------------------------------------------------------------------------
The Debian Project https://www.debian.org/
Updated Debian 10: 10.2 released press@debian.org
November 16th, 2019 https://www.debian.org/News/2019/20191116
------------------------------------------------------------------------
The Debian project is pleased to announce the second update of its
stable distribution Debian 10 (codename "buster"). This point release
mainly adds corrections for security issues, along with a few
adjustments for serious problems. Security advisories have already been
published separately and are referenced where available.
Please note that the point release does not constitute a new version of
Debian 10 but only updates some of the packages included. There is no
need to throw away old "buster" media. After installation, packages can
be upgraded to the current versions using an up-to-date Debian mirror.
Those who frequently install updates from security.debian.org won't have
to update many packages, and most such updates are included in the point
release.
New installation images will be available soon at the regular locations.
Upgrading an existing installation to this revision can be achieved by
pointing the package management system at one of Debian's many HTTP
mirrors. A comprehensive list of mirrors is available at:
https://www.debian.org/mirror/list
Miscellaneous Bugfixes
----------------------
This stable update adds a few important corrections to the following
packages:
+---------------------------+-----------------------------------------+
| Package | Reason |
+---------------------------+-----------------------------------------+
| aegisub [1] | Fix crash when selecting a language |
| | from the bottom of the "Spell checker |
| | language" list; fix crash when right- |
| | clicking in the subtitles text box |
| | |
| akonadi [2] | Fix various crashes / deadlock issues |
| | |
| base-files [3] | Update /etc/debian_version for the |
| | point release |
| | |
| capistrano [4] | Fix failure to remove old releases when |
| | there were too many |
| | |
| cron [5] | Stop using obsolete SELinux API |
| | |
| cyrus-imapd [6] | Fix data loss on upgrade from version |
| | 3.0.0 or earlier |
| | |
| debian-edu-config [7] | Handle newer Firefox ESR configuration |
| | files; add post-up stanza to /etc/ |
| | network/interfaces eth0 entry |
| | conditionally |
| | |
| debian-installer [8] | Fix unreadable fonts on hidpi displays |
| | in netboot images booted with EFI |
| | |
| debian-installer-netboot- | Rebuild against proposed-updates |
| images [9] | |
| | |
| distro-info-data [10] | Add Ubuntu 20.04 LTS, Focal Fossa |
| | |
| dkimpy-milter [11] | New upstream stable release; fix |
| | sysvinit support; catch more ASCII |
| | encoding errors to improve resilience |
| | against bad data; fix message |
| | extraction so that signing in the same |
| | pass through the milter as verifying |
| | works correctly |
| | |
| emacs [12] | Update the EPLA packaging key |
| | |
| fence-agents [13] | Fix incomplete removal of fence_amt_ws |
| | |
| flatpak [14] | New upstream stable release |
| | |
| flightcrew [15] | Security fixes [CVE-2019-13032 |
| | CVE-2019-13241] |
| | |
| fonts-noto-cjk [16] | Fix over-aggressive font selection of |
| | Noto CJK fonts in modern web browsers |
| | under Chinese locale |
| | |
| freetype [17] | Properly handle phantom points for |
| | variable hinted fonts |
| | |
| gdb [18] | Rebuild against new libbabeltrace, with |
| | higher version number to avoid conflict |
| | with earlier upload |
| | |
| glib2.0 [19] | Ensure libdbus clients can authenticate |
| | with a GDBusServer like the one in ibus |
| | |
| gnome-shell [20] | New upstream stable release; fix |
| | truncation of long messages in Shell- |
| | modal dialogs; avoid crash on |
| | reallocation of dead actors |
| | |
| gnome-sound-recorder [21] | Fix crash when selecting a recording |
| | |
| gnustep-base [22] | Disable gdomap daemon that was |
| | accidentally enabled on upgrades from |
| | stretch |
| | |
| graphite-web [23] | Remove unused "send_email" function |
