info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Updated Debian 11: 11.4 released
0 views
Skip to first unread message
Donald Norwood
Jul 9, 2022, 10:50:02 AM7/9/22
to
------------------------------------------------------------------------
The Debian Project https://www.debian.org/
Updated Debian 11: 11.4 released pr...@debian.org
July 9th, 2022 https://www.debian.org/News/2022/20220709
------------------------------------------------------------------------
The Debian project is pleased to announce the fourth update of its
stable distribution Debian 11 (codename "bullseye"). This point release
mainly adds corrections for security issues, along with a few
adjustments for serious problems. Security advisories have already been
published separately and are referenced where available.
Please note that the point release does not constitute a new version of
Debian 11 but only updates some of the packages included. There is no
need to throw away old "bullseye" media. After installation, packages
can be upgraded to the current versions using an up-to-date Debian
mirror.
Those who frequently install updates from security.debian.org won't have
to update many packages, and most such updates are included in the point
release.
New installation images will be available soon at the regular locations.
Upgrading an existing installation to this revision can be achieved by
pointing the package management system at one of Debian's many HTTP
mirrors. A comprehensive list of mirrors is available at:
https://www.debian.org/mirror/list
Miscellaneous Bugfixes
----------------------
This stable update adds a few important corrections to the following
packages:
+---------------------------+-----------------------------------------+
| Package | Reason |
+---------------------------+-----------------------------------------+
| apache2 [1] | New upstream stable release; fix HTTP |
| | request smuggling issue [CVE-2022- |
| | 26377], out-of-bounds read issues |
| | [CVE-2022-28330 CVE-2022-28614 |
| | CVE-2022-28615], denial of service |
| | issues [CVE-2022-29404 CVE-2022-30522], |
| | possible out-of-bounds read issue |
| | [CVE-2022-30556], possible IP-based |
| | authentication bypass issue [CVE-2022- |
| | 31813] |
| | |
| base-files [2] | Update /etc/debian_version for the 11.4 |
| | point release |
| | |
| bash [3] | Fix 1-byte buffer overflow read, |
| | causing corrupted multibyte characters |
| | in command substitutions |
| | |
| clamav [4] | New upstream stable release; security |
| | fixes [CVE-2022-20770 CVE-2022-20771 |
| | CVE-2022-20785 CVE-2022-20792 CVE-2022- |
| | 20796] |
| | |
| clementine [5] | Add missing dependency on libqt5sql5- |
| | sqlite |
| | |
| composer [6] | Fix code injection issue [CVE-2022- |
| | 24828]; update GitHub token pattern |
| | |
| cyrus-imapd [7] | Ensure that all mailboxes have a |
| | "uniqueid" field, fixing upgrades to |
| | version 3.6 |
| | |
| dbus-broker [8] | Fix buffer overflow issue [CVE-2022- |
| | 31212] |
| | |
| debian-edu-config [9] | Accept mail from the local network sent |
| | to root@<mynetwork-names>; only create |
| | Kerberos host and service principals if |
| | they don't yet exist; ensure libsss- |
| | sudo is installed on Roaming |
| | Workstations; fix naming and visibility |
| | of print queues; support krb5i on |
| | Diskless Workstations; squid: prefer |
| | DNSv4 lookups over DNSv6 |
| | |
| debian-installer [10] | Rebuild against proposed-updates; |
| | increase Linux kernel ABI to 16; |
| | reinstate some armel netboot targets |
| | (openrd) |
| | |
| debian-installer-netboot- | Rebuild against proposed-updates; |
| images [11] | increase Linux kernel ABI to 16; |
| | reinstate some armel netboot targets |
| | (openrd) |
| | |
| distro-info-data [12] | Add Ubuntu 22.10, Kinetic Kudu |
| | |
| docker.io [13] | Order docker.service after |
| | containerd.service to fix shutdown of |
| | containers; explicitly pass the |
| | containerd socket path to dockerd to |
| | make sure it doesn't start containerd |
| | on its own |
| | |
| dpkg [14] | dpkg-deb: Fix unexpected end of file |
| | conditions on .deb extract; libdpkg: Do |
| | not restrict source:* virtual fields to |
| | installed packages; |
| | Dpkg::Source::Package::V2: Always fix |
| | the permissions for upstream tarballs |
| | (regression from DSA-5147-1] |
| | |
| freetype [15] | Fix buffer overflow issue [CVE-2022- |
| | 27404]; fix crashes [CVE-2022-27405 |
| | CVE-2022-27406] |
| | |
| fribidi [16] | Fix buffer overflow issues [CVE-2022- |
| | 25308 CVE-2022-25309]; fix crash |
| | [CVE-2022-25310] |
| | |
| ganeti [17] | New upstream release; fix several |
| | upgrade issues; fix live migration with |
| | QEMU 4 and "security_model" of |
| | "user" or "pool" |
| | |
| geeqie [18] | Fix Ctrl click inside of a block |
| | selection |
| | |
| gnutls28 [19] | Fix SSSE3 SHA384 miscalculation; fix |
| | null pointer deference issue [CVE-2021- |
| | 4209] |
| | |
| golang-github- | Fix null pointer dereference caused by |
| russellhaering- | crafted XML signatures [CVE-2020-7711] |
| goxmldsig [20] | |
| | |
| grunt [21] | Fix path traversal issue [CVE-2022- |
| | 0436] |
| | |
| hdmi2usb-mode-switch [22] | udev: Add a suffix to /dev/video device |
| | nodes to disambiguate them; move udev |
| | rules to priority 70, to come after 60- |
| | persistent-v4l.rules |
| | |
| hexchat [23] | Add missing dependency on python3-cffi- |
| | backend |
| | |
| htmldoc [24] | Fix infinite loop [CVE-2022-24191], |
| | integer overflow issues [CVE-2022- |
| | 27114] and heap buffer overflow issue |
| | [CVE-2022-28085] |
| | |
| knot-resolver [25] | Fix possible assertion failure in NSEC3 |
| | edge-case [CVE-2021-40083] |
| | |
| libapache2-mod-auth- | New upstream stable release; fix open |
| openidc [26] | redirect issue [CVE-2021-39191]; fix |
| | crash on reload / restart |
| | |
| libintl-perl [27] | Really install gettext_xs.pm |
| | |
| libsdl2 [28] | Avoid out-of-bounds read while loading |
| | malformed BMP file [CVE-2021-33657], |
| | and during YUV to RGB conversion |
| | |
| libtgowt [29] | New upstream stable release, to support |
| | newer telegram-desktop |
| | |
| linux [30] | New upstream stable release; increase |
| | ABI to 16 |
| | |
| linux-signed-amd64 [31] | New upstream stable release; increase |
| | ABI to 16 |
| | |
| linux-signed-arm64 [32] | New upstream stable release; increase |
| | ABI to 16 |
| | |
| linux-signed-i386 [33] | New upstream stable release; increase |
| | ABI to 16 |
| | |
| logrotate [34] | Skip locking if state file is world- |
| | readable [CVE-2022-1348]; make |
| | configuration parsing stricter in order |
| | to avoid parsing foreign files such as |
| | core dumps |
| | |
| lxc [35] | Update default GPG key server, fixing |
| | creating of containers using the |
| | "download" template |
| | |
| minidlna [36] | Validate HTTP requests to protect |
| | against DNS rebinding attacks |
| | [CVE-2022-26505] |
| | |
| mutt [37] | Fix uudecode buffer overflow issue |
| | [CVE-2022-1328] |
| | |
| nano [38] | Several bug fixes, including fixes for |
| | crashes |
| | |
| needrestart [39] | Make cgroup detection for services and |
| | user sessions cgroup v2 aware |
| | |
| network-manager [40] | New upstream stable release |
| | |
| nginx [41] | Fix crash when libnginx-mod-http-lua is |
| | loaded and init_worker_by_lua* is used; |
| | mitigate application layer protocol |
| | content confusion attack in the Mail |
| | module [CVE-2021-3618] |
| | |
| node-ejs [42] | Fix server-side template injection |
| | issue [CVE-2022-29078] |
| | |
| node-eventsource [43] | Strip sensitive headers on redirect to |
| | different origin [CVE-2022-1650] |
| | |
| node-got [44] | Don't allow redirection to Unix socket |
| | [CVE-2022-33987] |
| | |
| node-mermaid [45] | Fix cross-site scripting issues |
| | [CVE-2021-23648 CVE-2021-43861] |
| | |
| node-minimist [46] | Fix prototype pollution issue |
| | [CVE-2021-44906] |
| | |
| node-moment [47] | Fix path traversal issue [CVE-2022- |
| | 24785] |
| | |
| node-node-forge [48] | Fix signature verification issues |
| | [CVE-2022-24771 CVE-2022-24772 |
| | CVE-2022-24773] |
| | |
| node-raw-body [49] | Fix potential denial of service issue |
| | in node-express, by using node-iconv- |
| | lite rather than node-iconv |
| | |
| node-sqlite3 [50] | Fix denial of service issue [CVE-2022- |
| | 21227] |
| | |
| node-url-parse [51] | Fix authentication bypass issues |
