Debian GNU/Linux 10 (Buster) Extended LTS:
ELA-1605-1 adminer security update
Debian GNU/Linux 11 (Bullseye) LTS:
[DLA 4432-1] curl security update
Debian GNU/Linux 12 (Bookworm) and 13 (Trixie):
[DSA 6093-1] gimp security update
[SECURITY] [DLA 4432-1] curl security update
-------------------------------------------------------------------------
Debian LTS Advisory DLA-4432-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Carlos Henrique Lima Melara
January 04, 2026 https://wiki.debian.org/LTS
-------------------------------------------------------------------------
Package : curl
Version : 7.74.0-1.3+deb11u16
CVE ID : CVE-2025-9086
Debian Bug :
A vulnerability was found in Curl, an easy-to-use client-side URL transfer
library and command line tool. It can cause a crash or potentially a memory out
of bounds read.
For Debian 11 bullseye, this problem has been fixed in version
7.74.0-1.3+deb11u16.
We recommend that you upgrade your curl packages.
For the detailed security status of curl please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/curl
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
[SECURITY] [DSA 6093-1] gimp security update
- -------------------------------------------------------------------------
Debian Security Advisory DSA-6093-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
January 04, 2026 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : gimp
CVE ID : CVE-2025-14422 CVE-2025-14424 CVE-2025-14425
Several vulnerabilities were discovered in GIMP, the GNU Image
Manipulation Program, which could result in denial of service or
potentially the execution of arbitrary code if malformed XCF, JPEG 2000
or PNM files are opened.
For the oldstable distribution (bookworm), these problems have been fixed
in version 2.10.34-1+deb12u6.
For the stable distribution (trixie), these problems have been fixed in
version 3.0.4-3+deb13u4.
We recommend that you upgrade your gimp packages.
For the detailed security status of gimp please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/gimp
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
ELA-1605-1 adminer security update
Package : adminer
Version : 4.7.1-1+deb10u2 (buster)
Related CVEs :
CVE-2023-45195
CVE-2023-45196
Multiple vulnerabilities were found in adminer, a web-based database
administration tool.
CVE-2023-45195
Adminer is vulnerable to SSRF via database connection fields. This
could allow an unauthenticated remote attacker to enumerate or
access systems the attacker would not otherwise have access to.
CVE-2023-45196
Adminer allows an unauthenticated remote attacker to cause a denial
of service by connecting to an attacker-controlled service that
responds with HTTP redirects. The denial of service is subject to
PHP configuration limits.ELA-1605-1 adminer security update
