Debian GNU/Linux has received two security updates: [DLA 3995-1] libpgjava security update for Debian 11 (Bullseye) LTS and [DSA 5832-1] gstreamer1.0 security update for Debian 12 (Bookworm).

[DLA 3995-1] libpgjava security update
[DSA 5832-1] gstreamer1.0 security update

[SECURITY] [DLA 3995-1] libpgjava security update

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3995-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Adrian Bunk
December 16, 2024 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package : libpgjava
Version : 42.2.15-1+deb11u2
CVE ID : CVE-2022-31197 CVE-2022-41946 CVE-2024-1597
Debian Bug : 1016662

Multiple vulnerabilities have been fixed in the PostgreSQL JDBC Driver.

CVE-2022-31197

SQL Injection in ResultSet.refreshRow()

CVE-2022-41946

temporary files can be read by other users

CVE-2024-1597

SQL Injection via line comment generation

For Debian 11 bullseye, these problems have been fixed in version
42.2.15-1+deb11u2.

We recommend that you upgrade your libpgjava packages.

For the detailed security status of libpgjava please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libpgjava

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

[SECURITY] [DSA 5832-1] gstreamer1.0 security update

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5832-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
December 16, 2024 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : gstreamer1.0
CVE ID : CVE-2024-47606

Antonio Morales reported an integer overflow vulnerability in the memory
allocator in the Core GStreamer libraries, which may result in denial of
service or potentially the execution of arbitrary code if a malformed
media file is processed.

For the stable distribution (bookworm), this problem has been fixed in
version 1.22.0-2+deb12u1.

We recommend that you upgrade your gstreamer1.0 packages.

For the detailed security status of gstreamer1.0 please refer to its
security tracker page at:
https://security-tracker.debian.org/tracker/gstreamer1.0

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/