10.13 and 11.5 point releases

2 files changed, 571 insertions, 0 deletions

diff --git a/english/News/2022/20220910.wml b/english/News/2022/20220910.wml
new file mode 100644
index 00000000000..be29b9e56a8
--- /dev/null
+++ b/english/News/2022/20220910.wml
@@ -0,0 +1,302 @@
+<define-tag pagetitle>Updated Debian 10: 10.13 released</define-tag>
+<define-tag release_date>2022-09-10</define-tag>
+#use wml::debian::news
+# $Id:
+
+<define-tag release>10</define-tag>
+<define-tag codename>buster</define-tag>
+<define-tag revision>10.13</define-tag>
+
+<define-tag dsa>
+    <tr><td align="center"><a href="$(HOME)/security/%0/dsa-%1">DSA-%1</a></td>
+        <td align="center"><:
+    my @p = ();
+    for my $p (split (/,\s*/, "%2")) {
+	push (@p, sprintf ('<a href="https://packages.debian.org/src:%s">%s</a>', $p, $p));
+    }
+    print join (", ", @p);
+:></td></tr>
+</define-tag>
+
+<define-tag correction>
+    <tr><td><a href="https://packages.debian.org/src:%0">%0</a></td>              <td>%1</td></tr>
+</define-tag>
+
+<define-tag srcpkg><a href="https://packages.debian.org/src:%0">%0</a></define-tag>
+
+<p>The Debian project is pleased to announce the thirteenth (and final) update of its
+oldstable distribution Debian <release> (codename <q><codename></q>). 
+This point release mainly adds corrections for security issues,
+along with a few adjustments for serious problems.  Security advisories
+have already been published separately and are referenced where available.</p>
+
+<p>After this point release, Debian's Security and Release Teams will no longer be
+producing updates for Debian 10. Users wishing to continue to receive security support
+should upgrade to Debian 11, or see <url "https://wiki.debian.org/LTS"> for details
+about the subset of architectures and packages covered by the Long Term Support
+project.</p>
+
+<p>Please note that the point release does not constitute a new version of Debian
+<release> but only updates some of the packages included.  There is
+no need to throw away old <q><codename></q> media. After installation,
+packages can be upgraded to the current versions using an up-to-date Debian
+mirror.</p>
+
+<p>Those who frequently install updates from security.debian.org won't have
+to update many packages, and most such updates are
+included in the point release.</p>
+
+<p>New installation images will be available soon at the regular locations.</p>
+
+<p>Upgrading an existing installation to this revision can be achieved by
+pointing the package management system at one of Debian's many HTTP mirrors.
+A comprehensive list of mirrors is available at:</p>
+
+<div class="center">
+  <a href="$(HOME)/mirror/list">https://www.debian.org/mirror/list</a>
+</div>
+
+
+
+
+<h2>Miscellaneous Bugfixes</h2>
+
+<p>This oldstable update adds a few important corrections to the following packages:</p>
+
+<table border=0>
+<tr><th>Package</th>               <th>Reason</th></tr>
+<correction adminer "Fix open redirect issue, cross-site scripting issues [CVE-2020-35572 CVE-2021-29625]; elasticsearch: Do not print response if HTTP code is not 200 [CVE-2021-21311]; provide a compiled version and configuration files">
+<correction apache2 "Fix denial of service issue [CVE-2022-22719], HTTP request smuggling issue [CVE-2022-22720], integer overflow issue [CVE-2022-22721], out-of-bounds write issue [CVE-2022-23943], HTTP request smuggling issue [CVE-2022-26377], out-of-bounds read issues [CVE-2022-28614 CVE-2022-28615], denial of service issue [CVE-2022-29404], out-of-bounds read issue [CVE-2022-30556], possible IP-based authentication bypass issue [CVE-2022-31813]">
+<correction base-files "Update for the 10.13 point release">
+<correction clamav "New upstream stable release; security fixes [CVE-2022-20770 CVE-2022-20771 CVE-2022-20785 CVE-2022-20792 CVE-2022-20796]">
+<correction commons-daemon "Fix JVM detection">
