Find the information you need for your favorite open source distribution .
It was discovered that Apache Batik, a SVG library for Java, allowed attackers to run arbitrary Java code by processing a malicious SVG file. For Debian 10 buster, these problems have been fixed in version
An issue has been found in openvswitch, a software-based, Ethernet virtual switch.
An issue has been found in ncurses, a collection of shared libraries for terminal handling. This issue is about an out-of-bounds read in convert_strings in the
Multiple vulnerabilities were discovered in Django, a popular Python-based web development framework: * CVE-2020-24583: Fix incorrect permissions on intermediate-level
A file traversal vulnerability was discovered in src:ruby-sinatra, a popular web server often used with Ruby on Rails. We now validate that any expanded paths match the allowed `public_dir` when serving static files.
In src:expat, an XML parsing C library, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.
Several security vulnerabilities have been discovered in Wordpress, a popular content management framework. Possible SQL injection and cross-site scripting (XSS) flaws may allow a remote attacker to execute arbitrary code or facilitate the injection of client-side scripts.
This update includes the changes in tzdata 2022e for the Perl bindings. For the list of changes, see DLA-3161-1. For Debian 10 buster, this problem has been fixed in version
This update includes the changes in tzdata 2022e. Notable changes are: - - Syria and Jordan are abandoning the DST regime and are changing to
