Debian GNU/Linux 8 (Jessie), 9 (Stretch) and 10 (Buster) Extended LTS:
ELA-1447-1 net-tools security update
Debian GNU/Linux 9 (Stretch) and 10 (Buster) Extended LTS:
ELA-1445-1 espeak-ng security update
ELA-1446-1 libvpx security update
Debian GNU/Linux 11 (Bullseye) LTS:
[DLA 4198-1] espeak-ng security update
[DLA 4202-1] net-tools security update
[DLA 4201-1] libvpx security update
[DLA 4200-1] symfony security update
[SECURITY] [DLA 4198-1] espeak-ng security update
- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4198-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Thorsten Alteholz
May 31, 2025 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : espeak-ng
Version : 1.50+dfsg-7+deb11u2
CVE ID : CVE-2023-49990 CVE-2023-49991 CVE-2023-49992
CVE-2023-49993 CVE-2023-49994
Several issues have been found in espeak-ng, a Multi-lingual software
speech synthesizer.
The issues are related to buffer overflow or underflow in several
functions and a floating point exception.
For Debian 11 bullseye, these problems have been fixed in version
1.50+dfsg-7+deb11u2.
We recommend that you upgrade your espeak-ng packages.
For the detailed security status of espeak-ng please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/espeak-ng
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequen
ELA-1445-1 espeak-ng security update
Package : espeak-ng
Version : 1.49.0+dfsg-11+deb9u1 (stretch), 1.49.2+dfsg-8+deb10u2 (buster)
Related CVEs :
CVE-2023-49990
CVE-2023-49991
CVE-2023-49992
CVE-2023-49993
CVE-2023-49994
Several issues have been found in espeak-ng, a Multi-lingual software
speech synthesizer.
The issues are related to buffer overflow or underflow in several
functions and a floating point exception.ELA-1445-1 espeak-ng security update
[SECURITY] [DLA 4202-1] net-tools security update
- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4202-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Adrian Bunk
May 31, 2025 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : net-tools
Version : 1.60+git20181103.0eebece-1+deb11u2
CVE ID : CVE-2025-46836
Debian Bug : 1105806
Multiple stack-based buffer overflows have been fixed in the net-tools
network utilities.
For Debian 11 bullseye, this problem has been fixed in version
1.60+git20181103.0eebece-1+deb11u2.
We recommend that you upgrade your net-tools packages.
For the detailed security status of net-tools please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/net-tools
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
[SECURITY] [DLA 4201-1] libvpx security update
- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4201-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Adrian Bunk
May 31, 2025 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : libvpx
Version : 1.9.0-1+deb11u4
CVE ID : CVE-2025-5283
Debian Bug : 1106689
Double free on init failure has been fixed in libvpx, a library for
decoding and encoding VP8 and VP9 videos.
For Debian 11 bullseye, this problem has been fixed in version
1.9.0-1+deb11u4.
We recommend that you upgrade your libvpx packages.
For the detailed security status of libvpx please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libvpx
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
[SECURITY] [DLA 4200-1] symfony security update
-------------------------------------------------------------------------
Debian LTS Advisory DLA-4200-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Guilhem Moulin
May 31, 2025 https://wiki.debian.org/LTS
-------------------------------------------------------------------------
Package : symfony
Version : 4.4.19+dfsg-2+deb11u7
CVE ID : CVE-2024-50343 CVE-2024-50345
Security vulnerabilities were found in symfony, a PHP framework for web
and console applications and a set of reusable PHP components, which
could lead to validation bypass or open redirects.
CVE-2024-50343
It was discovered input ending with `\n` could bypass Validators.
CVE-2024-50345
Sam Mush discovered that due to URI parsing mismatch between common
browsers and the Request class, an attacker could supply a specially
crafted URI to bypass validation and redirect users to another
domain.
For Debian 11 bullseye, these problems have been fixed in version
4.4.19+dfsg-2+deb11u7.
We recommend that you upgrade your symfony packages.
For the detailed security status of symfony please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/symfony
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
ELA-1447-1 net-tools security update
Package : net-tools
Version : 1.60-26+deb8u1 (jessie), 1.60+git20161116.90da8a0-1+deb9u1 (stretch), 1.60+git20180626.aebd88e-1+deb10u1 (buster)
Related CVEs :
CVE-2025-46836
Multiple stack-based buffer overflows have been fixed in the net-tools network utilities.ELA-1447-1 net-tools security update
ELA-1446-1 libvpx security update
Package : libvpx
Version : 1.6.1-3+deb9u7 (stretch), 1.7.0-3+deb10u4 (buster)
Related CVEs :
CVE-2025-5283
Double free on init failure has been fixed in libvpx, a library for decoding and encoding VP8 and VP9 videos.ELA-1446-1 libvpx security update
