------------------------------------------------------------------------
The Debian Project https://www.debian.org/
Updated Debian 12: 12.12 released press@debian.org
September 6th, 2025 https://www.debian.org/News/2025/2025090602
------------------------------------------------------------------------
The Debian project is pleased to announce the twelfth update of its
oldstable distribution Debian 12 (codename "bookworm"). This point
release mainly adds corrections for security issues, along with a few
adjustments for serious problems. Security advisories have already been
published separately and are referenced where available.
Please note that the point release does not constitute a new version of
Debian 12 but only updates some of the packages included. There is no
need to throw away old "bookworm" media. After installation, packages
can be upgraded to the current versions using an up-to-date Debian
mirror.
Those who frequently install updates from security.debian.org won't have
to update many packages, and most such updates are included in the point
release.
New installation images will be available soon at the regular locations.
Upgrading an existing installation to this revision can be achieved by
pointing the package management system at one of Debian's many HTTP
mirrors. A comprehensive list of mirrors is available at:
https://www.debian.org/mirror/list
Miscellaneous Bugfixes
----------------------
This oldstable update adds a few important corrections to the following
packages:
+------------------------+--------------------------------------------+
| Package | Reason |
+------------------------+--------------------------------------------+
| amd64-microcode [1] | Update AMD-SEV firmware [CVE-2024-56161]; |
| | update included microcode |
| | |
| aom [2] | Fix libaom encoder output validity |
| | |
| apache2 [3] | New upstream stable release; fix HTTP |
| | response splitting issue [CVE-2024-42516]; |
| | fix server-side request forgery issue |
| | [CVE-2024-43204 CVE-2024-43394]; fix log |
| | injection issue [CVE-2024-47252]; fix |
| | access control bypass issue [CVE-2025- |
| | 23048]; fix denial of service issue |
| | [CVE-2025-49630]; fix potential man-in- |
| | the-middle issue [CVE-2025-49812]; fix |
| | memory lifetime management issue |
| | [CVE-2025-53020] |
| | |
| b43-fwcutter [4] | Update firmware URL |
| | |
| balboa [5] | Rebuild against glibc 2.36-9+deb12u12 |
| | |
| base-files [6] | Update for the point release |
| | |
| bash [7] | Rebuild against glibc 2.36-9+deb12u12 |
| | |
| botan [8] | Fix denial of service issues [CVE-2024- |
| | 34702 CVE-2024-34703]; fix improper |
| | parsing of name constraints [CVE-2024- |
| | 39312]; fix compiler-induced secret- |
| | dependent operation issue [CVE-2024-50383] |
| | |
| busybox [9] | Rebuild against glibc 2.36-9+deb12u12 |
| | |
| ca-certificates [10] | Add Sectigo Public Server Authentication |
| | Root E46 and Sectigo Public Server |
| | Authentication Root R46 |
| | |
| catatonit [11] | Rebuild against glibc 2.36-9+deb12u12 |
| | |
| cdebootstrap [12] | Rebuild against glibc 2.36-9+deb12u12 |
| | |
| chkrootkit [13] | Rebuild against glibc 2.36-9+deb12u12 |
| | |
| cjson [14] | Fix denial of service issue [CVE-2023- |
| | 26819]; fix buffer overflow issue |
| | [CVE-2023-53154] |
| | |
| clamav [15] | New upstream stable release; fix buffer |
| | overflow issues [CVE-2025-20128 CVE-2025- |
| | 20260] |
| | |
| cloud-init [16] | Make hotplug socket writable only by root |
| | [CVE-2024-11584]; don't attempt to |
| | identify non-x86 OpenStack instances |
| | [CVE-2024-6174] |
| | |
| commons-beanutils [17] | Fix improper access control issue |
| | [CVE-2025-48734] |
| | |
| commons-vfs [18] | Fix path traversal issue [CVE-2025-27553] |
| | |
| corosync [19] | Fix buffer overflow vulnerability on large |
| | UDP packets [CVE-2025-30472] |
| | |
| criu [20] | Fix restore functionality of mount |
| | namespaces with newer kernel versions |
| | |
| curl [21] | Fix regression handling sftp://host/~ |
| | URIs; fix a memory leak |
| | |
| dar [22] | Rebuild against glibc 2.36-9+deb12u12 |
| | |
| debian-edu-config [23] | Fix quoting in Exim configuration; gosa- |
| | sync: fix password verification; fix |
| | quoting in gosa.conf |
| | |
| debian-installer [24] | Increase Linux kernel ABI to 6.1.0-39; |
| | rebuild against oldstable-proposed- |
| | updates; add console-setup-pc-ekmap for |
| | arm64 and armhf CD images; use |
| | "nomodeset" rather than "fb=false" to |
| | disable framebuffer |
| | |
| debian-installer- | Rebuild against oldstable-proposed-updates |
| netbook-images [25] | |
| | |
| debian-security- | Query source:Package instead of Source to |
