------------------------------------------------------------------------ The Debian Project https://www.debian.org/ Updated Debian 10: 10.4 released press@debian.org May 9th, 2020 https://www.debian.org/News/2020/20200509 ------------------------------------------------------------------------ The Debian project is pleased to announce the fourth update of its stable distribution Debian 10 (codename "buster"). This point release mainly adds corrections for security issues, along with a few adjustments for serious problems. Security advisories have already been published separately and are referenced where available. Please note that the point release does not constitute a new version of Debian 10 but only updates some of the packages included. There is no need to throw away old "buster" media. After installation, packages can be upgraded to the current versions using an up-to-date Debian mirror. Those who frequently install updates from security.debian.org won't have to update many packages, and most such updates are included in the point release. New installation images will be available soon at the regular locations. Upgrading an existing installation to this revision can be achieved by pointing the package management system at one of Debian's many HTTP mirrors. A comprehensive list of mirrors is available at: https://www.debian.org/mirror/list Miscellaneous Bugfixes ---------------------- This stable update adds a few important corrections to the following packages: +---------------------------+-----------------------------------------+ | Package | Reason | +---------------------------+-----------------------------------------+ | apt-cacher-ng [1] | Enforce secured call to the server in | | | maintenance job triggering [CVE-2020- | | | 5202]; allow .zst compression for | | | tarballs; increase size of the | | | decompression line buffer for | | | configuration file reading | | | | | backuppc [2] | Pass the username to start-stop-daemon | | | when reloading, preventing reload | | | failures | | | | | base-files [3] | Update for the point release | | | | | brltty [4] | Reduce severity of log message to avoid | | | generating too many messages when used | | | with new Orca versions | | | | | checkstyle [5] | Fix XML External Entity injection issue | | | [CVE-2019-9658 CVE-2019-10782] | | | | | choose-mirror [6] | Update included mirror list | | | | | clamav [7] | New upstream release [CVE-2020-3123] | | | | | corosync [8] | totemsrp: Reduce MTU to avoid | | | generating oversized packets | | | | | corosync-qdevice [9] | Fix service startup | | | | | csync2 [10] | Fail HELLO command when SSL is required | | | | | cups [11] | Fix heap buffer overflow [CVE-2020- | | | 3898] and "the `ippReadIO` function | | | may under-read an extension | | | field" [CVE-2019-8842] | | | | | dav4tbsync [12] | New upstream release, restoring | | | compatibility with newer Thunderbird | | | versions | | | | | debian-edu-config [13] | Add policy files for Firefox ESR and | | | Thunderbird to fix the TLS/SSL setup | | | | | debian-installer [14] | Update for the 4.19.0-9 kernel ABI | | | | | debian-installer-netboot- | Rebuild against proposed-updates | | images [15] | | | | | | debian-security- | New upstream stable release; update | | support [16] | status of several packages; use | | | "runuser" rather than "su" | | | | | distro-info-data [17] | Add Ubuntu 20.10, and likely end of | | | support date for stretch | | | | | dojo [18] | Fix improper regular expression usage | | | [CVE-2019-10785] | | | | | dpdk [19] | New upstream stable release | | | | | dtv-scan-tables [20] | New upstream snapshot; add all current | | | German DVB-T2 muxes and the Eutelsat-5- | | | West-A satellite | | | | | eas4tbsync [21] | New upstream release, restoring | | | compatibility with newer Thunderbird | | | versions | | | | | edk2 [22] | Security fixes [CVE-2019-14558 | | | CVE-2019-14559 CVE-2019-14563 CVE-2019- | | | 14575 CVE-2019-14586 CVE-2019-14587] | | | | | el-api [23] | Fix stretch to buster upgrades that | | | involve