A haproxy security update has been released for Debian GNU/Linux 10 to address a denial-of-service or potential arbitrary code execution issue.
A python-bleach security update has been released for Debian GNU/Linux 8 LTS to address a regular expression denial of service (ReDoS).
A libpam-krb5 security update has been released for Debian GNU/Linux 8 LTS to address a buffer overflow that might have caused remote code execution in situations involving supplemental prompting by a Kerberos library.
A libpam-krb5 security update has been released for both Debian GNU/Linux 9 and 10 to address a buffer overflow in the PAM module for MIT Kerberos.
A gst-plugins-bad0.10 security update has been released for Debian GNU/Linux 8 LTS to address several issues including use-after-free, out of bounds reads or buffer overflow in different modules.
An apng2gif security update has been released for Debian GNU/Linux 8 LTS to address an integer overflow resulting in a heap-based buffer over-read.
A tinyproxy security update has been released for Debian GNU/Linux 8 LTS to address a minor security issue.
A nss security update has been released for Debian GNU/Linux 7 Extended LTS to address a heap-based buffer overflow.
A php-horde-form security update has been released for Debian GNU/Linux 8 LTS to address a remote code execution vulnerability in the Form API component of the Horde Application Framework.
A tika security update has been released for Debian GNU/Linux 8 LTS to address two security issues.
Updated PHP 5.4 packages has been released for Debian GNU/Linux 7 Extended LTS to address two security issues.
A php5 security update has been released for Debian GNU/Linux 8 LTS to address the following two security issues: 1) CVE-2020-7062 is about a possible null pointer derefernce, which would
likely lead to a crash, during a failed upload with progress tracking, 2) CVE-2020-7063 is about wrong file permissions of files added to tar with Phar::buildFromIterator when extracting them again.
likely lead to a crash, during a failed upload with progress tracking, 2) CVE-2020-7063 is about wrong file permissions of files added to tar with Phar::buildFromIterator when extracting them again.
A libbsd security update has been released for Debian GNU/Linux 7 Extended LTS to address an out-of-bounds read vulnerability during string comparisons.
A bluez security update has been released for both Debian GNU/Linux 9 and 10 to fix an issue that BlueZ's HID and HOGP profile implementations don't specifically require bonding between the device and the host.
A icu security update has been released for both Debian GNU/Linux 9 and 10 to address an integer overflow in the International Components for Unicode (ICU) library which could result in denial of service and potentially the execution of arbitrary code.
A okular security update has been released for both Debian GNU/Linux 8 LTS to address a security issue which allows code execution via an action link in a PDF document.
A ruby2.1 security update has been released for Debian GNU/Linux 8 LTS to address a heap overflow vulnerability in the Psych::Emitter startdocument function of Ruby.
An e2fsprogs security update has been released for Debian GNU/Linux 8 LTS to address an out-of-bounds write on the stack.
A tomcat8 security update has been released for Debian GNU/Linux 8 LTS to address the possibility of a man-in-the-middle attack.
A weechat security update has been released for Debian GNU/Linux 8 LTS to fix an issue with crafted messages, that could result in a buffer overflow and application crash.
