Letzte Aktivitäten

Package : perl CVE ID : CVE-2024-56406 Nathan Mills discovered a heap-based buffer overflow vulnerability in the implementation of the Perl programming language when transliterating non-ASCII bytes with tr///, which may result in denial of service, or potentially the execution of arbitrary code. For the stable distribution (bookworm), this problem has been fixed in version 5.36.0-7+deb12u2. We recommend that you upgrade your perl packages. For the detailed security…

Package : mediawiki CVE ID : CVE-2025-3469 CVE-2025-32696 CVE-2025-32697 CVE-2025-32698 CVE-2025-32699 CVE-2025-32700 Multiple security issues were discovered in MediaWiki, a website engine for collaborative work, which could result in information disclosure, cross-site scripting or restriction bypass. For the stable distribution (bookworm), these problems have been fixed in version 1:1.39.12-1~deb12u1. We recommend that you upgrade your mediawiki packages. For the…

Package : linux CVE ID : CVE-2023-52857 CVE-2023-52927 CVE-2024-24855 CVE-2024-26656 CVE-2024-26767 CVE-2024-26982 CVE-2024-27056 CVE-2024-35866 CVE-2024-38611 CVE-2024-40973 CVE-2024-42129 CVE-2024-43831 CVE-2024-46772 CVE-2024-47753 CVE-2024-47754 CVE-2024-50056 CVE-2024-50246 CVE-2024-53166 CVE-2024-57977 CVE-2024-58002 CVE-2024-58005 CVE-2024-58079 CVE-2024-58090 CVE-2025-21702 CVE-2025-21712 CVE-2025-21721 CVE-2025-21756 CVE-2025-21838 CVE-2025-21844 CVE-2025-21846…

Package : webkit2gtk CVE ID : CVE-2024-54551 CVE-2025-24208 CVE-2025-24209 CVE-2025-24213 CVE-2025-24216 CVE-2025-24264 CVE-2025-30427 The following vulnerabilities have been discovered in the WebKitGTK web engine: CVE-2024-54551 ajajfxhj discovered that processing web content may lead to a denial-of-service. CVE-2025-24208 Muhammad Zaid Ghifari and Kalimantan Utara discovered that loading a malicious iframe may lead to a cross-site scripting attack.…

Package : chromium CVE ID : CVE-2025-3066 Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. For the stable distribution (bookworm), this problem has been fixed in version 135.0.7049.84-1~deb12u1. We recommend that you upgrade your chromium packages. For the detailed security status of chromium please refer to its security tracker page at:…

Package : lemonldap-ng CVE ID : CVE-2025-31510 A cross-site scripting vulnerability has been discovered in Lemonldap::NG, a Web-SSO system compatible with OpenID-Connect, CAS and SAML, when using the "Choice" module: It permits to introduce HTML code into the login page and if the default Content-Security-Policy headers have been modified, it may be possible to inject JavaScript code. For the stable distribution (bookworm), this problem has been fixed in version…

Package : trafficserver CVE ID : CVE-2024-38311 CVE-2024-38479 CVE-2024-50305 CVE-2024-50306 CVE-2024-56195 CVE-2024-56202 Several vulnerabilities were discovered in Apache Traffic Server, a reverse and forward proxy server, which could result in denial of service, HTTP request smuggling, cache poisoning or incomplete dropping of privileges. For the stable distribution (bookworm), these problems have been fixed in version 9.2.5+ds-0+deb12u2. We recommend that you…

Package : xz-utils CVE ID : CVE-2025-31115 Harri K. Koskinen discovered a flaw in the multithreaded .xz decoder lzma_stream_decoder_mt in xz-utils, the XZ-format compression utilities, which may lead to denial of service (application crash) or the execution of arbitrary code. For the stable distribution (bookworm), this problem has been fixed in version 5.4.1-1. We recommend that you upgrade your xz-utils packages. For the detailed security status of xz-utils please…

Package : jetty9 CVE ID : CVE-2024-6762 CVE-2024-8184 CVE-2024-9823 Debian Bug : 1085697 Jetty 9 is a Java based web server and servlet engine. Several security vulnerabilities have been discovered which may allow remote attackers to cause a denial of service by repeatedly sending crafted requests which can trigger OutofMemory errors and exhaust the server's memory. CVE-2024-6762: In addition PushSessionCacheFilter and PushCacheFilter have been deprecated. These…

