Information on source package mono

Available versions

Release	Version
jessie	3.2.8+dfsg-10+deb8u1
stretch	4.6.2.7+dfsg-1+deb9u1
buster	5.18.0.240+dfsg-3+deb10u1
bullseye	6.8.0.105+dfsg-3.3~deb11u1
bookworm	6.8.0.105+dfsg-3.3
trixie	6.12.0.199+dfsg-2
sid	6.12.0.199+dfsg-2

Open issues

Bug	jessie	stretch	buster	bullseye	bookworm	trixie	sid	Description
CVE-2023-26314	vulnerable	fixed	fixed	fixed	fixed	fixed	fixed	The mono package before 6.8.0.105+dfsg-3.3 for Debian allows arbitrary ...
CVE-2018-1002208	vulnerable (no DSA)	vulnerable (no DSA)	fixed	fixed	fixed	fixed	fixed	SharpZipLib before 1.0 RC1 is vulnerable to directory traversal, allow ...

Resolved issues

Bug	Description
CVE-2021-32842	SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Starti ...
CVE-2021-32841	SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Starti ...
CVE-2021-32840	SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Prior ...
CVE-2015-2320	The TLS stack in Mono before 3.12.1 allows remote attackers to have un ...
CVE-2015-2319	The TLS stack in Mono before 3.12.1 makes it easier for remote attacke ...
CVE-2015-2318	The TLS stack in Mono before 3.12.1 allows man-in-the-middle attackers ...
CVE-2012-3543	mono 2.10.x ASP.NET Web Form Hash collision DoS
CVE-2012-3382	Cross-site scripting (XSS) vulnerability in the ProcessRequest functio ...
CVE-2011-0992	Use-after-free vulnerability in Mono, when Moonlight 2.x before 2.4.1 ...
CVE-2011-0991	Use-after-free vulnerability in Mono, when Moonlight 2.x before 2.4.1 ...
CVE-2011-0990	Race condition in the FastCopy optimization in the Array.Copy method i ...
CVE-2011-0989	The RuntimeHelpers.InitializeArray method in metadata/icall.c in Mono, ...
CVE-2010-4225	Unspecified vulnerability in the mod_mono module for XSP in Mono 2.8.x ...
CVE-2010-4159	Untrusted search path vulnerability in metadata/loader.c in Mono 2.8 a ...
CVE-2010-1459	The default configuration of ASP.NET in Mono before 2.6.4 has a value ...
CVE-2009-0689	Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa. ...
CVE-2009-0217	The design of the W3C XML Signature Syntax and Processing (XMLDsig) re ...
CVE-2008-3906	CRLF injection vulnerability in Sys.Web in Mono 2.0 and earlier allows ...
CVE-2008-3422	Multiple cross-site scripting (XSS) vulnerabilities in the ASP.net cla ...
CVE-2007-5473	StaticFileHandler.cs in System.Web in Mono before 1.2.5.2, when runnin ...
CVE-2007-5197	Buffer overflow in the Mono.Math.BigInteger class in Mono 1.2.5.1 and ...
CVE-2006-6104	The System.Web class in the XSP for ASP.NET server 1.1 through 2.0 in ...
CVE-2006-5072	The System.CodeDom.Compiler classes in Novell Mono create temporary fi ...
CVE-2005-0509	Multiple cross-site scripting (XSS) vulnerabilities in the Mono 1.0.5 ...

Security announcements

DSA / DLA	Description
ELA-812-1	mono - security update
DLA-3343-1	mono - security update
DLA-1564-1	mono - security update
DLA-376-1	mono - security update
DSA-3202-1	mono - security update
DLA-176-1	mono - security update
DSA-2512-1	mono - missing input sanitising
DSA-1397-1	mono - buffer overflow