ1tfGiOS0mLWP+ZU8cOLdmc2jiQvdOdAe9onFyQPkJ8Knsa+ik+OuVC3VMXK X0NwdVPpb+p5DcIV4cE8yei0YXZ2CZDugA8s4I92HwIQ/Gn6tYq1lmYpG44pigGI i6ZJczH9UYzOXpJIiHlqg6OsorE0mJxynLbWdYo0lXnbqNOWcAk= =b+J5 -END PGP SIGNATURE-
[SECURITY] [DLA 2850-1] libpcap security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-2850-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk December 26, 2021 https://wiki.debian.org/LTS - - Package: libpcap Version: 1.8.1-3+deb9u1 CVE ID : CVE-2019-15165 Debian Bug : 941697 Improper PHB header length validation was fixed in libpcap, a library for capturing network traffic. For Debian 9 stretch, this problem has been fixed in version 1.8.1-3+deb9u1. We recommend that you upgrade your libpcap packages. For the detailed security status of libpcap please refer to its security tracker page at: https://security-tracker.debian.org/tracker/libpcap Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmHIxJEACgkQiNJCh6LY mLETvg/8CK9+TXruBN5nlo7xikNd+K6x1ukuMwar5VlJ75tlnpPkZjxqH+Tu3U9k OLgSelTTFB6qME1DP+q5dxGbUB7SZMgVJMGkwIzy3c8DJRYY9BBHA+Qi/oxN4j3R JFC6+SJDFfEzoNh5QT6+QNHv8AEtIZb7HoCxkS32hVTcMSkYFixKCqXrgyAu7QKs NJ/qvi6yOnxmdu7d5TR0Fn27ZUi8mnQQdXnaDCXc2q/UX1+XB8C40IJP0RE6IXKI Xa+EqH1PJrokfzgfkmYsi578Kj5Q32PdjUh6VRLmPR2Y2qzjunNU9+PBz/4GuN9p BqWxWlFerHTLQdVQyShorzl16qKVbwKuSrtoogF3e9gJ568ELVXkD6uiJlJHqaEW GJuYPybrokHAhq0qjCNfjlwIwlAv6/eYJnjQ23ffN2KX7FQFNQxZWUj9+WJx9VyD YF1qMTemVRlgtJCnfkK+neg1Hb8Bc7tAl8/sVR2ry5sAOCMwWYSYgqno0f3XxTNW UcYf4GzVGEdr5YhiqK3bBa9DHKb4HkPtfB23lC5xzrMiN54jlMMVG3H2iWyUpReZ z2F6J4OWyjsOApyHHlWvKyAWSIuLpsasfHoIN4orhVB4rbrVWhbtLBaTCAhzlJTd 99lRdq514wClUqOWggy3sp1pVqqNXCvcREVicUJzo3utGn16ems= =5bpO -END PGP SIGNATURE-
[SECURITY] [DLA 2835-1] rsyslog security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-2835-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk November 30, 2021 https://wiki.debian.org/LTS - - Package: rsyslog Version: 8.24.0-1+deb9u1 CVE ID : CVE-2019-17041 CVE-2019-17042 Debian Bug : 942065 942067 Two heap overflows were fixed in the rsyslog logging daemon. CVE-2019-17041 Heap overflow in the AIX message parser. CVE-2019-17042 Heap overflow in the Cisco log message parser. For Debian 9 stretch, these problems have been fixed in version 8.24.0-1+deb9u1. We recommend that you upgrade your rsyslog packages. For the detailed security status of rsyslog please refer to its security tracker page at: https://security-tracker.debian.org/tracker/rsyslog Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmGmtX4ACgkQiNJCh6LY mLGOPw/+PkypU3T30ABLp5VTzxH7BvYSDrHL5ASm7YFBLd013KEDcRQ/IeVglGgU 9u3qAqPIsupzg0KXRw5gg3HJlmBX6oPMamH/90iEbBGlumunMcxyqoO42H9HIIag UQ7wTRamcZUfDo2BgQdZG8tiEFcQDkfkCC/v4Sm8vF/+/ib53vgviDs1ANGWBIHZ lV7m835DkOcASYO42s/yDw7+rjJsMOg/PIGYaPHdHmSacDq8vGShRVij5p8f0tvO RDHebqD9DbzyVhAYXPMvD5KfUOZleloD9tnLgNJ5yTI1xdbQYP5Juzww4Npi3qx9 Ze3fSKGRZvmx9FrwAqlcBPG/ApSUZ1PINbpMkkg2bR+CWpgXbUXegswIgSH0Rw/M Q/7Q3k7LBK3GJfBKjxxoecBkXXvriLvdAiYGCf7bmfK/+55kK7hSDazrArsYO7bC jszlksT4NaD7cTUbW5mwE+TaTi+4e26ect7oiyT8bSrSGru8YeJNTaVhl2cV6TUD BKppnt6+Fxl+348Q6DlHhSEpho1pnKPtpxJEdE2tMG9TSToJXw8HNgMsNrzpM268 GGFeQYL7Tgd9rQveoXb/DtV+SjLqu3Z+Ko3RP/nOfAaU0sVt0Hs4qvGWwn81nK5/ rOCkbsDYLNk5XUletPsmXN//6gnOt58sFTA569ijwUzGRKKdAu4= =Lkge -END PGP SIGNATURE-
[SECURITY] [DLA 2834-1] uriparser security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-2834-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk November 30, 2021 https://wiki.debian.org/LTS - - Package: uriparser Version: 0.8.4-1+deb9u2 CVE ID : CVE-2018-20721 Out-of-bounds read for an incomplete URI with an IPv6 address containing an embedded IPv4 address has been fixed in uriparser, a library to parse Uniform Resource Identifiers (URIs). For Debian 9 stretch, this problem has been fixed in version 0.8.4-1+deb9u2. We recommend that you upgrade your uriparser packages. For the detailed security status of uriparser please refer to its security tracker page at: https://security-tracker.debian.org/tracker/uriparser Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmGmtEUACgkQiNJCh6LY mLFaQw/8Dfsub+UELRyi0tgxDNvYapQndWI/fFK0TLYhaKWZfRI+lXDmlneJcmq5 ZjWn42rliO0t+yq3homx9CbinMhDPDaSANXep9GfDICTvf6XWJU1Ku6WQkSnPoDU W+PLdLe7DQClOVPkNlgSwl2+6Gj99SQyl2u0+BnWchN/9I11DudfMYfyaBxlI5je 8lt4kBvv/QMwr9f/CqvQoovYwWGuv8kDGDxHhM8BJ/c7XJRWkLccDxsPpbAQ5/Y/ csFqlKGh5NAgF6/mPEgo+sv4TuJQfuxZoRlmZvhyWZ1fJ8q14HVFYqrEVAmJNMRT s0hVg8K6rdcJbrnmGWNei+KKYTU8hXmSwrmaFyNNug7Fn3NzgoeXQ41ohl2VUkio cM9ZNHzm5v6wka/LkSq9agtxyzdQrMTgXTvYawGjF121X7pyDYboyu0Ydheo2TEl dvuMH0vJQdC3lQSH9jh3C0OqzJJ0xWWJZUiBC0W4dJy4TdBYT7ye6s8wPgEOmvOg +/rZ8CX5HwPM+92DXTnkVhfX/GfVJj3fvWwrgSu0QMNeMF1zHiEI7Q2ie4ULtDgy imqlYCpXjKKrJpuRiES/JkhcZf3pWluzhzlg9F7QP0dcBbewIjnMCqBFohum2BD4 v/VrsZsktda/l3ikQ5rzf0TEptFAdRsr4MMbFk6OR9pQR0iLjWE= =AuK+ -END PGP SIGNATURE-
[SECURITY] [DLA 2833-1] rsync security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-2833-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk November 30, 2021 https://wiki.debian.org/LTS - - Package: rsync Version: 3.1.2-1+deb9u3 CVE ID : CVE-2018-5764 Debian Bug : 887588 In rsync, a remote file-copying tool, remote attackers were able to bypass the argument-sanitization protection mechanism by passing additional --protect-args. For Debian 9 stretch, this problem has been fixed in version 3.1.2-1+deb9u3. We recommend that you upgrade your rsync packages. For the detailed security status of rsync please refer to its security tracker page at: https://security-tracker.debian.org/tracker/rsync Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmGmlc4ACgkQiNJCh6LY mLFpsRAAu5epYQvH4sagJ7/94XaromONK2uzHEjh18xZ1b9uA7yz7oM7AFDMl9QL av0+rF4ObXUicdYxVSeKJVLQhN5jwUQccpd2XTZC7LkZ51/odDMu4JNkiBO29UvW 9gMRK712HMjbXfw97Z6KwD/Nsvj8bOa10kqgibbvSBw/GT98aR5qPqr4CJ5kNsbc 8O88iYSbHI/aABzuibGIpk+mPYeXlyNPZ6KWdnTqWQAr7r4KvuQz4f+W5Ymwq/yr Kov6BZjhTwT/TjdwBJL5o6+yRBm81ZDG9ULP+SEunC89FM+uYa75pqSVTrH+pkg9 FoH0eCx1GSeXYpzCgT9yqKzwNvHo5xqlqPImIYFJX1ar1lpNCeH5d5ClPVQ4IpKn sGq1aEhojynYoAQobBBRIehbAg+I5ZsDTJ2iabYkDzTaVbA5uQ7kd1sqBqdn7GPO cgw3wfog/ownbsvfiffXVAV+OnDt5LL+yqNxbNFnxqSf+J8578RdTs9Mh8By2N4R p4O8UoP/gebbQiwrCLjv6eJm3AGlZoCCfgjPTWXC9Qgs19MMZP0ZTHA6+TtB7Yq3 78323YqmrUbK+5SN8wB2W449A0Lg5k7Y/blJLyRH4TcHiX4RGxPP6yMVP8RVKSLp QnizEkkBBwg0w9P8hY85plHwCQBO4GRQ8l2izYST2lp2nslTeEk= =4ZSg -END PGP SIGNATURE-
