Explore top 10 tips to secure your open-source projects now. Read More
×An update that solves 6 vulnerabilities can now be installed.. # tomcat11-11.0.23-1.1 on GA media Announcement ID: openSUSE-SU-2026:11195-1 Rating: moderate Cross-References: * CVE-2026-50229 * CVE-2026-53404 * CVE-2026-53434 * CVE-2026-55276 * CVE-2026-55955 * CVE-2026-55956 CVSS scores: * CVE-2026-50229 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2026-50229 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N * CVE-2026-53404 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-53404 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-53434 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-53434 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-55276 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2026-55276 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-55955 ( SUSE ): 4.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-55955 ( SUSE ): 2.3 CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-55956 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-55956 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N Affected Products: * openSUSE Tumbleweed An update that solves 6 vulnerabilities can now be installed. ## Description: These are all security issues fixed in the tomcat11-11.0.23-1.1 package on the GA media of openSUSE Tumbleweed. ## Package List: * openSUSE Tumbleweed: * tomcat11 11.0.23-1.1 * tomcat11-admin-webapps 11.0.23-1.1 * tomcat11-doc 11.0.23-1.1 * tomcat11-docs-webapp 11.0.23-1.1 * tomcat11-el-6_0-api 11.0.23-1.1 * tomcat11-embed 11.0.23-1.1 * tomcat11-jsp-4_0-api 11.0.23-1.1 * tomcat11-jsvc 11.0.23-1.1 * tomcat11-lib 11.0.23-1.1 * tomcat11-servlet-6_1-api 11.0.23-1.1 * tomcat11-webapps 11.0.23-1.1 ##References: * https://www.suse.com/security/cve/CVE-2026-50229.html * https://www.suse.com/security/cve/CVE-2026-53404.html * https://www.suse.com/security/cve/CVE-2026-53434.html * https://www.suse.com/security/cve/CVE-2026-55276.html * https://www.suse.com/security/cve/CVE-2026-55955.html * https://www.suse.com/security/cve/CVE-2026-55956.html . This update for openSUSE resolves several security issues in the tomcat11 package, enhancing system protection.. openSUSE security update, tomcat11 vulnerabilities, Linux application security. . Severity: moderate. LinuxSecurity.com Team
An update that solves one vulnerability can now be installed.. # Security update for perl-libwww-perl Announcement ID: SUSE-SU-2026:22353-1 Release Date: 2026-06-24T19:41:53Z Rating: moderate References: * bsc#1265156 Cross-References: * CVE-2026-8368 CVSS scores: * CVE-2026-8368 ( SUSE ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-8368 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2026-8368 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves one vulnerability can now be installed. ## Description: This update for perl-libwww-perl fixes the following issue * CVE-2026-8368: authorization and proxy-authorization headers are leaked on cross-origin redirects (bsc#1265156). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-1058=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-1058=1 ## Package List: * SUSE Linux Enterprise Server for SAP applications 16.0 (noarch) * perl-libwww-perl-6.770.0-160000.3.1 * SUSE Linux Enterprise Server 16.0 (noarch) * perl-libwww-perl-6.770.0-160000.3.1 ## References: * https://www.suse.com/security/cve/CVE-2026-8368.html * https://bugzilla.suse.com/show_bug.cgi?id=1265156 . A security update for SUSE addresses authorization issues in perl-libwww-perl, recommended for immediate installation.. SUSE update, perl-libwww-perl, security fix. . Severity: moderate. LinuxSecurity.com Team
Update to 1.3.13 (minor packaging changes); backport unreleased fix for cross- side scripting via unescaped HTML. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-c2b475c5f1 2026-06-27 00:54:50.049673+00:00 -------------------------------------------------------------------------------- Name : python-postorius Product : Fedora 43 Version : 1.3.13 Release : 1.fc43 URL : https://gitlab.com/mailman/postorius Summary : Web UI for GNU Mailman Description : The Postorius Django app provides a web user interface to access GNU Mailman. -------------------------------------------------------------------------------- Update Information: Update to 1.3.13 (minor packaging changes); backport unreleased fix for cross- side scripting via unescaped HTML -------------------------------------------------------------------------------- ChangeLog: * Wed Jun 17 2026 Michel Lind - 1.3.13-1 - Backport unreleased fix for CVE-2026-44742 - With 1.3.13 we no longer need to exclude example_project * Tue Jun 16 2026 Python Maint - 1.3.12-8 - Rebuilt for Python 3.15 * Sat Jan 17 2026 Fedora Release Engineering - 1.3.12-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2476457 - CVE-2026-44742 python-postorius: Postorius: Cross-Site Scripting via unescaped HTML in message subject [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2476457 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-c2b475c5f1' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key.More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