+<correction composer "Fix code injection vulnerability [CVE-2022-24828]; update GitHub token pattern; use Authorization header instead of deprecated access_token query parameter">
+<correction debian-installer "Rebuild against buster-proposed-updates; increase Linux ABI to 4.19.0-21">
+<correction debian-installer-netboot-images "Rebuild against buster-proposed-updates; increase Linux ABI to 4.19.0-21">
+<correction debian-security-support "Update security status of various packages">
+<correction debootstrap "Ensure non-merged-usr chroots can continue to be created for older releases and buildd chroots">
+<correction distro-info-data "Add Ubuntu 22.04 LTS, Jammy Jellyfish and Ubuntu 22.10, Kinetic Kudu">
+<correction dropbear "Fix possible username enumeration issue [CVE-2019-12953]">
+<correction eboard "Fix segfault on engine selection">
+<correction esorex "Fix testsuite failures on armhf and ppc64el caused by incorrect libffi usage">
+<correction evemu "Fix build failure with recent kernel versions">
+<correction feature-check "Fix some version comparisons">
+<correction flac "Fix out-of-bounds write issue [CVE-2021-0561]">
+<correction foxtrotgps "Fix build failure with newer imagemagick versions">
+<correction freeradius "Fix side-channel leak where 1 in 2048 handshakes fail [CVE-2019-13456], denial of service issue due to multithreaded BN_CTX access [CVE-2019-17185], crash due to non-thread safe memory allocation">
+<correction freetype "Fix buffer overflow issue [CVE-2022-27404]; fix crashes [CVE-2022-27405 CVE-2022-27406]">
+<correction fribidi "Fix buffer overflow issues [CVE-2022-25308 CVE-2022-25309]; fix crash [CVE-2022-25310]">
+<correction ftgl "Don't try to convert PNG to EPS for latex, as our imagemagick has EPS disabled for security reasons">
+<correction gif2apng "Fix heap-based buffer overflows [CVE-2021-45909 CVE-2021-45910 CVE-2021-45911]">
+<correction gnucash "Fix build failure with recent tzdata">
+<correction gnutls28 "Fix test suite when combined with OpenSSL 1.1.1e or newer">
+<correction golang-github-docker-go-connections "Skip tests that use expired certificates">
+<correction golang-github-pkg-term "Fix building on newer 4.19 kernels">
+<correction golang-github-russellhaering-goxmldsig "Fix NULL pointer dereference issue [CVE-2020-7711]">
+<correction grub-efi-amd64-signed "New upstream release">
+<correction grub-efi-arm64-signed "New upstream release">
+<correction grub-efi-ia32-signed "New upstream release">
+<correction grub2 "New upstream release">
+<correction htmldoc "Fix infinite loop [CVE-2022-24191], integer overflow issues [CVE-2022-27114] and heap buffer overflow issue [CVE-2022-28085]">
+<correction iptables-netflow "Fix DKMS build failure regression caused by Linux upstream changes in the 4.19.191 kernel">
+<correction isync "Fix buffer overflow issues [CVE-2021-3657]">
+<correction kannel "Fix build failure by disabling generation of Postscript documentation">
+<correction krb5 "Use SHA256 as Pkinit CMS Digest">
+<correction libapache2-mod-auth-openidc "Improve validation of the post-logout URL parameter on logout [CVE-2019-14857]">
+<correction libdatetime-timezone-perl "Update included data">
+<correction libhttp-cookiejar-perl "Fix build failure by increasing the expiry date of a test cookie">
+<correction libnet-freedb-perl "Change the default host from the defunct freedb.freedb.org to gnudb.gnudb.org">
+<correction libnet-ssleay-perl "Fix test failures with OpenSSL 1.1.1n">
+<correction librose-db-object-perl "Fix test failure after 6/6/2020">
+<correction libvirt-php "Fix segmentation fault in libvirt_node_get_cpu_stats">
+<correction llvm-toolchain-13 "New source package to support building of newer firefox-esr and thunderbird versions">
+<correction minidlna "Validate HTTP requests to protect against DNS rebinding attacks [CVE-2022-26505]">
