------------------------------------------------------------------------
The Debian Project https://www.debian.org/
Updated Debian 12: 12.6 released press@debian.org
June 29th, 2024 https://www.debian.org/News/2024/20240629
------------------------------------------------------------------------
The Debian project is pleased to announce the sixth update of its stable
distribution Debian 12 (codename "bookworm"). This point release mainly
adds corrections for security issues, along with a few adjustments for
serious problems. Security advisories have already been published
separately and are referenced where available.
Please note that the point release does not constitute a new version of
Debian 12 but only updates some of the packages included. There is no
need to throw away old "bookworm" media. After installation, packages
can be upgraded to the current versions using an up-to-date Debian
mirror.
Those who frequently install updates from security.debian.org won't have
to update many packages, and most such updates are included in the point
release.
New installation images will be available soon at the regular locations.
Upgrading an existing installation to this revision can be achieved by
pointing the package management system at one of Debian's many HTTP
mirrors. A comprehensive list of mirrors is available at:
https://www.debian.org/mirror/list
Miscellaneous Bugfixes
----------------------
This stable update adds a few important corrections to the following
packages:
+--------------------------+------------------------------------------+
| Package | Reason |
+--------------------------+------------------------------------------+
| aide [1] | Fix concurrent reading of extended |
| | attributes |
| | |
| amavisd-new [2] | Handle multiple boundary parameters that |
| | contain conflicting values [CVE-2024- |
| | 28054]; fix race condition in postinst |
| | |
| archlinux-keyring [3] | Switch to pre-built keyrings; sync with |
| | upstream |
| | |
| base-files [4] | Update for the 12.6 point release |
| | |
| bash [5] | Rebuild to fix outdated Built-Using |
| | |
| bioawk [6] | Disable parallel builds to fix random |
| | failures |
| | |
| bluez [7] | Fix remote code execution issues |
| | [CVE-2023-27349 CVE-2023-50229 CVE-2023- |
| | 50230] |
| | |
| cdo [8] | Disable hirlam-extensions to avoid |
| | causing issues with ICON data files |
| | |
| chkrootkit [9] | Rebuild to fix outdated Built-Using |
| | |
| cjson [10] | Fix missing NULL checks [CVE-2023-50471 |
| | CVE-2023-50472] |
| | |
| clamav [11] | New upstream stable release; fix |
| | possible heap overflow issue [CVE-2024- |
| | 20290], possible command injection issue |
| | [CVE-2024-20328] |
| | |
| cloud-init [12] | Declare conflicts/replaces on versioned |
| | package introduced for bullseye |
| | |
| comitup [13] | Ensure service is unmasked in post |
| | install |
| | |
| cpu [14] | Provide exactly one definition of |
| | globalLdap in LDAP plugin |
| | |
| crmsh [15] | Create log directory and file on |
| | installation |
| | |
| crowdsec-custom- | Rebuild to fix outdated Built-Using |
| bouncer [16] | |
| | |
| crowdsec-firewall- | Rebuild against golang-github-google- |
| bouncer [17] | nftables version with fixed little- |
| | endian architecture support |
| | |
| curl [18] | Do not keep default protocols when |
| | deselected [CVE-2024-2004]; fix memory |
| | leak [CVE-2024-2398] |
| | |
| dar [19] | Rebuild to fix outdated Built-Using |
| | |
| dcmtk [20] | Clean up properly on purge |
| | |
| debian-installer [21] | Increase Linux kernel ABI to 6.1.0-22; |
| | rebuild against proposed-updates |
| | |
| debian-installer- | Rebuild against proposed-updates |
| netboot-images [22] | |
| | |
| debvm [23] | debvm-create: do install login; bin/ |
| | debvm-waitssh: make --timeout=N work; |
| | bin/debvm-run: allow being run in |
| | environments without TERM set; fix |
| | resolv.conf in stretch |
| | |
| dhcpcd5 [24] | privsep: Allow zero length messages |
| | through; fix server not being restarted |
| | correctly during upgrades |
| | |
| distro-info-data [25] | Declare intentions for bullseye/ |
| | bookworm; fix past data; add Ubuntu |
| | 24.10 |
| | |
| djangorestframework [26] | Reinstate missing static files |
| | |
| dm-writeboost [27] | Fix build error with 6.9 kernel and |
| | backports |
| | |
| dns-root-data [28] | Update root hints; update expired |
| | security information |
| | |
| dpdk [29] | New upstream stable release |
| | |
| ebook-speaker [30] | Support username over 8 characters when |
| | enumerating groups |
| | |
| emacs [31] | Security fixes [CVE-2024-30202 CVE-2024- |
| | 30203 CVE-2024-30204 CVE-2024-30205]; |
| | replace expired package-keyring.gpg with |
| | a current version |
| | |
| extrepo-data [32] | Update repository information |
| | |
| flatpak [33] | New upstream stable release |
| | |
| fpga-icestorm [34] | Restore compatibility with yosys |
| | |
| freetype [35] | Disable COLRv1 support, which was |
| | unintentionally enabled by upstream; fix |
| | function existence check when calling |
| | get_colr_glyph_paint() |
| | |
| galera-4 [36] | New upstream bugfix release; update |
| | upstream release signing key; prevent |
| | date-related test failures |
| | |
| gdk-pixbuf [37] | ANI: Reject files with multiple anih |
| | chunks [CVE-2022-48622]; ANI: Reject |
| | files with multiple INAM or IART chunks; |
| | ANI: Validate anih chunk size |
| | |
| glewlwyd [38] | Fix potential buffer overflow during |
| | FIDO2 credential validation [CVE-2023- |
| | 49208]; fix open redirection via |
| | redirect_uri [CVE-2024-25715] |
| | |
| glib2.0 [39] | Fix a (rare) memory leak |
| | |
| glibc [40] | Revert fix to always call destructors in |
| | reverse constructor order due to |
