Debian LTS: DLA-2657-1: lz4 security update
It was discovered that there was a potential memory corruption vulnerability in the lz4 compression algorithm library. For Debian 9 "Stretch", this problem has been fixed in version
Debian LTS: DLA-2656-1: hivex security update
Jemery Galindo discovered an out-of-bounds memory access in Hivex, a library to parse Windows Registry hive files. For Debian 9 stretch, this problem has been fixed in version
Debian LTS: DLA-2655-1: rails security update
CVE-2021-22885 There is a possible information disclosure/unintended method execution vulnerability in Action Pack when using the
Debian LTS: DLA-2654-1: composer security update
It was discovered that composer, a dependency manager for PHP, did not properly sanitize Mercurial URLs, which could lead to arbitrary code execution.
Debian LTS: DLA-2653-1: libxml2 security update
Several vulnerabilities were discovered in libxml2, a library providing support to read, modify and write XML and HTML files, which could cause denial of service via application crash when parsing specially crafted files.
Debian LTS: DLA-2648-2: mediawiki regression update
The patch from latest upstream release to address CVE-2021-30152 was not portable to stretch-security version causing MediaWiki APIs to fail. This update includes a patch from upstream REL_31 release which fix the issue.
Debian LTS: DLA-2652-1: unbound1.9 security update
Several security vulnerabilities have been discovered in Unbound, a validating, recursive, caching DNS resolver, by security researchers of X41 D-SEC located in Aachen, Germany. Integer overflows, assertion failures, an out-of-bound write and an infinite loop vulnerability may lead to a denial-of-service or
Debian LTS: DLA-2651-1: python-django security update
It was discovered that there was potential directory-traversal vulnerability in Django, a popular Python-based web development framework.
Debian LTS: DLA-2648-1: mediawiki security update
Several vulnerabilities were discovered in mediawiki, a wiki website engine for collaborative work. CVE-2021-20270
