info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Updated Debian 10: 10.13 released
0 views
Skip to first unread message
Donald Norwood
Sep 10, 2022, 9:10:04āÆAM9/10/22
to
------------------------------------------------------------------------
The Debian Project https://www.debian.org/
Updated Debian 10: 10.13 released pr...@debian.org
September 10th, 2022 https://www.debian.org/News/2022/20220910
------------------------------------------------------------------------
The Debian project is pleased to announce the thirteenth (and final)
update of its oldstable distribution Debian 10 (codename "buster"). This
point release mainly adds corrections for security issues, along with a
few adjustments for serious problems. Security advisories have already
been published separately and are referenced where available.
After this point release, Debian's Security and Release Teams will no
longer be producing updates for Debian 10. Users wishing to continue to
receive security support should upgrade to Debian 11, or see
https://wiki.debian.org/LTS for details about the subset of
architectures and packages covered by the Long Term Support project.
Please note that the point release does not constitute a new version of
Debian 10 but only updates some of the packages included. There is no
need to throw away old "buster" media. After installation, packages can
be upgraded to the current versions using an up-to-date Debian mirror.
Those who frequently install updates from security.debian.org won't have
to update many packages, and most such updates are included in the point
release.
New installation images will be available soon at the regular locations.
Upgrading an existing installation to this revision can be achieved by
pointing the package management system at one of Debian's many HTTP
mirrors. A comprehensive list of mirrors is available at:
https://www.debian.org/mirror/list
Miscellaneous Bugfixes
----------------------
This oldstable update adds a few important corrections to the following
packages:
+--------------------------+------------------------------------------+
| Package | Reason |
+--------------------------+------------------------------------------+
| adminerĀ [1] | Fix open redirect issue, cross-site |
| | scripting issues [CVE-2020-35572 |
| | CVE-2021-29625]; elasticsearch: Do not |
| | print response if HTTP code is not 200 |
| | [CVE-2021-21311]; provide a compiled |
| | version and configuration files |
| | |
| apache2Ā [2] | Fix denial of service issue [CVE-2022- |
| | 22719], HTTP request smuggling issue |
| | [CVE-2022-22720], integer overflow issue |
| | [CVE-2022-22721], out-of-bounds write |
| | issue [CVE-2022-23943], HTTP request |
| | smuggling issue [CVE-2022-26377], out- |
| | of-bounds read issues [CVE-2022-28614 |
| | CVE-2022-28615], denial of service issue |
| | [CVE-2022-29404], out-of-bounds read |
| | issue [CVE-2022-30556], possible IP- |
| | based authentication bypass issue |
| | [CVE-2022-31813] |
| | |
| base-filesĀ [3] | Update for the 10.13 point release |
| | |
| clamavĀ [4] | New upstream stable release; security |
| | fixes [CVE-2022-20770 CVE-2022-20771 |
| | CVE-2022-20785 CVE-2022-20792 CVE-2022- |
| | 20796] |
| | |
| commons-daemonĀ [5] | Fix JVM detection |
| | |
| composerĀ [6] | Fix code injection vulnerability |
| | [CVE-2022-24828]; update GitHub token |
| | pattern; use Authorization header |
| | instead of deprecated access_token query |
| | parameter |
| | |
| debian-installerĀ [7] | Rebuild against buster-proposed-updates; |
| | increase Linux ABI to 4.19.0-21 |
| | |
| debian-installer- | Rebuild against buster-proposed-updates; |
| netboot-imagesĀ [8] | increase Linux ABI to 4.19.0-21 |
| | |
| debian-security- | Update security status of various |
| supportĀ [9] | packages |
| | |
| debootstrapĀ [10] | Ensure non-merged-usr chroots can |
| | continue to be created for older |
| | releases and buildd chroots |
| | |
| distro-info-dataĀ [11] | Add Ubuntu 22.04 LTS, Jammy Jellyfish |
| | and Ubuntu 22.10, Kinetic Kudu |
| | |
| dropbearĀ [12] | Fix possible username enumeration issue |
| | [CVE-2019-12953] |
| | |
| eboardĀ [13] | Fix segfault on engine selection |
| | |
| esorexĀ [14] | Fix testsuite failures on armhf and |
| | ppc64el caused by incorrect libffi usage |
| | |
| evemuĀ [15] | Fix build failure with recent kernel |
| | versions |
| | |
| feature-checkĀ [16] | Fix some version comparisons |
| | |
| flacĀ [17] | Fix out-of-bounds write issue [CVE-2021- |
| | 0561] |
| | |
| foxtrotgpsĀ [18] | Fix build failure with newer imagemagick |
| | versions |
| | |
| freeradiusĀ [19] | Fix side-channel leak where 1 in 2048 |
| | handshakes fail [CVE-2019-13456], denial |
| | of service issue due to multithreaded |
| | BN_CTX access [CVE-2019-17185], crash |
| | due to non-thread safe memory allocation |
| | |
| freetypeĀ [20] | Fix buffer overflow issue [CVE-2022- |
| | 27404]; fix crashes [CVE-2022-27405 |
| | CVE-2022-27406] |
| | |
| fribidiĀ [21] | Fix buffer overflow issues [CVE-2022- |
| | 25308 CVE-2022-25309]; fix crash |
| | [CVE-2022-25310] |
| | |
| ftglĀ [22] | Don't try to convert PNG to EPS for |
| | latex, as our imagemagick has EPS |
| | disabled for security reasons |
| | |
| gif2apngĀ [23] | Fix heap-based buffer overflows |
| | [CVE-2021-45909 CVE-2021-45910 CVE-2021- |
| | 45911] |
| | |
| gnucashĀ [24] | Fix build failure with recent tzdata |
| | |
| gnutls28Ā [25] | Fix test suite when combined with |
| | OpenSSL 1.1.1e or newer |
| | |
| golang-github-docker-go- | Skip tests that use expired certificates |
| connectionsĀ [26] | |
| | |
| golang-github-pkg- | Fix building on newer 4.19 kernels |
| termĀ [27] | |
| | |
| golang-github- | Fix NULL pointer dereference issue |
| russellhaering- | [CVE-2020-7711] |
| goxmldsigĀ [28] | |
| | |
| grub-efi-amd64- | New upstream release |
| signedĀ [29] | |
| | |
| grub-efi-arm64- | New upstream release |
| signedĀ [30] | |
| | |
| grub-efi-ia32- | New upstream release |
| signedĀ [31] | |
| | |
| grub2Ā [32] | New upstream release |
| | |
| htmldocĀ [33] | Fix infinite loop [CVE-2022-24191], |
| | integer overflow issues [CVE-2022-27114] |
| | and heap buffer overflow issue |
| | [CVE-2022-28085] |
| | |
| iptables-netflowĀ [34] | Fix DKMS build failure regression caused |
| | by Linux upstream changes in the |
| | 4.19.191 kernel |
| | |
| isyncĀ [35] | Fix buffer overflow issues [CVE-2021- |
| | 3657] |
| | |
| kannelĀ [36] | Fix build failure by disabling |
| | generation of Postscript documentation |
| | |
| krb5Ā [37] | Use SHA256 as Pkinit CMS Digest |
| | |
| libapache2-mod-auth- | Improve validation of the post-logout |
| openidcĀ [38] | URL parameter on logout [CVE-2019-14857] |
| | |
| libdatetime-timezone- | Update included data |
| perlĀ [39] | |
| | |
| libhttp-cookiejar- | Fix build failure by increasing the |
| perlĀ [40] | expiry date of a test cookie |
| | |
| libnet-freedb-perlĀ [41] | Change the default host from the defunct |
| | freedb.freedb.org to gnudb.gnudb.org |
| | |
| libnet-ssleay-perlĀ [42] | Fix test failures with OpenSSL 1.1.1n |
| | |
| librose-db-object- | Fix test failure after 6/6/2020 |
| perlĀ [43] | |
| | |
| libvirt-phpĀ [44] | Fix segmentation fault in |
