[SECURITY] [DLA 3796-1] mediawiki security update

- Debian LTS Advisory DLA-3796-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Guilhem Moulin April 27, 2024https://wiki.debian.org/LTS

[SECURITY] [DLA 3782-1] util-linux security update

- Debian LTS Advisory DLA-3782-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Guilhem Moulin April 07, 2024https://wiki.debian.org/LTS

Debian LTS report for March 2024

During the month of March 2024 and on behalf of Freexian, I worked on the following: phpseclib - Uploaded 1.0.19-3~deb10u3 and issued DLA-3749-1. https://lists.debian.org/msgid-search/?m=zeck08zg6y-jz...@debian.org * CVE-2024-27354: An attacker can construct a malformed certificate

[SECURITY] [DLA 3778-1] libvirt security update

- Debian LTS Advisory DLA-3778-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Guilhem Moulin April 01, 2024https://wiki.debian.org/LTS

[SECURITY] [DLA 3776-1] nodejs security update

- Debian LTS Advisory DLA-3776-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Guilhem Moulin March 26, 2024https://wiki.debian.org/LTS

[SECURITY] [DLA 3761-1] spip security update

- Debian LTS Advisory DLA-3761-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Guilhem Moulin March 15, 2024https://wiki.debian.org/LTS

[SECURITY] [DLA 3750-1] php-phpseclib security update

- Debian LTS Advisory DLA-3750-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Guilhem Moulin March 05, 2024https://wiki.debian.org/LTS

[SECURITY] [DLA 3749-1] phpseclib security update

- Debian LTS Advisory DLA-3749-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Guilhem Moulin March 05, 2024https://wiki.debian.org/LTS

Debian LTS report for February 2024

During the month of February 2024 and on behalf of Freexian, I worked on the following: gnutls28 Uploaded 3.6.7-4+deb10u12 and issued DLA-3740-1 https://lists.debian.org/msgid-search/?m=zdxck-hkepfc8...@debian.org * CVE-2024-0553: Timing side-channel attack in the RSA-PSK key

[SECURITY] [DLA 3740-1] gnutls28 security update

- Debian LTS Advisory DLA-3740-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Guilhem Moulin February 26, 2024 https://wiki.debian.org/LTS

Debian LTS report for January 2024

During the month of January 2024 and on behalf of Freexian, I worked on the following: php-phpseclib - Uploaded 2.0.30-2~deb10u2 and issued DLA-3718-1 https://lists.debian.org/msgid-search/?m=zbhgvxygvemfp...@debian.org * CVE-2023-48795: Terrapin attack phpseclib -

[SECURITY] [DLA 3723-1] libspreadsheet-parsexlsx-perl security update

- Debian LTS Advisory DLA-3723-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Guilhem Moulin January 27, 2024 https://wiki.debian.org/LTS

[SECURITY] [DLA 3719-1] phpseclib security update

- Debian LTS Advisory DLA-3719-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Guilhem Moulin January 25, 2024 https://wiki.debian.org/LTS

[SECURITY] [DLA 3718-1] php-phpseclib security update

- Debian LTS Advisory DLA-3718-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Guilhem Moulin January 25, 2024 https://wiki.debian.org/LTS

Debian LTS report for December 2023

During the month of December 2023 and on behalf of Freexian, I worked on the following: ncurses --- Uploaded 6.1+20181013-2+deb10u5 and issued DLA-3682-1 https://lists.debian.org/msgid-search/?m=zwznc9mam3buc...@debian.org * CVE-2021-39537: The tic(1) utility was susceptible to a heap

[SECURITY] [DLA 3705-1] php-guzzlehttp-psr7 security update

- Debian LTS Advisory DLA-3705-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Guilhem Moulin December 31, 2023 https://wiki.debian.org/LTS

[SECURITY] [DLA 3704-1] xerces-c security update

- Debian LTS Advisory DLA-3704-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Guilhem Moulin December 31, 2023 https://wiki.debian.org/LTS

