------------------------------------------------------------------------
The Debian Project https://www.debian.org/
Updated Debian 10: 10.8 released press@debian.org
February 6th, 2021 https://www.debian.org/News/2021/20210206
------------------------------------------------------------------------
The Debian project is pleased to announce the eighth update of its
stable distribution Debian 10 (codename "buster"). This point release
mainly adds corrections for security issues, along with a few
adjustments for serious problems. Security advisories have already been
published separately and are referenced where available.
Please note that the point release does not constitute a new version of
Debian 10 but only updates some of the packages included. There is no
need to throw away old "buster" media. After installation, packages can
be upgraded to the current versions using an up-to-date Debian mirror.
Those who frequently install updates from security.debian.org won't have
to update many packages, and most such updates are included in the point
release.
New installation images will be available soon at the regular locations.
Upgrading an existing installation to this revision can be achieved by
pointing the package management system at one of Debian's many HTTP
mirrors. A comprehensive list of mirrors is available at:
https://www.debian.org/mirror/list
Miscellaneous Bugfixes
----------------------
This stable update adds a few important corrections to the following
packages:
+---------------------------+-----------------------------------------+
| Package | Reason |
+---------------------------+-----------------------------------------+
| atftp [1] | Fix denial of service issue [CVE-2020- |
| | 6097] |
| | |
| base-files [2] | Update /etc/debian_version for the 10.8 |
| | point release |
| | |
| ca-certificates [3] | Update Mozilla CA bundle to 2.40, |
| | blacklist expired "AddTrust External |
| | Root" |
| | |
| cacti [4] | Fix SQL injection issue [CVE-2020- |
| | 35701] and stored XSS issue |
| | |
| cairo [5] | Fix mask usage in image-compositor |
| | [CVE-2020-35492] |
| | |
| choose-mirror [6] | Update mirror list |
| | |
| cjson [7] | Fix infinite loop in cJSON_Minify |
| | |
| clevis [8] | Fix initramfs creation; clevis-dracut: |
| | Trigger initramfs creation upon |
| | installation |
| | |
| cyrus-imapd [9] | Fix version comparison in cron script |
| | |
| debian-edu-config [10] | Move host keytabs cleanup code out of |
| | gosa-modify-host into a standalone |
| | script, reducing LDAP calls to a single |
| | query |
| | |
| debian-installer [11] | Use 4.19.0-14 Linux kernel ABI; rebuild |
| | against proposed-updates |
| | |
| debian-installer-netboot- | Rebuild against proposed-updates |
| images [12] | |
| | |
| debian-installer- | Support partitions on USB UAS devices |
| utils [13] | |
| | |
| device-tree-compiler [14] | Fix segfault on "dtc -I fs /proc/ |
| | device-tree" |
| | |
| didjvu [15] | Add missing build-dependency on tzdata |
| | |
| dovecot [16] | Fix crash when searching mailboxes |
| | containing malformed MIME messages |
| | |
| dpdk [17] | New upstream stable release |
| | |
| edk2 [18] | CryptoPkg/BaseCryptLib: fix NULL |
| | dereference [CVE-2019-14584] |
| | |
| emacs [19] | Don't crash with OpenPGP User IDs with |
| | no e-mail address |
| | |
| fcitx [20] | Fix input method support in Flatpaks |
| | |
