------------------------------------------------------------------------
The Debian Project https://www.debian.org/
Updated Debian 12: 12.2 released press@debian.org
October 7th, 2023 https://www.debian.org/News/2023/20231007
------------------------------------------------------------------------
The Debian project is pleased to announce the second update of its
stable distribution Debian 12 (codename "bookworm"). This point release
mainly adds corrections for security issues, along with a few
adjustments for serious problems. Security advisories have already been
published separately and are referenced where available.
Please note that the point release does not constitute a new version of
Debian 12 but only updates some of the packages included. There is no
need to throw away old "bookworm" media. After installation, packages
can be upgraded to the current versions using an up-to-date Debian
mirror.
Those who frequently install updates from security.debian.org won't have
to update many packages, and most such updates are included in the point
release.
New installation images will be available soon at the regular locations.
Upgrading an existing installation to this revision can be achieved by
pointing the package management system at one of Debian's many HTTP
mirrors. A comprehensive list of mirrors is available at:
https://www.debian.org/mirror/list
Miscellaneous Bugfixes
----------------------
This stable update adds a few important corrections to the following
packages:
+--------------------------+------------------------------------------+
| Package | Reason |
+--------------------------+------------------------------------------+
| amd64-microcode [1] | Update included microcode, including |
| | fixes for "AMD Inception" on AMD Zen4 |
| | processors [CVE-2023-20569] |
| | |
| arctica-greeter [2] | Support configuring the onscreen |
| | keyboard theme via ArcticaGreeter's |
| | gsettings; use "Compact" OSK layout |
| | (instead of Small) which includes |
| | special keys such as German Umlauts; fix |
| | display of authentication failure |
| | messages; use active theme rather then |
| | emerald |
| | |
| autofs [3] | Fix regression determining reachability |
| | on dual-stack hosts |
| | |
| base-files [4] | Update for the 12.2 point release |
| | |
| batik [5] | Fix Server Side Request Forgery issues |
| | [CVE-2022-44729 CVE-2022-44730] |
| | |
| boxer-data [6] | No longer install https-everywhere for |
| | Firefox |
| | |
| brltty [7] | xbrlapi: Do not try to start brltty with |
| | ba+a2 when unavailable; fix cursor |
| | routing and braille panning in Orca when |
| | xbrlapi is installed but the a2 screen |
| | driver is not |
| | |
| ca-certificates-java [8] | Work around unconfigured JRE during new |
| | installations |
| | |
| cairosvg [9] | Handle data: URLs in safe mode |
| | |
| calibre [10] | Fix export feature |
| | |
| clamav [11] | New upstream stable release; security |
| | fixes [CVE-2023-20197 CVE-2023-20212] |
| | |
| cryptmount [12] | Avoid memory initialisation issues in |
| | command line parser |
| | |
| cups [13] | Fix heap-based buffer overflow issue |
| | [CVE-2023-4504]; fix unauthenticated |
| | access issue [CVE-2023-32360] |
| | |
| curl [14] | Build with OpenLDAP to correct improper |
| | fetch of binary LDAP attributes; fix |
| | excessive memory consumption issue |
| | [CVE-2023-38039] |
| | |
| cyrus-imapd [15] | Ensure mailboxes are not lost on |
| | upgrades from bullseye |
| | |
| dar [16] | Fix issues with creating isolated |
| | catalogs when dar was built using a |
| | recent gcc version |
| | |
| dbus [17] | New upstream stable release; fix a dbus- |
| | daemon crash during policy reload if a |