[SECURITY] [DLA 3702-1] libspreadsheet-parseexcel-perl security update

- Debian LTS Advisory DLA-3702-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Guilhem Moulin December 31, 2023 https://wiki.debian.org/LTS

[SECURITY] [DLA 3701-1] tinyxml security update

- Debian LTS Advisory DLA-3701-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Guilhem Moulin December 31, 2023 https://wiki.debian.org/LTS

[SECURITY] [DLA 3691-1] spip security update

- Debian LTS Advisory DLA-3691-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Guilhem Moulin December 18, 2023 https://wiki.debian.org/LTS

[SECURITY] [DLA 3683-1] roundcube security update

- Debian LTS Advisory DLA-3683-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Guilhem Moulin December 05, 2023 https://wiki.debian.org/LTS

[SECURITY] [DLA 3682-1] ncurses security update

- Debian LTS Advisory DLA-3682-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Guilhem Moulin December 03, 2023 https://wiki.debian.org/LTS

Re: [SECURITY] [DLA 3676-1] horizon security update

On Thu, 30 Nov 2023 at 19:47:42 -0500, Roberto C. Sánchez wrote: > Yes, I would recommend two things. Done, thanks Roberto! -- Guilhem.

Re: [SECURITY] [DLA 3676-1] horizon security update - INCORRECT DLA ID

On Thu, 30 Nov 2023 at 23:59:28 +0100, Guilhem Moulin wrote: > - > Debian LTS Advisory DLA-3676-1debian-lts@lists.debian.org > https://www.debian.org/lts/security/ Guilh

[SECURITY] [DLA 3678-1] horizon security update - CORRECTED ANNOUNCEMENT

- Debian LTS Advisory DLA-3678-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Guilhem Moulin December 30, 2023 https://wiki.debian.org/LTS

Debian LTS report for November 2023

During the month of November 2023 and on behalf of Freexian, I worked on the following: opensc -- Uploaded 0.19.0-1+deb10u3 and issued DLA-3668-1 https://lists.debian.org/msgid-search/?m=zwpsqzcsk_2as...@debian.org * CVE-2023-40660: Potential PIN bypass. The bypass was removed and

Re: [SECURITY] [DLA 3676-1] horizon security update

On Thu, 30 Nov 2023 at 23:59:28 +0100, Guilhem Moulin wrote: > - > Debian LTS Advisory DLA-3676-1debian-lts@lists.debian.org > https://www.debian.org/lts/security/ Guilh

[SECURITY] [DLA 3676-1] horizon security update

- Debian LTS Advisory DLA-3676-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Guilhem Moulin November 30, 2023 https://wiki.debian.org/LTS

[SECURITY] [DLA 3671-1] mediawiki security update

- Debian LTS Advisory DLA-3671-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Guilhem Moulin November 28, 2023 https://wiki.debian.org/LTS

[SECURITY] [DLA 3669-1] cryptojs security update

- Debian LTS Advisory DLA-3669-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Guilhem Moulin November 27, 2023 https://wiki.debian.org/LTS

[SECURITY] [DLA 3668-1] opensc security update

- Debian LTS Advisory DLA-3668-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Guilhem Moulin November 27, 2023 https://wiki.debian.org/LTS

Re: MediaWiki on buster

Hi, On Sat, 18 Nov 2023 at 03:39:33 -0500, Chris Frey wrote: > I noticed that MediaWiki has suffered from the following CVE's for > a while: > > CVE-2023-45363 > CVE-2023-45362 > CVE-2023-45360 > > Is the work-in-progress available via git somewhere? Fixed CVE-2023-3550 and

Debian LTS report for October 2023

During the month of October 2023 and on behalf of Freexian, I worked on the following: python-urllib3 -- Uploaded 1.24.1-1+deb10u1 and issued DLA-3610-1 https://lists.debian.org/msgid-search/?m=zsknlpfmnhu4q...@debian.org * CVE-2018-25091: The fix for CVE-2018-20060 did not cover

[SECURITY] [DLA 3630-1] roundcube security update

- Debian LTS Advisory DLA-3630-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Guilhem Moulin October 24, 2023 https://wiki.debian.org/LTS

