Letzte Aktivitäten

Package : thunderbird CVE ID : CVE-2025-14327 CVE-2026-0877 CVE-2026-0878 CVE-2026-0879 CVE-2026-0880 CVE-2026-0882 CVE-2026-0883 CVE-2026-0884 CVE-2026-0885 CVE-2026-0886 CVE-2026-0887 CVE-2026-0890 CVE-2026-0891 Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code. For the oldstable distribution (bookworm), these problems have been fixed in version 1:140.7.0esr-1~deb12u1. For the stable distribution…

Package : python-urllib3 CVE ID : CVE-2025-50181 CVE-2025-66418 CVE-2026-21441 Debian Bug : 1108076 1122030 1125062 Several vulnerabilities were discovered in python-urllib3, a HTTP library with thread-safe connection pooling for Python3, which could result in denial of service or request forgery. For the oldstable distribution (bookworm), these problems have been fixed in version 1.26.12-1+deb12u2. For the stable distribution (trixie), these problems have been…

Package : firefox-esr CVE ID : CVE-2025-14327 CVE-2026-0877 CVE-2026-0878 CVE-2026-0879 CVE-2026-0880 CVE-2026-0882 CVE-2026-0883 CVE-2026-0884 CVE-2026-0885 CVE-2026-0886 CVE-2026-0887 CVE-2026-0890 CVE-2026-0891 Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, sandbox escape, information disclosure or spoofing. For the oldstable distribution (bookworm), these problems have…

Package : chromium CVE ID : CVE-2026-0899 CVE-2026-0900 CVE-2026-0901 CVE-2026-0902 CVE-2026-0903 CVE-2026-0904 CVE-2026-0905 CVE-2026-0906 CVE-2026-0907 CVE-2026-0908 Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. For the oldstable distribution (bookworm), these problems have been fixed in version 144.0.7559.59-1~deb12u1. For the stable distribution (trixie), these…

Package : python-parsl CVE ID : CVE-2026-21892 Viral Vaghela discovered an SQL injection vulnerability in Parsl, a parallel scripting library for Python. For the stable distribution (trixie), this problem has been fixed in version 2025.01.13+ds-1+deb13u1. We recommend that you upgrade your python-parsl packages. For the detailed security status of python-parsl please refer to its security tracker page at: https://security-tracker.debian.org/tracker/python-parsl…

Package : net-snmp CVE ID : CVE-2025-68615 Debian Bug : 1123861 A vulnerability was discovered in the snmptrapd daemon in net-snmp, a suite of Simple Network Management Protocol applications, which could result in denial of service or the execution of arbitrary code. For the oldstable distribution (bookworm), this problem has been fixed in version 5.9.3+dfsg-2+deb12u1. For the stable distribution (trixie), this problem has been fixed in version…

Package : chromium CVE ID : CVE-2026-0628 A security issue was discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. For the oldstable distribution (bookworm), this problem has been fixed in version 143.0.7499.192-1~deb12u1. For the stable distribution (trixie), this problem has been fixed in version 143.0.7499.192-1~deb13u1. We recommend that you upgrade your chromium packages. For the detailed…

Package : vlc CVE ID : not yet available Multiple vulnerabilities were discovered in the VLC media player, which could result in denial of service or potentially the execution of arbitrary code if a malformed video file is opened. For the oldstable distribution (bookworm), this problem has been fixed in version 3.0.23-0+deb12u1. For the stable distribution (trixie), this problem has been fixed in version 3.0.23-0+deb13u1. We recommend that you upgrade your vlc…

Package : foomuuri CVE ID : CVE-2025-67603 CVE-2025-67858 Matthias Gerstner discovered two vulnerabilities in the Foomuuri firewall generator, which could result in tampering of the firewall configuration by unauthorised users. For the stable distribution (trixie), these problems have been fixed in version 0.27-2+deb13u1. We recommend that you upgrade your foomuuri packages. For the detailed security status of foomuuri please refer to its security tracker page at:…

Package : libsodium CVE ID : CVE-2025-69277 It was discovered that the crypto_core_ed25519_is_valid_point() function of the Sodium cryptography library mishandled checks for valid elliptic curve points. For the oldstable distribution (bookworm), this problem has been fixed in version 1.0.18-1+deb12u1. For the stable distribution (trixie), this problem has been fixed in version 1.0.18-1+deb13u1. We recommend that you upgrade your libsodium packages. For the…