| | [CVE-2022-0686 CVE-2022-0691] |
| | |
| nvidia-cuda-toolkit [52] | Use OpenJDK8 snapshots for amd64 and |
| | ppc64el; check usability of the java |
| | binary; nsight-compute: Move the |
| | 'sections' folder to a multiarch |
| | location; fix nvidia-openjdk-8-jre |
| | version ordering |
| | |
| nvidia-graphics- | New upstream release; switch to |
| drivers [53] | upstream 470 tree; fix denial of |
| | service issues [CVE-2022-21813 |
| | CVE-2022-21814]; fix out-of-bounds |
| | write issue [CVE-2022-28181], out-of- |
| | bounds read issue [CVE-2022-28183], |
| | denial of service issues [CVE-2022- |
| | 28184 CVE-2022-28191 CVE-2022-28192] |
| | |
| nvidia-graphics-drivers- | New upstream release; fix out-of-bound |
| legacy-390xx [54] | write issues [CVE-2022-28181 CVE-2022- |
| | 28185] |
| | |
| nvidia-graphics-drivers- | New upstream stable release |
| tesla-418 [55] | |
| | |
| nvidia-graphics-drivers- | New upstream stable release; fix out- |
| tesla-450 [56] | of-bounds write issues [CVE-2022-28181 |
| | CVE-2022-28185], denial of service |
| | issue [CVE-2022-28192] |
| | |
| nvidia-graphics-drivers- | New upstream stable release |
| tesla-460 [57] | |
| | |
| nvidia-graphics-drivers- | New package, switching Tesla support to |
| tesla-470 [58] | upstream 470 tree; fix out-of-bounds |
| | write issue [CVE-2022-28181], out-of- |
| | bounds read issue [CVE-2022-28183], |
| | denial of service issues [CVE-2022- |
| | 28184 CVE-2022-28191 CVE-2022-28192] |
| | |
| nvidia-persistenced [59] | New upstream release; switch to |
| | upstream 470 tree |
| | |
| nvidia-settings [60] | New upstream release; switch to |
| | upstream 470 tree |
| | |
| nvidia-settings- | New package, switching Tesla support to |
| tesla-470 [61] | upstream 470 tree |
| | |
| nvidia-xconfig [62] | New upstream release |
| | |
| openssh [63] | seccomp: add pselect6_time64 syscall on |
| | 32-bit architectures |
| | |
| orca [64] | Fix usage with webkitgtk 2.36 |
| | |
| php-guzzlehttp-psr7 [65] | Fix improper header parsing [CVE-2022- |
| | 24775] |
| | |
| phpmyadmin [66] | Fix some SQL queries generating a |
| | server error |
| | |
| postfix [67] | New upstream stable release; do not |
| | override user set default_transport in |
| | postinst; if-up.d: do not error out if |
| | postfix can't send mail yet |
| | |
| procmail [68] | Fix null pointer dereference |
| | |
| python-scrapy [69] | Don't send authentication data with all |
| | requests [CVE-2021-41125]; don't expose |
| | cookies cross-domain when redirecting |
| | [CVE-2022-0577] |
| | |
| ruby-net-ssh [70] | Fix authentication against systems |
| | using OpenSSH 8.8 |
| | |
| runc [71] | Honour seccomp defaultErrnoRet; do not |
| | set inheritable capabilities [CVE-2022- |
| | 29162] |
| | |
| samba [72] | Fix winbind start failure when "allow |
| | trusted domains = no" is used; fix MIT |
| | Kerberos authentication; fix share |
| | escape issue via mkdir race condition |
| | [CVE-2021-43566]; fix possible serious |
| | data corruption issue due to Windows |
| | client cache poisoning; fix |
| | installation on non-systemd systems |
| | |
| tcpdump [73] | Update AppArmor profile to allow access |
| | to *.cap files, and handle numerical |
| | suffix in filenames added by -W |
| | |
| telegram-desktop [74] | New upstream stable release, restoring |
| | functionality |
| | |
| tigervnc [75] | Fix GNOME desktop start up when using |
| | tigervncserver@.service; fix colour |
| | display when vncviewer and X11 server |
| | use different endianness |
| | |
| twisted [76] | Fix information disclosure issue with |
| | cross-domain redirects [CVE-2022- |
| | 21712], denial of service issue during |
| | SSH handshakes [CVE-2022-21716], HTTP |
| | request smuggling issues [CVE-2022- |
| | 24801] |
| | |
| tzdata [77] | Update timezone data for Palestine; |
| | update leap second list |
| | |
| ublock-origin [78] | New upstream stable release |
| | |
| unrar-nonfree [79] | Fix directory traversal issue |
| | [CVE-2022-30333] |
| | |
| usb.ids [80] | New upstream release; update included |
| | data |
| | |
| wireless-regdb [81] | New upstream release; remove diversion |
| | added by the installer, ensuring that |
| | files from the package are used |
| | |
+---------------------------+-----------------------------------------+
1: https://packages.debian.org/src:apache2
2: https://packages.debian.org/src:base-files
3: https://packages.debian.org/src:bash
4: https://packages.debian.org/src:clamav
5: https://packages.debian.org/src:clementine
6: https://packages.debian.org/src:composer
7: https://packages.debian.org/src:cyrus-imapd
8: https://packages.debian.org/src:dbus-broker
9: https://packages.debian.org/src:debian-edu-config
10: https://packages.debian.org/src:debian-installer
11: https://packages.debian.org/src:debian-installer-netboot-images
12: https://packages.debian.org/src:distro-info-data
13: https://packages.debian.org/src:docker.io
14: https://packages.debian.org/src:dpkg
15: https://packages.debian.org/src:freetype
16: https://packages.debian.org/src:fribidi
17: https://packages.debian.org/src:ganeti
18: https://packages.debian.org/src:geeqie
19: https://packages.debian.org/src:gnutls28
20: https://packages.debian.org/src:golang-github-russellhaering-goxmldsig
21: https://packages.debian.org/src:grunt
22: https://packages.debian.org/src:hdmi2usb-mode-switch
23: https://packages.debian.org/src:hexchat
24: https://packages.debian.org/src:htmldoc
25: https://packages.debian.org/src:knot-resolver
26: https://packages.debian.org/src:libapache2-mod-auth-openidc
27: https://packages.debian.org/src:libintl-perl
28: https://packages.debian.org/src:libsdl2
29: https://packages.debian.org/src:libtgowt
30: https://packages.debian.org/src:linux
31: https://packages.debian.org/src:linux-signed-amd64
32: https://packages.debian.org/src:linux-signed-arm64
33: https://packages.debian.org/src:linux-signed-i386
34: https://packages.debian.org/src:logrotate
35: https://packages.debian.org/src:lxc
36: https://packages.debian.org/src:minidlna
37: https://packages.debian.org/src:mutt
38: https://packages.debian.org/src:nano
39: https://packages.debian.org/src:needrestart
40: https://packages.debian.org/src:network-manager
41: https://packages.debian.org/src:nginx
42: https://packages.debian.org/src:node-ejs
43: https://packages.debian.org/src:node-eventsource
44: https://packages.debian.org/src:node-got
45: https://packages.debian.org/src:node-mermaid
46: https://packages.debian.org/src:node-minimist
47: https://packages.debian.org/src:node-moment
48: https://packages.debian.org/src:node-node-forge
49: https://packages.debian.org/src:node-raw-body
50: https://packages.debian.org/src:node-sqlite3
51: https://packages.debian.org/src:node-url-parse
52: https://packages.debian.org/src:nvidia-cuda-toolkit
53: https://packages.debian.org/src:nvidia-graphics-drivers
54: https://packages.debian.org/src:nvidia-graphics-drivers-legacy-390xx
55: https://packages.debian.org/src:nvidia-graphics-drivers-tesla-418
56: https://packages.debian.org/src:nvidia-graphics-drivers-tesla-450
57: https://packages.debian.org/src:nvidia-graphics-drivers-tesla-460
58: https://packages.debian.org/src:nvidia-graphics-drivers-tesla-470
59: https://packages.debian.org/src:nvidia-persistenced
60: https://packages.debian.org/src:nvidia-settings
61: https://packages.debian.org/src:nvidia-settings-tesla-470
62: https://packages.debian.org/src:nvidia-xconfig
63: https://packages.debian.org/src:openssh
64: https://packages.debian.org/src:orca
65: https://packages.debian.org/src:php-guzzlehttp-psr7
66: https://packages.debian.org/src:phpmyadmin
67: https://packages.debian.org/src:postfix
68: https://packages.debian.org/src:procmail
69: https://packages.debian.org/src:python-scrapy
70: https://packages.debian.org/src:ruby-net-ssh
71: https://packages.debian.org/src:runc
72: https://packages.debian.org/src:samba
73: https://packages.debian.org/src:tcpdump
74: https://packages.debian.org/src:telegram-desktop
75: https://packages.debian.org/src:tigervnc
76: https://packages.debian.org/src:twisted
77: https://packages.debian.org/src:tzdata
78: https://packages.debian.org/src:ublock-origin
79: https://packages.debian.org/src:unrar-nonfree
80: https://packages.debian.org/src:usb.ids
81: https://packages.debian.org/src:wireless-regdb
Security Updates
----------------
This revision adds the following security updates to the stable release.