| support [26] | get the correct list of packages; fix typo |
| | related to gobgp |
| | |
| distro-info-data [27] | Add Ubuntu end of Legacy Support dates; |
| | add release and estimated EoL for trixie |
| | |
| djvulibre [28] | Fix denial of service issues [CVE-2021- |
| | 46310 CVE-2021-46312] |
| | |
| docker.io [29] | Rebuild against glibc 2.36-9+deb12u12 |
| | |
| dpdk [30] | New upstream stable release |
| | |
| dropbear [31] | Fix shell injection vulnerability in |
| | multihop handling [CVE-2025-47203] |
| | |
| e2fsprogs [32] | Rebuild against glibc 2.36-9+deb12u12 |
| | |
| erlang [33] | ssh: fix strict KEX hardening [CVE-2025- |
| | 46712]; zip: sanitize pathnames when |
| | extracting files with absolute pathnames |
| | [CVE-2025-4748]; fix documentation build |
| | failure with newer xsltproc versions |
| | |
| expat [34] | Fix denial of service issues [CVE-2023- |
| | 52425 CVE-2024-8176]; fix parser crash |
| | [CVE-2024-50602] |
| | |
| fig2dev [35] | Detect nan in spline control values |
| | [CVE-2025-46397]; permit \0 in 2nd line in |
| | fig file [CVE-2025-46398]; ge output: |
| | correct spline computation [CVE-2025- |
| | 46399]; reject arcs with a radius smaller |
| | than 3 [CVE-2025-46400] |
| | |
| firebird3.0 [36] | Fix NULL pointer dereference issue |
| | [CVE-2025-54989] |
| | |
| fort-validator [37] | Fix denial of service issues [CVE-2024- |
| | 45234 CVE-2024-45235 CVE-2024-45236 |
| | CVE-2024-45238 CVE-2024-45239 CVE-2024- |
| | 48943]; fix buffer overflow issue |
| | [CVE-2024-45237] |
| | |
| galera-4 [38] | New upstream stable release |
| | |
| glib2.0 [39] | Fix buffer underflow issue [CVE-2025-4373 |
| | CVE-2025-7039]; improve upgrade safety |
| | |
| glibc [40] | Fix incorrect LD_LIBRARY_PATH search in |
| | dlopen for static setuid binaries |
| | [CVE-2025-4802]; improve memory layout of |
| | structures in exp/exp10/expf functions; |
| | add an SVE implementation of memset on |
| | aarch64; improve generic implementation of |
| | memset on aarch64; fix double free issue |
| | [CVE-2025-8058] |
| | |
| gnupg2 [41] | Rebuild against glibc 2.36-9+deb12u12; fix |
| | recommends of architecture-any packages on |
| | architecture-all package to support |
| | binNMUs |
| | |
| golang-github-gin- | Fix mishandling of wildcards [CVE-2019- |
| contrib-cors [42] | 25211] |
| | |
| gst-plugins- | Fix buffer overrun issue [CVE-2025-47806]; |
| base1.0 [43] | fix NULL pointer dereference issues |
| | [CVE-2025-47807 CVE-2025-47808] |
| | |
| gst-plugins- | Fix possible information disclosure issue |
| good1.0 [44] | [CVE-2025-47219] |
| | |
| init-system- | Fix handling of os-release diversions from |
| helpers [45] | live-build, ensuring they don't exist in |
| | non-live systems |
| | |
| insighttoolkit4 [46] | Fix build on systems with a single CPU |
| | |
| insighttoolkit5 [47] | Fix build on systems with a single CPU |
| | |
| integrit [48] | Rebuild against glibc 2.36-9+deb12u12 |
| | |
| iperf3 [49] | Fix buffer overflow issue [CVE-2025- |
| | 54349]; fix assertion failure [CVE-2025- |
| | 54350] |
| | |
| jinja2 [50] | Fix arbitrary code execution issue |
| | [CVE-2025-27516] |
| | |
| jq [51] | Zero-terminate string in jv.c [CVE-2025- |
| | 48060] |
| | |
| kexec-tools [52] | Remove no longer required dependencies |
| | |
| kmail-account- | Fix man in the middle attack issue |
| wizard [53] | [CVE-2024-50624] |
| | |
| krb5 [54] | Fix message tampering issue [CVE-2025- |
| | 3576]; disable issuance of tickets using |
| | RC4 or triple-DES session keys by default |
| | |
| kubernetes [55] | Sanitise raw data output to terminal |
| | [CVE-2021-25743]; hide long and multi-line |
| | strings when printing |
| | |
| libarchive [56] | Fix integer overflow issues [CVE-2025-5914 |
| | CVE-2025-5916], buffer over read issue |
| | [CVE-2025-5915], buffer overlow issue |
| | [CVE-2025-5917] |
| | |
| libbpf [57] | Fix operation with newer systemd versions |
| | |
| libcap2 [58] | Rebuild against glibc 2.36-9+deb12u12; add |
| | missing Built-Using: glibc |
| | |
| libcgi-simple- | Fix HTTP response splitting issue |
| perl [59] | [CVE-2025-40927] |
| | |
| libfcgi [60] | Fix integer overflow issue [CVE-2025- |
| | 23016] |
| | |
| libfile-tail-perl [61] | Fix uninitialized variable issue |
| | |
| libphp-adodb [62] | Fix SQL injection vulnerability in |
| | pg_insert_id() [CVE-2025-46337] |
| | |
| libraw [63] | Fix out-of-bounds read issues [CVE-2025- |
| | 43961 CVE-2025-43962 CVE-2025-43963]; |
| | enforce minimum w0 and w1 values |
| | [CVE-2025-43964] |
| | |
| libreoffice [64] | Add EUR support for Bulgaria |
| | |
| libsndfile [65] | Fix integer overflow issues [CVE-2022- |
| | 33065]; fix out of bounds read issue |
| | [CVE-2024-50612] |
| | |