Package : gimp CVE ID : CVE-2025-14422 CVE-2025-14424 CVE-2025-14425 Several vulnerabilities were discovered in GIMP, the GNU Image Manipulation Program, which could result in denial of service or potentially the execution of arbitrary code if malformed XCF, JPEG 2000 or PNM files are opened. For the oldstable distribution (bookworm), these problems have been fixed in version 2.10.34-1+deb12u6. For the stable distribution (trixie), these problems have been fixed in…

Package : smb4k CVE ID : CVE-2025-66002 CVE-2025-66003 Debian Bug : 1122381 Two vulnerabilities were discovered in smb4k, a KDE desktop utility which allows unprivileged mounting of Samba/CIFS network shares, which may result in local denial of service or local privilege escalation. For the stable distribution (trixie), these problems have been fixed in version 4.0.0-1+deb13u1. We recommend that you upgrade your smb4k packages. For the detailed security status…

Package : rails CVE ID : CVE-2025-24293 CVE-2025-55193 Multiple security issues were discovered in the Rails web framework which could result in command injection or logging of unescaped ANSI sequences. For the oldstable distribution (bookworm), these problems have been fixed in version 2:6.1.7.10+dfsg-1~deb12u2. For the stable distribution (trixie), these problems have been fixed in version 2:7.2.2.2+dfsg-2~deb13u1. We recommend that you upgrade your rails…

Package : wordpress CVE ID : CVE-2025-58246 CVE-2025-58674 Multiple security issues were discovered in the WordPress blogging tool, which could result in cross-site scripting or information disclosure. For the stable distribution (trixie), these problems have been fixed in version 6.8.3+dfsg1-0+deb13u1. We recommend that you upgrade your wordpress packages. For the detailed security status of wordpress please refer to its security tracker page at:…

Package : chromium CVE ID : CVE-2025-14765 CVE-2025-14766 Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. For the oldstable distribution (bookworm), these problems have been fixed in version 143.0.7499.169-1~deb12u1. For the stable distribution (trixie), these problems have been fixed in version 143.0.7499.169-1~deb13u1. We recommend that you upgrade your chromium…

Package : php8.4 CVE ID : CVE-2025-14177 CVE-2025-14178 CVE-2025-14180 Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in denial of service or memory disclosure. For the stable distribution (trixie), these problems have been fixed in version 8.4.16-1~deb13u1. We recommend that you upgrade your php8.4 packages. For the detailed security status of php8.4 please refer to its security tracker…

Package : roundcube CVE ID : CVE-2025-68460 CVE-2025-68461 Debian Bug : 1122899 It was discovered that roundcube, a skinnable AJAX based webmail solution for IMAP servers, is prone to a cross-site scripting vulnerability via the animate tag in an SVG document and a information disclosure vulnerability in the HTML style sanitizer. For the oldstable distribution (bookworm), these problems have been fixed in version 1.6.5+dfsg-1+deb12u6. For the stable distribution…

Package : dropbear CVE ID : CVE-2025-14282 "Turistu" discovered that incorrect permission handling in the Dropbear SSH server could result in privilege escalation. The oldstable distribution (bookworm) is not affected. For the stable distribution (trixie), this problem has been fixed in version 2025.89-1~deb13u1. We recommend that you upgrade your dropbear packages. For the detailed security status of dropbear please refer to its security tracker page at:…

Package : mediawiki CVE ID : CVE-2025-11173 CVE-2025-11261 CVE-2025-61635 CVE-2025-61638 CVE-2025-61639 CVE-2025-61640 CVE-2025-61641 CVE-2025-61643 CVE-2025-61646 CVE-2025-61653 CVE-2025-61655 CVE-2025-61656 CVE-2025-67475 CVE-2025-67478 CVE-2025-67479 CVE-2025-67480 CVE-2025-67481 CVE-2025-67482 CVE-2025-67484 CVE-2025-67483 CVE-2025-67477 CVE-2025-61657 CVE-2025-61654 CVE-2025-61652 CVE-2025-61642 CVE-2025-61637 CVE-2025-61636 CVE-2025-61634 CVE-2025-11175 Multiple…

Package : c-ares CVE ID : CVE-2025-62408 It was discovered that c-ares, a library that performs DNS requests and name resolution asynchronously, does not properly handle termination of queries which may result in denial of service. For the stable distribution (trixie), this problem has been fixed in version 1.34.5-1+deb13u1. We recommend that you upgrade your c-ares packages. For the detailed security status of c-ares please refer to its security tracker page at:…