Letzte Aktivitäten

Package : libvpx
CVE ID : CVE-2019-9232 CVE-2019-9325 CVE-2019-9433 CVE-2019-9371

Multiple security issues were found in libvpx multimedia library which could result in denial of service and potentially the execution of arbitrary code if…

Package : haproxy
CVE ID : CVE-2019-19330

Tim Düsterhus discovered that haproxy, a TCP/HTTP reverse proxy, did not properly sanitize HTTP headers when converting from HTTP/2 to HTTP/1. This would allow a remote user to perform CRLF…

Package : php-imagick
CVE ID : CVE-2019-11037
Debian Bug : 928420

An out-of-bounds write vulnerability was discovered in php-imagick, a PHP extension to create and modify images using the ImageMagick API, which could result in denial of…

Package : chromium
CVE ID : CVE-2019-13723 CVE-2019-13724

Several vulnerabilities have been discovered in the chromium web browser.

CVE-2019-13723

Yuxiang Li discovered a use-after-free issue in the bluetooth service.

CVE-2019-13724

Yuxiang Li…

Package : enigmail

DSA 4571-1 updated Thunderbird to the 68.x series, which is incompatible with the Enigmail release shipped in Debian Buster.

For the stable distribution (buster), this problem has been fixed in version 2:2.1.3+ds1-4~deb10u2.

We…

Package : symfony
CVE ID : CVE-2019-18887 CVE-2019-18888 CVE-2019-18889

Multiple vulnerabilities have been found in the Symfony PHP framework which could lead to a timing attack/information leak, argument injection and code execution via…

Package : slurm-llnl
CVE ID : CVE-2019-12838

It was discovered in the Simple Linux Utility for Resource Management (SLURM), a cluster resource management and job scheduling system did not escape strings when importing an archive file…

Package : thunderbird
CVE ID : CVE-2019-15903 CVE-2019-11764 CVE-2019-11763
CVE-2019-11762 CVE-2019-11761 CVE-2019-11760
CVE-2019-11759 CVE-2019-11757 CVE-2019-11755

Multiple security issues have been found in Thunderbird which could…

Package : mosquitto
CVE ID : CVE-2019-11779
Debian Bug : 940654

A vulnerability was discovered in mosquitto, a MQTT version 3.1/3.1.1 compatible message broker, allowing a malicious MQTT client to cause a denial of service (stack…

Package : ghostscript
CVE ID : CVE-2019-14869

Manfred Paul and Lukas Schauer reported that the .charkeys procedure in Ghostscript, the GPL PostScript/PDF interpreter, does not properly restrict privileged calls, which could result in…

Package : postgresql-common
CVE ID : CVE-2019-3466

Rich Mirch discovered that the pg_ctlcluster script didn't drop privileges when creating socket/statistics temporary directories, which could result in local privilege escalation.

For…

Package : webkit2gtk
CVE ID : CVE-2019-8812 CVE-2019-8814

These vulnerabilities have been discovered in the webkit2gtk web engine:

CVE-2019-8812

An anonymous researcher discovered that maliciously crafted web
content may lead to…

Package : dpdk
CVE ID : CVE-2019-14818

It was discovered that the vhost PMD in DPDK, a set of libraries for fast packet processing, was affected by memory and file descriptor leaks which could result in denial of service.

For the…

Package : qemu
Debian Bug : 944623

This update for QEMU, a fast processor emulator, backports support to passthrough the pschange-mc-no CPU flag. The virtualised MSR seen by a guest is set to show the bug as fixed, allowing to disable iTLB…

Package : intel-microcode
CVE ID : CVE-2019-11135 CVE-2019-11139

This update ships updated CPU microcode for some types of Intel CPUs. In particular it provides mitigations for the TAA (TSX Asynchronous Abort) vulnerability. For affected…

Package : linux
CVE ID : CVE-2018-12207 CVE-2019-0154 CVE-2019-0155 CVE-2019-11135

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service, or information leak.

…

Package : chromium
CVE ID : CVE-2019-5869 CVE-2019-5870 CVE-2019-5871 CVE-2019-5872
CVE-2019-5874 CVE-2019-5875 CVE-2019-5876 CVE-2019-5877
CVE-2019-5878 CVE-2019-5879 CVE-2019-5880 CVE-2019-13659
CVE-2019-13660 CVE-2019-13661…

Package : fribidi
CVE ID : CVE-2019-18397
Debian Bug : 944327

Alex Murray discovered a stack-based buffer overflow vulnerability in fribidi, an implementation of the Unicode Bidirectional Algorithm algorithm, which could result in…

Package : simplesamlphp
CVE ID : CVE-2019-3465
Debian Bug : 944107

It was discovered that in SimpleSAMLphp, an implementation of the SAML 2.0 protocol, it was possible to circumvent XML signature verification on SAML messages.

For…

Package : proftpd-dfsg
CVE ID : CVE-2019-18217
Debian Bug : 942831

Stephan Zeisberg discovered that missing input validation in ProFTPD, a FTP/SFTP/FTPS server, could result in denial of service via an infinite loop.

For the…