+<correction mokutil "New upstream version, to allow for SBAT management">
+<correction mutt "Fix uudecode buffer overflow [CVE-2022-1328]">
+<correction node-ejs "Sanitize options and new objects [CVE-2022-29078]">
+<correction node-end-of-stream "Work around test bug">
+<correction node-minimist "Fix prototype pollution issue [CVE-2021-44906]">
+<correction node-node-forge "Fix signature verification issues [CVE-2022-24771 CVE-2022-24772 CVE-2022-24773]">
+<correction node-require-from-string "Fix a test in conjunction with nodejs &gt;= 10.16">
+<correction nvidia-graphics-drivers "New upstream release">
+<correction nvidia-graphics-drivers-legacy-390xx "New upstream release; fix out-of-bound write issues [CVE-2022-28181 CVE-2022-28185]; security fixes [CVE-2022-31607 CVE-2022-31608 CVE-2022-31615]">
+<correction octavia "Fix client certificate checks [CVE-2019-17134]; correctly detect that the agent is running on Debian; fix template that generates vrrp check script; add additional runtime dependencies; ship additional configuration directly in the agent package">
+<correction orca "Fix use with WebKitGTK 2.36">
+<correction pacemaker "Update relationship versions to fix upgrades from stretch LTS">
+<correction pglogical "Fix build failure">
+<correction php-guzzlehttp-psr7 "Fix improper header parsing [CVE-2022-24775]">
+<correction postfix "New upstream stable release; do not override user set default_transport; if-up.d: do not error out if postfix can't send mail yet; fix duplicate bounce_notice_recipient entries in postconf output">
+<correction postgresql-common "pg_virtualenv: Write temporary password file before chowning the file">
+<correction postsrsd "Fix potential denial of service issue when Postfix sends certain long data fields such as multiple concatenated email addresses [CVE-2021-35525]">
+<correction procmail "Fix NULL pointer dereference">
+<correction publicsuffix "Update included data">
+<correction python-keystoneauth1 "Update tests to fix build failure">
+<correction python-scrapy "Don't send authentication data with all requests [CVE-2021-41125]; don't expose cookies cross-domain when redirecting [CVE-2022-0577]">
+<correction python-udatetime "Properly link against libm library">
+<correction qtbase-opensource-src "Fix setTabOrder for compound widgets; add an expansion limit for XML entities [CVE-2015-9541]">
+<correction ruby-activeldap "Add missing dependency on ruby-builder">
+<correction ruby-hiredis "Skip some unreliable tests in order to fix build failure">
+<correction ruby-http-parser.rb "Fix build failure when using http-parser containing the fix for CVE-2019-15605">
+<correction ruby-riddle "Allow use of <q>LOAD DATA LOCAL INFILE</q>">
+<correction sctk "Use <q>pdftoppm</q> instead of <q>convert</q> to convert PDF to JPEG as the latter fails with the changed security policy of ImageMagick">
+<correction twisted "Fix incorrect URI and HTTP method validation issue [CVE-2019-12387], incorrect certificate validation in XMPP support [CVE-2019-12855], HTTP/2 denial of service issues, HTTP request smuggling issues [CVE-2020-10108 CVE-2020-10109 CVE-2022-24801], information disclosure issue when following cross-domain redirects [CVE-2022-21712], denial of service issue during SSH handshake [CVE-2022-21716]">
+<correction tzdata "Update timezone data for Iran, Chile and Palestine; update leap second list">
+<correction ublock-origin "New upstream stable release">
+<correction unrar-nonfree "Fix directory traversal issue [CVE-2022-30333]">
+<correction wireshark "Fix remote code execution issue [CVE-2021-22191], denial of service issues [CVE-2021-4181 CVE-2021-4184 CVE-2021-4185 CVE-2022-0581 CVE-2022-0582 CVE-2022-0583 CVE-2022-0585 CVE-2022-0586]">
+</table>
+
+
+<h2>Security Updates</h2>
+
+
+<p>This revision adds the following security updates to the oldstable release.
