------------------------------------------------------------------------ The Debian Project https://www.debian.org/ Updated Debian 10: 10.13 released press@debian.org September 10th, 2022 https://www.debian.org/News/2022/20220910 ------------------------------------------------------------------------ The Debian project is pleased to announce the thirteenth (and final) update of its oldstable distribution Debian 10 (codename "buster"). This point release mainly adds corrections for security issues, along with a few adjustments for serious problems. Security advisories have already been published separately and are referenced where available. After this point release, Debian's Security and Release Teams will no longer be producing updates for Debian 10. Users wishing to continue to receive security support should upgrade to Debian 11, or see https://wiki.debian.org/LTS for details about the subset of architectures and packages covered by the Long Term Support project. Please note that the point release does not constitute a new version of Debian 10 but only updates some of the packages included. There is no need to throw away old "buster" media. After installation, packages can be upgraded to the current versions using an up-to-date Debian mirror. Those who frequently install updates from security.debian.org won't have to update many packages, and most such updates are included in the point release. New installation images will be available soon at the regular locations. Upgrading an existing installation to this revision can be achieved by pointing the package management system at one of Debian's many HTTP mirrors. A comprehensive list of mirrors is available at: https://www.debian.org/mirror/list Miscellaneous Bugfixes ---------------------- This oldstable update adds a few important corrections to the following packages: +--------------------------+------------------------------------------+ | Package | Reason | +--------------------------+------------------------------------------+ | adminer [1] | Fix open redirect issue, cross-site | | | scripting issues [CVE-2020-35572 | | | CVE-2021-29625]; elasticsearch: Do not | | | print response if HTTP code is not 200 | | | [CVE-2021-21311]; provide a compiled | | | version and configuration files | | | | | apache2 [2] | Fix denial of service issue [CVE-2022- | | | 22719], HTTP request smuggling issue | | | [CVE-2022-22720], integer overflow issue | | | [CVE-2022-22721], out-of-bounds write | | | issue [CVE-2022-23943], HTTP request | | | smuggling issue [CVE-2022-26377], out- | | | of-bounds read issues [CVE-2022-28614 | | | CVE-2022-28615], denial of service issue | | | [CVE-2022-29404], out-of-bounds read | | | issue [CVE-2022-30556], possible IP- | | | based authentication bypass issue | | | [CVE-2022-31813] | | | | | base-files [3] | Update for the 10.13 point release | | | | | clamav [4] | New upstream stable release; security | | | fixes [CVE-2022-20770 CVE-2022-20771 | | | CVE-2022-20785 CVE-2022-20792 CVE-2022- | | | 20796] | | | | | commons-daemon [5] | Fix JVM detection | | | | | composer [6] | Fix code injection vulnerability | | | [CVE-2022-24828]; update GitHub token | | | pattern; use Authorization header | | | instead of deprecated access_token query | | | parameter | | | | | debian-installer [7] | Rebuild against buster-proposed-updates; | | | increase Linux ABI to 4.19.0-21 | | | | | debian-installer- | Rebuild against buster-proposed-updates; | | netboot-images [8] | increase Linux ABI to 4.19.0-21 | | | | | debian-security- | Update security status