| | unforeseen application compatibility |
| | issues; fix a DTV corruption due to a |
| | reuse of a TLS module ID following |
| | dlclose with unused TLS |
| | |
| gnutls28 [41] | Fix certtool crash when verifying a |
| | certificate chain with more than 16 |
| | certificates [CVE-2024-28835]; fix side- |
| | channel in the deterministic ECDSA |
| | [CVE-2024-28834]; fix a memory leak; fix |
| | two segfault issues |
| | |
| golang-github- | Rebuild for outdated Built-Using |
| containers-storage [42] | |
| | |
| golang-github-google- | Fix AddSet() function on little-endian |
| nftables [43] | architectures |
| | |
| golang-github-openshift- | Rebuild for outdated Built-Using |
| imagebuilder [44] | |
| | |
| gosu [45] | Rebuild for outdated Built-Using |
| | |
| gpaste [46] | Fix conflict with older libpgpaste6 |
| | |
| gross [47] | Fix stack-based buffer overflow |
| | [CVE-2023-52159] |
| | |
| hovercraft [48] | Depend on python3-setuptools |
| | |
| icinga2 [49] | Fix segmentation fault on ppc64el |
| | |
| igtf-policy-bundle [50] | Address CAB Forum S/MIME policy change; |
| | apply accumulated updates to trust |
| | anchors |
| | |
| intel-microcode [51] | Security mitigations [CVE-2023-22655 |
| | CVE-2023-28746 CVE-2023-38575 CVE-2023- |
| | 39368 CVE-2023-43490]; mitigate for |
| | INTEL-SA-01051 [CVE-2023-45733], INTEL- |
| | SA-01052 [CVE-2023-46103], INTEL- |
| | SA-01036 [CVE-2023-45745, CVE-2023- |
| | 47855] and unspecified functional issues |
| | on various Intel processors |
| | |
| jose [52] | Fix potential denial-of-service issue |
| | [CVE-2023-50967] |
| | |
| json-smart [53] | Fix excessive recursion leading to stack |
| | overflow [CVE-2023-1370]; fix denial of |
| | service via crafted request [CVE-2021- |
| | 31684] |
| | |
| kio [54] | Fix file loss and potential locking |
| | issues on CIFS |
| | |
| lacme [55] | Fix post-issuance validation logic |
| | |
| libapache2-mod-auth- | Fix missing input validation leading to |
| openidc [56] | DoS [CVE-2024-24814] |
| | |
| libesmtp [57] | Break and replace older library versions |
| | |
| libimage-imlib2- | Fix package build |
| perl [58] | |
| | |
| libjwt [59] | Fix timing side channel attack |
| | [CVE-2024-25189] |
| | |
| libkf5ksieve [60] | Prevent leaking passwords into server- |
| | side logs |
| | |
| libmail-dkim-perl [61] | Add dependency on libgetopt-long- |
| | descriptive-perl |
| | |
| libpod [62] | Handle removed containers properly |
| | |
| libreoffice [63] | Fix backup copy creation for files on |
| | mounted samba shares; don't remove |
| | libforuilo.so in -core-nogui |
| | |
| libseccomp [64] | Add support for syscalls up to Linux 6.7 |
| | |
| libtommath [65] | Fix integer overflow [CVE-2023-36328] |
| | |
| libtool [66] | Conflict with libltdl3-dev; fix check |
| | for += operator in func_append |
| | |
| libxml-stream-perl [67] | Fix compatibility with IO::Socket::SSL |
| | >= 2.078 |
| | |
| linux [68] | New upstream stable release; increase |
| | ABI to 22 |
| | |
| linux-signed-amd64 [69] | New upstream stable release; increase |
| | ABI to 22 |
| | |
| linux-signed-arm64 [70] | New upstream stable release; increase |
| | ABI to 22 |
| | |
| linux-signed-i386 [71] | New upstream stable release; increase |
| | ABI to 22 |
| | |
| lua5.4 [72] | debian/version-script: Export additional |
| | missing symbols for lua 5.4.4 |
| | |
| lxc-templates [73] | Fix the "mirror" option of lxc-debian |
| | |
| mailman3 [74] | Depend alternatively on cron-daemon; fix |
| | postgresql:// url in post-installation |
| | script |
| | |
| mksh [75] | Handle merged /usr in /etc/shells; fix |
| | crash with nested bashism; fix arguments |
| | to the dot command; distinguish unset |
| | and empty in `typeset -p` |
| | |
| mobian-keyring [76] | Update Mobian archive key |
| | |
| ms-gsl [77] | Mark not_null constructors as noexcept |
| | |
| nano [78] | Fix format string issues; fix "with -- |
| | cutfromcursor, undoing a justification |
| | can eat a line" ; fix malicious symlink |
| | issue; fix example bindings in nanorc |
| | |
| netcfg [79] | Handle routing for single-address |
| | netmasks |
| | |
| ngircd [80] | Respect "SSLConnect" option for |
| | incoming connections; server certificate |
| | validation on server links (S2S-TLS); |
| | METADATA: Fix unsetting "cloakhost" |
| | |
| node-babel7 [81] | Fix building against nodejs |
| | 18.19.0+dfsg-6~deb12u1; add Breaks/ |
| | Replaces against obsolete node-babel-* |
| | packages |
| | |
| node-undici [82] | Properly export typescript types |
| | |
| node-v8-compile- | Fix tests when a newer nodejs version is |
| cache [83] | used |
| | |
| node-zx [84] | Fix flaky test |
| | |
| nodejs [85] | Skip flaky tests for mipsel/mips64el |
| | |
| nsis [86] | Don't allow unprivileged users to delete |
| | the uninstaller directory [CVE-2023- |
| | 37378]; fix regression in disabling stub |
| | relocations; build reproducibly for |
| | arm64 |
| | |
| nvidia-graphics- | Restore compatibility with newer Linux |
| drivers [87] | kernel builds; take over packages from |
| | nvidia-graphics-drivers-tesla; add new |
| | nvidia-suspend-common package; relax dh- |
| | dkms build-dependency for compatibility |
| | with bookworm; new upstream stable |
| | release [CVE-2023-0180 CVE-2023-0183 |
| | CVE-2023-0184 CVE-2023-0185 CVE-2023- |
| | 0187 CVE-2023-0188 CVE-2023-0189 |
| | CVE-2023-0190 CVE-2023-0191 CVE-2023- |
| | 0194 CVE-2023-0195 CVE-2023-0198 |
| | CVE-2023-0199 CVE-2023-25515 CVE-2023- |
| | 25516 CVE-2023-31022 CVE-2024-0074 |
| | CVE-2024-0075 CVE-2024-0078 CVE-2024- |
| | 0090 CVE-2024-0092] |
| | |
| nvidia-graphics-drivers- | Restore compatibility with newer Linux |
| tesla [88] | kernel builds |
| | |