+The Security Team has already released an advisory for each of these
+updates:</p>
+
+<table border=0>
+<tr><th>Advisory ID</th>  <th>Package</th></tr>
+<dsa 2021 4836 openvswitch>
+<dsa 2021 4852 openvswitch>
+<dsa 2021 4906 chromium>
+<dsa 2021 4911 chromium>
+<dsa 2021 4917 chromium>
+<dsa 2021 4981 firefox-esr>
+<dsa 2022 5034 thunderbird>
+<dsa 2022 5044 firefox-esr>
+<dsa 2022 5045 thunderbird>
+<dsa 2022 5069 firefox-esr>
+<dsa 2022 5074 thunderbird>
+<dsa 2022 5077 librecad>
+<dsa 2022 5080 snapd>
+<dsa 2022 5086 thunderbird>
+<dsa 2022 5090 firefox-esr>
+<dsa 2022 5094 thunderbird>
+<dsa 2022 5097 firefox-esr>
+<dsa 2022 5106 thunderbird>
+<dsa 2022 5108 tiff>
+<dsa 2022 5109 faad2>
+<dsa 2022 5111 zlib>
+<dsa 2022 5113 firefox-esr>
+<dsa 2022 5115 webkit2gtk>
+<dsa 2022 5118 thunderbird>
+<dsa 2022 5119 subversion>
+<dsa 2022 5122 gzip>
+<dsa 2022 5123 xz-utils>
+<dsa 2022 5126 ffmpeg>
+<dsa 2022 5129 firefox-esr>
+<dsa 2022 5131 openjdk-11>
+<dsa 2022 5132 ecdsautils>
+<dsa 2022 5135 postgresql-11>
+<dsa 2022 5137 needrestart>
+<dsa 2022 5138 waitress>
+<dsa 2022 5139 openssl>
+<dsa 2022 5140 openldap>
+<dsa 2022 5141 thunderbird>
+<dsa 2022 5142 libxml2>
+<dsa 2022 5143 firefox-esr>
+<dsa 2022 5144 condor>
+<dsa 2022 5145 lrzip>
+<dsa 2022 5147 dpkg>
+<dsa 2022 5149 cups>
+<dsa 2022 5150 rsyslog>
+<dsa 2022 5151 smarty3>
+<dsa 2022 5152 spip>
+<dsa 2022 5153 trafficserver>
+<dsa 2022 5154 webkit2gtk>
+<dsa 2022 5156 firefox-esr>
+<dsa 2022 5157 cifs-utils>
+<dsa 2022 5158 thunderbird>
+<dsa 2022 5159 python-bottle>
+<dsa 2022 5160 ntfs-3g>
+<dsa 2022 5164 exo>
+<dsa 2022 5165 vlc>
+<dsa 2022 5167 firejail>
+<dsa 2022 5169 openssl>
+<dsa 2022 5171 squid>
+<dsa 2022 5172 firefox-esr>
+<dsa 2022 5173 linux-latest>
+<dsa 2022 5173 linux-signed-amd64>
+<dsa 2022 5173 linux-signed-arm64>
+<dsa 2022 5173 linux-signed-i386>
+<dsa 2022 5173 linux>
+<dsa 2022 5174 gnupg2>
+<dsa 2022 5175 thunderbird>
+<dsa 2022 5176 blender>
+<dsa 2022 5178 intel-microcode>
+<dsa 2022 5181 request-tracker4>
+<dsa 2022 5182 webkit2gtk>
+<dsa 2022 5185 mat2>
+<dsa 2022 5186 djangorestframework>
+<dsa 2022 5188 openjdk-11>
+<dsa 2022 5189 gsasl>
+<dsa 2022 5190 spip>
+<dsa 2022 5193 firefox-esr>
+<dsa 2022 5194 booth>
+<dsa 2022 5195 thunderbird>
+<dsa 2022 5196 libpgjava>
+</table>
+
+
+<h2>Removed packages</h2>
+
+<p>The following packages were removed due to circumstances beyond our control:</p>
+
+<table border=0>
+<tr><th>Package</th>               <th>Reason</th></tr>
+<correction elog "Unmaintained; security issues">
+<correction libnet-amazon-perl "Depends on removed API">
+
+</table>
+
+<h2>Debian Installer</h2>
+<p>The installer has been updated to include the fixes incorporated
+into oldstable by the point release.</p>
+
+<h2>URLs</h2>
+
+<p>The complete lists of packages that have changed with this revision:</p>
+
+<div class="center">
+  <url "https://deb.debian.org/debian/dists/<downcase <codename>>/ChangeLog">
+</div>
+
+<p>The current oldstable distribution:</p>
+
+<div class="center">
+  <url "https://deb.debian.org/debian/dists/oldstable/">
+</div>
+
