Debian LTS: DLA-3291-1: node-object-path security update
It was discovered that node-object-path, a Node.js module to access deep object properties using dot-separated paths, was vulnerable to prototype pollution.
Debian LTS: DLA-3289-1: dojo security update
Two vulnerabilities were found in dojo, a modular JavaScript toolkit, that could result in information disclosure. CVE-2020-4051
Debian LTS: DLA-3290-1: libzen security update
Crafted arguments to a function could lead to an unchecked return value and a null pointer dereference.
Debian LTS: DLA-3288-1: curl security update
Several vulnerabilities were discovered in Curl, an easy-to-use client-side URL transfer library, which could result in denial of service or information disclosure.
Debian LTS: DLA-3287-1: lemonldap-ng security update
Two vulnerabilities were found in lemonldap-ng, an OpenID-Connect, CAS and SAML compatible Web-SSO system, that could result in information disclosure or impersonation.
Debian LTS: DLA-3286-1: tor security update
A logic error was discovered in the implementation of the "SafeSocks" option of Tor, a connection-based low-latency anonymous communication system, which did result in allowing unsafe SOCKS4 traffic to pass.
Debian LTS: DLA-3285-1: libapache-session-browseable-perl security
In Apache::Session::Browseable before 1.3.6, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used.
Debian LTS: DLA-3284-1: libapache-session-ldap-perl security update
In Apache::Session::LDAP before 0.5, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used.
Debian LTS: DLA-3283-1: modsecurity-apache security update
Multiple issues were found in modsecurity-apache, open source, cross platform web application firewall (WAF) engine for Apache which allows remote attackers to bypass the applications firewall and other unspecified impact.
