info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Updated Debian 11: 11.3 released
1 view
Skip to first unread message
Laura Arjona Reina
Mar 26, 2022, 1:20:03āÆPM3/26/22
to
------------------------------------------------------------------------
The Debian Project https://www.debian.org/
Updated Debian 11: 11.3 released pr...@debian.org
March 26th, 2022 https://www.debian.org/News/2022/20220326
------------------------------------------------------------------------
The Debian project is pleased to announce the third update of its stable
distribution Debian 11 (codename "bullseye"). This point release mainly
adds corrections for security issues, along with a few adjustments for
serious problems. Security advisories have already been published
separately and are referenced where available.
Please note that the point release does not constitute a new version of
Debian 11 but only updates some of the packages included. There is no
need to throw away old "bullseye" media. After installation, packages
can be upgraded to the current versions using an up-to-date Debian
mirror.
Those who frequently install updates from security.debian.org won't have
to update many packages, and most such updates are included in the point
release.
New installation images will be available soon at the regular locations.
Upgrading an existing installation to this revision can be achieved by
pointing the package management system at one of Debian's many HTTP
mirrors. A comprehensive list of mirrors is available at:
https://www.debian.org/mirror/list
Miscellaneous Bugfixes
----------------------
This stable update adds a few important corrections to the following
packages:
+--------------------------+------------------------------------------+
| Package | Reason |
+--------------------------+------------------------------------------+
| apache-log4j1.2Ā [1] | Resolve security issues [CVE-2021-4104 |
| | CVE-2022-23302 CVE-2022-23305 CVE-2022- |
| | 23307], by removing support for the |
| | JMSSink, JDBCAppender, JMSAppender and |
| | Apache Chainsaw modules |
| | |
| apache-log4j2Ā [2] | Fix remote code execution issue |
| | [CVE-2021-44832] |
| | |
| apache2Ā [3] | New upstream release; fix crash due to |
| | random memory read [CVE-2022-22719]; fix |
| | HTTP request smuggling issue [CVE-2022- |
| | 22720]; fix out-of-bounds write issues |
| | [CVE-2022-22721 CVE-2022-23943] |
| | |
| atftpĀ [4] | Fix information leak issue [CVE-2021- |
| | 46671] |
| | |
| base-filesĀ [5] | Update for the 11.3 point release |
| | |
| bible-kjvĀ [6] | Fix off-by-one-error in search |
| | |
| chronyĀ [7] | Allow reading the chronyd configuration |
| | file that timemaster(8) generates |
| | |
| cinnamonĀ [8] | Fix crash when adding an online account |
| | with login |
| | |
| clamavĀ [9] | New upstream stable release; fix denial |
| | of service issue [CVE-2022-20698] |
| | |
| cups-filtersĀ [10] | Apparmor: allow reading from Debian |
| | Edu's cups-browsed configuration file |
| | |
| dask.distributedĀ [11] | Fix undesired listening of workers on |
| | public interfaces [CVE-2021-42343]; fix |
| | compatibility with Python 3.9 |
| | |
| debian-installerĀ [12] | Rebuild against proposed-updates; update |
| | Linux kernel ABI to 5.10.0-13 |
| | |
| debian-installer- | Rebuild against proposed-updates |
| netboot-imagesĀ [13] | |
| | |
| debian-ports-archive- | Add "Debian Ports Archive Automatic |
| keyringĀ [14] | Signing Key (2023)" ; move the |
| | 2021 signing key to the removed keyring |
| | |
| django-allauthĀ [15] | Fix OpenID support |
| | |
| djbdnsĀ [16] | Raise the axfrdns, dnscache, and tinydns |
| | data limit |
| | |
| dpdkĀ [17] | New upstream stable release |
| | |
| e2guardianĀ [18] | Fix missing SSL certificate validation |
| | issue [CVE-2021-44273] |
| | |
| epiphany-browserĀ [19] | Work around a bug in GLib, fixing a UI |
| | process crash |
| | |
| espeak-ngĀ [20] | Drop spurious 50ms delay while |
| | processing events |
| | |
| espeakupĀ [21] | debian/espeakup.service: Protect |
| | espeakup from system overloads |
| | |
| fcitx5-chinese- | fcitx5-table: add missing dependencies |
| addonsĀ [22] | on fcitx5-module-pinyinhelper and |
| | fcitx5-module-punctuation |
| | |
| flacĀ [23] | Fix out-of-bounds write issue [CVE-2021- |
| | 0561] |
| | |
| freerdp2Ā [24] | Disable additional debug logging |
| | |
| galera-3Ā [25] | New upstream release |
| | |
| galera-4Ā [26] | New upstream release |
| | |
| gbondsĀ [27] | Use Treasury API for redemption data |
| | |
| glewlwydĀ [28] | Fix possible privilege escalation |
| | |
| glibcĀ [29] | Fix bad conversion from ISO-2022-JP-3 |
| | with iconv [CVE-2021-43396]; fix buffer |
| | overflow issues [CVE-2022-23218 |
| | CVE-2022-23219]; fix use-after-free |
| | issue [CVE-2021-33574]; stop replacing |
| | older versions of /etc/nsswitch.conf; |
| | simplify the check for supported kernel |
| | versions, as 2.x kernels are no longer |
| | supported; support installation on |
| | kernels with a release number greater |
| | than 255 |
| | |
| glx-alternativesĀ [30] | After initial setup of the diversions, |
| | install a minimal alternative to the |
| | diverted files so that libraries are not |
| | missing until glx-alternative-mesa |
| | processes its triggers |
| | |
| gnupg2Ā [31] | scd: Fix CCID driver for SCM SPR332/ |
| | SPR532; avoid network interaction in |
| | generator, which can lead to hangs |
| | |
| gnuplotĀ [32] | Fix division by zero [CVE-2021-44917] |
| | |
| golang-1.15Ā [33] | Fix IsOnCurve for big.Int values that |
| | are not valid coordinates [CVE-2022- |
| | 23806]; math/big: prevent large memory |
| | consumption in Rat.SetString [CVE-2022- |
| | 23772]; cmd/go: prevent branches from |
| | materializing into versions [CVE-2022- |
| | 23773]; fix stack exhaustion compiling |
| | deeply nested expressions [CVE-2022- |
| | 24921] |
| | |
| golang-github- | Update seccomp support to enable use of |
| containers-commonĀ [34] | newer kernel versions |
| | |
| golang-github- | Update seccomp support to enable use of |
| opencontainers- | newer kernel versions |
| specsĀ [35] | |
| | |
| gtk+3.0Ā [36] | Fix missing search results when using |
| | NFS; prevent Wayland clipboard handling |
| | from locking up in certain corner cases; |
| | improve printing to mDNS-discovered |
| | printers |
| | |
| heartbeatĀ [37] | Fix creation of /run/heartbeat on |
| | systems using systemd |
| | |
| htmldocĀ [38] | Fix out-of-bounds read issue [CVE-2022- |
| | 0534] |
| | |
| installation-guideĀ [39] | Update documentation and translations |
| | |
| intel-microcodeĀ [40] | Update included microcode; mitigate some |
| | security issues [CVE-2020-8694 CVE-2020- |
| | 8695 CVE-2021-0127 CVE-2021-0145 |
| | CVE-2021-0146 CVE-2021-33120] |
| | |
| ldap2zoneĀ [41] | Use "mktemp" rather than the |
| | deprecated "tempfile" , avoiding |
| | warnings |
| | |
| lemonldap-ngĀ [42] | Fix auth process in password-testing |
| | plugins [CVE-2021-40874] |
| | |
| libarchiveĀ [43] | Fix extracting hardlinks to symlinks; |
| | fix handling of symlink ACLs [CVE-2021- |
| | 23177]; never follow symlinks when |
| | setting file flags [CVE-2021-31566] |
| | |
| libdatetime-timezone- | Update included data |
| perlĀ [44] | |
| | |
| libgdal-grassĀ [45] | Rebuild against grass 7.8.5-1+deb11u1 |
| | |
| libpodĀ [46] | Update seccomp support to enable use of |
| | newer kernel versions |
| | |
| libxml2Ā [47] | Fix use-after-free issue [CVE-2022- |
| | 23308] |
| | |
| linuxĀ [48] | New upstream stable release; [rt] Update |
| | to 5.10.106-rt64; increase ABI to 13 |
| | |
| linux-signed-amd64Ā [49] | New upstream stable release; [rt] Update |
| | to 5.10.106-rt64; increase ABI to 13 |
| | |
| linux-signed-arm64Ā [50] | New upstream stable release; [rt] Update |
| | to 5.10.106-rt64; increase ABI to 13 |
| | |
| linux-signed-i386Ā [51] | New upstream stable release; [rt] Update |
| | to 5.10.106-rt64; increase ABI to 13 |
| | |
| mariadb-10.5Ā [52] | New upstream release; security fixes |
| | [CVE-2021-35604 CVE-2021-46659 CVE-2021- |
| | 46661 CVE-2021-46662 CVE-2021-46663 |
| | CVE-2021-46664 CVE-2021-46665 CVE-2021- |
| | 46667 CVE-2021-46668 CVE-2022-24048 |
| | CVE-2022-24050 CVE-2022-24051 CVE-2022- |
| | 24052] |
| | |
| mpichĀ [53] | Add Breaks: on older versions of |
| | libmpich1.0-dev, resolving some upgrade |
| | issues |
| | |
| mujsĀ [54] | Fix buffer overflow issue [CVE-2021- |
| | 45005] |
| | |
| mutterĀ [55] | Backport various fixes from upstream's |
| | stable branch |
| | |
| node-cached-path- | Fix prototype pollution issue [CVE-2021- |
| relativeĀ [56] | 23518] |
| | |
| node-fetchĀ [57] | Don't forward secure headers to third |
| | party domains [CVE-2022-0235] |
| | |
| node-follow- | Don't send Cookie header across domains |
| redirectsĀ [58] | [CVE-2022-0155]; don't send confidential |
| | headers across schemes [CVE-2022-0536] |
| | |
| node-markdown-itĀ [59] | Fix regular expression-based denial of |
| | service issue [CVE-2022-21670] |
| | |
| node-nth-checkĀ [60] | Fix regular expression-based denial of |