| libsoup3 [66] | New upstream bug-fix release; fix buffer |
| | overrun issue [CVE-2024-52531]; fix denial |
| | of service issues [CVE-2024-52532 |
| | CVE-2025-32051]; fix heap overflow issues |
| | [CVE-2025-32052 CVE-2025-32053]; fix |
| | integer overflow issue [CVE-2025-32050]; |
| | fix heap buffer overflow issues [CVE-2025- |
| | 2784]; reject HTTP headers if they contain |
| | null bytes [CVE-2024-52530]; fix denial of |
| | service issues [CVE-2025-32909 CVE-2025- |
| | 32910 CVE-2025-46420 CVE-2025-32912 |
| | CVE-2025-32906]; fix memory management |
| | issues [CVE-2025-32911 CVE-2025-32913]; |
| | fix credential disclosure issue [CVE-2025- |
| | 46421]; fix use-after-free during |
| | disconnection, which can cause GNOME |
| | Calculator to hang at startup; fix a test |
| | failure on some 32-bit systems |
| | |
| libtheora [67] | Fix segfault during decoder |
| | initialisation; avoid possible bit- |
| | shifting in decoder |
| | |
| libtpms [68] | Fix out of bounds read issue [CVE-2025- |
| | 49133] |
| | |
| libxml2 [69] | Fix integer overflow issue in |
| | xmlBuildQName [CVE-2025-6021]; fix |
| | potential buffer overflows in the |
| | interactive shell [CVE-2025-6170]; fix |
| | use-after-free issue in |
| | xmlSchematronReportOutput [CVE-2025- |
| | 49794]; fix type confusion issue in |
| | xmlSchematronReportOutput [CVE-2025-49796] |
| | |
| libyaml-libyaml- | Fix arbitrary file edit issue [CVE-2025- |
| perl [70] | 40908] |
| | |
| lintian [71] | Add bookworm to duke to the list of known |
| | Debian release names; don't emit source- |
| | nmu-has-incorrect-version-number for |
| | stable updates |
| | |
| linux [72] | New upstream stable release; increase ABI |
| | to 39 |
| | |
| linux-signed- | New upstream stable release; increase ABI |
| amd64 [73] | to 39 |
| | |
| linux-signed- | New upstream stable release; increase ABI |
| arm64 [74] | to 39 |
| | |
| linux-signed-i386 [75] | New upstream stable release; increase ABI |
| | to 39 |
| | |
| llvm-toolchain-19 [76] | New upstream stable release |
| | |
| luajit [77] | Fix buffer overflow issue [CVE-2024- |
| | 25176]; fix denial of service issue |
| | [CVE-2024-25177]; fix out-of-bounds read |
| | issue [CVE-2024-25178] |
| | |
| lxc [78] | Rebuild against glibc 2.36-9+deb12u12 |
| | |
| mailgraph [79] | Update embedded copy of Parse::Syslog, |
| | enabling support for RFC3339 dates |
| | |
| mariadb [80] | New upstream stable release; security |
| | fixes [CVE-2023-52969 CVE-2023-52970 |
| | CVE-2023-52971 CVE-2025-30693 CVE-2025- |
| | 30722]; fix restart after out of memory; |
| | new upstream stable release; fix variable |
| | name in debian-start.sh |
| | |
| mkchromecast [81] | Replace youtube-dl with yt-dlp |
| | |
| mlt [82] | Fix Python scripts |
| | |
| mono [83] | Remove unneeded (and broken) mono-source |
| | package |
| | |
| mosquitto [84] | Fix memory leak issue [CVE-2023-28366]; |
| | fix out of bounds memory access issue |
| | [CVE-2024-10525]; fix double free issue |
| | [CVE-2024-3935]; fix possible segmentation |
| | fault issue [CVE-2024-8376] |
| | |
| multipath-tools [85] | Reinstate ANA prioritizer in build process |
| | |
| nextcloud-desktop [86] | Fix share options in graphical interface |
| | |
| nginx [87] | Fix potential information leak in |
| | ngx_mail_smtp_module [CVE-2025-53859] |
| | |
| node-addon-api [88] | Add support for nodejs >= 18.20 |
| | |
| node-csstype [89] | Fix build failure |
| | |
| node-form-data [90] | Fix insufficient randomness issue |
| | [CVE-2025-7783] |
| | |
| node-minipass [91] | Fix tap reporter in auto test and |
| | autopkgtest |
| | |
| node-nodeunit [92] | Fix test flakiness |
| | |
| node-tar-fs [93] | Fix path traversal issues [CVE-2024-12905 |
| | CVE-2025-48387] |
| | |
| node-tmp [94] | Fix arbitrary file write issue [CVE-2025- |
| | 54798] |
| | |
| nvda2speechd [95] | Fix required rmp-serde version |
| | |
| openjpeg2 [96] | Fix NULL pointer dereference issue |
| | [CVE-2025-50952] |
| | |
| openssh [97] | Handle OpenSSL >=3 ABI compatibility to |
| | avoid new SSH connections failing during |
| | upgrades to trixie |
| | |
| openssl [98] | New upstream stable release; revert some |
| | upstream changes to avoid crashes in |
| | downstream software |
| | |
| perl [99] | Fix TLS certificate verification issue |
| | [CVE-2023-31484]; fix non thread safe file |
| | access [CVE-2025-40909] |
| | |
| postgresql-15 [100] | New upstream stable release; tighten |
| | security checks in planner estimation |
| | functions [CVE-2025-8713]; prevent pg_dump |
| | scripts from being used to attack the user |
| | running the restore [CVE-2025-8714]; |
| | convert newlines to spaces in names |
| | included in comments in pg_dump output |
