Ike.ninja

Xu Biang discovered a buffer overflow bug in the eap-mschapv2 plugin of strongSwan, an IKE/IPsec suite. The eap-mschapv2 plugin doesn’t correctly check the length of an EAP-MSCHAPv2 Failure Request packet on the client, which can cause an integer underflow that leads to a crash, and a heap-based buffer

Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in incorrect string equality checks, XML XXE/XEE attacks or incorrect certificate validation. For the stable distribution (trixie), these problems have been fixed in version 25.0.1+8-1~deb13u1.

Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in incorrect string equality checks, XML XXE/XEE attacks or incorrect certificate validation. For the stable distribution (trixie), these problems have been fixed in version 21.0.9+10-1~deb13u1.

Several vulnerabilities were discovered in BIND, a DNS server implementation, which may result in cache poisoning or denial of service. For the oldstable distribution (bookworm), these problems have been fixed in version 1:9.18.41-1~deb12u1. For the stable distribution (trixie), these problems have been fixed in

Brandon Da Costa and Mahdi Asfhar discovered a cross-site scripting vulnerability in the web client of the Tryton application platform. For the oldstable distribution (bookworm), this problem has been fixed in version 6.0.28+ds1-2+deb12u1. For the stable distribution (trixie), this problem has been fixed in

It was discovered that Request Tracker, an extensible trouble-ticket tracking system is prone to a CSV injection via ticket values with special characters that are exported to a TSV from search results. For the oldstable distribution (bookworm), this problem has been fixed in version 4.4.6+dfsg-1.1+deb12u3.

Several vulnerabilities were discovered in GIMP, the GNU Image Manipulation Program, which could result in denial of service or potentially the execution of arbitrary code if malformed Farbfeld, Wireless Bitmap, DICOM or Apple Icon images are opened.

Firefox 140.3.1 has been released, which fixes connection errors with some sites; if HTTP/3 connections failed, the fallback is now handled more gracefully.

Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code. Debian follows the Thunderbird upstream releases. Support for the

The update for libxslt announced in DSA 5979-1 introduced a regression while back porting the upstream deterministic generate-id implementation, which makes the generated IDs may remain in a non-deterministic order.

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

This update for Jetty, a Java servlet engine and web server, addresses a protocol-level vulnerability in HTTP/2 support also referred to as “MadeYouReset”.

Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. Google is aware that an exploit for CVE-2025-10585 exists in the wild.

It was discovered that Node sha.js, an implementation of the SHA family hash functions in pure JavaScript, performed incomplete type checks. For the oldstable distribution (bookworm), this problem has been fixed

Michael Hudak discovered a flaw in libcpanel-json-xs-perl, a module for fast and correct serialising to JSON. An integer buffer overflow causing a segfault when parsing specially crafted JSON, may allow an attacker to mount a denial-of-service attack or cause other unspecified impact.