[DSA 5937-1] webkit2gtk security update
[DSA 5939-1] gimp security update
[DSA 5938-1] python-tornado security update
[SECURITY] [DSA 5937-1] webkit2gtk security update
- -------------------------------------------------------------------------
Debian Security Advisory DSA-5937-1 security@debian.org
https://www.debian.org/security/ Alberto Garcia
June 06, 2025 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : webkit2gtk
CVE ID : CVE-2025-24223 CVE-2025-31204 CVE-2025-31205 CVE-2025-31206
CVE-2025-31215 CVE-2025-31257
The following vulnerabilities have been discovered in the WebKitGTK
web engine:
CVE-2025-24223
rheza and an anonymous researcher discovered that processing
maliciously crafted web content may lead to memory corruption.
CVE-2025-31204
Nan Wang discovered that processing maliciously crafted web
content may lead to memory corruption.
CVE-2025-31205
Ivan Fratric discovered that a malicious website may exfiltrate
data cross-origin.
CVE-2025-31206
An anonymous researcher discovered that processing maliciously
crafted web content may lead to an unexpected process crash.
CVE-2025-31215
Jiming Wang and Jikai Ren discovered that processing maliciously
crafted web content may lead to an unexpected process crash.
CVE-2025-31257
Juergen Schmied discovered that processing maliciously crafted web
content may lead to an unexpected process crash.
For the stable distribution (bookworm), these problems have been fixed in
version 2.48.3-1~deb12u1.
We recommend that you upgrade your webkit2gtk packages.
For the detailed security status of webkit2gtk please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/webkit2gtk
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
[SECURITY] [DSA 5939-1] gimp security update
- -------------------------------------------------------------------------
Debian Security Advisory DSA-5939-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
June 06, 2025 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : gimp
CVE ID : CVE-2025-2760 CVE-2025-2761 CVE-2025-48797 CVE-2025-48798
Several vulnerabilities were discovered in GIMP, the GNU Image
Manipulation Program, which could result in denial of service or
potentially the execution of arbitrary code if malformed XCF, TGA, DDS,
FLI or ICO files are opened.
For the stable distribution (bookworm), these problems have been fixed in
version 2.10.34-1+deb12u3.
We recommend that you upgrade your gimp packages.
For the detailed security status of gimp please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/gimp
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
[SECURITY] [DSA 5938-1] python-tornado security update
- -------------------------------------------------------------------------
Debian Security Advisory DSA-5938-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
June 06, 2025 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : python-tornado
CVE ID : CVE-2025-47287
It was discovered that the Tornado Python web framework performed
excessive logging when parsing some multipart/form-data requests, which
could result in denial of service.
For the stable distribution (bookworm), this problem has been fixed in
version 6.2.0-3+deb12u2.
We recommend that you upgrade your python-tornado packages.
For the detailed security status of python-tornado please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/python-tornado
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