[SECURITY] [DLA 3611-1] inetutils security update

- Debian LTS Advisory DLA-3611-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Guilhem Moulin October 08, 2023 https://wiki.debian.org/LTS

[SECURITY] [DLA 3610-1] python-urllib3 security update

- Debian LTS Advisory DLA-3610-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Guilhem Moulin October 08, 2023 https://wiki.debian.org/LTS

Debian LTS report for September 2023

During the month of September 2023 and on behalf of Freexian, I worked on the following: php7.3 -- Uploaded 7.3.31-1~deb10u5 and issued DLA-3555-1 https://lists.debian.org/msgid-search/?m=zpexm9jokfktz...@debian.org * CVE-2023-3823: Security issue with external entity loading in XML

[SECURITY] [DLA 3590-1] python-reportlab security update

- Debian LTS Advisory DLA-3590-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Guilhem Moulin September 29, 2023https://wiki.debian.org/LTS

[SECURITY] [DLA 3589-1] python-git security update

- Debian LTS Advisory DLA-3589-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Guilhem Moulin September 29, 2023https://wiki.debian.org/LTS

[SECURITY] [DLA 3577-1] roundcube security update

- Debian LTS Advisory DLA-3577-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Guilhem Moulin September 22, 2023https://wiki.debian.org/LTS

[SECURITY] [DLA 3560-1] libraw security update

- Debian LTS Advisory DLA-3560-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Guilhem Moulin September 10, 2023https://wiki.debian.org/LTS

[SECURITY] [DLA 3559-1] libssh2 security update

- Debian LTS Advisory DLA-3559-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Guilhem Moulin September 08, 2023https://wiki.debian.org/LTS

[SECURITY] [DLA 3555-1] php7.3 security update

- Debian LTS Advisory DLA-3555-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Guilhem Moulin September 05, 2023https://wiki.debian.org/LTS

Debian LTS report for August 2023

During the month of August 2023 and on behalf of Freexian, I worked on the following: * DLA-3515-1 for cjose=0.6.1+dfsg1-1+deb10u1 [CVE-2023-37464] https://lists.debian.org/msgid-search/?m=zmzs4jlh%2bwykb...@debian.org * DLA-3551-1 for otrs2=6.0.16-2+deb10u1 [CVE-2019-11358,

[SECURITY] [DLA 3551-1] otrs2 security update

- Debian LTS Advisory DLA-3551-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Guilhem Moulin August 31, 2023 https://wiki.debian.org/LTS

[SECURITY] [DLA 3515-1] cjose security update

- Debian LTS Advisory DLA-3515-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Guilhem Moulin August 04, 2023 https://wiki.debian.org/LTS

Debian LTS report for July 2023

During the month of July 2023 and on behalf of Freexian, I worked on the following: * DLA-3488-1 for node-tough-cookie=2.3.4+dfsg-1+deb10u1 [CVE-2023-26136] https://lists.debian.org/msgid-search/?m=zkxrmnkoiqoif...@debian.org * DLA-3493-1 for symfony=3.4.22+dfsg-2+deb10u2

[SECURITY] [DLA 3507-1] pandoc security update

- Debian LTS Advisory DLA-3507-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Guilhem Moulin July 25, 2023 https://wiki.debian.org/LTS

[SECURITY] [DLA 3499-1] libapache2-mod-auth-openidc security update

- Debian LTS Advisory DLA-3499-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Guilhem Moulin July 19, 2023 https://wiki.debian.org/LTS

[SECURITY] [DLA 3496-1] lemonldap-ng security update

- Debian LTS Advisory DLA-3496-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Guilhem Moulin July 14, 2023 https://wiki.debian.org/LTS

[SECURITY] [DLA 3493-1] symfony security update

- Debian LTS Advisory DLA-3493-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Guilhem Moulin July 11, 2023 https://wiki.debian.org/LTS