of various | | support [9] | packages | | | | | debootstrap [10] | Ensure non-merged-usr chroots can | | | continue to be created for older | | | releases and buildd chroots | | | | | distro-info-data [11] | Add Ubuntu 22.04 LTS, Jammy Jellyfish | | | and Ubuntu 22.10, Kinetic Kudu | | | | | dropbear [12] | Fix possible username enumeration issue | | | [CVE-2019-12953] | | | | | eboard [13] | Fix segfault on engine selection | | | | | esorex [14] | Fix testsuite failures on armhf and | | | ppc64el caused by incorrect libffi usage | | | | | evemu [15] | Fix build failure with recent kernel | | | versions | | | | | feature-check [16] | Fix some version comparisons | | | | | flac [17] | Fix out-of-bounds write issue [CVE-2021- | | | 0561] | | | | | foxtrotgps [18] | Fix build failure with newer imagemagick | | | versions | | | | | freeradius [19] | Fix side-channel leak where 1 in 2048 | | | handshakes fail [CVE-2019-13456], denial | | | of service issue due to multithreaded | | | BN_CTX access [CVE-2019-17185], crash | | | due to non-thread safe memory allocation | | | | | freetype [20] | Fix buffer overflow issue [CVE-2022- | | | 27404]; fix crashes [CVE-2022-27405 | | | CVE-2022-27406] | | | | | fribidi [21] | Fix buffer overflow issues [CVE-2022- | | | 25308 CVE-2022-25309]; fix crash | | | [CVE-2022-25310] | | | | | ftgl [22] | Don't try to convert PNG to EPS for | | | latex, as our imagemagick has EPS | | | disabled for security reasons | | | | | gif2apng [23] | Fix heap-based buffer overflows | | | [CVE-2021-45909 CVE-2021-45910 CVE-2021- | | | 45911] | | | | | gnucash [24] | Fix build failure with recent tzdata | | | | | gnutls28 [25] | Fix test suite when combined with | | | OpenSSL 1.1.1e or newer | | | | | golang-github-docker-go- | Skip tests that use expired certificates | | connections [26] | | | | | | golang-github-pkg- | Fix building on newer 4.19 kernels | | term [27] | | | | | | golang-github- | Fix NULL pointer dereference issue | | russellhaering- | [CVE-2020-7711] | | goxmldsig [28] | | | | | | grub-efi-amd64- | New upstream release | | signed [29] | | | | | | grub-efi-arm64- | New upstream release | | signed [30] | | | | | | grub-efi-ia32- | New upstream release | | signed [31] | | | | | | grub2 [32] | New upstream release | | | | | htmldoc [33] | Fix infinite loop [CVE-2022-24191], | | | integer overflow issues [CVE-2022-27114] | | | and heap buffer overflow issue | | | [CVE-2022-28085] | | | | | iptables-netflow [34] | Fix DKMS build failure regression caused | | | by Linux upstream changes in the | | | 4.19.191 kernel | | | | | isync [35] | Fix buffer overflow issues [CVE-2021- | | | 3657] | | | | | kannel [36] | Fix build failure by disabling | | | generation of Postscript documentation | | | | | krb5 [37] | Use SHA256 as Pkinit CMS Digest | | | | | libapache2-mod-auth- | Improve validation of the post-logout | | openidc [38] | URL parameter on logout [CVE-2019-14857] | | | | | libdatetime-timezone- | Update included data | | perl [39] | | | | | | libhttp-cookiejar- | Fix build failure by increasing the | | perl [40] | expiry date of a test cookie | | | | | libnet-freedb-perl [41] | Change the default host from the defunct | | | freedb.freedb.org to gnudb.gnudb.org | | | | | libnet-ssleay-perl [42] | Fix test failures with OpenSSL 1.1.1n | | | | | librose-db-object- | Fix test failure after 6/6/2020 | | perl [43] | | | | | | libvirt-php [44] | Fix segmentation fault in | | | libvirt_node_get_cpu_stats | | | | | llvm-toolchain-13 [45] | New source package to support building | | | of newer