Tomcat 8 | | | | | fex [24] | Fix a potential security issue in | | | fexsrv | | | | | filezilla [25] | Fix untrusted search path vulnerability | | | [CVE-2019-5429] | | | | | frr [26] | Fix extended next hop capability | | | | | fuse [27] | Remove outdated udevadm commands from | | | post-install scripts; don't explicitly | | | remove fuse.conf on purge | | | | | fuse3 [28] | Remove outdated udevadm commands from | | | post-install scripts; don't explicitly | | | remove fuse.conf on purge; fix memory | | | leak in fuse_session_new() | | | | | golang-github-prometheus- | Extend validity of test certificates | | common [29] | | | | | | gosa [30] | Replace (un)serialize with json_encode/ | | | json_decode to mitigate PHP object | | | injection [CVE-2019-14466] | | | | | hbci4java [31] | Support EU directive on payment | | | services (PSD2) | | | | | hibiscus [32] | Support EU directive on payment | | | services (PSD2) | | | | | iputils [33] | Correct an issue in which ping would | | | improperly exit with a failure code | | | when there were untried addresses still | | | available in the getaddrinfo() library | | | call return value | | | | | ircd-hybrid [34] | Use dhparam.pem to avoid crash on | | | startup | | | | | jekyll [35] | Allow use of ruby-i18n 0.x and 1.x | | | | | jsp-api [36] | Fix stretch to buster upgrades that | | | involve Tomcat 8 | | | | | lemonldap-ng [37] | Prevent unwanted access to | | | administration endpoints [CVE-2019- | | | 19791]; fix the GrantSession plugin | | | which could not prohibit logon when two | | | factor authentication was used; fix | | | arbitrary redirects with OIDC if | | | redirect_uri was not used | | | | | libdatetime-timezone- | Update included data | | perl [38] | | | | | | libreoffice [39] | Fix OpenGL slide transitions | | | | | libssh [40] | Fix possible denial of service issue | | | when handling AES-CTR keys with OpenSSL | | | [CVE-2020-1730] | | | | | libvncserver [41] | Fix heap overflow [CVE-2019-15690] | | | | | linux [42] | New upstream stable release | | | | | linux-latest [43] | Update kernel ABI to 4.19.0-9 | | | | | linux-signed-amd64 [44] | New upstream stable release | | | | | linux-signed-arm64 [45] | New upstream stable release | | | | | linux-signed-i386 [46] | New upstream stable release | | | | | lwip [47] | Fix buffer overflow [CVE-2020-8597] | | | | | lxc-templates [48] | New upstream stable release; handle | | | languages that are only UTF-8 encoded | | | | | manila [49] | Fix missing access permissions check | | | [CVE-2020-9543] | | | | | megatools [50] | Add support for the new format of | | | mega.nz links | | | | | mew [51] | Fix server SSL certificate validity | | | checking | | | | | mew-beta [52] | Fix server SSL certificate validity | | | checking | | | | | mkvtoolnix [53] | Rebuild to tighten libmatroska6v5 | | | dependency | | | | | ncbi-blast+ [54] | Disable SSE4.2 support | | | | | node-anymatch [55] | Remove unnecessary dependencies | | | | | node-dot [56] | Prevent code execution after prototype | | | pollution [CVE-2020-8141] | | | | | node-dot-prop [57] | Fix prototype pollution [CVE-2020-8116] | | | | | node-knockout [58] | Fix escaping with older Internet | | | Explorer versions [CVE-2019-14862] | | | | | node-mongodb [59] | Reject invalid _bsontypes [CVE-2019- | | | 2391 CVE-2020-7610] | | | | | node-yargs-parser [60] | Fix prototype pollution [CVE-2020-7608] | | | | | npm [61] | Fix arbitrary path access [CVE-2019- | | | 16775 CVE-2019-16776 CVE-2019-16777] | | | | | nvidia-graphics- | New upstream stable release | | drivers [62] | | | | | | nvidia-graphics-drivers- | New upstream stable release | | legacy-390xx [63] | | | | | | nvidia-settings- | New upstream release | | legacy-340xx [64] | | | | | | oar [65] | Revert to stretch behavior for | | | Storable::dclone perl function, fixing | | | recursion depth issues | | | | | opam [66] | Prefer mccs over aspcud | | | | | openvswitch [67] | Fix vswitchd abort when a port is added | | | and the controller is down | | | | | orocos-kdl [68] | Fix string