The Security Team has already released an advisory for each of these
updates:
+----------------+--------------------------+
| Advisory ID | Package |
+----------------+--------------------------+
| DSA-4999 [82] | asterisk [83] |
| | |
| DSA-5026 [84] | firefox-esr [85] |
| | |
| DSA-5034 [86] | thunderbird [87] |
| | |
| DSA-5044 [88] | firefox-esr [89] |
| | |
| DSA-5045 [90] | thunderbird [91] |
| | |
| DSA-5069 [92] | firefox-esr [93] |
| | |
| DSA-5074 [94] | thunderbird [95] |
| | |
| DSA-5086 [96] | thunderbird [97] |
| | |
| DSA-5090 [98] | firefox-esr [99] |
| | |
| DSA-5094 [100] | thunderbird [101] |
| | |
| DSA-5097 [102] | firefox-esr [103] |
| | |
| DSA-5106 [104] | thunderbird [105] |
| | |
| DSA-5107 [106] | php-twig [107] |
| | |
| DSA-5108 [108] | tiff [109] |
| | |
| DSA-5110 [110] | chromium [111] |
| | |
| DSA-5111 [112] | zlib [113] |
| | |
| DSA-5112 [114] | chromium [115] |
| | |
| DSA-5113 [116] | firefox-esr [117] |
| | |
| DSA-5114 [118] | chromium [119] |
| | |
| DSA-5115 [120] | webkit2gtk [121] |
| | |
| DSA-5116 [122] | wpewebkit [123] |
| | |
| DSA-5117 [124] | xen [125] |
| | |
| DSA-5118 [126] | thunderbird [127] |
| | |
| DSA-5119 [128] | subversion [129] |
| | |
| DSA-5120 [130] | chromium [131] |
| | |
| DSA-5121 [132] | chromium [133] |
| | |
| DSA-5122 [134] | gzip [135] |
| | |
| DSA-5123 [136] | xz-utils [137] |
| | |
| DSA-5124 [138] | ffmpeg [139] |
| | |
| DSA-5125 [140] | chromium [141] |
| | |
| DSA-5127 [142] | linux-signed-amd64 [143] |
| | |
| DSA-5127 [144] | linux-signed-arm64 [145] |
| | |
| DSA-5127 [146] | linux-signed-i386 [147] |
| | |
| DSA-5127 [148] | linux [149] |
| | |
| DSA-5128 [150] | openjdk-17 [151] |
| | |
| DSA-5129 [152] | firefox-esr [153] |
| | |
| DSA-5130 [154] | dpdk [155] |
| | |
| DSA-5131 [156] | openjdk-11 [157] |
| | |
| DSA-5132 [158] | ecdsautils [159] |
| | |
| DSA-5133 [160] | qemu [161] |
| | |
| DSA-5134 [162] | chromium [163] |
| | |
| DSA-5136 [164] | postgresql-13 [165] |
| | |
| DSA-5137 [166] | needrestart [167] |
| | |
| DSA-5138 [168] | waitress [169] |
| | |
| DSA-5139 [170] | openssl [171] |
| | |
| DSA-5140 [172] | openldap [173] |
| | |
| DSA-5141 [174] | thunderbird [175] |
| | |
| DSA-5142 [176] | libxml2 [177] |
| | |
| DSA-5143 [178] | firefox-esr [179] |
| | |
| DSA-5145 [180] | lrzip [181] |
| | |
| DSA-5147 [182] | dpkg [183] |
| | |
| DSA-5148 [184] | chromium [185] |
| | |
| DSA-5149 [186] | cups [187] |
| | |
| DSA-5150 [188] | rsyslog [189] |
| | |
| DSA-5151 [190] | smarty3 [191] |
| | |
| DSA-5152 [192] | spip [193] |
| | |
| DSA-5153 [194] | trafficserver [195] |
| | |
| DSA-5154 [196] | webkit2gtk [197] |
| | |
| DSA-5155 [198] | wpewebkit [199] |
| | |
| DSA-5156 [200] | firefox-esr [201] |
| | |
| DSA-5157 [202] | cifs-utils [203] |
| | |
| DSA-5158 [204] | thunderbird [205] |
| | |
| DSA-5159 [206] | python-bottle [207] |
| | |
| DSA-5160 [208] | ntfs-3g [209] |
| | |
| DSA-5161 [210] | linux-signed-amd64 [211] |
| | |
| DSA-5161 [212] | linux-signed-arm64 [213] |
| | |
| DSA-5161 [214] | linux-signed-i386 [215] |
| | |
| DSA-5161 [216] | linux [217] |
| | |
| DSA-5162 [218] | containerd [219] |
| | |
| DSA-5163 [220] | chromium [221] |
| | |
| DSA-5164 [222] | exo [223] |
| | |
| DSA-5165 [224] | vlc [225] |
| | |
| DSA-5166 [226] | slurm-wlm [227] |
| | |
| DSA-5167 [228] | firejail [229] |
| | |
| DSA-5168 [230] | chromium [231] |
| | |
| DSA-5169 [232] | openssl [233] |
| | |
| DSA-5171 [234] | squid [235] |
| | |
| DSA-5172 [236] | firefox-esr [237] |
| | |
| DSA-5174 [238] | gnupg2 [239] |
| | |
+----------------+--------------------------+
82: https://www.debian.org/security/2021/dsa-4999
83: https://packages.debian.org/src:asterisk
84: https://www.debian.org/security/2021/dsa-5026
85: https://packages.debian.org/src:firefox-esr
86: https://www.debian.org/security/2022/dsa-5034
87: https://packages.debian.org/src:thunderbird
88: https://www.debian.org/security/2022/dsa-5044
89: https://packages.debian.org/src:firefox-esr
90: https://www.debian.org/security/2022/dsa-5045
91: https://packages.debian.org/src:thunderbird
92: https://www.debian.org/security/2022/dsa-5069
93: https://packages.debian.org/src:firefox-esr
94: https://www.debian.org/security/2022/dsa-5074
95: https://packages.debian.org/src:thunderbird
96: https://www.debian.org/security/2022/dsa-5086
97: https://packages.debian.org/src:thunderbird
98: https://www.debian.org/security/2022/dsa-5090
99: https://packages.debian.org/src:firefox-esr
100: https://www.debian.org/security/2022/dsa-5094
101: https://packages.debian.org/src:thunderbird
102: https://www.debian.org/security/2022/dsa-5097
103: https://packages.debian.org/src:firefox-esr
104: https://www.debian.org/security/2022/dsa-5106
105: https://packages.debian.org/src:thunderbird
106: https://www.debian.org/security/2022/dsa-5107
107: https://packages.debian.org/src:php-twig
108: https://www.debian.org/security/2022/dsa-5108
109: https://packages.debian.org/src:tiff
110: https://www.debian.org/security/2022/dsa-5110
111: https://packages.debian.org/src:chromium
112: https://www.debian.org/security/2022/dsa-5111
113: https://packages.debian.org/src:zlib
114: https://www.debian.org/security/2022/dsa-5112
115: https://packages.debian.org/src:chromium
116: https://www.debian.org/security/2022/dsa-5113
117: https://packages.debian.org/src:firefox-esr
118: https://www.debian.org/security/2022/dsa-5114
119: https://packages.debian.org/src:chromium
120: https://www.debian.org/security/2022/dsa-5115
121: https://packages.debian.org/src:webkit2gtk
122: https://www.debian.org/security/2022/dsa-5116
123: https://packages.debian.org/src:wpewebkit
124: https://www.debian.org/security/2022/dsa-5117
125: https://packages.debian.org/src:xen
126: https://www.debian.org/security/2022/dsa-5118
127: https://packages.debian.org/src:thunderbird
128: https://www.debian.org/security/2022/dsa-5119
129: https://packages.debian.org/src:subversion
130: https://www.debian.org/security/2022/dsa-5120
131: https://packages.debian.org/src:chromium
132: https://www.debian.org/security/2022/dsa-5121
133: https://packages.debian.org/src:chromium
134: https://www.debian.org/security/2022/dsa-5122
135: https://packages.debian.org/src:gzip
136: https://www.debian.org/security/2022/dsa-5123
137: https://packages.debian.org/src:xz-utils
138: https://www.debian.org/security/2022/dsa-5124
139: https://packages.debian.org/src:ffmpeg
