[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Updated Debian 12: 12.9 released



------------------------------------------------------------------------
The Debian Project                               https://www.debian.org/
Updated Debian 12: 12.9 released                        press@debian.org
January 11th, 2025             https://www.debian.org/News/2025/20250111
------------------------------------------------------------------------


The Debian project is pleased to announce the ninth update of its stable
distribution Debian 12 (codename "bookworm"). This point release mainly
adds corrections for security issues, along with a few adjustments for
serious problems. Security advisories have already been published
separately and are referenced where available.

Please note that the point release does not constitute a new version of
Debian 12 but only updates some of the packages included. There is no
need to throw away old "bookworm" media. After installation, packages
can be upgraded to the current versions using an up-to-date Debian
mirror.

Those who frequently install updates from security.debian.org won't have
to update many packages, and most such updates are included in the point
release.

New installation images will be available soon at the regular locations.

Upgrading an existing installation to this revision can be achieved by
pointing the package management system at one of Debian's many HTTP
mirrors. A comprehensive list of mirrors is available at:

https://www.debian.org/mirror/list



Miscellaneous Bugfixes
----------------------

This stable update adds a few important corrections to the following
packages:

+--------------------------+------------------------------------------+
| Package                  | Reason                                   |
+--------------------------+------------------------------------------+
| allow-html-temp [1]      | Update for Thunderbird 128 compatibility |
|                          |                                          |
| ansible-core [2]         | New upstream stable release; fix         |
|                          | arbitrary code execution issue           |
|                          | [CVE-2024-11079]; fix information        |
|                          | disclosure issue [CVE-2024-8775]; fix    |
|                          | file overwrite issue [CVE-2024-9902];    |
|                          | fix test failure                         |
|                          |                                          |
| audiofile [3]            | Fix null pointer dereference issue       |
|                          | [CVE-2019-13147]; fix information leak   |
|                          | issue [CVE-2022-24599]                   |
|                          |                                          |
| avahi [4]                | Fix denial of service issues [CVE-2023-  |
|                          | 38469 CVE-2023-38470 CVE-2023-38471      |
|                          | CVE-2023-38472 CVE-2023-38473]; fix      |
|                          | browsing when invalid services are       |
|                          | present                                  |
|                          |                                          |
| base-files [5]           | Update for the point release             |
|                          |                                          |
| bochs [6]                | Build BIOS images for i386 CPUs          |
|                          |                                          |
| cpuinfo [7]              | Make test failures during build non-     |
|                          | fatal                                    |
|                          |                                          |
| criu [8]                 | Dynamically handle different libc at     |
|                          | runtime than compilation time            |
|                          |                                          |
| debian-installer [9]     | Increase Linux kernel ABI to 6.1.0-29;   |
|                          | rebuild against proposed-updates         |
|                          |                                          |
| debian-installer-        | Rebuild against proposed-updates         |
| netboot-images [10]      |                                          |
|                          |                                          |
| debian-security-         | Update list of packages receiving        |
| support [11]             | limited support in bookworm              |
|                          |                                          |
| debootstrap [12]         | Do not pull in usr-is-merged in trixie/  |
|                          | sid                                      |
|                          |                                          |
| dnsmasq [13]             | Fix denial of service issues [CVE-2023-  |
|                          | 50387 CVE-2023-50868]; set default       |
|                          | maximum EDNS.0 UDP packet size to 1232   |
|                          | [CVE-2023-28450]                         |
|                          |                                          |
| eas4tbsync [14]          | Update for Thunderbird 128 compatibility |
|                          |                                          |
| espeak-ng [15]           | Fix dropping last byte of stdin input    |
|                          |                                          |
| geoclue-2.0 [16]         | Use beaconDB rather than the now retired |
|                          | Mozilla Location Service                 |
