Debian 10 "Buster" RC3 to be Available

The release of full fledged Debian 10 "Buster" is expected on July 6th 2019 and RC3 is prepered to test latest changes 
03 July 2019   964

A third unplanned release candidate for the installer of the next significant release of Debian 10 "Buster" has been prepared. The reason for the creating of the next test version of the installer is the need to test the last-minute changes related to the choice of recommended dependencies for packages with the kernel and the inclusion of the shim-signed package as one of the recommended dependencies for packages grub-efi- {arm64, i386} -signed. The release of Debian 10 is expected on July 6th.

You can download it from an official website and get more info the mailing.

Two Vulnerabilities to be Found at SDL

Two of six serious vulnerabilities in this cross-platform multimedia library create conditions for remote code execution.
04 July 2019   873

The SDL (Simple Direct Layer) library set, which provides tools for hardware accelerated 2D and 3D graphics rendering, input processing, audio playback, 3D output via OpenGL / OpenGL ES, and many other related operations, revealed 6 vulnerabilities. Including in the SDL2_image library, two problems have been discovered that allow organizing remote code execution in the system. Attacks can be made on applications that use SDL to load images.

Both vulnerabilities (CVE-2019-5051, CVE-2019-5051) are present in the IMG_LoadPCX_RW function and are caused by the lack of the necessary error handler and integer overflow that can be exploited through the transfer of a specially crafted PCX file. Issues have already been fixed in the SDL_image 2.0.5 release. Information about the remaining 4 vulnerabilities has not yet been disclosed.

Vulnerabilities were found by Talos, so you can find more info at their website.