Debian: DSA-4890-1: ruby-kramdown security update
Stan Hu discovered that kramdown, a pure Ruby Markdown parser and converter, performed insufficient namespace validation of Rouge syntax highlighting formatters.
Debian: DSA-4889-1: mediawiki security update
Multiple security issues were found in MediaWiki, a website engine for collaborative work, which could result in incomplete page/blocking protection, denial of service or cross-site scripting.
Debian: DSA-4888-1: xen security update
Multiple vulnerabilities have been discovered in the Xen hypervisor, which could result in denial of service, privilege escalation or memory disclosure.
Debian: DSA-4887-1: lib3mf security update
A use-after-free was discovered in Lib3MF, a C++ implementation of the 3D Manufacturing Format, which could result in the execution of arbitrary code if a malformed file is opened.
Debian: DSA-4886-1: chromium security update
Several vulnerabilites have been discovered in the chromium web browser. CVE-2021-21159
Debian: DSA-4885-1: netty security update
Multiple security issues were discovered in Netty, a Java NIO client/server framework, which could result in HTTP request smuggling, denial of service or information disclosure.
Debian: DSA-4884-1: ldb security update
Multiple vulnerabilities have been discovered in ldb, a LDAP-like embedded database built on top of TDB. CVE-2020-10730
Debian: DSA-4883-1: underscore security update
It was discovered that missing input sanitising in the template() function of the Underscore JavaScript library could result in the execution of arbitrary code.
Debian: DSA-4882-1: openjpeg2 security update
Multiple vulnerabilities have been discovered in openjpeg2, the open-source JPEG 2000 codec, which could result in denial of service or the execution of arbitrary code when opening a malformed image.