[SECURITY] [DLA 3488-1] node-tough-cookie security update

- Debian LTS Advisory DLA-3488-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Guilhem Moulin July 10, 2023 https://wiki.debian.org/LTS

Debian LTS report for June 2023

During the month of June 2023 and on behalf of Freexian, I worked on the following: * DLA-3442-1 for nbconvert=5.4-2+deb10u1 [CVE-2021-32862: GHSL-2021-1013 to -1028] https://lists.debian.org/msgid-search/?m=zhteirpktw6wr...@debian.org * DLA-3458-1 for php7.3=7.3.31-1~deb10u4

[SECURITY] [DLA 3469-1] lua5.3 security update

- Debian LTS Advisory DLA-3469-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Guilhem Moulin June 23, 2023 https://wiki.debian.org/LTS

[SECURITY] [DLA 3463-1] opensc security update

- Debian LTS Advisory DLA-3463-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Guilhem Moulin June 21, 2023 https://wiki.debian.org/LTS

[SECURITY] [DLA 3460-1] python-mechanize security update

- Debian LTS Advisory DLA-3460-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Guilhem Moulin June 20, 2023 https://wiki.debian.org/LTS

[SECURITY] [DLA 3458-1] php7.3 security update

- Debian LTS Advisory DLA-3458-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Guilhem Moulin June 20, 2023 https://wiki.debian.org/LTS

[SECURITY] [DLA 3442-1] nbconvert security update

- Debian LTS Advisory DLA-3442-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Guilhem Moulin June 03, 2023 https://wiki.debian.org/LTS

Debian LTS report for May 2023

During the month of May 2023 and on behalf of Freexian, I worked on the following: * DLA-3424-1 for python-ipaddress=1.0.17-1+deb10u1 CVE-2020-14422 https://lists.debian.org/msgid-search/?m=zglark8btpj4t...@debian.org * DLA-3425-1 for sqlparse=0.2.4-1+deb10u1 CVE-2023-30608

[SECURITY] [DLA 3436-2] sssd regression update

- Debian LTS Advisory DLA-3436-2debian-...@lists.debian.org https://www.debian.org/lts/security/ Guilhem Moulin May 31, 2023 https://wiki.debian.org/LTS

[SECURITY] [DLA 3436-1] sssd security update

- Debian LTS Advisory DLA-3436-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Guilhem Moulin May 29, 2023 https://wiki.debian.org/LTS

[SECURITY] [DLA 3435-1] rainloop security update

- Debian LTS Advisory DLA-3435-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Guilhem Moulin May 28, 2023 https://wiki.debian.org/LTS

[SECURITY] [DLA 3433-1] libraw security update

- Debian LTS Advisory DLA-3433-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Guilhem Moulin May 27, 2023 https://wiki.debian.org/LTS

[SECURITY] [DLA 3425-1] sqlparse security update

- Debian LTS Advisory DLA-3425-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Guilhem Moulin May 16, 2023 https://wiki.debian.org/LTS

[SECURITY] [DLA 3424-1] python-ipaddress security update

- Debian LTS Advisory DLA-3424-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Guilhem Moulin May 16, 2023 https://wiki.debian.org/LTS

Debian LTS report for April 2023

During the month of April 2023 and on behalf of Freexian, I worked on the following: * DLA-3410-1 for openvswitch=2.10.7+ds1-0+deb10u4 CVE-2023-1668 https://lists.debian.org/msgid-search/?m=ze8ep8fiq5ztl...@debian.org * Triage WordPress' outstanding CVEs and conclude no DLA is

[SECURITY] [DLA 3410-1] openvswitch security update

- Debian LTS Advisory DLA-3410-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Guilhem Moulin May 01, 2023 https://wiki.debian.org/LTS

Debian LTS report for March 2023

During the month of March 2023 and on behalf of Freexian, I worked on the following: * DLA-3347-2 for spip=3.2.4-1+deb10u11 [Regression update for DLA-3347-1] https://lists.debian.org/msgid-search/?m=zaj85ko1lavxw...@debian.org * DLA-3363-1 for pcre2=10.32-5+deb10u1