| | connection belongs to a user account |
| | that has been deleted, or if a Name |
| | Service Switch plugin is broken, on |
| | kernels not supporting SO_PEERGROUPS; |
| | report the error correctly if getting |
| | the groups of a uid fails; dbus-user- |
| | session: Copy XDG_CURRENT_DESKTOP to |
| | activation environment |
| | |
| debian-archive- | Clean up leftover keyrings in |
| keyring [18] | trusted.gpg.d |
| | |
| debian-edu-doc [19] | Update Debian Edu Bookworm manual |
| | |
| debian-edu-install [20] | New upstream release; adjust D-I auto- |
| | partitioning sizes |
| | |
| debian-installer [21] | Increase Linux kernel ABI to 6.1.0-13; |
| | rebuild against proposed-updates |
| | |
| debian-installer- | Rebuild against proposed-updates |
| netboot-images [22] | |
| | |
| debian-parl [23] | Rebuild with newer boxer-data; no longer |
| | depend on webext-https-everywhere |
| | |
| debianutils [24] | Fix duplicate entries in /etc/shells; |
| | manage /bin/sh in the state file; fix |
| | canonicalization of shells in aliased |
| | locations |
| | |
| dgit [25] | Use the old /updates security map only |
| | for buster; prevent pushing older |
| | versions than are already in the archive |
| | |
| dhcpcd5 [26] | Ease upgrades with leftovers from |
| | wheezy; drop deprecated ntpd |
| | integration; fix version in cleanup |
| | script |
| | |
| dpdk [27] | New upstream stable release |
| | |
| dput-ng [28] | Update permitted upload targets; fix |
| | failure to build from source |
| | |
| efibootguard [29] | Fix Insufficient or missing validation |
| | and sanitization of input from |
| | untrustworthy bootloader environment |
| | files [CVE-2023-39950] |
| | |
| electrum [30] | Fix a Lightning security issue |
| | |
| filezilla [31] | Fix builds for 32-bit architectures; fix |
| | crash when removing filetypes from list |
| | |
| firewalld [32] | Don't mix IPv4 and IPv6 addresses in a |
| | single nftables rule |
| | |
| flann [33] | Drop extra -llz4 from flann.pc |
| | |
| foot [34] | Ignore XTGETTCAP queries with invalid |
| | hex encodings |
| | |
| freedombox [35] | Use n= in apt preferences for smooth |
| | upgrades |
| | |
| freeradius [36] | Ensure TLS-Client-Cert-Common-Name |
| | contains correct data |
| | |
| ghostscript [37] | Fix buffer overflow issue [CVE-2023- |
| | 38559]; try and secure the IJS server |
| | startup [CVE-2023-43115] |
| | |
| gitit [38] | Rebuild against new pandoc |
| | |
| gjs [39] | Avoid infinite loops of idle callbacks |
| | if an idle handler is called during GC |
| | |
| glibc [40] | Fix the value of F_GETLK/F_SETLK/ |
| | F_SETLKW with __USE_FILE_OFFSET64 on |
| | ppc64el; fix a stack read overflow in |
| | getaddrinfo in no-aaaa mode [CVE-2023- |
| | 4527]; fix use after free in |
| | getcanonname [CVE-2023-4806 CVE-2023- |
| | 5156]; fix _dl_find_object to return |
| | correct values even during early startup |
| | |
| gosa-plugins- | Silence deprecation warnings in web |
| netgroups [41] | interface |
| | |
| gosa-plugins- | Fix management of DHCP/DNS entries in |
| systems [42] | default theme; fix adding (standalone) |
| | "Network printer" systems; fix |
| | generation of target DNs for various |
| | system types; fix icon rendering in DHCP |
| | servlet; enforce unqualified hostname |
| | for workstations |
| | |
| gtk+3.0 [43] | New upstream stable release; fix several |
| | crashes; show more information in the |
| | "inspector" debugging interface; |
| | silence GFileInfo warnings if used with |
| | a backported version of GLib; use a |
| | light colour for the caret in dark |
| | themes, making it much easier to see in |
| | some apps, in particular Evince |
| | |
| gtk4 [44] | Fix truncation in places sidebar with |