140: https://www.debian.org/security/2022/dsa-5125
141: https://packages.debian.org/src:chromium
142: https://www.debian.org/security/2022/dsa-5127
143: https://packages.debian.org/src:linux-signed-amd64
144: https://www.debian.org/security/2022/dsa-5127
145: https://packages.debian.org/src:linux-signed-arm64
146: https://www.debian.org/security/2022/dsa-5127
147: https://packages.debian.org/src:linux-signed-i386
148: https://www.debian.org/security/2022/dsa-5127
149: https://packages.debian.org/src:linux
150: https://www.debian.org/security/2022/dsa-5128
151: https://packages.debian.org/src:openjdk-17
152: https://www.debian.org/security/2022/dsa-5129
153: https://packages.debian.org/src:firefox-esr
154: https://www.debian.org/security/2022/dsa-5130
155: https://packages.debian.org/src:dpdk
156: https://www.debian.org/security/2022/dsa-5131
157: https://packages.debian.org/src:openjdk-11
158: https://www.debian.org/security/2022/dsa-5132
159: https://packages.debian.org/src:ecdsautils
160: https://www.debian.org/security/2022/dsa-5133
161: https://packages.debian.org/src:qemu
162: https://www.debian.org/security/2022/dsa-5134
163: https://packages.debian.org/src:chromium
164: https://www.debian.org/security/2022/dsa-5136
165: https://packages.debian.org/src:postgresql-13
166: https://www.debian.org/security/2022/dsa-5137
167: https://packages.debian.org/src:needrestart
168: https://www.debian.org/security/2022/dsa-5138
169: https://packages.debian.org/src:waitress
170: https://www.debian.org/security/2022/dsa-5139
171: https://packages.debian.org/src:openssl
172: https://www.debian.org/security/2022/dsa-5140
173: https://packages.debian.org/src:openldap
174: https://www.debian.org/security/2022/dsa-5141
175: https://packages.debian.org/src:thunderbird
176: https://www.debian.org/security/2022/dsa-5142
177: https://packages.debian.org/src:libxml2
178: https://www.debian.org/security/2022/dsa-5143
179: https://packages.debian.org/src:firefox-esr
180: https://www.debian.org/security/2022/dsa-5145
181: https://packages.debian.org/src:lrzip
182: https://www.debian.org/security/2022/dsa-5147
183: https://packages.debian.org/src:dpkg
184: https://www.debian.org/security/2022/dsa-5148
185: https://packages.debian.org/src:chromium
186: https://www.debian.org/security/2022/dsa-5149
187: https://packages.debian.org/src:cups
188: https://www.debian.org/security/2022/dsa-5150
189: https://packages.debian.org/src:rsyslog
190: https://www.debian.org/security/2022/dsa-5151
191: https://packages.debian.org/src:smarty3
192: https://www.debian.org/security/2022/dsa-5152
193: https://packages.debian.org/src:spip
194: https://www.debian.org/security/2022/dsa-5153
195: https://packages.debian.org/src:trafficserver
196: https://www.debian.org/security/2022/dsa-5154
197: https://packages.debian.org/src:webkit2gtk
198: https://www.debian.org/security/2022/dsa-5155
199: https://packages.debian.org/src:wpewebkit
200: https://www.debian.org/security/2022/dsa-5156
201: https://packages.debian.org/src:firefox-esr
202: https://www.debian.org/security/2022/dsa-5157
203: https://packages.debian.org/src:cifs-utils
204: https://www.debian.org/security/2022/dsa-5158
205: https://packages.debian.org/src:thunderbird
206: https://www.debian.org/security/2022/dsa-5159
207: https://packages.debian.org/src:python-bottle
208: https://www.debian.org/security/2022/dsa-5160
209: https://packages.debian.org/src:ntfs-3g
210: https://www.debian.org/security/2022/dsa-5161
211: https://packages.debian.org/src:linux-signed-amd64
212: https://www.debian.org/security/2022/dsa-5161
213: https://packages.debian.org/src:linux-signed-arm64
214: https://www.debian.org/security/2022/dsa-5161
215: https://packages.debian.org/src:linux-signed-i386
216: https://www.debian.org/security/2022/dsa-5161
217: https://packages.debian.org/src:linux
218: https://www.debian.org/security/2022/dsa-5162
219: https://packages.debian.org/src:containerd
220: https://www.debian.org/security/2022/dsa-5163
221: https://packages.debian.org/src:chromium
222: https://www.debian.org/security/2022/dsa-5164
223: https://packages.debian.org/src:exo
224: https://www.debian.org/security/2022/dsa-5165
225: https://packages.debian.org/src:vlc
226: https://www.debian.org/security/2022/dsa-5166
227: https://packages.debian.org/src:slurm-wlm
228: https://www.debian.org/security/2022/dsa-5167
229: https://packages.debian.org/src:firejail
230: https://www.debian.org/security/2022/dsa-5168
231: https://packages.debian.org/src:chromium
232: https://www.debian.org/security/2022/dsa-5169
233: https://packages.debian.org/src:openssl
234: https://www.debian.org/security/2022/dsa-5171
235: https://packages.debian.org/src:squid
236: https://www.debian.org/security/2022/dsa-5172
237: https://packages.debian.org/src:firefox-esr
238: https://www.debian.org/security/2022/dsa-5174
239: https://packages.debian.org/src:gnupg2
Removed packages
----------------
The following packages were removed due to circumstances beyond our
control:
+---------------------+-------------------------------+
| Package | Reason |
+---------------------+-------------------------------+
| elog [240] | Unmaintained; security issues |
| | |
| python-hbmqtt [241] | Unamintained and broken |
| | |
+---------------------+-------------------------------+
240: https://packages.debian.org/src:elog
241: https://packages.debian.org/src:python-hbmqtt
Debian Installer
----------------
The installer has been updated to include the fixes incorporated into
stable by the point release.
URLs
----
The complete lists of packages that have changed with this revision:
https://deb.debian.org/debian/dists/bullseye/ChangeLog
The current stable distribution:
https://deb.debian.org/debian/dists/stable/
Proposed updates to the stable distribution:
https://deb.debian.org/debian/dists/proposed-updates
stable distribution information (release notes, errata etc.):
https://www.debian.org/releases/stable/
Security announcements and information:
https://www.debian.org/security/
About Debian
------------
The Debian Project is an association of Free Software developers who
volunteer their time and effort in order to produce the completely free
operating system Debian.
Contact Information
-------------------
For further information, please visit the Debian web pages at
https://www.debian.org/, send mail to <pr...@debian.org>, or contact the
stable release team at <debian-...@lists.debian.org>.