firefox-esr and thunderbird | | | versions | | | | | minidlna [46] | Validate HTTP requests to protect | | | against DNS rebinding attacks [CVE-2022- | | | 26505] | | | | | mokutil [47] | New upstream version, to allow for SBAT | | | management | | | | | mutt [48] | Fix uudecode buffer overflow [CVE-2022- | | | 1328] | | | | | node-ejs [49] | Sanitize options and new objects | | | [CVE-2022-29078] | | | | | node-end-of-stream [50] | Work around test bug | | | | | node-minimist [51] | Fix prototype pollution issue [CVE-2021- | | | 44906] | | | | | node-node-forge [52] | Fix signature verification issues | | | [CVE-2022-24771 CVE-2022-24772 CVE-2022- | | | 24773] | | | | | node-require-from- | Fix a test in conjunction with nodejs >= | | string [53] | 10.16 | | | | | nvidia-graphics- | New upstream release | | drivers [54] | | | | | | nvidia-graphics-drivers- | New upstream release; fix out-of-bound | | legacy-390xx [55] | write issues [CVE-2022-28181 CVE-2022- | | | 28185]; security fixes [CVE-2022-31607 | | | CVE-2022-31608 CVE-2022-31615] | | | | | octavia [56] | Fix client certificate checks [CVE-2019- | | | 17134]; correctly detect that the agent | | | is running on Debian; fix template that | | | generates vrrp check script; add | | | additional runtime dependencies; ship | | | additional configuration directly in the | | | agent package | | | | | orca [57] | Fix use with WebKitGTK 2.36 | | | | | pacemaker [58] | Update relationship versions to fix | | | upgrades from stretch LTS | | | | | pglogical [59] | Fix build failure | | | | | php-guzzlehttp-psr7 [60] | Fix improper header parsing [CVE-2022- | | | 24775] | | | | | postfix [61] | New upstream stable release; do not | | | override user set default_transport; if- | | | up.d: do not error out if postfix can't | | | send mail yet; fix duplicate | | | bounce_notice_recipient entries in | | | postconf output | | | | | postgresql-common [62] | pg_virtualenv: Write temporary password | | | file before chowning the file | | | | | postsrsd [63] | Fix potential denial of service issue | | | when Postfix sends certain long data | | | fields such as multiple concatenated | | | email addresses [CVE-2021-35525] | | | | | procmail [64] | Fix NULL pointer dereference | | | | | publicsuffix [65] | Update included data | | | | | python- | Update tests to fix build failure | | keystoneauth1 [66] | | | | | | python-scrapy [67] | Don't send authentication data with all | | | requests [CVE-2021-41125]; don't expose | | | cookies cross-domain when redirecting | | | [CVE-2022-0577] | | | | | python-udatetime [68] | Properly link against libm library | | | | | qtbase-opensource- | Fix setTabOrder for compound widgets; | | src [69] | add an expansion limit for XML entities | | | [CVE-2015-9541] | | | | | ruby-activeldap [70] | Add missing dependency on ruby-builder | | | | | ruby-hiredis [71] | Skip some unreliable tests in order to | | | fix build failure | | | | | ruby-http-parser.rb [72] | Fix build failure when using http-parser | | | containing the fix for CVE-2019-15605 | | | | | ruby-riddle [73] | Allow use of "LOAD DATA LOCAL INFILE" | | | | | sctk [74] | Use "pdftoppm" instead of "convert" | | | to convert PDF to JPEG as the latter | | | fails with the changed security policy | | | of ImageMagick | | | | | twisted [75] | Fix incorrect URI and HTTP method | | | validation issue [CVE-2019-12387], | | | incorrect certificate validation in XMPP | | | support [CVE-2019-12855], HTTP/2 denial | | | of service issues, HTTP request | | | smuggling issues [CVE-2020-10108 | | | CVE-2020-10109 CVE-2022-24801], | | | information disclosure issue when | | | following cross-domain redirects | | | [CVE-2022-21712], denial of service | | | issue during SSH handshake [CVE-2022- | | | 21716] | | | | | tzdata [76] | Update timezone data for Iran, Chile and | | | Palestine; update leap second list | | | | | ublock-origin [77] | New upstream stable release | | | | | unrar-nonfree [78] | Fix directory traversal issue [CVE-2022- | | | 30333] | | | | | wireshark [79] | Fix remote code execution issue | | | [CVE-2021-22191], denial of service | | | issues [CVE-2021-4181 CVE-2021-4184 | | | CVE-2021-4185 CVE-2022-0581 CVE-2022- | | | 0582 CVE-2022-0583 CVE-2022-0585 | | | CVE-2022-0586] | | | | +--------------------------+------------------------------------------+ 1: https://packages.debian.org/src:adminer 2: https://packages.debian.org/src:apache2 3: https://packages.debian.org/src:base-files 4: https://packages.debian.org/src:clamav 5: https://packages.debian.org/src:commons-daemon 6: https://packages.debian.org/src:composer 7: https://packages.debian.org/src:debian-installer 8: https://packages.debian.org/src:debian-installer-netboot-images 9: https://packages.debian.org/src:debian-security-support 10: https://packages.debian.org/src:debootstrap 11: https://packages.debian.org/src:distro-info-data 12: https://packages.debian.org/src:dropbear 13: https://packages.debian.org/src:eboard 14: https://packages.debian.org/src:esorex 15: https://packages.debian.org/src:evemu 16: https://packages.debian.org/src:feature-check 17: https://packages.debian.org/src:flac 18: https://packages.debian.org/src:foxtrotgps 19: https://packages.debian.org/src:freeradius 20: https://packages.debian.org/src:freetype 21: https://packages.debian.org/src:fribidi 22: https://packages.debian.org/src:ftgl 23: https://packages.debian.org/src:gif2apng 24: https://packages.debian.org/src:gnucash 25: https://packages.debian.org/src:gnutls28 26: https://packages.debian.org/src:golang-github-docker-go-connections 27: https://packages.debian.org/src:golang-github-pkg-term 28: https://packages.debian.org/src:golang-github-russellhaering-goxmldsig 29: https://packages.debian.org/src:grub-efi-amd64-signed 30: https://packages.debian.org/src:grub-efi-arm64-signed 31: https://packages.debian.org/src:grub-efi-ia32-signed 32: https://packages.debian.org/src:grub2 33: https://packages.debian.org/src:htmldoc 34: https://packages.debian.org/src:iptables-netflow 35: https://packages.debian.org/src:isync 36: https://packages.debian.org/src:kannel 37: https://packages.debian.org/src:krb5 38: https://packages.debian.org/src:libapache2-mod-auth-openidc 39: https://packages.debian.org/src:libdatetime-timezone-perl 40: https://packages.debian.org/src:libhttp-cookiejar-perl 41: https://packages.debian.org/src:libnet-freedb-perl 42: https://packages.debian.org/src:libnet-ssleay-perl 43: https://packages.debian.org/src:librose-db-object-perl 44: https://packages.debian.org/src:libvirt-php 45: https://packages.debian.org/src:llvm-toolchain-13 46: https://packages.debian.org/src:minidlna 47: https://packages.debian.org/src:mokutil 48: https://packages.debian.org/src:mutt 49: https://packages.debian.org/src:node-ejs 50: https://packages.debian.org/src:node-end-of-stream 51: https://packages.debian.org/src:node-minimist 52: https://packages.debian.org/src:node-node-forge 53: https://packages.debian.org/src:node-require-from-string 54: https://packages.debian.org/src:nvidia-graphics-drivers 55: https://packages.debian.org/src:nvidia-graphics-drivers-legacy-390xx 