USN-7066-1: Thunderbird vulnerability
Damien Schaeffer discovered that Thunderbird did not properly manage certain memory operations when processing content in the Animation timelines. An attacker could potentially exploit this...
USN-7065-1: Firefox vulnerability
Damien Schaeffer discovered that Firefox did not properly manage memory in the content process when handling Animation timelines, leading to a use after free vulnerability....
DSA-5792-1 webkit2gtk – security update
The following vulnerabilities have been discovered in the WebKitGTK web engine: CVE-2024-40866 Hafiizh and YoKo Kho discovered that visiting a malicious website may lead to...
DSA-5791-1 python-reportlab – security update
Elyas Damej discovered that a sandbox mechanism in ReportLab, a Python library to create PDF documents, could be bypassed which may result in the execution...
DSA-5790-1 node-dompurify – security update
It was discovered that DOMPurify, a sanitizer for HTML, MathML and SVG was susceptible to nesting-based mXSS. https://security-tracker.debian.org/tracker/DSA-5790-1 Read More
Secure Custom Fields
On behalf of the WordPress security team, I am announcing that we are invoking point 18 of the plugin directory guidelines and are forking Advanced...
DSA-5789-1 thunderbird – security update
Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code. https://security-tracker.debian.org/tracker/DSA-5789-1 Read More
edk2-20240813-2.fc40
FEDORA-2024-45df72afc6 Packages in this update: edk2-20240813-2.fc40 Update description: Security fix for CVE-2023-6237 (openssl: Excessive time spent checking invalid RSA public keys) Read More
edk2-20240813-2.fc41
FEDORA-2024-9cc95d56ce Packages in this update: edk2-20240813-2.fc41 Update description: Security fix for CVE-2023-6237 (openssl: Excessive time spent checking invalid RSA public keys) Read More
USN-7063-1: Ubuntu Advantage Desktop Daemon vulnerability
Marco Trevisan discovered that the Ubuntu Advantage Desktop Daemon leaked the Pro token to unprivileged users by passing the token as an argument in plaintext....