Marcus Brinkmann discovered that GnuPG performed insufficientsanitisation of file names displayed in status messages, which could beabused to fake the verification status of a signed email.
More info:
https://www.debian.org/security/2018/dsa-4223
Marcus Brinkmann discovered that GnuPG performed insufficientsanitisation of file names displayed in status messages, which could beabused to fake the verification status of a signed email.
More info:
https://www.debian.org/security/2018/dsa-4224
Alexander Peslyak discovered that insufficient input sanitising of RFBpackets in LibVNCServer could result in the disclosure of memorycontents.
More info:
https://www.debian.org/security/2018/dsa-4221
Several vulnerabilities were discovered in jruby, a Javaimplementation of the Ruby programming language. They would allow anattacker to use specially crafted gem files to mount cross-sitescripting attacks, cause denial of service through an infinite loop,write arbitrary files, or run malicious code.
More info:
https://www.debian.org/security/2018/dsa-4219
Marcus Brinkmann discovered that GnuPG performed insufficientsanitisation of file names displayed in status messages, which could beabused to fake the verification status of a signed email.
More info:
https://www.debian.org/security/2018/dsa-4222
