Debian Linux Security Advisory 5414-1 - Jose Gomez discovered that the Catalog API endpoint in the Docker registry implementation did not sufficiently enforce limits, which could result in denial of service.
9c8e08284137c6665e70202298f98f7ebf0978306e6991e1a98ae9ff2ff01552
Debian Linux Security Advisory 2484-1 - Sebastian Pohle discovered that upsd, the server of Network UPS Tools (NUT) is vulnerable to a remote denial of service attack.
a8c18bcd6cdb3120bb6a2c46ff0b56eebbc9ed923c3823a6005c5873e2a7cbaf
Debian Linux Security Advisory 2483-1 - An authentication bypass issue was discovered by the Codenomicon CROSS project in strongSwan, an IPsec-based VPN solution. When using RSA-based setups, a missing check in the gmp plugin could allow an attacker presenting a forged signature to successfully authenticate against a strongSwan responder.
7609f91a664792688a1457f9e5c23da2922dfbaaf34996f4ab7c713b94406d26
Debian Linux Security Advisory 2480-2 - It was discovered that the recent request-tracker3.8 update, DSA-2480-1, introduced a regression which caused outgoing mail to fail when running under mod_perl.
e07b2f00d518d311c1eeb0eea530260835e3164ea995c4f29764a08ebe15c712
Debian Linux Security Advisory 2480-1 - Several vulnerabilities were discovered in Request Tracker, an issue tracking system.
4d0921714e92a3caf9ffbb786ca18511edabedc064e7f7072f96aa34077367e0
Debian Linux Security Advisory 2479-1 - Jueri Aedla discovered an off-by-one in libxml2, which could result in the execution of arbitrary code.
5e62d60e907638254c3219bad9aae0a157a50cc91b3cbaa54606ea417f886ce3
Debian Linux Security Advisory 2478-1 - It was discovered that sudo misparsed network masks used in Host and Host_List stanzas. This allowed the execution of commands on hosts, where the user would not be allowed to run the specified command.
fa49469a07a4c2e333f036a694c17b0a83d1f089b43d38e1c25cb2dfb19e3c66
Debian Linux Security Advisory 2476-1 - intrigeri discovered a format string error in pidgin-otr, an off-the-record messaging plugin for Pidgin.
e57ae6aa0760a5f43cc903ff3100cee9013a4fa2821d2834ae9efeb3bd7cf380
Debian Linux Security Advisory 2477-1 - Several vulnerabilities have been discovered in Sympa, a mailing list manager, that allow to skip the scenario-based authorization mechanisms. This vulnerability allows to display the archives management page, and download and delete the list archives by unauthorized users.
37cb6256cfe6274a5cb1a1b9b1e0069e644afac7767a82dbb30bc47bf7edabab
Debian Linux Security Advisory 2475-1 - It was discovered that openssl did not correctly handle explicit Initialization Vectors for CBC encryption modes, as used in TLS 1.1, 1.2, and DTLS. An incorrect calculation would lead to an integer underflow and incorrect memory access, causing denial of service (application crash.)
66c8c21a9d5a67bd12535ff58d7285885abd5e746fc2188a45920751e9870d71
Debian Linux Security Advisory 2474-1 - Benencia discovered that ikiwiki, a wiki compiler, does not properly escape the author (and its URL) of certain metadata, such as comments. This might be used to conduct cross-site scripting attacks.
a77c6364ff42f6e4ec36b1b89e3dd029f590700100d32902704980fbb69b522d
Debian Linux Security Advisory 2473-1 - Tielei Wang discovered that OpenOffice.org does not allocate a large enough memory region when processing a specially crafted JPEG object, leading to a heap-based buffer overflow and potentially arbitrary code execution.
68e370faf2beb6cdbf84c61722cf35114006eff0082075706e518107a0b26ec1
Debian Linux Security Advisory 2472-1 - Dave Love discovered that users who are allowed to submit jobs to a Grid Engine installation can escalate their privileges to root because the environment is not properly sanitized before creating processes.
fb5e1c809897c9f19723eac2b149d18e7bbd0d84cf8545cb5f93e9b78c5c44fb
Debian Linux Security Advisory 2457-2 - The updates DSA-2457 and DSA-2458 for Iceweasel and Icedove introduced a regression, which could lead to crashes when interpreting some Javascript statements.
