Multiple security vulnerabilities were discovered in Tor, a connection- based low-latency anonymous communication system, would could result in denial of service. For Debian 12 bookworm, this problem has been fixed in version 0.4.9.11-0+deb12u1.
Paul Johnson discovered that libhtml-parser-perl, a collection of modules that parse HTML text documents, read freed heap memory in _decode_entities(). For Debian 11 bullseye, this problem has been fixed in version 3.75-1+deb11u1.
Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. For Debian 12 bookworm, these problems have been fixed in version 149.0.7827.196-1~deb12u1.
Two security vulnerabilities were discovered in OpenVPN, a virtual private network application. CVE-2026-35058 Improper validation of packet length during tls-crypt-v2 key extraction allows authenticated attackers to trigger a fatal
Multiple vulnerabilities were discovered in gdcm, a C++ library for working with DICOM medical files: CVE-2024-22373 An out-of-bounds write vulnerability exists in the JPEG2000Codec::DecodeByStreamsCommon functionality. A specially crafted