Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function `ga_grow_inner` in in the file `src/alloc.c` at line 748, which is freed in the file `src/ex_docmd.c` in the function `do_cmdline` at line 1010 and then used again in `src/cmdhist.c` at line 759. When using the `:history` command, it's possible that the provided argument overflows the accepted value. Causing an Integer Overflow and potentially later an use-after-free. This vulnerability has been patched in version 9.0.2068.


**Environment**

Distributor ID:	Debian
Description:	Debian GNU/Linux bookworm/sid

**Version**

I checked against the **master** branch at commit **5f5131d** .

**Description**

Heap-use-after-free in memory allocated in the function ga_grow_inner in in the file src/alloc.c at line 748, which is freed in the file src/ex_docmd.c in the function do_cmdline at line 1010 and then used again in src/cmdhist.c at line 759

**POC**

./bins/vim -u NONE -i NONE -n -e -s -S ./crashmin/gchar\_cursor -c :qa!

**ASAN**

\=================================================================
==27059==ERROR: AddressSanitizer: heap-use-after-free on address 0x611000000700 at pc 0x5561472e4d7e bp 0x7ffc40ff1ad0 sp 0x7ffc40ff1ac8
READ of size 4 at 0x611000000700 thread T0
    #0 0x5561472e4d7d in ex\_history /path/vim/src/cmdhist.c:759:62
    #1 0x55614743ea18 in do\_one\_cmd /path/vim/src/ex\_docmd.c:2582:2
    #2 0x55614743ea18 in do\_cmdline /path/vim/src/ex\_docmd.c:994:17
    #3 0x55614788323a in do\_source\_ext /path/vim/src/scriptfile.c:1762:5
    #4 0x556147880fab in do\_source /path/vim/src/scriptfile.c:1908:12
    #5 0x556147880fab in cmd\_source /path/vim/src/scriptfile.c:1253:14
    #6 0x55614743ea18 in do\_one\_cmd /path/vim/src/ex\_docmd.c:2582:2
    #7 0x55614743ea18 in do\_cmdline /path/vim/src/ex\_docmd.c:994:17
    #8 0x556147c96613 in exe\_commands /path/vim/src/main.c:3173:2
    #9 0x556147c96613 in vim\_main2 /path/vim/src/main.c:790:2
    #10 0x556147c933ae in main /path/vim/src/main.c:441:12
    #11 0x7f2312dde1c9 in \_\_libc\_start\_call\_main csu/../sysdeps/nptl/libc\_start\_call\_main.h:58:16
    #12 0x7f2312dde284 in \_\_libc\_start\_main csu/../csu/libc-start.c:360:3
    #13 0x556147170760 in \_start (/path/vim/fuzzfuzzfuzz/bins/vim+0x208760) (BuildId: 0021b8b45c0d1823917b83c6743ec61faf0b7ab3)

0x611000000700 is located 128 bytes inside of 250-byte region \[0x611000000680,0x61100000077a)
freed by thread T0 here:
    #0 0x5561471f3302 in \_\_interceptor\_free (/path/vim/fuzzfuzzfuzz/bins/vim+0x28b302) (BuildId: 0021b8b45c0d1823917b83c6743ec61faf0b7ab3)
    #1 0x556147439233 in do\_cmdline /path/vim/src/ex\_docmd.c:1010:6
    #2 0x55614788323a in do\_source\_ext /path/vim/src/scriptfile.c:1762:5
    #3 0x556147880fab in do\_source /path/vim/src/scriptfile.c:1908:12
    #4 0x556147880fab in cmd\_source /path/vim/src/scriptfile.c:1253:14
    #5 0x556147c96613 in exe\_commands /path/vim/src/main.c:3173:2
    #6 0x556147c96613 in vim\_main2 /path/vim/src/main.c:790:2
    #7 0x556147c933ae in main /path/vim/src/main.c:441:12
    #8 0x7f2312dde1c9 in \_\_libc\_start\_call\_main csu/../sysdeps/nptl/libc\_start\_call\_main.h:58:16

previously allocated by thread T0 here:
    #0 0x5561471f39d6 in \_\_interceptor\_realloc (/path/vim/fuzzfuzzfuzz/bins/vim+0x28b9d6) (BuildId: 0021b8b45c0d1823917b83c6743ec61faf0b7ab3)
    #1 0x55614723054b in ga\_grow\_inner /path/vim/src/alloc.c:748:10
    #2 0x55614723054b in ga\_grow /path/vim/src/alloc.c:713:9