| | [CVE-2025-8715] |
| | |
| postgresql- | PgCommon.pm: Set defined path in |
| common [101] | prepare_exec. Fixes compatibility with |
| | trixie's perl version |
| | |
| prody [102] | Fix build failure; add tolerance to some |
| | tests which now fail on i386 |
| | |
| python-django [103] | Fix regular expression-based denial of |
| | service issue [CVE-2023-36053], denial of |
| | service issues [CVE-2024-38875 CVE-2024- |
| | 39614 CVE-2024-41990 CVE-2024-41991], user |
| | enumeration issue [CVE-2024-39329], |
| | directory traversal issue [CVE-2024- |
| | 39330], excessive memory consumption issue |
| | [CVE-2024-41989], SQL injection issue |
| | [CVE-2024-42005] |
| | |
| python-flask- | Fix log data injection issue [CVE-2024- |
| cors [104] | 1681]; fix improper path processing issues |
| | [CVE-2024-6866 CVE-2024-6839 CVE-2024- |
| | 6844] |
| | |
| python-mitogen [105] | Support targets with Python >= 3.12 |
| | |
| python-zipp [106] | Fix denial of service issue [CVE-2024- |
| | 5569] |
| | |
| qemu [107] | Rebuild against glibc 2.36-9+deb12u12; new |
| | upstream bugfix release |
| | |
| raptor2 [108] | Fix integer underflow issue [CVE-2024- |
| | 57823]; fix heap read buffer overflow |
| | issue [CVE-2024-57822] |
| | |
| rar [109] | New upstream release; fix ANSI escape |
| | injection issue [CVE-2024-33899] |
| | |
| rubygems [110] | Fix credential leak issue [CVE-2025- |
| | 27221]; fix regular expression related |
| | denial of service issue [CVE-2023-28755] |
| | |
| rust-cbindgen- | Rebuild against current rustc-web |
| web [111] | |
| | |
| rustc-web [112] | New upstream stable release, to support |
| | building of newer Chromium versions |
| | |
| samba [113] | Fix various bugs following a change to |
| | Microsoft Active Directory |
| | |
| sash [114] | Rebuild against glibc 2.36-9+deb12u12 |
| | |
| setuptools [115] | Fix arbitrary file write issue [CVE-2025- |
| | 47273] |
| | |
| shaarli [116] | Fix cross site scripting issue [CVE-2025- |
| | 55291] |
| | |
| simplesamlphp [117] | Fix signature verification issue |
| | [CVE-2025-27773] |
| | |
| snapd [118] | Rebuild against glibc 2.36-9+deb12u12 |
| | |
| sqlite3 [119] | Fix memory corruption issue [CVE-2025- |
| | 6965]; fix bug in NOT NULL/IS NULL |
| | optimization that can cause invalid data |
| | |
| supermin [120] | Rebuild against glibc 2.36-9+deb12u12 |
| | |
| systemd [121] | New upstream stable release |
| | |
| tini [122] | Rebuild against glibc 2.36-9+deb12u12 |
| | |
| tripwire [123] | Rebuild against glibc 2.36-9+deb12u12 |
| | |
| tsocks [124] | Rebuild against glibc 2.36-9+deb12u12 |
| | |
| tzdata [125] | Confirm leap second status for 2025 |
| | |
| usb.ids [126] | New upstream update |
| | |
| waitress [127] | Fix race condition in HTTP pipelining |
| | [CVE-2024-49768]; fix denial of service |
| | issue [CVE-2024-49769] |
| | |
| webpy [128] | Fix SQL injection issue [CVE-2025-3818] |
| | |
| wireless-regdb [129] | New upstream release, updating included |
| | regulatory data; permit 320 MHz bandwidth |
| | in 6 GHz band for GB |
| | |
| wolfssl [130] | Fix insufficient randomisation issue |
| | [CVE-2025-7394] |
| | |
| wpa [131] | Fix inappropriate reuse of PKEX elements |
| | [CVE-2022-37660] |
| | |
| xfce4-weather- | Migrate to new APIs; update translations |
| plugin [132] | |
| | |
| xrdp [133] | Fix session restrictions bypass issue |
| | [CVE-2023-40184]; fix out-of-bounds read |
| | issue [CVE-2023-42822]; fix login |
| | restrictions bypass issue [CVE-2024-39917] |
| | |
| ydotool [134] | Rebuild against glibc 2.36-9+deb12u12 |
| | |
| zsh [135] | Rebuild against glibc 2.36-9+deb12u12 |
| | |
+------------------------+--------------------------------------------+
1: https://packages.debian.org/src:amd64-microcode
2: https://packages.debian.org/src:aom
3: https://packages.debian.org/src:apache2
4: https://packages.debian.org/src:b43-fwcutter
5: https://packages.debian.org/src:balboa
6: https://packages.debian.org/src:base-files
7: https://packages.debian.org/src:bash
8: https://packages.debian.org/src:botan
9: https://packages.debian.org/src:busybox
10: https://packages.debian.org/src:ca-certificates
11: https://packages.debian.org/src:catatonit
12: https://packages.debian.org/src:cdebootstrap
13: https://packages.debian.org/src:chkrootkit
14: https://packages.debian.org/src:cjson
15: https://packages.debian.org/src:clamav
16: https://packages.debian.org/src:cloud-init
17: https://packages.debian.org/src:commons-beanutils
18: https://packages.debian.org/src:commons-vfs
19: https://packages.debian.org/src:corosync
20: https://packages.debian.org/src:criu
21: https://packages.debian.org/src:curl
22: https://packages.debian.org/src:dar
