------------------------------------------------------------------------
The Debian Project https://www.debian.org/
Updated Debian 13: 13.1 released press@debian.org
September 6th, 2025 https://www.debian.org/News/2025/20250906
------------------------------------------------------------------------
The Debian project is pleased to announce the first update of its stable
distribution Debian 13 (codename "trixie"). This point release mainly
adds corrections for security issues, along with a few adjustments for
serious problems. Security advisories have already been published
separately and are referenced where available.
Please note that the point release does not constitute a new version of
Debian 13 but only updates some of the packages included. There is no
need to throw away old "trixie" media. After installation, packages can
be upgraded to the current versions using an up-to-date Debian mirror.
Those who frequently install updates from security.debian.org won't have
to update many packages, and most such updates are included in the point
release.
New installation images will be available soon at the regular locations.
Upgrading an existing installation to this revision can be achieved by
pointing the package management system at one of Debian's many HTTP
mirrors. A comprehensive list of mirrors is available at:
https://www.debian.org/mirror/list
Miscellaneous Bugfixes
----------------------
This stable update adds a few important corrections to the following
packages:
+-------------------------+-------------------------------------------+
| Package | Reason |
+-------------------------+-------------------------------------------+
| auto-apt-proxy [1] | Check explicitly configured proxies |
| | before network gateway |
| | |
| base-files [2] | Update for the point release |
| | |
| courier [3] | Fix courier-webmin |
| | |
| debian-installer [4] | Increase Linux kernel ABI to |
| | 6.12.43+deb13; rebuild against proposed- |
| | updates; add a workaround for a GRUB |
| | graphics initialisation bug |
| | |
| debian-installer- | Rebuild against proposed-updates |
| netboot-images [5] | |
| | |
| desktop-base [6] | Fix placement of plymouth prompts in |
| | multi-monitor setups |
| | |
| devscripts [7] | Update suite and codename mappings |
| | |
| dpdk [8] | New upstream point release |
| | |
| ethtool [9] | netlink: fix print_string when the value |
| | is NULL |
| | |
| firebird3.0 [10] | Fix null pointer dereference in XDR |
| | message parsing [CVE-2025-54989] |
| | |
| flvstreamer [11] | Stop installing rtmpsrv and rtmpsuck, |
| | avoiding file conflict with the rtmpdump |
| | package |
| | |
| galera-4 [12] | New upstream stable release |
| | |
| git [13] | New upstream bug-fix release; fix |
| | arbitrary file write issues [CVE-2025- |
| | 27613 CVE-2025-46835]; fix code execution |
| | issues [CVE-2025-27614 CVE-2025-48384]; |
| | fix protocol injection issue, possibly |
| | leading to arbitrary code execution |
| | [CVE-2025-48385] |
| | |
| glib2.0 [14] | New upstream bugfix release; fix a corner |
| | case when upgrading from bookworm |
| | |
| gnome-control- | Fix a UI issue and an error display |
| center [15] | issue; translation updates |
| | |
| gnome-online- | New upstream bug-fix release; update |
| accounts [16] | translations |
| | |
| gnome-shell [17] | New upstream bugfix release |
| | |
| golang-github-gin- | Fix mishandling of wildcards [CVE-2019- |
| contrib-cors [18] | 25211] |
| | |
| gssdp [19] | New upstream bug-fix release; fix issues |
| | with Since: and Deprecated: declarations |
| | in documentation |
| | |
| imagemagick [20] | Security fixes: heap buffer overflow in |
| | the "InterpretImageFilename" function |
| | [CVE-2025-53014]; infinite loop when |
| | writing during a specific XMP file |
| | conversion command [CVE-2025-53015]; |
| | memory leak in the "magick stream" |
| | command [CVE-2025-53019]; stack overflow |
| | through "vsnprintf()" [CVE-2025-53101]; |
| | use-after-free when SetQuantumFormat is |
| | used [CVE-2025-43965]; in multispectral |
| | MIFF image processing, packet_size |
| | mishandling [CVE-2025-46393] |
| | |
| init-system- | Fix handling of os-release diversions |
