diff options
author | Donald Norwood <donald@debian.org> | 2022-09-10 06:11:37 -0400 |
---|---|---|
committer | Donald Norwood <donald@debian.org> | 2022-09-10 06:11:37 -0400 |
commit | 4924e09e5cb1b4163d7ec7161488354e4167b24c (patch) | |
tree | 922e06774c3951f9234242f5e2f74032b2f1f056 /english/News | |
parent | 339229f077f13d46749877606a20a5dcd6a8a68f (diff) |
10.13 and 11.5 point releases
Diffstat (limited to 'english/News')
-rw-r--r-- | english/News/2022/20220910.wml | 302 | ||||
-rw-r--r-- | english/News/2022/2022091002.wml | 269 |
2 files changed, 571 insertions, 0 deletions
diff --git a/english/News/2022/20220910.wml b/english/News/2022/20220910.wml new file mode 100644 index 00000000000..be29b9e56a8 --- /dev/null +++ b/english/News/2022/20220910.wml @@ -0,0 +1,302 @@ +<define-tag pagetitle>Updated Debian 10: 10.13 released</define-tag> +<define-tag release_date>2022-09-10</define-tag> +#use wml::debian::news +# $Id: + +<define-tag release>10</define-tag> +<define-tag codename>buster</define-tag> +<define-tag revision>10.13</define-tag> + +<define-tag dsa> + <tr><td align="center"><a href="$(HOME)/security/%0/dsa-%1">DSA-%1</a></td> + <td align="center"><: + my @p = (); + for my $p (split (/,\s*/, "%2")) { + push (@p, sprintf ('<a href="https://packages.debian.org/src:%s">%s</a>', $p, $p)); + } + print join (", ", @p); +:></td></tr> +</define-tag> + +<define-tag correction> + <tr><td><a href="https://packages.debian.org/src:%0">%0</a></td> <td>%1</td></tr> +</define-tag> + +<define-tag srcpkg><a href="https://packages.debian.org/src:%0">%0</a></define-tag> + +<p>The Debian project is pleased to announce the thirteenth (and final) update of its +oldstable distribution Debian <release> (codename <q><codename></q>). +This point release mainly adds corrections for security issues, +along with a few adjustments for serious problems. Security advisories +have already been published separately and are referenced where available.</p> + +<p>After this point release, Debian's Security and Release Teams will no longer be +producing updates for Debian 10. Users wishing to continue to receive security support +should upgrade to Debian 11, or see <url "https://wiki.debian.org/LTS"> for details +about the subset of architectures and packages covered by the Long Term Support +project.</p> + +<p>Please note that the point release does not constitute a new version of Debian +<release> but only updates some of the packages included. There is +no need to throw away old <q><codename></q> media. After installation, +packages can be upgraded to the current versions using an up-to-date Debian +mirror.</p> + +<p>Those who frequently install updates from security.debian.org won't have +to update many packages, and most such updates are +included in the point release.</p> + +<p>New installation images will be available soon at the regular locations.</p> + +<p>Upgrading an existing installation to this revision can be achieved by +pointing the package management system at one of Debian's many HTTP mirrors. +A comprehensive list of mirrors is available at:</p> + +<div class="center"> + <a href="$(HOME)/mirror/list">https://www.debian.org/mirror/list</a> +</div> + + + + +<h2>Miscellaneous Bugfixes</h2> + +<p>This oldstable update adds a few important corrections to the following packages:</p> + +<table border=0> +<tr><th>Package</th> <th>Reason</th></tr> +<correction adminer "Fix open redirect issue, cross-site scripting issues [CVE-2020-35572 CVE-2021-29625]; elasticsearch: Do not print response if HTTP code is not 200 [CVE-2021-21311]; provide a compiled version and configuration files"> +<correction apache2 "Fix denial of service issue [CVE-2022-22719], HTTP request smuggling issue [CVE-2022-22720], integer overflow issue [CVE-2022-22721], out-of-bounds write issue [CVE-2022-23943], HTTP request smuggling issue [CVE-2022-26377], out-of-bounds read issues [CVE-2022-28614 CVE-2022-28615], denial of service issue [CVE-2022-29404], out-of-bounds read issue [CVE-2022-30556], possible IP-based authentication bypass issue [CVE-2022-31813]"> +<correction base-files "Update for the 10.13 point release"> +<correction clamav "New upstream stable release; security fixes [CVE-2022-20770 CVE-2022-20771 CVE-2022-20785 CVE-2022-20792 CVE-2022-20796]"> +<correction commons-daemon "Fix JVM detection"> +<correction composer "Fix code injection vulnerability [CVE-2022-24828]; update GitHub token pattern; use Authorization header instead of deprecated access_token query parameter"> +<correction debian-installer "Rebuild against buster-proposed-updates; increase Linux ABI to 4.19.0-21"> +<correction debian-installer-netboot-images "Rebuild against buster-proposed-updates; increase Linux ABI to 4.19.0-21"> +<correction debian-security-support "Update security status of various packages"> +<correction debootstrap "Ensure non-merged-usr chroots can continue to be created for older releases and buildd chroots"> +<correction distro-info-data "Add Ubuntu 22.04 LTS, Jammy Jellyfish and Ubuntu 22.10, Kinetic Kudu"> +<correction dropbear "Fix possible username enumeration issue [CVE-2019-12953]"> +<correction eboard "Fix segfault on engine selection"> +<correction esorex "Fix testsuite failures on armhf and ppc64el caused by incorrect libffi usage"> +<correction evemu "Fix build failure with recent kernel versions"> +<correction feature-check "Fix some version comparisons"> +<correction flac "Fix out-of-bounds write issue [CVE-2021-0561]"> +<correction foxtrotgps "Fix build failure with newer imagemagick versions"> +<correction freeradius "Fix side-channel leak where 1 in 2048 handshakes fail [CVE-2019-13456], denial of service issue due to multithreaded BN_CTX access [CVE-2019-17185], crash due to non-thread safe memory allocation"> +<correction freetype "Fix buffer overflow issue [CVE-2022-27404]; fix crashes [CVE-2022-27405 CVE-2022-27406]"> +<correction fribidi "Fix buffer overflow issues [CVE-2022-25308 CVE-2022-25309]; fix crash [CVE-2022-25310]"> +<correction ftgl "Don't try to convert PNG to EPS for latex, as our imagemagick has EPS disabled for security reasons"> +<correction gif2apng "Fix heap-based buffer overflows [CVE-2021-45909 CVE-2021-45910 CVE-2021-45911]"> +<correction gnucash "Fix build failure with recent tzdata"> +<correction gnutls28 "Fix test suite when combined with OpenSSL 1.1.1e or newer"> +<correction golang-github-docker-go-connections "Skip tests that use expired certificates"> +<correction golang-github-pkg-term "Fix building on newer 4.19 kernels"> +<correction golang-github-russellhaering-goxmldsig "Fix NULL pointer dereference issue [CVE-2020-7711]"> +<correction grub-efi-amd64-signed "New upstream release"> +<correction grub-efi-arm64-signed "New upstream release"> +<correction grub-efi-ia32-signed "New upstream release"> +<correction grub2 "New upstream release"> +<correction htmldoc "Fix infinite loop [CVE-2022-24191], integer overflow issues [CVE-2022-27114] and heap buffer overflow issue [CVE-2022-28085]"> +<correction iptables-netflow "Fix DKMS build failure regression caused by Linux upstream changes in the 4.19.191 kernel"> +<correction isync "Fix buffer overflow issues [CVE-2021-3657]"> +<correction kannel "Fix build failure by disabling generation of Postscript documentation"> +<correction krb5 "Use SHA256 as Pkinit CMS Digest"> +<correction libapache2-mod-auth-openidc "Improve validation of the post-logout URL parameter on logout [CVE-2019-14857]"> +<correction libdatetime-timezone-perl "Update included data"> +<correction libhttp-cookiejar-perl "Fix build failure by increasing the expiry date of a test cookie"> +<correction libnet-freedb-perl "Change the default host from the defunct freedb.freedb.org to gnudb.gnudb.org"> +<correction libnet-ssleay-perl "Fix test failures with OpenSSL 1.1.1n"> +<correction librose-db-object-perl "Fix test failure after 6/6/2020"> +<correction libvirt-php "Fix segmentation fault in libvirt_node_get_cpu_stats"> +<correction llvm-toolchain-13 "New source package to support building of newer firefox-esr and thunderbird versions"> +<correction minidlna "Validate HTTP requests to protect against DNS rebinding attacks [CVE-2022-26505]"> +<correction mokutil "New upstream version, to allow for SBAT management"> +<correction mutt "Fix uudecode buffer overflow [CVE-2022-1328]"> +<correction node-ejs "Sanitize options and new objects [CVE-2022-29078]"> +<correction node-end-of-stream "Work around test bug"> +<correction node-minimist "Fix prototype pollution issue [CVE-2021-44906]"> +<correction node-node-forge "Fix signature verification issues [CVE-2022-24771 CVE-2022-24772 CVE-2022-24773]"> +<correction node-require-from-string "Fix a test in conjunction with nodejs >= 10.16"> +<correction nvidia-graphics-drivers "New upstream release"> +<correction nvidia-graphics-drivers-legacy-390xx "New upstream release; fix out-of-bound write issues [CVE-2022-28181 CVE-2022-28185]; security fixes [CVE-2022-31607 CVE-2022-31608 CVE-2022-31615]"> +<correction octavia "Fix client certificate checks [CVE-2019-17134]; correctly detect that the agent is running on Debian; fix template that generates vrrp check script; add additional runtime dependencies; ship additional configuration directly in the agent package"> +<correction orca "Fix use with WebKitGTK 2.36"> +<correction pacemaker "Update relationship versions to fix upgrades from stretch LTS"> +<correction pglogical "Fix build failure"> +<correction php-guzzlehttp-psr7 "Fix improper header parsing [CVE-2022-24775]"> +<correction postfix "New upstream stable release; do not override user set default_transport; if-up.d: do not error out if postfix can't send mail yet; fix duplicate bounce_notice_recipient entries in postconf output"> +<correction postgresql-common "pg_virtualenv: Write temporary password file before chowning the file"> +<correction postsrsd "Fix potential denial of service issue when Postfix sends certain long data fields such as multiple concatenated email addresses [CVE-2021-35525]"> +<correction procmail "Fix NULL pointer dereference"> +<correction publicsuffix "Update included data"> +<correction python-keystoneauth1 "Update tests to fix build failure"> +<correction python-scrapy "Don't send authentication data with all requests [CVE-2021-41125]; don't expose cookies cross-domain when redirecting [CVE-2022-0577]"> +<correction python-udatetime "Properly link against libm library"> +<correction qtbase-opensource-src "Fix setTabOrder for compound widgets; add an expansion limit for XML entities [CVE-2015-9541]"> +<correction ruby-activeldap "Add missing dependency on ruby-builder"> +<correction ruby-hiredis "Skip some unreliable tests in order to fix build failure"> +<correction ruby-http-parser.rb "Fix build failure when using http-parser containing the fix for CVE-2019-15605"> +<correction ruby-riddle "Allow use of <q>LOAD DATA LOCAL INFILE</q>"> +<correction sctk "Use <q>pdftoppm</q> instead of <q>convert</q> to convert PDF to JPEG as the latter fails with the changed security policy of ImageMagick"> +<correction twisted "Fix incorrect URI and HTTP method validation issue [CVE-2019-12387], incorrect certificate validation