| | [CVE-2017-18638]; avoid hourly error in |
| | cron when there is no whisper database |
| | |
| inn2 [24] | Fix negotiation of DHE ciphersuites |
| | |
| libapache-mod-auth- | Fix use after free bug leading to crash |
| kerb [25] | |
| | |
| libdate-holidays-de- | Mark International Childrens Day (Sep |
| perl [26] | 20th) as a holiday in Thuringia from |
| | 2019 onwards |
| | |
| libdatetime-timezone- | Update included data |
| perl [27] | |
| | |
| libofx [28] | Fix null pointer dereference issue |
| | [CVE-2019-9656] |
| | |
| libreoffice [29] | Fix the postgresql driver with |
| | PostgreSQL 12 |
| | |
| libsixel [30] | Fix several security issues [CVE-2018- |
| | 19756 CVE-2018-19757 CVE-2018-19759 |
| | CVE-2018-19761 CVE-2018-19762 CVE-2018- |
| | 19763 CVE-2019-3573 CVE-2019-3574] |
| | |
| libxslt [31] | Fix dangling pointer in xsltCopyText |
| | [CVE-2019-18197] |
| | |
| lucene-solr [32] | Disable obsolete call to ContextHandler |
| | in solr-jetty9.xml; fix Jetty |
| | permissions on SOLR index |
| | |
| mariadb-10.3 [33] | New upstream stable release |
| | |
| modsecurity-crs [34] | Fix PHP script upload rules [CVE-2019- |
| | 13464] |
| | |
| mutter [35] | New upstream stable release |
| | |
| ncurses [36] | Fix several security issues [CVE-2019- |
| | 17594 CVE-2019-17595] and other issues |
| | in tic |
| | |
| ndppd [37] | Avoid world writable PID file, that was |
| | breaking daemon init scripts |
| | |
| network-manager [38] | Fix file permissions for "/var/lib/ |
| | NetworkManager/secret_key" and /var/ |
| | lib/NetworkManager |
| | |
| node-fstream [39] | Fix arbitrary file overwrite issue |
| | [CVE-2019-13173] |
| | |
| node-set-value [40] | Fix prototype pollution [CVE-2019- |
| | 10747] |
| | |
| node-yarnpkg [41] | Force using HTTPS for regular |
| | registries |
| | |
| nx-libs [42] | Fix regressions introduced in previous |
| | upload, affecting x2go |
| | |
| open-vm-tools [43] | Fix memory leaks and error handling |
| | |
| openvswitch [44] | Update debian/ifupdown.sh to allow |
| | setting-up the MTU; fix Python |
| | dependencies to use Python 3 |
| | |
| picard [45] | Update translations to fix crash with |
| | Spanish locale |
| | |
| plasma-applet-redshift- | Fix manual mode when used with redshift |
| control [46] | versions above 1.12 |
| | |
| postfix [47] | New upstream stable release; work |
| | around poor TCP loopback performance |
| | |
| python-cryptography [48] | Fix test suite failures when built |
| | against newer OpenSSL versions; fix a |
| | memory leak triggerable when parsing |
| | x509 certificate extensions like AIA |
| | |
| python-flask-rdf [49] | Add Depends on python{3,}-rdflib |
| | |
| python- | New upstream stable release; fix switch |
| oslo.messaging [50] | connection destination when a rabbitmq |
| | cluster node disappears |
| | |
| python-werkzeug [51] | Ensure Docker containers have unique |
| | debugger PINs [CVE-2019-14806] |
| | |
| python2.7 [52] | Fix several security issues [CVE-2018- |
| | 20852 CVE-2019-10160 CVE-2019-16056 |
| | CVE-2019-16935 CVE-2019-9740 CVE-2019- |
| | 9947] |
| | |
| quota [53] | Fix rpc.rquotad spinning at 100% CPU |
| | |
| rpcbind [54] | Allow remote calls to be enabled at |
| | run-time |
| | |
| shelldap [55] | Repair SASL authentications, add a |
| | 'sasluser' option |
| | |
| sogo [56] | Fix display of PGP-signed e-mails |
| | |
| spf-engine [57] | New upstream stable release; fix |
| | sysvinit support |
| | |
| standardskriver [58] | Fix deprecation warning from |
| | config.RawConfigParser; use external |
| | "ip" command rather than deprecated |
| | "ifconfig" command |
| | |
| swi-prolog [59] | Use HTTPS when contacting upstream pack |
| | servers |
| | |
| systemd [60] | core: never propagate reload failure to |
| | service result; fix sync_file_range |
| | failures in nspawn containers on arm, |
| | ppc; fix RootDirectory not working when |
| | used in combination with User; ensure |
| | that access controls on systemd- |
| | resolved's D-Bus interface are enforced |
| | correctly [CVE-2019-15718]; fix |