| | libvirt_node_get_cpu_stats |
| | |
| llvm-toolchain-13Ā [45] | New source package to support building |
| | of newer firefox-esr and thunderbird |
| | versions |
| | |
| minidlnaĀ [46] | Validate HTTP requests to protect |
| | against DNS rebinding attacks [CVE-2022- |
| | 26505] |
| | |
| mokutilĀ [47] | New upstream version, to allow for SBAT |
| | management |
| | |
| muttĀ [48] | Fix uudecode buffer overflow [CVE-2022- |
| | 1328] |
| | |
| node-ejsĀ [49] | Sanitize options and new objects |
| | [CVE-2022-29078] |
| | |
| node-end-of-streamĀ [50] | Work around test bug |
| | |
| node-minimistĀ [51] | Fix prototype pollution issue [CVE-2021- |
| | 44906] |
| | |
| node-node-forgeĀ [52] | Fix signature verification issues |
| | [CVE-2022-24771 CVE-2022-24772 CVE-2022- |
| | 24773] |
| | |
| node-require-from- | Fix a test in conjunction with nodejs >= |
| stringĀ [53] | 10.16 |
| | |
| nvidia-graphics- | New upstream release |
| driversĀ [54] | |
| | |
| nvidia-graphics-drivers- | New upstream release; fix out-of-bound |
| legacy-390xxĀ [55] | write issues [CVE-2022-28181 CVE-2022- |
| | 28185]; security fixes [CVE-2022-31607 |
| | CVE-2022-31608 CVE-2022-31615] |
| | |
| octaviaĀ [56] | Fix client certificate checks [CVE-2019- |
| | 17134]; correctly detect that the agent |
| | is running on Debian; fix template that |
| | generates vrrp check script; add |
| | additional runtime dependencies; ship |
| | additional configuration directly in the |
| | agent package |
| | |
| orcaĀ [57] | Fix use with WebKitGTK 2.36 |
| | |
| pacemakerĀ [58] | Update relationship versions to fix |
| | upgrades from stretch LTS |
| | |
| pglogicalĀ [59] | Fix build failure |
| | |
| php-guzzlehttp-psr7Ā [60] | Fix improper header parsing [CVE-2022- |
| | 24775] |
| | |
| postfixĀ [61] | New upstream stable release; do not |
| | override user set default_transport; if- |
| | up.d: do not error out if postfix can't |
| | send mail yet; fix duplicate |
| | bounce_notice_recipient entries in |
| | postconf output |
| | |
| postgresql-commonĀ [62] | pg_virtualenv: Write temporary password |
| | file before chowning the file |
| | |
| postsrsdĀ [63] | Fix potential denial of service issue |
| | when Postfix sends certain long data |
| | fields such as multiple concatenated |
| | email addresses [CVE-2021-35525] |
| | |
| procmailĀ [64] | Fix NULL pointer dereference |
| | |
| publicsuffixĀ [65] | Update included data |
| | |
| python- | Update tests to fix build failure |
| keystoneauth1Ā [66] | |
| | |
| python-scrapyĀ [67] | Don't send authentication data with all |
| | requests [CVE-2021-41125]; don't expose |
| | cookies cross-domain when redirecting |
| | [CVE-2022-0577] |
| | |
| python-udatetimeĀ [68] | Properly link against libm library |
| | |
| qtbase-opensource- | Fix setTabOrder for compound widgets; |
| srcĀ [69] | add an expansion limit for XML entities |
| | [CVE-2015-9541] |
| | |
| ruby-activeldapĀ [70] | Add missing dependency on ruby-builder |
| | |
| ruby-hiredisĀ [71] | Skip some unreliable tests in order to |
| | fix build failure |
| | |
| ruby-http-parser.rbĀ [72] | Fix build failure when using http-parser |
| | containing the fix for CVE-2019-15605 |
| | |
| ruby-riddleĀ [73] | Allow use of "LOAD DATA LOCAL INFILE" |
| | |
| sctkĀ [74] | Use "pdftoppm" instead of "convert" |
| | to convert PDF to JPEG as the latter |
| | fails with the changed security policy |
| | of ImageMagick |
| | |
| twistedĀ [75] | Fix incorrect URI and HTTP method |
| | validation issue [CVE-2019-12387], |
| | incorrect certificate validation in XMPP |
| | support [CVE-2019-12855], HTTP/2 denial |
| | of service issues, HTTP request |
| | smuggling issues [CVE-2020-10108 |
| | CVE-2020-10109 CVE-2022-24801], |
| | information disclosure issue when |
| | following cross-domain redirects |
| | [CVE-2022-21712], denial of service |
| | issue during SSH handshake [CVE-2022- |
| | 21716] |
| | |
| tzdataĀ [76] | Update timezone data for Iran, Chile and |
| | Palestine; update leap second list |
| | |
| ublock-originĀ [77] | New upstream stable release |
| | |
| unrar-nonfreeĀ [78] | Fix directory traversal issue [CVE-2022- |
| | 30333] |
| | |
| wiresharkĀ [79] | Fix remote code execution issue |
| | [CVE-2021-22191], denial of service |
| | issues [CVE-2021-4181 CVE-2021-4184 |
| | CVE-2021-4185 CVE-2022-0581 CVE-2022- |
| | 0582 CVE-2022-0583 CVE-2022-0585 |
| | CVE-2022-0586] |
| | |
+--------------------------+------------------------------------------+
1: https://packages.debian.org/src:adminer
2: https://packages.debian.org/src:apache2
3: https://packages.debian.org/src:base-files
4: https://packages.debian.org/src:clamav
5: https://packages.debian.org/src:commons-daemon
6: https://packages.debian.org/src:composer
7: https://packages.debian.org/src:debian-installer
8: https://packages.debian.org/src:debian-installer-netboot-images
9: https://packages.debian.org/src:debian-security-support
10: https://packages.debian.org/src:debootstrap
11: https://packages.debian.org/src:distro-info-data
12: https://packages.debian.org/src:dropbear
13: https://packages.debian.org/src:eboard
14: https://packages.debian.org/src:esorex
15: https://packages.debian.org/src:evemu
16: https://packages.debian.org/src:feature-check
17: https://packages.debian.org/src:flac
18: https://packages.debian.org/src:foxtrotgps
19: https://packages.debian.org/src:freeradius
20: https://packages.debian.org/src:freetype
21: https://packages.debian.org/src:fribidi
22: https://packages.debian.org/src:ftgl
23: https://packages.debian.org/src:gif2apng
24: https://packages.debian.org/src:gnucash
25: https://packages.debian.org/src:gnutls28
26: https://packages.debian.org/src:golang-github-docker-go-connections
27: https://packages.debian.org/src:golang-github-pkg-term
28: https://packages.debian.org/src:golang-github-russellhaering-goxmldsig
29: https://packages.debian.org/src:grub-efi-amd64-signed
30: https://packages.debian.org/src:grub-efi-arm64-signed
31: https://packages.debian.org/src:grub-efi-ia32-signed
32: https://packages.debian.org/src:grub2
33: https://packages.debian.org/src:htmldoc
34: https://packages.debian.org/src:iptables-netflow
35: https://packages.debian.org/src:isync
36: https://packages.debian.org/src:kannel
37: https://packages.debian.org/src:krb5
38: https://packages.debian.org/src:libapache2-mod-auth-openidc
39: https://packages.debian.org/src:libdatetime-timezone-perl
40: https://packages.debian.org/src:libhttp-cookiejar-perl
41: https://packages.debian.org/src:libnet-freedb-perl
42: https://packages.debian.org/src:libnet-ssleay-perl
43: https://packages.debian.org/src:librose-db-object-perl
44: https://packages.debian.org/src:libvirt-php
45: https://packages.debian.org/src:llvm-toolchain-13
46: https://packages.debian.org/src:minidlna
47: https://packages.debian.org/src:mokutil
48: https://packages.debian.org/src:mutt
49: https://packages.debian.org/src:node-ejs
50: https://packages.debian.org/src:node-end-of-stream
51: https://packages.debian.org/src:node-minimist
52: https://packages.debian.org/src:node-node-forge
53: https://packages.debian.org/src:node-require-from-string
54: https://packages.debian.org/src:nvidia-graphics-drivers