The Debian Project https://www.debian.org/
Updated Debian 11: 11.4 released pr...@debian.org
July 9th, 2022 https://www.debian.org/News/2022/20220709
------------------------------------------------------------------------
The Debian project is pleased to announce the fourth update of its
stable distribution Debian 11 (codename "bullseye"). This point release
mainly adds corrections for security issues, along with a few
adjustments for serious problems. Security advisories have already been
published separately and are referenced where available.
Please note that the point release does not constitute a new version of
Debian 11 but only updates some of the packages included. There is no
need to throw away old "bullseye" media. After installation, packages
can be upgraded to the current versions using an up-to-date Debian
mirror.
Those who frequently install updates from security.debian.org won't have
to update many packages, and most such updates are included in the point
release.
New installation images will be available soon at the regular locations.
Upgrading an existing installation to this revision can be achieved by
pointing the package management system at one of Debian's many HTTP
mirrors. A comprehensive list of mirrors is available at:
https://www.debian.org/mirror/list
Miscellaneous Bugfixes
----------------------
This stable update adds a few important corrections to the following
packages:
+---------------------------+-----------------------------------------+
| Package | Reason |
+---------------------------+-----------------------------------------+
| apache2 [1] | New upstream stable release; fix HTTP |
| | request smuggling issue [CVE-2022- |
| | 26377], out-of-bounds read issues |
| | [CVE-2022-28330 CVE-2022-28614 |
| | CVE-2022-28615], denial of service |
| | issues [CVE-2022-29404 CVE-2022-30522], |
| | possible out-of-bounds read issue |
| | [CVE-2022-30556], possible IP-based |
| | authentication bypass issue [CVE-2022- |
| | 31813] |
| | |
| base-files [2] | Update /etc/debian_version for the 11.4 |
| | point release |
| | |
| bash [3] | Fix 1-byte buffer overflow read, |
| | causing corrupted multibyte characters |
| | in command substitutions |
| | |
| clamav [4] | New upstream stable release; security |
| | fixes [CVE-2022-20770 CVE-2022-20771 |
| | CVE-2022-20785 CVE-2022-20792 CVE-2022- |
| | 20796] |
| | |
| clementine [5] | Add missing dependency on libqt5sql5- |
| | sqlite |
| | |
| composer [6] | Fix code injection issue [CVE-2022- |
| | 24828]; update GitHub token pattern |
| | |
| cyrus-imapd [7] | Ensure that all mailboxes have a |
| | "uniqueid" field, fixing upgrades to |
| | version 3.6 |
| | |
| dbus-broker [8] | Fix buffer overflow issue [CVE-2022- |
| | 31212] |
| | |
| debian-edu-config [9] | Accept mail from the local network sent |
| | to root@<mynetwork-names>; only create |
| | Kerberos host and service principals if |
| | they don't yet exist; ensure libsss- |
| | sudo is installed on Roaming |
| | Workstations; fix naming and visibility |
| | of print queues; support krb5i on |
| | Diskless Workstations; squid: prefer |
| | DNSv4 lookups over DNSv6 |
| | |
| debian-installer [10] | Rebuild against proposed-updates; |
| | increase Linux kernel ABI to 16; |
| | reinstate some armel netboot targets |
| | (openrd) |
| | |
| debian-installer-netboot- | Rebuild against proposed-updates; |
| images [11] | increase Linux kernel ABI to 16; |
| | reinstate some armel netboot targets |
| | (openrd) |
| | |
| distro-info-data [12] | Add Ubuntu 22.10, Kinetic Kudu |
| | |
| docker.io [13] | Order docker.service after |
| | containerd.service to fix shutdown of |
| | containers; explicitly pass the |
| | containerd socket path to dockerd to |
| | make sure it doesn't start containerd |
| | on its own |
| | |
| dpkg [14] | dpkg-deb: Fix unexpected end of file |
| | conditions on .deb extract; libdpkg: Do |
| | not restrict source:* virtual fields to |
| | installed packages; |
| | Dpkg::Source::Package::V2: Always fix |
| | the permissions for upstream tarballs |
| | (regression from DSA-5147-1] |
| | |
| freetype [15] | Fix buffer overflow issue [CVE-2022- |
| | 27404]; fix crashes [CVE-2022-27405 |
| | CVE-2022-27406] |
| | |
| fribidi [16] | Fix buffer overflow issues [CVE-2022- |
| | 25308 CVE-2022-25309]; fix crash |
| | [CVE-2022-25310] |
| | |
| ganeti [17] | New upstream release; fix several |
| | upgrade issues; fix live migration with |
| | QEMU 4 and "security_model" of |
| | "user" or "pool" |
| | |
| geeqie [18] | Fix Ctrl click inside of a block |
| | selection |
| | |
| gnutls28 [19] | Fix SSSE3 SHA384 miscalculation; fix |
| | null pointer deference issue [CVE-2021- |
| | 4209] |
| | |
| golang-github- | Fix null pointer dereference caused by |
| russellhaering- | crafted XML signatures [CVE-2020-7711] |
| goxmldsig [20] | |
| | |
| grunt [21] | Fix path traversal issue [CVE-2022- |
| | 0436] |
| | |
| hdmi2usb-mode-switch [22] | udev: Add a suffix to /dev/video device |
| | nodes to disambiguate them; move udev |
| | rules to priority 70, to come after 60- |
| | persistent-v4l.rules |
| | |
| hexchat [23] | Add missing dependency on python3-cffi- |
| | backend |
| | |
| htmldoc [24] | Fix infinite loop [CVE-2022-24191], |
| | integer overflow issues [CVE-2022- |
| | 27114] and heap buffer overflow issue |
| | [CVE-2022-28085] |
| | |
| knot-resolver [25] | Fix possible assertion failure in NSEC3 |
| | edge-case [CVE-2021-40083] |
| | |
| libapache2-mod-auth- | New upstream stable release; fix open |
| openidc [26] | redirect issue [CVE-2021-39191]; fix |
| | crash on reload / restart |
| | |
| libintl-perl [27] | Really install gettext_xs.pm |
| | |
| libsdl2 [28] | Avoid out-of-bounds read while loading |
| | malformed BMP file [CVE-2021-33657], |
| | and during YUV to RGB conversion |
| | |
| libtgowt [29] | New upstream stable release, to support |
| | newer telegram-desktop |
| | |
| linux [30] | New upstream stable release; increase |
| | ABI to 16 |
| | |
| linux-signed-amd64 [31] | New upstream stable release; increase |
| | ABI to 16 |
| | |
| linux-signed-arm64 [32] | New upstream stable release; increase |
| | ABI to 16 |
| | |
| linux-signed-i386 [33] | New upstream stable release; increase |
| | ABI to 16 |
| | |
| logrotate [34] | Skip locking if state file is world- |
| | readable [CVE-2022-1348]; make |
| | configuration parsing stricter in order |
| | to avoid parsing foreign files such as |
| | core dumps |
| | |
| lxc [35] | Update default GPG key server, fixing |
| | creating of containers using the |
| | "download" template |
| | |
| minidlna [36] | Validate HTTP requests to protect |
| | against DNS rebinding attacks |
| | [CVE-2022-26505] |
| | |
| mutt [37] | Fix uudecode buffer overflow issue |
| | [CVE-2022-1328] |
| | |
| nano [38] | Several bug fixes, including fixes for |
| | crashes |
| | |
| needrestart [39] | Make cgroup detection for services and |
| | user sessions cgroup v2 aware |
| | |
| network-manager [40] | New upstream stable release |
| | |
| nginx [41] | Fix crash when libnginx-mod-http-lua is |
| | loaded and init_worker_by_lua* is used; |
| | mitigate application layer protocol |
| | content confusion attack in the Mail |
| | module [CVE-2021-3618] |
| | |
| node-ejs [42] | Fix server-side template injection |
| | issue [CVE-2022-29078] |
| | |
| node-eventsource [43] | Strip sensitive headers on redirect to |
| | different origin [CVE-2022-1650] |
| | |
| node-got [44] | Don't allow redirection to Unix socket |
| | [CVE-2022-33987] |
| | |
| node-mermaid [45] | Fix cross-site scripting issues |
| | [CVE-2021-23648 CVE-2021-43861] |
| | |
| node-minimist [46] | Fix prototype pollution issue |
| | [CVE-2021-44906] |
| | |
| node-moment [47] | Fix path traversal issue [CVE-2022- |
| | 24785] |
| | |
| node-node-forge [48] | Fix signature verification issues |
| | [CVE-2022-24771 CVE-2022-24772 |
| | CVE-2022-24773] |
| | |
| node-raw-body [49] | Fix potential denial of service issue |
| | in node-express, by using node-iconv- |
| | lite rather than node-iconv |
| | |
| node-sqlite3 [50] | Fix denial of service issue [CVE-2022- |
| | 21227] |
| | |
| node-url-parse [51] | Fix authentication bypass issues |
| | [CVE-2022-0686 CVE-2022-0691] |
| | |
| nvidia-cuda-toolkit [52] | Use OpenJDK8 snapshots for amd64 and |
