An unbound security update has been released for both Debian GNU/Linux 9 and 10 to address two vulnerabilities in Unbound.
A tomcat7 security update has been released for Debian GNU/Linux 7 Extended LTS to address a potential remote code execution via deserialization of local files on the filesystem within tomcat7.
A transmission security update has been released for Debian GNU/Linux 8 LTS to address a denial of service (crash) or possible execution of arbitrary code.
A netqmail security update has been released for Debian GNU/Linux 9 and 10 to multiple vulnerabilities in qmail.
A cracklib2 security update has been released for Debian GNU/Linux 8 LTS to address a stack-based buffer overflow when parsing large GECOS fields in cracklib2
A feh security update has been released for Debian GNU/Linux 8 LTS to address an out-of-boundary heap write with the image viewer feh while receiving an IPC message.
A tomcat7 security update has been released for Debian GNU/Linux 8 LTS to address a potential remote code execution via deserialization in tomcat7.
A ruby-rack security update has been released for Debian GNU/Linux 8 LTS to address a possible directory traversal vulnerability in the Rack::Directory app that is bundled with Rack.
A pdns-recursor security update has been released for Debian GNU/Linux 10 to address two vulnerabilities, a traffic amplification attack against third party authoritative name servers (NXNSAttack) and insufficient validation of NXDOMAIN responses lacking an SOA.
A dovecot security update has been released for Debian GNU/Linux 10 to address several vulnerabilities, which could cause crashes in the submission, submission-login or lmtp services, resulting in denial of service.
A bind9 security update has been released for both Debian GNU/Linux 9 and 10 to address several vulnerabilities.
A clamav security update has been released for Debian GNU/Linux 8 LTS to address two security issues.
A dpdk security update has been released for both Debian GNU/Linux 9 and 10 to address multiple vulnerabilities, which could result in denial of service or the execution of arbitrary code by malicious guests/containers.
A exim4 security update has been released for Debian GNU/Linux 8 LTS to address an authentication bypass vulnerability in the spa authentication driver.
A libexif security update has been released for Debian GNU/Linux 8 LTS to address various vulnerabilities in libexif.
An openconnect security update has been released for Debian GNU/Linux 8 LTS to address a buffer overflow.
An exim4 security update has been released for both Debian GNU/Linux 9 and 10 to address an authentication bypass vulnerability.
An apache-log4j1.2 security update has been released for both Debian GNU/Linux 9 and 10 to address an issue where an attacker can execute arbitrary code in the context of the logger application.
A log4net security update has been released for Debian GNU/Linux 8 LTS to address an XML external entity vulnerability.
Ondřej Surý has released updated PHP packages for Debian GNU/Linux 8 LTS, 9, and 10