in XMPP support [CVE-2019-12855], HTTP/2 denial of service issues, HTTP request smuggling issues [CVE-2020-10108 CVE-2020-10109 CVE-2022-24801], information disclosure issue when following cross-domain redirects [CVE-2022-21712], denial of service issue during SSH handshake [CVE-2022-21716]"> +<correction tzdata "Update timezone data for Iran, Chile and Palestine; update leap second list"> +<correction ublock-origin "New upstream stable release"> +<correction unrar-nonfree "Fix directory traversal issue [CVE-2022-30333]"> +<correction wireshark "Fix remote code execution issue [CVE-2021-22191], denial of service issues [CVE-2021-4181 CVE-2021-4184 CVE-2021-4185 CVE-2022-0581 CVE-2022-0582 CVE-2022-0583 CVE-2022-0585 CVE-2022-0586]"> +</table> + + +<h2>Security Updates</h2> + + +<p>This revision adds the following security updates to the oldstable release. +The Security Team has already released an advisory for each of these +updates:</p> + +<table border=0> +<tr><th>Advisory ID</th> <th>Package</th></tr> +<dsa 2021 4836 openvswitch> +<dsa 2021 4852 openvswitch> +<dsa 2021 4906 chromium> +<dsa 2021 4911 chromium> +<dsa 2021 4917 chromium> +<dsa 2021 4981 firefox-esr> +<dsa 2022 5034 thunderbird> +<dsa 2022 5044 firefox-esr> +<dsa 2022 5045 thunderbird> +<dsa 2022 5069 firefox-esr> +<dsa 2022 5074 thunderbird> +<dsa 2022 5077 librecad> +<dsa 2022 5080 snapd> +<dsa 2022 5086 thunderbird> +<dsa 2022 5090 firefox-esr> +<dsa 2022 5094 thunderbird> +<dsa 2022 5097 firefox-esr> +<dsa 2022 5106 thunderbird> +<dsa 2022 5108 tiff> +<dsa 2022 5109 faad2> +<dsa 2022 5111 zlib> +<dsa 2022 5113 firefox-esr> +<dsa 2022 5115 webkit2gtk> +<dsa 2022 5118 thunderbird> +<dsa 2022 5119 subversion> +<dsa 2022 5122 gzip> +<dsa 2022 5123 xz-utils> +<dsa 2022 5126 ffmpeg> +<dsa 2022 5129 firefox-esr> +<dsa 2022 5131 openjdk-11> +<dsa 2022 5132 ecdsautils> +<dsa 2022 5135 postgresql-11> +<dsa 2022 5137 needrestart> +<dsa 2022 5138 waitress> +<dsa 2022 5139 openssl> +<dsa 2022 5140 openldap> +<dsa 2022 5141 thunderbird> +<dsa 2022 5142 libxml2> +<dsa 2022 5143 firefox-esr> +<dsa 2022 5144 condor> +<dsa 2022 5145 lrzip> +<dsa 2022 5147 dpkg> +<dsa 2022 5149 cups> +<dsa 2022 5150 rsyslog> +<dsa 2022 5151 smarty3> +<dsa 2022 5152 spip> +<dsa 2022 5153 trafficserver> +<dsa 2022 5154 webkit2gtk> +<dsa 2022 5156 firefox-esr> +<dsa 2022 5157 cifs-utils> +<dsa 2022 5158 thunderbird> +<dsa 2022 5159 python-bottle> +<dsa 2022 5160 ntfs-3g> +<dsa 2022 5164 exo> +<dsa 2022 5165 vlc> +<dsa 2022 5167 firejail> +<dsa 2022 5169 openssl> +<dsa 2022 5171 squid> +<dsa 2022 5172 firefox-esr> +<dsa 2022 5173 linux-latest> +<dsa 2022 5173 linux-signed-amd64> +<dsa 2022 5173 linux-signed-arm64> +<dsa 2022 5173 linux-signed-i386> +<dsa 2022 5173 linux> +<dsa 2022 5174 gnupg2> +<dsa 2022 5175 thunderbird> +<dsa 2022 5176 blender> +<dsa 2022 5178 intel-microcode> +<dsa 2022 5181 request-tracker4> +<dsa 2022 5182 webkit2gtk> +<dsa 2022 5185 mat2> +<dsa 2022 5186 djangorestframework> +<dsa 2022 5188 openjdk-11> +<dsa 2022 5189 gsasl> +<dsa 2022 5190 spip> +<dsa 2022 5193 firefox-esr> +<dsa 2022 5194 booth> +<dsa 2022 5195 thunderbird> +<dsa 2022 5196 libpgjava> +</table> + + +<h2>Removed packages</h2> + +<p>The following packages were removed due to circumstances beyond our control:</p> + +<table border=0> +<tr><th>Package</th> <th>Reason</th></tr> +<correction elog "Unmaintained; security issues"> +<correction libnet-amazon-perl "Depends on removed API"> + +</table> + +<h2>Debian Installer</h2> +<p>The installer has been updated to include the fixes incorporated +into oldstable by the point release.