Debian Linux Security Advisory 5705-1 - A use-after-free was discovered in tinyproxy, a lightweight, non-caching, optionally anonymizing HTTP proxy, which could result in denial of service.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5705-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffJune 05, 2024                         https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : tinyproxyCVE ID         : CVE-2023-49606A use-after-free was discovered in tinyproxy, a lightweight, non-caching,optionally anonymizing HTTP proxy, which could result in denial ofservice.For the stable distribution (bookworm), this problem has been fixed inversion 1.11.1-2.1+deb12u1.We recommend that you upgrade your tinyproxy packages.For the detailed security status of tinyproxy please refer toits security tracker page at:https://security-tracker.debian.org/tracker/tinyproxyFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmZgtJsACgkQEMKTtsN8TjayjxAAv/O9LSl0hdPmdVluYepX1yso5nf8Qb42rSVNPfLegsy1gr/Q1NVPJjuy471IezOPl6u/g8mg+3UquD6sRs5Q9vFc6seFWybo3TenVNNA2SMClwRAjJeuCWVWlEfAIpw0VTMpVh7cWqFuBBCOLJ0CMLXab/cXGib65L+jCxnmjTkvm3rXAfDxDec6mF0UG0vQydGS7dBfMN86udhX3KMXQPY1lctG+6r0lhBnLC79+uJPHmfC6Qup18MSbe80nB5pCc4kCk2+mbdGZ4UxnFW5sjKI40i9WAmw+7QRzunA6dgvqX6K9NINh3vrol9yWcGMNVhdaw2OY1q37tlqc2DZmv6dUD3uQJ8QN7JKVjep+uukgzk99sLkgm6WGxq815bQ1ExdFybxz+x4ixwJN5CoHlD9SjUONunPSq95wqYvkpMcmqDI2DMu3yRBOm7mOf9wePUnAFoqkQv3hUXX5VNfjnVPSYTh0ewNsj1mUv69flJBt9pmAQSuB24n5SnnK4sRIQcVo/extDxtmLSNYqrKcM8FRD0mCGBv1CqyLHnYo9fLHdGzscO3GwzFFYBoH3Z6mVBpIICctWml0Sn5H1jr7/pu9pDmfmTGlJdyteW/XJLLtwLgu23CsFGWdcwTQPn8Uw21+qoFgullC94vsyvLjvn9yzTG59A0A6f5U9wODF0==euKq-----END PGP SIGNATURE-----

Debian Security Advisory 5705-1

Debian Linux Security Advisory 5704-1 - Multiple security issues were discovered in Pillow, a Python imaging library, which could result in denial of service or the execution of arbitrary code if malformed images are processed.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5704-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffJune 05, 2024                         https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : pillowCVE ID         : CVE-2023-44271 CVE-2023-50447 CVE-2024-28219Multiple security issues were discovered in Pillow, a Python imaginglibrary, which could result in denial of service or the execution ofarbitrary code if malformed images are processed.For the oldstable distribution (bullseye), these problems have been fixedin version 8.1.2+dfsg-0.3+deb11u2.For the stable distribution (bookworm), these problems have been fixed inversion 9.4.0-1.1+deb12u1.We recommend that you upgrade your pillow packages.For the detailed security status of pillow please refer toits security tracker page at:https://security-tracker.debian.org/tracker/pillowFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmZgtJUACgkQEMKTtsN8TjZpSw//Ya0Ju4SEXNXTdbLtSMkJ/Mw76ooJgrvI3GaLSarant6LcK7WzyOnjbCH9YKKPojJCyfa5RwBqphHU97dQ9apYmVRv5GVQdw7tjm+s0Uuu3oRMiE+S8c3FVBnYl6nqiTAeQnGERWAnxH2be4P6p2izWaFgK4cBHY4Q958bivB3ebGgS8DfdtuhiQo8tRdM0PREuF+xwiDb9UTRLqGGVNY+k8orkr7Imecu8IS2PakID4bnBB9AxwJ8hCCbRzNITaCh2c5BvovWNw8LADXH6mhYsnvWy0xlhDp7wrFuJBktzuXXLQuIxRkKcm0QVO65rGFI7vrTMxdtxM7ORdnUa6OMxcOwTEYeQwVcQs4k4J7M3WTtH8rz9Bgtca1DdY9foJw34bXitliJeekBibxoPbiQV+jluJAJOIvLVJ5eVeBKIowCsFmFgQbcHSbCgVA8khMMIcp4XFi3NypH2MkTJvJK+0RqchtaVmVFWoNnbamGoyr9Ml+YZbsLP22kBBXSYw9MYCm8ZPN43owNhPHxD38rSg25hJYJOjVkLHoGZYMNse74xZkEaJpyPXk5WS1QM7qYEcG1RK7a44E6xRXU4rLUfLJWCHPWsLLRTNVbKnm1EQsipbKnS4fGjc59dOD8HfNvRbwSpQ/+w9m3L/QU2F015d69UzgG1piGddGBdzLvdE==oUWM-----END PGP SIGNATURE-----