| | large text accessibility setting |
| | |
| haskell-hakyll [45] | Rebuild against new pandoc |
| | |
| highway [46] | Fix support for armhf systems lacking |
| | NEON |
| | |
| hnswlib [47] | Fix double free in init_index when the M |
| | argument is a large integer [CVE-2023- |
| | 37365] |
| | |
| horizon [48] | Fix open redirect issue [CVE-2022-45582] |
| | |
| icingaweb2 [49] | Suppress undesirable deprecation notices |
| | |
| imlib2 [50] | Fix preservation of alpha channel flag |
| | |
| indent [51] | Fix out of buffer read; fix buffer |
| | overwrite [CVE-2023-40305] |
| | |
| inetutils [52] | Check return values when dropping |
| | privileges [CVE-2023-40303] |
| | |
| inn2 [53] | Fix nnrpd hangs when compression is |
| | enabled; add support for high-precision |
| | syslog timestamps; make inn- |
| | {radius,secrets}.conf not world readable |
| | |
| jekyll [54] | Support YAML aliases |
| | |
| kernelshark [55] | Fix segfault in libshark-tepdata; fix |
| | capturing when target directory contains |
| | a space |
| | |
| krb5 [56] | Fix freeing of uninitialised pointer |
| | [CVE-2023-36054] |
| | |
| lemonldap-ng [57] | Apply login control to auth-slave |
| | requests; fix open redirection due to |
| | incorrect escape handling; fix open |
| | redirection when OIDC RP has no redirect |
| | URIs; fix Server Side Request Forgery |
| | issue [CVE-2023-44469] |
| | |
| libapache-mod-jk [58] | Remove implicit mapping functionality, |
| | which could lead to unintended exposure |
| | of the status worker and/or bypass of |
| | security constraints [CVE-2023-41081] |
| | |
| libclamunrar [59] | New upstream stable release |
| | |
| libmatemixer [60] | Fix heap corruptions / application |
| | crashes when removing audio devices |
| | |
| libpam-mklocaluser [61] | pam-auth-update: ensure the module is |
| | ordered before other session type |
| | modules |
| | |
| libxnvctrl [62] | New source package split from nvidia- |
| | settings |
| | |
| linux [63] | New upstream stable release |
| | |
| linux-signed-amd64 [64] | New upstream stable release |
| | |
| linux-signed-arm64 [65] | New upstream stable release |
| | |
| linux-signed-i386 [66] | New upstream stable release |
| | |
| llvm-defaults [67] | Fix /usr/include/lld symlink; add Breaks |
| | against not co-installable packages for |
| | smoother upgrades from bullseye |
| | |
| ltsp [68] | Avoid using mv on init symlink |
| | |
| lxc [69] | Fix nftables syntax for IPv6 NAT |
| | |
| lxcfs [70] | Fix CPU reporting within an arm32 |
| | container with large numbers of CPUs |
| | |
| marco [71] | Only enable compositing if it is |
| | available |
| | |
| mariadb [72] | New upstream bugfix release |
| | |
| mate-notification- | Fix two memory leaks |
| daemon [73] | |
| | |
| mgba [74] | Fix broken audio in libretro core; fix |
| | crash on hardware incapable of OpenGL |
| | 3.2 |
| | |
| modsecurity [75] | Fix denial of service issue [CVE-2023- |
| | 38285] |
| | |
| monitoring-plugins [76] | check_disk: avoid mounting when |
| | searching for matching mount points, |
| | resolving a regression in speed from |
| | bullseye |
| | |
| mozjs102 [77] | New upstream stable release; fix |
| | "incorrect value used during WASM |
| | compilation" [CVE-2023-4046], potential |
| | use after free issue [CVE-2023-37202], |
| | memory safety issues [CVE-2023-37211 |
| | CVE-2023-34416] |
| | |
| mutt [78] | New upstream stable release |
| | |
| nco [79] | Re-enable udunits2 support |
| | |
| nftables [80] | Fix incorrect bytecode generation hit |
| | with new kernel check that rejects |
| | adding rules to bound chains |
| | |
| node-dottie [81] | Security fix (prototype pollution) |
| | [CVE-2023-26132] |
| | |