</p> + +<h2>URLs</h2> + +<p>The complete lists of packages that have changed with this revision:</p> + +<div class="center"> + <url "https://deb.debian.org/debian/dists/<downcase <codename>>/ChangeLog"> +</div> + +<p>The current oldstable distribution:</p> + +<div class="center"> + <url "https://deb.debian.org/debian/dists/oldstable/"> +</div> + +<p>Proposed updates to the oldstable distribution:</p> + +<div class="center"> + <url "https://deb.debian.org/debian/dists/oldstable-proposed-updates"> +</div> + +<p>oldstable distribution information (release notes, errata etc.):</p> + +<div class="center"> + <a + href="$(HOME)/releases/oldstable/">https://www.debian.org/releases/oldstable/</a> +</div> + +<p>Security announcements and information:</p> + +<div class="center"> + <a href="$(HOME)/security/">https://www.debian.org/security/</a> +</div> + +<h2>About Debian</h2> + +<p>The Debian Project is an association of Free Software developers who +volunteer their time and effort in order to produce the completely +free operating system Debian.</p> + +<h2>Contact Information</h2> + +<p>For further information, please visit the Debian web pages at +<a href="$(HOME)/">https://www.debian.org/</a>, send mail to +<press@debian.org>, or contact the stable release team at +<debian-release@lists.debian.org>.</p> + + diff --git a/english/News/2022/2022091002.wml b/english/News/2022/2022091002.wml new file mode 100644 index 00000000000..82bd78d1232 --- /dev/null +++ b/english/News/2022/2022091002.wml @@ -0,0 +1,269 @@ +<define-tag pagetitle>Updated Debian 11: 11.5 released</define-tag> +<define-tag release_date>2022-09-10</define-tag> +#use wml::debian::news +# $Id: + +<define-tag release>11</define-tag> +<define-tag codename>bullseye</define-tag> +<define-tag revision>11.5</define-tag> + +<define-tag dsa> + <tr><td align="center"><a href="$(HOME)/security/%0/dsa-%1">DSA-%1</a></td> + <td align="center"><: + my @p = (); + for my $p (split (/,\s*/, "%2")) { + push (@p, sprintf ('<a href="https://packages.debian.org/src:%s">%s</a>', $p, $p)); + } + print join (", ", @p); +:></td></tr> +</define-tag> + +<define-tag correction> + <tr><td><a href="https://packages.debian.org/src:%0">%0</a></td> <td>%1</td></tr> +</define-tag> + +<define-tag srcpkg><a href="https://packages.debian.org/src:%0">%0</a></define-tag> + +<p>The Debian project is pleased to announce the fifth update of its +stable distribution Debian <release> (codename <q><codename></q>). +This point release mainly adds corrections for security issues, +along with a few adjustments for serious problems. Security advisories +have already been published separately and are referenced where available.</p> + +<p>Please note that the point release does not constitute a new version of Debian +<release> but only updates some of the packages included. There is +no need to throw away old <q><codename></q> media. After installation, +packages can be upgraded to the current versions using an up-to-date Debian +mirror.</p> + +<p>Those who frequently install updates from security.debian.org won't have +to update many packages, and most such updates are +included in the point release.</p> + +<p>New installation images will be available soon at the regular locations.</p> + +<p>Upgrading an existing installation to this revision can be achieved by +pointing the package management system at one of Debian's many HTTP mirrors. +A comprehensive list of mirrors is available at:</p> + +<div class="center"> + <a href="$(HOME)/mirror/list">https://www.debian.org/mirror/list</a> +</div> + + + + +<h2>Miscellaneous Bugfixes</h2> + +<p>This stable update adds a few important corrections to the following packages:</p> + +<table border=0> +<tr><th>Package</th> <th>Reason</th></tr> +<correction avahi "Fix display of URLs containing '&' in avahi-discover; do not disable timeout cleanup