+<p>Proposed updates to the oldstable distribution:</p>
+
+<div class="center">
+  <url "https://deb.debian.org/debian/dists/oldstable-proposed-updates">
+</div>
+
+<p>oldstable distribution information (release notes, errata etc.):</p>
+
+<div class="center">
+  <a
+  href="$(HOME)/releases/oldstable/">https://www.debian.org/releases/oldstable/</a>
+</div>
+
+<p>Security announcements and information:</p>
+
+<div class="center">
+  <a href="$(HOME)/security/">https://www.debian.org/security/</a>
+</div>
+
+<h2>About Debian</h2>
+
+<p>The Debian Project is an association of Free Software developers who
+volunteer their time and effort in order to produce the completely
+free operating system Debian.</p>
+
+<h2>Contact Information</h2>
+
+<p>For further information, please visit the Debian web pages at
+<a href="$(HOME)/">https://www.debian.org/</a>, send mail to
+&lt;press@debian.org&gt;, or contact the stable release team at
+&lt;debian-release@lists.debian.org&gt;.</p>
+
+
diff --git a/english/News/2022/2022091002.wml b/english/News/2022/2022091002.wml
new file mode 100644
index 00000000000..82bd78d1232
--- /dev/null
+++ b/english/News/2022/2022091002.wml
@@ -0,0 +1,269 @@
+<define-tag pagetitle>Updated Debian 11: 11.5 released</define-tag>
+<define-tag release_date>2022-09-10</define-tag>
+#use wml::debian::news
+# $Id:
+
+<define-tag release>11</define-tag>
+<define-tag codename>bullseye</define-tag>
+<define-tag revision>11.5</define-tag>
+
+<define-tag dsa>
+    <tr><td align="center"><a href="$(HOME)/security/%0/dsa-%1">DSA-%1</a></td>
+        <td align="center"><:
+    my @p = ();
+    for my $p (split (/,\s*/, "%2")) {
+	push (@p, sprintf ('<a href="https://packages.debian.org/src:%s">%s</a>', $p, $p));
+    }
+    print join (", ", @p);
+:></td></tr>
+</define-tag>
+
+<define-tag correction>
+    <tr><td><a href="https://packages.debian.org/src:%0">%0</a></td>              <td>%1</td></tr>
+</define-tag>
+
+<define-tag srcpkg><a href="https://packages.debian.org/src:%0">%0</a></define-tag>
+
+<p>The Debian project is pleased to announce the fifth update of its
+stable distribution Debian <release> (codename <q><codename></q>). 
+This point release mainly adds corrections for security issues,
+along with a few adjustments for serious problems.  Security advisories
+have already been published separately and are referenced where available.</p>
+
+<p>Please note that the point release does not constitute a new version of Debian
+<release> but only updates some of the packages included.  There is
+no need to throw away old <q><codename></q> media. After installation,
+packages can be upgraded to the current versions using an up-to-date Debian
+mirror.</p>
+
+<p>Those who frequently install updates from security.debian.org won't have
+to update many packages, and most such updates are
+included in the point release.</p>
+
+<p>New installation images will be available soon at the regular locations.</p>
+
+<p>Upgrading an existing installation to this revision can be achieved by
+pointing the package management system at one of Debian's many HTTP mirrors.
