Debian: DSA-4868-1: flatpak security update
Anton Lydike discovered that sandbox restrictions in Flatpak, an application deployment framework for desktop apps, could by bypassed via a malicious .desktop file.
Debian: DSA-4867-1: grub2 security update
Several vulnerabilities have been discovered in the GRUB2 bootloader. CVE-2020-14372
Debian: DSA-4866-1: thunderbird security update
Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code or information disclosure. For the stable distribution (buster), these problems have been fixed in
Debian: DSA-4865-1: docker.io security update
Multiple security issues were discovered in Docker, a Linux container runtime, which could result in denial of service, an information leak or privilege escalation.
Debian: DSA-4864-1: python-aiohttp security update
Beast Glatisant and Jelmer Vernooij reported that python-aiohttp, a async HTTP client/server framework, is prone to an open redirect vulnerability. A maliciously crafted link to an aiohttp-based web-server could redirect the browser to a different website.
Debian: DSA-4863-1: nodejs security update
Two vulnerabilities were discovered in Node.js, which could result in denial of service or DNS rebinding attacks. For the stable distribution (buster), these problems have been fixed in