| | service issue [CVE-2021-3803] |
| | |
| node-prismjsĀ [61] | Escape markup in command line output |
| | [CVE-2022-23647]; update minified files |
| | to ensure that Regular Expression Denial |
| | of Service issue is resolved [CVE-2021- |
| | 3801] |
| | |
| node-trim-newlinesĀ [62] | Fix regular expression-based denial of |
| | service issue [CVE-2021-33623] |
| | |
| nvidia-cuda-toolkitĀ [63] | cuda-gdb: Disable non-functional python |
| | support causing segmentation faults; use |
| | a snapshot of openjdk-8-jre (8u312-b07- |
| | 1) |
| | |
| nvidia-graphics-drivers- | New upstream release; fix denial of |
| tesla-450Ā [64] | service issues [CVE-2022-21813 CVE-2022- |
| | 21814]; nvidia-kernel-support: Provide / |
| | etc/modprobe.d/nvidia-options.conf as a |
| | template |
| | |
| nvidia-modprobeĀ [65] | New upstream release |
| | |
| openboardĀ [66] | Fix application icon |
| | |
| opensslĀ [67] | New upstream release; fix armv8 pointer |
| | authentication |
| | |
| openvswitchĀ [68] | Fix use-after-free issue [CVE-2021- |
| | 36980]; fix installation of libofproto |
| | |
| ostreeĀ [69] | Fix compatibility with eCryptFS; avoid |
| | infinite recursion when recovering from |
| | certain errors; mark commits as partial |
| | before downloading; fix an assertion |
| | failure when using a backport or local |
| | build of GLib >= 2.71; fix the ability |
| | to fetch OSTree content from paths |
| | containing non-URI characters (such as |
| | backslashes) or non-ASCII |
| | |
| pdb2pqrĀ [70] | Fix compatibility of propka with Python |
| | 3.8 or above |
| | |
| php-crypt-gpgĀ [71] | Prevent additional options being passed |
| | to GPG [CVE-2022-24953] |
| | |
| php-laravel- | Fix cross-site scripting issue |
| frameworkĀ [72] | [CVE-2021-43808], missing blocking of |
| | executable content upload [CVE-2021- |
| | 43617] |
| | |
| phpliteadminĀ [73] | Fix cross-site scripting issue |
| | [CVE-2021-46709] |
| | |
| pripsĀ [74] | Fix infinite wrapping if a range reaches |
| | 255.255.255.255; fix CIDR output with |
| | addresses that differ in their first bit |
| | |
| pypy3Ā [75] | Fix build failures by removing |
| | extraneous #endif from import.h |
| | |
| python-djangoĀ [76] | Fix denial of service issue [CVE-2021- |
| | 45115], information disclosure issue |
| | [CVE-2021-45116], directory traversal |
| | issue [CVE-2021-45452]; fix a traceback |
| | around the handling of RequestSite/ |
| | get_current_site() due to a circular |
| | import |
| | |
| python-pipĀ [77] | Avoid a race-condition when using zip- |
| | imported dependencies |
| | |
| rust-cbindgenĀ [78] | New upstream stable release to support |
| | builds of newer firefox-esr and |
| | thunderbird versions |
| | |
| s390-dasdĀ [79] | Stop passing deprecated -f option to |
| | dasdfmt |
| | |
| schleuderĀ [80] | Migrate boolean values to integers, if |
| | the ActiveRecord SQLite3 connection |
| | adapter is in use, restoring |
| | functionality |
| | |
| sphinx-bootstrap- | Fix search functionality |
| themeĀ [81] | |
| | |
| spipĀ [82] | Fix several cross-site scripting issues |
| | |
| symfonyĀ [83] | Fix CVE injection issue [CVE-2021-41270] |
| | |
| systemdĀ [84] | Fix uncontrolled recursion in systemd- |
| | tmpfiles [CVE-2021-3997]; demote |
| | systemd-timesyncd from Depends to |
| | Recommends, removing a dependency cycle; |
| | fix failure to bind mount a directory |
| | into a container using machinectl; fix |
| | regression in udev resulting in long |
| | delays when processing partitions with |
| | the same label; fix a regression when |
| | using systemd-networkd in an |
| | unprivileged LXD container |
| | |
| sysvinitĀ [85] | Fix parsing of "shutdown +0" ; clarify |
| | that when called with a "time" |
| | shutdown will not exit |
| | |
| taskselĀ [86] | Install CUPS for all *-desktop tasks, as |
| | task-print-service no longer exists |
| | |
| usb.idsĀ [87] | Update included data |
| | |
| weechatĀ [88] | Fix denial of service issue [CVE-2021- |
| | 40516] |
| | |
| wolfsslĀ [89] | Fix several issues related to OCSP- |
| | handling [CVE-2021-3336 CVE-2021-37155 |
| | CVE-2021-38597] and TLS1.3 support |
| | [CVE-2021-44718 CVE-2022-25638 CVE-2022- |
| | 25640] |
| | |
| xserver-xorg-video- | Fix SIGILL crash on non-SSE2 CPUs |
| intelĀ [90] | |
| | |
| xtermĀ [91] | Fix buffer overflow issue [CVE-2022- |
| | 24130] |
| | |
| zziplibĀ [92] | Fix denial of service issue [CVE-2020- |
| | 18442] |
| | |
+--------------------------+------------------------------------------+
1: https://packages.debian.org/src:apache-log4j1.2
2: https://packages.debian.org/src:apache-log4j2
3: https://packages.debian.org/src:apache2
4: https://packages.debian.org/src:atftp
5: https://packages.debian.org/src:base-files
6: https://packages.debian.org/src:bible-kjv
7: https://packages.debian.org/src:chrony
8: https://packages.debian.org/src:cinnamon
9: https://packages.debian.org/src:clamav
10: https://packages.debian.org/src:cups-filters
11: https://packages.debian.org/src:dask.distributed
12: https://packages.debian.org/src:debian-installer
13: https://packages.debian.org/src:debian-installer-netboot-images
14: https://packages.debian.org/src:debian-ports-archive-keyring
15: https://packages.debian.org/src:django-allauth
16: https://packages.debian.org/src:djbdns
17: https://packages.debian.org/src:dpdk
18: https://packages.debian.org/src:e2guardian
19: https://packages.debian.org/src:epiphany-browser
20: https://packages.debian.org/src:espeak-ng
21: https://packages.debian.org/src:espeakup
22: https://packages.debian.org/src:fcitx5-chinese-addons
23: https://packages.debian.org/src:flac
24: https://packages.debian.org/src:freerdp2
25: https://packages.debian.org/src:galera-3
26: https://packages.debian.org/src:galera-4
27: https://packages.debian.org/src:gbonds
28: https://packages.debian.org/src:glewlwyd
29: https://packages.debian.org/src:glibc
30: https://packages.debian.org/src:glx-alternatives
31: https://packages.debian.org/src:gnupg2
32: https://packages.debian.org/src:gnuplot
33: https://packages.debian.org/src:golang-1.15
34: https://packages.debian.org/src:golang-github-containers-common
35: https://packages.debian.org/src:golang-github-opencontainers-specs
36: https://packages.debian.org/src:gtk+3.0
37: https://packages.debian.org/src:heartbeat
38: https://packages.debian.org/src:htmldoc
39: https://packages.debian.org/src:installation-guide
40: https://packages.debian.org/src:intel-microcode
41: https://packages.debian.org/src:ldap2zone
42: https://packages.debian.org/src:lemonldap-ng
43: https://packages.debian.org/src:libarchive
44: https://packages.debian.org/src:libdatetime-timezone-perl
45: https://packages.debian.org/src:libgdal-grass
46: https://packages.debian.org/src:libpod
47: https://packages.debian.org/src:libxml2
48: https://packages.debian.org/src:linux
49: https://packages.debian.org/src:linux-signed-amd64
50: https://packages.debian.org/src:linux-signed-arm64
51: https://packages.debian.org/src:linux-signed-i386
52: https://packages.debian.org/src:mariadb-10.5
53: https://packages.debian.org/src:mpich
54: https://packages.debian.org/src:mujs
55: https://packages.debian.org/src:mutter
56: https://packages.debian.org/src:node-cached-path-relative
57: https://packages.debian.org/src:node-fetch
58: https://packages.debian.org/src:node-follow-redirects
59: https://packages.debian.org/src:node-markdown-it
60: https://packages.debian.org/src:node-nth-check
61: https://packages.debian.org/src:node-prismjs
62: https://packages.debian.org/src:node-trim-newlines
63: https://packages.debian.org/src:nvidia-cuda-toolkit
64: https://packages.debian.org/src:nvidia-graphics-drivers-tesla-450
65: https://packages.debian.org/src:nvidia-modprobe
66: https://packages.debian.org/src:openboard
67: https://packages.debian.org/src:openssl
68: https://packages.debian.org/src:openvswitch
69: https://packages.debian.org/src:ostree
70: https://packages.debian.org/src:pdb2pqr
71: https://packages.debian.org/src:php-crypt-gpg
72: https://packages.debian.org/src:php-laravel-framework
73: https://packages.debian.org/src:phpliteadmin
74: https://packages.debian.org/src:prips
75: https://packages.debian.org/src:pypy3
76: https://packages.debian.org/src:python-django
77: https://packages.debian.org/src:python-pip
78: https://packages.debian.org/src:rust-cbindgen
79: https://packages.debian.org/src:s390-dasd
80: https://packages.debian.org/src:schleuder
81: https://packages.debian.org/src:sphinx-bootstrap-theme
82: https://packages.debian.org/src:spip
83: https://packages.debian.org/src:symfony
84: https://packages.debian.org/src:systemd
85: https://packages.debian.org/src:sysvinit
86: https://packages.debian.org/src:tasksel
87: https://packages.debian.org/src:usb.ids
88: https://packages.debian.org/src:weechat
89: https://packages.debian.org/src:wolfssl
90: https://packages.debian.org/src:xserver-xorg-video-intel
91: https://packages.debian.org/src:xterm
92: https://packages.debian.org/src:zziplib
Security Updates
----------------
This revision adds the following security updates to the stable release.