[SECURITY] [DLA 3363-1] pcre2 security update

- Debian LTS Advisory DLA-3363-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Guilhem Moulin March 16, 2023https://wiki.debian.org/LTS

[SECURITY] [DLA 3347-2] spip regression update

- Debian LTS Advisory DLA-3347-2debian-...@lists.debian.org https://www.debian.org/lts/security/ Guilhem Moulin March 03, 2023https://wiki.debian.org/LTS

Debian LTS report for February 2023

During the month of February 2023 and on behalf of Freexian, I worked on the following: * DLA-3336-1 for node-url-parse=1.2.0-2+deb10u2 CVE-2021-3664, CVE-2021-27515, CVE-2022-0512, CVE-2022-0639, CVE-2022-0686 and CVE-2022-0691

[SECURITY] [DLA 3348-1] syslog-ng security update

- Debian LTS Advisory DLA-3348-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Guilhem Moulin March 01, 2023https://wiki.debian.org/LTS

[SECURITY] [DLA 3347-1] spip security update

- Debian LTS Advisory DLA-3347-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Guilhem Moulin February 27, 2023 https://wiki.debian.org/LTS

[SECURITY] [DLA 3345-1] php7.3 security update

- Debian LTS Advisory DLA-3345-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Guilhem Moulin February 26, 2023 https://wiki.debian.org/LTS

[SECURITY] [DLA 3344-1] nodejs security update

- Debian LTS Advisory DLA-3344-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Guilhem Moulin February 26, 2023 https://wiki.debian.org/LTS

[SECURITY] [DLA 3336-1] node-url-parse security update

- Debian LTS Advisory DLA-3336-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Guilhem Moulin February 23, 2023 https://wiki.debian.org/LTS

Debian LTS report for January 2023

During the month of January 2023 and on behalf of Freexian, I worked on the following: * DLA-3270-1: net-snmp 5.7.3+dfsg-5+deb10u4 CVE-2022-44793 and CVE-2022-44792 https://lists.debian.org/msgid-search/Y8Nreff/4mms8...@debian.org * DLA-3271-1: node-minimatch 3.0.4-3+deb10u1

[SECURITY] [DLA 3299-1] node-qs security update

- Debian LTS Advisory DLA-3299-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Guilhem Moulin January 30, 2023 https://wiki.debian.org/LTS

[SECURITY] [DLA 3291-1] node-object-path security update

- Debian LTS Advisory DLA-3291-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Guilhem Moulin January 29, 2023 https://wiki.debian.org/LTS

[SECURITY] [DLA 3289-1] dojo security update

- Debian LTS Advisory DLA-3289-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Guilhem Moulin January 28, 2023 https://wiki.debian.org/LTS

[SECURITY] [DLA 3287-1] lemonldap-ng security update

- Debian LTS Advisory DLA-3287-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Guilhem Moulin January 28, 2023 https://wiki.debian.org/LTS

[SECURITY] [DLA 3285-1] libapache-session-browseable-perl security update

- Debian LTS Advisory DLA-3285-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Guilhem Moulin January 28, 2023 https://wiki.debian.org/LTS

[SECURITY] [DLA 3284-1] libapache-session-ldap-perl security update

- Debian LTS Advisory DLA-3284-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Guilhem Moulin January 28, 2023 https://wiki.debian.org/LTS

[SECURITY] [DLA 3271-1] node-minimatch security update

- Debian LTS Advisory DLA-3271-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Guilhem Moulin January 15, 2023 https://wiki.debian.org/LTS

[SECURITY] [DLA 3270-1] net-snmp security update

- Debian LTS Advisory DLA-3270-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Guilhem Moulin January 15, 2023 https://wiki.debian.org/LTS

LTS report for December 2022

Hi, During the month of December 2022 and on behalf of Freexian, I worked on the following: * DLA-3221-1, node-cached-path-relative (prototype pollution) https://lists.debian.org/msgid-search/y40yr8jdg8vmg...@debian.org * DLA-3222-1, node-fetch (information leak)

