[RFR] wml://publicity/announcements/pt/2025/20250517.wml
Boa tarde, pessoal.
Segue a tradução da versão pontual que será lançada amanhã. Novamente,
foi seguido o template que estamos utilizando há um bom tempo. Único
ponto de atenção é a seção Known issues que só está presente nesta
versão. Segue o arquivo completo para revisão e o diff para a notícia
anterior (12.10) para ajudar.
Abraços,
Charles
<define-tag pagetitle>Atualização Debian 12: 12.11 lançado</define-tag>
<define-tag release_date>2025-05-17</define-tag>
#use wml::debian::news
# $Id:
<define-tag release>12</define-tag>
<define-tag codename>bookworm</define-tag>
<define-tag revision>12.11</define-tag>
<define-tag dsa>
<tr><td align="center"><a href="$(HOME)/security/%0/dsa-%1">DSA-%1</a></td>
<td align="center"><:
my @p = ();
for my $p (split (/,\s*/, "%2")) {
push (@p, sprintf ('<a href="https://packages.debian.org/src:%s";>%s</a>', $p, $p));
}
print join (", ", @p);
:></td></tr>
</define-tag>
<define-tag correction>
<tr><td><a href="https://packages.debian.org/src:%0";>%0</a></td> <td>%1</td></tr>
</define-tag>
<define-tag srcpkg><a href="https://packages.debian.org/src:%0";>%0</a></define-tag>
<p>O projeto Debian está feliz em anunciar a décima primeira atualização de sua
versão estável (stable) do Debian <release> (codinome <q><codename></q>).
Esta versão pontual adiciona principalmente correções para problemas de
segurança, além de pequenos ajustes para problemas mais sérios. Avisos de
segurança já foram publicados em separado e são referenciados quando
necessário.</p>
<p>Por favor, note que a versão pontual não constitui uma nova versão do Debian
<release>, mas apenas atualiza alguns dos pacotes já incluídos. Não há
necessidade de jogar fora as antigas mídias do <q><codename></q>. Após a
instalação, os pacotes podem ser atualizados para as versões atuais usando um
espelho atualizado do Debian.</p>
<p>Aquelas pessoas que frequentemente instalam atualizações a partir de
security.debian.org não terão que atualizar muitos pacotes, e a maioria de tais
atualizações estão incluídas na versão pontual.</p>
<p>Novas imagens de instalação logo estarão disponíveis nos locais
habituais.</p>
<p>A atualização de uma instalação existente para esta revisão pode ser feita
apontando o sistema de gerenciamento de pacotes para um dos muitos espelhos
HTTP do Debian. Uma lista abrangente de espelhos está disponível em:</p>
<div class="center">
<a href="$(HOME)/mirror/list">https://www.debian.org/mirror/list</a>
</div>
<h2>Problemas conhecidos</h2>
<p>O Linux 6.1.137-1, incluso no Debian <revision> não consegue carregar os
módulos <q>watchdog</q> e <q>w83977f_wdt</q> na arquitetura <q>amd64</q>
Isso é uma regressão.</p>
<p>Esse problema será corrigido em uma próxima atualização.</p>
<p>Usuárias e usuários que utilizam a funcionalidade watchdog devem desativá-la
ou evitar a atualização para esta versão do kernel até uma correção estar
disponível.</p>
<h2>Correções gerais de bugs</h2>
<p>Esta atualização da versão estável (stable) adiciona algumas correções
importantes para os seguintes pacotes:</p>
<table border=0>
<tr><th>Pacote</th> <th>Justificativa</th></tr>
<correction abseil "Fix heap buffer overflow issue [CVE-2025-0838]; fix build failure on ppc64el">
<correction adonthell "Fix compatibility with SWIG 4.1">
<correction base-files "Update for the point release">
<correction bash "Rebuild for outdated Built-Using (glibc/2.36-9+deb12u5)">
<correction busybox "Rebuild for outdated Built-Using (glibc/2.36-9)">
<correction cdebootstrap "Rebuild for outdated Built-Using (glibc/2.36-9)">
<correction chkrootkit "Rebuild for outdated Built-Using (glibc/2.36-9+deb12u5)">
<correction crowdsec "Rebuild for outdated Built-Using (docker.io/20.10.24+dfsg1-1)">
<correction dar "Rebuild for outdated Built-Using (glibc/2.36-9+deb12u5)">