The Security Team has already released an advisory for each of these
updates:
+----------------+--------------------------+
| Advisory ID | Package |
+----------------+--------------------------+
| DSA-5000Ā [93] | openjdk-11Ā [94] |
| | |
| DSA-5001Ā [95] | redisĀ [96] |
| | |
| DSA-5012Ā [97] | openjdk-17Ā [98] |
| | |
| DSA-5021Ā [99] | mediawikiĀ [100] |
| | |
| DSA-5023Ā [101] | modsecurity-apacheĀ [102] |
| | |
| DSA-5024Ā [103] | apache-log4j2Ā [104] |
| | |
| DSA-5025Ā [105] | tangĀ [106] |
| | |
| DSA-5027Ā [107] | xorg-serverĀ [108] |
| | |
| DSA-5028Ā [109] | spipĀ [110] |
| | |
| DSA-5029Ā [111] | sogoĀ [112] |
| | |
| DSA-5030Ā [113] | webkit2gtkĀ [114] |
| | |
| DSA-5031Ā [115] | wpewebkitĀ [116] |
| | |
| DSA-5033Ā [117] | fort-validatorĀ [118] |
| | |
| DSA-5035Ā [119] | apache2Ā [120] |
| | |
| DSA-5037Ā [121] | roundcubeĀ [122] |
| | |
| DSA-5038Ā [123] | ghostscriptĀ [124] |
| | |
| DSA-5039Ā [125] | wordpressĀ [126] |
| | |
| DSA-5040Ā [127] | lighttpdĀ [128] |
| | |
| DSA-5041Ā [129] | cfrpkiĀ [130] |
| | |
| DSA-5042Ā [131] | epiphany-browserĀ [132] |
| | |
| DSA-5043Ā [133] | lxmlĀ [134] |
| | |
| DSA-5046Ā [135] | chromiumĀ [136] |
| | |
| DSA-5047Ā [137] | prosodyĀ [138] |
| | |
| DSA-5048Ā [139] | libreswanĀ [140] |
| | |
| DSA-5049Ā [141] | flatpak-builderĀ [142] |
| | |
| DSA-5049Ā [143] | flatpakĀ [144] |
| | |
| DSA-5050Ā [145] | linux-signed-amd64Ā [146] |
| | |
| DSA-5050Ā [147] | linux-signed-arm64Ā [148] |
| | |
| DSA-5050Ā [149] | linux-signed-i386Ā [150] |
| | |
| DSA-5050Ā [151] | linuxĀ [152] |
| | |
| DSA-5051Ā [153] | aideĀ [154] |
| | |
| DSA-5052Ā [155] | usbviewĀ [156] |
| | |
| DSA-5053Ā [157] | pillowĀ [158] |
| | |
| DSA-5054Ā [159] | chromiumĀ [160] |
| | |
| DSA-5055Ā [161] | util-linuxĀ [162] |
| | |
| DSA-5056Ā [163] | strongswanĀ [164] |
| | |
| DSA-5057Ā [165] | openjdk-11Ā [166] |
| | |
| DSA-5058Ā [167] | openjdk-17Ā [168] |
| | |
| DSA-5059Ā [169] | policykit-1Ā [170] |
| | |
| DSA-5060Ā [171] | webkit2gtkĀ [172] |
| | |
| DSA-5061Ā [173] | wpewebkitĀ [174] |
| | |
| DSA-5062Ā [175] | nssĀ [176] |
| | |
| DSA-5063Ā [177] | uriparserĀ [178] |
| | |
| DSA-5064Ā [179] | python-nbxmppĀ [180] |
| | |
| DSA-5065Ā [181] | ipythonĀ [182] |
| | |
| DSA-5067Ā [183] | ruby2.7Ā [184] |
| | |
| DSA-5068Ā [185] | chromiumĀ [186] |
| | |
| DSA-5070Ā [187] | cryptsetupĀ [188] |
| | |
| DSA-5071Ā [189] | sambaĀ [190] |
| | |
| DSA-5072Ā [191] | debian-edu-configĀ [192] |
| | |
| DSA-5073Ā [193] | expatĀ [194] |
| | |
| DSA-5075Ā [195] | minetestĀ [196] |
| | |
| DSA-5076Ā [197] | h2databaseĀ [198] |
| | |
| DSA-5077Ā [199] | librecadĀ [200] |
| | |
| DSA-5078Ā [201] | zshĀ [202] |
| | |
| DSA-5079Ā [203] | chromiumĀ [204] |
| | |
| DSA-5080Ā [205] | snapdĀ [206] |
| | |
| DSA-5081Ā [207] | redisĀ [208] |
| | |
| DSA-5082Ā [209] | php7.4Ā [210] |
| | |
| DSA-5083Ā [211] | webkit2gtkĀ [212] |
| | |
| DSA-5084Ā [213] | wpewebkitĀ [214] |
| | |
| DSA-5085Ā [215] | expatĀ [216] |
| | |
| DSA-5087Ā [217] | cyrus-sasl2Ā [218] |
| | |
| DSA-5088Ā [219] | varnishĀ [220] |
| | |
| DSA-5089Ā [221] | chromiumĀ [222] |
| | |
| DSA-5091Ā [223] | containerdĀ [224] |
| | |
| DSA-5092Ā [225] | linux-signed-amd64Ā [226] |
| | |
| DSA-5092Ā [227] | linux-signed-arm64Ā [228] |
| | |
| DSA-5092Ā [229] | linux-signed-i386Ā [230] |
| | |
| DSA-5092Ā [231] | linuxĀ [232] |
| | |
| DSA-5093Ā [233] | spipĀ [234] |
| | |
| DSA-5095Ā [235] | linux-signed-amd64Ā [236] |
| | |
| DSA-5095Ā [237] | linux-signed-arm64Ā [238] |
| | |
| DSA-5095Ā [239] | linux-signed-i386Ā [240] |
| | |
| DSA-5095Ā [241] | linuxĀ [242] |
| | |
| DSA-5098Ā [243] | tryton-serverĀ [244] |
| | |
| DSA-5099Ā [245] | tryton-proteusĀ [246] |
| | |
| DSA-5100Ā [247] | nbdĀ [248] |
| | |
| DSA-5101Ā [249] | libphp-adodbĀ [250] |
| | |
| DSA-5102Ā [251] | haproxyĀ [252] |
| | |
| DSA-5103Ā [253] | opensslĀ [254] |
| | |
| DSA-5104Ā [255] | chromiumĀ [256] |
| | |
| DSA-5105Ā [257] | bind9Ā [258] |
| | |
+----------------+--------------------------+
93: https://www.debian.org/security/2021/dsa-5000
94: https://packages.debian.org/src:openjdk-11
95: https://www.debian.org/security/2021/dsa-5001
96: https://packages.debian.org/src:redis
97: https://www.debian.org/security/2021/dsa-5012
98: https://packages.debian.org/src:openjdk-17
99: https://www.debian.org/security/2021/dsa-5021
100: https://packages.debian.org/src:mediawiki
101: https://www.debian.org/security/2021/dsa-5023
102: https://packages.debian.org/src:modsecurity-apache
103: https://www.debian.org/security/2021/dsa-5024
104: https://packages.debian.org/src:apache-log4j2
105: https://www.debian.org/security/2021/dsa-5025
106: https://packages.debian.org/src:tang
107: https://www.debian.org/security/2021/dsa-5027
108: https://packages.debian.org/src:xorg-server
109: https://www.debian.org/security/2021/dsa-5028
110: https://packages.debian.org/src:spip
111: https://www.debian.org/security/2021/dsa-5029
112: https://packages.debian.org/src:sogo
113: https://www.debian.org/security/2021/dsa-5030
114: https://packages.debian.org/src:webkit2gtk
115: https://www.debian.org/security/2021/dsa-5031
116: https://packages.debian.org/src:wpewebkit
117: https://www.debian.org/security/2021/dsa-5033
118: https://packages.debian.org/src:fort-validator
119: https://www.debian.org/security/2022/dsa-5035
120: https://packages.debian.org/src:apache2
121: https://www.debian.org/security/2022/dsa-5037
122: https://packages.debian.org/src:roundcube
123: https://www.debian.org/security/2022/dsa-5038
124: https://packages.debian.org/src:ghostscript
125: https://www.debian.org/security/2022/dsa-5039
126: https://packages.debian.org/src:wordpress
127: https://www.debian.org/security/2022/dsa-5040
128: https://packages.debian.org/src:lighttpd
129: https://www.debian.org/security/2022/dsa-5041
130: https://packages.debian.org/src:cfrpki
131: https://www.debian.org/security/2022/dsa-5042
132: https://packages.debian.org/src:epiphany-browser
133: https://www.debian.org/security/2022/dsa-5043
134: https://packages.debian.org/src:lxml
135: https://www.debian.org/security/2022/dsa-5046
136: https://packages.debian.org/src:chromium
137: https://www.debian.org/security/2022/dsa-5047
138: https://packages.debian.org/src:prosody
139: https://www.debian.org/security/2022/dsa-5048
140: https://packages.debian.org/src:libreswan
141: https://www.debian.org/security/2022/dsa-5049
142: https://packages.debian.org/src:flatpak-builder
143: https://www.debian.org/security/2022/dsa-5049
144: https://packages.debian.org/src:flatpak
145: https://www.debian.org/security/2022/dsa-5050
146: https://packages.debian.org/src:linux-signed-amd64
147: https://www.debian.org/security/2022/dsa-5050
148: https://packages.debian.org/src:linux-signed-arm64