23: https://packages.debian.org/src:debian-edu-config
24: https://packages.debian.org/src:debian-installer
25: https://packages.debian.org/src:debian-installer-netbook-images
26: https://packages.debian.org/src:debian-security-support
27: https://packages.debian.org/src:distro-info-data
28: https://packages.debian.org/src:djvulibre
29: https://packages.debian.org/src:docker.io
30: https://packages.debian.org/src:dpdk
31: https://packages.debian.org/src:dropbear
32: https://packages.debian.org/src:e2fsprogs
33: https://packages.debian.org/src:erlang
34: https://packages.debian.org/src:expat
35: https://packages.debian.org/src:fig2dev
36: https://packages.debian.org/src:firebird3.0
37: https://packages.debian.org/src:fort-validator
38: https://packages.debian.org/src:galera-4
39: https://packages.debian.org/src:glib2.0
40: https://packages.debian.org/src:glibc
41: https://packages.debian.org/src:gnupg2
42: https://packages.debian.org/src:golang-github-gin-contrib-cors
43: https://packages.debian.org/src:gst-plugins-base1.0
44: https://packages.debian.org/src:gst-plugins-good1.0
45: https://packages.debian.org/src:init-system-helpers
46: https://packages.debian.org/src:insighttoolkit4
47: https://packages.debian.org/src:insighttoolkit5
48: https://packages.debian.org/src:integrit
49: https://packages.debian.org/src:iperf3
50: https://packages.debian.org/src:jinja2
51: https://packages.debian.org/src:jq
52: https://packages.debian.org/src:kexec-tools
53: https://packages.debian.org/src:kmail-account-wizard
54: https://packages.debian.org/src:krb5
55: https://packages.debian.org/src:kubernetes
56: https://packages.debian.org/src:libarchive
57: https://packages.debian.org/src:libbpf
58: https://packages.debian.org/src:libcap2
59: https://packages.debian.org/src:libcgi-simple-perl
60: https://packages.debian.org/src:libfcgi
61: https://packages.debian.org/src:libfile-tail-perl
62: https://packages.debian.org/src:libphp-adodb
63: https://packages.debian.org/src:libraw
64: https://packages.debian.org/src:libreoffice
65: https://packages.debian.org/src:libsndfile
66: https://packages.debian.org/src:libsoup3
67: https://packages.debian.org/src:libtheora
68: https://packages.debian.org/src:libtpms
69: https://packages.debian.org/src:libxml2
70: https://packages.debian.org/src:libyaml-libyaml-perl
71: https://packages.debian.org/src:lintian
72: https://packages.debian.org/src:linux
73: https://packages.debian.org/src:linux-signed-amd64
74: https://packages.debian.org/src:linux-signed-arm64
75: https://packages.debian.org/src:linux-signed-i386
76: https://packages.debian.org/src:llvm-toolchain-19
77: https://packages.debian.org/src:luajit
78: https://packages.debian.org/src:lxc
79: https://packages.debian.org/src:mailgraph
80: https://packages.debian.org/src:mariadb
81: https://packages.debian.org/src:mkchromecast
82: https://packages.debian.org/src:mlt
83: https://packages.debian.org/src:mono
84: https://packages.debian.org/src:mosquitto
85: https://packages.debian.org/src:multipath-tools
86: https://packages.debian.org/src:nextcloud-desktop
87: https://packages.debian.org/src:nginx
88: https://packages.debian.org/src:node-addon-api
89: https://packages.debian.org/src:node-csstype
90: https://packages.debian.org/src:node-form-data
91: https://packages.debian.org/src:node-minipass
92: https://packages.debian.org/src:node-nodeunit
93: https://packages.debian.org/src:node-tar-fs
94: https://packages.debian.org/src:node-tmp
95: https://packages.debian.org/src:nvda2speechd
96: https://packages.debian.org/src:openjpeg2
97: https://packages.debian.org/src:openssh
98: https://packages.debian.org/src:openssl
99: https://packages.debian.org/src:perl
100: https://packages.debian.org/src:postgresql-15
101: https://packages.debian.org/src:postgresql-common
102: https://packages.debian.org/src:prody
103: https://packages.debian.org/src:python-django
104: https://packages.debian.org/src:python-flask-cors
105: https://packages.debian.org/src:python-mitogen
106: https://packages.debian.org/src:python-zipp
107: https://packages.debian.org/src:qemu
108: https://packages.debian.org/src:raptor2
109: https://packages.debian.org/src:rar
110: https://packages.debian.org/src:rubygems
111: https://packages.debian.org/src:rust-cbindgen-web
112: https://packages.debian.org/src:rustc-web
113: https://packages.debian.org/src:samba
114: https://packages.debian.org/src:sash
115: https://packages.debian.org/src:setuptools
116: https://packages.debian.org/src:shaarli
117: https://packages.debian.org/src:simplesamlphp
118: https://packages.debian.org/src:snapd
119: https://packages.debian.org/src:sqlite3
120: https://packages.debian.org/src:supermin
121: https://packages.debian.org/src:systemd
122: https://packages.debian.org/src:tini