[SECURITY] [DLA 2832-1] opensc security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-2832-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk November 29, 2021 https://wiki.debian.org/LTS - - Package: opensc Version: 0.16.0-3+deb9u2 CVE ID : CVE-2019-15945 CVE-2019-15946 CVE-2019-19479 CVE-2020-26570 CVE-2020-26571 CVE-2020-26572 Debian Bug : 939668 939669 947383 972035 972036 972037 Several vulnerabilities were fixed in the OpenSC smart card utilities. CVE-2019-15945 Out-of-bounds access of an ASN.1 Bitstring. CVE-2019-15946 Out-of-bounds access of an ASN.1 Octet string. CVE-2019-19479 Incorrect read operation in the Setec driver. CVE-2020-26570 Heap-based buffer overflow in the Oberthur driver. CVE-2020-26571 Stack-based buffer overflow in the GPK driver. CVE-2020-26572 Stack-based buffer overflow in the TCOS driver. For Debian 9 stretch, these problems have been fixed in version 0.16.0-3+deb9u2. We recommend that you upgrade your opensc packages. For the detailed security status of opensc please refer to its security tracker page at: https://security-tracker.debian.org/tracker/opensc Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmGkmcMACgkQiNJCh6LY mLGB8A/+PHkvaXLUjC9VshwFhM6BrR02OO7S46zbFQvtgN+mr+G0XfdPTQW+7m78 SJhe4khp33ldT8ldfrsqh3adwR5nVH6W2QXS3c9HgmV8BU+Mu2Er8g/tH9Y35gf9 NoaUNWL7PMOgxZvqGG8HJbJ2xLddPaDV0GMPDj7I/wBx68HUP7jxWlRKZxU8v5VB geu2CP44fq9veV2sucubxpkASyIogAUeXPaAucdnwklh5qdXZdYqq7+o97OqChFe x633ud2UNc/pRjLMPaFpODZU2wr5CYbM5b6HSqrLU34VuBUfVagt/ZtTr2FU1LHE z/3aoVZ3qKVVknrrnNRjkJRbm+dRnZDjWBpBVrOUtbXo5WrUS9ajvV1zhKVYv1sA 3d3TT+69MFjmeu0BtpgWx0e8StPKnNStipQQ40ACSb6EgglenMxhpCw0qnJlyMaP xRTrgEOvRLywqpjAzz+o1l8ULjaSJ5ZsGemVk0l88ZaKZbyQiOwz0sxb86ZcYA/a DenustQzfRXWJWnxZFkPXYc6KR4v83OEZ0/jXEd7Y2EYLmThL2NJB5/qTVCG45LF xS9zyc7/aLWchM5yhaNQqzV+jLA/5tWhxUQL+gZfhwJE+Gm7Lc4Uy2zshPjvEPPK XY3alj2C7134Q8CCxNxo+1Fx9941v3t2y7RntHoCQpKYtzUhzQg= =AJ5L -END PGP SIGNATURE-
[SECURITY] [DLA 2831-1] libntlm security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-2831-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk November 28, 2021 https://wiki.debian.org/LTS - - Package: libntlm Version: 1.4-8+deb9u1 CVE ID : CVE-2019-17455 Debian Bug : 942145 Stack-based buffer over-reads for crafted NTLM requests were fixed in libntlm, a library that implements Microsoft's NTLM authentication. For Debian 9 stretch, this problem has been fixed in version 1.4-8+deb9u1. We recommend that you upgrade your libntlm packages. For the detailed security status of libntlm please refer to its security tracker page at: https://security-tracker.debian.org/tracker/libntlm Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmGj1IoACgkQiNJCh6LY mLHQBhAAl02afNlTzguUk/Nsg0T7VplmnKPKmUWhtNaawtjmuhFPNYDpmoyPT0TG +Y5eY2CU7I9752FDCGGVrzG8OQKiUeDNFhAsd/oAFlquDS9CP7Gg0YRAMXU7FApZ CUGOQnLn2XDUWWuvqzoN9DF4g1iRpZ/KWD4iIR8w55olHJT7KufgCeI6lvj+WYot DxYLVa98I8q12mVgYmso8+2gO+hRs1Fn1pWdrOzkgfUYQW+PiYVq40TMjRADEoTB XHXTk1VS9wMeyBFozUWB1ZQWkkIZ83BuTnOHJsVrSL0Qfjmwm+dGRRt7fs9NBX65 uxFQlcv7auIWKvhF7wY2WomPC+2xDk8CeZMf1KU4k9+CTT0C/K5V3YXaRF+FksJR rhBL1x7xzBTHl47GLYWkFKH8XusVJyDGMbM5YddJtUQ/EgN1W6VEcaOtzDv28EH0 ot0ZN/CsVvrUGbBdaSzN4nvfYYN2UtXpQuiHKYi4qy7yAjC4jJwfAQCOrOX2MHDq IcA0fzorryokVFsiIRIeVx7E9kCEO9d8jqcGMNjYL7CS39HKDEsQhoJ14tbjShyj aEGvNhTFBamLtaQFYOG5TtsSKFG+i85gicVz+JFGxezS3aC51RF5328qAs8CG/ii E6rV5AA8AlEY2aXBHEvObmBr98FgTVjMkFW6W7IrFT4Kx7d70Ok= =H+Gs -END PGP SIGNATURE-
[SECURITY] [DLA 2830-1] tar security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-2830-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk November 28, 2021 https://wiki.debian.org/LTS - - Package: tar Version: 1.29b-1.1+deb9u1 CVE ID : CVE-2018-20482 Debian Bug : 917377 An infinite loop when --sparse is used with file shrinkage during read access was fixed in the GNU tar archiving utility. For Debian 9 stretch, this problem has been fixed in version 1.29b-1.1+deb9u1. We recommend that you upgrade your tar packages. For the detailed security status of tar please refer to its security tracker page at: https://security-tracker.debian.org/tracker/tar Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmGjeGcACgkQiNJCh6LY mLHSHg/5AXIjprt17Hm8R1Wf6x+jDa70VI2AJjz0lXqIYIPAnipPtpcshz9UJL3L ut8/Jg/W9gcCUNzj9WcQcJ3n3sPGvgUZCfeAsCr/bA8ISaXHmxrNIpJoJ3wiitNn zn3gaEWxLL4puONrZagUiYIKJz/938STCxnV/aqViIgDFwPKyrrYGkoW5+o6PZ41 2Cfk1y4uVwz0CP5rhEDDsq2W5RaR8kCCansIkdKpTDemHibPelpT172X3tynRA7E sWHGNrrkCuWKI0kD9NQB43smWAioQHlLBIaMVDGo/WyeFq0on6Jx6p5FJF22yxNK MInn/IC6tsFpaE+RQjfmUk81CZ8dB5diMjVFfkjt8cWqKchETIeW6oosjy1m4+WW 2uy+TzmfRtwYDfL6ceP0MOVCKCz8BDvftEjTcO3iTXhxxtPNMF4oeuM493TQ7PeQ KUef9mYTNa6ICcSLcxNUUQFMb8OflDOXOiz0Ie6RampkxMofQ/FkYkzWbjPsAu4G 0nmaTgrBNuwfzguoIqCYHJIq49SMwOt/c5dOeAZp1xxa98SaJt2xJ3C7gKJn78AW B7Eg1SnGZzovp2Eg5/ogoW4K9l4n+s+yzLZhdqkr4sPEKvFlkYuNGDqdDapQLMyT BMbDysNKFdeo7fYdS6nB7tDq1zX/9PJrUh4cg5oveD2fPJAcv5c= =YlwR -END PGP SIGNATURE-
[SECURITY] [DLA 2829-1] libvpx security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-2829-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk November 27, 2021 https://wiki.debian.org/LTS - - Package: libvpx Version: 1.6.1-3+deb9u3 CVE ID : CVE-2020-0034 An out-of-bounds buffer read on truncated key frames in vp8_decode_frame has been fixed in libvpx, a popular library for the VP8 and VP9 video codecs. For Debian 9 stretch, this problem has been fixed in version 1.6.1-3+deb9u3. We recommend that you upgrade your libvpx packages. For the detailed security status of libvpx please refer to its security tracker page at: https://security-tracker.debian.org/tracker/libvpx Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmGioPkACgkQiNJCh6LY mLGdAw/9GvAA175hBpQ87186u6qe1rm62IDaixyba/LSPf14yWJznKqZzw/g8ZVp whStu5edJUVhNYcwJf2Utc5EVNgxaBfaz4WQ4jjWKVHrKPkN9CwFLAC1M7ZL33I0 jRxOi0aihgj1IWUMgxxHdPG206Z9D/xpdxXDS2RBLQA15uMDvRM6NAo4HToivyzk Y/jRuFxYx08lwCq5mHWpe1rA8iWTjp48z+iAe3kapui39Q3ZijNIDW6RLXMUqb6l /1Aw/S+82oj5A0WdH43KZa9U88PmX8qs3hQOVxScvTO3nckELUI3Xj82ejrLQdyD El+o3KmmlgsACFKmDy6+lsKFBkPKySEAU12KJ9BMZQdl2CIX3CMGdvHnOfkwTZub j9C7ySJLGUXUeyw6DNOiAf8M/bXVE4wV8KjKZ3gfEX1nkI2+6BKtGKmwTsPXuWOe SBVuf5wMSpQ8DwXhXTLfCuH78UkQYX+eO855eAcmDDlJt+YjuZHkBiFkNl2+LvHm 6u5V6F6r7+lkFjlYZ4EPK1mq6ELXvedxNYBUFJmWE/wioXRKRyLcAZwhTgv3Gzh+ yXhRX4gcQQkdh81IQCoD9QP9YokgIhkXYvRfFWHqkqsuvXg1le1dUsh8lqGR9xhm xYZJ5CcNGFL3EoJhOjj05wWYOHhr/ibtNEAOXFty1rIn+Ik0P34= =TZzB -END PGP SIGNATURE-
[SECURITY] [DLA 2828-1] libvorbis security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-2828-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk November 27, 2021 https://wiki.debian.org/LTS - - Package: libvorbis Version: 1.3.5-4+deb9u3 CVE ID : CVE-2017-14160 CVE-2018-10392 CVE-2018-10393 Debian Bug : 876780 Several vulnerabilities were fixed in libvorbis, a popular library for the Vorbis audio codec. CVE-2017-14160 CVE-2018-10393 Improve bound checking for very low sample rates. CVE-2018-10392 Validate the number of channels in vorbisenc.c For Debian 9 stretch, these problems have been fixed in version 1.3.5-4+deb9u3. We recommend that you upgrade your libvorbis packages. For the detailed security status of libvorbis please refer to its security tracker page at: https://security-tracker.debian.org/tracker/libvorbis Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmGiiVIACgkQiNJCh6LY mLFPyg//XZOyldaUQzxMyIOZ8J4a+rre0UWSxbpPAjZ7jk8q+iu+OhS/w/zDfZ/1 FhKr1q+9fIwqAQUjXGyI7g1Nx5cL5LstvHn21JmhlqkpJuBpoxIHW7vQ6Dmm47qo SRSf3qQyHTQBPbLZeGJQgXRGcHE4Wqgdr0IAjlOjlsC1I/9lUOlhlZgvayPWXDTO yfyrOSQhlAYC8lnJXkHm3z6N8F+lBA9Hr+gGjvhuwncj6qHEPMfo7+ZuroJBgQrH 4p21vN3Y1GmGEMo1w9Jm6OaOBd6h9wAkxRuwhMa0/mTzIQH2RDdSp+7V7Nlq+XOp Ww36BwX6D5t8oD+zWA0dS8mV5yqoYbetHMnJ+9wA6QrWMrt73wb2VXJJZ0S558Jf of2ij5oiTJOWsbwDpZ4xMxOup2szEn+sOt+6hnlckmeoHm0E3tmYkEVLIgaEqLR7 Xut/lsBw+YxpJXbUYeXUATAlcgkdrCm+zdZZsNXI1JXNUkwUkoWz3EBqXGlHWW36 Koh1dVC+Mo+bCPGOKdXssBGzqrAT0g4BSgmPS7jzjMD0j4wkJBsGbX2MAUBzp0di NNUMGCJ0mWfysPOdyEK8rydgeHA+9dWYYcdwC10xPDH8QTw5wVVNbEDcqRbedJ3l kvGXWOy/Fisyeyb0vTKsBNaP6SHtx1lIug9GWjYsxZSaClcr934= =Z2K3 -END PGP SIGNATURE-