|                          |                                          |
| glib2.0 [17]             | Fix buffer overflow when configured to   |
|                          | use a SOCKS4a proxy with a very long     |
|                          | username [CVE-2024-52533]                |
|                          |                                          |
| gnuchess [18]            | Fix arbitrary code execution issue       |
|                          | [CVE-2021-30184]                         |
|                          |                                          |
| grml-rescueboot [19]     | Update supported architectures from      |
|                          | amd64/i386 to arm64/amd64                |
|                          |                                          |
| gsl [20]                 | Fix buffer overflow calculating the      |
|                          | quantile value [CVE-2020-35357]          |
|                          |                                          |
| gst-plugins-base1.0 [21] | Don't try parsing extended header if not |
|                          | enough data is available (id3v2)         |
|                          | [CVE-2024-47542]                         |
|                          |                                          |
| gunicorn [22]            | Prevent HTTP request smuggling           |
|                          | [CVE-2024-1135]                          |
|                          |                                          |
| icinga2 [23]             | Prevent TLS certificate bypass           |
|                          | [CVE-2024-49369]                         |
|                          |                                          |
| intel-microcode [24]     | New upstream security release [CVE-2024- |
|                          | 21853 CVE-2024-23918 CVE-2024-24968      |
|                          | CVE-2024-23984]                          |
|                          |                                          |
| jinja2 [25]              | Prevent HTML attribute injection         |
|                          | [CVE-2024-22195 CVE-2024-34064]          |
|                          |                                          |
| lemonldap-ng [26]        | Fix privilege escalation when adaptive   |
|                          | auth levels used [CVE-2024-52946]; fix   |
|                          | XSS in upgrade plugin [CVE-2024-52947]   |
|                          |                                          |
| libebml [27]             | Fix buffer overflow issue [CVE-2023-     |
|                          | 52339]                                   |
|                          |                                          |
| libpgjava [28]           | Fix SQL injection issue [CVE-2024-1597]  |
|                          |                                          |
| libsoup2.4 [29]          | Prevent HTTP request smuggling           |
|                          | [CVE-2024-52530]; fix buffer overflow in |
|                          | soup_header_parse_param_list_strict      |
|                          | [CVE-2024-52531]; fix DoS reading from   |
|                          | WebSocket clients [CVE-2024-52532]       |
|                          |                                          |
| libxstream-java [30]     | Fix denial of service issue [CVE-2024-   |
|                          | 47072]                                   |
|                          |                                          |
| linux [31]               | New upstream release; bump ABI to 29     |
|                          |                                          |
| linux-signed-amd64 [32]  | New upstream release; bump ABI to 29     |
|                          |                                          |
| linux-signed-arm64 [33]  | New upstream release; bump ABI to 29     |
|                          |                                          |
| linux-signed-i386 [34]   | New upstream release; bump ABI to 29     |
|                          |                                          |
| live-boot [35]           | Attempt DHCP on all connected interfaces |
|                          |                                          |
| llvm-toolchain-19 [36]   | New source package, to support builds of |
|                          | chromium                                 |
|                          |                                          |
| lxc [37]                 | Fix null pointer dereference when using  |
|                          | a shared rootfs                          |
|                          |                                          |
| mailmindr [38]           | Update for Thunderbird 128 compatibility |
|                          |                                          |
| nfs-utils [39]           | Fix referrals when --enable-junction=no  |
|                          |                                          |
| nvidia-graphics-         | New upstream stable release [CVE-2024-   |
| drivers [40]             | 0126]                                    |
|                          |                                          |
| nvidia-open-gpu-kernel-  | New upstream LTS release [CVE-2024-0126] |
| modules [41]             |                                          |
|                          |                                          |
| oar [42]                 | Add missing dependency on libcgi-fast-   |
|                          | perl; fix oar user creation on new       |
|                          | installations; fix SVG functions with    |