Package : tomcat10 CVE ID : CVE-2025-24813 A security vulnerability was found in Tomcat 10, a Java based web server and servlet engine. A malicious user was able to view security sensitive files and/or inject content into those files when writes were enabled for the default servlet (disabled by default) and support for partial PUT was enabled (default). Under certain circumstances, depending on the application in use, remote code execution may have been possible. For the…

Package : atop CVE ID : CVE-2025-31160 It was discovered that Atop, a monitor tool for system resources and process activity, always tried to connect to the port of atopgpud (an additional daemon gathering GPU statistics not shipped in Debian) while performing insufficient sanitising of the data read from this port. With this update, additional validation is added and by default atop no longer tries to connect to the atopgpud daemon port unless explicitly enabled via -k.…

Package : thunderbird CVE ID : CVE-2025-3028 CVE-2025-3029 CVE-2025-3030 Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code. For the stable distribution (bookworm), these problems have been fixed in version 1:128.9.0esr-1~deb12u1. We recommend that you upgrade your thunderbird packages. For the detailed security status of thunderbird please refer to its security tracker page at:…

Package : chromium CVE ID : CVE-2025-3066 CVE-2025-3067 CVE-2025-3068 CVE-2025-3069 CVE-2025-3070 CVE-2025-3071 CVE-2025-3072 CVE-2025-3073 CVE-2025-3074 Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. For the stable distribution (bookworm), these problems have been fixed in version 135.0.7049.52-1~deb12u1. We recommend that you upgrade your chromium packages. For the…

Package : firefox-esr CVE ID : CVE-2025-3028 CVE-2025-3029 CVE-2025-3030 Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or spoofing. For the stable distribution (bookworm), these problems have been fixed in version 128.9.0esr-1~deb12u1. We recommend that you upgrade your firefox-esr packages. For the detailed security status of firefox-esr please refer to its security…

Package : ghostscript CVE ID : CVE-2025-27830 CVE-2025-27831 CVE-2025-27832 CVE-2025-27833 CVE-2025-27834 CVE-2025-27835 CVE-2025-27836 Multiple security issues were discovered in Ghostscript, the GPL PostScript/PDF interpreter, which could result in denial of service and potentially the execution of arbitrary code if malformed document files are processed. For the stable distribution (bookworm), these problems have been fixed in version 10.0.0~dfsg-11+deb12u7. We…

Package : exim4 CVE ID : CVE-2025-30232 It was discovered that a use-after-free vulnerability in Exim4, a mail transport agent, may result in privilege escalation for a local attacker. For the stable distribution (bookworm), this problem has been fixed in version 4.96-15+deb12u7. We recommend that you upgrade your exim4 packages. For the detailed security status of exim4 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/exim4…

Package : ruby-rack CVE ID : CVE-2025-25184 CVE-2025-27111 CVE-2025-27610 Multiple security issues were found in Rack, an interface for developing web applications in Ruby, which could result in log injection or information disclosure. For the stable distribution (bookworm), these problems have been fixed in version 2.2.13-1~deb12u1. We recommend that you upgrade your ruby-rack packages. For the detailed security status of ruby-rack please refer to its security…

Package : webkit2gtk CVE ID : CVE-2024-44192 CVE-2024-54467 CVE-2025-24201 The following vulnerabilities have been discovered in the WebKitGTK web engine: CVE-2024-44192 Tashita Software Security discovered that processing maliciously crafted web content may lead to an unexpected process crash. CVE-2024-54467 Narendra Bhati discovered that a malicious website may exfiltrate data cross-origin. CVE-2025-24201 Apple discovered that maliciously crafted web…

Package : libxslt CVE ID : CVE-2024-55549 CVE-2025-24855 Debian Bug : 1100565 1100566 Ivan Fratric discovered two use-after-free vulnerabilities in libxslt, an XSLT processing runtime library, which may result in the execution of arbitrary code if a specially crafted files are processed. For the stable distribution (bookworm), these problems have been fixed in version 1.1.35-1+deb12u1. We recommend that you upgrade your libxslt packages. For the detailed…