| nvidia-settings [82] | New upstream bugfix release |
| | |
| nvidia-settings- | New upstream bugfix release |
| tesla [83] | |
| | |
| nx-libs [84] | Fix missing symlink /usr/share/nx/fonts; |
| | fix manpage |
| | |
| open-ath9k-htc- | Load correct firmware |
| firmware [85] | |
| | |
| openbsd-inetd [86] | Fix memory handling issues |
| | |
| openrefine [87] | Fix arbitrary code execution issue |
| | [CVE-2023-37476] |
| | |
| openscap [88] | Fix dependencies of openscap-utils and |
| | python3-openscap |
| | |
| openssh [89] | Fix remote code execution issue via a |
| | forwarded agent socket [CVE-2023-38408] |
| | |
| openssl [90] | New upstream stable release; security |
| | fixes [CVE-2023-2975 CVE-2023-3446 |
| | CVE-2023-3817] |
| | |
| pam [91] | Fix pam-auth-update --disable; update |
| | Turkish translation |
| | |
| pandoc [92] | Fix arbitrary file write issue |
| | [CVE-2023-35936] |
| | |
| plasma-framework [93] | Fix plasmashell crashes |
| | |
| plasma-workspace [94] | Fix crash in krunner |
| | |
| python-git [95] | Fix remote code execution issue |
| | [CVE-2023-40267], blind local file |
| | inclusion issue [CVE-2023-41040] |
| | |
| pywinrm [96] | Fix compatibility with Python 3.11 |
| | |
| qemu [97] | Update to upstream 7.2.5 tree; ui/vnc- |
| | clipboard: fix infinite loop in |
| | inflate_buffer [CVE-2023-3255]; fix NULL |
| | pointer dereference issue [CVE-2023- |
| | 3354]; fix buffer overflow issue |
| | [CVE-2023-3180] |
| | |
| qtlocation-opensource- | Fix freeze when loading map tiles |
| src [98] | |
| | |
| rar [99] | Upstream bugfix release [CVE-2023-40477] |
| | |
| reprepro [100] | Fix race condition when using external |
| | decompressors |
| | |
| rmlint [101] | Fix error in other packages caused by |
| | invalid python package version; fix GUI |
| | startup failure with recent python3.11 |
| | |
| roundcube [102] | New upstream stable release; fix OAuth2 |
| | authentication; fix cross site scripting |
| | issues [CVE-2023-43770] |
| | |
| runit-services [103] | dhclient: don't hardcode use of eth1 |
| | |
| samba [104] | New upstream stable release |
| | |
| sitesummary [105] | New upstream release; fix installation |
| | of sitesummary-maintenance CRON/systemd- |
| | timerd script; fix insecure temporary |
| | file and directory creation |
| | |
| slbackup-php [106] | Bug fixes: log remote commands to |
| | stderr; disable SSH known hosts files; |
| | PHP 8 compatibility |
| | |
| spamprobe [107] | Fix crashes parsing JPEG attachments |
| | |
| stunnel4 [108] | Fix handling of a peer closing TLS |
| | connection without proper shutdown |
| | messaging |
| | |
| systemd [109] | New upstream stable release; fix minor |
| | security issue in arm64 and riscv64 |
| | systemd-boot (EFI) with device tree |
| | blobs loading |
| | |
| testng7 [110] | Backport to stable for future openjdk-17 |
| | builds |
| | |
| timg [111] | Fix buffer overflow vulnerability |
| | [CVE-2023-40968] |
| | |
| transmission [112] | Replace openssl3 compat patch to fix |
| | memory leak |
| | |
| unbound [113] | Fix error log flooding when using DNS |
| | over TLS with openssl 3.0 |
| | |
| unrar-nonfree [114] | Fix remote code execution issue |
| | [CVE-2023-40477] |
| | |
| vorta [115] | Handle ctime and mtime changes in diffs |
| | |
| vte2.91 [116] | Invalidate ring view more often when |
| | necessary, fixing various assertion |
| | failures during event handling |
| | |
| x2goserver [117] | x2goruncommand: add support for KDE |
| | Plasma 5; x2gostartagent: prevent |
| | logfile corruption; keystrokes.cfg: sync |
| | with nx-libs; fix encoding of Finnish |
| | translation |
| | |
+--------------------------+------------------------------------------+