|                          | PHP 8                                    |
|                          |                                          |
| opensc [43]              | Fix data leak issue [CVE-2023-5992]; fix |
|                          | use-after-free issue [CVE-2024-1454];    |
|                          | fix missing initialisation issue         |
|                          | [CVE-2024-45615]; fix various issues     |
|                          | with APDU buffer handling [CVE-2024-     |
|                          | 45616]; fix missing or incorrect         |
|                          | function return value checks [CVE-2024-  |
|                          | 45617 CVE-2024-45618]; fix  "incorrect   |
|                          | handling of length of buffers or files"  |
|                          | issues [CVE-2024-45619 CVE-2024-45620];  |
|                          | fix arbitary code execution issue        |
|                          | [CVE-2024-8443]                          |
|                          |                                          |
| openssh [44]             | Always use internal mkdtemp              |
|                          | implementation; fix gssapi-keyex         |
|                          | declaration; add ssh-gssapi automated    |
|                          | test; don't prefer host-bound public key |
|                          | signatures if there was no initial host  |
|                          | key; make sntrup761x25519-sha512 key     |
|                          | exchange algorithm available without the |
|                          | @openssh.com suffix too                  |
|                          |                                          |
| pgtcl [45]               | Install library in default Tcl auto_path |
|                          |                                          |
| poco [46]                | Fix integer overflow issue [CVE-2023-    |
|                          | 52389]                                   |
|                          |                                          |
| prometheus-node-         | Reinstate missing                        |
| exporter-collectors [47] | `apt_package_cache_timestamp_seconds`    |
|                          | metrics; fix apt_upgrades_pending and    |
|                          | apt_upgrades_held metrics; improve       |
|                          | heuristic for apt update last run time   |
|                          |                                          |
| pypy3 [48]               | Fix email address parsing issue          |
|                          | [CVE-2023-27043]; fix possible Server    |
|                          | Side Request Forgery issue [CVE-2024-    |
|                          | 11168]; fix private IP address range     |
|                          | parsing [CVE-2024-4032]; fix regular     |
|                          | expression based Denial of Service issue |
|                          | [CVE-2024-6232]; fix header injection    |
|                          | issue [CVE-2024-6923]; fix denial of     |
|                          | service issue [CVE-2024-7592 CVE-2024-   |
|                          | 8088]; fix command injection issue       |
|                          | [CVE-2024-9287]                          |
|                          |                                          |
| python-asyncssh [49]     | Fix  "rogue extension negotiation"       |
|                          | issue [CVE-2023-46445]; fix  "rogue      |
|                          | session attack"  issue [CVE-2023-46446]  |
|                          |                                          |
| python-tornado [50]      | Fix open redirect issue [CVE-2023-       |
|                          | 28370]; fix denial of service issue      |
|                          | [CVE-2024-52804]                         |
|                          |                                          |
| python-urllib3 [51]      | Fix possible information leak during     |
|                          | cross-origin redirects [CVE-2023-43804]; |
|                          | fix  "request body not stripped after    |
|                          | redirect from 303 status changes request |
|                          | method to GET"  [CVE-2023-45803]; fix    |
|                          | "Proxy-Authorization request header      |
|                          | isn't stripped during cross-origin       |
|                          | redirects"  [CVE-2024-37891]             |
|                          |                                          |
| python-werkzeug [52]     | Fix denial of service when file upload   |
|                          | begins with CR or LF [CVE-2023-46136];   |
|                          | fix arbitrary code execution on          |
|                          | developer's machine via the debugger     |
|                          | [CVE-2024-34069]; fix denial of service  |
|                          | when processing multipart/form-data      |
|                          | requests [CVE-2024-49767]                |
|                          |                                          |
| python3.11 [53]          | Reject malformed addresses in            |
|                          | email.parseaddr() [CVE-2023-27043];      |
|                          | encode newlines in headers in the email  |
|                          | module [CVE-2024-6923]; fix quadratic    |
|                          | complexity parsing cookies with          |
|                          | backslashes [CVE-2024-7592]; fix venv    |