update to 2026.4.1. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-111cf6d28f 2026-06-12 00:58:37.608012+00:00 -------------------------------------------------------------------------------- Name : vaultwarden-web Product : Fedora 44 Version : 2026.4.1 Release : 1.fc44 URL : https://github.com/dani-garcia/bw_web_builds Summary : Web vault for vaultwarden Description : Web vault for vaultwarden. -------------------------------------------------------------------------------- Update Information: update to 2026.4.1 -------------------------------------------------------------------------------- ChangeLog: * Wed Jun 3 2026 Jonathan Wright - 2026.4.1-1 - update to 2026.4.1 rhbz#2387335 - Fixes CVE-2026-27803 Unauthorized collection management operations due to improper access control - Fixes CVE-2026-27801 Two-factor authentication bypass allows unauthorized access and data deletion - Fixes CVE-2026-27802 Privilege Escalation via Unauthorized Bulk Permission Update - Fixes CVE-2026-27898 Information disclosure via API partial update -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-111cf6d28f' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Template-Toolkit could allow arbitrary HTML and JavaScript to be injected into generated output.. ========================================================================== Ubuntu Security Notice USN-8377-1 June 03, 2026 libtemplate-perl vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS - Ubuntu 25.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: Template-Toolkit could allow arbitrary HTML and JavaScript to be injected into generated output. Software Description: - libtemplate-perl: template processing system in Perl Details: It was discovered that Template-Toolkit did not properly escape single quotes in the html_filter function of Template::Plugin::HTML. An attacker could possibly use this issue to inject arbitrary HTML and JavaScript into generated output. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS libtemplate-perl 3.102-1ubuntu0.1 Ubuntu 25.10 libtemplate-perl 2.27-1ubuntu0.25.10.1 Ubuntu 24.04 LTS libtemplate-perl 2.27-1ubuntu0.24.04.1 Ubuntu 22.04 LTS libtemplate-perl 2.27-1ubuntu0.22.04.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8377-1 CVE-2026-5090 Package Information: https://launchpad.net/ubuntu/+source/libtemplate-perl/3.102-1ubuntu0.1 https://launchpad.net/ubuntu/+source/libtemplate-perl/2.27-1ubuntu0.25.10.1 https://launchpad.net/ubuntu/+source/libtemplate-perl/2.27-1ubuntu0.24.04.1 https://launchpad.net/ubuntu/+source/libtemplate-perl/2.27-1ubuntu0.22.04.1 . Template-Toolkit in Ubuntu can allow arbitrary HTML and JavaScript injection, potentially compromising system integrity.. Ubuntu libtemplate-perl security fixed issues. . Severity: Critical. LinuxSecurity.com Team
Update to 2.22.3 https://projects.ow2.org/view/lemonldap-ng/lemonldap-ng-2-22-3-is-out/. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-38914f4e04 2026-04-30 01:19:30.574299+00:00 -------------------------------------------------------------------------------- Name : lemonldap-ng Product : Fedora 43 Version : 2.22.3 Release : 1.fc43 URL : https://lemonldap-ng.org Summary : Web Single Sign On (SSO) and Access Management Description : LemonLdap::NG is a modular Web-SSO based on Apache::Session modules. It simplifies the build of a protected area with a few changes in the application. It manages both authentication and authorization and provides headers for accounting. So you can have a full AAA protection for your web space as described below. -------------------------------------------------------------------------------- Update Information: Update to 2.22.3 https://projects.ow2.org/view/lemonldap-ng/lemonldap-ng-2-22-3-is-out/ -------------------------------------------------------------------------------- ChangeLog: * Mon Apr 20 2026 Clement Oudot - 2.22.3-1 - Update to 2.22.3 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2459684 - lemonldap-ng-2.22.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=2459684 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-38914f4e04' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
An update that solves seven vulnerabilities can now be installed.. # Security update for nodejs20 Announcement ID: SUSE-SU-2026:1371-1 Release Date: 2026-04-15T14:46:55Z Rating: important References: * bsc#1256576 * bsc#1260455 * bsc#1260462 * bsc#1260463 * bsc#1260480 * bsc#1260482 * bsc#1260494 Cross-References: * CVE-2026-21637 * CVE-2026-21710 * CVE-2026-21713 * CVE-2026-21714 * CVE-2026-21715 * CVE-2026-21716 * CVE-2026-21717 CVSS scores: * CVE-2026-21637 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-21637 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-21637 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-21637 ( NVD ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-21710 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-21710 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-21710 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-21713 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2026-21713 ( SUSE ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-21713 ( NVD ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-21714 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-21714 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-21714 ( NVD ): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-21715 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-21715 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2026-21715 ( NVD ): 3.