| nvidia-graphics-drivers- | Restore compatibility with newer Linux |
| tesla-470 [89] | kernel builds; stop building nvidia- |
| | cuda-mps; new upstream stable release; |
| | security fixes [CVE-2022-42265 CVE-2024- |
| | 0074 CVE-2024-0078 CVE-2024-0090 |
| | CVE-2024-0092] |
| | |
| nvidia-modprobe [90] | Prepare to switch to 535 series LTS |
| | drivers |
| | |
| nvidia-open-gpu-kernel- | Update to 535 series LTS drivers |
| modules [91] | [CVE-2023-0180 CVE-2023-0183 CVE-2023- |
| | 0184 CVE-2023-0185 CVE-2023-0187 |
| | CVE-2023-0188 CVE-2023-0189 CVE-2023- |
| | 0190 CVE-2023-0191 CVE-2023-0194 |
| | CVE-2023-0195 CVE-2023-0198 CVE-2023- |
| | 0199 CVE-2023-25515 CVE-2023-25516 |
| | CVE-2023-31022 CVE-2024-0074 CVE-2024- |
| | 0075 CVE-2024-0078 CVE-2024-0090 |
| | CVE-2024-0092] |
| | |
| nvidia-persistenced [92] | Switch to 535 series LTS drivers; update |
| | list of supported drivers |
| | |
| nvidia-settings [93] | Also build for ppc64el; new upstream LTS |
| | release |
| | |
| nvidia-xconfig [94] | New upstream LTS release |
| | |
| openrc [95] | Ignore non-executable scripts in /etc/ |
| | init.d |
| | |
| openssl [96] | New upstream stable release; fix |
| | excessive time taken issues [CVE-2023- |
| | 5678 CVE-2023-6237], vector register |
| | corruption issue on PowerPC [CVE-2023- |
| | 6129], PKCS12 Decoding crashes |
| | [CVE-2024-0727] |
| | |
| openvpn-dco-dkms [97] | Build for Linux >= 6.5; install compat- |
| | include directory; fix refcount |
| | imbalance |
| | |
| orthanc-dicomweb [98] | Rebuild to fix outdated Built-Using |
| | |
| orthanc-gdcm [99] | Rebuild to fix outdated Built-Using |
| | |
| orthanc-mysql [100] | Rebuild to fix outdated Built-Using |
| | |
| orthanc-neuro [101] | Rebuild to fix outdated Built-Using |
| | |
| orthanc-postgresql [102] | Rebuild to fix outdated Built-Using |
| | |
| orthanc-python [103] | Rebuild to fix outdated Built-Using |
| | |
| orthanc-webviewer [104] | Rebuild to fix outdated Built-Using |
| | |
| orthanc-wsi [105] | Rebuild to fix outdated Built-Using |
| | |
| ovn [106] | New upstream stable version; fix |
| | insufficient validation of incoming BFD |
| | packets [CVE-2024-2182] |
| | |
| pdudaemon [107] | Depend on python3-aiohttp |
| | |
| php-composer-class-map- | Force system dependency loading |
| generator [108] | |
| | |
| php-composer-pcre [109] | Add missing Breaks+Replaces: on composer |
| | (<< 2.2) |
| | |
| php-composer-xdebug- | Force system dependency loading |
| handler [110] | |
| | |
| php-doctrine- | Force system dependency loading |
| annotations [111] | |
| | |
| php-doctrine- | Force system dependency loading |
| deprecations [112] | |
| | |
| php-doctrine-lexer [113] | Force system dependency loading |
| | |
| php-phpseclib [114] | Guard isPrime() and randomPrime() for |
| | BigInteger [CVE-2024-27354]; limit OID |
| | length in ASN1 [CVE-2024-27355]; fix |
| | BigInteger getLength(); remove |
| | visibitility modifiers from static |
| | variables |
| | |
| php-phpseclib3 [115] | Force system dependency loading; guard |
| | isPrime() and randomPrime() for |
| | BigInteger [CVE-2024-27354]; limit OID |
| | length in ASN1 [CVE-2024-27355]; fix |
| | BigInteger getLength() |
| | |
| php-proxy-manager [116] | Force system dependency loading |
| | |
| php-symfony- | Force system dependency loading |
| contracts [117] | |
| | |
| php-zend-code [118] | Force system dependency loading |
| | |
| phpldapadmin [119] | Fix compatbility with PHP 8.1+ |
| | |
| phpseclib [120] | Force system dependency loading; guard |
| | isPrime() and randomPrime() for |
| | BigInteger [CVE-2024-27354]; limit OID |
| | length in ASN1 [CVE-2024-27355]; fix |
| | BigInteger getLength() |
| | |
| postfix [121] | New upstream stable release |
| | |
| postgresql-15 [122] | New upstream stable release; restrict |
| | visibility of pg_stats_ext and |
| | pg_stats_ext_exprs entries to the table |
| | owner [CVE-2024-4317] |
| | |
| prometheus-node- | Do not adversely affect mirror network; |
| exporter- | fix deadlock with other apt update runs |
| collectors [123] | |
| | |
| pymongo [124] | Fix out-of-bounds read issue [CVE-2024- |
| | 5629] |
| | |
| pypy3 [125] | Strip C0 control and space characters in |
| | urlsplit [CVE-2023-24329]; avoid bypass |
| | of TLS handshake protections on closed |
| | sockets [CVE-2023-40217]; |
| | tempfile.TemporaryDirectory: fix symlink |
| | bug in cleanup [CVE-2023-6597]; protect |
| | zipfile from "quoted-overlap" zipbomb |
| | [CVE-2024-0450] |
| | |
| python-aiosmtpd [126] | Fix SMTP smuggling issue [CVE-2024- |
| | 27305]; fix STARTTLS unencrypted command |
| | injection issue [CVE-2024-34083] |
| | |
| python-asdf [127] | Remove unnecessary dependency on asdf- |
| | unit-schemas |
| | |
| python-channels- | Ensure pools are closed on loop close in |
| redis [128] | core |
| | |
| python-idna [129] | Fix denial of service issue [CVE-2024- |
| | 3651] |
| | |
| python-jwcrypto [130] | Fix denial of service issue [CVE-2024- |
| | 28102] |
| | |
| python-xapian- | Drop dependency on django.utils.six |
| haystack [131] | |
| | |
| python3.11 [132] | Fix use-after-free crash when |
| | deallocating a frame object; protect |
| | zipfile from "quoted-overlap" zipbomb |
| | [CVE-2024-0450]; |
| | tempfile.TemporaryDirectory: fix symlink |
| | bug in cleanup [CVE-2023-6597]; fix |
| | "os.path.normpath(): Path truncation at |
| | null bytes" [CVE-2023-41105]; avoid |
| | bypass of TLS handshake protections on |
| | closed sockets [CVE-2023-40217]; strip |
| | C0 control and space characters in |
| | urlsplit [CVE-2023-24329]; avoid a |
| | potential null pointer dereference in |
| | filleutils |
| | |
| qemu [133] | New upstream stable release; security |
| | fixes [CVE-2024-26327 CVE-2024-26328 |
