Debian: DSA-5243-1: lighttpd security update
Several vulnerabilities were discovered in lighttpd, a fast webserver with minimal memory footprint. CVE-2022-37797
Debian: DSA-5242-1: maven-shared-utils security update
It was discovered that the Commandline class in maven-shared-utils, a collection of various utility classes for the Maven build system, can emit double-quoted strings without proper escaping, allowing shell injection attacks.
Debian: DSA-5241-1: wpewebkit security update
The following vulnerabilities have been discovered in the WPE WebKit web engine: CVE-2022-32886
Debian: DSA-5240-1: webkit2gtk security update
The following vulnerabilities have been discovered in the WebKitGTK web engine: CVE-2022-32886
Debian: DSA-5239-1: gdal security update
A heap-based buffer overflow vulnerability was discovered in gdal, a Geospatial Data Abstraction Library, which could result in denial of service or potentially the execution of arbitrary code, if a specially crafted file is processed with the PCIDSK driver.
Debian: DSA-5238-1: thunderbird security update
Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code. For the stable distribution (bullseye), these problems have been fixed in
Debian: DSA-5237-1: firefox-esr security update
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, CSP bypass or session fixation.
Debian: DSA-5236-1: expat security update
Rhodri James discovered a heap use-after-free vulnerability in the doContent function in Expat, an XML parsing C library, which could result in denial of service or potentially the execution of arbitrary code, if a malformed XML file is processed.
Debian: DSA-5235-1: bind9 security update
Several vulnerabilities were discovered in BIND, a DNS server implementation. CVE-2022-2795