Debian Security Advisory 5704-1

Debian Linux Security Advisory 5703-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5703-1                   security@debian.org  
https://www.debian.org/security/                     Salvatore Bonaccorso  
June 02, 2024                         https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : linux  
CVE ID         : CVE-2022-48655 CVE-2023-52585 CVE-2023-52882 CVE-2024-26900  
                 CVE-2024-27398 CVE-2024-27399 CVE-2024-27401 CVE-2024-35848  
                 CVE-2024-35947 CVE-2024-36017 CVE-2024-36031 CVE-2024-36883  
                 CVE-2024-36886 CVE-2024-36889 CVE-2024-36902 CVE-2024-36904  
                 CVE-2024-36905 CVE-2024-36916 CVE-2024-36919 CVE-2024-36929  
                 CVE-2024-36933 CVE-2024-36934 CVE-2024-36939 CVE-2024-36940  
                 CVE-2024-36941 CVE-2024-36946 CVE-2024-36950 CVE-2024-36953  
                 CVE-2024-36954 CVE-2024-36957 CVE-2024-36959

Several vulnerabilities have been discovered in the Linux kernel that  
may lead to a privilege escalation, denial of service or information  
leaks.

For the oldstable distribution (bullseye), these problems have been fixed  
in version 5.10.218-1.

We recommend that you upgrade your linux packages.

For the detailed security status of linux please refer to its security  
tracker page at:  
https://security-tracker.debian.org/tracker/linux

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmZcl2BfFIAAAAAALgAo  
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2  
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND  
z0T0Sw//XK7kn+jtJzbA6ZB2hI9ORfNOwOIuFpjc19ZRV1SVQDknnqqbbRn1R+oA  
Dlt8KqymYgIn+Mcqp96+xLfzS2F6dnLQlR/QBW47ve6dpjiVKWm7NxJHQaK7hmS6  
q8glRv5yyJN5AOeNW2YB3+I18/ru/fuTUzspwQLhFd/8E9EIci8yWwT/xL4pOVHP  
Jg65Q/KJ1fUs+OkOkLHs6nMA5UokQ5P55irSdvI6vtOZpvPsmezM8ogQYJD4TU7h  
IxZNt13EfJooNMR8g6p/ddyZNRYQWSKpxUj/QP9D1jMrrvOH6YOvyvElbggpJJBE  
r5eEz4dziCXq8WeZeu2aEJusRZAug7H5wEq2RmR8UyHmkEjYsmufj3kbmzFdQvp1  
GIuT3/BKVqrkMpZNf+1nh1ysVoHe3rA7jBEutUovV/GYMVkvy+mq9tlg2OrIIIwG  
6Hl4gcMZ/bTHMr3BxAO6TZwnxMxcxu2pex1yRbs9KujBsa1aS2u5BbAddu1h141e  
BCSZbwYK/sE12Rl7S7WGEZkSevnmeovvHjPnx9hP0KhOb/lKCFFPP50YIesWfS2H  
NdpT1vCXdueIhCD+Jj1hnYZbHC/WVgjfAl9ghrDDrcDs3qvdEas/nLDI6VH98wew  
8yFyp+3JikYNQP4cIqzRK2eD7q9VtH3WZQqORApB8zqlEfVuxZ4=  
=DCXU  
-----END PGP SIGNATURE-----