| file [21] | Increase name recursion depth to 50 by |
| | default |
| | |
| geoclue-2.0 [22] | Check the maximum allowed accuracy |
| | level even for system applications; |
| | make the Mozilla API key configurable |
| | and use a Debian-specific key by |
| | default; fix display of the usage |
| | indicator |
| | |
| gnutls28 [23] | Fix test suite error caused by expired |
| | certificate |
| | |
| grub2 [24] | When upgrading grub-pc |
| | noninteractively, bail out if grub- |
| | install fails; explicitly check whether |
| | the target device exists before running |
| | grub-install; grub-install: Add backup |
| | and restore; don't call grub-install on |
| | fresh install of grub-pc |
| | |
| highlight.js [25] | Fix prototype pollution [CVE-2020- |
| | 26237] |
| | |
| intel-microcode [26] | Update various microcode |
| | |
| iproute2 [27] | Fix bugs in JSON output; fix race |
| | condition that DOSes the system when |
| | using ip netns add at boot |
| | |
| irssi-plugin-xmpp [28] | Do not trigger the irssi core connect |
| | timeout prematurely, thus fixing |
| | STARTTLS connections |
| | |
| libdatetime-timezone- | Update for new tzdata version |
| perl [29] | |
| | |
| libdbd-csv-perl [30] | Fix test failure with libdbi-perl |
| | 1.642-1+deb10u2 |
| | |
| libdbi-perl [31] | Security fix [CVE-2014-10402] |
| | |
| libmaxminddb [32] | Fix heap-based buffer over-read |
| | [CVE-2020-28241] |
| | |
| lttng-modules [33] | Fix build on kernel versions >= 4.19.0- |
| | 10 |
| | |
| m2crypto [34] | Fix compatibility with OpenSSL 1.1.1i |
| | and newer |
| | |
| mini-buildd [35] | builder.py: sbuild call: set '--no- |
| | arch-all' explicitly |
| | |
| net-snmp [36] | snmpd: Add cacheTime and execType flags |
| | to EXTEND-MIB |
| | |
| node-ini [37] | Do not allow invalid hazardous string |
| | as section name [CVE-2020-7788] |
| | |
| node-y18n [38] | Fix prototype pollution issue |
| | [CVE-2020-7774] |
| | |
| nvidia-graphics- | New upstream release; fix possible |
| drivers [39] | denial of service and information |
| | disclosure [CVE-2021-1056] |
| | |
| nvidia-graphics-drivers- | New upstream release; fix possible |
| legacy-390xx [40] | denial of service and information |
| | disclosure [CVE-2021-1056] |
| | |
| pdns [41] | Security fixes [CVE-2019-10203 |
| | CVE-2020-17482] |
| | |
| pepperflashplugin- | Turn into a dummy package taking care |
| nonfree [42] | of removing the previously installed |
| | plugin (no longer functional nor |
| | supported) |
| | |
| pngcheck [43] | Fix buffer overflow [CVE-2020-27818] |
| | |
| postgresql-11 [44] | New upstream stable release; security |
| | fixes [CVE-2020-25694 CVE-2020-25695 |
| | CVE-2020-25696] |
| | |
| postsrsd [45] | Ensure timestamp tags aren't too long |
| | before trying to decode them [CVE-2020- |
| | 35573] |
| | |
| python-bottle [46] | Stop allowing ";" as a query-string |
| | separator [CVE-2020-28473] |
| | |
| python-certbot [47] | Automatically use ACMEv2 API for |
| | renewals, to avoid issues with ACMEv1 |
| | API removal |
| | |
| qxmpp [48] | Fix potential SEGFAULT on connection |
| | error |
| | |
| silx [49] | python(3)-silx: Add dependency on |
| | python(3)-scipy |
| | |
| slirp [50] | Fix buffer overflows [CVE-2020-7039 |
| | CVE-2020-8608] |
| | |
| steam [51] | New upstream release |
| | |
| systemd [52] | journal: do not trigger assertion when |
| | journal_file_close() is passed NULL |