<correction debian-archive-keyring "Add archive signing and SRM keys for trixie (Debian 13); move buster (Debian 10) keys to removed keyring">
<correction debian-installer "Increase Linux kernel ABI to 6.1.0-35; rebuild against proposed-updates">
<correction debian-installer-netboot-images "Rebuild against proposed-updates">
<correction debian-security-support "Update list of packages receiving limited support, or unsupported, in bookworm">
<correction distro-info-data "Add Debian 15 and Ubuntu 25.10">
<correction docker.io "Rebuild for outdated Built-Using (containerd/1.6.20~ds1-1, glibc/2.36-9+deb12u8)">
<correction dpdk "New upstream stable release">
<correction fig2dev "Reject huge pattern lengths [CVE-2025-31162]; reject arcs with co-incident points [CVE-2025-31163]; allow an arc-box with zero radius [CVE-2025-31164]">
<correction fossil "Fix interaction with an Apache HTTP server including the fix for CVE-2024-24795">
<correction gcc-12 "Fix -fstack-protector handling of overflows on AArch64 [CVE-2023-4039]">
<correction gcc-mingw-w64 "Rebuild for outdated Built-Using (gcc-12/12.2.0-13)">
<correction glib2.0 "Fix integer overflow in g_date_time_new_from_iso8601() [CVE-2025-3360]">
<correction golang-github-containerd-stargz-snapshotter "Rebuild for outdated Built-Using (containerd/1.6.20~ds1-1, runc/1.1.5+ds1-1)">
<correction golang-github-containers-buildah "Rebuild for outdated Built-Using (containerd/1.6.20~ds1-1)">
<correction golang-github-openshift-imagebuilder "Rebuild for outdated Built-Using (containerd/1.6.20~ds1-1, docker.io/20.10.24+dfsg1-1)">
<correction haproxy "Fix heap buffer overflow issue [CVE-2025-32464]">
<correction igtf-policy-bundle "Backport current policy bundle">
<correction imagemagick "Fix <q>MIFF image depth mishandled after SetQuantumFormat</q> [CVE-2025-43965]">
<correction initramfs-tools "Restore copy_file's handling of target ending in slash; exclude usr-merge symlinks in copy_file; add reset drivers when MODULES=dep">
<correction krb5 "Fix memory leak in ndr.c [CVE-2024-26462]; prevent buffer overflow when calculating ulog buffer size [CVE-2025-24528]">
<correction libbson-xs-perl "Fix security issues in embedded copy of libbson: denial of service [CVE-2017-14227]; buffer over-read [CVE-2018-16790]; infinite loop [CVE-2023-0437]; memory corruption [CVE-2024-6381]; buffer overflows [CVE-2024-6383 CVE-2025-0755]">
<correction libcap2 "Fix incorrect recognition of group names [CVE-2025-1390]">
<correction libdata-entropy-perl "Seed entropy pool with urandom by default [CVE-2025-1860]">
<correction libpod "Rebuild for outdated Built-Using (containerd/1.6.20~ds1-1, docker.io/20.10.24+dfsg1-1, golang-github-containers-buildah/1.28.2+ds1-3)">
<correction libsub-handlesvia-perl "Fix arbitrary code execution issue [CVE-2025-30673]">
<correction linux "New upstream release; bump ABI to 35">
<correction linux-signed-amd64 "New upstream release; bump ABI to 35">
<correction linux-signed-arm64 "New upstream release; bump ABI to 35">
<correction linux-signed-i386 "New upstream release; bump ABI to 35">
<correction logcheck "Respect removal of /etc/logcheck/header.txt">
<correction mongo-c-driver "Fix infinite loop issue [CVE-2023-0437]; fix integer overflow issue [CVE-2024-6381]; fix buffer overflow issues [CVE-2024-6383 CVE-2025-0755]">
<correction network-manager "Fix crash dereferencing NULL pointer during debug logging [CVE-2024-6501]">
<correction nginx "Fix buffer underread and unordered chunk vulnerabilities in mp4 [CVE-2024-7347]">
<correction node-fstream-ignore "Fix build failure by not running tests in parallel">
<correction node-send "Fix cross-site scripting issue [CVE-2024-43799]">
<correction node-serialize-javascript "Fix cross-site scripting issue [CVE-2024-11831]">
<correction nvidia-graphics-drivers "New upstream stable release; remove ppc64el support (migrated to src:nvidia-graphics-drivers-tesla-535); fix build issues with newer kernel versions; security fixes [CVE-2024-0131 CVE-2024-0147 CVE-2024-0149 CVE-2024-0150 CVE-2024-53869 CVE-2025-23244]">