56: https://packages.debian.org/src:octavia 57: https://packages.debian.org/src:orca 58: https://packages.debian.org/src:pacemaker 59: https://packages.debian.org/src:pglogical 60: https://packages.debian.org/src:php-guzzlehttp-psr7 61: https://packages.debian.org/src:postfix 62: https://packages.debian.org/src:postgresql-common 63: https://packages.debian.org/src:postsrsd 64: https://packages.debian.org/src:procmail 65: https://packages.debian.org/src:publicsuffix 66: https://packages.debian.org/src:python-keystoneauth1 67: https://packages.debian.org/src:python-scrapy 68: https://packages.debian.org/src:python-udatetime 69: https://packages.debian.org/src:qtbase-opensource-src 70: https://packages.debian.org/src:ruby-activeldap 71: https://packages.debian.org/src:ruby-hiredis 72: https://packages.debian.org/src:ruby-http-parser.rb 73: https://packages.debian.org/src:ruby-riddle 74: https://packages.debian.org/src:sctk 75: https://packages.debian.org/src:twisted 76: https://packages.debian.org/src:tzdata 77: https://packages.debian.org/src:ublock-origin 78: https://packages.debian.org/src:unrar-nonfree 79: https://packages.debian.org/src:wireshark Security Updates ---------------- This revision adds the following security updates to the oldstable release. The Security Team has already released an advisory for each of these updates: +----------------+---------------------------+ | Advisory ID | Package | +----------------+---------------------------+ | DSA-4836 [80] | openvswitch [81] | | | | | DSA-4852 [82] | openvswitch [83] | | | | | DSA-4906 [84] | chromium [85] | | | | | DSA-4911 [86] | chromium [87] | | | | | DSA-4917 [88] | chromium [89] | | | | | DSA-4981 [90] | firefox-esr [91] | | | | | DSA-5034 [92] | thunderbird [93] | | | | | DSA-5044 [94] | firefox-esr [95] | | | | | DSA-5045 [96] | thunderbird [97] | | | | | DSA-5069 [98] | firefox-esr [99] | | | | | DSA-5074 [100] | thunderbird [101] | | | | | DSA-5077 [102] | librecad [103] | | | | | DSA-5080 [104] | snapd [105] | | | | | DSA-5086 [106] | thunderbird [107] | | | | | DSA-5090 [108] | firefox-esr [109] | | | | | DSA-5094 [110] | thunderbird [111] | | | | | DSA-5097 [112] | firefox-esr [113] | | | | | DSA-5106 [114] | thunderbird [115] | | | | | DSA-5108 [116] | tiff [117] | | | | | DSA-5109 [118] | faad2 [119] | | | | | DSA-5111 [120] | zlib [121] | | | | | DSA-5113 [122] | firefox-esr [123] | | | | | DSA-5115 [124] | webkit2gtk [125] | | | | | DSA-5118 [126] | thunderbird [127] | | | | | DSA-5119 [128] | subversion [129] | | | | | DSA-5122 [130] | gzip [131] | | | | | DSA-5123 [132] | xz-utils [133] | | | | | DSA-5126 [134] | ffmpeg [135] | | | | | DSA-5129 [136] | firefox-esr [137] | | | | | DSA-5131 [138] | openjdk-11 [139] | | | | | DSA-5132 [140] | ecdsautils [141] | | | | | DSA-5135 [142] | postgresql-11 [143] | | | | | DSA-5137 [144] | needrestart [145] | | | | | DSA-5138 [146] | waitress [147] | | | | | DSA-5139 [148] | openssl [149] | | | | | DSA-5140 [150] | openldap [151] | | | | | DSA-5141 [152] | thunderbird [153] | | | | | DSA-5142 [154] | libxml2 [155] | | | | | DSA-5143 [156] | firefox-esr [157] | | | | | DSA-5144 [158] | condor [159] | | | | | DSA-5145 [160] | lrzip [161] | | | | | DSA-5147 [162] | dpkg [163] | | | | | DSA-5149 [164] | cups [165] | | | | | DSA-5150 [166] | rsyslog [167] | | | | | DSA-5151 [168] | smarty3 [169] | | | | | DSA-5152 [170] | spip [171] | | | | | DSA-5153 [172] | trafficserver [173] | | | | | DSA-5154 [174] | webkit2gtk [175] | | | | | DSA-5156 [176] | firefox-esr [177] | | | | | DSA-5157 [178] | cifs-utils [179] | | | | | DSA-5158 [180] | thunderbird [181] | | | | | DSA-5159 [182] | python-bottle [183] | | | | | DSA-5160 [184] | ntfs-3g [185] | | | | | DSA-5164 [186] | exo [187] | | | | | DSA-5165 [188] | vlc [189] | | | | | DSA-5167 [190] | firejail [191] | | | | | DSA-5169 [192] | openssl [193] | | | | | DSA-5171 [194] | squid [195] | | | | | DSA-5172 [196] | firefox-esr [197] | | | | | DSA-5173 [198] | linux-latest [199] | | | | | DSA-5173 [200] | linux-signed-amd64 [201] | | | | | DSA-5173 [202] | linux-signed-arm64 [203] | | | | | DSA-5173 [204] | linux-signed-i386 [205] | | | | | DSA-5173 [206] | linux [207] | | | | | DSA-5174 [208] | gnupg2 [209] | | | | | DSA-5175 [210] | thunderbird [211] | | | | | DSA-5176 [212] | blender [213] | | | | | DSA-5178 [214] | intel-microcode [215] | | | | | DSA-5181 [216] | request-tracker4 [217] | | | | | DSA-5182 [218] | webkit2gtk [219] | | | | | DSA-5185 [220] | mat2 [221] | | | | | DSA-5186 [222] | djangorestframework [223] | | | | | DSA-5188 [224] | openjdk-11 [225] | | | | | DSA-5189 [226] | gsasl [227] | | | | | DSA-5190 [228] | spip [229] | | | | | DSA-5193 [230] | firefox-esr [231] | | | | | DSA-5194 [232] | booth [233] | | | | | DSA-5195 [234] | thunderbird [235] | | | | | DSA-5196 [236] | libpgjava [237] | | | | +----------------+---------------------------+ 80: https://www.debian.org/security/2021/dsa-4836 81: https://packages.debian.org/src:openvswitch 82: https://www.debian.org/security/2021/dsa-4852 83: https://packages.debian.org/src:openvswitch 84: https://www.debian.org/security/2021/dsa-4906 85: https://packages.debian.org/src:chromium 86: https://www.debian.org/security/2021/dsa-4911 87: https://packages.debian.org/src:chromium 88: https://www.debian.org/security/2021/dsa-4917 89: https://packages.debian.org/src:chromium 90: https://www.debian.org/security/2021/dsa-4981 91: https://packages.debian.org/src:firefox-esr 92: https://www.debian.org/security/2022/dsa-5034 93: https://packages.debian.org/src:thunderbird 94: https://www.debian.org/security/2022/dsa-5044 95: https://packages.debian.org/src:firefox-esr 96: https://www.debian.org/security/2022/dsa-5045 97: https://packages.debian.org/src:thunderbird 98: https://www.debian.org/security/2022/dsa-5069 99: https://packages.debian.org/src:firefox-esr 100: https://www.debian.org/security/2022/dsa-5074 101: https://packages.debian.org/src:thunderbird 102: https://www.debian.org/security/2022/dsa-5077 103: https://packages.debian.org/src:librecad 104: https://www.debian.org/security/2022/dsa-5080 105: https://packages.debian.org/src:snapd 106: https://www.debian.org/security/2022/dsa-5086 107: https://packages.debian.org/src:thunderbird 108: https://www.debian.org/security/2022/dsa-5090 109: https://packages.debian.org/src:firefox-esr 110: https://www.debian.org/security/2022/dsa-5094 111: https://packages.debian.org/src:thunderbird 112: https://www.debian.org/security/2022/dsa-5097 113: https://packages.debian.org/src:firefox-esr 114: https://www.debian.org/security/2022/dsa-5106 115: https://packages.debian.org/src:thunderbird 116: https://www.debian.org/security/2022/dsa-5108 117: https://packages.debian.org/src:tiff 118: https://www.debian.org/security/2022/dsa-5109 119: https://packages.debian.org/src:faad2 120: https://www.debian.org/security/2022/dsa-5111 121: https://packages.debian.org/src:zlib 122: https://www.debian.org/security/2022/dsa-5113 123: https://packages.debian.org/src:firefox-esr 124: https://www.debian.org/security/2022/dsa-5115 125: https://packages.debian.org/src:webkit2gtk 