1: https://packages.debian.org/src:amd64-microcode
2: https://packages.debian.org/src:arctica-greeter
3: https://packages.debian.org/src:autofs
4: https://packages.debian.org/src:base-files
5: https://packages.debian.org/src:batik
6: https://packages.debian.org/src:boxer-data
7: https://packages.debian.org/src:brltty
8: https://packages.debian.org/src:ca-certificates-java
9: https://packages.debian.org/src:cairosvg
10: https://packages.debian.org/src:calibre
11: https://packages.debian.org/src:clamav
12: https://packages.debian.org/src:cryptmount
13: https://packages.debian.org/src:cups
14: https://packages.debian.org/src:curl
15: https://packages.debian.org/src:cyrus-imapd
16: https://packages.debian.org/src:dar
17: https://packages.debian.org/src:dbus
18: https://packages.debian.org/src:debian-archive-keyring
19: https://packages.debian.org/src:debian-edu-doc
20: https://packages.debian.org/src:debian-edu-install
21: https://packages.debian.org/src:debian-installer
22: https://packages.debian.org/src:debian-installer-netboot-images
23: https://packages.debian.org/src:debian-parl
24: https://packages.debian.org/src:debianutils
25: https://packages.debian.org/src:dgit
26: https://packages.debian.org/src:dhcpcd5
27: https://packages.debian.org/src:dpdk
28: https://packages.debian.org/src:dput-ng
29: https://packages.debian.org/src:efibootguard
30: https://packages.debian.org/src:electrum
31: https://packages.debian.org/src:filezilla
32: https://packages.debian.org/src:firewalld
33: https://packages.debian.org/src:flann
34: https://packages.debian.org/src:foot
35: https://packages.debian.org/src:freedombox
36: https://packages.debian.org/src:freeradius
37: https://packages.debian.org/src:ghostscript
38: https://packages.debian.org/src:gitit
39: https://packages.debian.org/src:gjs
40: https://packages.debian.org/src:glibc
41: https://packages.debian.org/src:gosa-plugins-netgroups
42: https://packages.debian.org/src:gosa-plugins-systems
43: https://packages.debian.org/src:gtk+3.0
44: https://packages.debian.org/src:gtk4
45: https://packages.debian.org/src:haskell-hakyll
46: https://packages.debian.org/src:highway
47: https://packages.debian.org/src:hnswlib
48: https://packages.debian.org/src:horizon
49: https://packages.debian.org/src:icingaweb2
50: https://packages.debian.org/src:imlib2
51: https://packages.debian.org/src:indent
52: https://packages.debian.org/src:inetutils
53: https://packages.debian.org/src:inn2
54: https://packages.debian.org/src:jekyll
55: https://packages.debian.org/src:kernelshark
56: https://packages.debian.org/src:krb5
57: https://packages.debian.org/src:lemonldap-ng
58: https://packages.debian.org/src:libapache-mod-jk
59: https://packages.debian.org/src:libclamunrar
60: https://packages.debian.org/src:libmatemixer
61: https://packages.debian.org/src:libpam-mklocaluser
62: https://packages.debian.org/src:libxnvctrl
63: https://packages.debian.org/src:linux
64: https://packages.debian.org/src:linux-signed-amd64
65: https://packages.debian.org/src:linux-signed-arm64
66: https://packages.debian.org/src:linux-signed-i386
67: https://packages.debian.org/src:llvm-defaults
68: https://packages.debian.org/src:ltsp
69: https://packages.debian.org/src:lxc
70: https://packages.debian.org/src:lxcfs
71: https://packages.debian.org/src:marco
72: https://packages.debian.org/src:mariadb
73: https://packages.debian.org/src:mate-notification-daemon
74: https://packages.debian.org/src:mgba
75: https://packages.debian.org/src:modsecurity
76: https://packages.debian.org/src:monitoring-plugins
77: https://packages.debian.org/src:mozjs102
78: https://packages.debian.org/src:mutt
79: https://packages.debian.org/src:nco
80: https://packages.debian.org/src:nftables