SUMMARY: AddressSanitizer: heap-use-after-free /path/vim/src/cmdhist.c:759:62 in ex\_history
Shadow bytes around the buggy address:
  0x0c227fff8090: 00 00 00 00 00 00 00 00 00 00 00 fa fa fa fa fa
  0x0c227fff80a0: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
  0x0c227fff80b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c227fff80c0: 00 00 00 00 00 00 00 02 fa fa fa fa fa fa fa fa
  0x0c227fff80d0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
\=>0x0c227fff80e0:\[fd\]fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c227fff80f0: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
  0x0c227fff8100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c227fff8110: 00 00 00 00 00 00 fa fa fa fa fa fa fa fa fa fa
  0x0c227fff8120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c227fff8130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
\==27059\==ABORTING

**Impact**

When using the :history command, it's possible that the provided argument overflows the accepted value. Causing an Integer Overflow and potentially later an use-after-free. This is not a major issue as most users probably won't use intentionally large values for the :history command

**Patches**

Problem is patched in version: 9.0.2068

**Credits**

Thanks to Cole Dilorenzo for notifying the vim-security mailinglist

CVE-2023-46246: Integer Overflow in :history command

Debian Linux Security Advisory 5536-1 - An important security issue was discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256- -------------------------------------------------------------------------Debian Security Advisory DSA-5536-1                   security@debian.orghttps://www.debian.org/security/                           Andres SalomonOctober 26, 2023                      https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : chromiumCVE ID         : CVE-2023-5472An important security issue was discovered in Chromium, which could resultin the execution of arbitrary code, denial of service or informationdisclosure.For the oldstable distribution (bullseye), this problem has been fixedin version 118.0.5993.117-1~deb11u1.For the stable distribution (bookworm), this problem has been fixed inversion 118.0.5993.117-1~deb12u1.We recommend that you upgrade your chromium packages.For the detailed security status of chromium please refer toits security tracker page at:https://security-tracker.debian.org/tracker/chromiumFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCAAdFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmU6+wwACgkQZF0CR8NudjcbzQ//b9RRr1OyKscWjFnuIgcs6zbj3IloLMQVwYj1LNeR1eqDwFcOBhxjfSKhx4vAxveR/KyrDKf1O71CWwL+vGZREw7r8X2kanJTCBQ7kIdgRpSc/uSQcCCmcx7LUemd9k2CzWHgqSYgZGrxBB5XDoQ2WfUxqH3gu5Xm0qhLb6GnWg4ylMlpsxvepEJW4v0GulZJqBQn1gnUfoFetoUccg7qKi0ev/COlza6kcfY71Xs+vlNMrnDwuzeCcuiWEjB8Q5JcjcU3D269Mj7aa6B5AN3LeCBLK+Q7T3+pn8Ft8GYSJrlFleEvtTkGSCxW8Pjo2gzDvl9U8bswgmtcUE6M26MFJIlYINxI9SCKuPCnbmdCxY5JG/8puSGD+ioG3l3BexYT0+NexUgjjoMsnwyaPR1OeQyWr/N8Obk/vEeZ9xaJzpnKtxKstnFqcZ9eqKt1B8S68YDPuXSVI0Wyb5E6Ozqrq2J8PrmwK7LrqrI/8nD/AQLgf20gU+2jc1z5MCYymu+IGxGolBcOTaRoK4GpASZ0x93UR/sNB6jGK08FZB+XUPjM/otxDl1D3QQeFuMXndWzvwsxHdZrL1DTlk4vDhaGzW2XBcPqhbfuqRwwKt7QMqLlTKH3/iVp6SQPYY8k1SfBSs1oO7iXv9UYm8+kHGNtWs0GWpuY0qxwDIMflWb4rE==Gmlo-----END PGP SIGNATURE-----

Debian Security Advisory 5536-1

An issue was discovered in ISPConfig before 3.2.11p1. PHP code injection can be achieved in the language file editor by an admin if admin_allow_langedit is enabled.

