[DSA 5866-1] chromium security update
ELA-1323-1 pypy security update
ELA-1322-1 pypy security update
[SECURITY] [DSA 5866-1] chromium security update
- -------------------------------------------------------------------------
Debian Security Advisory DSA-5866-1 security@debian.org
https://www.debian.org/security/ Andres Salomon
February 14, 2025 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : chromium
CVE ID : CVE-2025-0995 CVE-2025-0996 CVE-2025-0997 CVE-2025-0998
Security issues were discovered in Chromium which could result
in the execution of arbitrary code, denial of service, or information
disclosure.
For the stable distribution (bookworm), these problems have been fixed in
version 133.0.6943.98-1~deb12u1.
We recommend that you upgrade your chromium packages.
For the detailed security status of chromium please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/chromium
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
ELA-1323-1 pypy security update
Package : pypy
Version : 7.0.0+dfsg-3+deb10u1 (buster)
Related CVEs :
CVE-2014-7185
CVE-2015-20107
CVE-2018-1060
CVE-2018-1061
CVE-2018-20852
CVE-2019-9636
CVE-2019-9948
CVE-2019-16056
CVE-2019-16935
CVE-2019-20907
CVE-2020-8492
CVE-2020-26116
CVE-2020-29651
CVE-2021-3733
CVE-2021-3737
CVE-2021-4189
CVE-2022-45061
CVE-2022-48565
CVE-2022-48566
CVE-2023-40217
CVE-2024-0450
Multiple vulnerabilities were discovered in PyPy, a fast, compliant
alternative implementation of the Python language.
All fixed vulnerabilities come from embedded code copies.
For vulnerabilities from the python2.7 standard library, please refer
to:
DSA-4306-1
DLA-2337-1
DLA-2628-1
DLA-2919-1
ELA-853-1
ELA-950-1
ELA-1065-1
One vulnerability comes from internal python2.7 C code copy, Pypy is
only affected when making use of the compatibility layer for Python C
extension (cpyext):
CVE-2014-7185
Integer overflow in bufferobject.c in Python before 2.7.8 allows
context-dependent attackers to obtain sensitive information from
process memory via a large size and offset in a “buffer” function.
The remaining minor vulnerability comes from a python-pi embedded
copy. We believe it is not exploitable, as the bundled py module is
only used during package build, but it is included for consistency
with pypy3 DLA-3966-1:
CVE-2020-29651
A denial of service via regular expression in the py.path.svnwc
component of py (aka python-py) could be used by attackers to cause
a compute-time denial of service attack by supplying malicious input
to the blame functionality.
ELA-1323-1 pypy security update
ELA-1322-1 pypy security update
Package : pypy
Version : 5.6.0+dfsg-4+deb9u1 (stretch)
Related CVEs :
CVE-2014-7185
CVE-2015-20107
CVE-2018-1060
CVE-2018-1061
CVE-2018-20852
CVE-2018-1000802
CVE-2019-9636
CVE-2019-9948
CVE-2019-16056
CVE-2019-16935
CVE-2019-20907
CVE-2020-8492
CVE-2020-26116
CVE-2020-29651
CVE-2021-3733
CVE-2021-3737
CVE-2021-4189
CVE-2022-45061
CVE-2022-48565
CVE-2022-48566
CVE-2023-40217
CVE-2024-0450
Multiple vulnerabilities were discovered in PyPy, a fast, compliant
alternative implementation of the Python language.
All fixed vulnerabilities come from embedded code copies.
For vulnerabilities from the python2.7 standard library, please refer
to:
DSA-4306-1
DLA-2337-1
DLA-2628-1
DLA-2919-1
ELA-853-1
ELA-950-1
ELA-1065-1
One vulnerability comes from internal python2.7 C code copy, Pypy is
only affected when making use of the compatibility layer for Python C
extension (cpyext):
CVE-2014-7185
Integer overflow in bufferobject.c in Python before 2.7.8 allows
context-dependent attackers to obtain sensitive information from
process memory via a large size and offset in a “buffer” function.
The remaining minor vulnerability comes from a python-pi embedded
copy. We believe it is not exploitable, as the bundled py module is
only used during package build, but it is included for consistency
with pypy3 DLA-3966-1:
CVE-2020-29651
A denial of service via regular expression in the py.path.svnwc
component of py (aka python-py) could be used by attackers to cause
a compute-time denial of service attack by supplying malicious input
to the blame functionality.
ELA-1322-1 pypy security update