Debian Security Advisory 5703-1

Debian Linux Security Advisory 5702-1 - An integer overflow in the EXIF metadata parsing was discovered in the GStreamer media framework, which may result in denial of service or potentially the execution of arbitrary code if a malformed file is processed.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5702-1                   security@debian.orghttps://www.debian.org/security/                     Salvatore BonaccorsoJune 01, 2024                         https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : gst-plugins-base1.0CVE ID         : CVE-2024-4453An integer overflow in the EXIF metadata parsing was discovered in theGStreamer media framework, which may result in denial of service orpotentially the execution of arbitrary code if a malformed file isprocessed.For the oldstable distribution (bullseye), this problem has been fixedin version 1.18.4-2+deb11u2.For the stable distribution (bookworm), this problem has been fixed inversion 1.22.0-3+deb12u2.We recommend that you upgrade your gst-plugins-base1.0 packages.For the detailed security status of gst-plugins-base1.0 please refer toits security tracker page at:https://security-tracker.debian.org/tracker/gst-plugins-base1.0Further information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmZay4pfFIAAAAAALgAoaXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xNDz0RlARAAmIfIncL6OtrDoqmsIdVoAhc3ouI+X6X+GdkTellF4MUxo5e5t7L4AwNCSxLAHqbqEgYRicB4pn6gv8AMBzN1Sn/8i3l8V74Eh93IVaId11hbXPEY4YUM3/MdbHQNf8HYkBxfB0PbkuuIWiZpxRTbI9eyo0TwzzF4r74J2032k3hH5hHA+dbO8RiUl//tv3WYpimyL6xrtxM7duws9r3iloEgUNHC2igJVZ0VRnYfmhIF23euzbcCbOalpufHn7DR5CSbp0y2DMDIjwOu14ZJSvvgKzr1knH2t/zW2TuHnVwbDoSP1KBvpcqe8kaSKcIJZoetxsIv/5wNoVj2IikDUomFO02QPGXIEuMrzYc7ZkX8JC4/+6dgRzKXgFzPXuAU7gHtcmLLfIRnMkg5FVsbJfSUXDaL5tTW5YZ8aSoBUMHn/dNzfJXGn2oE0nVce4cf0JpeTwMFYs9xT7xn0XCU8CggUjODGY11jGowPpgOXnLO3y08tx6iJ34MQPcFSbhFkrRCgWXEhLTF9N0xpnmiYM0VanA3m2zJlBacotOfEG3ipeRrHylMTUun9ATrxXWvVNY5hSSB7eK9X6RBSvRdtDPzJ5gzbk3zlH7MKIIyx6CiI+Zx51I292K36kmi9zmyFBZgnBzPX2Eigp0bNNZlRwOlOFYKwClcdsgO5yvaxX4==f9Uv-----END PGP SIGNATURE-----

Debian Security Advisory 5702-1

Debian Linux Security Advisory 5701-1 - Security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256- -------------------------------------------------------------------------Debian Security Advisory DSA-5701-1                   security@debian.orghttps://www.debian.org/security/                           Andres SalomonMay 31, 2024                          https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : chromiumCVE ID         : CVE-2024-5493 CVE-2024-5494 CVE-2024-5495 CVE-2024-5496                  CVE-2024-5497 CVE-2024-5498 CVE-2024-5499Security issues were discovered in Chromium, which could resultin the execution of arbitrary code, denial of service or informationdisclosure.For the stable distribution (bookworm), these problems have been fixed inversion 125.0.6422.141-1~deb12u1.We recommend that you upgrade your chromium packages.For the detailed security status of chromium please refer toits security tracker page at:https://security-tracker.debian.org/tracker/chromiumFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCAAdFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmZaBlEACgkQZF0CR8NudjcgGA//SPgci/IE8IgkqDwqhd/m2goBVMeCCg3D7pkDZmUPfXaC9wZsAdMi5ner8S+UFUcSc1s9thCNIx7DNsyRa37f18Ou/qaEfu9iY1JAiKg8R23yBEuLqwfFtohV4WjMVhqXu5UBizaz+BrUhHlvgBGkBAVvc1G2ornFNf19LNx1qcxmHdWRqPI7aKqoNKZ0V7V9RfnBC1KzIIA2V8dkhLZ2Kxb/i60KbDbqeIJVTIkHnhmVQ7QxRg/pUEjkzR752P2RHgYk8vlyYTHdv/8M0bPkNrXy07gxvUN5MLJmG9P69u3JDcoabnOoJ2r46HqhZZeUZZFcxiDn9Z9jP8S57HoxC9S4Xk2aZaey5B+/23DfWQLxbeHql24tRXRFMKzStFja7M6KjRVO9Y6xIHjiyQeDMULmV+7rEwC0PonoV2Ts0i0DtaOrtZTN3KGgR5p9eEUcIAP2QkIKKBtKTtvyzoFZL+ZQ8gBTpPdovkrJ86ZGBpy9J1c4oE6yN7Hh9Aw8HWpYC4bM5QPSHBZLZVuM4mgNUB14PVVR8mQAwmy1VXGXkzSWGgsSKl+XlDyqZl4AAgm3PORqw8vJ0xHbPJ5ez/fP2uXprToo4yMBgSEFt64e5n/YWROopfQK3TKTfclIK+96y/oK2GYtn6E0V+L+aloTIF4yA0oWATtTAO5dn7rhD60==UO0f-----END PGP SIGNATURE-----