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2026-21716 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-21716 ( SUSE ): 4.4CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N * CVE-2026-21716 ( NVD ): 3.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2026-21717 ( SUSE ): 7.2 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-21717 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-21717 ( NVD ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves seven vulnerabilities can now be installed. ## Description: This update for nodejs20 fixes the following issues: Update to version 20.20.2. * CVE-2026-21717: trivially predictable hash collisions due to flaw in V8's string hashing mechanism allows for performance degradation via a crafted request (bsc#1260494). * CVE-2026-21716: incomplete fix for CVE-2024-36137 allows promise-based FileHandle methods to be used to modify file permissions and ownership on already-open file descriptors (bsc#1260462). * CVE-2026-21715: flaw in the Permission Model filesystem enforcement allows for file existence disclosure and filesystem path enumeration via `fs.realpathSync.native()` (bsc#1260482). * CVE-2026-21714: memory leak in Node.js HTTP/2 server allows for resource exhaustion via `WINDOW_UPDATE` frames sent on stream 0 (bsc#1260480). * CVE-2026-21713: timing side-channel due to flaw in Node.js HMAC verification allows for discovery of HMAC values and potential MAC forgery (bsc#1260463). * CVE-2026-21710: uncaught `TypeError` when handling HTTP requests allows for a process crash via requests with a header named `__proto__` when the application accesses `req.headersDistinct`(bsc#1260455). * CVE-2026-21637: flaw in TLS error handling allows for resource exhaustion and crash when `pskCallback` or `ALPNCallback` are in use (bsc#1256576). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2026-1371=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1371=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1371=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1371=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1371=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * nodejs20-debuginfo-20.20.2-150500.11.27.1 * nodejs20-devel-20.20.2-150500.11.27.1 * corepack20-20.20.2-150500.11.27.1 * nodejs20-20.20.2-150500.11.27.1 * nodejs20-debugsource-20.20.2-150500.11.27.1 * npm20-20.20.2-150500.11.27.1 * openSUSE Leap 15.5 (noarch) * nodejs20-docs-20.20.2-150500.11.27.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * nodejs20-debuginfo-20.20.2-150500.11.27.1 * nodejs20-devel-20.20.2-150500.11.27.1 * nodejs20-debugsource-20.20.2-150500.11.27.1 * npm20-20.20.2-150500.11.27.1 * nodejs20-20.20.2-150500.11.27.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch) * nodejs20-docs-20.20.2-150500.11.27.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * nodejs20-debuginfo-20.20.2-150500.11.27.1 * nodejs20-devel-20.20.2-150500.11.27.1 * nodejs20-debugsource-20.20.2-150500.11.27.1 *npm20-20.20.2-150500.11.27.1 * nodejs20-20.20.2-150500.11.27.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch) * nodejs20-docs-20.20.2-150500.11.27.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * nodejs20-debuginfo-20.20.2-150500.11.27.1 * nodejs20-devel-20.20.2-150500.11.27.1 * nodejs20-debugsource-20.20.2-150500.11.27.1 * npm20-20.20.2-150500.11.27.1 * nodejs20-20.20.2-150500.11.27.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (noarch) * nodejs20-docs-20.20.2-150500.11.27.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * nodejs20-debuginfo-20.20.2-150500.11.27.1 * nodejs20-devel-20.20.2-150500.11.27.1 * nodejs20-debugsource-20.20.2-150500.11.27.1 * npm20-20.20.2-150500.11.27.1 * nodejs20-20.20.2-150500.11.27.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch) * nodejs20-docs-20.20.2-150500.11.27.1 ## References: * https://www.suse.com/security/cve/CVE-2026-21637.html * https://www.suse.com/security/cve/CVE-2026-21710.html * https://www.suse.com/security/cve/CVE-2026-21713.html * https://www.suse.com/security/cve/CVE-2026-21714.html * https://www.suse.com/security/cve/CVE-2026-21715.html * https://www.suse.com/security/cve/CVE-2026-21716.html * https://www.suse.com/security/cve/CVE-2026-21717.html * https://bugzilla.suse.com/show_bug.cgi?id=1256576 * https://bugzilla.suse.com/show_bug.cgi?id=1260455 * https://bugzilla.suse.com/show_bug.cgi?id=1260462 * https://bugzilla.suse.com/show_bug.cgi?id=1260463 * https://bugzilla.suse.com/show_bug.cgi?id=1260480 * https://bugzilla.suse.com/show_bug.cgi?id=1260482 * https://bugzilla.suse.com/show_bug.cgi?id=1260494 . This update for SUSE nodejs20 addresses seven important issues to enhance security and performance. Install recommended patches.. Nodejs20, SUSE, security audit, system updates. . Severity: Important. LinuxSecurity.com Team
Moritz Woermann discovered that missing input sanitising in Shaarli, a personal bookmarking service, could result in cross-site scripting. For the oldstable distribution (bookworm), this problem has been fixed in version 0.12.1+dfsg-8+deb12u2. For the stable distribution (trixie), this problem has been fixed in. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6128-1
Get the latest Linux and open source security news straight to your inbox.