on watch cleanup; fix NULL pointer crashes when trying to resolve badly-formatted hostnames [CVE-2021-3502]"> +<correction base-files "Update /etc/debian_version for the 11.5 point release"> +<correction cargo-mozilla "New source package to support building of newer firefox-esr and thunderbird versions"> +<correction clamav "New upstream stable release"> +<correction commons-daemon "Fix JVM detection"> +<correction curl "Reject cookies with <q>control bytes</q> [CVE-2022-35252]"> +<correction dbus-broker "Fix assertion failure when disconnecting peer groups; fix memory leak; fix null pointer dereference [CVE-2022-31213]"> +<correction debian-installer "Rebuild against proposed-updates; increase Linux kernel ABI to 5.10.0-18"> +<correction debian-installer-netboot-images "Rebuild against proposed-updates; increase Linux kernel ABI to 5.10.0-18"> +<correction debian-security-support "Update support status of various packages"> +<correction debootstrap "Ensure non-merged-usr chroots can continue to be created for older releases and buildd chroots"> +<correction dlt-daemon "Fix double free issue [CVE-2022-31291]"> +<correction dnsproxy "Listen on localhost by default, rather than the possibly unavailable 192.168.168.1"> +<correction dovecot "Fix possible security issues when two passdb configuration entries exist with the same driver and args settings [CVE-2022-30550]"> +<correction dpkg "Fix conffile removal-on-upgrade handling, memory leak in remove-on-upgrade handling; Dpkg::Shlibs::Objdump: Fix apply_relocations to work with versioned symbols; add support for ARCv2 CPU; several updates and fixes to dpkg-fsys-usrunmess"> +<correction fig2dev "Fix double free issue [CVE-2021-37529], denial of service issue [CVE-2021-37530]; stop misplacement of embedded eps images"> +<correction foxtrotgps "Fix crash by ensuring that threads are always unreferenced"> +<correction gif2apng "Fix heap-based buffer overflows [CVE-2021-45909 CVE-2021-45910 CVE-2021-45911]"> +<correction glibc "Fix an off-by-one buffer overflow/underflow in getcwd() [CVE-2021-3999]; fix several overflows in wide character functions; add a few EVEX optimized string functions to fix a performance issue (up to 40%) with Skylake-X processors; make grantpt usable after multi-threaded fork; ensure that libio vtable protection is enabled"> +<correction golang-github-pkg-term "Fix building on newer Linux kernels"> +<correction gri "Use <q>ps2pdf</q> instead of <q>convert</q> for converting from PS to PDF"> +<correction grub-efi-amd64-signed "New upstream release"> +<correction grub-efi-arm64-signed "New upstream release"> +<correction grub-efi-ia32-signed "New upstream release"> +<correction grub2 "New upstream release"> +<correction http-parser "Unset F_CHUNKED on new Transfer-Encoding, fixing possible HTTP request smuggling issue [CVE-2020-8287]"> +<correction ifenslave "Fix bonded interface configurations"> +<correction inetutils "Fix buffer overflow issue [CVE-2019-0053], stack exhaustion issue, handling of FTP PASV responses [CVE-2021-40491], denial of service issue [CVE-2022-39028]"> +<correction knot "Fix IXFR to AXFR fallback with dnsmasq"> +<correction krb5 "Use SHA256 as Pkinit CMS Digest"> +<correction libayatana-appindicator "Provide compatibility for software that depends on libappindicator"> +<correction libdatetime-timezone-perl "Update included data"> +<correction libhttp-daemon-perl "Improve handling of Content-Length header [CVE-2022-31081]"> +<correction libreoffice "Support EUR in .hr locale; add HRK<->EUR conversion rate to Calc and the Euro Wizard; security fixes [CVE-2021-25636 CVE-2022-26305 CVE-2022-26306 CVE-2022-26307]; fix hang accessing Evolution address books"> +<correction linux "New