Linux disk/nic frontends data leaks [XSA-403, CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742] (#2104747) —- update to xen-4.15.3 x86: MMIO Stale Data vulnerabilities (not applied in 4.15.2-5) —- x86: MMIO Stale Data vulnerabilities [XSA-404, CVE-2022-21123, CVE-2022-21125, CVE-2022-21166] —- x86 pv: Race condition in typeref acquisition [XSA-401, CVE-2022-26362] x86 pv:
Archive for July 22nd, 2022
**Changelog** “` * Thu Jul 07 2022 Clemens Lang
Security fix for CVE-2022-31116 and CVE-2022-31117. ## 5.4.0 **Added** – Add support for arbitrary size integers **Fixed** – CVE-2022-31116: Replace `wchar_t` string decoding implementation with a `uint32_t`-based one; fix handling of surrogates on decoding – CVE-2022-31117: Potential double free of buffer during string decoding – Fix memory leak on encoding errors when the
Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in the execution of arbitrary Java bytecode or the bypass of the Java sandbox.
Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
Two cross-site scripting vulnerabilities were discovered in the Django Rest Framework, a toolkit to build web APIs. For the oldstable distribution (buster), this problem has been fixed
auto bump to v1.2.6
Fix for CVE-2022-34903 (#2103242)