conversion with Python 3 | | | | | owfs [69] | Remove broken Python 3 packages | | | | | pango1.0 [70] | Fix crash in | | | pango_fc_font_key_get_variations() when | | | key is null | | | | | pgcli [71] | Add missing dependency on python3-pkg- | | | resources | | | | | php-horde-data [72] | Fix authenticated remote code execution | | | vulnerability [CVE-2020-8518] | | | | | php-horde-form [73] | Fix authenticated remote code execution | | | vulnerability [CVE-2020-8866] | | | | | php-horde-trean [74] | Fix authenticated remote code execution | | | vulnerability [CVE-2020-8865] | | | | | postfix [75] | New upstream stable release; fix panic | | | with Postfix multi-Milter configuration | | | during MAIL FROM; fix d/init.d running | | | change so it works with multi-instance | | | again | | | | | proftpd-dfsg [76] | Fix memory access issue in keyboard- | | | interative code in mod_sftp; properly | | | handle DEBUG, IGNORE, DISCONNECT, and | | | UNIMPLEMENTED messages in keyboard- | | | interactive mode | | | | | puma [77] | Fix Denial of Service issue [CVE-2019- | | | 16770] | | | | | purple-discord [78] | Fix crashes in ssl_nss_read | | | | | python-oslo.utils [79] | Fix leak of sensitive information via | | | mistral logs [CVE-2019-3866] | | | | | rails [80] | Fix possible cross-site scripting via | | | Javascript escape helper [CVE-2020- | | | 5267] | | | | | rake [81] | Fix command injection vulnerability | | | [CVE-2020-8130] | | | | | raspi3-firmware [82] | Fix dtb names mismatch in z50-raspi- | | | firmware; fix boot on Raspberry Pi | | | families 1 and 0 | | | | | resource-agents [83] | Fix "ethmonitor does not list | | | interfaces without assigned IP | | | address" ; remove no longer required | | | xen-toolstack patch; fix non-standard | | | usage in ZFS agent | | | | | rootskel [84] | Disable multiple console support if | | | preseeding is in use | | | | | ruby-i18n [85] | Fix gemspec generation | | | | | rubygems-integration [86] | Avoid deprecation warnings when users | | | install a newer version of Rubygems via | | | "gem update --system" | | | | | schleuder [87] | Improve patch to handle encoding errors | | | introduced in the previous version; | | | switch default encoding to UTF-8; let | | | x-add-key handle mails with attached, | | | quoted-printable encoded keys; fix x- | | | attach-listkey with mails created by | | | Thunderbird that include protected | | | headers | | | | | scilab [88] | Fix library loading with OpenJDK 11.0.7 | | | | | serverspec-runner [89] | Support Ruby 2.5 | | | | | softflowd [90] | Fix broken flow aggregation which might | | | result in flow table overflow and 100% | | | CPU usage | | | | | speech-dispatcher [91] | Fix default pulseaudio latency which | | | triggers "scratchy" output | | | | | spl-linux [92] | Fix deadlock | | | | | sssd [93] | Fix sssd_be busy-looping when LDAP | | | connection is intermittent | | | | | systemd [94] | when authorizing via PolicyKit re- | | | resolve callback/userdata instead of | | | caching it [CVE-2020-1712]; install 60- | | | block.rules in udev-udeb and initramfs- | | | tools | | | | | taglib [95] | Fix corruption issues with OGG files | | | | | tbsync [96] | New upstream release, restoring | | | compatibility with newer Thunderbird | | | versions | | | | | timeshift [97] | Fix predictable temporary directory use | | | [CVE-2020-10174] | | | | | tinyproxy [98] | Only set PIDDIR, if PIDFILE is a non- | | | zero length string | | | | | tzdata [99] | New upstream stable release | | | | | uim [100] | unregister modules that are not | | | installed, fixing a regression in the | | | previous upload | | | | | user-mode-linux [101] | Fix build failure with current stable | | | kernels | | | | | vite [102] | Fix crash when there are more than 32 | | | elements | | | | | waagent [103] | New upstream release; support co- | | | installation with cloud-init | | | | | websocket-api [104] | Fix stretch to buster upgrades that | | | involve Tomcat 8 | | | | | wpa [105] | Do not try to detect PSK mismatch | | | during