149: https://www.debian.org/security/2022/dsa-5050
150: https://packages.debian.org/src:linux-signed-i386
151: https://www.debian.org/security/2022/dsa-5050
152: https://packages.debian.org/src:linux
153: https://www.debian.org/security/2022/dsa-5051
154: https://packages.debian.org/src:aide
155: https://www.debian.org/security/2022/dsa-5052
156: https://packages.debian.org/src:usbview
157: https://www.debian.org/security/2022/dsa-5053
158: https://packages.debian.org/src:pillow
159: https://www.debian.org/security/2022/dsa-5054
160: https://packages.debian.org/src:chromium
161: https://www.debian.org/security/2022/dsa-5055
162: https://packages.debian.org/src:util-linux
163: https://www.debian.org/security/2022/dsa-5056
164: https://packages.debian.org/src:strongswan
165: https://www.debian.org/security/2022/dsa-5057
166: https://packages.debian.org/src:openjdk-11
167: https://www.debian.org/security/2022/dsa-5058
168: https://packages.debian.org/src:openjdk-17
169: https://www.debian.org/security/2022/dsa-5059
170: https://packages.debian.org/src:policykit-1
171: https://www.debian.org/security/2022/dsa-5060
172: https://packages.debian.org/src:webkit2gtk
173: https://www.debian.org/security/2022/dsa-5061
174: https://packages.debian.org/src:wpewebkit
175: https://www.debian.org/security/2022/dsa-5062
176: https://packages.debian.org/src:nss
177: https://www.debian.org/security/2022/dsa-5063
178: https://packages.debian.org/src:uriparser
179: https://www.debian.org/security/2022/dsa-5064
180: https://packages.debian.org/src:python-nbxmpp
181: https://www.debian.org/security/2022/dsa-5065
182: https://packages.debian.org/src:ipython
183: https://www.debian.org/security/2022/dsa-5067
184: https://packages.debian.org/src:ruby2.7
185: https://www.debian.org/security/2022/dsa-5068
186: https://packages.debian.org/src:chromium
187: https://www.debian.org/security/2022/dsa-5070
188: https://packages.debian.org/src:cryptsetup
189: https://www.debian.org/security/2022/dsa-5071
190: https://packages.debian.org/src:samba
191: https://www.debian.org/security/2022/dsa-5072
192: https://packages.debian.org/src:debian-edu-config
193: https://www.debian.org/security/2022/dsa-5073
194: https://packages.debian.org/src:expat
195: https://www.debian.org/security/2022/dsa-5075
196: https://packages.debian.org/src:minetest
197: https://www.debian.org/security/2022/dsa-5076
198: https://packages.debian.org/src:h2database
199: https://www.debian.org/security/2022/dsa-5077
200: https://packages.debian.org/src:librecad
201: https://www.debian.org/security/2022/dsa-5078
202: https://packages.debian.org/src:zsh
203: https://www.debian.org/security/2022/dsa-5079
204: https://packages.debian.org/src:chromium
205: https://www.debian.org/security/2022/dsa-5080
206: https://packages.debian.org/src:snapd
207: https://www.debian.org/security/2022/dsa-5081
208: https://packages.debian.org/src:redis
209: https://www.debian.org/security/2022/dsa-5082
210: https://packages.debian.org/src:php7.4
211: https://www.debian.org/security/2022/dsa-5083
212: https://packages.debian.org/src:webkit2gtk
213: https://www.debian.org/security/2022/dsa-5084
214: https://packages.debian.org/src:wpewebkit
215: https://www.debian.org/security/2022/dsa-5085
216: https://packages.debian.org/src:expat
217: https://www.debian.org/security/2022/dsa-5087
218: https://packages.debian.org/src:cyrus-sasl2
219: https://www.debian.org/security/2022/dsa-5088
220: https://packages.debian.org/src:varnish
221: https://www.debian.org/security/2022/dsa-5089
222: https://packages.debian.org/src:chromium
223: https://www.debian.org/security/2022/dsa-5091
224: https://packages.debian.org/src:containerd
225: https://www.debian.org/security/2022/dsa-5092
226: https://packages.debian.org/src:linux-signed-amd64
227: https://www.debian.org/security/2022/dsa-5092
228: https://packages.debian.org/src:linux-signed-arm64
229: https://www.debian.org/security/2022/dsa-5092
230: https://packages.debian.org/src:linux-signed-i386
231: https://www.debian.org/security/2022/dsa-5092
232: https://packages.debian.org/src:linux
233: https://www.debian.org/security/2022/dsa-5093
234: https://packages.debian.org/src:spip
235: https://www.debian.org/security/2022/dsa-5095
236: https://packages.debian.org/src:linux-signed-amd64
237: https://www.debian.org/security/2022/dsa-5095
238: https://packages.debian.org/src:linux-signed-arm64
239: https://www.debian.org/security/2022/dsa-5095
240: https://packages.debian.org/src:linux-signed-i386
241: https://www.debian.org/security/2022/dsa-5095
242: https://packages.debian.org/src:linux
243: https://www.debian.org/security/2022/dsa-5098
244: https://packages.debian.org/src:tryton-server
245: https://www.debian.org/security/2022/dsa-5099
246: https://packages.debian.org/src:tryton-proteus
247: https://www.debian.org/security/2022/dsa-5100
248: https://packages.debian.org/src:nbd
249: https://www.debian.org/security/2022/dsa-5101
250: https://packages.debian.org/src:libphp-adodb
251: https://www.debian.org/security/2022/dsa-5102
252: https://packages.debian.org/src:haproxy
253: https://www.debian.org/security/2022/dsa-5103
254: https://packages.debian.org/src:openssl
255: https://www.debian.org/security/2022/dsa-5104
256: https://packages.debian.org/src:chromium
257: https://www.debian.org/security/2022/dsa-5105
258: https://packages.debian.org/src:bind9
Removed packages
----------------
The following packages were removed due to circumstances beyond our
control:
+----------------------------+------------------+
| Package | Reason |
+----------------------------+------------------+
| angular-maven-pluginĀ [259] | No longer useful |
| | |
| minify-maven-pluginĀ [260] | No longer useful |
| | |
+----------------------------+------------------+
259: https://packages.debian.org/src:angular-maven-plugin
260: https://packages.debian.org/src:minify-maven-plugin
Debian Installer
----------------
The installer has been updated to include the fixes incorporated into
stable by the point release.
URLs
----
The complete lists of packages that have changed with this revision:
https://deb.debian.org/debian/dists/bullseye/ChangeLog
The current stable distribution:
https://deb.debian.org/debian/dists/stable/
Proposed updates to the stable distribution:
https://deb.debian.org/debian/dists/proposed-updates
stable distribution information (release notes, errata etc.):
https://www.debian.org/releases/stable/
Security announcements and information:
https://www.debian.org/security/
About Debian
------------
The Debian Project is an association of Free Software developers who
volunteer their time and effort in order to produce the completely free
operating system Debian.