|                          | activation scripts failure to quote      |
|                          | paths [CVE-2024-9287]; fix improper      |
|                          | validation of bracketed hosts in urllib  |
|                          | functions [CVE-2024-11168]               |
|                          |                                          |
| qemu [54]                | New upstream bugfix release [CVE-2024-   |
|                          | 7409]; mark internal codegen helper      |
|                          | symbols as hidden, fixing build failure  |
|                          | on arm64                                 |
|                          |                                          |
| quicktext [55]           | Update for Thunderbird 128 compatibility |
|                          |                                          |
| redis [56]               | Fix denial of service with malformed ACL |
|                          | selectors [CVE-2024-31227]; fix denial   |
|                          | of service through unbound pattern       |
|                          | matching [CVE-2024-31228]; fix stack     |
|                          | overflow [CVE-202431449]                 |
|                          |                                          |
| renderdoc [57]           | Fix integer overflows [CVE-2023-33863    |
|                          | CVE-2023-33864]; fix symlink attack      |
|                          | vector [CVE-2023-33865]                  |
|                          |                                          |
| ruby-doorkeeper [58]     | Prevent skipping of authorization steps  |
|                          | [CVE-2023-34246]                         |
|                          |                                          |
| setuptools [59]          | Fix remote code execution issue          |
|                          | [CVE-2024-6345]                          |
|                          |                                          |
| sqlparse [60]            | Fix regular expression-related denial of |
|                          | service issue [CVE-2023-30608]; fix      |
|                          | denial of service issue [CVE-2024-4340]  |
|                          |                                          |
| srt [61]                 | Fix dependencies for consumers of the -  |
|                          | dev packages                             |
|                          |                                          |
| systemd [62]             | New upstream stable release              |
|                          |                                          |
| tango [63]               | Make the property_* tables compatible    |
|                          | with MariaDB 10.11 at install time; add  |
|                          | autopkgtest                              |
|                          |                                          |
| tbsync [64]              | Update for Thunderbird 128 compatibility |
|                          |                                          |
| texlive-bin [65]         | Fix data loss when using discretionaries |
|                          | with priorities; fix heap buffer         |
|                          | overflow [CVE-2024-25262]                |
|                          |                                          |
| tiff [66]                | Fix buffer overflow issues [CVE-2023-    |
|                          | 25433 CVE-2023-26966]; fix use-after-    |
|                          | free issue [CVE-2023-26965]; fix null    |
|                          | pointer dereference issue [CVE-2023-     |
|                          | 2908]; fix denial of service issues      |
|                          | [CVE-2023-3618 CVE-2023-52356 CVE-2024-  |
|                          | 7006]                                    |
|                          |                                          |
| tzdata [67]              | New upstream release: improve historical |
|                          | data for some zones; confirm lack of     |
|                          | leap second for 2024                     |
|                          |                                          |
| ucf [68]                 | Initialise variable subsequently passed  |
|                          | to eval                                  |
|                          |                                          |
| util-linux [69]          | Fix wider mitigation for CVE-2024-28085  |
|                          |                                          |
| xsane [70]               | Add Recommends for firefox-esr as well   |
|                          | as firefox                               |
|                          |                                          |
| zfs-linux [71]           | Add missing symbols in libzfs4linux and  |
|                          | libzpool5linux; fix dnode dirty test     |
|                          | [CVE-2023-49298]; fix sharenfs IPv6      |
|                          | address parsing [CVE-2013-20001]; fixes  |
|                          | related to NULL pointer, memory          |
|                          | allocation, etc.                         |
|                          |                                          |
| zookeeper [72]           | Fix information disclosure in persistent |
|                          | watchers handling [CVE-2024-23944]       |
|                          |                                          |
+--------------------------+------------------------------------------+