PTK rekeying; check for FT | | | support when selecting FT suites; fix | | | MAC randomisation issue with some cards | | | | | xdg-utils [106] | xdg-open: fix pcmanfm check and | | | handling of directories with spaces in | | | their names; xdg-screensaver: Sanitise | | | window name before sending it over D- | | | Bus; xdg-mime: Create config directory | | | if it does not exist yet | | | | | xtrlock [107] | Fix blocking of (some) multitouch | | | devices while locked [CVE-2016-10894] | | | | | zfs-linux [108] | Fix potential deadlock issues | | | | +---------------------------+-----------------------------------------+ 1: https://packages.debian.org/src:apt-cacher-ng 2: https://packages.debian.org/src:backuppc 3: https://packages.debian.org/src:base-files 4: https://packages.debian.org/src:brltty 5: https://packages.debian.org/src:checkstyle 6: https://packages.debian.org/src:choose-mirror 7: https://packages.debian.org/src:clamav 8: https://packages.debian.org/src:corosync 9: https://packages.debian.org/src:corosync-qdevice 10: https://packages.debian.org/src:csync2 11: https://packages.debian.org/src:cups 12: https://packages.debian.org/src:dav4tbsync 13: https://packages.debian.org/src:debian-edu-config 14: https://packages.debian.org/src:debian-installer 15: https://packages.debian.org/src:debian-installer-netboot-images 16: https://packages.debian.org/src:debian-security-support 17: https://packages.debian.org/src:distro-info-data 18: https://packages.debian.org/src:dojo 19: https://packages.debian.org/src:dpdk 20: https://packages.debian.org/src:dtv-scan-tables 21: https://packages.debian.org/src:eas4tbsync 22: https://packages.debian.org/src:edk2 23: https://packages.debian.org/src:el-api 24: https://packages.debian.org/src:fex 25: https://packages.debian.org/src:filezilla 26: https://packages.debian.org/src:frr 27: https://packages.debian.org/src:fuse 28: https://packages.debian.org/src:fuse3 29: https://packages.debian.org/src:golang-github-prometheus-common 30: https://packages.debian.org/src:gosa 31: https://packages.debian.org/src:hbci4java 32: https://packages.debian.org/src:hibiscus 33: https://packages.debian.org/src:iputils 34: https://packages.debian.org/src:ircd-hybrid 35: https://packages.debian.org/src:jekyll 36: https://packages.debian.org/src:jsp-api 37: https://packages.debian.org/src:lemonldap-ng 38: https://packages.debian.org/src:libdatetime-timezone-perl 39: https://packages.debian.org/src:libreoffice 40: https://packages.debian.org/src:libssh 41: https://packages.debian.org/src:libvncserver 42: https://packages.debian.org/src:linux 43: https://packages.debian.org/src:linux-latest 44: https://packages.debian.org/src:linux-signed-amd64 45: https://packages.debian.org/src:linux-signed-arm64 46: https://packages.debian.org/src:linux-signed-i386 47: https://packages.debian.org/src:lwip 48: https://packages.debian.org/src:lxc-templates 49: https://packages.debian.org/src:manila 50: https://packages.debian.org/src:megatools 51: https://packages.debian.org/src:mew 52: https://packages.debian.org/src:mew-beta 53: https://packages.debian.org/src:mkvtoolnix 54: https://packages.debian.org/src:ncbi-blast+ 55: https://packages.debian.org/src:node-anymatch 56: https://packages.debian.org/src:node-dot 57: https://packages.debian.org/src:node-dot-prop 58: https://packages.debian.org/src:node-knockout 59: https://packages.debian.org/src:node-mongodb 60: https://packages.debian.org/src:node-yargs-parser 61: https://packages.debian.org/src:npm 62: https://packages.debian.org/src:nvidia-graphics-drivers 63: https://packages.debian.org/src:nvidia-graphics-drivers-legacy-390xx 64: https://packages.debian.org/src:nvidia-settings-legacy-340xx 65: https://packages.debian.org/src:oar 66: https://packages.debian.org/src:opam 67: https://packages.debian.org/src:openvswitch 68: https://packages.debian.org/src:orocos-kdl 69: https://packages.debian.org/src:owfs 70: https://packages.debian.org/src:pango1.0 71: https://packages.debian.org/src:pgcli 72: https://packages.debian.org/src:php-horde-data 