| | CVE-2024-3446 CVE-2024-3447] |
| | |
| qtbase-opensource- | Fix regression in patch for CVE-2023- |
| src [134] | 24607; avoid using system CA |
| | certificates when not wanted [CVE-2023- |
| | 34410]; fix buffer overflow [CVE-2023- |
| | 37369]; fix infinite loop in XML |
| | recursive entity expansion [CVE-2023- |
| | 38197]; fix buffer overflow with crafted |
| | KTX image file [CVE-2024-25580]; fix |
| | HPack integer overflow check [CVE-2023- |
| | 51714] |
| | |
| rails [135] | Declare breaks and replaces on obsolete |
| | ruby-arel package |
| | |
| riseup-vpn [136] | Use system certificate bundle by |
| | default, restoring ability to connect to |
| | an endpoint using LetsEncrypt |
| | certificate |
| | |
| ruby-aws- | Ensure binary package includes |
| partitions [137] | partitions.json and partitions- |
| | metadata.json files |
| | |
| ruby-premailer- | Remove build-dependency on obsolete |
| rails [138] | ruby-arel |
| | |
| rust-cbindgen-web [139] | New source package to support builds of |
| | newer Firefox ESR versions |
| | |
| rustc-web [140] | New source package to support builds of |
| | web browsers |
| | |
| schleuder [141] | Fix argument parsing insufficient |
| | validation; fix importing keys from |
| | attachments sent by Thunderbird and |
| | handle mails without further content; |
| | look for keywords only at the start of |
| | mail; validate downcased email addresses |
| | when checking subscribers; consider From |
| | header for finding reply addresses |
| | |
| sendmail [142] | Fix SMTP smuggling issue [CVE-2023- |
| | 51765] |
| | |
| skeema [143] | Rebuild for outdated Built-Using |
| | |
| skopeo [144] | Rebuild for outdated Built-Using |
| | |
| software- | software-properties-qt: Add Conflicts |
| properties [145] | +Replaces: on software-properties-kde |
| | for smoother upgrades from bullseye |
| | |
| supermin [146] | Rebuild to fix outdated Built-Using |
| | |
| symfony [147] | Force system dependency loading; |
| | DateTypTest: ensure submitted year is |
| | accepted choice |
| | |
| systemd [148] | New upstream stable release; fix denial |
| | of service issues [CVE-2023-50387 |
| | CVE-2023-50868]; libnss-myhostname.nss: |
| | Install after "files" ; libnss- |
| | mymachines.nss: Install before |
| | "resolve" and "dns" |
| | |
| termshark [149] | Rebuild to fix outdated Built-Using |
| | |
| tripwire [150] | Rebuild to fix outdated Built-Using |
| | |
| tryton-client [151] | Only send compressed content in |
| | authenticated sessions |
| | |
| tryton-server [152] | Prevent "zip-bomb" attacks from |
| | unauthenticated sources |
| | |
| u-boot [153] | Fix orion-timer for booting sheevaplug |
| | and related platforms |
| | |
| uif [154] | Support VLAN interface names |
| | |
| umoci [155] | Rebuild for outdated Built-Using |
| | |
| user-mode-linux [156] | Rebuilt to fix outdated Built-Using |
| | |
| wayfire [157] | Add missing dependencies |
| | |
| what-is-python [158] | Declare breaks and replaces on python- |
| | dev-is-python2; fix version mangling in |
| | build rules |
| | |
| wpa [159] | Fix authentication bypass issue |
| | [CVE-2023-52160] |
| | |
| xscreensaver [160] | Disable warning about old versions |
| | |
| yapet [161] | Do not call |
| | EVP_CIPHER_CTX_set_key_length() in |
| | crypt/blowfish and crypt/aes |
| | |
| zsh [162] | Rebuild to fix outdated Built-Using |
| | |
+--------------------------+------------------------------------------+
1: https://packages.debian.org/src:aide
2: https://packages.debian.org/src:amavisd-new
3: https://packages.debian.org/src:archlinux-keyring
4: https://packages.debian.org/src:base-files
5: https://packages.debian.org/src:bash
6: https://packages.debian.org/src:bioawk
7: https://packages.debian.org/src:bluez
8: https://packages.debian.org/src:cdo
9: https://packages.debian.org/src:chkrootkit
10: https://packages.debian.org/src:cjson
11: https://packages.debian.org/src:clamav
12: https://packages.debian.org/src:cloud-init
13: https://packages.debian.org/src:comitup
14: https://packages.debian.org/src:cpu
15: https://packages.debian.org/src:crmsh
16: https://packages.debian.org/src:crowdsec-custom-bouncer
17: https://packages.debian.org/src:crowdsec-firewall-bouncer
18: https://packages.debian.org/src:curl
19: https://packages.debian.org/src:dar
20: https://packages.debian.org/src:dcmtk
21: https://packages.debian.org/src:debian-installer
22: https://packages.debian.org/src:debian-installer-netboot-images
23: https://packages.debian.org/src:debvm
24: https://packages.debian.org/src:dhcpcd5
25: https://packages.debian.org/src:distro-info-data
26: https://packages.debian.org/src:djangorestframework
27: https://packages.debian.org/src:dm-writeboost
28: https://packages.debian.org/src:dns-root-data
29: https://packages.debian.org/src:dpdk
30: https://packages.debian.org/src:ebook-speaker
31: https://packages.debian.org/src:emacs
32: https://packages.debian.org/src:extrepo-data
33: https://packages.debian.org/src:flatpak
34: https://packages.debian.org/src:fpga-icestorm
35: https://packages.debian.org/src:freetype
36: https://packages.debian.org/src:galera-4
37: https://packages.debian.org/src:gdk-pixbuf
38: https://packages.debian.org/src:glewlwyd
39: https://packages.debian.org/src:glib2.0
40: https://packages.debian.org/src:glibc
41: https://packages.debian.org/src:gnutls28
42: https://packages.debian.org/src:golang-github-containers-storage
43: https://packages.debian.org/src:golang-github-google-nftables
44: https://packages.debian.org/src:golang-github-openshift-imagebuilder
45: https://packages.debian.org/src:gosu
46: https://packages.debian.org/src:gpaste
47: https://packages.debian.org/src:gross
48: https://packages.debian.org/src:hovercraft
49: https://packages.debian.org/src:icinga2