+A comprehensive list of mirrors is available at:</p>
+
+<div class="center">
+  <a href="$(HOME)/mirror/list">https://www.debian.org/mirror/list</a>
+</div>
+
+
+
+
+<h2>Miscellaneous Bugfixes</h2>
+
+<p>This stable update adds a few important corrections to the following packages:</p>
+
+<table border=0>
+<tr><th>Package</th>               <th>Reason</th></tr>
+<correction avahi "Fix display of URLs containing '&amp;' in avahi-discover; do not disable timeout cleanup on watch cleanup; fix NULL pointer crashes when trying to resolve badly-formatted hostnames [CVE-2021-3502]">
+<correction base-files "Update /etc/debian_version for the 11.5 point release">
+<correction cargo-mozilla "New source package to support building of newer firefox-esr and thunderbird versions">
+<correction clamav "New upstream stable release">
+<correction commons-daemon "Fix JVM detection">
+<correction curl "Reject cookies with <q>control bytes</q> [CVE-2022-35252]">
+<correction dbus-broker "Fix assertion failure when disconnecting peer groups; fix memory leak; fix null pointer dereference [CVE-2022-31213]">
+<correction debian-installer "Rebuild against proposed-updates; increase Linux kernel ABI to 5.10.0-18">
+<correction debian-installer-netboot-images "Rebuild against proposed-updates; increase Linux kernel ABI to 5.10.0-18">
+<correction debian-security-support "Update support status of various packages">
+<correction debootstrap "Ensure non-merged-usr chroots can continue to be created for older releases and buildd chroots">
+<correction dlt-daemon "Fix double free issue [CVE-2022-31291]">
+<correction dnsproxy "Listen on localhost by default, rather than the possibly unavailable 192.168.168.1">
+<correction dovecot "Fix possible security issues when two passdb configuration entries exist with the same driver and args settings [CVE-2022-30550]">
+<correction dpkg "Fix conffile removal-on-upgrade handling, memory leak in remove-on-upgrade handling; Dpkg::Shlibs::Objdump: Fix apply_relocations to work with versioned symbols; add support for ARCv2 CPU; several updates and fixes to dpkg-fsys-usrunmess">
+<correction fig2dev "Fix double free issue [CVE-2021-37529], denial of service issue [CVE-2021-37530]; stop misplacement of embedded eps images">
+<correction foxtrotgps "Fix crash by ensuring that threads are always unreferenced">
+<correction gif2apng "Fix heap-based buffer overflows [CVE-2021-45909 CVE-2021-45910 CVE-2021-45911]">
+<correction glibc "Fix an off-by-one buffer overflow/underflow in getcwd() [CVE-2021-3999]; fix several overflows in wide character functions; add a few EVEX optimized string functions to fix a performance issue (up to 40%) with Skylake-X processors; make grantpt usable after multi-threaded fork; ensure that libio vtable protection is enabled">
+<correction golang-github-pkg-term "Fix building on newer Linux kernels">
+<correction gri "Use <q>ps2pdf</q> instead of <q>convert</q> for converting from PS to PDF">
+<correction grub-efi-amd64-signed "New upstream release">
+<correction grub-efi-arm64-signed "New upstream release">
+<correction grub-efi-ia32-signed "New upstream release">
+<correction grub2 "New upstream release">
+<correction http-parser "Unset F_CHUNKED on new Transfer-Encoding, fixing possible HTTP request smuggling issue [CVE-2020-8287]">
+<correction ifenslave "Fix bonded interface configurations">
+<correction inetutils "Fix buffer overflow issue [CVE-2019-0053], stack exhaustion issue, handling of FTP PASV responses [CVE-2021-40491], denial of service issue [CVE-2022-39028]">
+<correction knot "Fix IXFR to AXFR fallback with dnsmasq">
+<correction krb5 "Use SHA256 as Pkinit CMS Digest">
+<correction libayatana-appindicator "Provide compatibility for software that depends on libappindicator">
+<correction libdatetime-timezone-perl "Update included data">
+<correction libhttp-daemon-perl "Improve handling of Content-Length header [CVE-2022-31081]">