55: https://packages.debian.org/src:nvidia-graphics-drivers-legacy-390xx
56: https://packages.debian.org/src:octavia
57: https://packages.debian.org/src:orca
58: https://packages.debian.org/src:pacemaker
59: https://packages.debian.org/src:pglogical
60: https://packages.debian.org/src:php-guzzlehttp-psr7
61: https://packages.debian.org/src:postfix
62: https://packages.debian.org/src:postgresql-common
63: https://packages.debian.org/src:postsrsd
64: https://packages.debian.org/src:procmail
65: https://packages.debian.org/src:publicsuffix
66: https://packages.debian.org/src:python-keystoneauth1
67: https://packages.debian.org/src:python-scrapy
68: https://packages.debian.org/src:python-udatetime
69: https://packages.debian.org/src:qtbase-opensource-src
70: https://packages.debian.org/src:ruby-activeldap
71: https://packages.debian.org/src:ruby-hiredis
72: https://packages.debian.org/src:ruby-http-parser.rb
73: https://packages.debian.org/src:ruby-riddle
74: https://packages.debian.org/src:sctk
75: https://packages.debian.org/src:twisted
76: https://packages.debian.org/src:tzdata
77: https://packages.debian.org/src:ublock-origin
78: https://packages.debian.org/src:unrar-nonfree
79: https://packages.debian.org/src:wireshark
Security Updates
----------------
This revision adds the following security updates to the oldstable
release. The Security Team has already released an advisory for each of
these updates:
+----------------+---------------------------+
| Advisory ID | Package |
+----------------+---------------------------+
| DSA-4836Ā [80] | openvswitchĀ [81] |
| | |
| DSA-4852Ā [82] | openvswitchĀ [83] |
| | |
| DSA-4906Ā [84] | chromiumĀ [85] |
| | |
| DSA-4911Ā [86] | chromiumĀ [87] |
| | |
| DSA-4917Ā [88] | chromiumĀ [89] |
| | |
| DSA-4981Ā [90] | firefox-esrĀ [91] |
| | |
| DSA-5034Ā [92] | thunderbirdĀ [93] |
| | |
| DSA-5044Ā [94] | firefox-esrĀ [95] |
| | |
| DSA-5045Ā [96] | thunderbirdĀ [97] |
| | |
| DSA-5069Ā [98] | firefox-esrĀ [99] |
| | |
| DSA-5074Ā [100] | thunderbirdĀ [101] |
| | |
| DSA-5077Ā [102] | librecadĀ [103] |
| | |
| DSA-5080Ā [104] | snapdĀ [105] |
| | |
| DSA-5086Ā [106] | thunderbirdĀ [107] |
| | |
| DSA-5090Ā [108] | firefox-esrĀ [109] |
| | |
| DSA-5094Ā [110] | thunderbirdĀ [111] |
| | |
| DSA-5097Ā [112] | firefox-esrĀ [113] |
| | |
| DSA-5106Ā [114] | thunderbirdĀ [115] |
| | |
| DSA-5108Ā [116] | tiffĀ [117] |
| | |
| DSA-5109Ā [118] | faad2Ā [119] |
| | |
| DSA-5111Ā [120] | zlibĀ [121] |
| | |
| DSA-5113Ā [122] | firefox-esrĀ [123] |
| | |
| DSA-5115Ā [124] | webkit2gtkĀ [125] |
| | |
| DSA-5118Ā [126] | thunderbirdĀ [127] |
| | |
| DSA-5119Ā [128] | subversionĀ [129] |
| | |
| DSA-5122Ā [130] | gzipĀ [131] |
| | |
| DSA-5123Ā [132] | xz-utilsĀ [133] |
| | |
| DSA-5126Ā [134] | ffmpegĀ [135] |
| | |
| DSA-5129Ā [136] | firefox-esrĀ [137] |
| | |
| DSA-5131Ā [138] | openjdk-11Ā [139] |
| | |
| DSA-5132Ā [140] | ecdsautilsĀ [141] |
| | |
| DSA-5135Ā [142] | postgresql-11Ā [143] |
| | |
| DSA-5137Ā [144] | needrestartĀ [145] |
| | |
| DSA-5138Ā [146] | waitressĀ [147] |
| | |
| DSA-5139Ā [148] | opensslĀ [149] |
| | |
| DSA-5140Ā [150] | openldapĀ [151] |
| | |
| DSA-5141Ā [152] | thunderbirdĀ [153] |
| | |
| DSA-5142Ā [154] | libxml2Ā [155] |
| | |
| DSA-5143Ā [156] | firefox-esrĀ [157] |
| | |
| DSA-5144Ā [158] | condorĀ [159] |
| | |
| DSA-5145Ā [160] | lrzipĀ [161] |
| | |
| DSA-5147Ā [162] | dpkgĀ [163] |
| | |
| DSA-5149Ā [164] | cupsĀ [165] |
| | |
| DSA-5150Ā [166] | rsyslogĀ [167] |
| | |
| DSA-5151Ā [168] | smarty3Ā [169] |
| | |
| DSA-5152Ā [170] | spipĀ [171] |
| | |
| DSA-5153Ā [172] | trafficserverĀ [173] |
| | |
| DSA-5154Ā [174] | webkit2gtkĀ [175] |
| | |
| DSA-5156Ā [176] | firefox-esrĀ [177] |
| | |
| DSA-5157Ā [178] | cifs-utilsĀ [179] |
| | |
| DSA-5158Ā [180] | thunderbirdĀ [181] |
| | |
| DSA-5159Ā [182] | python-bottleĀ [183] |
| | |
| DSA-5160Ā [184] | ntfs-3gĀ [185] |
| | |
| DSA-5164Ā [186] | exoĀ [187] |
| | |
| DSA-5165Ā [188] | vlcĀ [189] |
| | |
| DSA-5167Ā [190] | firejailĀ [191] |
| | |
| DSA-5169Ā [192] | opensslĀ [193] |
| | |
| DSA-5171Ā [194] | squidĀ [195] |
| | |
| DSA-5172Ā [196] | firefox-esrĀ [197] |
| | |
| DSA-5173Ā [198] | linux-latestĀ [199] |
| | |
| DSA-5173Ā [200] | linux-signed-amd64Ā [201] |
| | |
| DSA-5173Ā [202] | linux-signed-arm64Ā [203] |
| | |
| DSA-5173Ā [204] | linux-signed-i386Ā [205] |
| | |
| DSA-5173Ā [206] | linuxĀ [207] |
| | |
| DSA-5174Ā [208] | gnupg2Ā [209] |
| | |
| DSA-5175Ā [210] | thunderbirdĀ [211] |
| | |
| DSA-5176Ā [212] | blenderĀ [213] |
| | |
| DSA-5178Ā [214] | intel-microcodeĀ [215] |
| | |
| DSA-5181Ā [216] | request-tracker4Ā [217] |
| | |
| DSA-5182Ā [218] | webkit2gtkĀ [219] |
| | |
| DSA-5185Ā [220] | mat2Ā [221] |
| | |
| DSA-5186Ā [222] | djangorestframeworkĀ [223] |
| | |
| DSA-5188Ā [224] | openjdk-11Ā [225] |
| | |
| DSA-5189Ā [226] | gsaslĀ [227] |
| | |
| DSA-5190Ā [228] | spipĀ [229] |
| | |
| DSA-5193Ā [230] | firefox-esrĀ [231] |
| | |
| DSA-5194Ā [232] | boothĀ [233] |
| | |
| DSA-5195Ā [234] | thunderbirdĀ [235] |
| | |
| DSA-5196Ā [236] | libpgjavaĀ [237] |
| | |
+----------------+---------------------------+
80: https://www.debian.org/security/2021/dsa-4836
81: https://packages.debian.org/src:openvswitch
82: https://www.debian.org/security/2021/dsa-4852
83: https://packages.debian.org/src:openvswitch
84: https://www.debian.org/security/2021/dsa-4906
85: https://packages.debian.org/src:chromium
86: https://www.debian.org/security/2021/dsa-4911
87: https://packages.debian.org/src:chromium
88: https://www.debian.org/security/2021/dsa-4917
89: https://packages.debian.org/src:chromium
90: https://www.debian.org/security/2021/dsa-4981
91: https://packages.debian.org/src:firefox-esr
92: https://www.debian.org/security/2022/dsa-5034
93: https://packages.debian.org/src:thunderbird
94: https://www.debian.org/security/2022/dsa-5044
95: https://packages.debian.org/src:firefox-esr
96: https://www.debian.org/security/2022/dsa-5045
97: https://packages.debian.org/src:thunderbird
98: https://www.debian.org/security/2022/dsa-5069
99: https://packages.debian.org/src:firefox-esr
100: https://www.debian.org/security/2022/dsa-5074
101: https://packages.debian.org/src:thunderbird
102: https://www.debian.org/security/2022/dsa-5077
103: https://packages.debian.org/src:librecad
104: https://www.debian.org/security/2022/dsa-5080
105: https://packages.debian.org/src:snapd
106: https://www.debian.org/security/2022/dsa-5086
107: https://packages.debian.org/src:thunderbird
108: https://www.debian.org/security/2022/dsa-5090
109: https://packages.debian.org/src:firefox-esr
110: https://www.debian.org/security/2022/dsa-5094
111: https://packages.debian.org/src:thunderbird
112: https://www.debian.org/security/2022/dsa-5097
113: https://packages.debian.org/src:firefox-esr
114: https://www.debian.org/security/2022/dsa-5106
115: https://packages.debian.org/src:thunderbird
116: https://www.debian.org/security/2022/dsa-5108
117: https://packages.debian.org/src:tiff
118: https://www.debian.org/security/2022/dsa-5109
119: https://packages.debian.org/src:faad2
120: https://www.debian.org/security/2022/dsa-5111
121: https://packages.debian.org/src:zlib
122: https://www.debian.org/security/2022/dsa-5113