50: https://packages.debian.org/src:igtf-policy-bundle
51: https://packages.debian.org/src:intel-microcode
52: https://packages.debian.org/src:jose
53: https://packages.debian.org/src:json-smart
54: https://packages.debian.org/src:kio
55: https://packages.debian.org/src:lacme
56: https://packages.debian.org/src:libapache2-mod-auth-openidc
57: https://packages.debian.org/src:libesmtp
58: https://packages.debian.org/src:libimage-imlib2-perl
59: https://packages.debian.org/src:libjwt
60: https://packages.debian.org/src:libkf5ksieve
61: https://packages.debian.org/src:libmail-dkim-perl
62: https://packages.debian.org/src:libpod
63: https://packages.debian.org/src:libreoffice
64: https://packages.debian.org/src:libseccomp
65: https://packages.debian.org/src:libtommath
66: https://packages.debian.org/src:libtool
67: https://packages.debian.org/src:libxml-stream-perl
68: https://packages.debian.org/src:linux
69: https://packages.debian.org/src:linux-signed-amd64
70: https://packages.debian.org/src:linux-signed-arm64
71: https://packages.debian.org/src:linux-signed-i386
72: https://packages.debian.org/src:lua5.4
73: https://packages.debian.org/src:lxc-templates
74: https://packages.debian.org/src:mailman3
75: https://packages.debian.org/src:mksh
76: https://packages.debian.org/src:mobian-keyring
77: https://packages.debian.org/src:ms-gsl
78: https://packages.debian.org/src:nano
79: https://packages.debian.org/src:netcfg
80: https://packages.debian.org/src:ngircd
81: https://packages.debian.org/src:node-babel7
82: https://packages.debian.org/src:node-undici
83: https://packages.debian.org/src:node-v8-compile-cache
84: https://packages.debian.org/src:node-zx
85: https://packages.debian.org/src:nodejs
86: https://packages.debian.org/src:nsis
87: https://packages.debian.org/src:nvidia-graphics-drivers
88: https://packages.debian.org/src:nvidia-graphics-drivers-tesla
89: https://packages.debian.org/src:nvidia-graphics-drivers-tesla-470
90: https://packages.debian.org/src:nvidia-modprobe
91: https://packages.debian.org/src:nvidia-open-gpu-kernel-modules
92: https://packages.debian.org/src:nvidia-persistenced
93: https://packages.debian.org/src:nvidia-settings
94: https://packages.debian.org/src:nvidia-xconfig
95: https://packages.debian.org/src:openrc
96: https://packages.debian.org/src:openssl
97: https://packages.debian.org/src:openvpn-dco-dkms
98: https://packages.debian.org/src:orthanc-dicomweb
99: https://packages.debian.org/src:orthanc-gdcm
100: https://packages.debian.org/src:orthanc-mysql
101: https://packages.debian.org/src:orthanc-neuro
102: https://packages.debian.org/src:orthanc-postgresql
103: https://packages.debian.org/src:orthanc-python
104: https://packages.debian.org/src:orthanc-webviewer
105: https://packages.debian.org/src:orthanc-wsi
106: https://packages.debian.org/src:ovn
107: https://packages.debian.org/src:pdudaemon
108: https://packages.debian.org/src:php-composer-class-map-generator
109: https://packages.debian.org/src:php-composer-pcre
110: https://packages.debian.org/src:php-composer-xdebug-handler
111: https://packages.debian.org/src:php-doctrine-annotations
112: https://packages.debian.org/src:php-doctrine-deprecations
113: https://packages.debian.org/src:php-doctrine-lexer
114: https://packages.debian.org/src:php-phpseclib
115: https://packages.debian.org/src:php-phpseclib3
116: https://packages.debian.org/src:php-proxy-manager
117: https://packages.debian.org/src:php-symfony-contracts
118: https://packages.debian.org/src:php-zend-code
119: https://packages.debian.org/src:phpldapadmin
120: https://packages.debian.org/src:phpseclib
121: https://packages.debian.org/src:postfix
122: https://packages.debian.org/src:postgresql-15
123: https://packages.debian.org/src:prometheus-node-exporter-collectors
124: https://packages.debian.org/src:pymongo
125: https://packages.debian.org/src:pypy3
126: https://packages.debian.org/src:python-aiosmtpd
127: https://packages.debian.org/src:python-asdf
128: https://packages.debian.org/src:python-channels-redis
129: https://packages.debian.org/src:python-idna
130: https://packages.debian.org/src:python-jwcrypto
131: https://packages.debian.org/src:python-xapian-haystack
132: https://packages.debian.org/src:python3.11
133: https://packages.debian.org/src:qemu
134: https://packages.debian.org/src:qtbase-opensource-src
135: https://packages.debian.org/src:rails
136: https://packages.debian.org/src:riseup-vpn
137: https://packages.debian.org/src:ruby-aws-partitions
138: https://packages.debian.org/src:ruby-premailer-rails
139: https://packages.debian.org/src:rust-cbindgen-web
140: https://packages.debian.org/src:rustc-web
141: https://packages.debian.org/src:schleuder
142: https://packages.debian.org/src:sendmail
143: https://packages.debian.org/src:skeema
144: https://packages.debian.org/src:skopeo
145: https://packages.debian.org/src:software-properties
146: https://packages.debian.org/src:supermin
147: https://packages.debian.org/src:symfony
148: https://packages.debian.org/src:systemd
149: https://packages.debian.org/src:termshark
150: https://packages.debian.org/src:tripwire
151: https://packages.debian.org/src:tryton-client
152: https://packages.debian.org/src:tryton-server
153: https://packages.debian.org/src:u-boot
154: https://packages.debian.org/src:uif
155: https://packages.debian.org/src:umoci
156: https://packages.debian.org/src:user-mode-linux
157: https://packages.debian.org/src:wayfire
158: https://packages.debian.org/src:what-is-python
159: https://packages.debian.org/src:wpa
160: https://packages.debian.org/src:xscreensaver
161: https://packages.debian.org/src:yapet
162: https://packages.debian.org/src:zsh
Security Updates
----------------
This revision adds the following security updates to the stable release.