| | |
| tang [53] | Avoid race condition between keygen and |
| | update |
| | |
| tzdata [54] | New upstream release; update included |
| | timezone data |
| | |
| unzip [55] | Apply further fixes for CVE-2019-13232 |
| | |
| wireshark [56] | Fix various crashes, infinite loops and |
| | memory leaks [CVE-2019-16319 CVE-2019- |
| | 19553 CVE-2020-11647 CVE-2020-13164 |
| | CVE-2020-15466 CVE-2020-25862 CVE-2020- |
| | 25863 CVE-2020-26418 CVE-2020-26421 |
| | CVE-2020-26575 CVE-2020-28030 CVE-2020- |
| | 7045 CVE-2020-9428 CVE-2020-9430 |
| | CVE-2020-9431] |
| | |
+---------------------------+-----------------------------------------+
1: https://packages.debian.org/src:atftp
2: https://packages.debian.org/src:base-files
3: https://packages.debian.org/src:ca-certificates
4: https://packages.debian.org/src:cacti
5: https://packages.debian.org/src:cairo
6: https://packages.debian.org/src:choose-mirror
7: https://packages.debian.org/src:cjson
8: https://packages.debian.org/src:clevis
9: https://packages.debian.org/src:cyrus-imapd
10: https://packages.debian.org/src:debian-edu-config
11: https://packages.debian.org/src:debian-installer
12: https://packages.debian.org/src:debian-installer-netboot-images
13: https://packages.debian.org/src:debian-installer-utils
14: https://packages.debian.org/src:device-tree-compiler
15: https://packages.debian.org/src:didjvu
16: https://packages.debian.org/src:dovecot
17: https://packages.debian.org/src:dpdk
18: https://packages.debian.org/src:edk2
19: https://packages.debian.org/src:emacs
20: https://packages.debian.org/src:fcitx
21: https://packages.debian.org/src:file
22: https://packages.debian.org/src:geoclue-2.0
23: https://packages.debian.org/src:gnutls28
24: https://packages.debian.org/src:grub2
25: https://packages.debian.org/src:highlight.js
26: https://packages.debian.org/src:intel-microcode
27: https://packages.debian.org/src:iproute2
28: https://packages.debian.org/src:irssi-plugin-xmpp
29: https://packages.debian.org/src:libdatetime-timezone-perl
30: https://packages.debian.org/src:libdbd-csv-perl
31: https://packages.debian.org/src:libdbi-perl
32: https://packages.debian.org/src:libmaxminddb
33: https://packages.debian.org/src:lttng-modules
34: https://packages.debian.org/src:m2crypto
35: https://packages.debian.org/src:mini-buildd
36: https://packages.debian.org/src:net-snmp
37: https://packages.debian.org/src:node-ini
38: https://packages.debian.org/src:node-y18n
39: https://packages.debian.org/src:nvidia-graphics-drivers
40: https://packages.debian.org/src:nvidia-graphics-drivers-legacy-390xx
41: https://packages.debian.org/src:pdns
42: https://packages.debian.org/src:pepperflashplugin-nonfree
43: https://packages.debian.org/src:pngcheck
44: https://packages.debian.org/src:postgresql-11
45: https://packages.debian.org/src:postsrsd
46: https://packages.debian.org/src:python-bottle
47: https://packages.debian.org/src:python-certbot
48: https://packages.debian.org/src:qxmpp
49: https://packages.debian.org/src:silx
50: https://packages.debian.org/src:slirp
51: https://packages.debian.org/src:steam
52: https://packages.debian.org/src:systemd
53: https://packages.debian.org/src:tang
54: https://packages.debian.org/src:tzdata
55: https://packages.debian.org/src:unzip
56: https://packages.debian.org/src:wireshark
Security Updates
----------------
This revision adds the following security updates to the stable release.