[SECURITY] [DLA 2805-1] libmspack security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-2805-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk October 31, 2021 https://wiki.debian.org/LTS - - Package: libmspack Version: 0.5-1+deb9u4 CVE ID : CVE-2019-1010305 Opening a crafted chm file could result in a buffer overflow in libmspack, a library for Microsoft compression formats. For Debian 9 stretch, this problem has been fixed in version 0.5-1+deb9u4. We recommend that you upgrade your libmspack packages. For the detailed security status of libmspack please refer to its security tracker page at: https://security-tracker.debian.org/tracker/libmspack Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmF+758ACgkQiNJCh6LY mLEk/w//a6FKht7C8I8vCBEp9/9fRlbqxBVKp/mETrCkSGvXu25Wbfm5LF1sIMYM vI58IjuYoDOpcEecX9tW1xJRpI2Qgi4vYTYrm8vM2hcBn5ZQIwRrBad9sx1+DBzm VegddghkdyNG7rJX1tfZMyt3rugKyiLfFGtbETNf66Amp0SyMihAi+xj3DvZYC47 aJep0TZeLlwLPSrb5TS42hcCA65LQEwsqMWVJ79BpRAdqS70xrlGYoEZhtec3CwG GydueP8U0/xhGzmOXJiVp44b7bbXMb6ip8oJclpbqTrR8WUBDjCN3mgRkJo/FA2Z X/W6G3Ez17mTDw7nLJN3HOb2NuLgzuPBFnT4MQTwk+H7prOIP0XgS+fbWiOSABpF kznzl2oS7QTYIY9jYc4+EPTGl6Wr3BbkmEH8xrX9d59hQk9CIeK7j0p2irtwt0E7 aYg6dJcat4VB7SHyiWns0ay2Zeuyg2Td8q1K4J3T81okLFu0fDfrIxOZ5H4P3eHu t1dmgsscGwCXBzAuA0ZTmBDyad38lmmikr2JqChPh8U7tHFVarEKERhb45BSWnyF glYdkyC6MR7CMGy12QUh11DkhOawLYNbNn1QlWDdfv+k0YBz3At1I8UE/HSPI8/a phmGJ2+NBXzycFVc5+c9iyh62Uw7VBidiEdaxKDpkXaTuWiTkeY= =D6kO -END PGP SIGNATURE-
[SECURITY] [DLA 2804-1] libsdl1.2 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-2804-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk October 31, 2021 https://wiki.debian.org/LTS - - Package: libsdl1.2 Version: 1.2.15+dfsg1-4+deb9u1 CVE ID : CVE-2019-7572 CVE-2019-7573 CVE-2019-7574 CVE-2019-7575 CVE-2019-7576 CVE-2019-7577 CVE-2019-7578 CVE-2019-7635 CVE-2019-7636 CVE-2019-7637 CVE-2019-7638 CVE-2019-13616 Debian Bug : 924609 Several vulnerability have been fixed in libsdl2, the older version of the Simple DirectMedia Layer library that provides low level access to audio, keyboard, mouse, joystick, and graphics hardware. CVE-2019-7572 Buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c CVE-2019-7573 Heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c CVE-2019-7574 Heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c CVE-2019-7575 Heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c CVE-2019-7576 Heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c CVE-2019-7577 Buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c CVE-2019-7578 Heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c CVE-2019-7635 Heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c CVE-2019-7636 Heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c CVE-2019-7637 Heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c CVE-2019-7638 Heap-based buffer over-read in Map1toN in video/SDL_pixels.c CVE-2019-13616 Heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c For Debian 9 stretch, these problems have been fixed in version 1.2.15+dfsg1-4+deb9u1. We recommend that you upgrade your libsdl1.2 packages. For the detailed security status of libsdl1.2 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/libsdl1.2 Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmF+xwsACgkQiNJCh6LY mLHd+Q//S/CMhnqRWYXaHhzAwq+2zh3MHHFEagULag5+sTtNJD6clgHmfgqRUegm 16nHfQbuhfek6tSvm6zK/vU9q8WzBUOc+e+8cUl78MJoWtTIFZdXwCmkRaAn58t7 4CtG+DHh4N4vQTbuHD8Kgz3nY4d18zL2yT4GsWfuECu/YC7Mv+foHFclQ0qIF8o5 fZKtz79blTdyglqzYerAeCEAaAepru1BfFHBbv2Sa+v8vEz3gLkWb61ZX/S7DTNe ydCGfeyzpZCD7JOgVlGdK4SRi0vTchyMi9bVWOQbp7rTpbEj/L0QVRkh6WLpo41f MYMJn9c6fIG9ADz68kk63Pg9KOE6BFVayjzAPqd7/66cFu5o0KfWUHJhx+1faNbw johK5fbqFlsirc2GdJ48XUZtyJpB5c9i7/ueS0uIDWpvwZ9a4hsiMDv/CLpO36mh MZUbOkiXWmjIVfe7POSAjkVLhnsmb722ikC1LtfSPxjh7S19kEpEIfoIgsYzLoT8 2B34VGSWzBrDO0yoiq6UXpKX4PpQ+wf5yN717L1G4nhCtOlXn0ZK/4KBycG3Bsb6 Oy/CNkODO8tgyTvq+BwDaajaku7aoAEhUs3iuLA9qEo6FDaawVhpjyvIsIkWzRI+ MdYlnCa3G7kvkVWQ0DWeJGUdKwNyf22JRLPacjPkAn6x0TNT3S4= =tZLf -END PGP SIGNATURE-
[SECURITY] [DLA 2803-1] libsdl2 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-2803-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk October 31, 2021 https://wiki.debian.org/LTS - - Package: libsdl2 Version: 2.0.5+dfsg1-2+deb9u2 CVE ID : CVE-2017-2888 CVE-2019-7637 Debian Bug : 878264 A vulnerability has been fixed in libsdl2, the newer version of the Simple DirectMedia Layer library that provides low level access to audio, keyboard, mouse, joystick, and graphics hardware. CVE-2017-2888 CVE-2019-7637 Potential overflow in surface allocation was fixed. For Debian 9 stretch, these problems have been fixed in version 2.0.5+dfsg1-2+deb9u2. We recommend that you upgrade your libsdl2 packages. For the detailed security status of libsdl2 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/libsdl2 Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmF+XIkACgkQiNJCh6LY mLHSSxAAh8LPTfSlAtbvJJjaD6r1XLZZ9gDkG8+0FNzGpXFrIwbdGGpqcSXTy69b KuUOGStjy8+JCRJappBXVlOSJrRERJhGlEZ4VCPNG3b3czsDdTImlNfhO0xBvLON uYlOwE8oH8eZC/z2Biw68LXBwxbZeBRlxwjxDChKkeyGUZKKqkhV7M+S6oKADjnA X5YlZ3ZKcXNSAg7Zi4rIIA4xT3In0sFEkvAy5We6HqASNz8+Taoq+lDK+Y7F3NQN kjHxvUFwV6Cffq0r8/V471MfyWTmeF6u5u7eSBRbvPFPvgLgBzoub01a2iqXfCUL 6ytdZn8nO5wm4ntrNY3P0sbBe2IxIXoX9DzOs/sgv/Nf6T+EGc2zF2lub6fDZB1q mFalUwqEiR3fbFTvJkkkUnyG2+PH5ZGmFU3n6n0ItYxxHOSksV6J+dGGVcRpnwAg vWKNbct6Kw8EmKkBU8S52G4aVOmcvrqc6G/u6vWfmJS0M8BZC+vABpbk+oDoNQBB QZjfc0BmjLC8pfRMguQ8O3KAUJy7g8dc/gjYRzPjKjkW1ZUPHFriX5MzD7pw1PcK TNgWir+4GjNPVR8wra28ng+fYaNkv1xKC49PJQVy5c3FoV7Up0wDVwuULPjgKHEw xQKZudhi1GexWcsASmCWdlnAfW2GhZZqUjFM0DorB71jqNDzyFw= =B6G/ -END PGP SIGNATURE-