Contact Information
-------------------
For further information, please visit the Debian web pages at
https://www.debian.org/, send mail to <pr...@debian.org>, or contact the
stable release team at <debian-...@lists.debian.org>.
The Debian Project https://www.debian.org/
Updated Debian 11: 11.3 released pr...@debian.org
March 26th, 2022 https://www.debian.org/News/2022/20220326
------------------------------------------------------------------------
The Debian project is pleased to announce the third update of its stable
distribution Debian 11 (codename "bullseye"). This point release mainly
adds corrections for security issues, along with a few adjustments for
serious problems. Security advisories have already been published
separately and are referenced where available.
Please note that the point release does not constitute a new version of
Debian 11 but only updates some of the packages included. There is no
need to throw away old "bullseye" media. After installation, packages
can be upgraded to the current versions using an up-to-date Debian
mirror.
Those who frequently install updates from security.debian.org won't have
to update many packages, and most such updates are included in the point
release.
New installation images will be available soon at the regular locations.
Upgrading an existing installation to this revision can be achieved by
pointing the package management system at one of Debian's many HTTP
mirrors. A comprehensive list of mirrors is available at:
https://www.debian.org/mirror/list
Miscellaneous Bugfixes
----------------------
This stable update adds a few important corrections to the following
packages:
+--------------------------+------------------------------------------+
| Package | Reason |
+--------------------------+------------------------------------------+
| apache-log4j1.2Ā [1] | Resolve security issues [CVE-2021-4104 |
| | CVE-2022-23302 CVE-2022-23305 CVE-2022- |
| | 23307], by removing support for the |
| | JMSSink, JDBCAppender, JMSAppender and |
| | Apache Chainsaw modules |
| | |
| apache-log4j2Ā [2] | Fix remote code execution issue |
| | [CVE-2021-44832] |
| | |
| apache2Ā [3] | New upstream release; fix crash due to |
| | random memory read [CVE-2022-22719]; fix |
| | HTTP request smuggling issue [CVE-2022- |
| | 22720]; fix out-of-bounds write issues |
| | [CVE-2022-22721 CVE-2022-23943] |
| | |
| atftpĀ [4] | Fix information leak issue [CVE-2021- |
| | 46671] |
| | |
| base-filesĀ [5] | Update for the 11.3 point release |
| | |
| bible-kjvĀ [6] | Fix off-by-one-error in search |
| | |
| chronyĀ [7] | Allow reading the chronyd configuration |
| | file that timemaster(8) generates |
| | |
| cinnamonĀ [8] | Fix crash when adding an online account |
| | with login |
| | |
| clamavĀ [9] | New upstream stable release; fix denial |
| | of service issue [CVE-2022-20698] |
| | |
| cups-filtersĀ [10] | Apparmor: allow reading from Debian |
| | Edu's cups-browsed configuration file |
| | |
| dask.distributedĀ [11] | Fix undesired listening of workers on |
| | public interfaces [CVE-2021-42343]; fix |
| | compatibility with Python 3.9 |
| | |
| debian-installerĀ [12] | Rebuild against proposed-updates; update |
| | Linux kernel ABI to 5.10.0-13 |
| | |
| debian-installer- | Rebuild against proposed-updates |
| netboot-imagesĀ [13] | |
| | |
| debian-ports-archive- | Add "Debian Ports Archive Automatic |
| keyringĀ [14] | Signing Key (2023)" ; move the |
| | 2021 signing key to the removed keyring |
| | |
| django-allauthĀ [15] | Fix OpenID support |
| | |
| djbdnsĀ [16] | Raise the axfrdns, dnscache, and tinydns |
| | data limit |
| | |
| dpdkĀ [17] | New upstream stable release |
| | |
| e2guardianĀ [18] | Fix missing SSL certificate validation |
| | issue [CVE-2021-44273] |
| | |
| epiphany-browserĀ [19] | Work around a bug in GLib, fixing a UI |
| | process crash |
| | |
| espeak-ngĀ [20] | Drop spurious 50ms delay while |
| | processing events |
| | |
| espeakupĀ [21] | debian/espeakup.service: Protect |
| | espeakup from system overloads |
| | |
| fcitx5-chinese- | fcitx5-table: add missing dependencies |
| addonsĀ [22] | on fcitx5-module-pinyinhelper and |
| | fcitx5-module-punctuation |
| | |
| flacĀ [23] | Fix out-of-bounds write issue [CVE-2021- |
| | 0561] |
| | |
| freerdp2Ā [24] | Disable additional debug logging |
| | |
| galera-3Ā [25] | New upstream release |
| | |
| galera-4Ā [26] | New upstream release |
| | |
| gbondsĀ [27] | Use Treasury API for redemption data |
| | |
| glewlwydĀ [28] | Fix possible privilege escalation |
| | |
| glibcĀ [29] | Fix bad conversion from ISO-2022-JP-3 |
| | with iconv [CVE-2021-43396]; fix buffer |
| | overflow issues [CVE-2022-23218 |
| | CVE-2022-23219]; fix use-after-free |
| | issue [CVE-2021-33574]; stop replacing |
| | older versions of /etc/nsswitch.conf; |
| | simplify the check for supported kernel |
| | versions, as 2.x kernels are no longer |
| | supported; support installation on |
| | kernels with a release number greater |
| | than 255 |
| | |
| glx-alternativesĀ [30] | After initial setup of the diversions, |
| | install a minimal alternative to the |
| | diverted files so that libraries are not |
| | missing until glx-alternative-mesa |
| | processes its triggers |
| | |
| gnupg2Ā [31] | scd: Fix CCID driver for SCM SPR332/ |
| | SPR532; avoid network interaction in |
| | generator, which can lead to hangs |
| | |
| gnuplotĀ [32] | Fix division by zero [CVE-2021-44917] |
| | |
| golang-1.15Ā [33] | Fix IsOnCurve for big.Int values that |
| | are not valid coordinates [CVE-2022- |
| | 23806]; math/big: prevent large memory |
| | consumption in Rat.SetString [CVE-2022- |
| | 23772]; cmd/go: prevent branches from |
| | materializing into versions [CVE-2022- |
| | 23773]; fix stack exhaustion compiling |
| | deeply nested expressions [CVE-2022- |
| | 24921] |
| | |
| golang-github- | Update seccomp support to enable use of |
| containers-commonĀ [34] | newer kernel versions |
| | |
| golang-github- | Update seccomp support to enable use of |
| opencontainers- | newer kernel versions |
| specsĀ [35] | |
| | |
| gtk+3.0Ā [36] | Fix missing search results when using |
| | NFS; prevent Wayland clipboard handling |
| | from locking up in certain corner cases; |
| | improve printing to mDNS-discovered |
| | printers |
| | |
| heartbeatĀ [37] | Fix creation of /run/heartbeat on |
| | systems using systemd |
| | |
| htmldocĀ [38] | Fix out-of-bounds read issue [CVE-2022- |
| | 0534] |
| | |
| installation-guideĀ [39] | Update documentation and translations |
| | |
| intel-microcodeĀ [40] | Update included microcode; mitigate some |
| | security issues [CVE-2020-8694 CVE-2020- |
| | 8695 CVE-2021-0127 CVE-2021-0145 |
| | CVE-2021-0146 CVE-2021-33120] |
| | |
| ldap2zoneĀ [41] | Use "mktemp" rather than the |
| | deprecated "tempfile" , avoiding |
| | warnings |
| | |
| lemonldap-ngĀ [42] | Fix auth process in password-testing |
| | plugins [CVE-2021-40874] |
| | |
| libarchiveĀ [43] | Fix extracting hardlinks to symlinks; |
| | fix handling of symlink ACLs [CVE-2021- |
| | 23177]; never follow symlinks when |
| | setting file flags [CVE-2021-31566] |
| | |
| libdatetime-timezone- | Update included data |
| perlĀ [44] | |
| | |
| libgdal-grassĀ [45] | Rebuild against grass 7.8.5-1+deb11u1 |
| | |
| libpodĀ [46] | Update seccomp support to enable use of |
| | newer kernel versions |
| | |
| libxml2Ā [47] | Fix use-after-free issue [CVE-2022- |
| | 23308] |
| | |
| linuxĀ [48] | New upstream stable release; [rt] Update |
| | to 5.10.106-rt64; increase ABI to 13 |
| | |
| linux-signed-amd64Ā [49] | New upstream stable release; [rt] Update |
| | to 5.10.106-rt64; increase ABI to 13 |
| | |
| linux-signed-arm64Ā [50] | New upstream stable release; [rt] Update |
| | to 5.10.106-rt64; increase ABI to 13 |
| | |
| linux-signed-i386Ā [51] | New upstream stable release; [rt] Update |
| | to 5.10.106-rt64; increase ABI to 13 |
| | |
| mariadb-10.5Ā [52] | New upstream release; security fixes |
| | [CVE-2021-35604 CVE-2021-46659 CVE-2021- |
| | 46661 CVE-2021-46662 CVE-2021-46663 |
| | CVE-2021-46664 CVE-2021-46665 CVE-2021- |
| | 46667 CVE-2021-46668 CVE-2022-24048 |
| | CVE-2022-24050 CVE-2022-24051 CVE-2022- |
| | 24052] |
| | |
| mpichĀ [53] | Add Breaks: on older versions of |
| | libmpich1.0-dev, resolving some upgrade |
| | issues |
| | |
| mujsĀ [54] | Fix buffer overflow issue [CVE-2021- |
| | 45005] |
| | |
| mutterĀ [55] | Backport various fixes from upstream's |
| | stable branch |
| | |
| node-cached-path- | Fix prototype pollution issue [CVE-2021- |
| relativeĀ [56] | 23518] |
| | |
| node-fetchĀ [57] | Don't forward secure headers to third |
| | party domains [CVE-2022-0235] |
| | |
| node-follow- | Don't send Cookie header across domains |
| redirectsĀ [58] | [CVE-2022-0155]; don't send confidential |
| | headers across schemes [CVE-2022-0536] |
| | |
| node-markdown-itĀ [59] | Fix regular expression-based denial of |
| | service issue [CVE-2022-21670] |
| | |
| node-nth-checkĀ [60] | Fix regular expression-based denial of |
| | service issue [CVE-2021-3803] |
