Debian: DSA-4885-1: netty security update
Multiple security issues were discovered in Netty, a Java NIO client/server framework, which could result in HTTP request smuggling, denial of service or information disclosure.
Debian: DSA-4884-1: ldb security update
Multiple vulnerabilities have been discovered in ldb, a LDAP-like embedded database built on top of TDB. CVE-2020-10730
Debian: DSA-4883-1: underscore security update
It was discovered that missing input sanitising in the template() function of the Underscore JavaScript library could result in the execution of arbitrary code.
Debian: DSA-4882-1: openjpeg2 security update
Multiple vulnerabilities have been discovered in openjpeg2, the open-source JPEG 2000 codec, which could result in denial of service or the execution of arbitrary code when opening a malformed image.
Debian: DSA-4881-1: curl security update
Multiple vulnerabilities were discovered in cURL, an URL transfer library: CVE-2020-8169
Debian: DSA-4880-1: lxml security update
Kevin Chung discovered that lxml, a Python binding for the libxml2 and libxslt libraries, did not properly sanitize its input. This would allow a malicious user to mount a cross-site scripting attack.
Debian: DSA-4879-1: spamassassin security update
Damian Lukowski discovered a flaw in spamassassin, a Perl-based spam filter using text analysis. Malicious rule configuration files, possibly downloaded from an updates server, could execute arbitrary commands under multiple scenarios.
Debian: DSA-4878-1: pygments security update
Ben Caller discovered that Pygments, a syntax highlighting package written in Python 3, used regular expressions which could result in denial of service.
Debian: DSA-4877-1: webkit2gtk security update
The following vulnerabilities have been discovered in the webkit2gtk web engine: CVE-2020-27918