+<correction libreoffice "Support EUR in .hr locale; add HRK&lt;-&gt;EUR conversion rate to Calc and the Euro Wizard; security fixes [CVE-2021-25636 CVE-2022-26305 CVE-2022-26306 CVE-2022-26307]; fix hang accessing Evolution address books">
+<correction linux "New upstream stable release">
+<correction linux-signed-amd64 "New upstream stable release">
+<correction linux-signed-arm64 "New upstream stable release">
+<correction linux-signed-i386 "New upstream stable release">
+<correction llvm-toolchain-13 "New source package to support building of newer firefox-esr and thunderbird versions">
+<correction lwip "Fix buffer overflow issues [CVE-2020-22283 CVE-2020-22284]">
+<correction mokutil "New upstream version, to allow for SBAT management">
+<correction node-log4js "Do not create world-readable files by default [CVE-2022-21704]">
+<correction node-moment "Fix regular expression-based denial of service issue [CVE-2022-31129]">
+<correction nvidia-graphics-drivers "New upstream release; security fixes [CVE-2022-31607 CVE-2022-31608 CVE-2022-31615]">
+<correction nvidia-graphics-drivers-legacy-390xx "New upstream release; security fixes [CVE-2022-31607 CVE-2022-31608 CVE-2022-31615]">
+<correction nvidia-graphics-drivers-tesla-450 "New upstream release; security fixes [CVE-2022-31607 CVE-2022-31608 CVE-2022-31615]">
+<correction nvidia-graphics-drivers-tesla-470 "New upstream release; security fixes [CVE-2022-31607 CVE-2022-31608 CVE-2022-31615]">
+<correction nvidia-settings "New upstream release; fix cross-building">
+<correction nvidia-settings-tesla-470 "New upstream release; fix cross-building">
+<correction pcre2 "Fix out-of-bounds read issues [CVE-2022-1586 CVE-2022-1587]">
+<correction postgresql-13 "Do not let extension scripts replace objects not already belonging to the extension [CVE-2022-2625]">
+<correction publicsuffix "Update included data">
+<correction rocksdb "Fix illegal instruction on arm64">
+<correction sbuild "Buildd::Mail: support MIME encoded Subject: header, also copy the Content-Type: header when forwarding mail">
+<correction systemd "Drop bundled copy of linux/if_arp.h, fixing build failures with newer kernel headers; support detection for ARM64 Hyper-V guests; detect OpenStack instance as KVM on arm">
+<correction twitter-bootstrap4 "Actually install CSS map files">
+<correction tzdata "Update timezone data for Iran and Chile">
+<correction xtables-addons "Support both old and new versions of security_skb_classify_flow()">
+</table>
+
+
+<h2>Security Updates</h2>
+
+
+<p>This revision adds the following security updates to the stable release.
+The Security Team has already released an advisory for each of these
+updates:</p>
+
+<table border=0>
+<tr><th>Advisory ID</th>  <th>Package</th></tr>
+<dsa 2022 5175 thunderbird>
+<dsa 2022 5176 blender>
+<dsa 2022 5177 ldap-account-manager>
+<dsa 2022 5178 intel-microcode>
+<dsa 2022 5179 php7.4>
+<dsa 2022 5180 chromium>
+<dsa 2022 5181 request-tracker4>
+<dsa 2022 5182 webkit2gtk>
+<dsa 2022 5183 wpewebkit>
+<dsa 2022 5184 xen>
+<dsa 2022 5185 mat2>
+<dsa 2022 5187 chromium>
+<dsa 2022 5188 openjdk-11>
+<dsa 2022 5189 gsasl>
+<dsa 2022 5190 spip>
+<dsa 2022 5191 linux-signed-amd64>
+<dsa 2022 5191 linux-signed-arm64>
+<dsa 2022 5191 linux-signed-i386>
+<dsa 2022 5191 linux>
+<dsa 2022 5192 openjdk-17>
+<dsa 2022 5193 firefox-esr>
+<dsa 2022 5194 booth>
+<dsa 2022 5195 thunderbird>
+<dsa 2022 5196 libpgjava>
+<dsa 2022 5197 curl>
+<dsa 2022 5198 jetty9>
+<dsa 2022 5199 xorg-server>
+<dsa 2022 5200 libtirpc>
+<dsa 2022 5201 chromium>
+<dsa 2022 5202 unzip>
+<dsa 2022 5203 gnutls28>
+<dsa 2022 5204 gst-plugins-good1.0>
+<dsa 2022 5205 ldb>
+<dsa 2022 5205 samba>
+<dsa 2022 5206 trafficserver>
+<dsa 2022 5207 linux-signed-amd64>
+<dsa 2022 5207 linux-signed-arm64>
+<dsa 2022 5207 linux-signed-i386>
+<dsa 2022 5207 linux>