28db1b69a2c5d62243306c2364dcc29f83636de6719b9ff7c57c5aa770957268
Debian Linux Security Advisory 2471-1 - Several vulnerabilities have been discovered in FFmpeg, a multimedia player, server and encoder. Multiple input validations in the decoders/ demuxers for Westwood Studios VQA, Apple MJPEG-B, Theora, Matroska, Vorbis, Sony ATRAC3, DV, NSV, files could lead to the execution of arbitrary code.
a752e73c0cc9d4582a8cb0c918c857c8195a4a7f08461bb000946a973352da1f
Debian Linux Security Advisory 2670-1 - Several vulnerabilities were identified in Wordpress, a web blogging tool. As the CVEs were allocated from release announcements and specific fixes are usually not identified, it has been decided to upgrade the Wordpress package to the latest upstream version instead of backporting the patches.
0653a473faa390234b73508340d08c8214f4c4547676ce3bc7b489056f6b8a4d
Debian Linux Security Advisory 2469-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation.
a3855fca7a7b37d79b7f6bcc79e55a1eb3f3c10c58793ebd4569091d400c8937
Debian Linux Security Advisory 2468-1 - It was discovered that Apache POI, a Java implementation of the Microsoft Office file formats, would allocate arbitrary amounts of memory when processing crafted documents. This could impact the stability of the Java virtual machine.
920a70bfc04b0acc0425ec067ac9afcca3536a5264b0f2d72e8aaeffc68e9fde
Debian Linux Security Advisory 2422-2 - A regression was discovered in the security update for file, which lead to false positives on the CDF format. This update fixes that regression.
da5587655e5758f4b0e013bb717efdacb652bee005900188f3319cb5f1be004b
Debian Linux Security Advisory 2467-1 - It was discovered that Mahara, the portfolio, weblog, and resume builder, had an insecure default with regards to SAML-based authentication used with more than one SAML identity provider. Someone with control over one IdP could impersonate users from other IdP's.
5dee642e0bd8295239c7653b2351ced32900bd0db2c2ba222a7b00678aca31fd
Debian Linux Security Advisory 2466-1 - Sergey Nartimov discovered that in Rails, a Ruby based framework for web development, when developers generate html options tags manually, user input concatenated with manually built tags may not be escaped and an attacker can inject arbitrary HTML into the document.
45fc779659d12b3f4006e50d93f3790391de6edf2d1948ba64eb85d6500c30e4
Debian Linux Security Advisory 2465-1 - De Eindbazen discovered that PHP, when run with mod_cgi, will interpret a query string as command line parameters, allowing to execute arbitrary code.
132dc392faa1d0ed24275c516bc3f43d8f2d89f20f9fd699ba65d12b22ac8edd
Debian Linux Security Advisory 2464-2 - The latest security update, DSA-2464-1, for Icedove, Debian's version removal of UTF-7 support resulted in incorrect display of IMAP folder names.
6428e14a34c1a90ad19d320cf656e9c43d169f7e94cff32e164d6036e9c100b4
Debian Linux Security Advisory 2459-2 - The recent quagga update, DSA-2459-1, introduced a memory leak in the bgpd process in some configurations.
b954ad008ccfa5e3a0dbee09eaa7d47d98f98c3c657670892ac259c2d0552c0d
Debian Linux Security Advisory 2464-1 - Several vulnerabilities have been discovered in Icedove, an unbranded version of the Thunderbird mail/news client.
de1b1c55cd9c3d5c90de543ad9cd2940ad37ba970418465acaa631fec87fd43a
Debian Linux Security Advisory 2462-2 - Several integer overflows and missing input validations were discovered in the ImageMagick image manipulation suite, resulting in the execution of arbitrary code or denial of service. The initial update introduced a regression, which could lead to errors when processing some JPEG files.
28fcbb1e90ae72c09e69a3ee5e5b21c7f4e25a9ac41f8c2362ab810ece6c687c