[SECURITY] [DLA 2802-1] elfutils security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-2802-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk October 30, 2021 https://wiki.debian.org/LTS - - Package: elfutils Version: 0.168-1+deb9u1 CVE ID : CVE-2018-16062 CVE-2018-16402 CVE-2018-18310 CVE-2018-18520 CVE-2018-18521 CVE-2019-7150 CVE-2019-7665 Debian Bug : 907562 911083 911413 911414 920909 921880 Several vulnerabilities were fixed in elfutils, a collection of utilities and libraries to handle ELF objects. CVE-2018-16062 dwarf_getaranges in dwarf_getaranges.c in libdw allowed a denial of service (heap-based buffer over-read) via a crafted file. CVE-2018-16402 libelf/elf_end.c in allowed to cause a denial of service (double free and application crash) because it tried to decompress twice. CVE-2018-18310 An invalid memory address dereference libdwfl allowed a denial of service (application crash) via a crafted file. CVE-2018-18520 A use-after-free in recursive ELF ar files allowed a denial of service (application crash) via a crafted file. CVE-2018-18521 A divide-by-zero in arlib_add_symbols() allowed a denial of service (application crash) via a crafted file. CVE-2019-7150 A segmentation fault could occur due to dwfl_segment_report_module() not checking whether the dyn data read from a core file is truncated. CVE-2019-7665 NT_PLATFORM core notes contain a zero terminated string allowed a denial of service (application crash) via a crafted file. For Debian 9 stretch, these problems have been fixed in version 0.168-1+deb9u1. We recommend that you upgrade your elfutils packages. For the detailed security status of elfutils please refer to its security tracker page at: https://security-tracker.debian.org/tracker/elfutils Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmF9vtQACgkQiNJCh6LY mLHAEBAAwwivTd/8/95a5Qx23D8BmAcxIdld6HXKw6XWqsidCFyj4ZebGXJfSN33 V8PHzRmIaXNNAxJktLZDjNzKBSMWv1ztTDaHJg95vyHxLenS1Eck+4Z7Swg0NGwE M4CNC1j9f9CKtFOspxVcOxvkEL6zUt45lSK6V2frHnBSJICed/imLnmytagxKrXY w68JDvmXzNpE+fF4DqlS3bTmzUD5LMh1zrzSbYVH2koaX/5sMPAZ6sr7Lm5W6Psz 24agaZXFNsBR8DPHEjE3D7Emy1mIlO97TN5wofS+Due3OgUNK3k/d39pnFbZiaL2 mHlC5HVGa7jJvd3F/08UPgfwUdnOu/Om9ozjlAeo58qG4Nv0YQpHvim0HATy2zl5 Wldi37cpLYfr5JVV3ry6BfzwdMvERvImOrO4jJJDIkzXCVC8bAiecyj5ybsKHPYM TnbdqAn4vKjhaSeV1a8iZBe89l62xfEK56k1KT2HvJyWu55PRAZThUxza7dIpfyo HerS5H274A+AseGjS+9ErQ3Uz+sWgLIIAubleDeaiGsu5BbeDQNW4VRhfL8vCdXR ZPk1jwhCCDSsJ/bfi3I/1nvcs0bYKYAkmaXtjiqJ2Ru1BmCsS2j1doqqd6jMQkpI 2P9AsX5tMZWv2m0Jey1rQWOLXa7ASS33uGPq3NZp7Q1qCUEheR8= =wPI4 -END PGP SIGNATURE-
[SECURITY] [DLA 2795-1] gpsd security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-2795-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk October 29, 2021 https://wiki.debian.org/LTS - - Package: gpsd Version: 3.16-4+deb9u1 CVE ID : CVE-2018-17937 Debian Bug : 925327 A security vulnerability was discovered in gpsd, the Global Positioning System daemon. A stack-based buffer overflow may allow remote attackers to execute arbitrary code via traffic on port 2947/TCP or crafted JSON inputs. For Debian 9 stretch, this problem has been fixed in version 3.16-4+deb9u1. We recommend that you upgrade your gpsd packages. For the detailed security status of gpsd please refer to its security tracker page at: https://security-tracker.debian.org/tracker/gpsd Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmF7qtIACgkQiNJCh6LY mLHbiA/+OQ0sO2C7Kw3+6DrZ3YGnORgeHrj3WuZ3I1T1RyuLbOUB8i9dqZpP9ZQH 7Hsv64/IF/60bsnUsVqmkLLQhrq0Fs+eeFr+nujhsrtXdUzD3V8/6QdXEq+Ll7qG BrFsbrT/jpEd5JjYeZszYOAEeYI4aUe7AqGD7Ig0/rh33L+wFaQwuEdUfL3qzEi3 y/e+W8rRsVXOAk2zpZ6cUUajsRqb/uxszmjV+q8Nc8hNib7dKjXcnLll1y12FjHa zapX9j+r110nJMXy9h/5G9tH2pElJwVzevZGO4++4xw5bo1HAD5yThOAGJ7miqxE xy2Y+3SAS35j3eKEJ76JDt1aBOSx6zYatBVCk+ojBNrAH77r9bAfoN/Vmrtqhq4K +9nM+CUvIfxFpPN9nF2Sbr/DMtuaJCLl+lqtrphVVkmVaipD+JivGEJO8fTtmKDN 9IA5Xq0PyIDqDAwL+Qtlxq9az0PnzHVp4cIkCKYy7dFRnIfxqKbqaCT/Ph3NB1yF Pfj2wjNgNsLFEG9ZN091IA9Xlaq88GvPLSWDOEP1Qq1uST8sA2M12NmLjWQK1+fD EgcaR6J0lCEI42JpTBTQ+08mYMbaWGp1TNf5s68h+yYnszZusm/KdEJwbTJHFrAc jEaFlFP8VrxgNhlplxvJascfa0j2IW7cDD2VuZodSDdPJk43PXU= =QfLe -END PGP SIGNATURE-
[SECURITY] [DLA 2772-1] taglib security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-2772-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk September 30, 2021https://wiki.debian.org/LTS - - Package: taglib Version: 1.11.1+dfsg.1-0.3+deb9u1 CVE ID : CVE-2017-12678 CVE-2018-11439 Debian Bug : 871511 903847 915281 Several problems were corrected in TagLib, a library for reading and editing audio meta data. CVE-2017-12678 A crafted audio file could result in a crash. CVE-2018-11439 A crafted audio file could result in information disclosure. Additionally, a bug that can lead to corruption of ogg files has been fixed. For Debian 9 stretch, these problems have been fixed in version 1.11.1+dfsg.1-0.3+deb9u1. We recommend that you upgrade your taglib packages. For the detailed security status of taglib please refer to its security tracker page at: https://security-tracker.debian.org/tracker/taglib Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmFWIdoACgkQiNJCh6LY mLHWjw//VdPaAw1mTEYLnfkkskexeWE0W3B4p5YO4zMR2UBBZ8Wbp5ngot6T9bQG 9QnFvoJIa1ihL9t+SIDr4NxslF2nYqQzeYSrKKuTIIMEqEy7KkiSPqYfbQZ3Az7V t4yS+3JToBIx5Ym0I+CCh5FG8GjNtm37ps02dLL72mPSisrf5ggts7kqPzLEvT5W KeKiWRZamDPK9lZ35TbhNE2m3JkeHQOM7VFqzfrPfQGaEI2sJFWOl+XVkpo1a/rS AEV9EMApwTiv1wGwkIBz6bIFVfCEjCWxYEkGoD/Qj3OP6Af15ktyUzQQeVzQKo6z H9Hv9843XYlRl+n7GgjUswZswSvCBfvrqzlyjUdfthdIthPlsL6jOHgyOQ3xgPvG 0fLlQw2xkFcn1pWmq95WZL83jnboxFBx5+E4oWyDUzOr8zHxWgI+4NiCsazpyklf rkYtg6wKnn77jpnGeZpiq0PjaNxRoS3LFHQNGwCnSfimb8B16FW2+P3zQs96bzZf S0rnFkgKsa9hK8G11qRhn5Az9KF+OhYkYMA0C3yDqngWnXe7ZD+s6DXRLcgKf2vD Nu6AoNo4/CEYTr4BiZCmVf3S/UFeKrX0n5AQdP32DyPwlRXnlOrFLiXpJ2hT7b7c Ql2PZ0WRWh2ApBCczqkjmtgDCd1kpXdwjtDtNp1WKYfuucEImdo= =9R2L -END PGP SIGNATURE-
[SECURITY] [DLA 2771-1] krb5 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-2771-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk September 30, 2021https://wiki.debian.org/LTS - - Package: krb5 Version: 1.15-1+deb9u3 CVE ID : CVE-2018-5729 CVE-2018-5730 CVE-2018-20217 CVE-2021-37750 Debian Bug : 891869 917387 992607 Several vulnerabilities were fixed in MIT Kerberos, a system for authenticating users and services on a network. CVE-2018-5729 CVE-2018-5730 Fix flaws in LDAP DN checking. CVE-2018-20217 Ignore password attributes for S4U2Self requests. CVE-2021-37750 Fix KDC null deref on TGS inner body null server. For Debian 9 stretch, these problems have been fixed in version 1.15-1+deb9u3. We recommend that you upgrade your krb5 packages. For the detailed security status of krb5 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/krb5 Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmFWGVoACgkQiNJCh6LY mLEiThAAsZQTq7EOPbbtlMOzT91Totl+DP83/BpJiiza6TUn6DQjs70kCwkfLz/s sAVtb0IZOksoVE3cD4aJXxxmZ/BlMDVUpa8a0Rl6TVDsBnYZP5lPiFluT4mek9dL UKpX8cU2vwe8acAxZt+B5AbnNSolWfzaW/xCX6Vdc8ueuzT5iTkPxQdZ9yhdyPWp FxAZLXO5ju/MiqQqKDp7oMDpFsN7asRzP5KKr+cjMIeAp9dso/htsA6fQZSkjWBf QOn1G9yVAMHCa89zxaKHnEi2R5GjpNICHnWxaxFTpmv9LPw27YOp032FvOoTvnFU um1Yvojm0jtSoTkhsOGJ1EXWyARCcdMTmttcrCtWEzmATSAaD8ERldzFDc9BT1Hm UGAelxfgMDexqa4nyoYTY7O4WotnXPD1nUZQVks+Ar0qRxPAgFBQf37pH4xMmUQJ KxPZRQAqGGqHwXcQnA/MnBu6uw1fL+BGRMVbx+ngsOnrlSB2RejLjLxyxnDUGEV5 kSRQ1ENOrdSYRkY9bp7SergS2HngDl/Bb7UgoosQcJSHUX/XSQzsxAG2Ei08b10n sS61RiNHbmp9PbDrPDMAnB3E7vroayXr8EEovFT2B08vT/i6YKj2BbAv5JhrlwVt BfrQSlJQ5YxUbubltRe7IMERrDeb5BjIvr9TNJx2hBJhbMfMLQA= =hDAP -END PGP SIGNATURE-