The Security Team has already released an advisory for each of these
updates:
+----------------+---------------------------+
| Advisory ID | Package |
+----------------+---------------------------+
| DSA-5575 [163] | webkit2gtk [164] |
| | |
| DSA-5580 [165] | webkit2gtk [166] |
| | |
| DSA-5589 [167] | nodejs [168] |
| | |
| DSA-5609 [169] | slurm-wlm-contrib [170] |
| | |
| DSA-5616 [171] | ruby-sanitize [172] |
| | |
| DSA-5618 [173] | webkit2gtk [174] |
| | |
| DSA-5619 [175] | libgit2 [176] |
| | |
| DSA-5620 [177] | unbound [178] |
| | |
| DSA-5621 [179] | bind9 [180] |
| | |
| DSA-5623 [181] | postgresql-15 [182] |
| | |
| DSA-5624 [183] | edk2 [184] |
| | |
| DSA-5625 [185] | engrampa [186] |
| | |
| DSA-5626 [187] | pdns-recursor [188] |
| | |
| DSA-5627 [189] | firefox-esr [190] |
| | |
| DSA-5628 [191] | imagemagick [192] |
| | |
| DSA-5630 [193] | thunderbird [194] |
| | |
| DSA-5631 [195] | iwd [196] |
| | |
| DSA-5632 [197] | composer [198] |
| | |
| DSA-5633 [199] | knot-resolver [200] |
| | |
| DSA-5635 [201] | yard [202] |
| | |
| DSA-5637 [203] | squid [204] |
| | |
| DSA-5638 [205] | libuv1 [206] |
| | |
| DSA-5640 [207] | openvswitch [208] |
| | |
| DSA-5641 [209] | fontforge [210] |
| | |
| DSA-5642 [211] | php-dompdf-svg-lib [212] |
| | |
| DSA-5643 [213] | firefox-esr [214] |
| | |
| DSA-5644 [215] | thunderbird [216] |
| | |
| DSA-5645 [217] | firefox-esr [218] |
| | |
| DSA-5646 [219] | cacti [220] |
| | |
| DSA-5650 [221] | util-linux [222] |
| | |
| DSA-5651 [223] | mediawiki [224] |
| | |
| DSA-5653 [225] | gtkwave [226] |
| | |
| DSA-5655 [227] | cockpit [228] |
| | |
| DSA-5657 [229] | xorg-server [230] |
| | |
| DSA-5658 [231] | linux-signed-amd64 [232] |
| | |
| DSA-5658 [233] | linux-signed-arm64 [234] |
| | |
| DSA-5658 [235] | linux-signed-i386 [236] |
| | |
| DSA-5658 [237] | linux [238] |
| | |
| DSA-5659 [239] | trafficserver [240] |
| | |
| DSA-5661 [241] | php8.2 [242] |
| | |
| DSA-5662 [243] | apache2 [244] |
| | |
| DSA-5663 [245] | firefox-esr [246] |
| | |
| DSA-5664 [247] | jetty9 [248] |
| | |
| DSA-5665 [249] | tomcat10 [250] |
| | |
| DSA-5666 [251] | flatpak [252] |
| | |
| DSA-5669 [253] | guix [254] |
| | |
| DSA-5670 [255] | thunderbird [256] |
| | |
| DSA-5672 [257] | openjdk-17 [258] |
| | |
| DSA-5673 [259] | glibc [260] |
| | |
| DSA-5674 [261] | pdns-recursor [262] |
| | |
| DSA-5677 [263] | ruby3.1 [264] |
| | |
| DSA-5678 [265] | glibc [266] |
| | |
| DSA-5679 [267] | less [268] |
| | |
| DSA-5680 [269] | linux-signed-amd64 [270] |
| | |
| DSA-5680 [271] | linux-signed-arm64 [272] |
| | |
| DSA-5680 [273] | linux-signed-i386 [274] |
| | |
| DSA-5680 [275] | linux [276] |
| | |
| DSA-5682 [277] | glib2.0 [278] |
| | |
| DSA-5682 [279] | gnome-shell [280] |
| | |
| DSA-5684 [281] | webkit2gtk [282] |
| | |
| DSA-5685 [283] | wordpress [284] |
| | |
| DSA-5686 [285] | dav1d [286] |
| | |
| DSA-5688 [287] | atril [288] |
| | |
| DSA-5690 [289] | libreoffice [290] |
| | |
| DSA-5691 [291] | firefox-esr [292] |
| | |
| DSA-5692 [293] | ghostscript [294] |
| | |
| DSA-5693 [295] | thunderbird [296] |
| | |
| DSA-5695 [297] | webkit2gtk [298] |
| | |
| DSA-5698 [299] | ruby-rack [300] |
| | |
| DSA-5699 [301] | redmine [302] |
| | |
| DSA-5700 [303] | python-pymysql [304] |
| | |
| DSA-5702 [305] | gst-plugins-base1.0 [306] |
| | |
| DSA-5704 [307] | pillow [308] |
| | |
| DSA-5705 [309] | tinyproxy [310] |
| | |
| DSA-5706 [311] | libarchive [312] |
| | |
| DSA-5707 [313] | vlc [314] |
| | |
| DSA-5708 [315] | cyrus-imapd [316] |
| | |
| DSA-5709 [317] | firefox-esr [318] |
| | |
| DSA-5711 [319] | thunderbird [320] |
| | |
| DSA-5712 [321] | ffmpeg [322] |
| | |
| DSA-5713 [323] | libndp [324] |
| | |
| DSA-5714 [325] | roundcube [326] |
| | |
| DSA-5715 [327] | composer [328] |
| | |
| DSA-5717 [329] | php8.2 [330] |
| | |
+----------------+---------------------------+
163: https://www.debian.org/security/2023/dsa-5575
164: https://packages.debian.org/src:webkit2gtk
165: https://www.debian.org/security/2023/dsa-5580
166: https://packages.debian.org/src:webkit2gtk
167: https://www.debian.org/security/2023/dsa-5589
168: https://packages.debian.org/src:nodejs
169: https://www.debian.org/security/2024/dsa-5609
170: https://packages.debian.org/src:slurm-wlm-contrib
171: https://www.debian.org/security/2024/dsa-5616
172: https://packages.debian.org/src:ruby-sanitize
173: https://www.debian.org/security/2024/dsa-5618
174: https://packages.debian.org/src:webkit2gtk
175: https://www.debian.org/security/2024/dsa-5619
176: https://packages.debian.org/src:libgit2
177: https://www.debian.org/security/2024/dsa-5620
178: https://packages.debian.org/src:unbound
179: https://www.debian.org/security/2024/dsa-5621
180: https://packages.debian.org/src:bind9