| | StopWhenUnneeded=true for mount units; |
| | make MountFlags=shared work again |
| | |
| tmpreaper [61] | Prevent breaking of systemd services |
| | that use PrivateTmp=true |
| | |
| trapperkeeper-webserver- | Restore SSL compatibility with newer |
| jetty9-clojure [62] | Jetty versions |
| | |
| tzdata [63] | New upstream release |
| | |
| ublock-origin [64] | New upstream version, compatible with |
| | Firefox ESR68 |
| | |
| uim [65] | Resurrect libuim-data as a transitional |
| | package, fixing some issues after |
| | upgrades to buster |
| | |
| vanguards [66] | New upstream stable release; prevent a |
| | reload of tor's configuration via |
| | SIGHUP causing a denial-of-service for |
| | vanguards protections |
| | |
+---------------------------+-----------------------------------------+
1: https://packages.debian.org/src:aegisub
2: https://packages.debian.org/src:akonadi
3: https://packages.debian.org/src:base-files
4: https://packages.debian.org/src:capistrano
5: https://packages.debian.org/src:cron
6: https://packages.debian.org/src:cyrus-imapd
7: https://packages.debian.org/src:debian-edu-config
8: https://packages.debian.org/src:debian-installer
9: https://packages.debian.org/src:debian-installer-netboot-images
10: https://packages.debian.org/src:distro-info-data
11: https://packages.debian.org/src:dkimpy-milter
12: https://packages.debian.org/src:emacs
13: https://packages.debian.org/src:fence-agents
14: https://packages.debian.org/src:flatpak
15: https://packages.debian.org/src:flightcrew
16: https://packages.debian.org/src:fonts-noto-cjk
17: https://packages.debian.org/src:freetype
18: https://packages.debian.org/src:gdb
19: https://packages.debian.org/src:glib2.0
20: https://packages.debian.org/src:gnome-shell
21: https://packages.debian.org/src:gnome-sound-recorder
22: https://packages.debian.org/src:gnustep-base
23: https://packages.debian.org/src:graphite-web
24: https://packages.debian.org/src:inn2
25: https://packages.debian.org/src:libapache-mod-auth-kerb
26: https://packages.debian.org/src:libdate-holidays-de-perl
27: https://packages.debian.org/src:libdatetime-timezone-perl
28: https://packages.debian.org/src:libofx
29: https://packages.debian.org/src:libreoffice
30: https://packages.debian.org/src:libsixel
31: https://packages.debian.org/src:libxslt
32: https://packages.debian.org/src:lucene-solr
33: https://packages.debian.org/src:mariadb-10.3
34: https://packages.debian.org/src:modsecurity-crs
35: https://packages.debian.org/src:mutter
36: https://packages.debian.org/src:ncurses
37: https://packages.debian.org/src:ndppd
38: https://packages.debian.org/src:network-manager
39: https://packages.debian.org/src:node-fstream
40: https://packages.debian.org/src:node-set-value
41: https://packages.debian.org/src:node-yarnpkg
42: https://packages.debian.org/src:nx-libs
43: https://packages.debian.org/src:open-vm-tools
44: https://packages.debian.org/src:openvswitch
45: https://packages.debian.org/src:picard
46: https://packages.debian.org/src:plasma-applet-redshift-control
47: https://packages.debian.org/src:postfix
48: https://packages.debian.org/src:python-cryptography
49: https://packages.debian.org/src:python-flask-rdf
50: https://packages.debian.org/src:python-oslo.messaging
51: https://packages.debian.org/src:python-werkzeug
52: https://packages.debian.org/src:python2.7
53: https://packages.debian.org/src:quota
54: https://packages.debian.org/src:rpcbind
55: https://packages.debian.org/src:shelldap
56: https://packages.debian.org/src:sogo
57: https://packages.debian.org/src:spf-engine
58: https://packages.debian.org/src:standardskriver
59: https://packages.debian.org/src:swi-prolog
60: https://packages.debian.org/src:systemd
61: https://packages.debian.org/src:tmpreaper
62:
https://packages.debian.org/src:trapperkeeper-webserver-jetty9-clojure
63: https://packages.debian.org/src:tzdata
64: https://packages.debian.org/src:ublock-origin
65: https://packages.debian.org/src:uim
66: https://packages.debian.org/src:vanguards
Security Updates
----------------
This revision adds the following security updates to the stable release.