This is a security patch release, it fixes a PHP Code Injection Vulnerability in the ISPConfig language file editor.  
The vulnerability requires that the attacker is correctly logged in as the ‘admin’ user (the account with superadmin privilege) in ISPConfig, so an attacker must know the administrator password or get access to an active admin account session. Not affected are logins from Clients, Resellers, or Email users and also not logins from additionally created admin users.  
Also not affected are systems where the language editor is disabled. The language editor can be disabled by setting:

admin\_allow\_langedit=no

in the file /usr/local/ispconfig/security/security\_settings.ini.  
Thank you to Egidio Romano from Karma(In)Security for reporting this issue.

You can see the full changelog here:

https://git.ispconfig.org/ispconfig/ispconfig3/-/milestones/90

**Known issues**

Please take a look at the bug tracker:

https://git.ispconfig.org/ispconfig/ispconfig3/-/issues?scope=all&utf8=%E2%9C%93&state=opened&label\_name\[\]=Bug

You can report bugs at https://git.ispconfig.org/ispconfig/ispconfig3/-/issues

**Supported Linux Distributions**

– Debian 9 – 12 (recommended) and Debian testing  
– Ubuntu 18.04 — LTS – 22.04 LTS (recommended)  
– CentOS 7 – 8

**Download ISPConfig 3.2.11p1**

https://www.ispconfig.org/downloads/ISPConfig-3.2.11p1.tar.gz

The installation instructions for ISPConfig can be found here:

https://www.ispconfig.org/ispconfig-3/documentation/

**How can I update to the ISPConfig 3.2.11p1?**

You can update to ISPConfig 3.2.11p1 by using the ispconfig\_update.sh command.

**Manual update instructions**

In case you need to run the update manually without using ispconfig\_update.sh, use the manual download procedure below:

Run the following commands as root user on your ISPConfig server:

cd /tmp
wget https://www.ispconfig.org/downloads/ISPConfig-3.2.11p1.tar.gz
tar xvfz ISPConfig-3.2.11p1.tar.gz
cd ispconfig3\_install/install
php -q update.php

CVE-2023-46818: ISPConfig 3.2.11p1 Released - ISPConfig

An issue in Mintty v.3.6.4 and before allows a remote attacker to execute arbitrary code via crafted commands to the terminal.

CVE-2023-39726: "[31m"?! ANSI Terminal security in 2023 and finding 10 CVEs

Debian Linux Security Advisory 5535-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, clickjacking, spoofing or information leaks.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5535-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffOctober 25, 2023                      https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : firefox-esrCVE ID         : CVE-2023-5721 CVE-2023-5724 CVE-2023-5725 CVE-2023-5728                 CVE-2023-5730 CVE-2023-5732Multiple security issues have been found in the Mozilla Firefox webbrowser, which could potentially result in the execution of arbitrarycode, clickjacking, spoofing or information leaks.For the oldstable distribution (bullseye), these problems have been fixedin version 115.4.0esr-1~deb11u1.For the stable distribution (bookworm), these problems have been fixed inversion 115.4.0esr-1~deb12u1.We recommend that you upgrade your firefox-esr packages.For the detailed security status of firefox-esr please refer toits security tracker page at:https://security-tracker.debian.org/tracker/firefox-esrFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmU5Z1kACgkQEMKTtsN8TjadIw//WpIFeCszG20DdDXl0HDi9sjn9bctL0ff5buoeWGMx3JHJa2D9vauwDLxnZFzPMfrr8W8ZUZpvFxl1u0n+n9BAfIkPMsjURbDZu6+wembDeVB8d5B2KH667UXhIHeaiEBrkT3wH0alq6HpkaoYkTipfkyerEIcKp2s0AB9L4qpr7RvGaCuyTTzR4Fm4UUCEja1aAFcywlLwDlyNJksNqHfU+LMeLIDIx/FjrT07C7fEB0KCcNNHRXYyEhMLDfmxUkrR/QIopQfsXohLDkodzU+K2J7rpjkgk5StbhLVnh3DVkANpALthySM65iovuDUXCoD7kCpIjshYxYtRioLYtiilRIVudOZ3uU/9TYN7sDXvFiN3OS1gOYk8aMIzHZHLKcp17VBHGP3z7tRlO5p5r/79jFq2aPuY++rIOCrf/rYMnykukgDEx2i6R8bpEfen1P5c7qbPWHqTAxo1EdDmSHGiDpxuhQ4ql+G3xDREoQgaFHWv6IwyBdcGteMNHSj++gy+p9Hcfh84ynzgpoHcl1tbpVeHw/356sKgJRbsIfYZapk3IPEvziWPtGBsZzMqVxxq4cM8yietTi8YXB83Xtutbf5QPUgPmCaHKW7icFI3zkcbhjqxO1GHJT06MsvqLnv8WtDQBPV42NcksVn6ccW0Ydrc+1JyJ2xwF8YpZaN8=DQzK-----END PGP SIGNATURE-----