| | ppc64el; check usability of the java |
| | binary; nsight-compute: Move the |
| | 'sections' folder to a multiarch |
| | location; fix nvidia-openjdk-8-jre |
| | version ordering |
| | |
| nvidia-graphics- | New upstream release; switch to |
| drivers [53] | upstream 470 tree; fix denial of |
| | service issues [CVE-2022-21813 |
| | CVE-2022-21814]; fix out-of-bounds |
| | write issue [CVE-2022-28181], out-of- |
| | bounds read issue [CVE-2022-28183], |
| | denial of service issues [CVE-2022- |
| | 28184 CVE-2022-28191 CVE-2022-28192] |
| | |
| nvidia-graphics-drivers- | New upstream release; fix out-of-bound |
| legacy-390xx [54] | write issues [CVE-2022-28181 CVE-2022- |
| | 28185] |
| | |
| nvidia-graphics-drivers- | New upstream stable release |
| tesla-418 [55] | |
| | |
| nvidia-graphics-drivers- | New upstream stable release; fix out- |
| tesla-450 [56] | of-bounds write issues [CVE-2022-28181 |
| | CVE-2022-28185], denial of service |
| | issue [CVE-2022-28192] |
| | |
| nvidia-graphics-drivers- | New upstream stable release |
| tesla-460 [57] | |
| | |
| nvidia-graphics-drivers- | New package, switching Tesla support to |
| tesla-470 [58] | upstream 470 tree; fix out-of-bounds |
| | write issue [CVE-2022-28181], out-of- |
| | bounds read issue [CVE-2022-28183], |
| | denial of service issues [CVE-2022- |
| | 28184 CVE-2022-28191 CVE-2022-28192] |
| | |
| nvidia-persistenced [59] | New upstream release; switch to |
| | upstream 470 tree |
| | |
| nvidia-settings [60] | New upstream release; switch to |
| | upstream 470 tree |
| | |
| nvidia-settings- | New package, switching Tesla support to |
| tesla-470 [61] | upstream 470 tree |
| | |
| nvidia-xconfig [62] | New upstream release |
| | |
| openssh [63] | seccomp: add pselect6_time64 syscall on |
| | 32-bit architectures |
| | |
| orca [64] | Fix usage with webkitgtk 2.36 |
| | |
| php-guzzlehttp-psr7 [65] | Fix improper header parsing [CVE-2022- |
| | 24775] |
| | |
| phpmyadmin [66] | Fix some SQL queries generating a |
| | server error |
| | |
| postfix [67] | New upstream stable release; do not |
| | override user set default_transport in |
| | postinst; if-up.d: do not error out if |
| | postfix can't send mail yet |
| | |
| procmail [68] | Fix null pointer dereference |
| | |
| python-scrapy [69] | Don't send authentication data with all |
| | requests [CVE-2021-41125]; don't expose |
| | cookies cross-domain when redirecting |
| | [CVE-2022-0577] |
| | |
| ruby-net-ssh [70] | Fix authentication against systems |
| | using OpenSSH 8.8 |
| | |
| runc [71] | Honour seccomp defaultErrnoRet; do not |
| | set inheritable capabilities [CVE-2022- |
| | 29162] |
| | |
| samba [72] | Fix winbind start failure when "allow |
| | trusted domains = no" is used; fix MIT |
| | Kerberos authentication; fix share |
| | escape issue via mkdir race condition |
| | [CVE-2021-43566]; fix possible serious |
| | data corruption issue due to Windows |
| | client cache poisoning; fix |
| | installation on non-systemd systems |
| | |
| tcpdump [73] | Update AppArmor profile to allow access |
| | to *.cap files, and handle numerical |
| | suffix in filenames added by -W |
| | |
| telegram-desktop [74] | New upstream stable release, restoring |
| | functionality |
| | |
| tigervnc [75] | Fix GNOME desktop start up when using |
| | tigervncserver@.service; fix colour |
| | display when vncviewer and X11 server |
| | use different endianness |
| | |
| twisted [76] | Fix information disclosure issue with |
| | cross-domain redirects [CVE-2022- |
| | 21712], denial of service issue during |
| | SSH handshakes [CVE-2022-21716], HTTP |
| | request smuggling issues [CVE-2022- |
| | 24801] |
| | |
| tzdata [77] | Update timezone data for Palestine; |
| | update leap second list |
| | |
| ublock-origin [78] | New upstream stable release |
| | |
| unrar-nonfree [79] | Fix directory traversal issue |
| | [CVE-2022-30333] |
| | |
| usb.ids [80] | New upstream release; update included |
| | data |
| | |
| wireless-regdb [81] | New upstream release; remove diversion |
| | added by the installer, ensuring that |
| | files from the package are used |
| | |
+---------------------------+-----------------------------------------+
1: https://packages.debian.org/src:apache2
2: https://packages.debian.org/src:base-files
3: https://packages.debian.org/src:bash
4: https://packages.debian.org/src:clamav
5: https://packages.debian.org/src:clementine
6: https://packages.debian.org/src:composer
7: https://packages.debian.org/src:cyrus-imapd
8: https://packages.debian.org/src:dbus-broker
9: https://packages.debian.org/src:debian-edu-config
10: https://packages.debian.org/src:debian-installer
11: https://packages.debian.org/src:debian-installer-netboot-images
12: https://packages.debian.org/src:distro-info-data
13: https://packages.debian.org/src:docker.io
14: https://packages.debian.org/src:dpkg
15: https://packages.debian.org/src:freetype
16: https://packages.debian.org/src:fribidi
17: https://packages.debian.org/src:ganeti
18: https://packages.debian.org/src:geeqie
19: https://packages.debian.org/src:gnutls28
20: https://packages.debian.org/src:golang-github-russellhaering-goxmldsig
21: https://packages.debian.org/src:grunt
22: https://packages.debian.org/src:hdmi2usb-mode-switch
23: https://packages.debian.org/src:hexchat
24: https://packages.debian.org/src:htmldoc
25: https://packages.debian.org/src:knot-resolver
26: https://packages.debian.org/src:libapache2-mod-auth-openidc
27: https://packages.debian.org/src:libintl-perl
28: https://packages.debian.org/src:libsdl2
29: https://packages.debian.org/src:libtgowt
30: https://packages.debian.org/src:linux
31: https://packages.debian.org/src:linux-signed-amd64
32: https://packages.debian.org/src:linux-signed-arm64
33: https://packages.debian.org/src:linux-signed-i386
34: https://packages.debian.org/src:logrotate
35: https://packages.debian.org/src:lxc
36: https://packages.debian.org/src:minidlna
37: https://packages.debian.org/src:mutt
38: https://packages.debian.org/src:nano
39: https://packages.debian.org/src:needrestart
40: https://packages.debian.org/src:network-manager
41: https://packages.debian.org/src:nginx
42: https://packages.debian.org/src:node-ejs
43: https://packages.debian.org/src:node-eventsource
44: https://packages.debian.org/src:node-got
45: https://packages.debian.org/src:node-mermaid
46: https://packages.debian.org/src:node-minimist
47: https://packages.debian.org/src:node-moment
48: https://packages.debian.org/src:node-node-forge
49: https://packages.debian.org/src:node-raw-body
50: https://packages.debian.org/src:node-sqlite3
51: https://packages.debian.org/src:node-url-parse
52: https://packages.debian.org/src:nvidia-cuda-toolkit
53: https://packages.debian.org/src:nvidia-graphics-drivers
54: https://packages.debian.org/src:nvidia-graphics-drivers-legacy-390xx
55: https://packages.debian.org/src:nvidia-graphics-drivers-tesla-418
56: https://packages.debian.org/src:nvidia-graphics-drivers-tesla-450
57: https://packages.debian.org/src:nvidia-graphics-drivers-tesla-460
58: https://packages.debian.org/src:nvidia-graphics-drivers-tesla-470
59: https://packages.debian.org/src:nvidia-persistenced
60: https://packages.debian.org/src:nvidia-settings
61: https://packages.debian.org/src:nvidia-settings-tesla-470
62: https://packages.debian.org/src:nvidia-xconfig
63: https://packages.debian.org/src:openssh
64: https://packages.debian.org/src:orca
65: https://packages.debian.org/src:php-guzzlehttp-psr7
66: https://packages.debian.org/src:phpmyadmin
67: https://packages.debian.org/src:postfix
68: https://packages.debian.org/src:procmail
69: https://packages.debian.org/src:python-scrapy
70: https://packages.debian.org/src:ruby-net-ssh
71: https://packages.debian.org/src:runc
72: https://packages.debian.org/src:samba
73: https://packages.debian.org/src:tcpdump
74: https://packages.debian.org/src:telegram-desktop
75: https://packages.debian.org/src:tigervnc
76: https://packages.debian.org/src:twisted
77: https://packages.debian.org/src:tzdata
78: https://packages.debian.org/src:ublock-origin
79: https://packages.debian.org/src:unrar-nonfree
80: https://packages.debian.org/src:usb.ids
81: https://packages.debian.org/src:wireless-regdb
Security Updates
----------------
This revision adds the following security updates to the stable release.