The Security Team has already released an advisory for each of these
updates:
+----------------+--------------------------+
| Advisory ID | Package |
+----------------+--------------------------+
| DSA-4797 [57] | webkit2gtk [58] |
| | |
| DSA-4801 [59] | brotli [60] |
| | |
| DSA-4802 [61] | thunderbird [62] |
| | |
| DSA-4803 [63] | xorg-server [64] |
| | |
| DSA-4804 [65] | xen [66] |
| | |
| DSA-4805 [67] | trafficserver [68] |
| | |
| DSA-4806 [69] | minidlna [70] |
| | |
| DSA-4807 [71] | openssl [72] |
| | |
| DSA-4808 [73] | apt [74] |
| | |
| DSA-4809 [75] | python-apt [76] |
| | |
| DSA-4810 [77] | lxml [78] |
| | |
| DSA-4811 [79] | libxstream-java [80] |
| | |
| DSA-4812 [81] | xen [82] |
| | |
| DSA-4813 [83] | firefox-esr [84] |
| | |
| DSA-4814 [85] | xerces-c [86] |
| | |
| DSA-4815 [87] | thunderbird [88] |
| | |
| DSA-4816 [89] | mediawiki [90] |
| | |
| DSA-4817 [91] | php-pear [92] |
| | |
| DSA-4818 [93] | sympa [94] |
| | |
| DSA-4819 [95] | kitty [96] |
| | |
| DSA-4820 [97] | horizon [98] |
| | |
| DSA-4821 [99] | roundcube [100] |
| | |
| DSA-4822 [101] | p11-kit [102] |
| | |
| DSA-4823 [103] | influxdb [104] |
| | |
| DSA-4824 [105] | chromium [106] |
| | |
| DSA-4825 [107] | dovecot [108] |
| | |
| DSA-4827 [109] | firefox-esr [110] |
| | |
| DSA-4828 [111] | libxstream-java [112] |
| | |
| DSA-4829 [113] | coturn [114] |
| | |
| DSA-4830 [115] | flatpak [116] |
| | |
| DSA-4831 [117] | ruby-redcarpet [118] |
| | |
| DSA-4832 [119] | chromium [120] |
| | |
| DSA-4833 [121] | gst-plugins-bad1.0 [122] |
| | |
| DSA-4834 [123] | vlc [124] |
| | |
| DSA-4835 [125] | tomcat9 [126] |
| | |
| DSA-4837 [127] | salt [128] |
| | |
| DSA-4838 [129] | mutt [130] |
| | |
| DSA-4839 [131] | sudo [132] |
| | |
| DSA-4840 [133] | firefox-esr [134] |
| | |
| DSA-4841 [135] | slurm-llnl [136] |
| | |
| DSA-4843 [137] | linux-latest [138] |
| | |
| DSA-4843 [139] | linux-signed-amd64 [140] |
| | |
| DSA-4843 [141] | linux-signed-arm64 [142] |
| | |
| DSA-4843 [143] | linux-signed-i386 [144] |
| | |
| DSA-4843 [145] | linux [146] |
| | |
+----------------+--------------------------+
57: https://www.debian.org/security/2020/dsa-4797
58: https://packages.debian.org/src:webkit2gtk
59: https://www.debian.org/security/2020/dsa-4801
60: https://packages.debian.org/src:brotli
61: https://www.debian.org/security/2020/dsa-4802
62: https://packages.debian.org/src:thunderbird
63: https://www.debian.org/security/2020/dsa-4803
64: https://packages.debian.org/src:xorg-server
65: https://www.debian.org/security/2020/dsa-4804
66: https://packages.debian.org/src:xen
67: https://www.debian.org/security/2020/dsa-4805
68: https://packages.debian.org/src:trafficserver
69: https://www.debian.org/security/2021/dsa-4806
70: https://packages.debian.org/src:minidlna
71: https://www.debian.org/security/2020/dsa-4807
72: https://packages.debian.org/src:openssl
73: https://www.debian.org/security/2020/dsa-4808
74: https://packages.debian.org/src:apt
75: https://www.debian.org/security/2020/dsa-4809
76: https://packages.debian.org/src:python-apt
77: https://www.debian.org/security/2020/dsa-4810
78: https://packages.debian.org/src:lxml
79: https://www.debian.org/security/2020/dsa-4811
80: https://packages.debian.org/src:libxstream-java
81: https://www.debian.org/security/2020/dsa-4812
82: https://packages.debian.org/src:xen
83: https://www.debian.org/security/2020/dsa-4813
84: https://packages.debian.org/src:firefox-esr
85: https://www.debian.org/security/2020/dsa-4814
86: https://packages.debian.org/src:xerces-c
87: https://www.debian.org/security/2020/dsa-4815
88: https://packages.debian.org/src:thunderbird
89: https://www.debian.org/security/2020/dsa-4816
90: https://packages.debian.org/src:mediawiki
91: https://www.debian.org/security/2020/dsa-4817
92: https://packages.debian.org/src:php-pear
93: https://www.debian.org/security/2020/dsa-4818
94: https://packages.debian.org/src:sympa
95: https://www.debian.org/security/2020/dsa-4819
96: https://packages.debian.org/src:kitty