<correction nvidia-graphics-drivers-tesla "New upstream stable release; transition to packages from src:nvidia-graphics-drivers-tesla-535 on ppc64el; fix build issues with newer kernel versions">
<correction nvidia-graphics-drivers-tesla-535 "New package for the now EOL ppc64el support">
<correction nvidia-open-gpu-kernel-modules "New upstream stable release; security fixes [CVE-2024-0131 CVE-2024-0147 CVE-2024-0149 CVE-2024-0150 CVE-2024-53869 CVE-2025-23244]">
<correction nvidia-settings "New upstream stable release; drop support for some obsolete packages; relax the nvidia-alternative dependency to a suggestion on ppc64el">
<correction openrazer "Fix out of bounds read issue [CVE-2025-32776]">
<correction opensnitch "Rebuild for outdated Built-Using (golang-github-google-nftables/0.1.0-3)">
<correction openssh "Fix the DisableForwarding directive [CVE-2025-32728]">
<correction openssl "New upstream stable release; fix timing side channel issue [CVE-2024-13176]">
<correction openvpn "Avoid possible ASSERT() on OpenVPN servers using --tls-crypt-v2 [CVE-2025-2704]; prevent malicious peer DoS or log-flooding [CVE-2024-5594]; refuse multiple exit notifications from authenticated clients [CVE-2024-28882]; update expired certificates in build tests">
<correction phpmyadmin "Fix XSS vulnerabilities [CVE-2025-24529 CVE-2025-24530]">
<correction policyd-rate-limit "Fix startup with newer python3-yaml">
<correction poppler "Fix crash on malformed files [CVE-2023-34872]; fix out-of-bounds read issues [CVE-2024-56378 CVE-2025-32365]; fix floating point exception issue [CVE-2025-32364]">
<correction postgresql-15 "New upstream stable release; fix buffer over-read issue [CVE-2025-4207]">
<correction prometheus "Rebuild for outdated Built-Using (docker.io/20.10.24+dfsg1-1)">
<correction prometheus-postfix-exporter "Rebuild for outdated Built-Using (docker.io/20.10.24+dfsg1-1)">
<correction python-h11 "Fix request smuggling issue [CVE-2025-43859]">
<correction python3.11 "Fix misparsing issues [CVE-2025-0938 CVE-2025-1795]">
<correction qemu "Rebuild for outdated Built-Using (glibc/2.36-9+deb12u9, gnutls28/3.7.9-2+deb12u3); new upstream bugfix release">
<correction qtbase-opensource-src "Delay HTTP2 communication until encrypted() can be responded to [CVE-2024-39936]; fix crash with null checks in table iface methods">
<correction redis "Fix denial of service issue [CVE-2025-21605]">
<correction renaissance "Avoid exception on startup">
<correction sash "Rebuild for outdated Built-Using (glibc/2.36-9)">
<correction shadow "Fix password leak issue [CVE-2023-4641]; fix chfn control character injection issue [CVE-2023-29383]">
<correction skeema "Rebuild for outdated Built-Using (containerd/1.6.20~ds1-1, docker.io/20.10.24+dfsg1-1)">
<correction skopeo "Rebuild for outdated Built-Using (docker.io/20.10.24+dfsg1-1)">
<correction telegram-desktop "Rebuild for outdated Built-Using (ms-gsl/4.0.0-2)">
<correction tripwire "Rebuild for outdated Built-Using (glibc/2.36-9+deb12u5)">
<correction twitter-bootstrap3 "Fix cross-site scripting issues [CVE-2024-6485 CVE-2024-6484]">
<correction twitter-bootstrap4 "Fix cross-site scripting issue [CVE-2024-6531]">
<correction tzdata "New America/Coyhaique zone for Aysén Region in Chile">
<correction user-mode-linux "Rebuild for outdated Built-Using (linux/6.1.82-1)">
<correction varnish "Prevent HTTP/1 client-side desync [CVE-2025-30346]">
<correction wireless-regdb "New upstream release">
<correction xmedcon "Fix buffer overflow [CVE-2025-2581]">
<correction zsh "Rebuild for outdated Built-Using (glibc/2.36-9+deb12u5, libcap2/1:2.66-4)">
</table>
<h2>Atualizações de segurança</h2>
<p>Esta revisão adiciona as seguintes atualizações de segurança para a versão
estável (stable).