    1: https://packages.debian.org/src:allow-html-temp
    2: https://packages.debian.org/src:ansible-core
    3: https://packages.debian.org/src:audiofile
    4: https://packages.debian.org/src:avahi
    5: https://packages.debian.org/src:base-files
    6: https://packages.debian.org/src:bochs
    7: https://packages.debian.org/src:cpuinfo
    8: https://packages.debian.org/src:criu
    9: https://packages.debian.org/src:debian-installer
   10: https://packages.debian.org/src:debian-installer-netboot-images
   11: https://packages.debian.org/src:debian-security-support
   12: https://packages.debian.org/src:debootstrap
   13: https://packages.debian.org/src:dnsmasq
   14: https://packages.debian.org/src:eas4tbsync
   15: https://packages.debian.org/src:espeak-ng
   16: https://packages.debian.org/src:geoclue-2.0
   17: https://packages.debian.org/src:glib2.0
   18: https://packages.debian.org/src:gnuchess
   19: https://packages.debian.org/src:grml-rescueboot
   20: https://packages.debian.org/src:gsl
   21: https://packages.debian.org/src:gst-plugins-base1.0
   22: https://packages.debian.org/src:gunicorn
   23: https://packages.debian.org/src:icinga2
   24: https://packages.debian.org/src:intel-microcode
   25: https://packages.debian.org/src:jinja2
   26: https://packages.debian.org/src:lemonldap-ng
   27: https://packages.debian.org/src:libebml
   28: https://packages.debian.org/src:libpgjava
   29: https://packages.debian.org/src:libsoup2.4
   30: https://packages.debian.org/src:libxstream-java
   31: https://packages.debian.org/src:linux
   32: https://packages.debian.org/src:linux-signed-amd64
   33: https://packages.debian.org/src:linux-signed-arm64
   34: https://packages.debian.org/src:linux-signed-i386
   35: https://packages.debian.org/src:live-boot
   36: https://packages.debian.org/src:llvm-toolchain-19
   37: https://packages.debian.org/src:lxc
   38: https://packages.debian.org/src:mailmindr
   39: https://packages.debian.org/src:nfs-utils
   40: https://packages.debian.org/src:nvidia-graphics-drivers
   41: https://packages.debian.org/src:nvidia-open-gpu-kernel-modules
   42: https://packages.debian.org/src:oar
   43: https://packages.debian.org/src:opensc
   44: https://packages.debian.org/src:openssh
   45: https://packages.debian.org/src:pgtcl
   46: https://packages.debian.org/src:poco
   47:
https://packages.debian.org/src:prometheus-node-exporter-collectors
   48: https://packages.debian.org/src:pypy3
   49: https://packages.debian.org/src:python-asyncssh
   50: https://packages.debian.org/src:python-tornado
   51: https://packages.debian.org/src:python-urllib3
   52: https://packages.debian.org/src:python-werkzeug
   53: https://packages.debian.org/src:python3.11
   54: https://packages.debian.org/src:qemu
   55: https://packages.debian.org/src:quicktext
   56: https://packages.debian.org/src:redis
   57: https://packages.debian.org/src:renderdoc
   58: https://packages.debian.org/src:ruby-doorkeeper
   59: https://packages.debian.org/src:setuptools
   60: https://packages.debian.org/src:sqlparse
   61: https://packages.debian.org/src:srt
   62: https://packages.debian.org/src:systemd
   63: https://packages.debian.org/src:tango
   64: https://packages.debian.org/src:tbsync
   65: https://packages.debian.org/src:texlive-bin
   66: https://packages.debian.org/src:tiff
   67: https://packages.debian.org/src:tzdata
   68: https://packages.debian.org/src:ucf
   69: https://packages.debian.org/src:util-linux
   70: https://packages.debian.org/src:xsane
   71: https://packages.debian.org/src:zfs-linux
   72: https://packages.debian.org/src:zookeeper