181: https://www.debian.org/security/2024/dsa-5623
182: https://packages.debian.org/src:postgresql-15
183: https://www.debian.org/security/2024/dsa-5624
184: https://packages.debian.org/src:edk2
185: https://www.debian.org/security/2024/dsa-5625
186: https://packages.debian.org/src:engrampa
187: https://www.debian.org/security/2024/dsa-5626
188: https://packages.debian.org/src:pdns-recursor
189: https://www.debian.org/security/2024/dsa-5627
190: https://packages.debian.org/src:firefox-esr
191: https://www.debian.org/security/2024/dsa-5628
192: https://packages.debian.org/src:imagemagick
193: https://www.debian.org/security/2024/dsa-5630
194: https://packages.debian.org/src:thunderbird
195: https://www.debian.org/security/2024/dsa-5631
196: https://packages.debian.org/src:iwd
197: https://www.debian.org/security/2024/dsa-5632
198: https://packages.debian.org/src:composer
199: https://www.debian.org/security/2024/dsa-5633
200: https://packages.debian.org/src:knot-resolver
201: https://www.debian.org/security/2024/dsa-5635
202: https://packages.debian.org/src:yard
203: https://www.debian.org/security/2024/dsa-5637
204: https://packages.debian.org/src:squid
205: https://www.debian.org/security/2024/dsa-5638
206: https://packages.debian.org/src:libuv1
207: https://www.debian.org/security/2024/dsa-5640
208: https://packages.debian.org/src:openvswitch
209: https://www.debian.org/security/2024/dsa-5641
210: https://packages.debian.org/src:fontforge
211: https://www.debian.org/security/2024/dsa-5642
212: https://packages.debian.org/src:php-dompdf-svg-lib
213: https://www.debian.org/security/2024/dsa-5643
214: https://packages.debian.org/src:firefox-esr
215: https://www.debian.org/security/2024/dsa-5644
216: https://packages.debian.org/src:thunderbird
217: https://www.debian.org/security/2024/dsa-5645
218: https://packages.debian.org/src:firefox-esr
219: https://www.debian.org/security/2024/dsa-5646
220: https://packages.debian.org/src:cacti
221: https://www.debian.org/security/2024/dsa-5650
222: https://packages.debian.org/src:util-linux
223: https://www.debian.org/security/2024/dsa-5651
224: https://packages.debian.org/src:mediawiki
225: https://www.debian.org/security/2024/dsa-5653
226: https://packages.debian.org/src:gtkwave
227: https://www.debian.org/security/2024/dsa-5655
228: https://packages.debian.org/src:cockpit
229: https://www.debian.org/security/2024/dsa-5657
230: https://packages.debian.org/src:xorg-server
231: https://www.debian.org/security/2024/dsa-5658
232: https://packages.debian.org/src:linux-signed-amd64
233: https://www.debian.org/security/2024/dsa-5658
234: https://packages.debian.org/src:linux-signed-arm64
235: https://www.debian.org/security/2024/dsa-5658
236: https://packages.debian.org/src:linux-signed-i386
237: https://www.debian.org/security/2024/dsa-5658
238: https://packages.debian.org/src:linux
239: https://www.debian.org/security/2024/dsa-5659
240: https://packages.debian.org/src:trafficserver
241: https://www.debian.org/security/2024/dsa-5661
242: https://packages.debian.org/src:php8.2
243: https://www.debian.org/security/2024/dsa-5662
244: https://packages.debian.org/src:apache2
245: https://www.debian.org/security/2024/dsa-5663
246: https://packages.debian.org/src:firefox-esr
247: https://www.debian.org/security/2024/dsa-5664
248: https://packages.debian.org/src:jetty9
249: https://www.debian.org/security/2024/dsa-5665
250: https://packages.debian.org/src:tomcat10
251: https://www.debian.org/security/2024/dsa-5666
252: https://packages.debian.org/src:flatpak
253: https://www.debian.org/security/2024/dsa-5669
254: https://packages.debian.org/src:guix
255: https://www.debian.org/security/2024/dsa-5670
256: https://packages.debian.org/src:thunderbird
257: https://www.debian.org/security/2024/dsa-5672
258: https://packages.debian.org/src:openjdk-17
259: https://www.debian.org/security/2024/dsa-5673
260: https://packages.debian.org/src:glibc
261: https://www.debian.org/security/2024/dsa-5674
262: https://packages.debian.org/src:pdns-recursor
263: https://www.debian.org/security/2024/dsa-5677
264: https://packages.debian.org/src:ruby3.1
265: https://www.debian.org/security/2024/dsa-5678
266: https://packages.debian.org/src:glibc
267: https://www.debian.org/security/2024/dsa-5679
268: https://packages.debian.org/src:less
269: https://www.debian.org/security/2024/dsa-5680
270: https://packages.debian.org/src:linux-signed-amd64
271: https://www.debian.org/security/2024/dsa-5680
272: https://packages.debian.org/src:linux-signed-arm64
273: https://www.debian.org/security/2024/dsa-5680
274: https://packages.debian.org/src:linux-signed-i386
275: https://www.debian.org/security/2024/dsa-5680
276: https://packages.debian.org/src:linux
277: https://www.debian.org/security/2024/dsa-5682
