Debian: DSA-5031-1: wpewebkit security update
The following vulnerabilities have been discovered in the wpewebkit web engine: CVE-2021-30887
Debian: DSA-5030-1: webkit2gtk security update
The following vulnerabilities have been discovered in the webkit2gtk web engine: CVE-2021-30887
Debian: DSA-5000-2: openjdk-11 security update
Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in denial of service, incorrect Kerberos ticket use, selection of weak ciphers or information disclosure.
Debian: DSA-5029-1: sogo security update
It was discovered that missing SAML signature validation in the SOGo groupware could result in impersonation attacks. For the oldstable distribution (buster), this problem has been fixed
Debian: DSA-5028-1: spip security update
It was discovered that SPIP, a website engine for publishing, would allow a malicious user to perform cross-site scripting and SQL injection attacks, or execute arbitrary code.
Debian: DSA-5027-1: xorg-server security update
Jan-Niklas Sohn discovered that multiple input validation failures in X server extensions of the X.org X server may result in privilege escalation if the X server is running privileged.
Debian: DSA-5026-1: firefox-esr security update
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, information disclosure or spoofing.
Debian: DSA-5025-1: tang security update
A flaw was discovered in tang, a network-based cryptographic binding server, which could result in leak of private keys. For the stable distribution (bullseye), this problem has been fixed in
Debian: DSA-5024-1: apache-log4j2 security update
It was found that Apache Log4j2, a Logging Framework for Java, did not protect from uncontrolled recursion from self-referential lookups. When the logging configuration uses a non-default Pattern Layout with a Context Lookup (for example, $${ctx:loginId}), attackers with control over Thread Context Map (MDC)