| helpers [21] | from live-build, ensuring they don't |
| | exist in non-live systems |
| | |
| installation-guide [22] | Enable Hungarian and Ukrainian |
| | translations; fix boot-dev-select-arm64 |
| | and armhf-armmp-supported-platforms |
| | hyperlinks |
| | |
| iperf3 [23] | Fix buffer overflow issue [CVE-2025- |
| | 54349]; fix assertion failure [CVE-2025- |
| | 54350] |
| | |
| kamailio [24] | Relax OpenSSL version check to only match |
| | against major version |
| | |
| libadwaita-1 [25] | New upstream bugfix release |
| | |
| libcgi-simple-perl [26] | Fix HTTP response splitting issue |
| | [CVE-2025-40927] |
| | |
| libcoap3 [27] | Fix buffer overflow issue [CVE-2024- |
| | 0962]; fix integer overflow issue |
| | [CVE-2024-31031] |
| | |
| libreoffice [28] | Add EUR support for Bulgaria; fix |
| | installation of Impress sound effects; |
| | fix playing of videos in Impress under |
| | Qt6 |
| | |
| librepo [29] | New upstream bug-fix release, fixing |
| | support for DNF5; improve handling of |
| | SELinux in the Debian packaging |
| | |
| linux [30] | New upstream stable release |
| | |
| linux-signed-amd64 [31] | New upstream stable release |
| | |
| linux-signed-arm64 [32] | New upstream stable release |
| | |
| live-boot [33] | Fix handling of os-release diversions |
| | from live-build, ensuring they don't |
| | exist in non-live systems |
| | |
| live-build [34] | Fix handling of os-release diversions, |
| | ensuring they don't exist in non-live |
| | systems |
| | |
| mame [35] | Fix translation building |
| | |
| mariadb [36] | New upstream stable release |
| | |
| mate-sensors- | Fix crash at startup |
| applet [37] | |
| | |
| mmdebstrap [38] | Support numeric UID in /etc/subgid and / |
| | etc/subuid |
| | |
| modemmanager [39] | Fix support for Fibocom FM350-GL |
| | |
| mozjs128 [40] | New upstream stable release; fix |
| | uninitialised memory issue [CVE-2025- |
| | 9181], memory safety issues [CVE-2025- |
| | 9185] |
| | |
| network-manager- | New upstream stable release; fix multi- |
| openvpn [41] | factor authentication in combination with |
| | non-ASCII characters |
| | |
| nginx [42] | Fix potential information leak in |
| | ngx_mail_smtp_module [CVE-2025-53859] |
| | |
| node-tmp [43] | Fix arbitrary file write issue [CVE-2025- |
| | 54798] |
| | |
| open-iscsi [44] | Ensure /var/lib exists in initramfs |
| | |
| openjpeg2 [45] | Fix out-of-bounds write issue [CVE-2025- |
| | 54874] |
| | |
| orca [46] | Add dependencies on python3-setproctitle |
| | and python3-psutil |
| | |
| orphan-sysvinit- | Fix installation of mdadm scripts |
| scripts [47] | |
| | |
| pcre2 [48] | New upstream stable release; fix |
| | potential information disclosure issue |
| | [CVE-2025-58050] |
| | |
| postfix [49] | New upstream stable release; fix copying |
| | of files to chroot |
| | |
| postgresql-17 [50] | New upstream stable release; tighten |
| | security checks in planner estimation |
| | functions [CVE-2025-8713]; prevent |
| | pg_dump scripts from being used to attack |
| | the user running the restore [CVE-2025- |
| | 8714]; convert newlines to spaces in |
| | names included in comments in pg_dump |
| | output [CVE-2025-8715] |
| | |
| ptyxis [51] | New upstream bugfix release |
| | |
| pyraf [52] | Ensure compatibility with Python 3.13 |
| | |
| qemu [53] | New upstream bugfix release |
| | |
| rabbitmq-server [54] | Show proper plugin version numbers |
| | |
| remind [55] | Fix buffer overflow in DUMPVARS |
| | |
| renpy [56] | Fix font symlinks |
| | |
| resource-agents [57] | Handle cases where more than one route |
| | for an IP address exists |
| | |
| rkward [58] | Restore compatibility with R 4.5 |
| | |
| samba [59] | New upstream bugfix release |
| | |
| sbuild [60] | Support UID in /etc/sub(u|g)id; fix build |
| | path permissions when building as root; |
| | always append newline in binNMU |
| | changelog; allow empty BUILD_PATH in |
| | command line options |
| | |
| shaarli [61] | Fix cross site scripting issue [CVE-2025- |
| | 55291] |
| | |
| sound-theme- | Link front-center sample to audio- |
| freedesktop [62] | channel-mono |
| | |
| strongswan [63] | Fix OpenSSL 3.5.1 support |