123: https://packages.debian.org/src:firefox-esr
124: https://www.debian.org/security/2022/dsa-5115
125: https://packages.debian.org/src:webkit2gtk
126: https://www.debian.org/security/2022/dsa-5118
127: https://packages.debian.org/src:thunderbird
128: https://www.debian.org/security/2022/dsa-5119
129: https://packages.debian.org/src:subversion
130: https://www.debian.org/security/2022/dsa-5122
131: https://packages.debian.org/src:gzip
132: https://www.debian.org/security/2022/dsa-5123
133: https://packages.debian.org/src:xz-utils
134: https://www.debian.org/security/2022/dsa-5126
135: https://packages.debian.org/src:ffmpeg
136: https://www.debian.org/security/2022/dsa-5129
137: https://packages.debian.org/src:firefox-esr
138: https://www.debian.org/security/2022/dsa-5131
139: https://packages.debian.org/src:openjdk-11
140: https://www.debian.org/security/2022/dsa-5132
141: https://packages.debian.org/src:ecdsautils
142: https://www.debian.org/security/2022/dsa-5135
143: https://packages.debian.org/src:postgresql-11
144: https://www.debian.org/security/2022/dsa-5137
145: https://packages.debian.org/src:needrestart
146: https://www.debian.org/security/2022/dsa-5138
147: https://packages.debian.org/src:waitress
148: https://www.debian.org/security/2022/dsa-5139
149: https://packages.debian.org/src:openssl
150: https://www.debian.org/security/2022/dsa-5140
151: https://packages.debian.org/src:openldap
152: https://www.debian.org/security/2022/dsa-5141
153: https://packages.debian.org/src:thunderbird
154: https://www.debian.org/security/2022/dsa-5142
155: https://packages.debian.org/src:libxml2
156: https://www.debian.org/security/2022/dsa-5143
157: https://packages.debian.org/src:firefox-esr
158: https://www.debian.org/security/2022/dsa-5144
159: https://packages.debian.org/src:condor
160: https://www.debian.org/security/2022/dsa-5145
161: https://packages.debian.org/src:lrzip
162: https://www.debian.org/security/2022/dsa-5147
163: https://packages.debian.org/src:dpkg
164: https://www.debian.org/security/2022/dsa-5149
165: https://packages.debian.org/src:cups
166: https://www.debian.org/security/2022/dsa-5150
167: https://packages.debian.org/src:rsyslog
168: https://www.debian.org/security/2022/dsa-5151
169: https://packages.debian.org/src:smarty3
170: https://www.debian.org/security/2022/dsa-5152
171: https://packages.debian.org/src:spip
172: https://www.debian.org/security/2022/dsa-5153
173: https://packages.debian.org/src:trafficserver
174: https://www.debian.org/security/2022/dsa-5154
175: https://packages.debian.org/src:webkit2gtk
176: https://www.debian.org/security/2022/dsa-5156
177: https://packages.debian.org/src:firefox-esr
178: https://www.debian.org/security/2022/dsa-5157
179: https://packages.debian.org/src:cifs-utils
180: https://www.debian.org/security/2022/dsa-5158
181: https://packages.debian.org/src:thunderbird
182: https://www.debian.org/security/2022/dsa-5159
183: https://packages.debian.org/src:python-bottle
184: https://www.debian.org/security/2022/dsa-5160
185: https://packages.debian.org/src:ntfs-3g
186: https://www.debian.org/security/2022/dsa-5164
187: https://packages.debian.org/src:exo
188: https://www.debian.org/security/2022/dsa-5165
189: https://packages.debian.org/src:vlc
190: https://www.debian.org/security/2022/dsa-5167
191: https://packages.debian.org/src:firejail
192: https://www.debian.org/security/2022/dsa-5169
193: https://packages.debian.org/src:openssl
194: https://www.debian.org/security/2022/dsa-5171
195: https://packages.debian.org/src:squid
196: https://www.debian.org/security/2022/dsa-5172
197: https://packages.debian.org/src:firefox-esr
198: https://www.debian.org/security/2022/dsa-5173
199: https://packages.debian.org/src:linux-latest
200: https://www.debian.org/security/2022/dsa-5173
201: https://packages.debian.org/src:linux-signed-amd64
202: https://www.debian.org/security/2022/dsa-5173
203: https://packages.debian.org/src:linux-signed-arm64
204: https://www.debian.org/security/2022/dsa-5173
205: https://packages.debian.org/src:linux-signed-i386
206: https://www.debian.org/security/2022/dsa-5173
207: https://packages.debian.org/src:linux
208: https://www.debian.org/security/2022/dsa-5174
209: https://packages.debian.org/src:gnupg2
210: https://www.debian.org/security/2022/dsa-5175
211: https://packages.debian.org/src:thunderbird
212: https://www.debian.org/security/2022/dsa-5176
213: https://packages.debian.org/src:blender
214: https://www.debian.org/security/2022/dsa-5178
215: https://packages.debian.org/src:intel-microcode
216: https://www.debian.org/security/2022/dsa-5181
217: https://packages.debian.org/src:request-tracker4
218: https://www.debian.org/security/2022/dsa-5182
219: https://packages.debian.org/src:webkit2gtk
220: https://www.debian.org/security/2022/dsa-5185
221: https://packages.debian.org/src:mat2
222: https://www.debian.org/security/2022/dsa-5186
223: https://packages.debian.org/src:djangorestframework
224: https://www.debian.org/security/2022/dsa-5188
225: https://packages.debian.org/src:openjdk-11
226: https://www.debian.org/security/2022/dsa-5189
227: https://packages.debian.org/src:gsasl
228: https://www.debian.org/security/2022/dsa-5190
229: https://packages.debian.org/src:spip
230: https://www.debian.org/security/2022/dsa-5193
231: https://packages.debian.org/src:firefox-esr
232: https://www.debian.org/security/2022/dsa-5194
233: https://packages.debian.org/src:booth
234: https://www.debian.org/security/2022/dsa-5195
235: https://packages.debian.org/src:thunderbird
236: https://www.debian.org/security/2022/dsa-5196
237: https://packages.debian.org/src:libpgjava
Removed packages
----------------
The following packages were removed due to circumstances beyond our
control:
+--------------------------+-------------------------------+
| Package | Reason |
+--------------------------+-------------------------------+
| elogĀ [238] | Unmaintained; security issues |
| | |
| libnet-amazon-perlĀ [239] | Depends on removed API |
| | |
+--------------------------+-------------------------------+
238: https://packages.debian.org/src:elog
239: https://packages.debian.org/src:libnet-amazon-perl
Debian Installer
----------------
The installer has been updated to include the fixes incorporated into
oldstable by the point release.
URLs
----
The complete lists of packages that have changed with this revision:
https://deb.debian.org/debian/dists/buster/ChangeLog
The current oldstable distribution:
https://deb.debian.org/debian/dists/oldstable/
Proposed updates to the oldstable distribution:
https://deb.debian.org/debian/dists/oldstable-proposed-updates
oldstable distribution information (release notes, errata etc.):
https://www.debian.org/releases/oldstable/
Security announcements and information:
https://www.debian.org/security/
About Debian
------------
The Debian Project is an association of Free Software developers who
volunteer their time and effort in order to produce the completely free
operating system Debian.
Contact Information
-------------------
For further information, please visit the Debian web pages at
https://www.debian.org/, send mail to <pr...@debian.org>, or contact the
stable release team at <debian-...@lists.debian.org>.
The Debian Project https://www.debian.org/
Updated Debian 10: 10.13 released pr...@debian.org
September 10th, 2022 https://www.debian.org/News/2022/20220910
------------------------------------------------------------------------
The Debian project is pleased to announce the thirteenth (and final)
update of its oldstable distribution Debian 10 (codename "buster"). This
point release mainly adds corrections for security issues, along with a
few adjustments for serious problems. Security advisories have already
been published separately and are referenced where available.
After this point release, Debian's Security and Release Teams will no
longer be producing updates for Debian 10. Users wishing to continue to
receive security support should upgrade to Debian 11, or see
https://wiki.debian.org/LTS for details about the subset of
architectures and packages covered by the Long Term Support project.
Please note that the point release does not constitute a new version of
Debian 10 but only updates some of the packages included. There is no
need to throw away old "buster" media. After installation, packages can
be upgraded to the current versions using an up-to-date Debian mirror.
Those who frequently install updates from security.debian.org won't have
to update many packages, and most such updates are included in the point
release.
New installation images will be available soon at the regular locations.
Upgrading an existing installation to this revision can be achieved by
pointing the package management system at one of Debian's many HTTP
mirrors. A comprehensive list of mirrors is available at:
https://www.debian.org/mirror/list
Miscellaneous Bugfixes
----------------------
This oldstable update adds a few important corrections to the following
packages:
+--------------------------+------------------------------------------+
| Package | Reason |
+--------------------------+------------------------------------------+
| adminerĀ [1] | Fix open redirect issue, cross-site |
| | scripting issues [CVE-2020-35572 |
| | CVE-2021-29625]; elasticsearch: Do not |
| | print response if HTTP code is not 200 |
| | [CVE-2021-21311]; provide a compiled |
| | version and configuration files |
| | |
| apache2Ā [2] | Fix denial of service issue [CVE-2022- |
| | 22719], HTTP request smuggling issue |
| | [CVE-2022-22720], integer overflow issue |
| | [CVE-2022-22721], out-of-bounds write |
| | issue [CVE-2022-23943], HTTP request |
| | smuggling issue [CVE-2022-26377], out- |
| | of-bounds read issues [CVE-2022-28614 |
| | CVE-2022-28615], denial of service issue |
| | [CVE-2022-29404], out-of-bounds read |
| | issue [CVE-2022-30556], possible IP- |
| | based authentication bypass issue |
| | [CVE-2022-31813] |
| | |
| base-filesĀ [3] | Update for the 10.13 point release |
| | |
| clamavĀ [4] | New upstream stable release; security |
| | fixes [CVE-2022-20770 CVE-2022-20771 |
| | CVE-2022-20785 CVE-2022-20792 CVE-2022- |
| | 20796] |
| | |
| commons-daemonĀ [5] | Fix JVM detection |
| | |
| composerĀ [6] | Fix code injection vulnerability |
| | [CVE-2022-24828]; update GitHub token |
| | pattern; use Authorization header |
| | instead of deprecated access_token query |
| | parameter |
| | |
| debian-installerĀ [7] | Rebuild against buster-proposed-updates; |
| | increase Linux ABI to 4.19.0-21 |
| | |
| debian-installer- | Rebuild against buster-proposed-updates; |
| netboot-imagesĀ [8] | increase Linux ABI to 4.19.0-21 |
| | |
| debian-security- | Update security status of various |
| supportĀ [9] | packages |
| | |
| debootstrapĀ [10] | Ensure non-merged-usr chroots can |
| | continue to be created for older |
| | releases and buildd chroots |
| | |
| distro-info-dataĀ [11] | Add Ubuntu 22.04 LTS, Jammy Jellyfish |
| | and Ubuntu 22.10, Kinetic Kudu |
| | |
| dropbearĀ [12] | Fix possible username enumeration issue |
| | [CVE-2019-12953] |
| | |
| eboardĀ [13] | Fix segfault on engine selection |
| | |
| esorexĀ [14] | Fix testsuite failures on armhf and |
| | ppc64el caused by incorrect libffi usage |
| | |
| evemuĀ [15] | Fix build failure with recent kernel |
| | versions |
| | |
| feature-checkĀ [16] | Fix some version comparisons |
| | |
| flacĀ [17] | Fix out-of-bounds write issue [CVE-2021- |
| | 0561] |
| | |
| foxtrotgpsĀ [18] | Fix build failure with newer imagemagick |
| | versions |
| | |
| freeradiusĀ [19] | Fix side-channel leak where 1 in 2048 |
| | handshakes fail [CVE-2019-13456], denial |
| | of service issue due to multithreaded |
| | BN_CTX access [CVE-2019-17185], crash |
| | due to non-thread safe memory allocation |
| | |
| freetypeĀ [20] | Fix buffer overflow issue [CVE-2022- |
| | 27404]; fix crashes [CVE-2022-27405 |
| | CVE-2022-27406] |
| | |
| fribidiĀ [21] | Fix buffer overflow issues [CVE-2022- |
| | 25308 CVE-2022-25309]; fix crash |
| | [CVE-2022-25310] |
| | |
| ftglĀ [22] | Don't try to convert PNG to EPS for |
| | latex, as our imagemagick has EPS |
| | disabled for security reasons |
| | |
| gif2apngĀ [23] | Fix heap-based buffer overflows |
| | [CVE-2021-45909 CVE-2021-45910 CVE-2021- |
| | 45911] |
| | |
| gnucashĀ [24] | Fix build failure with recent tzdata |
| | |
| gnutls28Ā [25] | Fix test suite when combined with |
| | OpenSSL 1.1.1e or newer |
| | |
| golang-github-docker-go- | Skip tests that use expired certificates |
| connectionsĀ [26] | |
| | |
| golang-github-pkg- | Fix building on newer 4.19 kernels |
| termĀ [27] | |
| | |
| golang-github- | Fix NULL pointer dereference issue |
| russellhaering- | [CVE-2020-7711] |
| goxmldsigĀ [28] | |
| | |
| grub-efi-amd64- | New upstream release |
| signedĀ [29] | |
| | |
| grub-efi-arm64- | New upstream release |
| signedĀ [30] | |
| | |
| grub-efi-ia32- | New upstream release |
| signedĀ [31] | |
| | |
| grub2Ā [32] | New upstream release |
| | |
| htmldocĀ [33] | Fix infinite loop [CVE-2022-24191], |
| | integer overflow issues [CVE-2022-27114] |
| | and heap buffer overflow issue |
| | [CVE-2022-28085] |
| | |
| iptables-netflowĀ [34] | Fix DKMS build failure regression caused |
| | by Linux upstream changes in the |
| | 4.19.191 kernel |
| | |
| isyncĀ [35] | Fix buffer overflow issues [CVE-2021- |
| | 3657] |
| | |
| kannelĀ [36] | Fix build failure by disabling |
| | generation of Postscript documentation |
| | |
| krb5Ā [37] | Use SHA256 as Pkinit CMS Digest |
| | |
| libapache2-mod-auth- | Improve validation of the post-logout |
| openidcĀ [38] | URL parameter on logout [CVE-2019-14857] |
| | |
| libdatetime-timezone- | Update included data |
| perlĀ [39] | |
| | |
| libhttp-cookiejar- | Fix build failure by increasing the |
| perlĀ [40] | expiry date of a test cookie |
| | |
| libnet-freedb-perlĀ [41] | Change the default host from the defunct |
| | freedb.freedb.org to gnudb.gnudb.org |
| | |
| libnet-ssleay-perlĀ [42] | Fix test failures with OpenSSL 1.1.1n |
| | |
| librose-db-object- | Fix test failure after 6/6/2020 |
| perlĀ [43] | |
| | |
| libvirt-phpĀ [44] | Fix segmentation fault in |
| | libvirt_node_get_cpu_stats |
| | |
| llvm-toolchain-13Ā [45] | New source package to support building |
| | of newer firefox-esr and thunderbird |
| | versions |
| | |