A equipe de segurança já lançou um aviso para cada uma dessas atualizações:</p>
<table border=0>
<tr><th>ID do aviso</th> <th>Pacote</th></tr>
<dsa 2025 5877 chromium>
<dsa 2025 5878 php8.2>
<dsa 2025 5879 opensaml>
<dsa 2025 5880 freetype>
<dsa 2025 5881 rails>
<dsa 2025 5882 chromium>
<dsa 2025 5883 mercurial>
<dsa 2025 5884 libxslt>
<dsa 2025 5885 webkit2gtk>
<dsa 2025 5886 ruby-rack>
<dsa 2025 5887 exim4>
<dsa 2025 5888 ghostscript>
<dsa 2025 5889 firefox-esr>
<dsa 2025 5890 chromium>
<dsa 2025 5891 thunderbird>
<dsa 2025 5892 atop>
<dsa 2025 5893 tomcat10>
<dsa 2025 5894 jetty9>
<dsa 2025 5895 xz-utils>
<dsa 2025 5896 trafficserver>
<dsa 2025 5897 lemonldap-ng>
<dsa 2025 5898 chromium>
<dsa 2025 5899 webkit2gtk>
<dsa 2025 5900 linux-signed-amd64>
<dsa 2025 5900 linux-signed-arm64>
<dsa 2025 5900 linux-signed-i386>
<dsa 2025 5900 linux>
<dsa 2025 5901 mediawiki>
<dsa 2025 5902 perl>
<dsa 2025 5903 chromium>
<dsa 2025 5904 libapache2-mod-auth-openidc>
<dsa 2025 5905 graphicsmagick>
<dsa 2025 5906 erlang>
<dsa 2025 5907 linux-signed-amd64>
<dsa 2025 5907 linux-signed-arm64>
<dsa 2025 5907 linux-signed-i386>
<dsa 2025 5907 linux>
<dsa 2025 5908 libreoffice>
<dsa 2025 5909 request-tracker5>
<dsa 2025 5910 firefox-esr>
<dsa 2025 5911 request-tracker4>
<dsa 2025 5912 thunderbird>
<dsa 2025 5913 openjdk-17>
<dsa 2025 5915 vips>
<dsa 2025 5917 libapache2-mod-auth-openidc>
</table>
<h2>Pacotes removidos</h2>
<p>Os seguintes pacotes foram removidos por circunstâncias fora de nosso
controle:</p>
<table border=0>
<tr><th>Pacote</th> <th>Justificativa</th></tr>
<correction pidgin-skype "Useless as service discontinued">
<correction viagee "No longer able to connect to gmail">
</table>
<h2>Instalador do Debian</h2>
<p>O instalador foi atualizado para incluir as correções incorporadas
na versão estável (stable) pela versão pontual.</p>
<h2>URLs</h2>
<p>As listas completas dos pacotes que foram alterados por esta revisão:</p>
<div class="center">
<url "https://deb.debian.org/debian/dists/<downcase <codename>>/ChangeLog">
</div>
<p>A atual versão estável (stable):</p>
<div class="center">
<url "https://deb.debian.org/debian/dists/stable/";>
</div>
<p>Atualizações propostas (proposed updates) para a versão estável (stable):</p>
<div class="center">
<url "https://deb.debian.org/debian/dists/proposed-updates";>
</div>
<p>Informações da versão estável (stable) (notas de lançamento, errata, etc):</p>
<div class="center">
<a
href="$(HOME)/releases/stable/">https://www.debian.org/releases/stable/</a>
</div>
<p>Anúncios de segurança e informações:</p>
<div class="center">
<a href="$(HOME)/security/">https://www.debian.org/security/</a>
</div>
<h2>Sobre o Debian</h2>
<p>O projeto Debian é uma associação de desenvolvedores(as) de Software Livre
que dedicam seu tempo e esforço como voluntários(as) para produzir o sistema
operacional completamente livre Debian.</p>
<h2>Informações de contato</h2>
<p>Para mais informações, por favor visite as páginas web do Debian em
<a href="$(HOME)/">https://www.debian.org/</a>, envie um e-mail (em inglês) para
<press@debian.org>, ou entre em contato (em inglês) com a equipe de