Security Updates
----------------

This revision adds the following security updates to the stable release.
The Security Team has already released an advisory for each of these
updates:

+----------------+-------------------------------+
| Advisory ID    | Package                       |
+----------------+-------------------------------+
| DSA-5801 [73]  | firefox-esr [74]              |
|                |                               |
| DSA-5803 [75]  | thunderbird [76]              |
|                |                               |
| DSA-5804 [77]  | webkit2gtk [78]               |
|                |                               |
| DSA-5805 [79]  | guix [80]                     |
|                |                               |
| DSA-5806 [81]  | libarchive [82]               |
|                |                               |
| DSA-5807 [83]  | nss [84]                      |
|                |                               |
| DSA-5808 [85]  | ghostscript [86]              |
|                |                               |
| DSA-5809 [87]  | symfony [88]                  |
|                |                               |
| DSA-5810 [89]  | chromium [90]                 |
|                |                               |
| DSA-5811 [91]  | mpg123 [92]                   |
|                |                               |
| DSA-5812 [93]  | postgresql-15 [94]            |
|                |                               |
| DSA-5813 [95]  | symfony [96]                  |
|                |                               |
| DSA-5814 [97]  | thunderbird [98]              |
|                |                               |
| DSA-5815 [99]  | needrestart [100]             |
|                |                               |
| DSA-5816 [101] | libmodule-scandeps-perl [102] |
|                |                               |
| DSA-5817 [103] | chromium [104]                |
|                |                               |
| DSA-5818 [105] | linux-signed-amd64 [106]      |
|                |                               |
| DSA-5818 [107] | linux-signed-arm64 [108]      |
|                |                               |
| DSA-5818 [109] | linux-signed-i386 [110]       |
|                |                               |
| DSA-5818 [111] | linux [112]                   |
|                |                               |
| DSA-5819 [113] | php8.2 [114]                  |
|                |                               |
| DSA-5820 [115] | firefox-esr [116]             |
|                |                               |
| DSA-5821 [117] | thunderbird [118]             |
|                |                               |
| DSA-5822 [119] | simplesamlphp [120]           |
|                |                               |
| DSA-5823 [121] | webkit2gtk [122]              |
|                |                               |
| DSA-5824 [123] | chromium [124]                |
|                |                               |
| DSA-5825 [125] | ceph [126]                    |
|                |                               |
| DSA-5826 [127] | smarty3 [128]                 |
|                |                               |
| DSA-5827 [129] | proftpd-dfsg [130]            |
|                |                               |
| DSA-5828 [131] | python-aiohttp [132]          |
|                |                               |
| DSA-5829 [133] | chromium [134]                |
|                |                               |
| DSA-5830 [135] | smarty4 [136]                 |
|                |                               |
| DSA-5831 [137] | gst-plugins-base1.0 [138]     |
|                |                               |
| DSA-5832 [139] | gstreamer1.0 [140]            |
|                |                               |
| DSA-5833 [141] | dpdk [142]                    |
|                |                               |
| DSA-5835 [143] | webkit2gtk [144]              |
|                |                               |
| DSA-5837 [145] | fastnetmon [146]              |
|                |                               |
| DSA-5838 [147] | gst-plugins-good1.0 [148]     |
|                |                               |
+----------------+-------------------------------+