| minidlnaĀ [46] | Validate HTTP requests to protect |
| | against DNS rebinding attacks [CVE-2022- |
| | 26505] |
| | |
| mokutilĀ [47] | New upstream version, to allow for SBAT |
| | management |
| | |
| muttĀ [48] | Fix uudecode buffer overflow [CVE-2022- |
| | 1328] |
| | |
| node-ejsĀ [49] | Sanitize options and new objects |
| | [CVE-2022-29078] |
| | |
| node-end-of-streamĀ [50] | Work around test bug |
| | |
| node-minimistĀ [51] | Fix prototype pollution issue [CVE-2021- |
| | 44906] |
| | |
| node-node-forgeĀ [52] | Fix signature verification issues |
| | [CVE-2022-24771 CVE-2022-24772 CVE-2022- |
| | 24773] |
| | |
| node-require-from- | Fix a test in conjunction with nodejs >= |
| stringĀ [53] | 10.16 |
| | |
| nvidia-graphics- | New upstream release |
| driversĀ [54] | |
| | |
| nvidia-graphics-drivers- | New upstream release; fix out-of-bound |
| legacy-390xxĀ [55] | write issues [CVE-2022-28181 CVE-2022- |
| | 28185]; security fixes [CVE-2022-31607 |
| | CVE-2022-31608 CVE-2022-31615] |
| | |
| octaviaĀ [56] | Fix client certificate checks [CVE-2019- |
| | 17134]; correctly detect that the agent |
| | is running on Debian; fix template that |
| | generates vrrp check script; add |
| | additional runtime dependencies; ship |
| | additional configuration directly in the |
| | agent package |
| | |
| orcaĀ [57] | Fix use with WebKitGTK 2.36 |
| | |
| pacemakerĀ [58] | Update relationship versions to fix |
| | upgrades from stretch LTS |
| | |
| pglogicalĀ [59] | Fix build failure |
| | |
| php-guzzlehttp-psr7Ā [60] | Fix improper header parsing [CVE-2022- |
| | 24775] |
| | |
| postfixĀ [61] | New upstream stable release; do not |
| | override user set default_transport; if- |
| | up.d: do not error out if postfix can't |
| | send mail yet; fix duplicate |
| | bounce_notice_recipient entries in |
| | postconf output |
| | |
| postgresql-commonĀ [62] | pg_virtualenv: Write temporary password |
| | file before chowning the file |
| | |
| postsrsdĀ [63] | Fix potential denial of service issue |
| | when Postfix sends certain long data |
| | fields such as multiple concatenated |
| | email addresses [CVE-2021-35525] |
| | |
| procmailĀ [64] | Fix NULL pointer dereference |
| | |
| publicsuffixĀ [65] | Update included data |
| | |
| python- | Update tests to fix build failure |
| keystoneauth1Ā [66] | |
| | |
| python-scrapyĀ [67] | Don't send authentication data with all |
| | requests [CVE-2021-41125]; don't expose |
| | cookies cross-domain when redirecting |
| | [CVE-2022-0577] |
| | |
| python-udatetimeĀ [68] | Properly link against libm library |
| | |
| qtbase-opensource- | Fix setTabOrder for compound widgets; |
| srcĀ [69] | add an expansion limit for XML entities |
| | [CVE-2015-9541] |
| | |
| ruby-activeldapĀ [70] | Add missing dependency on ruby-builder |
| | |
| ruby-hiredisĀ [71] | Skip some unreliable tests in order to |
| | fix build failure |
| | |
| ruby-http-parser.rbĀ [72] | Fix build failure when using http-parser |
| | containing the fix for CVE-2019-15605 |
| | |
| ruby-riddleĀ [73] | Allow use of "LOAD DATA LOCAL INFILE" |
| | |
| sctkĀ [74] | Use "pdftoppm" instead of "convert" |
| | to convert PDF to JPEG as the latter |
| | fails with the changed security policy |
| | of ImageMagick |
| | |
| twistedĀ [75] | Fix incorrect URI and HTTP method |
| | validation issue [CVE-2019-12387], |
| | incorrect certificate validation in XMPP |
| | support [CVE-2019-12855], HTTP/2 denial |
| | of service issues, HTTP request |
| | smuggling issues [CVE-2020-10108 |
| | CVE-2020-10109 CVE-2022-24801], |
| | information disclosure issue when |
| | following cross-domain redirects |
| | [CVE-2022-21712], denial of service |
| | issue during SSH handshake [CVE-2022- |
| | 21716] |
| | |
| tzdataĀ [76] | Update timezone data for Iran, Chile and |
| | Palestine; update leap second list |
| | |
| ublock-originĀ [77] | New upstream stable release |
| | |
| unrar-nonfreeĀ [78] | Fix directory traversal issue [CVE-2022- |
| | 30333] |
| | |
| wiresharkĀ [79] | Fix remote code execution issue |
| | [CVE-2021-22191], denial of service |
| | issues [CVE-2021-4181 CVE-2021-4184 |
| | CVE-2021-4185 CVE-2022-0581 CVE-2022- |
| | 0582 CVE-2022-0583 CVE-2022-0585 |
| | CVE-2022-0586] |
| | |
+--------------------------+------------------------------------------+
1: https://packages.debian.org/src:adminer
2: https://packages.debian.org/src:apache2
3: https://packages.debian.org/src:base-files
4: https://packages.debian.org/src:clamav
5: https://packages.debian.org/src:commons-daemon
6: https://packages.debian.org/src:composer
7: https://packages.debian.org/src:debian-installer
8: https://packages.debian.org/src:debian-installer-netboot-images
9: https://packages.debian.org/src:debian-security-support
10: https://packages.debian.org/src:debootstrap
11: https://packages.debian.org/src:distro-info-data
12: https://packages.debian.org/src:dropbear
13: https://packages.debian.org/src:eboard
14: https://packages.debian.org/src:esorex
15: https://packages.debian.org/src:evemu
16: https://packages.debian.org/src:feature-check
17: https://packages.debian.org/src:flac
18: https://packages.debian.org/src:foxtrotgps
19: https://packages.debian.org/src:freeradius
20: https://packages.debian.org/src:freetype
21: https://packages.debian.org/src:fribidi
22: https://packages.debian.org/src:ftgl
23: https://packages.debian.org/src:gif2apng
24: https://packages.debian.org/src:gnucash
25: https://packages.debian.org/src:gnutls28
26: https://packages.debian.org/src:golang-github-docker-go-connections
27: https://packages.debian.org/src:golang-github-pkg-term
28: https://packages.debian.org/src:golang-github-russellhaering-goxmldsig
29: https://packages.debian.org/src:grub-efi-amd64-signed
30: https://packages.debian.org/src:grub-efi-arm64-signed
31: https://packages.debian.org/src:grub-efi-ia32-signed
32: https://packages.debian.org/src:grub2
33: https://packages.debian.org/src:htmldoc
34: https://packages.debian.org/src:iptables-netflow
35: https://packages.debian.org/src:isync
36: https://packages.debian.org/src:kannel
37: https://packages.debian.org/src:krb5
38: https://packages.debian.org/src:libapache2-mod-auth-openidc
39: https://packages.debian.org/src:libdatetime-timezone-perl
40: https://packages.debian.org/src:libhttp-cookiejar-perl
41: https://packages.debian.org/src:libnet-freedb-perl
42: https://packages.debian.org/src:libnet-ssleay-perl
43: https://packages.debian.org/src:librose-db-object-perl
44: https://packages.debian.org/src:libvirt-php
45: https://packages.debian.org/src:llvm-toolchain-13
46: https://packages.debian.org/src:minidlna
47: https://packages.debian.org/src:mokutil
48: https://packages.debian.org/src:mutt
49: https://packages.debian.org/src:node-ejs
50: https://packages.debian.org/src:node-end-of-stream
51: https://packages.debian.org/src:node-minimist
52: https://packages.debian.org/src:node-node-forge
53: https://packages.debian.org/src:node-require-from-string
54: https://packages.debian.org/src:nvidia-graphics-drivers
55: https://packages.debian.org/src:nvidia-graphics-drivers-legacy-390xx
56: https://packages.debian.org/src:octavia
