Elyas Damej discovered that a sandbox mechanism in ReportLab, a Python
library to create PDF documents, could be bypassed which may result in
the execution of arbitrary code when converting malformed HTML to a PDF
document.
https://security-tracker.debian.org/tracker/DSA-5791-1
More Stories
DSA-5790-1 node-dompurify – security update
It was discovered that DOMPurify, a sanitizer for HTML, MathML and SVG was susceptible to nesting-based mXSS. https://security-tracker.debian.org/tracker/DSA-5790-1 Read More
Secure Custom Fields
On behalf of the WordPress security team, I am announcing that we are invoking point 18 of the plugin directory...
DSA-5789-1 thunderbird – security update
Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code. https://security-tracker.debian.org/tracker/DSA-5789-1 Read More
edk2-20240813-2.fc40
FEDORA-2024-45df72afc6 Packages in this update: edk2-20240813-2.fc40 Update description: Security fix for CVE-2023-6237 (openssl: Excessive time spent checking invalid RSA public...
edk2-20240813-2.fc41
FEDORA-2024-9cc95d56ce Packages in this update: edk2-20240813-2.fc41 Update description: Security fix for CVE-2023-6237 (openssl: Excessive time spent checking invalid RSA public...
USN-7063-1: Ubuntu Advantage Desktop Daemon vulnerability
Marco Trevisan discovered that the Ubuntu Advantage Desktop Daemon leaked the Pro token to unprivileged users by passing the token...