Debian Linux Security Advisory 4469-1 - Two vulnerabilities were discovered in Libvirt, a virtualisation abstraction library, allowing an API client with read-only permissions to execute arbitrary commands via the virConnectGetDomainCapabilities API, or read or execute arbitrary files via the virDomainSaveImageGetXMLDesc API.
f317c18ff7cf94b2090ee036440e15b8ca405088d3e480e1e607c181d98807a0
Debian Linux Security Advisory 4468-1 - A path traversal vulnerability due to an unsanitized POST parameter was discovered in php-horde-form, a package providing form rendering, validation, and other functionality for the Horde Application Framework. An attacker can take advantage of this flaw for remote code execution.
0bc3d0e5e086d57acdd3bcc99ace1c5c1b9bfdf676e0a52c87360b551e12969b