The Security Team has already released an advisory for each of these
updates:
+----------------+-----------------------------+
| Advisory ID | Package |
+----------------+-----------------------------+
| DSA-4509 [67] | apache2 [68] |
| | |
| DSA-4511 [69] | nghttp2 [70] |
| | |
| DSA-4512 [71] | qemu [72] |
| | |
| DSA-4514 [73] | varnish [74] |
| | |
| DSA-4515 [75] | webkit2gtk [76] |
| | |
| DSA-4516 [77] | firefox-esr [78] |
| | |
| DSA-4517 [79] | exim4 [80] |
| | |
| DSA-4518 [81] | ghostscript [82] |
| | |
| DSA-4519 [83] | libreoffice [84] |
| | |
| DSA-4520 [85] | trafficserver [86] |
| | |
| DSA-4521 [87] | docker.io [88] |
| | |
| DSA-4523 [89] | thunderbird [90] |
| | |
| DSA-4524 [91] | dino-im [92] |
| | |
| DSA-4525 [93] | ibus [94] |
| | |
| DSA-4526 [95] | opendmarc [96] |
| | |
| DSA-4527 [97] | php7.3 [98] |
| | |
| DSA-4528 [99] | bird [100] |
| | |
| DSA-4530 [101] | expat [102] |
| | |
| DSA-4531 [103] | linux-signed-amd64 [104] |
| | |
| DSA-4531 [105] | linux-signed-i386 [106] |
| | |
| DSA-4531 [107] | linux [108] |
| | |
| DSA-4531 [109] | linux-signed-arm64 [110] |
| | |
| DSA-4532 [111] | spip [112] |
| | |
| DSA-4533 [113] | lemonldap-ng [114] |
| | |
| DSA-4534 [115] | golang-1.11 [116] |
| | |
| DSA-4535 [117] | e2fsprogs [118] |
| | |
| DSA-4536 [119] | exim4 [120] |
| | |
| DSA-4538 [121] | wpa [122] |
| | |
| DSA-4539 [123] | openssl [124] |
| | |
| DSA-4539 [125] | openssh [126] |
| | |
| DSA-4541 [127] | libapreq2 [128] |
| | |
| DSA-4542 [129] | jackson-databind [130] |
| | |
| DSA-4543 [131] | sudo [132] |
| | |
| DSA-4544 [133] | unbound [134] |
| | |
| DSA-4545 [135] | mediawiki [136] |
| | |
| DSA-4547 [137] | tcpdump [138] |
| | |
| DSA-4549 [139] | firefox-esr [140] |
| | |
| DSA-4550 [141] | file [142] |
| | |
| DSA-4551 [143] | golang-1.11 [144] |
| | |
| DSA-4553 [145] | php7.3 [146] |
| | |
| DSA-4554 [147] | ruby-loofah [148] |
| | |
| DSA-4555 [149] | pam-python [150] |
| | |
| DSA-4556 [151] | qtbase-opensource-src [152] |
| | |
| DSA-4557 [153] | libarchive [154] |
| | |
| DSA-4558 [155] | webkit2gtk [156] |
| | |
| DSA-4559 [157] | proftpd-dfsg [158] |
| | |
| DSA-4560 [159] | simplesamlphp [160] |
| | |
| DSA-4561 [161] | fribidi [162] |
| | |
| DSA-4562 [163] | chromium [164] |
| | |
+----------------+-----------------------------+
67: https://www.debian.org/security/2019/dsa-4509
68: https://packages.debian.org/src:apache2
69: https://www.debian.org/security/2019/dsa-4511
70: https://packages.debian.org/src:nghttp2
71: https://www.debian.org/security/2019/dsa-4512
72: https://packages.debian.org/src:qemu
73: https://www.debian.org/security/2019/dsa-4514
74: https://packages.debian.org/src:varnish
75: https://www.debian.org/security/2019/dsa-4515
76: https://packages.debian.org/src:webkit2gtk
77: https://www.debian.org/security/2019/dsa-4516
78: https://packages.debian.org/src:firefox-esr
79: https://www.debian.org/security/2019/dsa-4517
80: https://packages.debian.org/src:exim4
81: https://www.debian.org/security/2019/dsa-4518
82: https://packages.debian.org/src:ghostscript
83: https://www.debian.org/security/2019/dsa-4519
84: https://packages.debian.org/src:libreoffice
85: https://www.debian.org/security/2019/dsa-4520
86: https://packages.debian.org/src:trafficserver
87: https://www.debian.org/security/2019/dsa-4521
88: https://packages.debian.org/src:docker.io
89: https://www.debian.org/security/2019/dsa-4523
90: https://packages.debian.org/src:thunderbird
91: https://www.debian.org/security/2019/dsa-4524
92: https://packages.debian.org/src:dino-im
93: https://www.debian.org/security/2019/dsa-4525
94: https://packages.debian.org/src:ibus
95: https://www.debian.org/security/2019/dsa-4526
96: https://packages.debian.org/src:opendmarc
97: https://www.debian.org/security/2019/dsa-4527
98: https://packages.debian.org/src:php7.3
99: https://www.debian.org/security/2019/dsa-4528
100: https://packages.debian.org/src:bird
101: https://www.debian.org/security/2019/dsa-4530
102: https://packages.debian.org/src:expat
103: https://www.debian.org/security/2019/dsa-4531
104: https://packages.debian.org/src:linux-signed-amd64
105: https://www.debian.org/security/2019/dsa-4531
106: https://packages.debian.org/src:linux-signed-i386
107: https://www.debian.org/security/2019/dsa-4531
108: https://packages.debian.org/src:linux