126: https://www.debian.org/security/2022/dsa-5118 127: https://packages.debian.org/src:thunderbird 128: https://www.debian.org/security/2022/dsa-5119 129: https://packages.debian.org/src:subversion 130: https://www.debian.org/security/2022/dsa-5122 131: https://packages.debian.org/src:gzip 132: https://www.debian.org/security/2022/dsa-5123 133: https://packages.debian.org/src:xz-utils 134: https://www.debian.org/security/2022/dsa-5126 135: https://packages.debian.org/src:ffmpeg 136: https://www.debian.org/security/2022/dsa-5129 137: https://packages.debian.org/src:firefox-esr 138: https://www.debian.org/security/2022/dsa-5131 139: https://packages.debian.org/src:openjdk-11 140: https://www.debian.org/security/2022/dsa-5132 141: https://packages.debian.org/src:ecdsautils 142: https://www.debian.org/security/2022/dsa-5135 143: https://packages.debian.org/src:postgresql-11 144: https://www.debian.org/security/2022/dsa-5137 145: https://packages.debian.org/src:needrestart 146: https://www.debian.org/security/2022/dsa-5138 147: https://packages.debian.org/src:waitress 148: https://www.debian.org/security/2022/dsa-5139 149: https://packages.debian.org/src:openssl 150: https://www.debian.org/security/2022/dsa-5140 151: https://packages.debian.org/src:openldap 152: https://www.debian.org/security/2022/dsa-5141 153: https://packages.debian.org/src:thunderbird 154: https://www.debian.org/security/2022/dsa-5142 155: https://packages.debian.org/src:libxml2 156: https://www.debian.org/security/2022/dsa-5143 157: https://packages.debian.org/src:firefox-esr 158: https://www.debian.org/security/2022/dsa-5144 159: https://packages.debian.org/src:condor 160: https://www.debian.org/security/2022/dsa-5145 161: https://packages.debian.org/src:lrzip 162: https://www.debian.org/security/2022/dsa-5147 163: https://packages.debian.org/src:dpkg 164: https://www.debian.org/security/2022/dsa-5149 165: https://packages.debian.org/src:cups 166: https://www.debian.org/security/2022/dsa-5150 167: https://packages.debian.org/src:rsyslog 168: https://www.debian.org/security/2022/dsa-5151 169: https://packages.debian.org/src:smarty3 170: https://www.debian.org/security/2022/dsa-5152 171: https://packages.debian.org/src:spip 172: https://www.debian.org/security/2022/dsa-5153 173: https://packages.debian.org/src:trafficserver 174: https://www.debian.org/security/2022/dsa-5154 175: https://packages.debian.org/src:webkit2gtk 176: https://www.debian.org/security/2022/dsa-5156 177: https://packages.debian.org/src:firefox-esr 178: https://www.debian.org/security/2022/dsa-5157 179: https://packages.debian.org/src:cifs-utils 180: https://www.debian.org/security/2022/dsa-5158 181: https://packages.debian.org/src:thunderbird 182: https://www.debian.org/security/2022/dsa-5159 183: https://packages.debian.org/src:python-bottle 184: https://www.debian.org/security/2022/dsa-5160 185: https://packages.debian.org/src:ntfs-3g 186: https://www.debian.org/security/2022/dsa-5164 187: https://packages.debian.org/src:exo 188: https://www.debian.org/security/2022/dsa-5165 189: https://packages.debian.org/src:vlc 190: https://www.debian.org/security/2022/dsa-5167 191: https://packages.debian.org/src:firejail 192: https://www.debian.org/security/2022/dsa-5169 193: https://packages.debian.org/src:openssl 194: https://www.debian.org/security/2022/dsa-5171 195: https://packages.debian.org/src:squid 196: https://www.debian.org/security/2022/dsa-5172 197: https://packages.debian.org/src:firefox-esr 198: https://www.debian.org/security/2022/dsa-5173 199: https://packages.debian.org/src:linux-latest 200: https://www.debian.org/security/2022/dsa-5173 201: https://packages.debian.org/src:linux-signed-amd64 202: https://www.debian.org/security/2022/dsa-5173 203: https://packages.debian.org/src:linux-signed-arm64 204: https://www.debian.org/security/2022/dsa-5173 205: https://packages.debian.org/src:linux-signed-i386 206: https://www.debian.org/security/2022/dsa-5173 207: https://packages.debian.org/src:linux 208: https://www.debian.org/security/2022/dsa-5174 209: https://packages.debian.org/src:gnupg2 210: https://www.debian.org/security/2022/dsa-5175 211: https://packages.debian.org/src:thunderbird 212: https://www.debian.org/security/2022/dsa-5176 213: https://packages.debian.org/src:blender 214: https://www.debian.org/security/2022/dsa-5178 215: https://packages.debian.org/src:intel-microcode 216: https://www.debian.org/security/2022/dsa-5181 217: https://packages.debian.org/src:request-tracker4 218: https://www.debian.org/security/2022/dsa-5182 219: https://packages.debian.org/src:webkit2gtk 220: https://www.debian.org/security/2022/dsa-5185 221: https://packages.debian.org/src:mat2 222: https://www.debian.org/security/2022/dsa-5186 223: https://packages.debian.org/src:djangorestframework 224: https://www.debian.org/security/2022/dsa-5188 225: https://packages.debian.org/src:openjdk-11 226: https://www.debian.org/security/2022/dsa-5189 227: https://packages.debian.org/src:gsasl 228: https://www.debian.org/security/2022/dsa-5190 229: https://packages.debian.org/src:spip 230: https://www.debian.org/security/2022/dsa-5193 231: https://packages.debian.org/src:firefox-esr 232: https://www.debian.org/security/2022/dsa-5194 233: https://packages.debian.org/src:booth 234: https://www.debian.org/security/2022/dsa-5195 235: https://packages.debian.org/src:thunderbird 236: https://www.debian.org/security/2022/dsa-5196 237: https://packages.debian.org/src:libpgjava Removed packages ---------------- The following packages were removed due to circumstances beyond our control: +--------------------------+-------------------------------+ | Package | Reason | +--------------------------+-------------------------------+ | elog [238] | Unmaintained; security issues | | | | | libnet-amazon-perl [239] | Depends on removed API | | | | +--------------------------+-------------------------------+ 238: https://packages.debian.org/src:elog 239: https://packages.debian.org/src:libnet-amazon-perl Debian Installer ---------------- The installer has been updated to include the fixes incorporated into oldstable by the point release. URLs ---- The complete lists of packages that have changed with this revision: https://deb.debian.org/debian/dists/buster/ChangeLog The current oldstable distribution: https://deb.debian.org/debian/dists/oldstable/ Proposed updates to the oldstable distribution: https://deb.debian.org/debian/dists/oldstable-proposed-updates oldstable distribution information (release notes, errata etc.): https://www.debian.org/releases/oldstable/ Security announcements and information: https://www.debian.org/security/ About Debian ------------ The Debian Project is an association of Free Software developers who volunteer their time and effort in order to produce the completely free operating system Debian. Contact Information ------------------- For further information, please visit the Debian web pages at https://www.debian.org/, send mail to <press@debian.org>, or contact the stable release team at <debian-release@lists.debian.org>.
Attachment:
OpenPGP_signature
Description: OpenPGP digital signature