The Security Team has already released an advisory for each of these
updates:
+----------------+--------------------------+
| Advisory ID | Package |
+----------------+--------------------------+
| DSA-4999 [82] | asterisk [83] |
| | |
| DSA-5026 [84] | firefox-esr [85] |
| | |
| DSA-5034 [86] | thunderbird [87] |
| | |
| DSA-5044 [88] | firefox-esr [89] |
| | |
| DSA-5045 [90] | thunderbird [91] |
| | |
| DSA-5069 [92] | firefox-esr [93] |
| | |
| DSA-5074 [94] | thunderbird [95] |
| | |
| DSA-5086 [96] | thunderbird [97] |
| | |
| DSA-5090 [98] | firefox-esr [99] |
| | |
| DSA-5094 [100] | thunderbird [101] |
| | |
| DSA-5097 [102] | firefox-esr [103] |
| | |
| DSA-5106 [104] | thunderbird [105] |
| | |
| DSA-5107 [106] | php-twig [107] |
| | |
| DSA-5108 [108] | tiff [109] |
| | |
| DSA-5110 [110] | chromium [111] |
| | |
| DSA-5111 [112] | zlib [113] |
| | |
| DSA-5112 [114] | chromium [115] |
| | |
| DSA-5113 [116] | firefox-esr [117] |
| | |
| DSA-5114 [118] | chromium [119] |
| | |
| DSA-5115 [120] | webkit2gtk [121] |
| | |
| DSA-5116 [122] | wpewebkit [123] |
| | |
| DSA-5117 [124] | xen [125] |
| | |
| DSA-5118 [126] | thunderbird [127] |
| | |
| DSA-5119 [128] | subversion [129] |
| | |
| DSA-5120 [130] | chromium [131] |
| | |
| DSA-5121 [132] | chromium [133] |
| | |
| DSA-5122 [134] | gzip [135] |
| | |
| DSA-5123 [136] | xz-utils [137] |
| | |
| DSA-5124 [138] | ffmpeg [139] |
| | |
| DSA-5125 [140] | chromium [141] |
| | |
| DSA-5127 [142] | linux-signed-amd64 [143] |
| | |
| DSA-5127 [144] | linux-signed-arm64 [145] |
| | |
| DSA-5127 [146] | linux-signed-i386 [147] |
| | |
| DSA-5127 [148] | linux [149] |
| | |
| DSA-5128 [150] | openjdk-17 [151] |
| | |
| DSA-5129 [152] | firefox-esr [153] |
| | |
| DSA-5130 [154] | dpdk [155] |
| | |
| DSA-5131 [156] | openjdk-11 [157] |
| | |
| DSA-5132 [158] | ecdsautils [159] |
| | |
| DSA-5133 [160] | qemu [161] |
| | |
| DSA-5134 [162] | chromium [163] |
| | |
| DSA-5136 [164] | postgresql-13 [165] |
| | |
| DSA-5137 [166] | needrestart [167] |
| | |
| DSA-5138 [168] | waitress [169] |
| | |
| DSA-5139 [170] | openssl [171] |
| | |
| DSA-5140 [172] | openldap [173] |
| | |
| DSA-5141 [174] | thunderbird [175] |
| | |
| DSA-5142 [176] | libxml2 [177] |
| | |
| DSA-5143 [178] | firefox-esr [179] |
| | |
| DSA-5145 [180] | lrzip [181] |
| | |
| DSA-5147 [182] | dpkg [183] |
| | |
| DSA-5148 [184] | chromium [185] |
| | |
| DSA-5149 [186] | cups [187] |
| | |
| DSA-5150 [188] | rsyslog [189] |
| | |
| DSA-5151 [190] | smarty3 [191] |
| | |
| DSA-5152 [192] | spip [193] |
| | |
| DSA-5153 [194] | trafficserver [195] |
| | |
| DSA-5154 [196] | webkit2gtk [197] |
| | |
| DSA-5155 [198] | wpewebkit [199] |
| | |
| DSA-5156 [200] | firefox-esr [201] |
| | |
| DSA-5157 [202] | cifs-utils [203] |
| | |
| DSA-5158 [204] | thunderbird [205] |
| | |
| DSA-5159 [206] | python-bottle [207] |
| | |
| DSA-5160 [208] | ntfs-3g [209] |
| | |
| DSA-5161 [210] | linux-signed-amd64 [211] |
| | |
| DSA-5161 [212] | linux-signed-arm64 [213] |
| | |
| DSA-5161 [214] | linux-signed-i386 [215] |
| | |
| DSA-5161 [216] | linux [217] |
| | |
| DSA-5162 [218] | containerd [219] |
| | |
| DSA-5163 [220] | chromium [221] |
| | |
| DSA-5164 [222] | exo [223] |
| | |
| DSA-5165 [224] | vlc [225] |
| | |
| DSA-5166 [226] | slurm-wlm [227] |
| | |
| DSA-5167 [228] | firejail [229] |
| | |
| DSA-5168 [230] | chromium [231] |
| | |
| DSA-5169 [232] | openssl [233] |
| | |
| DSA-5171 [234] | squid [235] |
| | |
| DSA-5172 [236] | firefox-esr [237] |
| | |
| DSA-5174 [238] | gnupg2 [239] |
| | |
+----------------+--------------------------+
82: https://www.debian.org/security/2021/dsa-4999
83: https://packages.debian.org/src:asterisk
84: https://www.debian.org/security/2021/dsa-5026
85: https://packages.debian.org/src:firefox-esr
86: https://www.debian.org/security/2022/dsa-5034
87: https://packages.debian.org/src:thunderbird
88: https://www.debian.org/security/2022/dsa-5044
89: https://packages.debian.org/src:firefox-esr
90: https://www.debian.org/security/2022/dsa-5045
91: https://packages.debian.org/src:thunderbird
92: https://www.debian.org/security/2022/dsa-5069
93: https://packages.debian.org/src:firefox-esr
94: https://www.debian.org/security/2022/dsa-5074
95: https://packages.debian.org/src:thunderbird
96: https://www.debian.org/security/2022/dsa-5086
97: https://packages.debian.org/src:thunderbird
98: https://www.debian.org/security/2022/dsa-5090
99: https://packages.debian.org/src:firefox-esr
100: https://www.debian.org/security/2022/dsa-5094
101: https://packages.debian.org/src:thunderbird
102: https://www.debian.org/security/2022/dsa-5097
103: https://packages.debian.org/src:firefox-esr
104: https://www.debian.org/security/2022/dsa-5106
105: https://packages.debian.org/src:thunderbird
106: https://www.debian.org/security/2022/dsa-5107
107: https://packages.debian.org/src:php-twig
108: https://www.debian.org/security/2022/dsa-5108
109: https://packages.debian.org/src:tiff
110: https://www.debian.org/security/2022/dsa-5110
111: https://packages.debian.org/src:chromium
112: https://www.debian.org/security/2022/dsa-5111
113: https://packages.debian.org/src:zlib
114: https://www.debian.org/security/2022/dsa-5112
115: https://packages.debian.org/src:chromium
116: https://www.debian.org/security/2022/dsa-5113
117: https://packages.debian.org/src:firefox-esr
118: https://www.debian.org/security/2022/dsa-5114
119: https://packages.debian.org/src:chromium
120: https://www.debian.org/security/2022/dsa-5115
121: https://packages.debian.org/src:webkit2gtk
122: https://www.debian.org/security/2022/dsa-5116
123: https://packages.debian.org/src:wpewebkit
124: https://www.debian.org/security/2022/dsa-5117
125: https://packages.debian.org/src:xen
126: https://www.debian.org/security/2022/dsa-5118
127: https://packages.debian.org/src:thunderbird
128: https://www.debian.org/security/2022/dsa-5119
129: https://packages.debian.org/src:subversion
130: https://www.debian.org/security/2022/dsa-5120
131: https://packages.debian.org/src:chromium
132: https://www.debian.org/security/2022/dsa-5121
133: https://packages.debian.org/src:chromium
134: https://www.debian.org/security/2022/dsa-5122
135: https://packages.debian.org/src:gzip
136: https://www.debian.org/security/2022/dsa-5123
137: https://packages.debian.org/src:xz-utils
138: https://www.debian.org/security/2022/dsa-5124
139: https://packages.debian.org/src:ffmpeg