+<dsa 2022 5208 epiphany-browser>
+<dsa 2022 5209 net-snmp>
+<dsa 2022 5210 webkit2gtk>
+<dsa 2022 5211 wpewebkit>
+<dsa 2022 5213 schroot>
+<dsa 2022 5214 kicad>
+<dsa 2022 5215 open-vm-tools>
+<dsa 2022 5216 libxslt>
+<dsa 2022 5217 firefox-esr>
+<dsa 2022 5218 zlib>
+<dsa 2022 5219 webkit2gtk>
+<dsa 2022 5220 wpewebkit>
+<dsa 2022 5221 thunderbird>
+<dsa 2022 5222 dpdk>
+</table>
+
+
+<h2>Removed packages</h2>
+
+<p>The following packages were removed due to circumstances beyond our control:</p>
+
+<table border=0>
+<tr><th>Package</th>               <th>Reason</th></tr>
+<correction evenement "Unmaintained; only needed for already-removed movim">
+<correction php-cocur-slugify "Unmaintained; only needed for already-removed movim">
+<correction php-defuse-php-encryption "Unmaintained; only needed for already-removed movim">
+<correction php-dflydev-fig-cookies "Unmaintained; only needed for already-removed movim">
+<correction php-embed "Unmaintained; only needed for already-removed movim">
+<correction php-fabiang-sasl "Unmaintained; only needed for already-removed movim">
+<correction php-markdown "Unmaintained; only needed for already-removed movim">
+<correction php-raintpl "Unmaintained; only needed for already-removed movim">
+<correction php-react-child-process "Unmaintained; only needed for already-removed movim">
+<correction php-react-http "Unmaintained; only needed for already-removed movim">
+<correction php-respect-validation "Unmaintained; only needed for already-removed movim">
+<correction php-robmorgan-phinx "Unmaintained; only needed for already-removed movim">
+<correction ratchet-pawl "Unmaintained; only needed for already-removed movim">
+<correction ratchet-rfc6455 "Unmaintained; only needed for already-removed movim">
+<correction ratchetphp "Unmaintained; only needed for already-removed movim">
+<correction reactphp-cache "Unmaintained; only needed for already-removed movim">
+<correction reactphp-dns "Unmaintained; only needed for already-removed movim">
+<correction reactphp-event-loop "Unmaintained; only needed for already-removed movim">
+<correction reactphp-promise-stream "Unmaintained; only needed for already-removed movim">
+<correction reactphp-promise-timer "Unmaintained; only needed for already-removed movim">
+<correction reactphp-socket "Unmaintained; only needed for already-removed movim">
+<correction reactphp-stream "Unmaintained; only needed for already-removed movim">
+
+</table>
+
+<h2>Debian Installer</h2>
+<p>The installer has been updated to include the fixes incorporated
+into stable by the point release.</p>
+
+<h2>URLs</h2>
+
+<p>The complete lists of packages that have changed with this revision:</p>
+
+<div class="center">
+  <url "https://deb.debian.org/debian/dists/<downcase <codename>>/ChangeLog">
+</div>
+
+<p>The current stable distribution:</p>
+
+<div class="center">
+  <url "https://deb.debian.org/debian/dists/stable/">
+</div>
+
+<p>Proposed updates to the stable distribution:</p>
+
+<div class="center">
+  <url "https://deb.debian.org/debian/dists/proposed-updates">
+</div>
+
+<p>stable distribution information (release notes, errata etc.):</p>
+
+<div class="center">
+  <a
+  href="$(HOME)/releases/stable/">https://www.debian.org/releases/stable/</a>
+</div>
+
+<p>Security announcements and information:</p>
+
+<div class="center">
+  <a href="$(HOME)/security/">https://www.debian.org/security/</a>
+</div>
+
+<h2>About Debian</h2>
+
+<p>The Debian Project is an association of Free Software developers who
+volunteer their time and effort in order to produce the completely
+free operating system Debian.</p>
+
+<h2>Contact Information</h2>
+
+<p>For further information, please visit the Debian web pages at
+<a href="$(HOME)/">https://www.debian.org/</a>, send mail to
+&lt;press@debian.org&gt;, or contact the stable release team at
+&lt;debian-release@lists.debian.org&gt;.</p>
+
+