lançamento da versão estável (stable) em
<debian-release@lists.debian.org>.</p>
--- pt/2025/20250315.wml 2025-05-16 12:25:05.134843411 -0300
+++ pt/2025/20250517.wml 2025-05-16 12:25:03.382843302 -0300
@@ -1,11 +1,11 @@
-<define-tag pagetitle>Atualização Debian 12: 12.10 lançado</define-tag>
-<define-tag release_date>2025-03-15</define-tag>
+<define-tag pagetitle>Atualização Debian 12: 12.11 lançado</define-tag>
+<define-tag release_date>2025-05-17</define-tag>
#use wml::debian::news
# $Id:
<define-tag release>12</define-tag>
<define-tag codename>bookworm</define-tag>
-<define-tag revision>12.10</define-tag>
+<define-tag revision>12.11</define-tag>
<define-tag dsa>
<tr><td align="center"><a href="$(HOME)/security/%0/dsa-%1">DSA-%1</a></td>
@@ -24,7 +24,7 @@
<define-tag srcpkg><a href="https://packages.debian.org/src:%0";>%0</a></define-tag>
-<p>O projeto Debian está feliz em anunciar a décima atualização de sua
+<p>O projeto Debian está feliz em anunciar a décima primeira atualização de sua
versão estável (stable) do Debian <release> (codinome <q><codename></q>).
Esta versão pontual adiciona principalmente correções para problemas de
segurança, além de pequenos ajustes para problemas mais sérios. Avisos de
@@ -53,6 +53,19 @@
</div>
+<h2>Problemas conhecidos</h2>
+
+<p>O Linux 6.1.137-1, incluso no Debian <revision> não consegue carregar os
+módulos <q>watchdog</q> e <q>w83977f_wdt</q> na arquitetura <q>amd64</q>
+Isso é uma regressão.</p>
+
+<p>Esse problema será corrigido em uma próxima atualização.</p>
+
+<p>Usuárias e usuários que utilizam a funcionalidade watchdog devem desativá-la
+ou evitar a atualização para esta versão do kernel até uma correção estar
+disponível.</p>
+
+
<h2>Correções gerais de bugs</h2>
<p>Esta atualização da versão estável (stable) adiciona algumas correções
@@ -60,72 +73,87 @@
<table border=0>
<tr><th>Pacote</th> <th>Justificativa</th></tr>
-<correction 389-ds-base "Fix crash when modifying userPassword using malformed input [CVE-2024-2199 CVE-2024-8445]; prevent denial of service while attempting to log in with a user with a malformed hash in their password [CVE-2024-5953]; prevent denial of service on the directory server with specially-crafted LDAP query [CVE-2024-3657]">
+<correction abseil "Fix heap buffer overflow issue [CVE-2025-0838]; fix build failure on ppc64el">
+<correction adonthell "Fix compatibility with SWIG 4.1">
<correction base-files "Update for the point release">
-<correction bup "New upstream bugfix release">
-<correction containerd "Fix tests causing FTBFS on the auto-builder network">
-<correction curl "Fix unintended HTTPS upgrades or premature reversion to HTTP when both subdomains and parent domains are used [CVE-2024-9681]; prevent stopping of stunnel before retries in the built-time tests; fix possible credentials leakage issues [CVE-2024-11053 CVE-2025-0167]; fix test failures due to port clashes">
-<correction dacite "Do not cache result of get_default_value_for_field">