Debian Security Advisory 5535-1

Debian Linux Security Advisory 5534-1 - Jan-Niklas Sohn discovered several vulnerabilities in the Xorg X server, which may result in privilege escalation if the X server is running privileged.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5534-1                   security@debian.org  
https://www.debian.org/security/                     Salvatore Bonaccorso  
October 25, 2023                      https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : xorg-server  
CVE ID         : CVE-2023-5367 CVE-2023-5380

Jan-Niklas Sohn discovered several vulnerabilities in the Xorg X server,  
which may result in privilege escalation if the X server is running  
privileged.

For the oldstable distribution (bullseye), these problems have been fixed  
in version 2:1.20.11-1+deb11u8.

For the stable distribution (bookworm), these problems have been fixed in  
version 2:21.1.7-3+deb12u2.

We recommend that you upgrade your xorg-server packages.

For the detailed security status of xorg-server please refer to its  
security tracker page at:  
https://security-tracker.debian.org/tracker/xorg-server

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmU5Ka5fFIAAAAAALgAo  
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2  
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND  
z0QyCQ/+I9BqRAzJ78GD6U4eSHq/BIp8eelKlubxCbrRhLAL6bD5RT3WnqpKTvvN  
wW1BU6Cety4OW9NiWzOwfXPkujHs2JAow5pxmdOld7r616dS5pKNcJKM/mi+KQCb  
QKQw/KNo2bgy/exJaGM1GjzaAO2jhypH/KHM1qcVziNM75NO2puMu26cqlWZf6vi  
ALa6RYVQ8MiQqx0jZVjbr2W8L3vs05aB/+mNwucDBFmGeNjTCjQ4AFmSfjkOyZtk  
nUUOtCwA7dSh8bv62knLrSbh+heV+y+gsK0eQb2akyJLG5iE7CITqn1fU4DrPlFp  
RxeuYeXczJOPj82ET/+rKvQVUN6OmuDk6yKlpSWajYPTCVgNhzDaLRen05CqXiT1  
wprIXezkCzMP6MPg1NAwPMk+VWXHz6fb48612prZBgkUetSF8wvTeZ9+lTG5Avi1  
2rcY0EFtKjUVT6uP2ZJGXYs81OM5PGFqkvttcGFHLWNjQe3Hm8upUpcNgbBeNKwR  
HYLdkMkjrZVbAWKcbaH68ahhd6gvNWEeZFGo/3ZWcdWF73j0zWOYYKkM3bHqBNkb  
YiNdVtwvt4/d/haOXZ26AJOnq8rdOhfNw+nJm/YqEs7C2R4VmTzQrWRUE4qRCkmr  
5RfymT7sAZUB3RcNflxyw9TTO55/LHILIuEQN4IncByzBd5qly8=  
=pBIG  
-----END PGP SIGNATURE-----

Debian Security Advisory 5534-1

In buc Traceroute 2.0.12 through 2.1.2 before 2.1.3, the wrapper scripts do not properly parse command lines.

**Name**

CVE-2023-46316

**Description**

In buc Traceroute 2.0.12 through 2.1.2 before 2.1.3, the wrapper scripts do not properly parse command lines.

**Source**

CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

**Vulnerable and fixed packages**

The table below lists information on source packages.

Source Package

Release

Version

Status

traceroute (PTS)

buster

1:2.1.0-2

vulnerable

bullseye

1:2.1.0-2+deb11u1

vulnerable

bookworm

1:2.1.2-1

vulnerable

sid, trixie

1:2.1.3-1

fixed

The information below is based on the following data on fixed versions.

