Debian: DSA-5247-1: barbican security update
Douglas Mendizabal discovered that Barbican, the OpenStack Key Management Service, incorrectly parsed requests which could allow an authenticated user to bypass Barbican access policies.
Debian: DSA-5246-1: mediawiki security update
Multiple security issues were discovered in MediaWiki, a website engine for collaborative work, which could result in restriction bypass, information leaks, cross-site scripting or denial of service.
Debian: DSA-5245-1: chromium security update
Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
Debian: DSA-5244-1: chromium security update
Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
Debian: DSA-5243-1: lighttpd security update
Several vulnerabilities were discovered in lighttpd, a fast webserver with minimal memory footprint. CVE-2022-37797
Debian: DSA-5242-1: maven-shared-utils security update
It was discovered that the Commandline class in maven-shared-utils, a collection of various utility classes for the Maven build system, can emit double-quoted strings without proper escaping, allowing shell injection attacks.
Debian: DSA-5241-1: wpewebkit security update
The following vulnerabilities have been discovered in the WPE WebKit web engine: CVE-2022-32886
Debian: DSA-5240-1: webkit2gtk security update
The following vulnerabilities have been discovered in the WebKitGTK web engine: CVE-2022-32886
Debian: DSA-5239-1: gdal security update
A heap-based buffer overflow vulnerability was discovered in gdal, a Geospatial Data Abstraction Library, which could result in denial of service or potentially the execution of arbitrary code, if a specially crafted file is processed with the PCIDSK driver.
