Debian: DSA-4913-1: hivex security update
Jemery Galindo discovered an out-of-bounds memory access in Hivex, a library to parse Windows Registry hive files. For the stable distribution (buster), this problem has been fixed in
Debian: DSA-4912-1: exim4 security update
The Qualys Research Labs reported several vulnerabilities in Exim, a mail transport agent, which could result in local privilege escalation and remote code execution.
Debian: DSA-4911-1: chromium security update
Several vulnerabilities have been discovered in the chromium web browser. CVE-2021-21227
Debian: DSA-4910-1: libimage-exiftool-perl security update
A vulnerability was discovered in libimage-exiftool-perl, a library and program to read and write meta information in multimedia files, which may result in execution of arbitrary code if a malformed DjVu file is processed.
Debian: DSA-4909-1: bind9 security update
Several vulnerabilities were discovered in BIND, a DNS server implementation. CVE-2021-25214
Debian: DSA-4908-1: libhibernate3-java security update
It was discovered that libhibernate3-java, a powerful, high performance object/relational persistence and query service, is prone to an SQL injection vulnerability allowing an attacker to access unauthorized information or possibly conduct further attacks.
Debian: DSA-4907-1: composer security update
It was discovered that composer, a dependency manager for PHP, did not properly sanitize Mercurial URLs, which could lead to arbitrary code execution.
Debian: DSA-4906-1: chromium security update
Several vulnerabilities have been discovered in the chromium web browser. CVE-2021-21201
Debian: DSA-4905-1: shibboleth-sp security update
It was discovered that the Shibboleth Service Provider is prone to a NULL pointer dereference flaw in the cookie-based session recovery feature. A remote, unauthenticated attacker can take advantage of this flaw to cause a denial of service (crash in the shibd daemon/service).