81: https://packages.debian.org/src:node-dottie
82: https://packages.debian.org/src:nvidia-settings
83: https://packages.debian.org/src:nvidia-settings-tesla
84: https://packages.debian.org/src:nx-libs
85: https://packages.debian.org/src:open-ath9k-htc-firmware
86: https://packages.debian.org/src:openbsd-inetd
87: https://packages.debian.org/src:openrefine
88: https://packages.debian.org/src:openscap
89: https://packages.debian.org/src:openssh
90: https://packages.debian.org/src:openssl
91: https://packages.debian.org/src:pam
92: https://packages.debian.org/src:pandoc
93: https://packages.debian.org/src:plasma-framework
94: https://packages.debian.org/src:plasma-workspace
95: https://packages.debian.org/src:python-git
96: https://packages.debian.org/src:pywinrm
97: https://packages.debian.org/src:qemu
98: https://packages.debian.org/src:qtlocation-opensource-src
99: https://packages.debian.org/src:rar
100: https://packages.debian.org/src:reprepro
101: https://packages.debian.org/src:rmlint
102: https://packages.debian.org/src:roundcube
103: https://packages.debian.org/src:runit-services
104: https://packages.debian.org/src:samba
105: https://packages.debian.org/src:sitesummary
106: https://packages.debian.org/src:slbackup-php
107: https://packages.debian.org/src:spamprobe
108: https://packages.debian.org/src:stunnel4
109: https://packages.debian.org/src:systemd
110: https://packages.debian.org/src:testng7
111: https://packages.debian.org/src:timg
112: https://packages.debian.org/src:transmission
113: https://packages.debian.org/src:unbound
114: https://packages.debian.org/src:unrar-nonfree
115: https://packages.debian.org/src:vorta
116: https://packages.debian.org/src:vte2.91
117: https://packages.debian.org/src:x2goserver
Security Updates
----------------
This revision adds the following security updates to the stable release.
The Security Team has already released an advisory for each of these
updates:
+----------------+---------------------------+
| Advisory ID | Package |
+----------------+---------------------------+
| DSA-5454 [118] | kanboard [119] |
| | |
| DSA-5455 [120] | iperf3 [121] |
| | |
| DSA-5456 [122] | chromium [123] |
| | |
| DSA-5457 [124] | webkit2gtk [125] |
| | |
| DSA-5458 [126] | openjdk-17 [127] |
| | |
| DSA-5459 [128] | amd64-microcode [129] |
| | |
| DSA-5460 [130] | curl [131] |
| | |
| DSA-5462 [132] | linux-signed-amd64 [133] |
| | |
| DSA-5462 [134] | linux-signed-arm64 [135] |
| | |
| DSA-5462 [136] | linux-signed-i386 [137] |
| | |
| DSA-5462 [138] | linux [139] |
| | |
| DSA-5463 [140] | thunderbird [141] |
| | |
| DSA-5464 [142] | firefox-esr [143] |
| | |
| DSA-5465 [144] | python-django [145] |
| | |
| DSA-5466 [146] | ntpsec [147] |
| | |
| DSA-5467 [148] | chromium [149] |
| | |
| DSA-5468 [150] | webkit2gtk [151] |
| | |
| DSA-5469 [152] | thunderbird [153] |
| | |
| DSA-5471 [154] | libhtmlcleaner-java [155] |
| | |
| DSA-5472 [156] | cjose [157] |
| | |
| DSA-5473 [158] | orthanc [159] |
| | |
| DSA-5474 [160] | intel-microcode [161] |
| | |
| DSA-5475 [162] | linux-signed-amd64 [163] |
| | |
| DSA-5475 [164] | linux-signed-arm64 [165] |
| | |
| DSA-5475 [166] | linux-signed-i386 [167] |
| | |
| DSA-5475 [168] | linux [169] |
| | |
| DSA-5476 [170] | gst-plugins-ugly1.0 [171] |
| | |
| DSA-5477 [172] | samba [173] |
| | |
| DSA-5479 [174] | chromium [175] |
| | |
| DSA-5481 [176] | fastdds [177] |
| | |
| DSA-5482 [178] | tryton-server [179] |
| | |
| DSA-5483 [180] | chromium [181] |
| | |
| DSA-5484 [182] | librsvg [183] |
| | |
| DSA-5485 [184] | firefox-esr [185] |
| | |
| DSA-5487 [186] | chromium [187] |
| | |
| DSA-5488 [188] | thunderbird [189] |
| | |
| DSA-5491 [190] | chromium [191] |
| | |