278: https://packages.debian.org/src:glib2.0
279: https://www.debian.org/security/2024/dsa-5682
280: https://packages.debian.org/src:gnome-shell
281: https://www.debian.org/security/2024/dsa-5684
282: https://packages.debian.org/src:webkit2gtk
283: https://www.debian.org/security/2024/dsa-5685
284: https://packages.debian.org/src:wordpress
285: https://www.debian.org/security/2024/dsa-5686
286: https://packages.debian.org/src:dav1d
287: https://www.debian.org/security/2024/dsa-5688
288: https://packages.debian.org/src:atril
289: https://www.debian.org/security/2024/dsa-5690
290: https://packages.debian.org/src:libreoffice
291: https://www.debian.org/security/2024/dsa-5691
292: https://packages.debian.org/src:firefox-esr
293: https://www.debian.org/security/2024/dsa-5692
294: https://packages.debian.org/src:ghostscript
295: https://www.debian.org/security/2024/dsa-5693
296: https://packages.debian.org/src:thunderbird
297: https://www.debian.org/security/2024/dsa-5695
298: https://packages.debian.org/src:webkit2gtk
299: https://www.debian.org/security/2024/dsa-5698
300: https://packages.debian.org/src:ruby-rack
301: https://www.debian.org/security/2024/dsa-5699
302: https://packages.debian.org/src:redmine
303: https://www.debian.org/security/2024/dsa-5700
304: https://packages.debian.org/src:python-pymysql
305: https://www.debian.org/security/2024/dsa-5702
306: https://packages.debian.org/src:gst-plugins-base1.0
307: https://www.debian.org/security/2024/dsa-5704
308: https://packages.debian.org/src:pillow
309: https://www.debian.org/security/2024/dsa-5705
310: https://packages.debian.org/src:tinyproxy
311: https://www.debian.org/security/2024/dsa-5706
312: https://packages.debian.org/src:libarchive
313: https://www.debian.org/security/2024/dsa-5707
314: https://packages.debian.org/src:vlc
315: https://www.debian.org/security/2024/dsa-5708
316: https://packages.debian.org/src:cyrus-imapd
317: https://www.debian.org/security/2024/dsa-5709
318: https://packages.debian.org/src:firefox-esr
319: https://www.debian.org/security/2024/dsa-5711
320: https://packages.debian.org/src:thunderbird
321: https://www.debian.org/security/2024/dsa-5712
322: https://packages.debian.org/src:ffmpeg
323: https://www.debian.org/security/2024/dsa-5713
324: https://packages.debian.org/src:libndp
325: https://www.debian.org/security/2024/dsa-5714
326: https://packages.debian.org/src:roundcube
327: https://www.debian.org/security/2024/dsa-5715
328: https://packages.debian.org/src:composer
329: https://www.debian.org/security/2024/dsa-5717
330: https://packages.debian.org/src:php8.2
Removed packages
----------------
The following packages were removed due to circumstances beyond our
control:
+-----------------------------+----------------------------------------+
| Package | Reason |
+-----------------------------+----------------------------------------+
| phppgadmin [331] | Security issues; incompatible with |
| | bookworm's PostgreSQL version |
| | |
| pytest-salt-factories [332] | Only needed for salt, which is not |
| | part of bookworm |
| | |
| ruby-arel [333] | Obsolete, integrated into ruby- |
| | activerecord, incompatible with ruby- |
| | activerecord 6.1.x |
| | |
| spip [334] | Incompatible with bookworm's PHP |
| | version |
| | |
| vasttrafik-cli [335] | API withdrawn |
| | |
+-----------------------------+----------------------------------------+
331: https://packages.debian.org/src:phppgadmin
332: https://packages.debian.org/src:pytest-salt-factories
333: https://packages.debian.org/src:ruby-arel
334: https://packages.debian.org/src:spip
335: https://packages.debian.org/src:vasttrafik-cli
Debian Installer
----------------
The installer has been updated to include the fixes incorporated into
stable by the point release.
URLs
----
The complete lists of packages that have changed with this revision:
https://deb.debian.org/debian/dists/bookworm/ChangeLog
The current stable distribution:
https://deb.debian.org/debian/dists/stable/
Proposed updates to the stable distribution:
https://deb.debian.org/debian/dists/proposed-updates
stable distribution information (release notes, errata etc.):
https://www.debian.org/releases/stable/
Security announcements and information:
https://www.debian.org/security/
About Debian
------------
The Debian Project is an association of Free Software developers who
volunteer their time and effort in order to produce the completely free
operating system Debian.
Contact Information
-------------------
For further information, please visit the Debian web pages at
https://www.debian.org/, send mail to <press@debian.org>, or contact the
stable release team at <debian-release@lists.debian.org>.
Attachment:
signature.asc
Description: This is a digitally signed message part