109: https://www.debian.org/security/2019/dsa-4531
110: https://packages.debian.org/src:linux-signed-arm64
111: https://www.debian.org/security/2019/dsa-4532
112: https://packages.debian.org/src:spip
113: https://www.debian.org/security/2019/dsa-4533
114: https://packages.debian.org/src:lemonldap-ng
115: https://www.debian.org/security/2019/dsa-4534
116: https://packages.debian.org/src:golang-1.11
117: https://www.debian.org/security/2019/dsa-4535
118: https://packages.debian.org/src:e2fsprogs
119: https://www.debian.org/security/2019/dsa-4536
120: https://packages.debian.org/src:exim4
121: https://www.debian.org/security/2019/dsa-4538
122: https://packages.debian.org/src:wpa
123: https://www.debian.org/security/2019/dsa-4539
124: https://packages.debian.org/src:openssl
125: https://www.debian.org/security/2019/dsa-4539
126: https://packages.debian.org/src:openssh
127: https://www.debian.org/security/2019/dsa-4541
128: https://packages.debian.org/src:libapreq2
129: https://www.debian.org/security/2019/dsa-4542
130: https://packages.debian.org/src:jackson-databind
131: https://www.debian.org/security/2019/dsa-4543
132: https://packages.debian.org/src:sudo
133: https://www.debian.org/security/2019/dsa-4544
134: https://packages.debian.org/src:unbound
135: https://www.debian.org/security/2019/dsa-4545
136: https://packages.debian.org/src:mediawiki
137: https://www.debian.org/security/2019/dsa-4547
138: https://packages.debian.org/src:tcpdump
139: https://www.debian.org/security/2019/dsa-4549
140: https://packages.debian.org/src:firefox-esr
141: https://www.debian.org/security/2019/dsa-4550
142: https://packages.debian.org/src:file
143: https://www.debian.org/security/2019/dsa-4551
144: https://packages.debian.org/src:golang-1.11
145: https://www.debian.org/security/2019/dsa-4553
146: https://packages.debian.org/src:php7.3
147: https://www.debian.org/security/2019/dsa-4554
148: https://packages.debian.org/src:ruby-loofah
149: https://www.debian.org/security/2019/dsa-4555
150: https://packages.debian.org/src:pam-python
151: https://www.debian.org/security/2019/dsa-4556
152: https://packages.debian.org/src:qtbase-opensource-src
153: https://www.debian.org/security/2019/dsa-4557
154: https://packages.debian.org/src:libarchive
155: https://www.debian.org/security/2019/dsa-4558
156: https://packages.debian.org/src:webkit2gtk
157: https://www.debian.org/security/2019/dsa-4559
158: https://packages.debian.org/src:proftpd-dfsg
159: https://www.debian.org/security/2019/dsa-4560
160: https://packages.debian.org/src:simplesamlphp
161: https://www.debian.org/security/2019/dsa-4561
162: https://packages.debian.org/src:fribidi
163: https://www.debian.org/security/2019/dsa-4562
164: https://packages.debian.org/src:chromium
Removed packages
----------------
The following packages were removed due to circumstances beyond our
control:
+-------------------+--------------------------------------------------+
| Package | Reason |
+-------------------+--------------------------------------------------+
| firefox-esr [165] | [armel] No longer supportable due to nodejs |
| | build-dependency |
| | |
+-------------------+--------------------------------------------------+
165: https://packages.debian.org/src:firefox-esr
Debian Installer
----------------
The installer has been updated to include the fixes incorporated into
stable by the point release.
URLs
----
The complete lists of packages that have changed with this revision:
http://ftp.debian.org/debian/dists/buster/ChangeLog
The current stable distribution:
http://ftp.debian.org/debian/dists/stable/
Proposed updates to the stable distribution:
http://ftp.debian.org/debian/dists/proposed-updates
stable distribution information (release notes, errata etc.):
https://www.debian.org/releases/stable/
Security announcements and information:
https://www.debian.org/security/
About Debian
------------
The Debian Project is an association of Free Software developers who
volunteer their time and effort in order to produce the completely free
operating system Debian.
Contact Information
-------------------
For further information, please visit the Debian web pages at
https://www.debian.org/, send mail to <press@debian.org>, or contact the
stable release team at <debian-release@lists.debian.org>.
Attachment:
signature.asc
Description: OpenPGP digital signature