Find the information you need for your favorite open source distribution .
Several security vulnerabilities were discovered in mediawiki, a website engine for collaborative work. Insufficiently escaped input text may allow a malicious user to perform cross-site-scripting (XSS) attacks.
It was found that Mako, a Python template library, was vulnerable to a denial of service attack via crafted regular expressions. For Debian 10 buster, this problem has been fixed in version
Maher Azzouzi found a local root escalation vulnerability in Enlightenment, an X11 window manager. For Debian 10 buster, this problem has been fixed in version
Multiple file parsing vulnerabilities have been fixed in libraw. They are concerned with the dng and x3f formats. CVE-2020-35530
Several issues have been discovered in the MariaDB database server. The vulnerabilities are addressed by upgrading MariaDB to the new upstream version 10.3.36. Please see the MariaDB 10.3 Release Notes for further details:
This update fixes bzdiff when using it with two compressed files. It also includes a fix to support large files on 32 bit systems. For Debian 10 buster, this problem has been fixed in version
An issue has been found in mod-wsgi, a Python WSGI adapter module for Apache. A request from an untrusted proxy does not remove the X-Client-IP header and thus allowing this header to be passed to the target WSGI application.
It was found that GLib, a general-purpose portable utility library, could be used to print partial contents from arbitrary files. This could be exploited from setuid binaries linking to GLib for information disclosure of files with a specific format.
The security update announced as DLA 3093-1 which included fix for CVE-2022-32224 caused a regression due to incompatibility with ruby 2.5 version. We have dropped aforementioned fix. Updated rails packages are now available.
