Debian LTS: DLA-2868-1: advancecomp security update
Several vulnerabilities have been fixed in the AdvanceCOMP recompression utilities. CVE-2018-1056
Debian LTS: DLA-2857-2: postgis regression update
The regression of postgresql-9.6-postgis-2.3-scripts being empty in 2.3.1+dfsg-2+deb9u1 has been fixed. For Debian 9 stretch, this problem has been fixed in version
Debian LTS: DLA-2869-1: xorg-server security update
Jan-Niklas Sohn discovered that multiple input validation failures in X server extensions of the X.org X server may result in privilege escalation if the X server is running privileged.
Debian LTS: DLA-2866-1: uw-imap security update
Access to IMAP mailboxes through running imapd over rsh and ssh is now disabled by default in uw-imap, the University of Washington IMAP Toolkit. Code using the library can enable it with tcp_parameters() after making sure that the IMAP server name is sanitized.
Debian LTS: DLA-2867-1: spip security update
It was discovered that SPIP, a website engine for publishing, would allow a malicious user to perform cross-site scripting and SQL injection attacks, or execute arbitrary code.
Debian LTS: DLA-2864-1: ruby-haml security update
In ruby-haml, which is an elegant, structured XHTML/XML templating engine, when using user input to perform tasks on the server, characters like < > " ' must be escaped properly. In this case, the ' character was missed. An attacker can manipulate the input to
Debian LTS: DLA-2865-1: resiprocate security update
Two vulnerabilities were fixed in the reSIProcate SIP stack. CVE-2017-11521
Debian LTS: DLA-2863-1: firefox-esr security update
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, information disclosure or spoofing.
Debian LTS: DLA-2862-1: python-gnupg security update
A couple of vulnerabilites were found in python-gnupg, a Python wrapper for the GNU Privacy Guard. CVE-2018-12020