57: https://packages.debian.org/src:orca
58: https://packages.debian.org/src:pacemaker
59: https://packages.debian.org/src:pglogical
60: https://packages.debian.org/src:php-guzzlehttp-psr7
61: https://packages.debian.org/src:postfix
62: https://packages.debian.org/src:postgresql-common
63: https://packages.debian.org/src:postsrsd
64: https://packages.debian.org/src:procmail
65: https://packages.debian.org/src:publicsuffix
66: https://packages.debian.org/src:python-keystoneauth1
67: https://packages.debian.org/src:python-scrapy
68: https://packages.debian.org/src:python-udatetime
69: https://packages.debian.org/src:qtbase-opensource-src
70: https://packages.debian.org/src:ruby-activeldap
71: https://packages.debian.org/src:ruby-hiredis
72: https://packages.debian.org/src:ruby-http-parser.rb
73: https://packages.debian.org/src:ruby-riddle
74: https://packages.debian.org/src:sctk
75: https://packages.debian.org/src:twisted
76: https://packages.debian.org/src:tzdata
77: https://packages.debian.org/src:ublock-origin
78: https://packages.debian.org/src:unrar-nonfree
79: https://packages.debian.org/src:wireshark
Security Updates
----------------
This revision adds the following security updates to the oldstable
release. The Security Team has already released an advisory for each of
these updates:
+----------------+---------------------------+
| Advisory ID | Package |
+----------------+---------------------------+
| DSA-4836Ā [80] | openvswitchĀ [81] |
| | |
| DSA-4852Ā [82] | openvswitchĀ [83] |
| | |
| DSA-4906Ā [84] | chromiumĀ [85] |
| | |
| DSA-4911Ā [86] | chromiumĀ [87] |
| | |
| DSA-4917Ā [88] | chromiumĀ [89] |
| | |
| DSA-4981Ā [90] | firefox-esrĀ [91] |
| | |
| DSA-5034Ā [92] | thunderbirdĀ [93] |
| | |
| DSA-5044Ā [94] | firefox-esrĀ [95] |
| | |
| DSA-5045Ā [96] | thunderbirdĀ [97] |
| | |
| DSA-5069Ā [98] | firefox-esrĀ [99] |
| | |
| DSA-5074Ā [100] | thunderbirdĀ [101] |
| | |
| DSA-5077Ā [102] | librecadĀ [103] |
| | |
| DSA-5080Ā [104] | snapdĀ [105] |
| | |
| DSA-5086Ā [106] | thunderbirdĀ [107] |
| | |
| DSA-5090Ā [108] | firefox-esrĀ [109] |
| | |
| DSA-5094Ā [110] | thunderbirdĀ [111] |
| | |
| DSA-5097Ā [112] | firefox-esrĀ [113] |
| | |
| DSA-5106Ā [114] | thunderbirdĀ [115] |
| | |
| DSA-5108Ā [116] | tiffĀ [117] |
| | |
| DSA-5109Ā [118] | faad2Ā [119] |
| | |
| DSA-5111Ā [120] | zlibĀ [121] |
| | |
| DSA-5113Ā [122] | firefox-esrĀ [123] |
| | |
| DSA-5115Ā [124] | webkit2gtkĀ [125] |
| | |
| DSA-5118Ā [126] | thunderbirdĀ [127] |
| | |
| DSA-5119Ā [128] | subversionĀ [129] |
| | |
| DSA-5122Ā [130] | gzipĀ [131] |
| | |
| DSA-5123Ā [132] | xz-utilsĀ [133] |
| | |
| DSA-5126Ā [134] | ffmpegĀ [135] |
| | |
| DSA-5129Ā [136] | firefox-esrĀ [137] |
| | |
| DSA-5131Ā [138] | openjdk-11Ā [139] |
| | |
| DSA-5132Ā [140] | ecdsautilsĀ [141] |
| | |
| DSA-5135Ā [142] | postgresql-11Ā [143] |
| | |
| DSA-5137Ā [144] | needrestartĀ [145] |
| | |
| DSA-5138Ā [146] | waitressĀ [147] |
| | |
| DSA-5139Ā [148] | opensslĀ [149] |
| | |
| DSA-5140Ā [150] | openldapĀ [151] |
| | |
| DSA-5141Ā [152] | thunderbirdĀ [153] |
| | |
| DSA-5142Ā [154] | libxml2Ā [155] |
| | |
| DSA-5143Ā [156] | firefox-esrĀ [157] |
| | |
| DSA-5144Ā [158] | condorĀ [159] |
| | |
| DSA-5145Ā [160] | lrzipĀ [161] |
| | |
| DSA-5147Ā [162] | dpkgĀ [163] |
| | |
| DSA-5149Ā [164] | cupsĀ [165] |
| | |
| DSA-5150Ā [166] | rsyslogĀ [167] |
| | |
| DSA-5151Ā [168] | smarty3Ā [169] |
| | |
| DSA-5152Ā [170] | spipĀ [171] |
| | |
| DSA-5153Ā [172] | trafficserverĀ [173] |
| | |
| DSA-5154Ā [174] | webkit2gtkĀ [175] |
| | |
| DSA-5156Ā [176] | firefox-esrĀ [177] |
| | |
| DSA-5157Ā [178] | cifs-utilsĀ [179] |
| | |
| DSA-5158Ā [180] | thunderbirdĀ [181] |
| | |
| DSA-5159Ā [182] | python-bottleĀ [183] |
| | |
| DSA-5160Ā [184] | ntfs-3gĀ [185] |
| | |
| DSA-5164Ā [186] | exoĀ [187] |
| | |
| DSA-5165Ā [188] | vlcĀ [189] |
| | |
| DSA-5167Ā [190] | firejailĀ [191] |
| | |
| DSA-5169Ā [192] | opensslĀ [193] |
| | |
| DSA-5171Ā [194] | squidĀ [195] |
| | |
| DSA-5172Ā [196] | firefox-esrĀ [197] |
| | |
| DSA-5173Ā [198] | linux-latestĀ [199] |
| | |
| DSA-5173Ā [200] | linux-signed-amd64Ā [201] |
| | |
| DSA-5173Ā [202] | linux-signed-arm64Ā [203] |
| | |
| DSA-5173Ā [204] | linux-signed-i386Ā [205] |
| | |
| DSA-5173Ā [206] | linuxĀ [207] |
| | |
| DSA-5174Ā [208] | gnupg2Ā [209] |
| | |
| DSA-5175Ā [210] | thunderbirdĀ [211] |
| | |
| DSA-5176Ā [212] | blenderĀ [213] |
| | |
| DSA-5178Ā [214] | intel-microcodeĀ [215] |
| | |
| DSA-5181Ā [216] | request-tracker4Ā [217] |
| | |
| DSA-5182Ā [218] | webkit2gtkĀ [219] |
| | |
| DSA-5185Ā [220] | mat2Ā [221] |
| | |
| DSA-5186Ā [222] | djangorestframeworkĀ [223] |
| | |
| DSA-5188Ā [224] | openjdk-11Ā [225] |
| | |
| DSA-5189Ā [226] | gsaslĀ [227] |
| | |
| DSA-5190Ā [228] | spipĀ [229] |
| | |
| DSA-5193Ā [230] | firefox-esrĀ [231] |
| | |
| DSA-5194Ā [232] | boothĀ [233] |
| | |
| DSA-5195Ā [234] | thunderbirdĀ [235] |
| | |
| DSA-5196Ā [236] | libpgjavaĀ [237] |
| | |
+----------------+---------------------------+
80: https://www.debian.org/security/2021/dsa-4836
81: https://packages.debian.org/src:openvswitch
82: https://www.debian.org/security/2021/dsa-4852
83: https://packages.debian.org/src:openvswitch
84: https://www.debian.org/security/2021/dsa-4906
85: https://packages.debian.org/src:chromium
86: https://www.debian.org/security/2021/dsa-4911
87: https://packages.debian.org/src:chromium
88: https://www.debian.org/security/2021/dsa-4917
89: https://packages.debian.org/src:chromium
90: https://www.debian.org/security/2021/dsa-4981
91: https://packages.debian.org/src:firefox-esr
92: https://www.debian.org/security/2022/dsa-5034
93: https://packages.debian.org/src:thunderbird
94: https://www.debian.org/security/2022/dsa-5044
95: https://packages.debian.org/src:firefox-esr
96: https://www.debian.org/security/2022/dsa-5045
97: https://packages.debian.org/src:thunderbird
98: https://www.debian.org/security/2022/dsa-5069
99: https://packages.debian.org/src:firefox-esr
100: https://www.debian.org/security/2022/dsa-5074
101: https://packages.debian.org/src:thunderbird
102: https://www.debian.org/security/2022/dsa-5077
103: https://packages.debian.org/src:librecad
104: https://www.debian.org/security/2022/dsa-5080
105: https://packages.debian.org/src:snapd
106: https://www.debian.org/security/2022/dsa-5086
107: https://packages.debian.org/src:thunderbird
108: https://www.debian.org/security/2022/dsa-5090
109: https://packages.debian.org/src:firefox-esr
110: https://www.debian.org/security/2022/dsa-5094
111: https://packages.debian.org/src:thunderbird
112: https://www.debian.org/security/2022/dsa-5097
113: https://packages.debian.org/src:firefox-esr
114: https://www.debian.org/security/2022/dsa-5106
115: https://packages.debian.org/src:thunderbird
116: https://www.debian.org/security/2022/dsa-5108
117: https://packages.debian.org/src:tiff
118: https://www.debian.org/security/2022/dsa-5109
119: https://packages.debian.org/src:faad2
120: https://www.debian.org/security/2022/dsa-5111
121: https://packages.debian.org/src:zlib
122: https://www.debian.org/security/2022/dsa-5113
123: https://packages.debian.org/src:firefox-esr