97: https://www.debian.org/security/2020/dsa-4820
98: https://packages.debian.org/src:horizon
99: https://www.debian.org/security/2020/dsa-4821
100: https://packages.debian.org/src:roundcube
101: https://www.debian.org/security/2021/dsa-4822
102: https://packages.debian.org/src:p11-kit
103: https://www.debian.org/security/2021/dsa-4823
104: https://packages.debian.org/src:influxdb
105: https://www.debian.org/security/2021/dsa-4824
106: https://packages.debian.org/src:chromium
107: https://www.debian.org/security/2021/dsa-4825
108: https://packages.debian.org/src:dovecot
109: https://www.debian.org/security/2021/dsa-4827
110: https://packages.debian.org/src:firefox-esr
111: https://www.debian.org/security/2021/dsa-4828
112: https://packages.debian.org/src:libxstream-java
113: https://www.debian.org/security/2021/dsa-4829
114: https://packages.debian.org/src:coturn
115: https://www.debian.org/security/2021/dsa-4830
116: https://packages.debian.org/src:flatpak
117: https://www.debian.org/security/2021/dsa-4831
118: https://packages.debian.org/src:ruby-redcarpet
119: https://www.debian.org/security/2021/dsa-4832
120: https://packages.debian.org/src:chromium
121: https://www.debian.org/security/2021/dsa-4833
122: https://packages.debian.org/src:gst-plugins-bad1.0
123: https://www.debian.org/security/2021/dsa-4834
124: https://packages.debian.org/src:vlc
125: https://www.debian.org/security/2021/dsa-4835
126: https://packages.debian.org/src:tomcat9
127: https://www.debian.org/security/2021/dsa-4837
128: https://packages.debian.org/src:salt
129: https://www.debian.org/security/2021/dsa-4838
130: https://packages.debian.org/src:mutt
131: https://www.debian.org/security/2021/dsa-4839
132: https://packages.debian.org/src:sudo
133: https://www.debian.org/security/2021/dsa-4840
134: https://packages.debian.org/src:firefox-esr
135: https://www.debian.org/security/2021/dsa-4841
136: https://packages.debian.org/src:slurm-llnl
137: https://www.debian.org/security/2021/dsa-4843
138: https://packages.debian.org/src:linux-latest
139: https://www.debian.org/security/2021/dsa-4843
140: https://packages.debian.org/src:linux-signed-amd64
141: https://www.debian.org/security/2021/dsa-4843
142: https://packages.debian.org/src:linux-signed-arm64
143: https://www.debian.org/security/2021/dsa-4843
144: https://packages.debian.org/src:linux-signed-i386
145: https://www.debian.org/security/2021/dsa-4843
146: https://packages.debian.org/src:linux
Removed packages
----------------
The following packages were removed due to circumstances beyond our
control:
+---------------------+------------------------------------------------+
| Package | Reason |
+---------------------+------------------------------------------------+
| compactheader [147] | Incompatible with current Thunderbird versions |
| | |
+---------------------+------------------------------------------------+
147: https://packages.debian.org/src:compactheader
Debian Installer
----------------
The installer has been updated to include the fixes incorporated into
stable by the point release.
URLs
----
The complete lists of packages that have changed with this revision:
http://ftp.debian.org/debian/dists/buster/ChangeLog
The current stable distribution:
http://ftp.debian.org/debian/dists/stable/
Proposed updates to the stable distribution:
http://ftp.debian.org/debian/dists/proposed-updates
stable distribution information (release notes, errata etc.):
https://www.debian.org/releases/stable/
Security announcements and information:
https://www.debian.org/security/
About Debian
------------
The Debian Project is an association of Free Software developers who
volunteer their time and effort in order to produce the completely free
operating system Debian.
Contact Information
-------------------
For further information, please visit the Debian web pages at
https://www.debian.org/, send mail to <press@debian.org>, or contact the
stable release team at <debian-release@lists.debian.org>.
Attachment:
OpenPGP_signature
Description: OpenPGP digital signature