123: https://packages.debian.org/src:tripwire
124: https://packages.debian.org/src:tsocks
125: https://packages.debian.org/src:tzdata
126: https://packages.debian.org/src:usb.ids
127: https://packages.debian.org/src:waitress
128: https://packages.debian.org/src:webpy
129: https://packages.debian.org/src:wireless-regdb
130: https://packages.debian.org/src:wolfssl
131: https://packages.debian.org/src:wpa
132: https://packages.debian.org/src:xfce4-weather-plugin
133: https://packages.debian.org/src:xrdp
134: https://packages.debian.org/src:ydotool
135: https://packages.debian.org/src:zsh
Security Updates
----------------
This revision adds the following security updates to the oldstable
release. The Security Team has already released an advisory for each of
these updates:
+----------------+------------------------------+
| Advisory ID | Package |
+----------------+------------------------------+
| DSA-5914 [136] | chromium [137] |
| | |
| DSA-5916 [138] | chromium [139] |
| | |
| DSA-5918 [140] | varnish [141] |
| | |
| DSA-5919 [142] | open-vm-tools [143] |
| | |
| DSA-5920 [144] | chromium [145] |
| | |
| DSA-5921 [146] | thunderbird [147] |
| | |
| DSA-5922 [148] | firefox-esr [149] |
| | |
| DSA-5923 [150] | net-tools [151] |
| | |
| DSA-5924 [152] | intel-microcode [153] |
| | |
| DSA-5925 [154] | linux-signed-amd64 [155] |
| | |
| DSA-5925 [156] | linux-signed-arm64 [157] |
| | |
| DSA-5925 [158] | linux-signed-i386 [159] |
| | |
| DSA-5925 [160] | linux [161] |
| | |
| DSA-5926 [162] | firefox-esr [163] |
| | |
| DSA-5927 [164] | yelp-xsl [165] |
| | |
| DSA-5927 [166] | yelp [167] |
| | |
| DSA-5928 [168] | libvpx [169] |
| | |
| DSA-5929 [170] | chromium [171] |
| | |
| DSA-5930 [172] | libavif [173] |
| | |
| DSA-5931 [174] | systemd [175] |
| | |
| DSA-5932 [176] | thunderbird [177] |
| | |
| DSA-5933 [178] | tcpdf [179] |
| | |
| DSA-5934 [180] | roundcube [181] |
| | |
| DSA-5935 [182] | chromium [183] |
| | |
| DSA-5936 [184] | libfile-find-rule-perl [185] |
| | |
| DSA-5937 [186] | webkit2gtk [187] |
| | |
| DSA-5938 [188] | python-tornado [189] |
| | |
| DSA-5939 [190] | gimp [191] |
| | |
| DSA-5940 [192] | modsecurity-apache [193] |
| | |
| DSA-5941 [194] | gst-plugins-bad1.0 [195] |
| | |
| DSA-5942 [196] | chromium [197] |
| | |
| DSA-5943 [198] | libblockdev [199] |
| | |
| DSA-5943 [200] | udisks2 [201] |
| | |
| DSA-5944 [202] | chromium [203] |
| | |
| DSA-5945 [204] | konsole [205] |
| | |
| DSA-5946 [206] | gdk-pixbuf [207] |
| | |
| DSA-5947 [208] | xorg-server [209] |
| | |
| DSA-5948 [210] | trafficserver [211] |
| | |
| DSA-5949 [212] | libxml2 [213] |
| | |
| DSA-5950 [214] | firefox-esr [215] |
| | |
| DSA-5951 [216] | icu [217] |
| | |
| DSA-5952 [218] | chromium [219] |
| | |
| DSA-5953 [220] | catdoc [221] |
| | |
| DSA-5954 [222] | sudo [223] |
| | |
| DSA-5955 [224] | chromium [225] |
| | |
| DSA-5956 [226] | ring [227] |
| | |
| DSA-5957 [228] | mediawiki [229] |
| | |
| DSA-5958 [230] | jpeg-xl [231] |
| | |
| DSA-5959 [232] | thunderbird [233] |
| | |
| DSA-5960 [234] | djvulibre [235] |
| | |
| DSA-5961 [236] | slurm-wlm [237] |
| | |
| DSA-5962 [238] | gnutls28 [239] |
| | |
| DSA-5963 [240] | chromium [241] |
| | |
| DSA-5964 [242] | firefox-esr [243] |
| | |
| DSA-5965 [244] | chromium [245] |
| | |
| DSA-5966 [246] | thunderbird [247] |
| | |
| DSA-5967 [248] | php8.2 [249] |
| | |
| DSA-5968 [250] | chromium [251] |
| | |
| DSA-5969 [252] | redis [253] |
| | |
| DSA-5970 [254] | sope [255] |
| | |
| DSA-5971 [256] | chromium [257] |
| | |
| DSA-5972 [258] | openjdk-17 [259] |
| | |
| DSA-5973 [260] | linux-signed-amd64 [261] |
| | |
| DSA-5973 [262] | linux-signed-arm64 [263] |
| | |
| DSA-5973 [264] | linux-signed-i386 [265] |
| | |
| DSA-5973 [266] | linux [267] |
| | |
| DSA-5974 [268] | pgpool2 [269] |
| | |
| DSA-5976 [270] | chromium [271] |
| | |
| DSA-5977 [272] | aide [273] |
| | |
| DSA-5978 [274] | webkit2gtk [275] |
| | |
| DSA-5979 [276] | libxslt [277] |
| | |
| DSA-5980 [278] | firefox-esr [279] |
| | |
| DSA-5981 [280] | chromium [281] |
| | |
| DSA-5982 [282] | squid [283] |
| | |
| DSA-5983 [284] | qemu [285] |
| | |
| DSA-5984 [286] | thunderbird [287] |
| | |
| DSA-5985 [288] | ffmpeg [289] |
| | |
| DSA-5986 [290] | node-cipher-base [291] |
| | |
| DSA-5987 [292] | unbound [293] |
| | |
| DSA-5988 [294] | chromium [295] |
| | |
| DSA-5989 [296] | udisks2 [297] |
| | |
| DSA-5990 [298] | libxml2 [299] |
| | |
| DSA-5991 [300] | nodejs [301] |
| | |
+----------------+------------------------------+
136: https://www.debian.org/security/2025/dsa-5914
137: https://packages.debian.org/src:chromium
138: https://www.debian.org/security/2025/dsa-5916
139: https://packages.debian.org/src:chromium