| DSA-5492 [192] | linux-signed-amd64 [193] |
| | |
| DSA-5492 [194] | linux-signed-arm64 [195] |
| | |
| DSA-5492 [196] | linux-signed-i386 [197] |
| | |
| DSA-5492 [198] | linux [199] |
| | |
| DSA-5493 [200] | open-vm-tools [201] |
| | |
| DSA-5494 [202] | mutt [203] |
| | |
| DSA-5495 [204] | frr [205] |
| | |
| DSA-5496 [206] | firefox-esr [207] |
| | |
| DSA-5497 [208] | libwebp [209] |
| | |
| DSA-5498 [210] | thunderbird [211] |
| | |
| DSA-5501 [212] | gnome-shell [213] |
| | |
| DSA-5504 [214] | bind9 [215] |
| | |
| DSA-5505 [216] | lldpd [217] |
| | |
| DSA-5507 [218] | jetty9 [219] |
| | |
| DSA-5510 [220] | libvpx [221] |
| | |
+----------------+---------------------------+
118: https://www.debian.org/security/2023/dsa-5454
119: https://packages.debian.org/src:kanboard
120: https://www.debian.org/security/2023/dsa-5455
121: https://packages.debian.org/src:iperf3
122: https://www.debian.org/security/2023/dsa-5456
123: https://packages.debian.org/src:chromium
124: https://www.debian.org/security/2023/dsa-5457
125: https://packages.debian.org/src:webkit2gtk
126: https://www.debian.org/security/2023/dsa-5458
127: https://packages.debian.org/src:openjdk-17
128: https://www.debian.org/security/2023/dsa-5459
129: https://packages.debian.org/src:amd64-microcode
130: https://www.debian.org/security/2023/dsa-5460
131: https://packages.debian.org/src:curl
132: https://www.debian.org/security/2023/dsa-5462
133: https://packages.debian.org/src:linux-signed-amd64
134: https://www.debian.org/security/2023/dsa-5462
135: https://packages.debian.org/src:linux-signed-arm64
136: https://www.debian.org/security/2023/dsa-5462
137: https://packages.debian.org/src:linux-signed-i386
138: https://www.debian.org/security/2023/dsa-5462
139: https://packages.debian.org/src:linux
140: https://www.debian.org/security/2023/dsa-5463
141: https://packages.debian.org/src:thunderbird
142: https://www.debian.org/security/2023/dsa-5464
143: https://packages.debian.org/src:firefox-esr
144: https://www.debian.org/security/2023/dsa-5465
145: https://packages.debian.org/src:python-django
146: https://www.debian.org/security/2023/dsa-5466
147: https://packages.debian.org/src:ntpsec
148: https://www.debian.org/security/2023/dsa-5467
149: https://packages.debian.org/src:chromium
150: https://www.debian.org/security/2023/dsa-5468
151: https://packages.debian.org/src:webkit2gtk
152: https://www.debian.org/security/2023/dsa-5469
153: https://packages.debian.org/src:thunderbird
154: https://www.debian.org/security/2023/dsa-5471
155: https://packages.debian.org/src:libhtmlcleaner-java
156: https://www.debian.org/security/2023/dsa-5472
157: https://packages.debian.org/src:cjose
158: https://www.debian.org/security/2023/dsa-5473
159: https://packages.debian.org/src:orthanc
160: https://www.debian.org/security/2023/dsa-5474
161: https://packages.debian.org/src:intel-microcode
162: https://www.debian.org/security/2023/dsa-5475
163: https://packages.debian.org/src:linux-signed-amd64
164: https://www.debian.org/security/2023/dsa-5475
165: https://packages.debian.org/src:linux-signed-arm64
166: https://www.debian.org/security/2023/dsa-5475
167: https://packages.debian.org/src:linux-signed-i386
168: https://www.debian.org/security/2023/dsa-5475
169: https://packages.debian.org/src:linux
170: https://www.debian.org/security/2023/dsa-5476
171: https://packages.debian.org/src:gst-plugins-ugly1.0
172: https://www.debian.org/security/2023/dsa-5477
173: https://packages.debian.org/src:samba
174: https://www.debian.org/security/2023/dsa-5479
175: https://packages.debian.org/src:chromium
176: https://www.debian.org/security/2023/dsa-5481
177: https://packages.debian.org/src:fastdds
178: https://www.debian.org/security/2023/dsa-5482