| | |
| node-prismjsĀ [61] | Escape markup in command line output |
| | [CVE-2022-23647]; update minified files |
| | to ensure that Regular Expression Denial |
| | of Service issue is resolved [CVE-2021- |
| | 3801] |
| | |
| node-trim-newlinesĀ [62] | Fix regular expression-based denial of |
| | service issue [CVE-2021-33623] |
| | |
| nvidia-cuda-toolkitĀ [63] | cuda-gdb: Disable non-functional python |
| | support causing segmentation faults; use |
| | a snapshot of openjdk-8-jre (8u312-b07- |
| | 1) |
| | |
| nvidia-graphics-drivers- | New upstream release; fix denial of |
| tesla-450Ā [64] | service issues [CVE-2022-21813 CVE-2022- |
| | 21814]; nvidia-kernel-support: Provide / |
| | etc/modprobe.d/nvidia-options.conf as a |
| | template |
| | |
| nvidia-modprobeĀ [65] | New upstream release |
| | |
| openboardĀ [66] | Fix application icon |
| | |
| opensslĀ [67] | New upstream release; fix armv8 pointer |
| | authentication |
| | |
| openvswitchĀ [68] | Fix use-after-free issue [CVE-2021- |
| | 36980]; fix installation of libofproto |
| | |
| ostreeĀ [69] | Fix compatibility with eCryptFS; avoid |
| | infinite recursion when recovering from |
| | certain errors; mark commits as partial |
| | before downloading; fix an assertion |
| | failure when using a backport or local |
| | build of GLib >= 2.71; fix the ability |
| | to fetch OSTree content from paths |
| | containing non-URI characters (such as |
| | backslashes) or non-ASCII |
| | |
| pdb2pqrĀ [70] | Fix compatibility of propka with Python |
| | 3.8 or above |
| | |
| php-crypt-gpgĀ [71] | Prevent additional options being passed |
| | to GPG [CVE-2022-24953] |
| | |
| php-laravel- | Fix cross-site scripting issue |
| frameworkĀ [72] | [CVE-2021-43808], missing blocking of |
| | executable content upload [CVE-2021- |
| | 43617] |
| | |
| phpliteadminĀ [73] | Fix cross-site scripting issue |
| | [CVE-2021-46709] |
| | |
| pripsĀ [74] | Fix infinite wrapping if a range reaches |
| | 255.255.255.255; fix CIDR output with |
| | addresses that differ in their first bit |
| | |
| pypy3Ā [75] | Fix build failures by removing |
| | extraneous #endif from import.h |
| | |
| python-djangoĀ [76] | Fix denial of service issue [CVE-2021- |
| | 45115], information disclosure issue |
| | [CVE-2021-45116], directory traversal |
| | issue [CVE-2021-45452]; fix a traceback |
| | around the handling of RequestSite/ |
| | get_current_site() due to a circular |
| | import |
| | |
| python-pipĀ [77] | Avoid a race-condition when using zip- |
| | imported dependencies |
| | |
| rust-cbindgenĀ [78] | New upstream stable release to support |
| | builds of newer firefox-esr and |
| | thunderbird versions |
| | |
| s390-dasdĀ [79] | Stop passing deprecated -f option to |
| | dasdfmt |
| | |
| schleuderĀ [80] | Migrate boolean values to integers, if |
| | the ActiveRecord SQLite3 connection |
| | adapter is in use, restoring |
| | functionality |
| | |
| sphinx-bootstrap- | Fix search functionality |
| themeĀ [81] | |
| | |
| spipĀ [82] | Fix several cross-site scripting issues |
| | |
| symfonyĀ [83] | Fix CVE injection issue [CVE-2021-41270] |
| | |
| systemdĀ [84] | Fix uncontrolled recursion in systemd- |
| | tmpfiles [CVE-2021-3997]; demote |
| | systemd-timesyncd from Depends to |
| | Recommends, removing a dependency cycle; |
| | fix failure to bind mount a directory |
| | into a container using machinectl; fix |
| | regression in udev resulting in long |
| | delays when processing partitions with |
| | the same label; fix a regression when |
| | using systemd-networkd in an |
| | unprivileged LXD container |
| | |
| sysvinitĀ [85] | Fix parsing of "shutdown +0" ; clarify |
| | that when called with a "time" |
| | shutdown will not exit |
| | |
| taskselĀ [86] | Install CUPS for all *-desktop tasks, as |
| | task-print-service no longer exists |
| | |
| usb.idsĀ [87] | Update included data |
| | |
| weechatĀ [88] | Fix denial of service issue [CVE-2021- |
| | 40516] |
| | |
| wolfsslĀ [89] | Fix several issues related to OCSP- |
| | handling [CVE-2021-3336 CVE-2021-37155 |
| | CVE-2021-38597] and TLS1.3 support |
| | [CVE-2021-44718 CVE-2022-25638 CVE-2022- |
| | 25640] |
| | |
| xserver-xorg-video- | Fix SIGILL crash on non-SSE2 CPUs |
| intelĀ [90] | |
| | |
| xtermĀ [91] | Fix buffer overflow issue [CVE-2022- |
| | 24130] |
| | |
| zziplibĀ [92] | Fix denial of service issue [CVE-2020- |
| | 18442] |
| | |
+--------------------------+------------------------------------------+
1: https://packages.debian.org/src:apache-log4j1.2
2: https://packages.debian.org/src:apache-log4j2
3: https://packages.debian.org/src:apache2
4: https://packages.debian.org/src:atftp
5: https://packages.debian.org/src:base-files
6: https://packages.debian.org/src:bible-kjv
7: https://packages.debian.org/src:chrony
8: https://packages.debian.org/src:cinnamon
9: https://packages.debian.org/src:clamav
10: https://packages.debian.org/src:cups-filters
11: https://packages.debian.org/src:dask.distributed
12: https://packages.debian.org/src:debian-installer
13: https://packages.debian.org/src:debian-installer-netboot-images
14: https://packages.debian.org/src:debian-ports-archive-keyring
15: https://packages.debian.org/src:django-allauth
16: https://packages.debian.org/src:djbdns
17: https://packages.debian.org/src:dpdk
18: https://packages.debian.org/src:e2guardian
19: https://packages.debian.org/src:epiphany-browser
20: https://packages.debian.org/src:espeak-ng
21: https://packages.debian.org/src:espeakup
22: https://packages.debian.org/src:fcitx5-chinese-addons
23: https://packages.debian.org/src:flac
24: https://packages.debian.org/src:freerdp2
25: https://packages.debian.org/src:galera-3
26: https://packages.debian.org/src:galera-4
27: https://packages.debian.org/src:gbonds
28: https://packages.debian.org/src:glewlwyd
29: https://packages.debian.org/src:glibc
30: https://packages.debian.org/src:glx-alternatives
31: https://packages.debian.org/src:gnupg2
32: https://packages.debian.org/src:gnuplot
33: https://packages.debian.org/src:golang-1.15
34: https://packages.debian.org/src:golang-github-containers-common
35: https://packages.debian.org/src:golang-github-opencontainers-specs
36: https://packages.debian.org/src:gtk+3.0
37: https://packages.debian.org/src:heartbeat
38: https://packages.debian.org/src:htmldoc
39: https://packages.debian.org/src:installation-guide
40: https://packages.debian.org/src:intel-microcode
41: https://packages.debian.org/src:ldap2zone
42: https://packages.debian.org/src:lemonldap-ng
43: https://packages.debian.org/src:libarchive
44: https://packages.debian.org/src:libdatetime-timezone-perl
45: https://packages.debian.org/src:libgdal-grass
46: https://packages.debian.org/src:libpod
47: https://packages.debian.org/src:libxml2
48: https://packages.debian.org/src:linux
49: https://packages.debian.org/src:linux-signed-amd64
50: https://packages.debian.org/src:linux-signed-arm64
51: https://packages.debian.org/src:linux-signed-i386
52: https://packages.debian.org/src:mariadb-10.5
53: https://packages.debian.org/src:mpich
54: https://packages.debian.org/src:mujs
55: https://packages.debian.org/src:mutter
56: https://packages.debian.org/src:node-cached-path-relative
57: https://packages.debian.org/src:node-fetch
58: https://packages.debian.org/src:node-follow-redirects
59: https://packages.debian.org/src:node-markdown-it
60: https://packages.debian.org/src:node-nth-check
61: https://packages.debian.org/src:node-prismjs
62: https://packages.debian.org/src:node-trim-newlines
63: https://packages.debian.org/src:nvidia-cuda-toolkit
64: https://packages.debian.org/src:nvidia-graphics-drivers-tesla-450
65: https://packages.debian.org/src:nvidia-modprobe
66: https://packages.debian.org/src:openboard
67: https://packages.debian.org/src:openssl
68: https://packages.debian.org/src:openvswitch
69: https://packages.debian.org/src:ostree
70: https://packages.debian.org/src:pdb2pqr
71: https://packages.debian.org/src:php-crypt-gpg
72: https://packages.debian.org/src:php-laravel-framework
73: https://packages.debian.org/src:phpliteadmin
74: https://packages.debian.org/src:prips
75: https://packages.debian.org/src:pypy3
76: https://packages.debian.org/src:python-django
77: https://packages.debian.org/src:python-pip
78: https://packages.debian.org/src:rust-cbindgen
79: https://packages.debian.org/src:s390-dasd
80: https://packages.debian.org/src:schleuder
81: https://packages.debian.org/src:sphinx-bootstrap-theme
82: https://packages.debian.org/src:spip
83: https://packages.debian.org/src:symfony
84: https://packages.debian.org/src:systemd
85: https://packages.debian.org/src:sysvinit
86: https://packages.debian.org/src:tasksel
87: https://packages.debian.org/src:usb.ids
88: https://packages.debian.org/src:weechat
89: https://packages.debian.org/src:wolfssl
90: https://packages.debian.org/src:xserver-xorg-video-intel
91: https://packages.debian.org/src:xterm
92: https://packages.debian.org/src:zziplib
Security Updates
----------------
This revision adds the following security updates to the stable release.