upstream stable release"> +<correction linux-signed-amd64 "New upstream stable release"> +<correction linux-signed-arm64 "New upstream stable release"> +<correction linux-signed-i386 "New upstream stable release"> +<correction llvm-toolchain-13 "New source package to support building of newer firefox-esr and thunderbird versions"> +<correction lwip "Fix buffer overflow issues [CVE-2020-22283 CVE-2020-22284]"> +<correction mokutil "New upstream version, to allow for SBAT management"> +<correction node-log4js "Do not create world-readable files by default [CVE-2022-21704]"> +<correction node-moment "Fix regular expression-based denial of service issue [CVE-2022-31129]"> +<correction nvidia-graphics-drivers "New upstream release; security fixes [CVE-2022-31607 CVE-2022-31608 CVE-2022-31615]"> +<correction nvidia-graphics-drivers-legacy-390xx "New upstream release; security fixes [CVE-2022-31607 CVE-2022-31608 CVE-2022-31615]"> +<correction nvidia-graphics-drivers-tesla-450 "New upstream release; security fixes [CVE-2022-31607 CVE-2022-31608 CVE-2022-31615]"> +<correction nvidia-graphics-drivers-tesla-470 "New upstream release; security fixes [CVE-2022-31607 CVE-2022-31608 CVE-2022-31615]"> +<correction nvidia-settings "New upstream release; fix cross-building"> +<correction nvidia-settings-tesla-470 "New upstream release; fix cross-building"> +<correction pcre2 "Fix out-of-bounds read issues [CVE-2022-1586 CVE-2022-1587]"> +<correction postgresql-13 "Do not let extension scripts replace objects not already belonging to the extension [CVE-2022-2625]"> +<correction publicsuffix "Update included data"> +<correction rocksdb "Fix illegal instruction on arm64"> +<correction sbuild "Buildd::Mail: support MIME encoded Subject: header, also copy the Content-Type: header when forwarding mail"> +<correction systemd "Drop bundled copy of linux/if_arp.h, fixing build failures with newer kernel headers; support detection for ARM64 Hyper-V guests; detect OpenStack instance as KVM on arm"> +<correction twitter-bootstrap4 "Actually install CSS map files"> +<correction tzdata "Update timezone data for Iran and Chile"> +<correction xtables-addons "Support both old and new versions of security_skb_classify_flow()"> +</table> + + +<h2>Security Updates</h2> + + +<p>This revision adds the following security updates to the stable release. +The Security Team has already released an advisory for each of these +updates:</p> + +<table border=0> +<tr><th>Advisory ID</th> <th>Package</th></tr> +<dsa 2022 5175 thunderbird> +<dsa 2022 5176 blender> +<dsa 2022 5177 ldap-account-manager> +<dsa 2022 5178 intel-microcode> +<dsa 2022 5179 php7.4> +<dsa 2022 5180 chromium> +<dsa 2022 5181 request-tracker4> +<dsa 2022 5182 webkit2gtk> +<dsa 2022 5183 wpewebkit> +<dsa 2022 5184 xen> +<dsa 2022 5185 mat2> +<dsa 2022 5187 chromium> +<dsa 2022 5188 openjdk-11> +<dsa 2022 5189 gsasl> +<dsa 2022 5190 spip> +<dsa 2022 5191 linux-signed-amd64> +<dsa 2022 5191 linux-signed-arm64> +<dsa 2022 5191 linux-signed-i386> +<dsa 2022 5191 linux> +<dsa 2022 5192 openjdk-17> +<dsa 2022 5193 firefox-esr> +<dsa 2022 5194 booth> +<dsa 2022 5195 thunderbird> +<dsa 2022 5196 libpgjava> +<dsa 2022 5197 curl> +<dsa 2022 5198 jetty9> +<dsa 2022 5199 xorg-server> +<dsa 2022 5200 libtirpc> +<dsa 2022 5201 chromium> +<dsa 2022 5202 unzip> +<dsa 2022 5203 gnutls28> +<dsa 2022 5204 gst-plugins-good1.0> +<dsa 2022 5205 ldb> +<dsa 2022 5205 samba> +<dsa 2022 5206 trafficserver> +<dsa 2022 5207 linux-signed-amd64> +<dsa 2022 5207 linux-signed-arm64> +<dsa 2022 5207 linux-signed-i386> +<dsa 2022 5207 linux> +<dsa 2022 5208 epiphany-browser> +<dsa 2022 5209 net-snmp> +<dsa 2022 5210 webkit2gtk> +<dsa 2022 5211 wpewebkit> +<dsa 2022 5213 schroot> +<dsa 