apticron report [Tue, 24 Dec 2019 12:49:09 +0100] ======================================================================== apticron has detected that some packages need upgrading on: nonagon.federez.net [ 185.230.78.42 2a0c:700:0:23:67:e5ff:fee9:3 ] The following packages are currently pending an upgrade: git 1:2.20.1-2+deb10u1 git-man 1:2.20.1-2+deb10u1 libruby2.5 2.5.5-3+deb10u1 libsasl2-2 2.1.27+dfsg-1+deb10u1 libsasl2-modules 2.1.27+dfsg-1+deb10u1 libsasl2-modules-db 2.1.27+dfsg-1+deb10u1 ruby2.5 2.5.5-3+deb10u1 ======================================================================== Package Details: apt-listchanges : Lecture des fichiers de modifications (« changelog »)... apt-listchanges : journaux des modifications (« changelogs ») ------------------------------------------------------------- --- Modifications pour cyrus-sasl2 (libsasl2-2 libsasl2-modules libsasl2-modules-db) --- cyrus-sasl2 (2.1.27+dfsg-1+deb10u1) buster-security; urgency=high * Non-maintainer upload by the Security Team. * Off-by-one in _sasl_add_string function (CVE-2019-19906) (Closes: #947043) -- Salvatore Bonaccorso <carnil(a)debian.org> Thu, 19 Dec 2019 22:59:30 +0100 --- Modifications pour git (git git-man) --- git (1:2.20.1-2+deb10u1) buster-security; urgency=high * new upstream point release (see RelNotes/2.20.2.txt). * Addresses the security issues CVE-2019-1348, CVE-2019-1349, CVE-2019-1350, CVE-2019-1351, CVE-2019-1352, CVE-2019-1353, CVE-2019-1354, and CVE-2019-1387. Credit for finding these vulnerabilities goes to Microsoft Security Response Center, in particular to Nicolas Joly. Fixes were provided by Jeff King and Johannes Schindelin with help from Garima Singh. * Addresses CVE-2019-19604, arbitrary code execution via the "update" field in .gitmodules. Credit for finding this vulnerability goes to Joern Schneeweisz from GitLab. -- Jonathan Nieder <jrnieder(a)gmail.com> Sun, 08 Dec 2019 22:56:16 -0800 --- Modifications pour ruby2.5 (libruby2.5 ruby2.5) --- ruby2.5 (2.5.5-3+deb10u1) buster-security; urgency=high * Non-maintainer upload by the Security Team. * Fix for wrong fnmatch patttern (CVE-2019-15845) * Loop with String#scan without creating substrings (CVE-2019-16201) * WEBrick: prevent response splitting and header injection (CVE-2019-16254) * lib/shell/command-processor.rb (Shell#[]): prevent unknown command (CVE-2019-16255) -- Salvatore Bonaccorso <carnil(a)debian.org> Sun, 15 Dec 2019 13:58:03 +0100 ======================================================================== You can perform the upgrade by issuing the command: apt-get dist-upgrade as root on nonagon.federez.net -- apticron