Debian: DSA-5250-1: dbus security update
Evgeny Vereshchagin discovered multiple vulnerabilities in D-Bus, a simple interprocess messaging system, which may result in denial of service by an authenticated user.
Debian: DSA-5249-1: strongswan security update
Lahav Schlesinger discovered a vulnerability in the revocation plugin of strongSwan, an IKE/IPsec suite. The revocation plugin uses OCSP URIs and CRL distribution points (CDP) which
Debian: DSA-5246-1: php-twig security update
Marlon Starkloff discovered that twig, a template engine for PHP, did not correctly enforce sandboxing. This would allow a malicious user to execute arbitrary code.
Debian: DSA-5247-1: barbican security update
Douglas Mendizabal discovered that Barbican, the OpenStack Key Management Service, incorrectly parsed requests which could allow an authenticated user to bypass Barbican access policies.
Debian: DSA-5246-1: mediawiki security update
Multiple security issues were discovered in MediaWiki, a website engine for collaborative work, which could result in restriction bypass, information leaks, cross-site scripting or denial of service.
Debian: DSA-5245-1: chromium security update
Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
Debian: DSA-5244-1: chromium security update
Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
Debian: DSA-5243-1: lighttpd security update
Several vulnerabilities were discovered in lighttpd, a fast webserver with minimal memory footprint. CVE-2022-37797
Debian: DSA-5242-1: maven-shared-utils security update
It was discovered that the Commandline class in maven-shared-utils, a collection of various utility classes for the Maven build system, can emit double-quoted strings without proper escaping, allowing shell injection attacks.