140: https://www.debian.org/security/2025/dsa-5918
141: https://packages.debian.org/src:varnish
142: https://www.debian.org/security/2025/dsa-5919
143: https://packages.debian.org/src:open-vm-tools
144: https://www.debian.org/security/2025/dsa-5920
145: https://packages.debian.org/src:chromium
146: https://www.debian.org/security/2025/dsa-5921
147: https://packages.debian.org/src:thunderbird
148: https://www.debian.org/security/2025/dsa-5922
149: https://packages.debian.org/src:firefox-esr
150: https://www.debian.org/security/2025/dsa-5923
151: https://packages.debian.org/src:net-tools
152: https://www.debian.org/security/2025/dsa-5924
153: https://packages.debian.org/src:intel-microcode
154: https://www.debian.org/security/2025/dsa-5925
155: https://packages.debian.org/src:linux-signed-amd64
156: https://www.debian.org/security/2025/dsa-5925
157: https://packages.debian.org/src:linux-signed-arm64
158: https://www.debian.org/security/2025/dsa-5925
159: https://packages.debian.org/src:linux-signed-i386
160: https://www.debian.org/security/2025/dsa-5925
161: https://packages.debian.org/src:linux
162: https://www.debian.org/security/2025/dsa-5926
163: https://packages.debian.org/src:firefox-esr
164: https://www.debian.org/security/2025/dsa-5927
165: https://packages.debian.org/src:yelp-xsl
166: https://www.debian.org/security/2025/dsa-5927
167: https://packages.debian.org/src:yelp
168: https://www.debian.org/security/2025/dsa-5928
169: https://packages.debian.org/src:libvpx
170: https://www.debian.org/security/2025/dsa-5929
171: https://packages.debian.org/src:chromium
172: https://www.debian.org/security/2025/dsa-5930
173: https://packages.debian.org/src:libavif
174: https://www.debian.org/security/2025/dsa-5931
175: https://packages.debian.org/src:systemd
176: https://www.debian.org/security/2025/dsa-5932
177: https://packages.debian.org/src:thunderbird
178: https://www.debian.org/security/2025/dsa-5933
179: https://packages.debian.org/src:tcpdf
180: https://www.debian.org/security/2025/dsa-5934
181: https://packages.debian.org/src:roundcube
182: https://www.debian.org/security/2025/dsa-5935
183: https://packages.debian.org/src:chromium
184: https://www.debian.org/security/2025/dsa-5936
185: https://packages.debian.org/src:libfile-find-rule-perl
186: https://www.debian.org/security/2025/dsa-5937
187: https://packages.debian.org/src:webkit2gtk
188: https://www.debian.org/security/2025/dsa-5938
189: https://packages.debian.org/src:python-tornado
190: https://www.debian.org/security/2025/dsa-5939
191: https://packages.debian.org/src:gimp
192: https://www.debian.org/security/2025/dsa-5940
193: https://packages.debian.org/src:modsecurity-apache
194: https://www.debian.org/security/2025/dsa-5941
195: https://packages.debian.org/src:gst-plugins-bad1.0
196: https://www.debian.org/security/2025/dsa-5942
197: https://packages.debian.org/src:chromium
198: https://www.debian.org/security/2025/dsa-5943
199: https://packages.debian.org/src:libblockdev
200: https://www.debian.org/security/2025/dsa-5943
201: https://packages.debian.org/src:udisks2
202: https://www.debian.org/security/2025/dsa-5944
203: https://packages.debian.org/src:chromium
204: https://www.debian.org/security/2025/dsa-5945
205: https://packages.debian.org/src:konsole
206: https://www.debian.org/security/2025/dsa-5946
207: https://packages.debian.org/src:gdk-pixbuf
208: https://www.debian.org/security/2025/dsa-5947
209: https://packages.debian.org/src:xorg-server
210: https://www.debian.org/security/2025/dsa-5948
211: https://packages.debian.org/src:trafficserver
212: https://www.debian.org/security/2025/dsa-5949
213: https://packages.debian.org/src:libxml2
214: https://www.debian.org/security/2025/dsa-5950
215: https://packages.debian.org/src:firefox-esr
216: https://www.debian.org/security/2025/dsa-5951
217: https://packages.debian.org/src:icu
218: https://www.debian.org/security/2025/dsa-5952
219: https://packages.debian.org/src:chromium
220: https://www.debian.org/security/2025/dsa-5953
221: https://packages.debian.org/src:catdoc
222: https://www.debian.org/security/2025/dsa-5954
223: https://packages.debian.org/src:sudo
224: https://www.debian.org/security/2025/dsa-5955
225: https://packages.debian.org/src:chromium
226: https://www.debian.org/security/2025/dsa-5956
227: https://packages.debian.org/src:ring
228: https://www.debian.org/security/2025/dsa-5957
229: https://packages.debian.org/src:mediawiki
230: https://www.debian.org/security/2025/dsa-5958
231: https://packages.debian.org/src:jpeg-xl
232: https://www.debian.org/security/2025/dsa-5959
233: https://packages.debian.org/src:thunderbird
234: https://www.debian.org/security/2025/dsa-5960
235: https://packages.debian.org/src:djvulibre
