It was discovered that Panorama Tools, a toolkit to generate, edit and transform many kinds of panoramic images, contained an out-of-bounds read vulnerability which could lead to a denial of service (application crash) when a malformed image file is processed.
The security update announced as DLA 2955-1 caused a regression in named due to an incomplete fix for CVE-2021-25220 when the Forwarders option was configured. Updated bind9 packages are now available to correct this issue.
It was found that bind9, an internet domain name server, was vulnerable to cache poisoning. When using forwarders, bogus NS records supplied by, or via, those forwarders may be cached and used by named if it needs to recurse for any reason, causing it to obtain and pass on potentially incorrect answers.
Tavis Ormandy discovered that the BN_mod_sqrt() function of OpenSSL could be tricked into an infinite loop. This could result in denial of service via malformed certificates.
Tavis Ormandy discovered that the BN_mod_sqrt() function of OpenSSL could be tricked into an infinite loop. This could result in denial of service via malformed certificates.
In append_to_verify_fifo_interleaved_ of stream_encoder.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed.
It was found that Scrapy, a framework for extracting data from websites, could send HTTP Authorization as well as cookies to other domains in case of redirections, possibly leaking user credentials.
It was discovered that SPIP, a website engine for publishing, would allow a malicious user to execute arbitrary code. For Debian 9 stretch, these problems have been fixed in version
debian-archive-keyring is a package containing GnuPG archive keys of the Debian archive. New GPG-keys are being constantly added with every new Debian release.
Multiple security vulnerabilities have been discovered in vim, an enhanced vi editor. Buffer overflows, out-of-bounds reads and Null pointer dereferences may lead to a denial of service (application crash) or other unspecified impact.
Jeremy Mousset discovered two XML parsing vulnerabilities in the Tryton application platform, which may result in information disclosure or denial of service.
Jeremy Mousset discovered two XML parsing vulnerabilities in the Tryton application platform, which may result in information disclosure or denial of service.
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, information disclosure, spoofing or sandbox bypass.
Two security issues were discovered in Thunderbird, which could result in the execution of arbitrary code. For Debian 9 stretch, these problems have been fixed in version
Several vulnerabilities have been discovered in Expat, an XML parsing C library, which could result in denial of service or potentially the execution of arbitrary code, if a malformed XML file is processed.
A command injection vulnerability was found in FreeCAD, a parametric 3D modeler, when importing DWF files with crafted filenames. For Debian 9 stretch, this problem has been fixed in version
