[DLA 3685-1] debian-security-support security update
[DSA 5576-1] xorg-server security update
[DLA 3685-1] debian-security-support security update
-------------------------------------------------------------------------
Debian LTS Advisory DLA-3685-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Holger Levsen
December 13, 2023 https://wiki.debian.org/LTS
-------------------------------------------------------------------------
Package : debian-security-support
Version : 1:10+2023.13.12
Debian Bug : #982258, #1056606, #1053109.
debian-security-support, the Debian security support coverage checker, has been
updated in buster-security to mark the end of life of the following packages:
* gnupg1: see #982258.
* pluxml: removed from Debian. No upstream response to CVE.
* tor: see https://lists.debian.org/debian-lts/2023/11/msg00019.html
and #1056606.
Additionally these packages are now marked with limited support:
* samba support limited to non-AD DC uses cases: see #1053109 and
https://lists.debian.org/debian-security-announce/2021/msg00201.html
* webkit2gtk: see commit/0980414e8fc86d705ff9a7656c637af7b1170c6f
For Debian 10 buster, this has been documented in version 1:10+2023.13.12.
We recommend that you upgrade your debian-security-support packages.
For the detailed security status of debian-security-support please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/debian-security-support
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
[DSA 5576-1] xorg-server security update
- -------------------------------------------------------------------------
Debian Security Advisory DSA-5576-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
December 13, 2023 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : xorg-server
CVE ID : CVE-2023-6377 CVE-2023-6478
Jan-Niklas Sohn discovered several vulnerabilities in the Xorg X server,
which may result in privilege escalation if the X server is running
privileged.
For the oldstable distribution (bullseye), these problems have been fixed
in version 2:1.20.11-1+deb11u9.
For the stable distribution (bookworm), these problems have been fixed in
version 2:21.1.7-3+deb12u3.
We recommend that you upgrade your xorg-server packages.
For the detailed security status of xorg-server please refer to its
security tracker page at:
https://security-tracker.debian.org/tracker/xorg-server
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/