[SECURITY] [DSA 4661-1] openssl security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4661-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff April 21, 2020https://www.debian.org/security/faq - - Package: openssl CVE ID : CVE-2020-1967 Bernd Edlinger discovered that malformed data passed to the SSL_check_chain() function during or after a TLS 1.3 handshake could cause a NULL dereference, resulting in denial of service. The oldstable distribution (stretch) is not affected. For the stable distribution (buster), this problem has been fixed in version 1.1.1d-0+deb10u3. We recommend that you upgrade your openssl packages. For the detailed security status of openssl please refer to its security tracker page at: https://security-tracker.debian.org/tracker/openssl Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl6e+koACgkQEMKTtsN8 TjZYpA//YvGfr9NTErugtCJQ7KwRJGrXeKsYehR/EJXj1wR77f6k4HRc5J9AiLbV HaS+EKOPWS+buQ6MTS4hslwxhNzAlnharrzhSh2RrUZTfYB66+GhiPiilf09iXsG 2xTTqQW2stoOhzo8Qw6cN3SL7avw61moJwcIlFYxZ4wMuAZbLVSUw2Dlnk0LN3UP 4LD5k5sEYzlt57rygNJsFkquwpr5eth3FvCm5WYGorvcEJzhgdTgnerpSD1DYd84 eZczcYXCnnjXKeeJT3TPIgDiNt3eSP5ixQni1+lpR3bGfZHmlr7MwhhttQMvL+o7 lFP+M19/osxkYs9jt69naDxQIo0tHomrVCtBhTPdC6EIUPGMv4sIjLSIcJKWMhfC tax66NcCWrgRn62v60IgY26nWg52ZLezcOZyqUrMfeEzzCT3lQ5vXd7/+23YU689 PKTpXw4eyOEg3wp7kjyS9Xd2xGjwzGzq5jjK4cVwTPCZMhnlQTef7WLoWLwSqHIi pUTDnZZsBZJJ5l8Xp5j2tAwFhUseih1zd0Iz32Jog2YdUFZ4gd280/whDs8Iu9SR ZeD0mpKw0vsBvG6/yDypbOmRCvrhjSgtixx5Z/yiswSP0WGZg2Y+GAl9LVByBY7K JzfXM799tz16MrKVinXPsIAfZTrr6nbrxYuyDwQ4X7iFdJZ6T3g= =RykD -END PGP SIGNATURE-
[SECURITY] [DSA 4660-1] awl security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4660-1 secur...@debian.org https://www.debian.org/security/ Sebastien Delafond April 21, 2020https://www.debian.org/security/faq - - Package: awl CVE ID : CVE-2020-11728 CVE-2020-11729 Debian Bug : 956650 Andrew Bartlett discovered that awl, DAViCal Andrew's Web Libraries, did not properly handle session management: this would allow a malicious user to impersonate other sessions or users. For the oldstable distribution (stretch), these problems have been fixed in version 0.57-1+deb9u1. For the stable distribution (buster), these problems have been fixed in version 0.60-1+deb10u1. We recommend that you upgrade your awl packages. For the detailed security status of awl please refer to its security tracker page at: https://security-tracker.debian.org/tracker/awl Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQEzBAEBCgAdFiEEAqSkbVtrXP4xJMh3EL6Jg/PVnWQFAl6e23sACgkQEL6Jg/PV nWQCzwf/WQHLwG1K3u69Y0zAMKUyN7/aAaMKXvejPG/ufJ/bkNLNpkMSHYa0viM8 C27bAE04UzHcpd+xERqjJPZsqBhQB80BBH/Cf0hXlw5dzBYubVwUlJ8JymHR9gA0 yAnT53N+0QhAEU2xuo8Q25M/0mq371bTPoVmplBEIvJkL22Gv0fnyEmOvNnAMHu1 CAJuDiqB/Uw5qcmYiQCJakyMxL7qPeZvzgmrr+9EZPz1+yVAGAUo52FfMJpVkEMn Tfxx2APvPOzz84AZ5M7s/sei+jDNI2HuGHoYnFfygtxQSLAKKdL0TIGGtcbl5f5B xNdI4ZFotRkGXwwc/ookymwqDFULfQ== =BTC4 -END PGP SIGNATURE-