2022 5214 kicad> +<dsa 2022 5215 open-vm-tools> +<dsa 2022 5216 libxslt> +<dsa 2022 5217 firefox-esr> +<dsa 2022 5218 zlib> +<dsa 2022 5219 webkit2gtk> +<dsa 2022 5220 wpewebkit> +<dsa 2022 5221 thunderbird> +<dsa 2022 5222 dpdk> +</table> + + +<h2>Removed packages</h2> + +<p>The following packages were removed due to circumstances beyond our control:</p> + +<table border=0> +<tr><th>Package</th> <th>Reason</th></tr> +<correction evenement "Unmaintained; only needed for already-removed movim"> +<correction php-cocur-slugify "Unmaintained; only needed for already-removed movim"> +<correction php-defuse-php-encryption "Unmaintained; only needed for already-removed movim"> +<correction php-dflydev-fig-cookies "Unmaintained; only needed for already-removed movim"> +<correction php-embed "Unmaintained; only needed for already-removed movim"> +<correction php-fabiang-sasl "Unmaintained; only needed for already-removed movim"> +<correction php-markdown "Unmaintained; only needed for already-removed movim"> +<correction php-raintpl "Unmaintained; only needed for already-removed movim"> +<correction php-react-child-process "Unmaintained; only needed for already-removed movim"> +<correction php-react-http "Unmaintained; only needed for already-removed movim"> +<correction php-respect-validation "Unmaintained; only needed for already-removed movim"> +<correction php-robmorgan-phinx "Unmaintained; only needed for already-removed movim"> +<correction ratchet-pawl "Unmaintained; only needed for already-removed movim"> +<correction ratchet-rfc6455 "Unmaintained; only needed for already-removed movim"> +<correction ratchetphp "Unmaintained; only needed for already-removed movim"> +<correction reactphp-cache "Unmaintained; only needed for already-removed movim"> +<correction reactphp-dns "Unmaintained; only needed for already-removed movim"> +<correction reactphp-event-loop "Unmaintained; only needed for already-removed movim"> +<correction reactphp-promise-stream "Unmaintained; only needed for already-removed movim"> +<correction reactphp-promise-timer "Unmaintained; only needed for already-removed movim"> +<correction reactphp-socket "Unmaintained; only needed for already-removed movim"> +<correction reactphp-stream "Unmaintained; only needed for already-removed movim"> + +</table> + +<h2>Debian Installer</h2> +<p>The installer has been updated to include the fixes incorporated +into stable by the point release.</p> + +<h2>URLs</h2> + +<p>The complete lists of packages that have changed with this revision:</p> + +<div class="center"> + <url "https://deb.debian.org/debian/dists/<downcase <codename>>/ChangeLog"> +</div> + +<p>The current stable distribution:</p> + +<div class="center"> + <url "https://deb.debian.org/debian/dists/stable/"> +</div> + +<p>Proposed updates to the stable distribution:</p> + +<div class="center"> + <url "https://deb.debian.org/debian/dists/proposed-updates"> +</div> + +<p>stable distribution information (release notes, errata etc.):</p> + +<div class="center"> + <a + href="$(HOME)/releases/stable/">https://www.debian.org/releases/stable/</a> +</div> + +<p>Security announcements and information:</p> + +<div class="center"> + <a href="$(HOME)/security/">https://www.debian.org/security/</a> +</div> + +<h2>About Debian</h2> + +<p>The Debian Project is an association of Free Software developers who +volunteer their time and effort in order to produce the completely +free operating system Debian.</p> + +<h2>Contact Information</h2> + +<p>For further information, please visit the Debian web pages at +<a href="$(HOME)/">https://www.debian.org/</a>, send mail to +<press@debian.org>, or contact the stable release team at +<debian-release@lists.debian.org>.</p> + + |