| | |
| systemd [64] | New upstream stable release |
| | |
| systemd-boot-efi-amd64- | New upstream stable release |
| signed [65] | |
| | |
| systemd-boot-efi-arm64- | New upstream stable release |
| signed [66] | |
| | |
| thunar [67] | Fix prompt before permanently deleting |
| | files |
| | |
| timescaledb [68] | Disable test that fails with Postgresql |
| | 17.6 |
| | |
| transmission [69] | Fix GTK app crash when LANG=fr |
| | |
| tzdata [70] | Confirm leap second status for 2025 |
| | |
| wolfssl [71] | Avoid weak and predictable random numbers |
| | [CVE-2025-7394] |
| | |
+-------------------------+-------------------------------------------+
1: https://packages.debian.org/src:auto-apt-proxy
2: https://packages.debian.org/src:base-files
3: https://packages.debian.org/src:courier
4: https://packages.debian.org/src:debian-installer
5: https://packages.debian.org/src:debian-installer-netboot-images
6: https://packages.debian.org/src:desktop-base
7: https://packages.debian.org/src:devscripts
8: https://packages.debian.org/src:dpdk
9: https://packages.debian.org/src:ethtool
10: https://packages.debian.org/src:firebird3.0
11: https://packages.debian.org/src:flvstreamer
12: https://packages.debian.org/src:galera-4
13: https://packages.debian.org/src:git
14: https://packages.debian.org/src:glib2.0
15: https://packages.debian.org/src:gnome-control-center
16: https://packages.debian.org/src:gnome-online-accounts
17: https://packages.debian.org/src:gnome-shell
18: https://packages.debian.org/src:golang-github-gin-contrib-cors
19: https://packages.debian.org/src:gssdp
20: https://packages.debian.org/src:imagemagick
21: https://packages.debian.org/src:init-system-helpers
22: https://packages.debian.org/src:installation-guide
23: https://packages.debian.org/src:iperf3
24: https://packages.debian.org/src:kamailio
25: https://packages.debian.org/src:libadwaita-1
26: https://packages.debian.org/src:libcgi-simple-perl
27: https://packages.debian.org/src:libcoap3
28: https://packages.debian.org/src:libreoffice
29: https://packages.debian.org/src:librepo
30: https://packages.debian.org/src:linux
31: https://packages.debian.org/src:linux-signed-amd64
32: https://packages.debian.org/src:linux-signed-arm64
33: https://packages.debian.org/src:live-boot
34: https://packages.debian.org/src:live-build
35: https://packages.debian.org/src:mame
36: https://packages.debian.org/src:mariadb
37: https://packages.debian.org/src:mate-sensors-applet
38: https://packages.debian.org/src:mmdebstrap
39: https://packages.debian.org/src:modemmanager
40: https://packages.debian.org/src:mozjs128
41: https://packages.debian.org/src:network-manager-openvpn
42: https://packages.debian.org/src:nginx
43: https://packages.debian.org/src:node-tmp
44: https://packages.debian.org/src:open-iscsi
45: https://packages.debian.org/src:openjpeg2
46: https://packages.debian.org/src:orca
47: https://packages.debian.org/src:orphan-sysvinit-scripts
48: https://packages.debian.org/src:pcre2
49: https://packages.debian.org/src:postfix
50: https://packages.debian.org/src:postgresql-17
51: https://packages.debian.org/src:ptyxis
52: https://packages.debian.org/src:pyraf
53: https://packages.debian.org/src:qemu
54: https://packages.debian.org/src:rabbitmq-server
55: https://packages.debian.org/src:remind
56: https://packages.debian.org/src:renpy
57: https://packages.debian.org/src:resource-agents
58: https://packages.debian.org/src:rkward
59: https://packages.debian.org/src:samba
60: https://packages.debian.org/src:sbuild
61: https://packages.debian.org/src:shaarli
62: https://packages.debian.org/src:sound-theme-freedesktop
63: https://packages.debian.org/src:strongswan
64: https://packages.debian.org/src:systemd
65: https://packages.debian.org/src:systemd-boot-efi-amd64-signed
66: https://packages.debian.org/src:systemd-boot-efi-arm64-signed
67: https://packages.debian.org/src:thunar
68: https://packages.debian.org/src:timescaledb
69: https://packages.debian.org/src:transmission
70: https://packages.debian.org/src:tzdata
71: https://packages.debian.org/src:wolfssl
Security Updates
----------------
This revision adds the following security updates to the stable release.