Package

Type

Release

Fixed Version

Urgency

Origin

Debian Bugs

traceroute

source

(unstable)

1:2.1.3-1

**Notes**

\[bookworm\] - traceroute <no-dsa> (Minor issue)  
\[bullseye\] - traceroute <no-dsa> (Minor issue)  
\[buster\] - traceroute <no-dsa> (Minor issue)  
https://sourceforge.net/projects/traceroute/files/traceroute/traceroute-2.1.3/

CVE-2023-46316: CVE-2023-46316

Debian Linux Security Advisory 5533-1 - Multiple vulnerabilities were discovered in plugins for the GStreamer media framework and its codecs and demuxers, which may result in denial of service or potentially the execution of arbitrary code if a malformed media file is opened.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5533-1                   security@debian.org  
https://www.debian.org/security/                     Salvatore Bonaccorso  
October 24, 2023                      https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : gst-plugins-bad1.0  
CVE ID         : CVE-2023-40474 CVE-2023-40475 CVE-2023-40476  
Debian Bug     : 1053259 1053260 1053261

Multiple vulnerabilities were discovered in plugins for the GStreamer  
media framework and its codecs and demuxers, which may result in denial  
of service or potentially the execution of arbitrary code if a malformed  
media file is opened.

For the oldstable distribution (bullseye), these problems have been fixed  
in version 1.18.4-3+deb11u2.

For the stable distribution (bookworm), these problems have been fixed in  
version 1.22.0-4+deb12u2.

We recommend that you upgrade your gst-plugins-bad1.0 packages.

For the detailed security status of gst-plugins-bad1.0 please refer to  
its security tracker page at:  
https://security-tracker.debian.org/tracker/gst-plugins-bad1.0

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmU4L/BfFIAAAAAALgAo  
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2  
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND  
z0TxqQ//eRO99HAGSxBpe+slujteJrf9SkyJBdolvoEvz2ZjbiDVSJlwcGdpeYI+  
61ADafQx5L/klbx9FJoiIgRq9OtfzQMAMH3RBhL637EuzFOeQBwBWAQBqs6/MAbi  
tiYrFusMxPUsxt8EEBCrDZSCOgyW+HOP2nKnmxsx1LnVvYbdHF15m7hRoj6SKvpG  
Kf8oCHzFKG+4iEKzrSPPRjxVe1ao7I1/xzVPvDN6pFibj3wNNBRM+a5KyHpaAcpw  
F0V9yT+qYr9FJQEaaIk3rx5JtzNw1KHn8qds8wTZh71mGRI8WkAls8DeKNAE4xtz  
SGF/SLAUfKukRdYYk2IKe2zLzcrn/KCq9wcdGLOm2ufKJNeiNZUHIr0GxIf/hPOa  
Kh6yauX7CbUPbYlMRvG1ikt5i3uywNoaClyRXv/8viYrZJC8FfW7Q702UrbBzXzc  
fkG2jhYXboaZmaMZeX/jXp1tw/GmOvZoPkxQfaf9QHG57ly3gu132dKezzAmXQS8  
DHrDFvTqL8QKbS9532YvMsS6/JTMqnoZ6ykcSjgXn1pOedxENxA0xw6S0K9aV4PJ  
CR9i3DK7CRe/Sf53IlK6+zhsBgrXce3TU8EOAz9PavICEedVaOSIwnW/uPyxQlNe  
omGF2ka6RC4NvK42/i8SioDWNHtVpUYA/L6hhRrLXP2V9hGHznU=  
=GYlt  
-----END PGP SIGNATURE-----