[SECURITY] [DLA 2770-1] weechat security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-2770-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk September 30, 2021https://wiki.debian.org/LTS - - Package: weechat Version: 1.6-1+deb9u3 CVE ID : CVE-2020-8955 CVE-2020-9759 CVE-2020-9760 CVE-2021-40516 Debian Bug : 951289 993803 Several vulnerabilities were fixed in the chat client WeeChat. CVE-2020-8955 A crafted irc message 324 (channel mode) could result in a crash. CVE-2020-9759 A crafted irc message 352 (who) could result in a crash. CVE-2020-9760 A crafted irc message 005 (setting a new mode for a nick) could result in a crash. CVE-2021-40516 A crafted WebSocket frame could result in a crash in the Relay plugin. For Debian 9 stretch, these problems have been fixed in version 1.6-1+deb9u3. We recommend that you upgrade your weechat packages. For the detailed security status of weechat please refer to its security tracker page at: https://security-tracker.debian.org/tracker/weechat Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmFVqGIACgkQiNJCh6LY mLFY8A/8DkcAHSFWnHcz1AtjmDqO4jAYR4/lkDXG8tik3OQG9TPdxv/trCPgmI40 7J/Bs4gB7gDPPkbuIA4EHKAM9Vh1w4uP2uWnu/cbYHDnK3ELlBLNOgpdGX+01bQa 0m8Iujyg126/oElKeosEC9TG4NcyFgLBfkeGpAsNFCHu9mDCeKZiuqG/iI07IHu9 DxEo2+8nSFsbyqP6bPuBcTRUm66ZdnJcxoIDfT85xx7PEeSc8tNCqz5PeUAgvxBU qZeJyRQkyj/ED170bdySvdDCbAxr3vwPs1lCjsClZCmHS7UNiYSFvduRt7U3wt1C NEBaNHKzbZQZATcuS27XCecjqv0vn7INhzQis9nAafIpjajBjTV0ytNAKheM/xdJ Q/WtLZuoNL0v0zyihPNgBzp1jTYiM76+gbSLT8YxF9FN/YDdV33uQ7DcK7PS2+9/ yVxtqMofF87Yxg4CeCEgZSYmyqBFf0HJyu+9UFSNyg4FdhjPE4QC4+y7gPjZWlLt jTY7QpAU21jA+sSRbm5Bznhns67sZhE+AaFjC9SM0DvJBpNFLB0SIi/IWeo3ZLUJ MduWosNHHPQdTyMn600qJlBa2yO+HSmV4Rfa1CGHLF07TA3tGgLviEsoXG9SbmdE 2CKN+CMBhWGJOi9iym+++x3HZTQ9DciUxuvo6u31Tq1RqZIrYog= =ZSvB -END PGP SIGNATURE-
[SECURITY] [DLA 2734-1] curl security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-2734-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk August 09, 2021 https://wiki.debian.org/LTS - - Package: curl Version: 7.52.1-5+deb9u15 CVE ID : CVE-2021-22898 CVE-2021-22924 Debian Bug : 989228 991492 Several vulnerabilities were fixed in curl, a client-side URL transfer library. CVE-2021-22898 Information disclosure in connection to telnet servers. CVE-2021-22924 Bad connection reuse due to flawed path name checks. For Debian 9 stretch, these problems have been fixed in version 7.52.1-5+deb9u15. We recommend that you upgrade your curl packages. For the detailed security status of curl please refer to its security tracker page at: https://security-tracker.debian.org/tracker/curl Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmEV9c8ACgkQiNJCh6LY mLFELQ/+OjSngsdTi3UaNHxt94qCdCUhfSCtiN5650n5do1kouZgMYPESuwxcCoc b8w1nYwoABjYICY0H1ogDHSpi0svdEDqXlHVAVIQLRGt4Ms7uG60/mSOFWcDsEJM 7onA/bCwTL1bPSvBciA5ESbB+Me2Wf7WkyBjtR2UBTCno/mgqHPM/H1UIthir3Al Z/mp1E1PvxknKAX3kGuRz61P8Qn8/2YGuEtuBjZ0L7OPNZcVyIdjR8ikeZZIduEG XOdx04rF0maaSn8KPzFXMLrd7X04SA3/5RuTjLGiS0PRfMjfi8VwlIhe42h2f+mv RtHyRaegGL/AO6eBN/H/LcbFfPKw0TSqRAP0MOh9wLSPx1/vu8icl4qLwUxAReQX sm/qpI2RFJgHg6N6H0ksEwtkYwNqWrSZZ0Dc3aNsYb1plRcEppAV+qyiOgJyxSMJ MH6GvWNxG1tsWESeNmHQ9bFHQ08uZTN7j3zd6Q5P/eGwwM/JiVaX+HI5GRY9rlO7 v5d/R4F7phtLBrJ6+dOWZP2xEY4l0TFktCflX9FI+X95QL7ilWs7YKoB765roW3c dSx7xFs2qfd9PTETStOPYiqHRFUD4aqrIP8j/2IqFkWL7YP4ffx3N3tu/FfPK14G zR+vFWXVlMkaZ6yFS2c4l5n6+VJY1h/VeLff/ivoXABOIzZpsKA= =ZKWS -END PGP SIGNATURE-
[SECURITY] [DLA 2547-1] wireshark security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-2547-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk February 06, 2021 https://wiki.debian.org/LTS - - Package: wireshark Version: 2.6.20-0+deb9u1 CVE ID : CVE-2019-13619 CVE-2019-16319 CVE-2019-19553 CVE-2020-7045 CVE-2020-9428 CVE-2020-9430 CVE-2020-9431 CVE-2020-11647 CVE-2020-13164 CVE-2020-15466 CVE-2020-25862 CVE-2020-25863 CVE-2020-26418 CVE-2020-26421 CVE-2020-26575 CVE-2020-28030 Debian Bug : 958213 974688 974689 Several vulnerabilities were fixed in Wireshark, a network sniffer. CVE-2019-13619 ASN.1 BER and related dissectors crash. CVE-2019-16319 The Gryphon dissector could go into an infinite loop. CVE-2019-19553 The CMS dissector could crash. CVE-2020-7045 The BT ATT dissector could crash. CVE-2020-9428 The EAP dissector could crash. CVE-2020-9430 The WiMax DLMAP dissector could crash. CVE-2020-9431 The LTE RRC dissector could leak memory. CVE-2020-11647 The BACapp dissector could crash. CVE-2020-13164 The NFS dissector could crash. CVE-2020-15466 The GVCP dissector could go into an infinite loop. CVE-2020-25862 The TCP dissector could crash. CVE-2020-25863 The MIME Multipart dissector could crash. CVE-2020-26418 Memory leak in the Kafka protocol dissector. CVE-2020-26421 Crash in USB HID protocol dissector. CVE-2020-26575 The Facebook Zero Protocol (aka FBZERO) dissector could enter an infinite loop. CVE-2020-28030 The GQUIC dissector could crash. For Debian 9 stretch, these problems have been fixed in version 2.6.20-0+deb9u1. We recommend that you upgrade your wireshark packages. For the detailed security status of wireshark please refer to its security tracker page at: https://security-tracker.debian.org/tracker/wireshark Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmAe/OcACgkQiNJCh6LY mLHeUxAAprtNtAcO4sZ1bVL6OCpLZyd0HxQ5lFPFpvZWaCzXXDcngk9419kfVDFI /tbgssx0HKVhcyrqTyb9JJ+WIkTYLt01aR9JmGZX4TBzu2n3el/qyp66iPRhAibn AtEGIy6FVvqoTXEGTJseRVMssPXjdNKTlYI9qCdZd/UbGS6yhjvjz3BEWTb66C9A dBpZrOIEO5kMotL2tahWmySvqbxfL7W14XNks3o1d8IK2hJg0YZi8+1InrIYFmRl FF+nNTswxHfEerR4r893MTFc7mbX+B8ehYfFBQpOSKquvP04f/k0sJGOuatg0z5s XGQ9PDKEbW0dSH9MGghw4UsUEvhpkGhf1z/iEFbffY8bf0Yq18j/+27zTmg+arV7 10NGXnn4qSg6MZ0wQFxo1noTerhXIAW/6+Uf1KrG5SrAEH+Pp8sJsrALRog7lPa7 bQJaqWsQdyfNBTuoPmKjQMkJtr5Lw0N5v+ro4SB0g4I2KGRYTaTD9bWq4es7jHD6 IpcLx6HO2uZX6osTiErZVcTDDYy23EDe/Tu9p9PF1TN3ACybMQfaUcov3zfRTnlI ZeWJOMOTx47X+b11uVKETp1eGlovYRuSnfukjp5amVFITcn8lB5rmzhqp5Dgo14p Zcr2ahh4LDTO9NFliKf0Dh4wQstehE6f94/mkqqxOfakIMMZLJw= =ds+T -END PGP SIGNATURE-