179: https://packages.debian.org/src:tryton-server
180: https://www.debian.org/security/2023/dsa-5483
181: https://packages.debian.org/src:chromium
182: https://www.debian.org/security/2023/dsa-5484
183: https://packages.debian.org/src:librsvg
184: https://www.debian.org/security/2023/dsa-5485
185: https://packages.debian.org/src:firefox-esr
186: https://www.debian.org/security/2023/dsa-5487
187: https://packages.debian.org/src:chromium
188: https://www.debian.org/security/2023/dsa-5488
189: https://packages.debian.org/src:thunderbird
190: https://www.debian.org/security/2023/dsa-5491
191: https://packages.debian.org/src:chromium
192: https://www.debian.org/security/2023/dsa-5492
193: https://packages.debian.org/src:linux-signed-amd64
194: https://www.debian.org/security/2023/dsa-5492
195: https://packages.debian.org/src:linux-signed-arm64
196: https://www.debian.org/security/2023/dsa-5492
197: https://packages.debian.org/src:linux-signed-i386
198: https://www.debian.org/security/2023/dsa-5492
199: https://packages.debian.org/src:linux
200: https://www.debian.org/security/2023/dsa-5493
201: https://packages.debian.org/src:open-vm-tools
202: https://www.debian.org/security/2023/dsa-5494
203: https://packages.debian.org/src:mutt
204: https://www.debian.org/security/2023/dsa-5495
205: https://packages.debian.org/src:frr
206: https://www.debian.org/security/2023/dsa-5496
207: https://packages.debian.org/src:firefox-esr
208: https://www.debian.org/security/2023/dsa-5497
209: https://packages.debian.org/src:libwebp
210: https://www.debian.org/security/2023/dsa-5498
211: https://packages.debian.org/src:thunderbird
212: https://www.debian.org/security/2023/dsa-5501
213: https://packages.debian.org/src:gnome-shell
214: https://www.debian.org/security/2023/dsa-5504
215: https://packages.debian.org/src:bind9
216: https://www.debian.org/security/2023/dsa-5505
217: https://packages.debian.org/src:lldpd
218: https://www.debian.org/security/2023/dsa-5507
219: https://packages.debian.org/src:jetty9
220: https://www.debian.org/security/2023/dsa-5510
221: https://packages.debian.org/src:libvpx
Removed packages
----------------
The following packages were removed due to circumstances beyond our
control:
+------------------------+---------------------------------------------+
| Package | Reason |
+------------------------+---------------------------------------------+
| https-everywhere [222] | obsolete, major browsers offer native |
| | support |
| | |
+------------------------+---------------------------------------------+
222: https://packages.debian.org/src:https-everywhere
Debian Installer
----------------
The installer has been updated to include the fixes incorporated into
stable by the point release.
URLs
----
The complete lists of packages that have changed with this revision:
https://deb.debian.org/debian/dists/bookworm/ChangeLog
The current stable distribution:
https://deb.debian.org/debian/dists/stable/
Proposed updates to the stable distribution:
https://deb.debian.org/debian/dists/proposed-updates
stable distribution information (release notes, errata etc.):
https://www.debian.org/releases/stable/
Security announcements and information:
https://www.debian.org/security/
About Debian
------------
The Debian Project is an association of Free Software developers who
volunteer their time and effort in order to produce the completely free
operating system Debian.
Contact Information
-------------------
For further information, please visit the Debian web pages at
https://www.debian.org/, send mail to <press@debian.org>, or contact the
stable release team at <debian-release@lists.debian.org>.
Attachment:
OpenPGP_signature
Description: OpenPGP digital signature