Debian Security Advisory 5701-1

Ubuntu Security Notice 6802-1 - Lukas Fittl discovered that PostgreSQL incorrectly performed authorization in the built-in pg_stats_ext and pg_stats_ext_exprs views. An unprivileged database user can use this issue to read most common values and other statistics from CREATE STATISTICS commands of other users.

==========================================================================  
Ubuntu Security Notice USN-6802-1  
May 30, 2024

postgresql-14, postgresql-15, postgresql-16 vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS  
- Ubuntu 23.10  
- Ubuntu 22.04 LTS

Summary:

PostgreSQL could be made to expose sensitive information.

Software Description:  
- postgresql-16: Object-relational SQL database  
- postgresql-15: Object-relational SQL database  
- postgresql-14: Object-relational SQL database

Details:

Lukas Fittl discovered that PostgreSQL incorrectly performed authorization  
in the built-in pg_stats_ext and pg_stats_ext_exprs views. An unprivileged  
database user can use this issue to read most common values and other  
statistics from CREATE STATISTICS commands of other users.

NOTE: This update will only fix fresh PostgreSQL installations. Current  
PostgreSQL installations will remain vulnerable to this issue until manual  
steps are performed. Please see the instructions in the changelog located  
at /usr/share/doc/postgresql-*/changelog.Debian.gz after the updated  
packages have been installed, or in the PostgreSQL release notes located  
here:

https://www.postgresql.org/docs/16/release-16-3.html  
https://www.postgresql.org/docs/15/release-15-7.html  
https://www.postgresql.org/docs/14/release-14-12.html

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 24.04 LTS  
   postgresql-16                   16.3-0ubuntu0.24.04.1  
   postgresql-client-16            16.3-0ubuntu0.24.04.1

Ubuntu 23.10  
   postgresql-15                   15.7-0ubuntu0.23.10.1  
   postgresql-client-15            15.7-0ubuntu0.23.10.1

Ubuntu 22.04 LTS  
   postgresql-14                   14.12-0ubuntu0.22.04.1  
   postgresql-client-14            14.12-0ubuntu0.22.04.1

This update uses a new upstream release, which includes additional bug  
fixes. After a standard system update you need to restart PostgreSQL to  
make all the necessary changes, and possibly perform manual steps as  
described above.

References:  
   https://ubuntu.com/security/notices/USN-6802-1  
   CVE-2024-4317

Package Information:  
   https://launchpad.net/ubuntu/+source/postgresql-16/16.3-0ubuntu0.24.04.1  
   https://launchpad.net/ubuntu/+source/postgresql-15/15.7-0ubuntu0.23.10.1  
   https://launchpad.net/ubuntu/+source/postgresql-14/14.12-0ubuntu0.22.04.1

Ubuntu Security Notice USN-6802-1

Due to missing file extensions in $GLOBALS['TYPO3_CONF_VARS']['BE'][‘fileDenyPattern’], backend users are allowed to upload *.phar, *.shtml, *.pl or *.cgi files which can be executed in certain web server setups. A valid backend user account is needed in order to exploit this vulnerability.

Derivatives of Debian GNU Linux are handling *.phar files as PHP applications since PHP 7.1 (for unofficial packages) and PHP 7.2 (for official packages).