[SECURITY] [DLA 2538-1] mariadb-10.1 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-2538-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk January 31, 2021 https://wiki.debian.org/LTS - - Package: mariadb-10.1 Version: 10.1.48-0+deb9u1 CVE ID : CVE-2020-14765 CVE-2020-14812 Two vulnerabilities were fixed by upgrading the MariaDB database server packages to the latest version on the 10.1 branch. For Debian 9 stretch, these problems have been fixed in version 10.1.48-0+deb9u1. We recommend that you upgrade your mariadb-10.1 packages. For the detailed security status of mariadb-10.1 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/mariadb-10.1 Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmAXJxkACgkQiNJCh6LY mLE/Zw/9GBX601InOmWcVYl/f5Z2CqevkGmMwBjDIr4Si2COYmYWNFWsdrDHj+gL BTx9B+n5BRtQz12oZxKlAqRl27D8eScyvfuTe0ZBk/YDLCgtn2Oo+LlJmuc825RL XGToX0RgGU6Apcmc2otprDVPAW/Wm4BjTKuOWmXhLsoHOddPuC8SEWHbebhJhZYd CaVxSWR7OjPzcm0Y+JRu8p/LxYK/iEKWP/DKoCGUxW3pfTEvmeO31tDAHcS0CphB 2+WGxW+D/qITdiDsAGwS43UdWtbjkas1N4Y7VA2rymMGJS9NLd5y9G6+198jre8Z 6fcxbZ4GzaAYwG5iDLVPca6a3I0ux3r6p6pblS/TSTH4nZPfI3slNtFMszzS4PXf hiPzwC6NekwyxzZ6AGfKYvA/+ASSPcoEueP+oeob31Rmov5Chjw9uhz9jBdy7QkR Q0psDfczt8z93brXBN2u3Gwx7bgiuRJFYLxzAa0B3xmFF2Lp+4Ygw8LAu86Qug5P wu23omp0CS4euWCe6ZEmQCVeGPc/PL3vexbjwsww7mnAHAVDwUJ2v8YY/TK+v/Od Hbi4xYpkvWMeNTAoyegZSD+ocC0W5qjUepldreygcoJS2CS6zs7fCebfQVqbxAlJ GgDE27hHJZfUlQuc+EoWzwox2andQrcupyt1/yOrPqMcOu9o29k= =84hm -END PGP SIGNATURE-
[SECURITY] [DLA 2513-1] p11-kit security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-2513-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk January 04, 2021 https://wiki.debian.org/LTS - - Package: p11-kit Version: 0.23.3-2+deb9u1 CVE ID : CVE-2020-29361 CVE-2020-29362 Several memory safety issues affecting the RPC protocol were fixed in p11-kit, a library providing a way to load and enumerate PKCS#11 modules. CVE-2020-29361 Multiple integer overflows CVE-2020-29362 Heap-based buffer over-read For Debian 9 stretch, these problems have been fixed in version 0.23.3-2+deb9u1. We recommend that you upgrade your p11-kit packages. For the detailed security status of p11-kit please refer to its security tracker page at: https://security-tracker.debian.org/tracker/p11-kit Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAl/yvcAACgkQiNJCh6LY mLHQXQ//YDgTayEeMTasveCEOlR8dV4EougKZjLYohWCDGlFUVIWPVSqtumYfRUy DtpHbpKRaKYTv8Kd2+hKzYAvRCWoMM5zx6Bqam8w/LaOT140zeRqI1gAo4XTn9zk vyXczZaXnGbuaMbyIe4h3kZNfuyJDg3OGwOH3Ygb3UxKJIbsN1EiqD+/DfrtQws0 LakKLTwPjI6oO8ZxM9SCAUAB3QS/eKSnDxGrcElnzU3Mq7dRhiilIuD6DVWRlHmz 7ZWizhF0nCvr8agUnrygJwaBblckA9PghmTm0B7dP8GIK7nC2X/FofM1NWGJTnvG ORcKFqd4GInSuJ59KKs32FTN9GzhMPmEUWkv22bQkquktRBxi4b/5D0CoqRPJmfp m11nyzQhXQWe0fgpLCRhM2PFOT6g0esaMkSGXRYvEf0TF3zhbp3zC7XReg6oXUkd eX5393su0tURg2xIHTxtxv6B8xv1ins27mCLxkGL9a6BHQtleSvYV/80fFjU2Q6j izp3olcPBjJfyCUTxm90YujVo8xfB0AkXJHu3IQ23E9GmdLmKOtu3osZeYbNgvip 99WcxgmyYv1iuo8u7dj3TvZdKEuga4MWTufd+HVuuYtCLpvzOc7q1sZxBsjq8O9D dtoLFzZ4T2J0e08rWVk8lQeZSj45/Knp2oIkYJChgCAOYNiW/kI= =BZW4 -END PGP SIGNATURE-
[SECURITY] [DLA 2514-1] flac security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-2514-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk January 04, 2021 https://wiki.debian.org/LTS - - Package: flac Version: 1.3.2-2+deb9u1 CVE ID : CVE-2017-6888 CVE-2020-0499 Debian Bug : 897015 977764 Two vulnerabilities were fixed in flac, the library for the Free Lossless Audio Codec. CVE-2017-6888 Memory leak via a specially crafted FLAC file CVE-2020-0499 Out of bounds read due to a heap buffer overflow For Debian 9 stretch, these problems have been fixed in version 1.3.2-2+deb9u1. We recommend that you upgrade your flac packages. For the detailed security status of flac please refer to its security tracker page at: https://security-tracker.debian.org/tracker/flac Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAl/yvxQACgkQiNJCh6LY mLHBSQ//cODr3VnDq7p/H/g3KP3F4fzZBEhCGDsz79vklKvlIyod+YsELDoWixM1 Yt7VJRFdoeWL0D2Y6ftEocs6ttiSBnN5FHVDMroQUd+MG98/Cw4QvIWI0ZXvWYIn 5/dI78zNvVcCllpp2DolC9Ozjc0LgCha0o1cja5Pej3ybf5hSMFKdjvZp6L2Y5YO 68jWVoutY07wcTk1/q/AhxTB9RyYn6kpxUzGWNT0quqky93MaUf023R1eHXUsATv QCiBbfCTBLMRzF9ueSDL5xC9Pvo51ugSoJNKIc/6Vt/g9wKFlshodO38aN3+iEZj 0RdVqqR7BHsc0CPsk4gVIsvmLamFJDuZDw/Cwwl5djWlj2BgGpwGc0aw2fIkG28O yzNUck4Wwt9Tg261qot3LW29wgeKVryBhi6570XVRJT3HmJmAURib31zOSxr8Hfb hr1dmXd3uwmXg5cSsTwJ6ICBOJ/GhWCRefei9paRVGaNLsf1i6XRv1HNbcDYJTnH Vq2DYq3tbgQV7gwuEAo/nzY9AIlFlKgAWdA/BhZ74QV/+x1QKElA39VUBIlXChQe Oh1w/h07EP9+RISJ8gSsID0tLXIcX7aQADtGHAqKuOJZWbT5FcGZOmufxAkxm+eo y9GVJIhtHo3eDGxH2eNZO/XHE39kRY5llz6yhU67hPFjEEW5O5U= =KOLi -END PGP SIGNATURE-
[SECURITY] [DLA 2502-1] postsrsd security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-2502-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk December 20, 2020 https://wiki.debian.org/LTS - - Package: postsrsd Version: 1.4-1+deb9u1 CVE ID : CVE-2020-35573 Debian Bug : A potential denial-of-service attack through malicious timestamp tags was fixed in PostSRSd, a Sender Rewriting Scheme (SRS) lookup table for Postfix. For Debian 9 stretch, this problem has been fixed in version 1.4-1+deb9u1. We recommend that you upgrade your postsrsd packages. For the detailed security status of postsrsd please refer to its security tracker page at: https://security-tracker.debian.org/tracker/postsrsd Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAl/fzUsACgkQiNJCh6LY mLFMlRAAvxnfM0p39b4NE0v6hGPnH5F2kn08joV+SvPeHeqtNwXu/LI1EvZwhPa2 U1wfHeqCP7iilCAzVUblKgrn3oE7pkBaEaZckNKv1P8Jol6Tj4QROk7f1u8EsA3/ MamttW5JN7SbHDg64x21SVaav3CJvon6NlN0o1WXELggYrP42LxKh+9+Hj0ocjIJ zNhlvxi2uDOQEHBn1t17Yc4axeGSd2ZPt7mz7hfawjm7RItRo3xHsAFTk+6Dz/4D /DT59mavNW5g/yH+9pFlrCD3a93WPORT2PL/lY2kk63Mym9PY8XloejJQ+rccwMx 7Wq1yhv7woNBNC0kkUaW2/iAVetannTBNVENxSuaVNm++p2yMkqnkUVqCswXd+y1 RaIL4afASBjzsIRlvGTpbmdq3ORsqvCCTIfaKXm+k0oFFaaGhg/9I7TgARoMex6N YE5nJMdiVdqF4jv10NcVpasCkHW/yK0ksBmr5u52ytZhXoIm0rnXB116O7Vz1YB2 /lTVOiJ4Au0E9Vr6n98udhZD3I7dmkGBZE5F93sMkz3hRA57bV4dBy2jBd/ITqS4 Z/d7Apmxd/sEj2+WbFe0xnCaUHw5HpCMqVJEyU/08xUNDJiKji5JUKnAKq3pw8yl TIk8yriyINpLsiCQeuRd1ixcAShib6mPR7O97rLcKTt/5BZKomE= =Y8u6 -END PGP SIGNATURE-
[SECURITY] [DLA 2473-1] vips security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-2473-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk November 30, 2020 https://wiki.debian.org/LTS - - Package: vips Version: 8.4.5-1+deb9u2 CVE ID : CVE-2020-20739 In VIPS, an image processing system, an uninitialized variable which may cause the leakage of remote server path or stack address was fixed. For Debian 9 stretch, this problem has been fixed in version 8.4.5-1+deb9u2. We recommend that you upgrade your vips packages. For the detailed security status of vips please refer to its security tracker page at: https://security-tracker.debian.org/tracker/vips Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAl/Fbb8ACgkQiNJCh6LY mLHuzw/+OU+Nvq8rqDr/eczlE29Mn4HmX0OYuvhJ4Gbl/nTFtU0s/Q2W3QVJ6VUq dSXXPUZjtWVGTaR3TVbjUB7HBK5dNmOQ79mzfb5sMYfX9rUbDL8JQutapeLIzHR5 uyUU85R5blEXG2ZcOb+OCfXlBgJKuFXPTRy1O+/V8GC14K/LY437cap7en267e9K giIrHTj9AMhKyokWfTXZS8o8CKEhvagtSVimZNn/vyYL6pv5/gGBbU77iiWLG6pv GmHqdABERLt6RNjgxESTrcJSnDIU3hzwZltq7m4+8yXiDXJUbKkefam/Xmgs/H8x yQJAEKoKeTGXSYqSg3mHcgoGQWoKSZUeE3HnScppiW9AAwQNtKovmjet3HTrfg/T S4gAbAcp4K/J9gFvD0fmadZoIWvNE971Y5t1pwKEgxZApBmMY2ycbSweEx/tQGYM BuhILM/2xYcALznKBy7afTk/4Qm8ErtYs1XpVYeglXb4622ax/wnfdRdE+aTVwvM xH2gHOK8zJNIqv3cCqqGA3IQbC9TL+OlWjYgDw1EsftIsl4VsNfmcy3CRHkDVmD1 cXM9GSdxE+0c6q883ebNHRdmE3+lU4YOkpb8Tcb7/CqE2Crq/4svhTgbynXg1quk 8NJvQXpIHQBmLNgQbJEzwIuA0j88HCuDTvJM/wLczrAJwwdGRzM= =EJnf -END PGP SIGNATURE-