73: https://packages.debian.org/src:php-horde-form 74: https://packages.debian.org/src:php-horde-trean 75: https://packages.debian.org/src:postfix 76: https://packages.debian.org/src:proftpd-dfsg 77: https://packages.debian.org/src:puma 78: https://packages.debian.org/src:purple-discord 79: https://packages.debian.org/src:python-oslo.utils 80: https://packages.debian.org/src:rails 81: https://packages.debian.org/src:rake 82: https://packages.debian.org/src:raspi3-firmware 83: https://packages.debian.org/src:resource-agents 84: https://packages.debian.org/src:rootskel 85: https://packages.debian.org/src:ruby-i18n 86: https://packages.debian.org/src:rubygems-integration 87: https://packages.debian.org/src:schleuder 88: https://packages.debian.org/src:scilab 89: https://packages.debian.org/src:serverspec-runner 90: https://packages.debian.org/src:softflowd 91: https://packages.debian.org/src:speech-dispatcher 92: https://packages.debian.org/src:spl-linux 93: https://packages.debian.org/src:sssd 94: https://packages.debian.org/src:systemd 95: https://packages.debian.org/src:taglib 96: https://packages.debian.org/src:tbsync 97: https://packages.debian.org/src:timeshift 98: https://packages.debian.org/src:tinyproxy 99: https://packages.debian.org/src:tzdata 100: https://packages.debian.org/src:uim 101: https://packages.debian.org/src:user-mode-linux 102: https://packages.debian.org/src:vite 103: https://packages.debian.org/src:waagent 104: https://packages.debian.org/src:websocket-api 105: https://packages.debian.org/src:wpa 106: https://packages.debian.org/src:xdg-utils 107: https://packages.debian.org/src:xtrlock 108: https://packages.debian.org/src:zfs-linux Security Updates ---------------- This revision adds the following security updates to the stable release. The Security Team has already released an advisory for each of these updates: +----------------+-----------------------------+ | Advisory ID | Package | +----------------+-----------------------------+ | DSA-4616 [109] | qemu [110] | | | | | DSA-4617 [111] | qtbase-opensource-src [112] | | | | | DSA-4618 [113] | libexif [114] | | | | | DSA-4619 [115] | libxmlrpc3-java [116] | | | | | DSA-4620 [117] | firefox-esr [118] | | | | | DSA-4623 [119] | postgresql-11 [120] | | | | | DSA-4624 [121] | evince [122] | | | | | DSA-4625 [123] | thunderbird [124] | | | | | DSA-4627 [125] | webkit2gtk [126] | | | | | DSA-4629 [127] | python-django [128] | | | | | DSA-4630 [129] | python-pysaml2 [130] | | | | | DSA-4631 [131] | pillow [132] | | | | | DSA-4632 [133] | ppp [134] | | | | | DSA-4633 [135] | curl [136] | | | | | DSA-4634 [137] | opensmtpd [138] | | | | | DSA-4635 [139] | proftpd-dfsg [140] | | | | | DSA-4636 [141] | python-bleach [142] | | | | | DSA-4637 [143] | network-manager-ssh [144] | | | | | DSA-4638 [145] | chromium [146] | | | | | DSA-4639 [147] | firefox-esr [148] | | | | | DSA-4640 [149] | graphicsmagick [150] | | | | | DSA-4641 [151] | webkit2gtk [152] | | | | | DSA-4642 [153] | thunderbird [154] | | | | | DSA-4643 [155] | python-bleach [156] | | | | | DSA-4644 [157] | tor [158] | | | | | DSA-4645 [159] | chromium [160] | | | | | DSA-4646 [161] | icu [162] | | | | | DSA-4647 [163] | bluez [164] | | | | | DSA-4648 [165] | libpam-krb5 [166] | | | | | DSA-4649 [167] | haproxy [168] | | | | | DSA-4650 [169] | qbittorrent [170] | | | | | DSA-4651 [171] | mediawiki [172] | | | | | DSA-4652 [173] | gnutls28 [174] | | | | | DSA-4653 [175] | firefox-esr [176] | | | | | DSA-4654 [177] | chromium [178] | | | | | DSA-4655 [179] | firefox-esr [180] | | | | | DSA-4656 [181] | thunderbird [182] | | | | | DSA-4657 [183] | git [184] | | | | | DSA-4658 [185] | webkit2gtk [186] | | | | | DSA-4659 [187] | git [188] | | | | | DSA-4660 [189] | awl [190] | | | | | DSA-4661 [191] | openssl [192] | | | | | DSA-4663 [193] | python-reportlab [194] | | | | | DSA-4664 [195] | mailman [196] | | | | | DSA-4665 [197] | qemu [198] | | | | | DSA-4666 [199] | openldap [200] | | | | | DSA-4667 [201] | linux-signed-amd64 [202] | | | | | DSA-4667 [203] | linux-signed-arm64 [204] | | | | | DSA-4667 [205] | linux-signed-i386 [206] | | | | | DSA-4667 [207] | linux [208] | | | | | DSA-4669 [209] | nodejs [210] | | | | | DSA-4671 [211] | vlc [212] | | | | | DSA-4672 [213] | trafficserver [214] | | | | +----------------+-----------------------------+ 109: https://www.debian.org/security/2020/dsa-4616 110: https://packages.debian.org/src:qemu 111: https://www.debian.org/security/2020/dsa-4617 112: https://packages.debian.org/src:qtbase-opensource-src 113: https://www.debian.org/security/2020/dsa-4618 114: https://packages.debian.org/src:libexif 115: https://www.debian.org/security/2020/dsa-4619 116: https://packages.debian.org/src:libxmlrpc3-java 117: https://www.debian.org/security/2020/dsa-4620 118: https://packages.debian.org/src:firefox-esr 119: https://www.debian.org/security/2020/dsa-4623 120: https://packages.debian.org/src:postgresql-11 121: https://www.debian.org/security/2020/dsa-4624 122: https://packages.debian.org/src:evince 123: https://www.debian.org/security/2020/dsa-4625 124: https://packages.debian.org/src:thunderbird 125: https://www.debian.org/security/2020/dsa-4627 126: https://packages.debian.org/src:webkit2gtk 127: https://www.debian.org/security/2020/dsa-4629 128: https://packages.debian.org/src:python-django 129: https://www.debian.org/security/2020/dsa-4630 130: https://packages.debian.org/src:python-pysaml2 131: https://www.debian.org/security/2020/dsa-4631 132: https://packages.debian.org/src:pillow 133: https://www.debian.org/security/2020/dsa-4632 134: https://packages.debian.org/src:ppp 135: https://www.debian.org/security/2020/dsa-4633 136: https://packages.debian.org/src:curl 137: https://www.debian.org/security/2020/dsa-4634 138: https://packages.debian.org/src:opensmtpd 139: https://www.debian.org/security/2020/dsa-4635 140: https://packages.debian.org/src:proftpd-dfsg 141: https://www.debian.org/security/2020/dsa-4636 142: https://packages.debian.org/src:python-bleach 143: https://www.debian.org/security/2020/dsa-4637 144: https://packages.debian.org/src:network-manager-ssh 145: https://www.debian.org/security/2020/dsa-4638 146: https://packages.debian.org/src:chromium 147: https://www.debian.org/security/2020/dsa-4639 148: https://packages.debian.org/src:firefox-esr 149: https://www.debian.org/security/2020/dsa-4640 150: https://packages.debian.org/src:graphicsmagick 151: https://www.debian.org/security/2020/dsa-4641 152: https://packages.debian.org/src:webkit2gtk 153: https://www.debian.org/security/2020/dsa-4642 154: https://packages.debian.org/src:thunderbird 155: https://www.debian.org/security/2020/dsa-4643 156: https://packages.debian.org/src:python-bleach 157: https://www.debian.org/security/2020/dsa-4644 158: https://packages.debian.org/src:tor 159: https://www.debian.org/security/2020/dsa-4645 160: https://packages.debian.org/src:chromium 161: https://www.debian.org/security/2020/dsa-4646 162: https://packages.debian.org/src:icu 163: https://www.debian.org/security/2020/dsa-4647 164: https://packages.debian.org/src:bluez 165: https://www.debian.org/security/2020/dsa-4648 166: https://packages.debian.org/src:libpam-krb5 167: https://www.debian.org/security/2020/dsa-4649 168: https://packages.debian.org/src:haproxy 169: https://www.debian.org/security/2020/dsa-4650 170: https://packages.debian.org/src:qbittorrent 171: https://www.debian.org/security/2020/dsa-4651 172: https://packages.debian.org/src:mediawiki 173: https://www.debian.org/security/2020/dsa-4652 174: https://packages.debian.org/src:gnutls28 175: https://www.debian.org/security/2020/dsa-4653 176: https://packages.debian.org/src:firefox-esr 177: https://www.debian.org/security/2020/dsa-4654 178: https://packages.debian.org/src:chromium 179: https://www.debian.org/security/2020/dsa-4655 180: https://packages.debian.org/src:firefox-esr 181: https://www.debian.org/security/2020/dsa-4656 182: https://packages.debian.org/src:thunderbird 183: https://www.debian.org/security/2020/dsa-4657 184: https://packages.debian.org/src:git 185: https://www.debian.org/security/2020/dsa-4658 186: https://packages.debian.org/src:webkit2gtk 187: https://www.debian.org/security/2020/dsa-4659 188: https://packages.debian.org/src:git 189: https://www.debian.org/security/2020/dsa-4660 190: https://packages.debian.org/src:awl 191: https://www.debian.org/security/2020/dsa-4661 192: https://packages.debian.org/src:openssl 193: https://www.debian.org/security/2020/dsa-4663 194: https://packages.debian.org/src:python-reportlab 195: https://www.debian.org/security/2020/dsa-4664 196: https://packages.debian.org/src:mailman 197: https://www.debian.org/security/2020/dsa-4665 198: https://packages.debian.org/src:qemu 199: https://www.debian.org/security/2020/dsa-4666 200: https://packages.debian.org/src:openldap 201: https://www.debian.org/security/2020/dsa-4667 202: https://packages.debian.org/src:linux-signed-amd64 203: https://www.debian.org/security/2020/dsa-4667 204: https://packages.debian.org/src:linux-signed-arm64 205: https://www.debian.org/security/2020/dsa-4667 206: https://packages.debian.org/src:linux-signed-i386 207: https://www.debian.org/security/2020/dsa-4667 208: https://packages.debian.org/src:linux 209: https://www.debian.org/security/2020/dsa-4669 210: https://packages.debian.org/src:nodejs 211: https://www.debian.org/security/2020/dsa-4671 212: https://packages.debian.org/src:vlc 213: https://www.debian.org/security/2020/dsa-4672 214: https://packages.debian.org/src:trafficserver Removed packages ---------------- The following packages were removed due to circumstances beyond our control: +-------------------------+--------------------------------------------+ | Package | Reason | +-------------------------+--------------------------------------------+ | getlive [215] | Broken due to Hotmail changes | | | | | gplaycli [216] | Broken by Google API changes | | | | | kerneloops [217] | Upstream service no longer available | | | | | lambda-align2 [218] | [arm64 armel armhf i386 mips64el ppc64el | | | s390x] Broken on non-amd64 architectures | | | | | libmicrodns [219] | Security issues | | | | | libperlspeak-perl [220] | Security issues; unmaintained | | | | | quotecolors [221] | Incompatible with newer Thunderbird | | | versions | | | | | torbirdy [222] | Incompatible with newer Thunderbird | | | versions | | | | | ugene [223] | Non-free; fails to build | | | | | yahoo2mbox [224] | Broken for several years | | | | +-------------------------+--------------------------------------------+ 215: https://packages.debian.org/src:getlive 216: https://packages.debian.org/src:gplaycli 217: https://packages.debian.org/src:kerneloops 218: https://packages.debian.org/src:lambda-align2 219: https://packages.debian.org/src:libmicrodns 220: https://packages.debian.org/src:libperlspeak-perl 221: https://packages.debian.org/src:quotecolors 222: https://packages.debian.org/src:torbirdy 223: https://packages.debian.org/src:ugene 224: https://packages.debian.org/src:yahoo2mbox Debian Installer ---------------- The installer has been updated to include the fixes incorporated into stable by the point release. URLs ---- The complete lists of packages that have changed with this revision: http://ftp.debian.org/debian/dists/buster/ChangeLog The current stable distribution: http://ftp.debian.org/debian/dists/stable/ Proposed updates to the stable distribution: http://ftp.debian.org/debian/dists/proposed-updates stable distribution information (release notes, errata etc.): https://www.debian.org/releases/stable/ Security announcements and information: https://www.debian.org/security/ About Debian ------------ The Debian Project is an association of Free Software developers who volunteer their time and effort in order to produce the completely free operating system Debian. Contact Information ------------------- For further information, please visit the Debian web pages at https://www.debian.org/, send mail to <press@debian.org>, or contact the stable release team at <debian-release@lists.debian.org>.
Attachment:
signature.asc
Description: OpenPGP digital signature