The file extension *.shtml is bound to server side includes which are not enabled per default in most common Linux based distributions. File extension *.pl and *.cgi require additional handlers to be configured which is also not the case in most common distributions (except for /cgi-bin/ location).



Skip to content

**Navigation Menu**

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    

*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
*   Pricing

**Provide feedback**

**Saved searches****Use saved searches to filter your results more quickly**

Sign up

1.  GitHub Advisory Database
2.  GitHub Reviewed
3.  GHSA-f9hr-7cfq-mjg2

**TYPO3 Arbitrary Code Execution via File List Module**

High severity GitHub Reviewed Published May 30, 2024 to the GitHub Advisory Database • Updated May 30, 2024

**Package**

composer typo3/cms-core (Composer)

**Affected versions**

\>= 8.0.0, < 8.7.23

\>= 9.0.0, < 9.5.4

**Patched versions**

8.7.23

9.5.4

**Description**

Published to the GitHub Advisory Database

May 30, 2024

Last updated

May 30, 2024

GHSA-f9hr-7cfq-mjg2: TYPO3 Arbitrary Code Execution via File List Module

Debian Linux Security Advisory 5700-1 - An SQL injection was discovered in pymysql, a pure Python MySQL driver.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5700-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffMay 29, 2024                          https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : python-pymysqlCVE ID         : CVE-2024-36039An SQL injection was discovered in pymysql, a pure Python MySQL driver.For the oldstable distribution (bullseye), this problem has been fixedin version 0.9.3-2+deb11u1.For the stable distribution (bookworm), this problem has been fixed inversion 1.0.2-2+deb12u1.We recommend that you upgrade your python-pymysql packages.For the detailed security status of python-pymysql please refer toits security tracker page at:https://security-tracker.debian.org/tracker/python-pymysqlFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmZXZeAACgkQEMKTtsN8TjY9cRAAkMErPcbiz3MnN7NmUuqkG/NmbuUM9smN4WZp8sF6kCsCm9G8M/dSioS+IpZMFUv1DDELh2HtxWjvA+fqMTddY3CxINKmJEiMKPd8I02CjJsq1gArH8VVAaxNFQRyU69RA1hecMcQvR1lEssciddFfkzpe6E1SXK/Mp2JMNWmtpRJNUZ9khhIf4PrthpForQN8EzQs8gJRQ/2rN48TgcAA/bGyS+W5PGJbb+1RjW5H4eaNo1HHgZNwJNcTjkylG9MV7nzC5ThCPb7ycrIadYPV/IAYqnh5qUHQnDDROFvWE1MDdn9cPxGYoDmFk+/Sgxe9HXRE+Dr8/h0vb0tBBSqN6nBG/OBHKT3eKsDJVPt8TWkBuagsCvNFY3a7Unu9NQC6NavUanspOacnY1W65BYHUq/5e/U0cLyZgJcPzaJSKeZHVsHLHLStqbKUCWVBpDxX+5eVd8v3hxGq32H3e71MKqoLV5FzWUzf77qe8SxhWJ+7YSUdYVpVjZXtronaUvPKTub8p2d32dAZOSQYTbeehQpb1pIoVBWNxAOi12xTz8y7qta/DspjF4Tj3ks+9EiKtS7Bzf+jEQmYEI04RxRn/wdHRFhYjwaGsvhlaH221Y/w53fczJ5bj2zQODBJShGhuNmwpz9Jr7fvI+gZE3smVkMLWaJPl2BhtF2kAFB62s==sLat-----END PGP SIGNATURE-----