[SECURITY] [DLA 2472-1] mutt security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-2472-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk November 30, 2020 https://wiki.debian.org/LTS - - Package: mutt Version: 1.7.2-1+deb9u4 CVE ID : CVE-2020-28896 Debian Bug : In Mutt, a text-based Mail User Agent, invalid IMAP server responses were not properly handled, potentially resulting in authentication credentials being exposed or man-in-the-middle attacks. For Debian 9 stretch, this problem has been fixed in version 1.7.2-1+deb9u4. We recommend that you upgrade your mutt packages. For the detailed security status of mutt please refer to its security tracker page at: https://security-tracker.debian.org/tracker/mutt Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAl/FZQgACgkQiNJCh6LY mLFbURAAkGibSQNfpunKZ2lmJH7YBcw2BkL2MDvCaVfYy9/vel8tzIUVn1WoEZxS 1ZCvjvC+Yhg4rrwXkiCt3/WXOHOxghYUH9D+LQNOzrkh071wXR9Y/D2AFCOD2kYb 48fVgx83IdMM6ooQh2z2+fmWkS6R4SoBaJZu9f5amNq2ODTwUxCGXqGJRLOOwVDs 7D16zAKA5G/51fn2LxOqCGl/e++n8o8zUtC8EicuZUiWZeVGWx/NFUuDEqSl1ABE 9+7K4VrZhrI8GxOC/9yKpPqGNMSpq4Uxm9C+xmlyQOldU6Nyws2x30JJ/sWToajC wgp7qXj2uCB6HDoIG7nPfhKTK2QH/SHY1GLSQvqElLoMFENBHJSrgV+nr45229L1 UDYkfWe+/zFf1J3azdU9nrm9br1X/KZAgPk+K8SkjtbDRRKxX/dUl4oAciCWWzQ+ jLRFhwiRFbT++g6UBBMq/wxxg8f0Df2sUDDApd+Fylww8oonvb+IPqUo9P/GAYjq dmzg8PAGd7tlujT1/2U0FjPfMmVbwoH801NuTdYf+xbM62EMRSW8QJFFUdWFjeK6 XpqjIsQda4Jldz0iJuzYv0nDhS96IC11wlT+f0TBIRq+5fEkaWfZr0hxyCCpiVUa d4UCod6UbAKcoGwKZPgOba9bwy4jvLH3f6D0FRpdgok1GjeWNpA= =jMhg -END PGP SIGNATURE-
[SECURITY] [DLA 2462-1] cimg security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-2462-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk November 23, 2020 https://wiki.debian.org/LTS - - Package: cimg Version: 1.7.9+dfsg-1+deb9u2 CVE ID : CVE-2020-25693 Debian Bug : 973770 Multiple heap buffer overflows have been fixed in CImg, a C++ toolkit to load, save, process and display images. For Debian 9 stretch, this problem has been fixed in version 1.7.9+dfsg-1+deb9u2. We recommend that you upgrade your cimg packages. For the detailed security status of cimg please refer to its security tracker page at: https://security-tracker.debian.org/tracker/cimg Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAl+66K0ACgkQiNJCh6LY mLFTwQ/6AkEv5OClNuTMLjhBNzznFOrGYcKnLKP7FcWy6+tk1Xialxxg/4dT+reF PFMn1Qd6ohY/q6NK+QhLBl4kOF9rlza5xYJoJ+0oj2zqYDuc+kHlLGmzrmBkPgip nvyFE1WbJFryXs1W2Qm15c40QYT3KJcdEdSyJ7W/h8ZyFq1okSumtYfBRFzE1wza vkoNQUgx8keOEuSylLU841k/rFU2ZGjeU+dcQmp704gF2imsE/NJNHDSA4dQKNlQ a9DMyK4TaY9YdwQs8ixfaHBZI375OfDAAIkN/TLhTc4mb2A/5I5p+h9Z5MeSnpxq PEz2y7gfuXZfKmq6HtfZf6jVIp217xg0pclFFvQYt+z+hjkpegTv1X5IkHrbNDxd RoHEiYXdEpPhMSdzYSKkvwpw1MJ64gOohJljzKCxTmCVfWH1/+E0qXt7G2nGSKuA o2fSLCBUwlXi1pmvX7H3hAmoloo90Ix+lM2/o8AuTBXMBez5QKyW9TRKt4IVNYDC o/8V5QRFh7G34/yrGKXMojoKteOCZiTefYyABp8oH99K9SXJFNCKk0sxsDJ/TzYN nhWAEPXpCTbyIimfYj+bEiLDFQIJAlqupjnvE15IkjCigNdbrfgRYup1pWDM78p1 hMU9krVtoY5qSrGkOuvF8lBxp/nBeAx36gW585L+NmMlEHshwu0= =M2yT -END PGP SIGNATURE-
[SECURITY] [DLA 2452-2] libdatetime-timezone-perl regression update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-2452-2debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk November 17, 2020 https://wiki.debian.org/LTS - - Package: libdatetime-timezone-perl Version: 2.09-1+2020d+1 Debian Bug : 974899 2.09-1+2020d accidentally did omit changes to some files, resulting in warnings. For Debian 9 stretch, this problem has been fixed in version 2.09-1+2020d+1. We recommend that you upgrade your libdatetime-timezone-perl packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAl+y/10ACgkQiNJCh6LY mLGG/g/+JI792cq+qWhZxM9fvEfnb+I1kjpbg6n0B2uYQDsZ5ofh1/S5lws3hmN3 prAi1DCF5eLtLc6YRp29mKxQEDvXaPdyyFIYeb2JzYsxpmKe/Aky7wKiWrFBDUb7 DlPBENR0U22grxDFsORJ2B3Pw5fXodQuU6RhLCraur4Nh0tyKdBvVgBlxrZbpHUb t1/GNdJa5eTLqLMKeai30aXZcRHc/hl4tlKyVdWkjrphyg2s9tDOm6idqVBFhkpw YVhAg13uIv1xTyiF12t/2+bb1+IHB/0200ApIam7VMCdZIYlWG0DPqpwtK1Joh32 5fotdeweDvaBL1ljQkxhAlBOK6dXCQ2NQZb47V9TUAHlQTufHQ9yZfVwzV80AtCl s3gybTwPz8dB472AC2ST5PtnlyE0S7q6IWgSYKKzqyzPrUISQtcDELJCt0agZ2OL pD9s6tn0siZTdRY9xpFqMXoF7xzj5ZpnGmtNklmFpfa6Vz3Np35oJqGu49w+zChT Ggj9NUsR4pWik52EdYY8oOhFojsdcD8VfX6wv/QfVN6dbQ2bGla+mZA1iPkdnsHW xb0G1ifpyqLOqQhdhoq8z611KN3e6ZCJpnCZg0Wo/RXpyHM5ET4n6OQnlyoVK6sf lDn0CI8YY/CqQUCu47nFWwpnBYogTnxhEalipMbTw+xwrJzSjeI= =XeVd -END PGP SIGNATURE-
[SECURITY] [DLA 2452-1] libdatetime-timezone-perl new upstream version
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-2452-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk November 16, 2020 https://wiki.debian.org/LTS - - Package: libdatetime-timezone-perl Version: 1:2.09-1+2020d This update includes the changes in tzdata 2020d for the Perl bindings. For the list of changes, see DLA-2424-1. For Debian 9 stretch, this problem has been fixed in version 1:2.09-1+2020d. We recommend that you upgrade your libdatetime-timezone-perl packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAl+xt80ACgkQiNJCh6LY mLHaKBAAi2FwVxbZ1cwZ6MbngPNkwDARXU7h0awjFCH1igyy+zFB9L1Kbrw6zkHx V88yss4gbnsbHWozM9wWzn/qFvP+jgSkAD5Z8MmS3SL11Wxo0eC7S2WQQ0mdk88W j9rMIwqTzYMRtKHuPBfrMo2ek3IJlNvY0ew3HC7fF8x1YDVzO2CqEEQF2slSt/qC LiUsIm7JU28yJYr2GnvGG9uhaMA3TCqA+4nN/rCTvl7FdtQ/dbdFFQpxCYCk2Eye R7sNCiJGHxxKlTDAj/ESdZDTINmUy06gE8eUwwTmd0md2wr1aETs1X+kOcWsyjW5 VWWdkouo6ksOg845j2KTCcZlEte6NzKZSBSf/mc66+wGCqKq1IeWiG4oaJ51WelA 963q3094oxiqsd7mViKLAYgQqmJ/atLaotgQiyQhLE3miryK1QnXzVEsQ7QFu08Y fKN1zM4P78hPTGC9aqu/y5He3u+v0snNQD7lGHN/4WtsX3L1tPtGLJDv+4GLWbEV Zs/jDHZixuWOKSRBlIveX8AVQzDglbqW2eTOy4vlasSJLEJFI6uaBi61PNbOHhob SAcDPLOg/y83HMhiWebhLrBdbA07h6MmTOiiJ/EnOSMbnU77JbkEUpqd925xHau9 m4LFT4kg6tFYSfb7eJhWboCVFT8uhvTgAG6zs1midJHBCh9xrTY= =kNXS -END PGP SIGNATURE-
[SECURITY] [DLA 2424-1] tzdata new upstream version
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-2424-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk October 31, 2020 https://wiki.debian.org/LTS - - Package: tzdata Version: 2020d-0+deb9u1 tzdata, the time zone and daylight-saving time data, has been updated to the latest version. - Revised predictions for Morocco's changes starting in 2023. - Macquarie Island has stayed in sync with Tasmania since 2011. - Casey, Antarctica is at +08 in winter and +11 in summer since 2018. - Palestine ends DST earlier than predicted, on 2020-10-24. - Fiji starts DST later than usual, on 2020-12-20. For Debian 9 stretch, this problem has been fixed in version 2020d-0+deb9u1. We recommend that you upgrade your tzdata packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAl+d2bYACgkQiNJCh6LY mLFlChAAxw1rzC9Z1b5QbW43e/II/jp/6vfH+2KMLZO0ph+N44t+wW8BLMWELQBK 3b2Oeb5V16yeG4Qfyp0ZkoDtgzPxLaaSHDJQsDGyJqMy96qwAGdpFwjZIj995BI0 BXMkMqXiAfXHrMgilGJPSVXODePG8ZYQqF8ySFhphKmr8Kpr1F5poTTx0TbXY0qt qt5NATX0d0bJwP4140ONOOgMrBOBrt2H174IxgSwS3ag9WwrYiynaUbJC8y49s/6 UGwY96oHym8e7ZACMB4zhP+kutFW7hBLv7bIijdPX0Zytn1irV2Ecsk7CysFNKdF wIGDILaRW+A1LDyFy+H+vtf21qUWSAf3fFaNI6r0c/c9BCuopKdc/xqroSm2rSQa 9Nwe6CJVg75uTomaSE/0vi4cT4XoGbuM/vW5y6F4CvHtwVjkr7u/ie5grV3/YA16 DFgRghBCPVwzMxydHr3+KBaG9p1Iq7PpGQDdgs1o6r4Rh87codH40MEMurB/rd8C Vj/MSUal/DKWYQKaUIVxIsIzDingI9KVAVQYp5J8iTaM3Zs7pQ6J0msF34Z0yNP/ 7BGmDgXWJ/tSGTp/UGL+sFApIQRAeC8+5tZcLI4IARBlQKJZN2R5LIquUYYqpuSC 9ZRXQJ8IIawy4VLZ8+D4cZ/CcGO2aWpYrrMUUPSoDq8EC94wcGY= =c069 -END PGP SIGNATURE-