The Security Team has already released an advisory for each of these
updates:
+----------------+--------------------------+
| Advisory ID | Package |
+----------------+--------------------------+
| DSA-5000Ā [93] | openjdk-11Ā [94] |
| | |
| DSA-5001Ā [95] | redisĀ [96] |
| | |
| DSA-5012Ā [97] | openjdk-17Ā [98] |
| | |
| DSA-5021Ā [99] | mediawikiĀ [100] |
| | |
| DSA-5023Ā [101] | modsecurity-apacheĀ [102] |
| | |
| DSA-5024Ā [103] | apache-log4j2Ā [104] |
| | |
| DSA-5025Ā [105] | tangĀ [106] |
| | |
| DSA-5027Ā [107] | xorg-serverĀ [108] |
| | |
| DSA-5028Ā [109] | spipĀ [110] |
| | |
| DSA-5029Ā [111] | sogoĀ [112] |
| | |
| DSA-5030Ā [113] | webkit2gtkĀ [114] |
| | |
| DSA-5031Ā [115] | wpewebkitĀ [116] |
| | |
| DSA-5033Ā [117] | fort-validatorĀ [118] |
| | |
| DSA-5035Ā [119] | apache2Ā [120] |
| | |
| DSA-5037Ā [121] | roundcubeĀ [122] |
| | |
| DSA-5038Ā [123] | ghostscriptĀ [124] |
| | |
| DSA-5039Ā [125] | wordpressĀ [126] |
| | |
| DSA-5040Ā [127] | lighttpdĀ [128] |
| | |
| DSA-5041Ā [129] | cfrpkiĀ [130] |
| | |
| DSA-5042Ā [131] | epiphany-browserĀ [132] |
| | |
| DSA-5043Ā [133] | lxmlĀ [134] |
| | |
| DSA-5046Ā [135] | chromiumĀ [136] |
| | |
| DSA-5047Ā [137] | prosodyĀ [138] |
| | |
| DSA-5048Ā [139] | libreswanĀ [140] |
| | |
| DSA-5049Ā [141] | flatpak-builderĀ [142] |
| | |
| DSA-5049Ā [143] | flatpakĀ [144] |
| | |
| DSA-5050Ā [145] | linux-signed-amd64Ā [146] |
| | |
| DSA-5050Ā [147] | linux-signed-arm64Ā [148] |
| | |
| DSA-5050Ā [149] | linux-signed-i386Ā [150] |
| | |
| DSA-5050Ā [151] | linuxĀ [152] |
| | |
| DSA-5051Ā [153] | aideĀ [154] |
| | |
| DSA-5052Ā [155] | usbviewĀ [156] |
| | |
| DSA-5053Ā [157] | pillowĀ [158] |
| | |
| DSA-5054Ā [159] | chromiumĀ [160] |
| | |
| DSA-5055Ā [161] | util-linuxĀ [162] |
| | |
| DSA-5056Ā [163] | strongswanĀ [164] |
| | |
| DSA-5057Ā [165] | openjdk-11Ā [166] |
| | |
| DSA-5058Ā [167] | openjdk-17Ā [168] |
| | |
| DSA-5059Ā [169] | policykit-1Ā [170] |
| | |
| DSA-5060Ā [171] | webkit2gtkĀ [172] |
| | |
| DSA-5061Ā [173] | wpewebkitĀ [174] |
| | |
| DSA-5062Ā [175] | nssĀ [176] |
| | |
| DSA-5063Ā [177] | uriparserĀ [178] |
| | |
| DSA-5064Ā [179] | python-nbxmppĀ [180] |
| | |
| DSA-5065Ā [181] | ipythonĀ [182] |
| | |
| DSA-5067Ā [183] | ruby2.7Ā [184] |
| | |
| DSA-5068Ā [185] | chromiumĀ [186] |
| | |
| DSA-5070Ā [187] | cryptsetupĀ [188] |
| | |
| DSA-5071Ā [189] | sambaĀ [190] |
| | |
| DSA-5072Ā [191] | debian-edu-configĀ [192] |
| | |
| DSA-5073Ā [193] | expatĀ [194] |
| | |
| DSA-5075Ā [195] | minetestĀ [196] |
| | |
| DSA-5076Ā [197] | h2databaseĀ [198] |
| | |
| DSA-5077Ā [199] | librecadĀ [200] |
| | |
| DSA-5078Ā [201] | zshĀ [202] |
| | |
| DSA-5079Ā [203] | chromiumĀ [204] |
| | |
| DSA-5080Ā [205] | snapdĀ [206] |
| | |
| DSA-5081Ā [207] | redisĀ [208] |
| | |
| DSA-5082Ā [209] | php7.4Ā [210] |
| | |
| DSA-5083Ā [211] | webkit2gtkĀ [212] |
| | |
| DSA-5084Ā [213] | wpewebkitĀ [214] |
| | |
| DSA-5085Ā [215] | expatĀ [216] |
| | |
| DSA-5087Ā [217] | cyrus-sasl2Ā [218] |
| | |
| DSA-5088Ā [219] | varnishĀ [220] |
| | |
| DSA-5089Ā [221] | chromiumĀ [222] |
| | |
| DSA-5091Ā [223] | containerdĀ [224] |
| | |
| DSA-5092Ā [225] | linux-signed-amd64Ā [226] |
| | |
| DSA-5092Ā [227] | linux-signed-arm64Ā [228] |
| | |
| DSA-5092Ā [229] | linux-signed-i386Ā [230] |
| | |
| DSA-5092Ā [231] | linuxĀ [232] |
| | |
| DSA-5093Ā [233] | spipĀ [234] |
| | |
| DSA-5095Ā [235] | linux-signed-amd64Ā [236] |
| | |
| DSA-5095Ā [237] | linux-signed-arm64Ā [238] |
| | |
| DSA-5095Ā [239] | linux-signed-i386Ā [240] |
| | |
| DSA-5095Ā [241] | linuxĀ [242] |
| | |
| DSA-5098Ā [243] | tryton-serverĀ [244] |
| | |
| DSA-5099Ā [245] | tryton-proteusĀ [246] |
| | |
| DSA-5100Ā [247] | nbdĀ [248] |
| | |
| DSA-5101Ā [249] | libphp-adodbĀ [250] |
| | |
| DSA-5102Ā [251] | haproxyĀ [252] |
| | |
| DSA-5103Ā [253] | opensslĀ [254] |
| | |
| DSA-5104Ā [255] | chromiumĀ [256] |
| | |
| DSA-5105Ā [257] | bind9Ā [258] |
| | |
+----------------+--------------------------+
93: https://www.debian.org/security/2021/dsa-5000
94: https://packages.debian.org/src:openjdk-11
95: https://www.debian.org/security/2021/dsa-5001
96: https://packages.debian.org/src:redis
97: https://www.debian.org/security/2021/dsa-5012
98: https://packages.debian.org/src:openjdk-17
99: https://www.debian.org/security/2021/dsa-5021
100: https://packages.debian.org/src:mediawiki
101: https://www.debian.org/security/2021/dsa-5023
102: https://packages.debian.org/src:modsecurity-apache
103: https://www.debian.org/security/2021/dsa-5024
104: https://packages.debian.org/src:apache-log4j2
105: https://www.debian.org/security/2021/dsa-5025
106: https://packages.debian.org/src:tang
107: https://www.debian.org/security/2021/dsa-5027
108: https://packages.debian.org/src:xorg-server
109: https://www.debian.org/security/2021/dsa-5028
110: https://packages.debian.org/src:spip
111: https://www.debian.org/security/2021/dsa-5029
112: https://packages.debian.org/src:sogo
113: https://www.debian.org/security/2021/dsa-5030
114: https://packages.debian.org/src:webkit2gtk
115: https://www.debian.org/security/2021/dsa-5031
116: https://packages.debian.org/src:wpewebkit
117: https://www.debian.org/security/2021/dsa-5033
118: https://packages.debian.org/src:fort-validator
119: https://www.debian.org/security/2022/dsa-5035
120: https://packages.debian.org/src:apache2
121: https://www.debian.org/security/2022/dsa-5037
122: https://packages.debian.org/src:roundcube
123: https://www.debian.org/security/2022/dsa-5038
124: https://packages.debian.org/src:ghostscript
125: https://www.debian.org/security/2022/dsa-5039
126: https://packages.debian.org/src:wordpress
127: https://www.debian.org/security/2022/dsa-5040
128: https://packages.debian.org/src:lighttpd
129: https://www.debian.org/security/2022/dsa-5041
130: https://packages.debian.org/src:cfrpki
131: https://www.debian.org/security/2022/dsa-5042
132: https://packages.debian.org/src:epiphany-browser
133: https://www.debian.org/security/2022/dsa-5043
134: https://packages.debian.org/src:lxml
135: https://www.debian.org/security/2022/dsa-5046
136: https://packages.debian.org/src:chromium
137: https://www.debian.org/security/2022/dsa-5047
138: https://packages.debian.org/src:prosody
139: https://www.debian.org/security/2022/dsa-5048
140: https://packages.debian.org/src:libreswan
141: https://www.debian.org/security/2022/dsa-5049
142: https://packages.debian.org/src:flatpak-builder
143: https://www.debian.org/security/2022/dsa-5049
144: https://packages.debian.org/src:flatpak
145: https://www.debian.org/security/2022/dsa-5050
146: https://packages.debian.org/src:linux-signed-amd64
147: https://www.debian.org/security/2022/dsa-5050
148: https://packages.debian.org/src:linux-signed-arm64
149: https://www.debian.org/security/2022/dsa-5050
150: https://packages.debian.org/src:linux-signed-i386