   73: https://www.debian.org/security/2024/dsa-5801
   74: https://packages.debian.org/src:firefox-esr
   75: https://www.debian.org/security/2024/dsa-5803
   76: https://packages.debian.org/src:thunderbird
   77: https://www.debian.org/security/2024/dsa-5804
   78: https://packages.debian.org/src:webkit2gtk
   79: https://www.debian.org/security/2024/dsa-5805
   80: https://packages.debian.org/src:guix
   81: https://www.debian.org/security/2024/dsa-5806
   82: https://packages.debian.org/src:libarchive
   83: https://www.debian.org/security/2024/dsa-5807
   84: https://packages.debian.org/src:nss
   85: https://www.debian.org/security/2024/dsa-5808
   86: https://packages.debian.org/src:ghostscript
   87: https://www.debian.org/security/2024/dsa-5809
   88: https://packages.debian.org/src:symfony
   89: https://www.debian.org/security/2024/dsa-5810
   90: https://packages.debian.org/src:chromium
   91: https://www.debian.org/security/2024/dsa-5811
   92: https://packages.debian.org/src:mpg123
   93: https://www.debian.org/security/2024/dsa-5812
   94: https://packages.debian.org/src:postgresql-15
   95: https://www.debian.org/security/2024/dsa-5813
   96: https://packages.debian.org/src:symfony
   97: https://www.debian.org/security/2024/dsa-5814
   98: https://packages.debian.org/src:thunderbird
   99: https://www.debian.org/security/2024/dsa-5815
  100: https://packages.debian.org/src:needrestart
  101: https://www.debian.org/security/2024/dsa-5816
  102: https://packages.debian.org/src:libmodule-scandeps-perl
  103: https://www.debian.org/security/2024/dsa-5817
  104: https://packages.debian.org/src:chromium
  105: https://www.debian.org/security/2024/dsa-5818
  106: https://packages.debian.org/src:linux-signed-amd64
  107: https://www.debian.org/security/2024/dsa-5818
  108: https://packages.debian.org/src:linux-signed-arm64
  109: https://www.debian.org/security/2024/dsa-5818
  110: https://packages.debian.org/src:linux-signed-i386
  111: https://www.debian.org/security/2024/dsa-5818
  112: https://packages.debian.org/src:linux
  113: https://www.debian.org/security/2024/dsa-5819
  114: https://packages.debian.org/src:php8.2
  115: https://www.debian.org/security/2024/dsa-5820
  116: https://packages.debian.org/src:firefox-esr
  117: https://www.debian.org/security/2024/dsa-5821
  118: https://packages.debian.org/src:thunderbird
  119: https://www.debian.org/security/2024/dsa-5822
  120: https://packages.debian.org/src:simplesamlphp
  121: https://www.debian.org/security/2024/dsa-5823
  122: https://packages.debian.org/src:webkit2gtk
  123: https://www.debian.org/security/2024/dsa-5824
  124: https://packages.debian.org/src:chromium
  125: https://www.debian.org/security/2024/dsa-5825
  126: https://packages.debian.org/src:ceph
  127: https://www.debian.org/security/2024/dsa-5826
  128: https://packages.debian.org/src:smarty3
  129: https://www.debian.org/security/2024/dsa-5827
  130: https://packages.debian.org/src:proftpd-dfsg
  131: https://www.debian.org/security/2024/dsa-5828
  132: https://packages.debian.org/src:python-aiohttp
  133: https://www.debian.org/security/2024/dsa-5829
  134: https://packages.debian.org/src:chromium
  135: https://www.debian.org/security/2024/dsa-5830
  136: https://packages.debian.org/src:smarty4
  137: https://www.debian.org/security/2024/dsa-5831
  138: https://packages.debian.org/src:gst-plugins-base1.0
  139: https://www.debian.org/security/2024/dsa-5832
  140: https://packages.debian.org/src:gstreamer1.0
  141: https://www.debian.org/security/2024/dsa-5833
  142: https://packages.debian.org/src:dpdk
  143: https://www.debian.org/security/2024/dsa-5835
  144: https://packages.debian.org/src:webkit2gtk
  145: https://www.debian.org/security/2024/dsa-5837
  146: https://packages.debian.org/src:fastnetmon
  147: https://www.debian.org/security/2024/dsa-5838
  148: https://packages.debian.org/src:gst-plugins-good1.0

Removed packages
----------------

The following packages were removed due to circumstances beyond our
control:

+----------------+--------------------------------------+
| Package        | Reason                               |
+----------------+--------------------------------------+
| criu [149]     | [armhf] Fails to build on arm64 host |
|                |                                      |
| tk-html3 [150] | Unmaintained; security issues        |
|                |                                      |
+----------------+--------------------------------------+

  149: https://packages.debian.org/src:criu
  150: https://packages.debian.org/src:tk-html3

Debian Installer
----------------

The installer has been updated to include the fixes incorporated into
stable by the point release.


URLs
----

The complete lists of packages that have changed with this revision:

https://deb.debian.org/debian/dists/bookworm/ChangeLog


The current stable distribution:

https://deb.debian.org/debian/dists/stable/


Proposed updates to the stable distribution:

https://deb.debian.org/debian/dists/proposed-updates


stable distribution information (release notes, errata etc.):

https://www.debian.org/releases/stable/


Security announcements and information:

https://www.debian.org/security/



About Debian
------------

The Debian Project is an association of Free Software developers who
volunteer their time and effort in order to produce the completely free
operating system Debian.


Contact Information
-------------------

For further information, please visit the Debian web pages at
https://www.debian.org/, send mail to <press@debian.org>, or contact the
stable release team at <debian-release@lists.debian.org>.

Attachment: signature.asc
Description: This is a digitally signed message part


Reply to: