Debian 12 Bookworm

Debian 12 — agg — vulnerability — patch and remediation guide — diagnosis and fix on Debian 12

Debian 12 — agg — vulnerability — patch and remediation guide

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: Debian 12 (bookworm) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2019-6245 Upstream summary: An issue was discovered in Anti-Grain Geometry (AGG) 2.4 as used in SVG++ (aka svgpp) 1.2.3. In the function agg::cell_aa::not_equal, dx is assigned to (x2 […]

Read more
Debian 12 — mailutils — multiple vulnerabilities (8 CVEs) — patch and remediation guide — diagnosis and fix on Debian 12

Debian 12 — mailutils — multiple vulnerabilities (8 CVEs) — patch and remediation guide

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Debian 12 (bookworm) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2004-0984 CVE-2005-1520 CVE-2005-1521 CVE-2005-1522 CVE-2005-1523 CVE-2005-1824 CVE-2005-2878 CVE-2019-18862 Upstream summary: Unknown vulnerability in the dotlock implementation in mailutils before 1:0.5-4 on Debian GNU/Linux allows attackers to gain privileges. […]

Read more
Debian 12 — bzip2 — multiple vulnerabilities (8 CVEs) — patch and remediation guide — diagnosis and fix on Debian 12

Debian 12 — bzip2 — multiple vulnerabilities (8 CVEs) — patch and remediation guide

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Debian 12 (bookworm) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2005-0758 CVE-2005-0953 CVE-2005-1260 CVE-2008-1372 CVE-2010-0405 CVE-2011-4089 CVE-2016-3189 CVE-2019-12900 Upstream summary: zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands […]

Read more
Debian 12 — apr — multiple vulnerabilities (8 CVEs) — patch and remediation guide — diagnosis and fix on Debian 12

Debian 12 — apr — multiple vulnerabilities (8 CVEs) — patch and remediation guide

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Debian 12 (bookworm) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2009-2412 CVE-2011-0419 CVE-2011-1928 CVE-2012-0840 CVE-2017-12613 CVE-2021-35940 CVE-2022-24963 CVE-2023-49582 Upstream summary: Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) […]

Read more
Debian 12 — miniupnpd — multiple vulnerabilities (8 CVEs) — patch and remediation guide — diagnosis and fix on Debian 12

Debian 12 — miniupnpd — multiple vulnerabilities (8 CVEs) — patch and remediation guide

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Debian 12 (bookworm) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2013-2600 CVE-2017-1000494 CVE-2019-12107 CVE-2019-12108 CVE-2019-12109 CVE-2019-12110 CVE-2019-12111 CVE-2026-5720 Upstream summary: MiniUPnPd has information disclosure use of snprintf() Table of contents Symptom & Impact Environment & Reproduction Root Cause […]

Read more
Debian 12 — binutils-mingw-w64 — multiple vulnerabilities (8 CVEs) — patch and remediation guide — diagnosis and fix on Debian 12

Debian 12 — binutils-mingw-w64 — multiple vulnerabilities (8 CVEs) — patch and remediation guide

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Debian 12 (bookworm) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2014-8484 CVE-2014-8485 CVE-2014-8501 CVE-2014-8502 CVE-2014-8503 CVE-2014-8504 CVE-2014-8737 CVE-2014-8738 Upstream summary: The srec_scan function in bfd/srec.c in libdbfd in GNU binutils before 2.25 allows remote attackers to cause a […]

Read more
Debian 12 — twitter-bootstrap3 — multiple vulnerabilities (8 CVEs) — patch and remediation guide — diagnosis and fix on Debian 12

Debian 12 — twitter-bootstrap3 — multiple vulnerabilities (8 CVEs) — patch and remediation guide

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Debian 12 (bookworm) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2016-10735 CVE-2018-14040 CVE-2018-14042 CVE-2018-20676 CVE-2018-20677 CVE-2019-8331 CVE-2024-6485 CVE-2025-1647 Upstream summary: In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different […]

Read more
Debian 12 — snakeyaml — multiple vulnerabilities (8 CVEs) — patch and remediation guide — diagnosis and fix on Debian 12

Debian 12 — snakeyaml — multiple vulnerabilities (8 CVEs) — patch and remediation guide

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Debian 12 (bookworm) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2017-18640 CVE-2022-1471 CVE-2022-25857 CVE-2022-38749 CVE-2022-38750 CVE-2022-38751 CVE-2022-38752 CVE-2022-41854 Upstream summary: The Alias feature in SnakeYAML before 1.26 allows entity expansion during a load operation, a related issue to […]

Read more
Debian 12 — node-url-parse — multiple vulnerabilities (8 CVEs) — patch and remediation guide — diagnosis and fix on Debian 12

Debian 12 — node-url-parse — multiple vulnerabilities (8 CVEs) — patch and remediation guide

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Debian 12 (bookworm) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2018-3774 CVE-2020-8124 CVE-2021-27515 CVE-2021-3664 CVE-2022-0512 CVE-2022-0639 CVE-2022-0686 CVE-2022-0691 Upstream summary: Incorrect parsing in url-parse <1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, […]

Read more
Debian 12 — node-elliptic — multiple vulnerabilities (8 CVEs) — patch and remediation guide — diagnosis and fix on Debian 12

Debian 12 — node-elliptic — multiple vulnerabilities (8 CVEs) — patch and remediation guide

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Debian 12 (bookworm) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2020-13822 CVE-2020-28498 CVE-2024-42459 CVE-2024-42460 CVE-2024-42461 CVE-2024-48948 CVE-2024-48949 CVE-2025-14505 Upstream summary: The Elliptic package 6.5.2 for Node.js allows ECDSA signature malleability via variations in encoding, leading '\0' bytes, or […]

Read more
CHAT