Letzte Aktivitäten

Package : tiff
CVE ID : CVE-2019-14973 CVE-2019-17546

Multiple integer overflows have been discovered in the libtiff library and the included tools.

For the stable distribution (buster), these problems have been fixed in version…

Package : openconnect
CVE ID : CVE-2019-16239
Debian Bug : 940871

Lukas Kupczyk reported a vulnerability in the handling of chunked HTTP in openconnect, an open client for Cisco AnyConnect, Pulse and GlobalProtect VPN. A malicious HTTP…

Package : chromium
CVE ID : CVE-2019-13725 CVE-2019-13726 CVE-2019-13727 CVE-2019-13728
CVE-2019-13729 CVE-2019-13730 CVE-2019-13732 CVE-2019-13734
CVE-2019-13735 CVE-2019-13736 CVE-2019-13737 CVE-2019-13738
CVE-2019-13739 CVE-2019-13740…

Package : openjdk-11
CVE ID : CVE-2020-2583 CVE-2020-2590 CVE-2020-2593 CVE-2020-2601
CVE-2020-2604 CVE-2020-2654 CVE-2020-2655

Several vulnerabilities have been discovered in the OpenJDK Java runtime, resulting in denial of service,…

Package : cacti
CVE ID : CVE-2019-16723 CVE-2019-17357 CVE-2019-17358
Debian Bug : 947374 947375 941036

Multiple issues have been found in cacti, a server monitoring system, potentially resulting in SQL code execution or information…

Package : thunderbird
CVE ID : CVE-2019-17016 CVE-2019-17017 CVE-2019-17022
CVE-2019-17024 CVE-2019-17026

Multiple security issues have been found in Thunderbird which could potentially result in the execution of arbitrary code or information…

Package : xen
CVE ID : CVE-2019-17349 CVE-2019-17350 CVE-2019-18420 CVE-2019-18421
CVE-2019-18422 CVE-2019-18423 CVE-2019-18424 CVE-2019-18425
CVE-2019-19577 CVE-2019-19578 CVE-2019-19579 CVE-2019-19580
CVE-2019-19581 CVE-2019-19582…

Package : ldm
CVE ID : not yet available

It was discovered that a hook script of ldm, the display manager for the Linux Terminal Server Project incorrectly parsed responses from an SSH server which could result in local root privilege…

Package : firefox-esr
CVE ID : CVE-2019-17026 CVE-2019-17024 CVE-2019-17022
CVE-2019-17017 CVE-2019-17016

Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of…

Package : wordpress
CVE ID : CVE-2019-16217 CVE-2019-16218 CVE-2019-16219 CVE-2019-16220
CVE-2019-16221 CVE-2019-16222 CVE-2019-16223 CVE-2019-16780
CVE-2019-16781 CVE-2019-17669 CVE-2019-17671 CVE-2019-17672
CVE-2019-17673 CVE-2019-17674…

Package : python-django
CVE ID : CVE-2019-19844
Debian Bug : 946937

Simon Charette reported that the password reset functionality in Django, a high-level Python web development framework, uses a Unicode case-insensitive query to retrieve…

Package : netty
CVE ID : CVE-2019-16869
Debian Bug : 941266

It was reported that Netty, a Java NIO client/server framework, is prone to a HTTP request smuggling vulnerability due to mishandling whitespace before the colon in HTTP headers.…

Package : tomcat8
CVE ID : CVE-2018-8014 CVE-2018-11784 CVE-2019-0199 CVE-2019-0221
CVE-2019-12418 CVE-2019-17563

Several issues were discovered in the Tomcat servlet and JSP engine, which could result in session fixation attacks, information…

Package : debian-lan-config
CVE ID : CVE-2019-3467
Debian Bug : 947459

It was discovered that debian-lan-config, a FAI config space for the Debian-LAN system, configured too permissive ACLs for the Kerberos admin server, which allowed…

Package : openssl1.0
CVE ID : CVE-2019-1551

Guido Vranken discovered an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli.

For the oldstable distribution (stretch), this problem has been fixed…

Package : freeimage
CVE ID : CVE-2019-12211 CVE-2019-12213
Debian Bug : 929597

It was found that freeimage, a graphics library, was affected by the following two security issues:

CVE-2019-12211

Heap buffer overflow caused by invalid memcpy…

Package : mediawiki
CVE ID : CVE-2019-19709

It was discovered that the Title blacklist functionality in MediaWiki, a website engine for collaborative work, could by bypassed.

For the oldstable distribution (stretch), this problem has been…

Package : cyrus-sasl2
CVE ID : CVE-2019-19906
Debian Bug : 947043

Stephan Zeisberg reported an out-of-bounds write vulnerability in the
_sasl_add_string() function in cyrus-sasl2, a library implementing the Simple Authentication and…

Package : cyrus-imapd
CVE ID : CVE-2019-19783

It was discovered that the lmtpd component of the Cyrus IMAP server created mailboxes with administrator privileges if the "fileinto" was used, bypassing ACL checks.

For the oldstable distribution…

Package : debian-edu-config
CVE ID : CVE-2019-3467
Debian Bug : 946797

It was discovered that debian-edu-config, a set of configuration files used for the Debian Edu blend, configured too permissive ACLs for the Kerberos admin server,…