140: https://www.debian.org/security/2022/dsa-5125
141: https://packages.debian.org/src:chromium
142: https://www.debian.org/security/2022/dsa-5127
143: https://packages.debian.org/src:linux-signed-amd64
144: https://www.debian.org/security/2022/dsa-5127
145: https://packages.debian.org/src:linux-signed-arm64
146: https://www.debian.org/security/2022/dsa-5127
147: https://packages.debian.org/src:linux-signed-i386
148: https://www.debian.org/security/2022/dsa-5127
149: https://packages.debian.org/src:linux
150: https://www.debian.org/security/2022/dsa-5128
151: https://packages.debian.org/src:openjdk-17
152: https://www.debian.org/security/2022/dsa-5129
153: https://packages.debian.org/src:firefox-esr
154: https://www.debian.org/security/2022/dsa-5130
155: https://packages.debian.org/src:dpdk
156: https://www.debian.org/security/2022/dsa-5131
157: https://packages.debian.org/src:openjdk-11
158: https://www.debian.org/security/2022/dsa-5132
159: https://packages.debian.org/src:ecdsautils
160: https://www.debian.org/security/2022/dsa-5133
161: https://packages.debian.org/src:qemu
162: https://www.debian.org/security/2022/dsa-5134
163: https://packages.debian.org/src:chromium
164: https://www.debian.org/security/2022/dsa-5136
165: https://packages.debian.org/src:postgresql-13
166: https://www.debian.org/security/2022/dsa-5137
167: https://packages.debian.org/src:needrestart
168: https://www.debian.org/security/2022/dsa-5138
169: https://packages.debian.org/src:waitress
170: https://www.debian.org/security/2022/dsa-5139
171: https://packages.debian.org/src:openssl
172: https://www.debian.org/security/2022/dsa-5140
173: https://packages.debian.org/src:openldap
174: https://www.debian.org/security/2022/dsa-5141
175: https://packages.debian.org/src:thunderbird
176: https://www.debian.org/security/2022/dsa-5142
177: https://packages.debian.org/src:libxml2
178: https://www.debian.org/security/2022/dsa-5143
179: https://packages.debian.org/src:firefox-esr
180: https://www.debian.org/security/2022/dsa-5145
181: https://packages.debian.org/src:lrzip
182: https://www.debian.org/security/2022/dsa-5147
183: https://packages.debian.org/src:dpkg
184: https://www.debian.org/security/2022/dsa-5148
185: https://packages.debian.org/src:chromium
186: https://www.debian.org/security/2022/dsa-5149
187: https://packages.debian.org/src:cups
188: https://www.debian.org/security/2022/dsa-5150
189: https://packages.debian.org/src:rsyslog
190: https://www.debian.org/security/2022/dsa-5151
191: https://packages.debian.org/src:smarty3
192: https://www.debian.org/security/2022/dsa-5152
193: https://packages.debian.org/src:spip
194: https://www.debian.org/security/2022/dsa-5153
195: https://packages.debian.org/src:trafficserver
196: https://www.debian.org/security/2022/dsa-5154
197: https://packages.debian.org/src:webkit2gtk
198: https://www.debian.org/security/2022/dsa-5155
199: https://packages.debian.org/src:wpewebkit
200: https://www.debian.org/security/2022/dsa-5156
201: https://packages.debian.org/src:firefox-esr
202: https://www.debian.org/security/2022/dsa-5157
203: https://packages.debian.org/src:cifs-utils
204: https://www.debian.org/security/2022/dsa-5158
205: https://packages.debian.org/src:thunderbird
206: https://www.debian.org/security/2022/dsa-5159
207: https://packages.debian.org/src:python-bottle
208: https://www.debian.org/security/2022/dsa-5160
209: https://packages.debian.org/src:ntfs-3g
210: https://www.debian.org/security/2022/dsa-5161
211: https://packages.debian.org/src:linux-signed-amd64
212: https://www.debian.org/security/2022/dsa-5161
213: https://packages.debian.org/src:linux-signed-arm64
214: https://www.debian.org/security/2022/dsa-5161
215: https://packages.debian.org/src:linux-signed-i386
216: https://www.debian.org/security/2022/dsa-5161
217: https://packages.debian.org/src:linux
218: https://www.debian.org/security/2022/dsa-5162
219: https://packages.debian.org/src:containerd
220: https://www.debian.org/security/2022/dsa-5163
221: https://packages.debian.org/src:chromium
222: https://www.debian.org/security/2022/dsa-5164
223: https://packages.debian.org/src:exo
224: https://www.debian.org/security/2022/dsa-5165
225: https://packages.debian.org/src:vlc
226: https://www.debian.org/security/2022/dsa-5166
227: https://packages.debian.org/src:slurm-wlm
228: https://www.debian.org/security/2022/dsa-5167
229: https://packages.debian.org/src:firejail
230: https://www.debian.org/security/2022/dsa-5168
231: https://packages.debian.org/src:chromium
232: https://www.debian.org/security/2022/dsa-5169
233: https://packages.debian.org/src:openssl
234: https://www.debian.org/security/2022/dsa-5171
235: https://packages.debian.org/src:squid
236: https://www.debian.org/security/2022/dsa-5172
237: https://packages.debian.org/src:firefox-esr
238: https://www.debian.org/security/2022/dsa-5174
239: https://packages.debian.org/src:gnupg2
Removed packages
----------------
The following packages were removed due to circumstances beyond our
control:
+---------------------+-------------------------------+
| Package | Reason |
+---------------------+-------------------------------+
| elog [240] | Unmaintained; security issues |
| | |
| python-hbmqtt [241] | Unamintained and broken |
| | |
+---------------------+-------------------------------+
240: https://packages.debian.org/src:elog
241: https://packages.debian.org/src:python-hbmqtt
Debian Installer
----------------
The installer has been updated to include the fixes incorporated into
stable by the point release.
URLs
----
The complete lists of packages that have changed with this revision:
https://deb.debian.org/debian/dists/bullseye/ChangeLog
The current stable distribution:
https://deb.debian.org/debian/dists/stable/
Proposed updates to the stable distribution:
https://deb.debian.org/debian/dists/proposed-updates
stable distribution information (release notes, errata etc.):
https://www.debian.org/releases/stable/
Security announcements and information:
https://www.debian.org/security/
About Debian
------------
The Debian Project is an association of Free Software developers who
volunteer their time and effort in order to produce the completely free
operating system Debian.
Contact Information
-------------------
For further information, please visit the Debian web pages at
https://www.debian.org/, send mail to <pr...@debian.org>, or contact the
stable release team at <debian-...@lists.debian.org>.
0 new messages