Letzte Aktivitäten

Package : openssl
Debian Bug : 941987

The update for openssl released as DSA 4539-1 introduced a regression where AES-CBC-HMAC-SHA ciphers were not enabled. Updated openssl packages are now available to correct this issue.

For the stable…

Package : openssh
Debian Bug : 941663

A change introduced in openssl 1.1.1d (which got released as DSA 4539-1) requires sandboxing features which are not available in Linux kernels before 3.19, resulting in OpenSSH rejecting connection…

Package : jackson-databind
CVE ID : CVE-2019-12384 CVE-2019-14439 CVE-2019-14540 CVE-2019-16335
CVE-2019-16942 CVE-2019-16943
Debian Bug : 941530 940498 933393 930750

It was discovered that jackson-databind, a Java library used to…

Package : libapreq2
CVE ID : CVE-2019-12412
Debian Bug : 939937

Max Kellermann reported a NULL pointer dereference flaw in libapreq2, a generic Apache request library, allowing a remote attacker to cause a denial of service against…

Package : subversion
Debian Bug : 936034

The security fixes for the HTTP/2 code in Apache 2 shipped in DSA 4509 unveiled a bug in Subversion which caused a regression in mod_dav_svn when used with HTTP/2.

For the oldstable distribution…

Package : openssl1.0
CVE ID : CVE-2019-1547 CVE-2019-1563

Two security issues were discovered in OpenSSL: A timing attack against ECDSA and a padding oracle in PKCS7_dataDecode() and CMS_decrypt_set1_pkey().

For the oldstable…

Package : openssl
CVE ID : CVE-2019-1547 CVE-2019-1549 CVE-2019-1563

Three security issues were discovered in OpenSSL: A timing attack against ECDSA, a padding oracle in PKCS7_dataDecode() and CMS_decrypt_set1_pkey() and it was…

Package : wpa
CVE ID : CVE-2019-13377 CVE-2019-16275
Debian Bug : 934180 940080

Two vulnerabilities were found in the WPA protocol implementation found in wpa_supplication (station) and hostapd (access point).

CVE-2019-13377

A…

Package : file-roller
CVE ID : CVE-2019-16680

It was discovered that file-roller, an archive manager for GNOME, does not properly handle the extraction of archives with a single ./../ in a file path. An attacker able to provide a…

Package : exim4
CVE ID : CVE-2019-16928

A buffer overflow flaw was discovered in Exim, a mail transport agent. A remote attacker can take advantage of this flaw to cause a denial of service, or potentially the execution of arbitrary…

Package : e2fsprogs
CVE ID : CVE-2019-5094
Debian Bug : 941139

Lilith of Cisco Talos discovered a buffer overflow flaw in the quota code used by e2fsck from the ext2/ext3/ext4 file system utilities.
Running e2fsck on a malformed file…

Package : golang-1.11
CVE ID : CVE-2019-16276

It was discovered that the Go programming language did accept and normalize invalid HTTP/1.1 headers with a space before the colon, which could lead to filter bypasses or request smuggling in…

Package : lemonldap-ng
CVE ID : CVE-2019-15941

It was discovered that the Lemonldap::NG web SSO system did not restrict OIDC authorization codes to the relying party.

For the stable distribution (buster), this problem has been fixed in…

Package : spip
CVE ID : CVE-2019-16391 CVE-2019-16392 CVE-2019-16393 CVE-2019-16394

It was discovered that SPIP, a website engine for publishing, would allow unauthenticated users to modify published content and write to the database,…

Package : linux
CVE ID : CVE-2019-14821 CVE-2019-14835 CVE-2019-15117 CVE-2019-15118
CVE-2019-15902

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or…

Package : expat
CVE ID : CVE-2019-15903
Debian Bug : 939394

It was discovered that Expat, an XML parsing C library, did not properly handled internal entities closing the doctype, potentially resulting in denial of service or…

Package : php7.0
CVE ID : CVE-2019-11034 CVE-2019-11035 CVE-2019-11036 CVE-2019-11038
CVE-2019-11039 CVE-2019-11040 CVE-2019-11041 CVE-2019-11042

Multiple security issues were found in PHP, a widely-used open source general purpose…

Package : bird
CVE ID : CVE-2019-16159

Daniel McCarney discovered that the BIRD internet routing daemon incorrectly validated RFC 8203 messages in it's BGP daemon, resulting in a stack buffer overflow.

For the stable distribution…

Package : php7.3
CVE ID : CVE-2019-11036 CVE-2019-11039 CVE-2019-11040 CVE-2019-11041
CVE-2019-11042

Multiple security issues were found in PHP, a widely-used open source general purpose scripting language: Missing sanitising in the EXIF…

Package : opendmarc
CVE ID : CVE-2019-16378
Debian Bug : 940081

It was discovered that OpenDMARC, a milter implementation of DMARC, is prone to a signature-bypass vulnerability with multiple From: addresses.

For the oldstable…