[SECURITY] [DSA 4814-1] xerces-c security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4814-1 secur...@debian.org https://www.debian.org/security/ Sebastien Delafond December 17, 2020 https://www.debian.org/security/faq - - Package: xerces-c CVE ID : CVE-2018-1311 Debian Bug : 947431 It was discovered that xerces-c, a validating XML parser library for C++, did not correctly scan DTDs. The use-after-free vulnerability resulting from this issue would allow a remote attacker to leverage a specially crafted XML file in order to crash the application or potentially execute arbitrary code. Please note that the patch fixing this issue comes at the expense of a newly introduced memory leak. For the stable distribution (buster), this problem has been fixed in version 3.2.2+debian-1+deb10u1. We recommend that you upgrade your xerces-c packages. For the detailed security status of xerces-c please refer to its security tracker page at: https://security-tracker.debian.org/tracker/xerces-c Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQEzBAEBCgAdFiEEAqSkbVtrXP4xJMh3EL6Jg/PVnWQFAl/bBZQACgkQEL6Jg/PV nWQAVQgAidQ0lluHvaQwVsE82NY+pWaYDIBH+T23VKAhecLUmUJkB6SZy77FkG4f 36nHuZYm2W+a62OFTwRy3833+OZqgSw9Jdzr4756u5XDBiDRpOaDW99Ra68VJjZl gh4svlRKUy9LWxeJxgZWoH5HitxOMp56EtsofHk/gdIRP7rRqG6k+mTNSnjjY+GR wrYqfcuvyP3frP8KJGvm8bX4zlhg14w5WNbnj3pzbgUv0taCXonV/g3TFY/egEdj wdiXo/5jhCwTAHuhMO+HWIWKuBPRIzYi0lrw1vCJL7YHgbwULYkqyMV1FEVp1FPB H+HvGCQ7azQ4fAC2GH1x1UzqgxTKpw== =/MaF -END PGP SIGNATURE-
[SECURITY] [DSA 4813-1] firefox-esr security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4813-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff December 16, 2020 https://www.debian.org/security/faq - - Package: firefox-esr CVE ID : CVE-2020-16042 CVE-2020-26971 CVE-2020-26973 CVE-2020-26974 CVE-2020-26978 CVE-2020-35111 CVE-2020-35113 Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, information disclosure or CSS sanitiser bypass. For the stable distribution (buster), these problems have been fixed in version 78.6.0esr-1~deb10u1. We recommend that you upgrade your firefox-esr packages. For the detailed security status of firefox-esr please refer to its security tracker page at: https://security-tracker.debian.org/tracker/firefox-esr Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl/aAJIACgkQEMKTtsN8 TjaM/hAAjNhnmT5NZBJknlr4/LX5NDf/7J6T3o2iZMJpktoQS5chBg2h/oa8+/6w 4cCj8V5m8M+Hnf5FxlkXF0jO+U9BGVtBPVdrs3bCheUrVu6l09yKY77GOu0QD4i0 TYMclCPE2NF8oNakuLc9notxbdcrZqi2tmjjE9asaZgHSnQ4Fz3uMQzfRsBCEj5n gkIVhHpIYDafecw91IOCqSCWNwQ7yDcYrTGvCzBPpnbqrwEX2/sQ+uW3k7+wDeLX iymlT+fCxNRvS1aeT+QxRDR3d1vKgdYPg7WFhX+hkk2gVQtHWOM5EQSzC8Z/NB8d JrPMBXVnVPxH56aX7pFVu49O0B2YrAvCGr/ue+Na1K38LnUpYJWS5CpONbA6ely5 kmUeBdkgOW2nQqXUN9PdfkBAfgRk6/kTe78NmMOJrb89r/MeMwJmUttPXgnvLD0L fv2zkKxaRofnpAo6++08ADQ3ecIPoimnog/3qa0ZZVLsaVWmQmnFq+0dITqHdhVW ZZTMD04ROV8GMiqzT1rMzzgbg6lX6d0YYEc8tMyusf0zlPI/3VsZAPYkDZnh7/ew f6ohtCL4V8E/RvzlBTcb6aIFoQii0bd7nXZSyBqcgn8Mx8tjDmtqWasV4EQjwOEu ml2oxSqcVyMkDr2zPkBEQjRqC3LWF6MUFRjOVal8onLq1vQI1pI= =y9Ln -END PGP SIGNATURE-