[SECURITY] [DLA 3260-1] node-xmldom security update

- Debian LTS Advisory DLA-3260-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Guilhem Moulin January 01, 2023 https://wiki.debian.org/LTS

[SECURITY] [DLA 3258-1] node-loader-utils security update

- Debian LTS Advisory DLA-3258-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Guilhem Moulin December 31, 2022 https://wiki.debian.org/LTS

[SECURITY] [DLA 3252-1] cacti security update

- Debian LTS Advisory DLA-3252-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Guilhem Moulin December 31, 2022 https://wiki.debian.org/LTS

[SECURITY] [DLA 3237-1] node-tar security update

- Debian LTS Advisory DLA-3237-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Guilhem Moulin December 12, 2022 https://wiki.debian.org/LTS

[SECURITY] [DLA 3235-1] node-eventsource security update

- Debian LTS Advisory DLA-3235-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Guilhem Moulin December 11, 2022 https://wiki.debian.org/LTS

[SECURITY] [DLA 3222-1] node-fetch security update

- Debian LTS Advisory DLA-3222-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Guilhem Moulin December 05, 2022 https://wiki.debian.org/LTS

[SECURITY] [DLA 3221-1] node-cached-path-relative security update

- Debian LTS Advisory DLA-3221-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Guilhem Moulin December 05, 2022 https://wiki.debian.org/LTS

[SECURITY] [DLA 3206-1] heimdal security update

- Debian LTS Advisory DLA-3206-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Guilhem Moulin November 26, 2022 https://wiki.debian.org/LTS

[SECURITY] [DLA 3205-1] inetutils security update

- Debian LTS Advisory DLA-3205-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Guilhem Moulin November 25, 2022 https://wiki.debian.org/LTS

Re: roundcube: CVE-2021-46144: XSS vulnerability via HTML messages with malicious CSS content

Hi Sylvain! On Wed, 12 Jan 2022 at 15:48:51 +0100, Sylvain Beucler wrote: > On 12/01/2022 14:15, Guilhem Moulin wrote: >> In a recent post roundcube webmail upstream has announced the following >> security fix for #1003027. >> >> CVE-2021-46144: Cross-site script

roundcube: CVE-2021-46144: XSS vulnerability via HTML messages with malicious CSS content

for CVE-2021-46144: Fix cross-site scripting (XSS) via HTML +messages with malicious CSS content. (Closes: #1003027) + + -- Guilhem Moulin Wed, 12 Jan 2022 12:56:32 +0100 + roundcube (1.2.3+dfsg.1-4+deb9u9) stretch-security; urgency=high * Non-maintainer upload by the LTS team. diff -Nru

Re: roundcube: CVE-2020-35730: XSS vulnerability via malious HTML or plaintext messages

On Mon, 28 Dec 2020 at 12:10:46 +0530, Utkarsh Gupta wrote: > On Mon, Dec 28, 2020 at 8:28 AM Guilhem Moulin wrote: >> Debdiff tested and attached. I can upload if you'd like but would >> appreciate if you could take care of the DLA :-) > > Yes, please. I can take care of

roundcube: CVE-2020-35730: XSS vulnerability via malious HTML or plaintext messages

content svg/namespace. (Closes: #978491) + + -- Guilhem Moulin Mon, 28 Dec 2020 03:25:57 +0100 + roundcube (1.2.3+dfsg.1-4+deb9u7) stretch-security; urgency=high * Backport security fix for CVE-2020-16145: Cross-site scripting (XSS) diff -Nru roundcube-1.2.3+dfsg.1/debian/patches/CVE-2020-35730

Re: roundcube: CVE-2020-16145: XSS vulnerability via HTML messages with malicious SVG or math content

Hi Roberto, On Tue, 11 Aug 2020 at 14:57:15 -0400, Roberto C. Sánchez wrote: >>> Dear security team, Should have been LTS team of course, bad templating from my side :-P >> I'll take care of it shortly. >> > I have uploaded the updated, published the DLA to the mailing list and > submitted a

  1   2   >