The Security Team has already released an advisory for each of these
updates:
+----------------+-------------------------+
| Advisory ID | Package |
+----------------+-------------------------+
| DSA-5975 [72] | linux-signed-amd64 [73] |
| | |
| DSA-5975 [74] | linux-signed-arm64 [75] |
| | |
| DSA-5975 [76] | linux [77] |
| | |
| DSA-5976 [78] | chromium [79] |
| | |
| DSA-5977 [80] | aide [81] |
| | |
| DSA-5978 [82] | webkit2gtk [83] |
| | |
| DSA-5979 [84] | libxslt [85] |
| | |
| DSA-5980 [86] | firefox-esr [87] |
| | |
| DSA-5981 [88] | chromium [89] |
| | |
| DSA-5983 [90] | qemu [91] |
| | |
| DSA-5984 [92] | thunderbird [93] |
| | |
| DSA-5986 [94] | node-cipher-base [95] |
| | |
| DSA-5988 [96] | chromium [97] |
| | |
| DSA-5989 [98] | udisks2 [99] |
| | |
| DSA-5990 [100] | libxml2 [101] |
| | |
| DSA-5992 [102] | firebird4.0 [103] |
| | |
+----------------+-------------------------+
72: https://www.debian.org/security/2025/dsa-5975
73: https://packages.debian.org/src:linux-signed-amd64
74: https://www.debian.org/security/2025/dsa-5975
75: https://packages.debian.org/src:linux-signed-arm64
76: https://www.debian.org/security/2025/dsa-5975
77: https://packages.debian.org/src:linux
78: https://www.debian.org/security/2025/dsa-5976
79: https://packages.debian.org/src:chromium
80: https://www.debian.org/security/2025/dsa-5977
81: https://packages.debian.org/src:aide
82: https://www.debian.org/security/2025/dsa-5978
83: https://packages.debian.org/src:webkit2gtk
84: https://www.debian.org/security/2025/dsa-5979
85: https://packages.debian.org/src:libxslt
86: https://www.debian.org/security/2025/dsa-5980
87: https://packages.debian.org/src:firefox-esr
88: https://www.debian.org/security/2025/dsa-5981
89: https://packages.debian.org/src:chromium
90: https://www.debian.org/security/2025/dsa-5983
91: https://packages.debian.org/src:qemu
92: https://www.debian.org/security/2025/dsa-5984
93: https://packages.debian.org/src:thunderbird
94: https://www.debian.org/security/2025/dsa-5986
95: https://packages.debian.org/src:node-cipher-base
96: https://www.debian.org/security/2025/dsa-5988
97: https://packages.debian.org/src:chromium
98: https://www.debian.org/security/2025/dsa-5989
99: https://packages.debian.org/src:udisks2
100: https://www.debian.org/security/2025/dsa-5990
101: https://packages.debian.org/src:libxml2
102: https://www.debian.org/security/2025/dsa-5992
103: https://packages.debian.org/src:firebird4.0
Removed packages
----------------
The following packages were removed due to circumstances beyond our
control:
+------------+--------------------------------+
| Package | Reason |
+------------+--------------------------------+
| guix [104] | Unsupportable; security issues |
| | |
+------------+--------------------------------+
104: https://packages.debian.org/src:guix
Debian Installer
----------------
The installer has been updated to include the fixes incorporated into
stable by the point release.
URLs
----
The complete lists of packages that have changed with this revision:
https://deb.debian.org/debian/dists/trixie/ChangeLog
The current stable distribution:
https://deb.debian.org/debian/dists/stable/
Proposed updates to the stable distribution:
https://deb.debian.org/debian/dists/proposed-updates
stable distribution information (release notes, errata etc.):
https://www.debian.org/releases/stable/
Security announcements and information:
https://www.debian.org/security/
About Debian
------------
The Debian Project is an association of Free Software developers who
volunteer their time and effort in order to produce the completely free
operating system Debian.
Contact Information
-------------------
For further information, please visit the Debian web pages at
https://www.debian.org/, send mail to <press@debian.org>, or contact the
stable release team at <debian-release@lists.debian.org>.
Attachment:
signature.asc
Description: This is a digitally signed message part