Debian Security Advisory 5700-1

Debian Linux Security Advisory 5699-1 - Multiple cross-site scripting vulnerabilities were found in Redmine, a project management web application.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5699-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffMay 24, 2024                          https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : redmineCVE ID         : CVE-2023-47258 CVE-2023-47259 CVE-2023-47260Multiple cross-site scripting vulnerabilities were found in Redmine,a project management web application.For the stable distribution (bookworm), these problems have been fixed inversion 5.0.4-5+deb12u1.We recommend that you upgrade your redmine packages.For the detailed security status of redmine please refer toits security tracker page at:https://security-tracker.debian.org/tracker/redmineFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmZQw0gACgkQEMKTtsN8TjbXDhAAlwLX55/MEXwBGXK2/diyo0jALkcur3+674tfQQGzTDeOzN9LVxJLLSS6FkgJEv/9bW/EjRpltBR64eqPjJC8JSmiqcEC7YU0paZi4gKyurBBy1F5hI2kHHFNM9KzjIh44Wak6W/3PtJHw8nClZMG2uJZFiXhqzrR1Gv+NWlFILhNyB1RGzB5hQYr2/arb7tEj4heXGWtahrbzi7YZS5a0aREK0nQ7y09DCYpvlJTlpt3almGxPJhpbyzRTwhRMrOTOZJHfwAwxjND2xmblfvkeQxLrNbBBEO9NO18cN69lOMA/sG3haMMkVKRpZFIaEl+F8t0WIqlAog4JjiivrhkFL3Px4uthuD0HzAzxveHvC9rgqPWUOre2eLBONo74Wsx5kY+gY7RZyNJRQ7VRk71lRlqAlGSofJ9ckfOincXV8lT7DEEcki42Qhrx8Fw682z5m+ozyaI0FBK4yiKiZ44bgjIb166paoxhA+H9WiubhR70Z2SMUG2x7IqktbTa+oboSXOc2zYDFpIa5XWXWJz6OspHBxGE7JF+Zs/eRhxXsAJb/diJB6msgDGTFAmynvAifcfDHczRqG56AG8jVku4nIGT0Q7INAeukhdWUU5jyqYrcF0UoPa+c+NW4g5CZNACKjpFAIwo+WJceUMsgVy8ZvIV/IRH12XtslD50K1yM==Fejb-----END PGP SIGNATURE-----

Debian Security Advisory 5699-1

Debian Linux Security Advisory 5698-1 - Multiple security issues were found in Rack, an interface for developing web applications in Ruby, which could result in denial of service.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5698-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffMay 24, 2024                          https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : ruby-rackCVE ID         : CVE-2024-25126 CVE-2024-26141 CVE-2024-26146Multiple security issues were found in Rack, an interface for developingweb applications in Ruby, which could result in denial of service.For the oldstable distribution (bullseye), these problems have been fixedin version 2.1.4-3+deb11u2.For the stable distribution (bookworm), these problems have been fixed inversion 2.2.6.4-1+deb12u1.We recommend that you upgrade your ruby-rack packages.For the detailed security status of ruby-rack please refer toits security tracker page at:https://security-tracker.debian.org/tracker/ruby-rackFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmZQw0YACgkQEMKTtsN8TjaEDQ/+In6arFD5sCgR6IZW2RiwAgBlLY9SAPlcuSI4qYkoN3JDMsm3dWV38UEOIwhvEiNpOXRiHCi4V15Eo92I1ayKJIZYM9n5B1pjGQrci5tl1cnFIfhfkIEjRET7OFRgL6TYgzsc5PKmlBNmff/yQOPXdw2q8dfgJkBb9Nc7GUxrhnsAdy/5mrW9NgSPerd65rYZ3NcGpSCiKcUcweatBalf2GycXFXSNzUlYw4nGuEOM5P4uyB8TI0lhaxy+hQA24fVGfKIldSHvQu4gs2jN2CaCNp4KyV5SkAtK7lBTxWMihmXwhzvpGeKF/ABokicqj4AC/T1BhjqS7S5/CjScmJwwkOcpaNhcqoI9wmFkx/bVYbQGmFuYPibziBHfBeucZhCFW2zhxSGYX/oWx/V4J3kBwMMUll4pI3AM0SEs/loeU3k+eLR7mq1ElcLt+IOmQpwNIIuvy/r8wvSySBLXu07b1lS29LMtqk3qXdb3HO6e2QznIdW6CatcewEc6uWOAzUBSFwvA1kgXWFqT9gj17RQ6VdMAdOw+5dkWIbJrWeJfiDdlT6R0KWpAfExQFzLbywtKJAtOnS7v+jyBkPlTg5Rz6z7o6PCf5fYA42FnI6p5AAryPvEupbiE6N72K1+8x+mDeiPFLlmrlP3tUsdhVwSfD5AEO+Qiyi04rYY7w55RM==9BYJ-----END PGP SIGNATURE-----

Tag

#debian