124: https://www.debian.org/security/2022/dsa-5115
125: https://packages.debian.org/src:webkit2gtk
126: https://www.debian.org/security/2022/dsa-5118
127: https://packages.debian.org/src:thunderbird
128: https://www.debian.org/security/2022/dsa-5119
129: https://packages.debian.org/src:subversion
130: https://www.debian.org/security/2022/dsa-5122
131: https://packages.debian.org/src:gzip
132: https://www.debian.org/security/2022/dsa-5123
133: https://packages.debian.org/src:xz-utils
134: https://www.debian.org/security/2022/dsa-5126
135: https://packages.debian.org/src:ffmpeg
136: https://www.debian.org/security/2022/dsa-5129
137: https://packages.debian.org/src:firefox-esr
138: https://www.debian.org/security/2022/dsa-5131
139: https://packages.debian.org/src:openjdk-11
140: https://www.debian.org/security/2022/dsa-5132
141: https://packages.debian.org/src:ecdsautils
142: https://www.debian.org/security/2022/dsa-5135
143: https://packages.debian.org/src:postgresql-11
144: https://www.debian.org/security/2022/dsa-5137
145: https://packages.debian.org/src:needrestart
146: https://www.debian.org/security/2022/dsa-5138
147: https://packages.debian.org/src:waitress
148: https://www.debian.org/security/2022/dsa-5139
149: https://packages.debian.org/src:openssl
150: https://www.debian.org/security/2022/dsa-5140
151: https://packages.debian.org/src:openldap
152: https://www.debian.org/security/2022/dsa-5141
153: https://packages.debian.org/src:thunderbird
154: https://www.debian.org/security/2022/dsa-5142
155: https://packages.debian.org/src:libxml2
156: https://www.debian.org/security/2022/dsa-5143
157: https://packages.debian.org/src:firefox-esr
158: https://www.debian.org/security/2022/dsa-5144
159: https://packages.debian.org/src:condor
160: https://www.debian.org/security/2022/dsa-5145
161: https://packages.debian.org/src:lrzip
162: https://www.debian.org/security/2022/dsa-5147
163: https://packages.debian.org/src:dpkg
164: https://www.debian.org/security/2022/dsa-5149
165: https://packages.debian.org/src:cups
166: https://www.debian.org/security/2022/dsa-5150
167: https://packages.debian.org/src:rsyslog
168: https://www.debian.org/security/2022/dsa-5151
169: https://packages.debian.org/src:smarty3
170: https://www.debian.org/security/2022/dsa-5152
171: https://packages.debian.org/src:spip
172: https://www.debian.org/security/2022/dsa-5153
173: https://packages.debian.org/src:trafficserver
174: https://www.debian.org/security/2022/dsa-5154
175: https://packages.debian.org/src:webkit2gtk
176: https://www.debian.org/security/2022/dsa-5156
177: https://packages.debian.org/src:firefox-esr
178: https://www.debian.org/security/2022/dsa-5157
179: https://packages.debian.org/src:cifs-utils
180: https://www.debian.org/security/2022/dsa-5158
181: https://packages.debian.org/src:thunderbird
182: https://www.debian.org/security/2022/dsa-5159
183: https://packages.debian.org/src:python-bottle
184: https://www.debian.org/security/2022/dsa-5160
185: https://packages.debian.org/src:ntfs-3g
186: https://www.debian.org/security/2022/dsa-5164
187: https://packages.debian.org/src:exo
188: https://www.debian.org/security/2022/dsa-5165
189: https://packages.debian.org/src:vlc
190: https://www.debian.org/security/2022/dsa-5167
191: https://packages.debian.org/src:firejail
192: https://www.debian.org/security/2022/dsa-5169
193: https://packages.debian.org/src:openssl
194: https://www.debian.org/security/2022/dsa-5171
195: https://packages.debian.org/src:squid
196: https://www.debian.org/security/2022/dsa-5172
197: https://packages.debian.org/src:firefox-esr
198: https://www.debian.org/security/2022/dsa-5173
199: https://packages.debian.org/src:linux-latest
200: https://www.debian.org/security/2022/dsa-5173
201: https://packages.debian.org/src:linux-signed-amd64
202: https://www.debian.org/security/2022/dsa-5173
203: https://packages.debian.org/src:linux-signed-arm64
204: https://www.debian.org/security/2022/dsa-5173
205: https://packages.debian.org/src:linux-signed-i386
206: https://www.debian.org/security/2022/dsa-5173
207: https://packages.debian.org/src:linux
208: https://www.debian.org/security/2022/dsa-5174
209: https://packages.debian.org/src:gnupg2
210: https://www.debian.org/security/2022/dsa-5175
211: https://packages.debian.org/src:thunderbird
212: https://www.debian.org/security/2022/dsa-5176
213: https://packages.debian.org/src:blender
214: https://www.debian.org/security/2022/dsa-5178
215: https://packages.debian.org/src:intel-microcode
216: https://www.debian.org/security/2022/dsa-5181
217: https://packages.debian.org/src:request-tracker4
218: https://www.debian.org/security/2022/dsa-5182
219: https://packages.debian.org/src:webkit2gtk
220: https://www.debian.org/security/2022/dsa-5185
221: https://packages.debian.org/src:mat2
222: https://www.debian.org/security/2022/dsa-5186
223: https://packages.debian.org/src:djangorestframework
224: https://www.debian.org/security/2022/dsa-5188
225: https://packages.debian.org/src:openjdk-11
226: https://www.debian.org/security/2022/dsa-5189
227: https://packages.debian.org/src:gsasl
228: https://www.debian.org/security/2022/dsa-5190
229: https://packages.debian.org/src:spip
230: https://www.debian.org/security/2022/dsa-5193
231: https://packages.debian.org/src:firefox-esr
232: https://www.debian.org/security/2022/dsa-5194
233: https://packages.debian.org/src:booth
234: https://www.debian.org/security/2022/dsa-5195
235: https://packages.debian.org/src:thunderbird
236: https://www.debian.org/security/2022/dsa-5196
237: https://packages.debian.org/src:libpgjava
Removed packages
----------------
The following packages were removed due to circumstances beyond our
control:
+--------------------------+-------------------------------+
| Package | Reason |
+--------------------------+-------------------------------+
| elogĀ [238] | Unmaintained; security issues |
| | |
| libnet-amazon-perlĀ [239] | Depends on removed API |
| | |
+--------------------------+-------------------------------+
238: https://packages.debian.org/src:elog
239: https://packages.debian.org/src:libnet-amazon-perl
Debian Installer
----------------
The installer has been updated to include the fixes incorporated into
oldstable by the point release.
URLs
----
The complete lists of packages that have changed with this revision:
https://deb.debian.org/debian/dists/buster/ChangeLog
The current oldstable distribution:
https://deb.debian.org/debian/dists/oldstable/
Proposed updates to the oldstable distribution:
https://deb.debian.org/debian/dists/oldstable-proposed-updates
oldstable distribution information (release notes, errata etc.):
https://www.debian.org/releases/oldstable/
Security announcements and information:
https://www.debian.org/security/
About Debian
------------
The Debian Project is an association of Free Software developers who
volunteer their time and effort in order to produce the completely free
operating system Debian.
Contact Information
-------------------
For further information, please visit the Debian web pages at
https://www.debian.org/, send mail to <pr...@debian.org>, or contact the
stable release team at <debian-...@lists.debian.org>.
0 new messages