[SECURITY] [DLA 2423-1] wireshark security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-2423-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk October 31, 2020 https://wiki.debian.org/LTS - - Package: wireshark Version: 2.6.8-1.1~deb9u1 CVE ID : CVE-2019-10894 CVE-2019-10895 CVE-2019-10896 CVE-2019-10899 CVE-2019-10901 CVE-2019-10903 CVE-2019-12295 Debian Bug : 926718 929446 Several vulnerabilities were fixed in the Wireshark network protocol analyzer. CVE-2019-10894 GSS-API dissector crash CVE-2019-10895 NetScaler file parser crash CVE-2019-10896 DOF dissector crash CVE-2019-10899 SRVLOC dissector crash CVE-2019-10901 LDSS dissector crash CVE-2019-10903 DCERPC SPOOLSS dissector crash CVE-2019-12295 Dissection engine could crash For Debian 9 stretch, these problems have been fixed in version 2.6.8-1.1~deb9u1. We recommend that you upgrade your wireshark packages. For the detailed security status of wireshark please refer to its security tracker page at: https://security-tracker.debian.org/tracker/wireshark Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAl+d0bQACgkQiNJCh6LY mLFSTRAAhG8eQHwfoIkgR5pCsNrqp+9/AI1KoPPb831KYJjXxxKxaN/kE4JSYpKm yxcRoryuBGAbCJUWaVPuWkztIWnStJW+ERZ0V6laKJpP65uVtY8Hm5359m6mrnG3 dpfOIVlfPE6yYu0l08olnVlOBwFu6SIhHCI/51KeiXEK0hwRb0dYYgpicar1qMJM tJO4P92IA0kskXBIR8DirlHYUwV0BZo5KAkazFHdrsneWzlSBwbXVcqXVqfusAj2 OUJSKqJViVI/a38KgF+qvTA1s02fCiU73IWQBjBqtF2cQh62ddm07dovTIO9Jj67 iUyNZUqf/26LfD8dGrdAqvlo9SrPEZoyabO3yXWMof0g2EaWlhGuxGQd+uo97Svv FzYKKaJtnOXFiM5YE7bZHZc3N7F1dtQSkK6S2kXRJG00Nw9Tm0LBjEOhWZHmyvw/ zf1cpHRD6X48d2RLVadylERkDASz5c4aSuhk1t7eOCqhKI4SQv9uh5dgXAoc3lNM N+ltiE5YOP0muApdvOjp7ahs/dLcrIzTCJG6C3dygAWLoYWPOVMI/k+rWdS2bzQI blJRE/jvjhTXI4vQ9jQjIvbf880Xt4tJPFGQuA5DfNwsOj0OvK+l0cmVMUzbHXde ZmBHTh0+MXqCiVmZEy1j4l+upvf0G30/4mZ4Kclw+/eIA/C2alw= =k3kL -END PGP SIGNATURE-
[SECURITY] [DLA 2422-1] qtsvg-opensource-src security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-2422-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk October 31, 2020 https://wiki.debian.org/LTS - - Package: qtsvg-opensource-src Version: 5.7.1~20161021-2.1 CVE ID : CVE-2018-19869 Debian Bug : Malformed SVG images were able to cause a segmentation fault in qtsvg-opensource-src, the QtSvg module for displaying the contents of SVG files in Qt. For Debian 9 stretch, this problem has been fixed in version 5.7.1~20161021-2.1. We recommend that you upgrade your qtsvg-opensource-src packages. For the detailed security status of qtsvg-opensource-src please refer to its security tracker page at: https://security-tracker.debian.org/tracker/qtsvg-opensource-src Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAl+dxcsACgkQiNJCh6LY mLG5chAAhttxchFhyPpQZaAnamgdSsXwNgfpMWQG0nz/YBuOiOceo24PpJImrMLq j6r507IcfqZeX28AtwuiMSMoW1hUvW53BCK5C7GArJXe2iHtDKeb36S8uf4+kskR 12rj3yHnkAFmc+4JadaYyosxwxj1ciCHtikAcNrCbC4jbKS2txotou7Rjht/NCL5 WmmGamsZ6RQbZrqzL0rGpk9jNsuSigA2QEpi2hOpHbNtbJjlyv1vcc2dKIXDPJjq 06wB2XQKKBmQT1zoEERHHBt/2hRnAEiYtxvFkk6B+Vwfpmhnn4MYWroEkltYNE6K YeHMTlpUOXFCsHCyrPqa5u8YlKjDPLs+UBuwdzcFCri1D46Bhh7Hq3GVlqDIrYRQ ICfliKULhFqUbNDPZYG5GSa7OO6swr/ZU7FYJM2MfNUimebtvGMv/dKi0BdGm+zF MZMoWsn0cu6xsSFZ1q7UrYaIkfM+2Wvzpy/rAPG3KxowLRMEMq5N5MU5VLKvQnnv I6aX+6FSh3B1tyEZqenYI6JSCCpg1/qY2aoTTOPwKgVoR4c0CWMzRDxsrMD4oXJE KnYqipercdlKJfGWVsQq0shWaejwarhcXCEtl8IOaHI/dTsDOXKv38hYtR7RUSqM mPXaysECmB9UWjjbSAuMx0aIiR5l70Iccaf1wq1ixvEJrMJb5ic= =HLXE -END PGP SIGNATURE-
[SECURITY] [DLA 2388-1] nss security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-2388-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk September 29, 2020https://wiki.debian.org/LTS - - Package: nss Version: 2:3.26.2-1.1+deb9u2 CVE ID : CVE-2018-12404 CVE-2018-18508 CVE-2019-11719 CVE-2019-11729 CVE-2019-11745 CVE-2019-17006 CVE-2019-17007 CVE-2020-6829 CVE-2020-12399 CVE-2020-12400 CVE-2020-12401 CVE-2020-12402 CVE-2020-12403 Debian Bug : 921614 961752 963152 Various vulnerabilities were fixed in nss, the Network Security Service libraries. CVE-2018-12404 Cache side-channel variant of the Bleichenbacher attack. CVE-2018-18508 NULL pointer dereference in several CMS functions resulting in a denial of service. CVE-2019-11719 Out-of-bounds read when importing curve25519 private key. CVE-2019-11729 Empty or malformed p256-ECDH public keys may trigger a segmentation fault. CVE-2019-11745 Out-of-bounds write when encrypting with a block cipher. CVE-2019-17006 Some cryptographic primitives did not check the length of the input text, potentially resulting in overflows. CVE-2019-17007 Handling of Netscape Certificate Sequences may crash with a NULL dereference leading to a denial of service. CVE-2020-12399 Force a fixed length for DSA exponentiation. CVE-2020-6829 CVE-2020-12400 Side channel attack on ECDSA signature generation. CVE-2020-12401 ECDSA timing attack mitigation bypass. CVE-2020-12402 Side channel vulnerabilities during RSA key generation. CVE-2020-12403 CHACHA20-POLY1305 decryption with undersized tag leads to out-of-bounds read. For Debian 9 stretch, these problems have been fixed in version 2:3.26.2-1.1+deb9u2. We recommend that you upgrade your nss packages. For the detailed security status of nss please refer to its security tracker page at: https://security-tracker.debian.org/tracker/nss Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAl9zh9AACgkQiNJCh6LY mLECsBAAwG1ooIYlA1tctSKDyDWOAZ/eXED+xSc2ybze888ttYQkCCPwKo9kC75o x7gexxkQ1re4kw7J/D9LFW/fSiCEtiU2HYgvsSjk9broRBAFzwKT5+RcQf4939rb KdQu0n5CqbSybdCq12Q6RNOj1n6SuthYYDxy58DvnU6OK+6fzFR1Av3/cVyNxCvr QiGLW23ZvWwiui3UjP2ZgPhqSMu3V+bsDcbcu1698kQitPLp34VyqU7MJZyyMT4H NZh/wbPANZyi2i4O6i6KxA7zu/O7hfdxY75svCa8/YKe+4oK2j85QtkQhKlL7d1g lW7m2OU3wMeSfjvYnRgtt+Yubl4obHptD/oS1qy7sImq849eNyD7vVcS78vVRFh8 V7q6+2viEkkta/jpw5u7ELRrjIo6lprMd0rddaDzNMiKmzumR6zUqjxuIPGNnE1+ rQ7JLl0oRZvKFBKYPzE2oo1fG77K7qIBV2qATZ6QE9bGEhApnTqKen7x1UU0n6xK UO4IfETtsYwyKvlwb1FY3nfEF/0T3tDw/wLajSjTj7eZui1bbuwthIopdKYYUbLw vSsedvKfH5c3mL3u5lCJxwp8XUMioJ8Pw9yAZgxYI8a/cZOy0Cxix2ROgIcbIq8L WZ5++RMIEJ+B0GMa8RONTcD7WGAF8Ns1LyxOohAPWau2oEfsXr0= =VSGn -END PGP SIGNATURE-