Debian Security Advisory 5533-1

Debian Linux Security Advisory 5532-1 - Tony Battersby reported that incorrect cipher key and IV length processing in OpenSSL, a Secure Sockets Layer toolkit, may result in loss of confidentiality for some symmetric cipher modes.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5532-1                   security@debian.orghttps://www.debian.org/security/                     Salvatore BonaccorsoOctober 24, 2023                      https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : opensslCVE ID         : CVE-2023-5363Tony Battersby reported that incorrect cipher key and IV lengthprocessing in OpenSSL, a Secure Sockets Layer toolkit, may result inloss of confidentiality for some symmetric cipher modes.Additional details can be found in the upstream advisory:https://www.openssl.org/news/secadv/20231024.txtFor the stable distribution (bookworm), this problem has been fixed inversion 3.0.11-1~deb12u2.We recommend that you upgrade your openssl packages.For the detailed security status of openssl please refer to its securitytracker page at:https://security-tracker.debian.org/tracker/opensslFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmU4GHNfFIAAAAAALgAoaXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xNDz0TXww//aymYKy2Mo+x2RSQkTt3ojSPDCR0nOfdMPy5yYVUQ0CL4NdngPvtGuTTbH2pdTOBo9RF0YJzCnVA1jCS2UBc//grcsnB3RkW2zzRZbXPTELsLow43/w/jo5lZvm4VYlxiYUiTzXS88LM4vUGPc62cDE+BzZUDOxsygvwqpqa248T+ZdhDFSoIyoCNWaTBjBmyhiqD7OMp4nv4ui6qX+srBbOrLNoiCbzStwbg03pi4WNrfCIKadIy5ibYFjLL73Uyp/mHj+C1OLotPiKV1CLkW1MsHZYhen4zTchTRNEMORsoVKHLvW/X+njEHCMmRfqIvF82EN+9fw33FGpiI70HLjyQIwVQ+NabJNLANOJG/w7NqVMPngQz7BNDddPOnKMXFpaxmlWM+LR7HBkArSOz/cUb3lpyCheL5rs07FZDGmGZZrHKcvuFKvwS4gvNoBSkNSMHMloAPcYI6SQsKk6ps62E55tzzhyAgIZChJYy4RH3azT/Ud2JohWedhN6ScXXYEOQpSePA6egfdY+2ZiH+WJnZu6yoX0WL4gbR2PQTysy/P8HMnd1QvE+OmzyfBeUPlYEBW7Wg/7u9vROGJEQWmbwbIWptV3/BBVh+b79AvegDARNvh6y+5aXVSbE5QHowfYzmwIASYIJoSggb6LQQY1h+SDVj/E6zlglxDE6qQ8==OgKn-----END PGP SIGNATURE-----

Debian Security Advisory 5532-1

Debian Linux Security Advisory 5531-1 - It was discovered that roundcube, a skinnable AJAX based webmail solution for IMAP servers, did not properly sanitize HTML messages. This would allow an attacker to load arbitrary JavaScript code.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5531-1                   security@debian.orghttps://www.debian.org/security/                       Sebastien DelafondOctober 23, 2023                      https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : roundcubeCVE ID         : CVE-2023-5631Debian Bug     : 1054079It was discovered that roundcube, a skinnable AJAX based webmailsolution for IMAP servers, did not properly sanitize HTMLmessages. This would allow an attacker to load arbitrary JavaScriptcode.For the oldstable distribution (bullseye), this problem has been fixedin version 1.4.15+dfsg.1-1~deb11u1.For the stable distribution (bookworm), this problem has been fixed inversion 1.6.4+dfsg-1~deb12u1.We recommend that you upgrade your roundcube packages.For the detailed security status of roundcube please refer toits security tracker page at:https://security-tracker.debian.org/tracker/roundcubeFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQEzBAEBCgAdFiEEAqSkbVtrXP4xJMh3EL6Jg/PVnWQFAmU2FhEACgkQEL6Jg/PVnWTgbQf/T08r3SQ/NFUpzs1/8k+euPOyysNFnW7JZ1LcI+ug5iF8RrdEVVuURZHK7i/SuRNomgEQbUyVpgSb9rb6z5qkc0k6gbfh2+KMRk0ViHhG1+tuEe1O99abXt+5LUQNtXWVMAniWWdbtdQeCBHWgxMpstarWq4akgCnx1Dj7Tj8PyX05+bYFpR79WMqCKypX4lz1kP8U3U5c0tPDi/zjuzGT1IvVSyWPesaNHzmD4ZMr9A/dcDBtxQ+kTaPN3GVPJoDG9TVOcHQTqcb2MmTQY5FtvQswVCXiEsugbmgOQ4wiUYlV90C8s4ALSxBBiv+mOUCKZH/mNNjNeHKADW+nOkOeg===TSzb-----END PGP SIGNATURE-----

Tag

#debian