236: https://www.debian.org/security/2025/dsa-5961
237: https://packages.debian.org/src:slurm-wlm
238: https://www.debian.org/security/2025/dsa-5962
239: https://packages.debian.org/src:gnutls28
240: https://www.debian.org/security/2025/dsa-5963
241: https://packages.debian.org/src:chromium
242: https://www.debian.org/security/2025/dsa-5964
243: https://packages.debian.org/src:firefox-esr
244: https://www.debian.org/security/2025/dsa-5965
245: https://packages.debian.org/src:chromium
246: https://www.debian.org/security/2025/dsa-5966
247: https://packages.debian.org/src:thunderbird
248: https://www.debian.org/security/2025/dsa-5967
249: https://packages.debian.org/src:php8.2
250: https://www.debian.org/security/2025/dsa-5968
251: https://packages.debian.org/src:chromium
252: https://www.debian.org/security/2025/dsa-5969
253: https://packages.debian.org/src:redis
254: https://www.debian.org/security/2025/dsa-5970
255: https://packages.debian.org/src:sope
256: https://www.debian.org/security/2025/dsa-5971
257: https://packages.debian.org/src:chromium
258: https://www.debian.org/security/2025/dsa-5972
259: https://packages.debian.org/src:openjdk-17
260: https://www.debian.org/security/2025/dsa-5973
261: https://packages.debian.org/src:linux-signed-amd64
262: https://www.debian.org/security/2025/dsa-5973
263: https://packages.debian.org/src:linux-signed-arm64
264: https://www.debian.org/security/2025/dsa-5973
265: https://packages.debian.org/src:linux-signed-i386
266: https://www.debian.org/security/2025/dsa-5973
267: https://packages.debian.org/src:linux
268: https://www.debian.org/security/2025/dsa-5974
269: https://packages.debian.org/src:pgpool2
270: https://www.debian.org/security/2025/dsa-5976
271: https://packages.debian.org/src:chromium
272: https://www.debian.org/security/2025/dsa-5977
273: https://packages.debian.org/src:aide
274: https://www.debian.org/security/2025/dsa-5978
275: https://packages.debian.org/src:webkit2gtk
276: https://www.debian.org/security/2025/dsa-5979
277: https://packages.debian.org/src:libxslt
278: https://www.debian.org/security/2025/dsa-5980
279: https://packages.debian.org/src:firefox-esr
280: https://www.debian.org/security/2025/dsa-5981
281: https://packages.debian.org/src:chromium
282: https://www.debian.org/security/2025/dsa-5982
283: https://packages.debian.org/src:squid
284: https://www.debian.org/security/2025/dsa-5983
285: https://packages.debian.org/src:qemu
286: https://www.debian.org/security/2025/dsa-5984
287: https://packages.debian.org/src:thunderbird
288: https://www.debian.org/security/2025/dsa-5985
289: https://packages.debian.org/src:ffmpeg
290: https://www.debian.org/security/2025/dsa-5986
291: https://packages.debian.org/src:node-cipher-base
292: https://www.debian.org/security/2025/dsa-5987
293: https://packages.debian.org/src:unbound
294: https://www.debian.org/security/2025/dsa-5988
295: https://packages.debian.org/src:chromium
296: https://www.debian.org/security/2025/dsa-5989
297: https://packages.debian.org/src:udisks2
298: https://www.debian.org/security/2025/dsa-5990
299: https://packages.debian.org/src:libxml2
300: https://www.debian.org/security/2025/dsa-5991
301: https://packages.debian.org/src:nodejs
Removed packages
----------------
The following packages were removed due to circumstances beyond our
control:
+------------+--------------------------------+
| Package | Reason |
+------------+--------------------------------+
| guix [302] | Unsupportable; security issues |
| | |
+------------+--------------------------------+
302: https://packages.debian.org/src:guix
Debian Installer
----------------
The installer has been updated to include the fixes incorporated into
oldstable by the point release.
URLs
----
The complete lists of packages that have changed with this revision:
https://deb.debian.org/debian/dists/bookworm/ChangeLog
The current oldstable distribution:
https://deb.debian.org/debian/dists/oldstable/
Proposed updates to the oldstable distribution:
https://deb.debian.org/debian/dists/oldstable-proposed-updates
oldstable distribution information (release notes, errata etc.):
https://www.debian.org/releases/oldstable/
Security announcements and information:
https://www.debian.org/security/
About Debian
------------
The Debian Project is an association of Free Software developers who
volunteer their time and effort in order to produce the completely free
operating system Debian.
Contact Information
-------------------
For further information, please visit the Debian web pages at
https://www.debian.org/, send mail to <press@debian.org>, or contact the
stable release team at <debian-release@lists.debian.org>.
Attachment:
signature.asc
Description: This is a digitally signed message part