Package : libvpx
CVE ID : CVE-2019-9232 CVE-2019-9325 CVE-2019-9433 CVE-2019-9371
Multiple security issues were found in libvpx multimedia library which could result in denial of service and potentially the execution of arbitrary code if…
Package : haproxy
CVE ID : CVE-2019-19330
Tim Düsterhus discovered that haproxy, a TCP/HTTP reverse proxy, did not properly sanitize HTTP headers when converting from HTTP/2 to HTTP/1. This would allow a remote user to perform CRLF…
Package : php-imagick
CVE ID : CVE-2019-11037
Debian Bug : 928420
An out-of-bounds write vulnerability was discovered in php-imagick, a PHP extension to create and modify images using the ImageMagick API, which could result in denial of…
Package : chromium
CVE ID : CVE-2019-13723 CVE-2019-13724
Several vulnerabilities have been discovered in the chromium web browser.
Yuxiang Li discovered a use-after-free issue in the bluetooth service.
Package : enigmail
DSA 4571-1 updated Thunderbird to the 68.x series, which is incompatible with the Enigmail release shipped in Debian Buster.
For the stable distribution (buster), this problem has been fixed in version 2:2.1.3+ds1-4~deb10u2.
Package : symfony
CVE ID : CVE-2019-18887 CVE-2019-18888 CVE-2019-18889
Multiple vulnerabilities have been found in the Symfony PHP framework which could lead to a timing attack/information leak, argument injection and code execution via…
Package : slurm-llnl
CVE ID : CVE-2019-12838
It was discovered in the Simple Linux Utility for Resource Management (SLURM), a cluster resource management and job scheduling system did not escape strings when importing an archive file…
Package : thunderbird
CVE ID : CVE-2019-15903 CVE-2019-11764 CVE-2019-11763
CVE-2019-11762 CVE-2019-11761 CVE-2019-11760
CVE-2019-11759 CVE-2019-11757 CVE-2019-11755
Multiple security issues have been found in Thunderbird which could…
Package : mosquitto
CVE ID : CVE-2019-11779
Debian Bug : 940654
A vulnerability was discovered in mosquitto, a MQTT version 3.1/3.1.1 compatible message broker, allowing a malicious MQTT client to cause a denial of service (stack…
Package : ghostscript
CVE ID : CVE-2019-14869
Manfred Paul and Lukas Schauer reported that the .charkeys procedure in Ghostscript, the GPL PostScript/PDF interpreter, does not properly restrict privileged calls, which could result in…
Package : postgresql-common
CVE ID : CVE-2019-3466
Rich Mirch discovered that the pg_ctlcluster script didn't drop privileges when creating socket/statistics temporary directories, which could result in local privilege escalation.
Package : webkit2gtk
CVE ID : CVE-2019-8812 CVE-2019-8814
These vulnerabilities have been discovered in the webkit2gtk web engine:
An anonymous researcher discovered that maliciously crafted web
content may lead to…
Package : dpdk
CVE ID : CVE-2019-14818
It was discovered that the vhost PMD in DPDK, a set of libraries for fast packet processing, was affected by memory and file descriptor leaks which could result in denial of service.
Package : qemu
Debian Bug : 944623
This update for QEMU, a fast processor emulator, backports support to passthrough the pschange-mc-no CPU flag. The virtualised MSR seen by a guest is set to show the bug as fixed, allowing to disable iTLB…
Package : intel-microcode
CVE ID : CVE-2019-11135 CVE-2019-11139
This update ships updated CPU microcode for some types of Intel CPUs. In particular it provides mitigations for the TAA (TSX Asynchronous Abort) vulnerability. For affected…
Package : linux
CVE ID : CVE-2018-12207 CVE-2019-0154 CVE-2019-0155 CVE-2019-11135
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service, or information leak.
Package : chromium
CVE ID : CVE-2019-5869 CVE-2019-5870 CVE-2019-5871 CVE-2019-5872
CVE-2019-5874 CVE-2019-5875 CVE-2019-5876 CVE-2019-5877
CVE-2019-5878 CVE-2019-5879 CVE-2019-5880 CVE-2019-13659
Package : fribidi
CVE ID : CVE-2019-18397
Debian Bug : 944327
Alex Murray discovered a stack-based buffer overflow vulnerability in fribidi, an implementation of the Unicode Bidirectional Algorithm algorithm, which could result in…
Package : simplesamlphp
CVE ID : CVE-2019-3465
Debian Bug : 944107
It was discovered that in SimpleSAMLphp, an implementation of the SAML 2.0 protocol, it was possible to circumvent XML signature verification on SAML messages.
Package : proftpd-dfsg
CVE ID : CVE-2019-18217
Debian Bug : 942831
Stephan Zeisberg discovered that missing input validation in ProFTPD, a FTP/SFTP/FTPS server, could result in denial of service via an infinite loop.