Debian LTS: DLA-3347-2: spip regression update
It was discovered that the fix for CVE-2023-27372 broke (de)activation of plugins with dependencies. For Debian 10 buster, this problem has been fixed in version
Debian LTS: DLA-3351-1: apache2 security update
Multiple security vulnerabilities have been discovered in Apache HTTP server. CVE-2006-20001
Debian LTS: DLA-3350-1: node-css-what security update
node-css-what was vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of insecure regular expression in the re_attr variable. The exploitation of this vulnerability could be triggered
Debian LTS: DLA-3349-1: linux-5.10 security update
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
Debian LTS: DLA-3348-1: syslog-ng security update
It was discovered that syslog-ng, a system logging daemon, had integer overflow and buffer out-of-bounds issues, which could allow a remote attacker to cause Denial of Service via crafted syslog input.
Debian LTS: DLA-3347-1: spip security update
It was discovered that SPIP, a content management system, was vulnerable to SQL injection, remote code execution, and authorization bypass vulnerabilities.
Debian LTS: DLA-3346-1: python-werkzeug security update
Two vulnerabilities were discovered in Werkzeug, a collection of utilities for WSGI (web) applications. An attacker may inject cookies in specific situations, and cause a denial of service (DoS).
Debian LTS: DLA-3331-2: python-cryptography security update
It was discovered that there was a regression in the previous fix for python-cryptography, a Python library offering a number of encryption and cryptography primitives.
Debian LTS: DLA-3345-1: php7.3 security update
Multiple security issues were found in PHP, a widely-used open source general purpose scripting language, which could result in denial of service or incorrect validation of BCrypt hashes.