151: https://www.debian.org/security/2022/dsa-5050
152: https://packages.debian.org/src:linux
153: https://www.debian.org/security/2022/dsa-5051
154: https://packages.debian.org/src:aide
155: https://www.debian.org/security/2022/dsa-5052
156: https://packages.debian.org/src:usbview
157: https://www.debian.org/security/2022/dsa-5053
158: https://packages.debian.org/src:pillow
159: https://www.debian.org/security/2022/dsa-5054
160: https://packages.debian.org/src:chromium
161: https://www.debian.org/security/2022/dsa-5055
162: https://packages.debian.org/src:util-linux
163: https://www.debian.org/security/2022/dsa-5056
164: https://packages.debian.org/src:strongswan
165: https://www.debian.org/security/2022/dsa-5057
166: https://packages.debian.org/src:openjdk-11
167: https://www.debian.org/security/2022/dsa-5058
168: https://packages.debian.org/src:openjdk-17
169: https://www.debian.org/security/2022/dsa-5059
170: https://packages.debian.org/src:policykit-1
171: https://www.debian.org/security/2022/dsa-5060
172: https://packages.debian.org/src:webkit2gtk
173: https://www.debian.org/security/2022/dsa-5061
174: https://packages.debian.org/src:wpewebkit
175: https://www.debian.org/security/2022/dsa-5062
176: https://packages.debian.org/src:nss
177: https://www.debian.org/security/2022/dsa-5063
178: https://packages.debian.org/src:uriparser
179: https://www.debian.org/security/2022/dsa-5064
180: https://packages.debian.org/src:python-nbxmpp
181: https://www.debian.org/security/2022/dsa-5065
182: https://packages.debian.org/src:ipython
183: https://www.debian.org/security/2022/dsa-5067
184: https://packages.debian.org/src:ruby2.7
185: https://www.debian.org/security/2022/dsa-5068
186: https://packages.debian.org/src:chromium
187: https://www.debian.org/security/2022/dsa-5070
188: https://packages.debian.org/src:cryptsetup
189: https://www.debian.org/security/2022/dsa-5071
190: https://packages.debian.org/src:samba
191: https://www.debian.org/security/2022/dsa-5072
192: https://packages.debian.org/src:debian-edu-config
193: https://www.debian.org/security/2022/dsa-5073
194: https://packages.debian.org/src:expat
195: https://www.debian.org/security/2022/dsa-5075
196: https://packages.debian.org/src:minetest
197: https://www.debian.org/security/2022/dsa-5076
198: https://packages.debian.org/src:h2database
199: https://www.debian.org/security/2022/dsa-5077
200: https://packages.debian.org/src:librecad
201: https://www.debian.org/security/2022/dsa-5078
202: https://packages.debian.org/src:zsh
203: https://www.debian.org/security/2022/dsa-5079
204: https://packages.debian.org/src:chromium
205: https://www.debian.org/security/2022/dsa-5080
206: https://packages.debian.org/src:snapd
207: https://www.debian.org/security/2022/dsa-5081
208: https://packages.debian.org/src:redis
209: https://www.debian.org/security/2022/dsa-5082
210: https://packages.debian.org/src:php7.4
211: https://www.debian.org/security/2022/dsa-5083
212: https://packages.debian.org/src:webkit2gtk
213: https://www.debian.org/security/2022/dsa-5084
214: https://packages.debian.org/src:wpewebkit
215: https://www.debian.org/security/2022/dsa-5085
216: https://packages.debian.org/src:expat
217: https://www.debian.org/security/2022/dsa-5087
218: https://packages.debian.org/src:cyrus-sasl2
219: https://www.debian.org/security/2022/dsa-5088
220: https://packages.debian.org/src:varnish
221: https://www.debian.org/security/2022/dsa-5089
222: https://packages.debian.org/src:chromium
223: https://www.debian.org/security/2022/dsa-5091
224: https://packages.debian.org/src:containerd
225: https://www.debian.org/security/2022/dsa-5092
226: https://packages.debian.org/src:linux-signed-amd64
227: https://www.debian.org/security/2022/dsa-5092
228: https://packages.debian.org/src:linux-signed-arm64
229: https://www.debian.org/security/2022/dsa-5092
230: https://packages.debian.org/src:linux-signed-i386
231: https://www.debian.org/security/2022/dsa-5092
232: https://packages.debian.org/src:linux
233: https://www.debian.org/security/2022/dsa-5093
234: https://packages.debian.org/src:spip
235: https://www.debian.org/security/2022/dsa-5095
236: https://packages.debian.org/src:linux-signed-amd64
237: https://www.debian.org/security/2022/dsa-5095
238: https://packages.debian.org/src:linux-signed-arm64
239: https://www.debian.org/security/2022/dsa-5095
240: https://packages.debian.org/src:linux-signed-i386
241: https://www.debian.org/security/2022/dsa-5095
242: https://packages.debian.org/src:linux
243: https://www.debian.org/security/2022/dsa-5098
244: https://packages.debian.org/src:tryton-server
245: https://www.debian.org/security/2022/dsa-5099
246: https://packages.debian.org/src:tryton-proteus
247: https://www.debian.org/security/2022/dsa-5100
248: https://packages.debian.org/src:nbd
249: https://www.debian.org/security/2022/dsa-5101
250: https://packages.debian.org/src:libphp-adodb
251: https://www.debian.org/security/2022/dsa-5102
252: https://packages.debian.org/src:haproxy
253: https://www.debian.org/security/2022/dsa-5103
254: https://packages.debian.org/src:openssl
255: https://www.debian.org/security/2022/dsa-5104
256: https://packages.debian.org/src:chromium
257: https://www.debian.org/security/2022/dsa-5105
258: https://packages.debian.org/src:bind9
Removed packages
----------------
The following packages were removed due to circumstances beyond our
control:
+----------------------------+------------------+
| Package | Reason |
+----------------------------+------------------+
| angular-maven-pluginĀ [259] | No longer useful |
| | |
| minify-maven-pluginĀ [260] | No longer useful |
| | |
+----------------------------+------------------+
259: https://packages.debian.org/src:angular-maven-plugin
260: https://packages.debian.org/src:minify-maven-plugin
Debian Installer
----------------
The installer has been updated to include the fixes incorporated into
stable by the point release.
URLs
----
The complete lists of packages that have changed with this revision:
https://deb.debian.org/debian/dists/bullseye/ChangeLog
The current stable distribution:
https://deb.debian.org/debian/dists/stable/
Proposed updates to the stable distribution:
https://deb.debian.org/debian/dists/proposed-updates
stable distribution information (release notes, errata etc.):
https://www.debian.org/releases/stable/
Security announcements and information:
https://www.debian.org/security/
About Debian
------------
The Debian Project is an association of Free Software developers who
volunteer their time and effort in order to produce the completely free
operating system Debian.
Contact Information
-------------------
For further information, please visit the Debian web pages at
https://www.debian.org/, send mail to <pr...@debian.org>, or contact the
stable release team at <debian-...@lists.debian.org>.
0 new messages