-<correction dcmtk "Fix issue when rendering an invalid monochrome DICOM image [CVE-2024-47796]; ensure: HighBit < BitsAllocated [CVE-2024-52333]; fix possible overflows when allocating memory [CVE-2024-27628]; fix two segmentation faults [CVE-2024-34508 CVE-2024-34509]; fix arbitrary code execution issue [CVE-2024-28130]; fix buffer overflow issues [CVE-2025-25472 CVE-2025-25474]; fix NULL pointer dereference issue [CVE-2025-25475]">
-<correction debian-installer "Increase Linux kernel ABI to 6.1.0-32; rebuild against proposed-updates">
-<correction debian-ports-archive-keyring "Add 2026 key; move 2023 and 2024 keys to the removed keyring">
-<correction dgit "Add missing parameters for source upload target">
-<correction djoser "Fix authentication bypass [CVE-2024-21543]">
-<correction dns-root-data "Add the DNSKEY record for KSK-2024">
-<correction edk2 "Fix overflow condition in PeCoffLoaderRelocateImage() [CVE-2024-38796]; fix potential UINT32 overflow in S3 ResumeCount [CVE-2024-1298]">
-<correction elpa "Fix tests on machines with 2 vCPU or fewer">
-<correction flightgear "Fix sandbox bypass vulnerability in Nasal scripts [CVE-2025-0781]">
-<correction gensim "Fix build failure on single-CPU machines">
-<correction glibc "Fix buffer overflow when printing assertion failure message [CVE-2025-0395]; fix memset performance for unaligned destinations; fix TLS performance degradation after dlopen() usage; avoid integer truncation when parsing CPUID data with large cache sizes; ensure data passed to the rseq syscall are properly initialized">
-<correction golang-github-containers-buildah "Disable a test known to fail on the auto-builder network, fixing build failure">
-<correction intel-microcode "New upstream security release [CVE-2023-34440 CVE-2023-43758 CVE-2024-24582 CVE-2024-28047 CVE-2024-28127 CVE-2024-29214 CVE-2024-31068 CVE-2024-31157 CVE-2024-36293 CVE-2024-37020 CVE-2024-39279 CVE-2024-39355]">
-<correction iptables-netflow "Fix build with newer bullseye kernels">
-<correction jinja2 "Fix arbitrary code execution issues [CVE-2024-56201 CVE-2024-56326]">
-<correction joblib "Fix build failure on single-CPU systems">
-<correction lemonldap-ng "Fix CSRF vulnerability on 2FA registration interface [CVE-2024-52948]">
-<correction libapache-mod-jk "Set correct default permissions for shared memory [CVE-2024-46544]">
-<correction libeconf "Fix buffer overflow vulnerability [CVE-2023-32181 CVE-2023-22652]">
-<correction librabbitmq "Add option to read username/password from file [CVE-2023-35789]">
-<correction libtar "Fix out-of-bounds read in gnu_longlink() [CVE-2021-33643]; fix out-of-bounds read in gnu_longname() [CVE-2021-33644]; fix memory leak in th_read() [CVE-2021-33645]; fix memory leak in th_read() [CVE-2021-33646]">
-<correction linux "New upstream release; bump ABI to 32">
-<correction linux-signed-amd64 "New upstream release; bump ABI to 32">
-<correction linux-signed-arm64 "New upstream release; bump ABI to 32">
-<correction linux-signed-i386 "New upstream release; bump ABI to 32">
-<correction linuxcnc "Fix multi axes movement on single axis G0 MDI call">
-<correction ltt-control "Fix consumer crash on shutdown">
-<correction lttng-modules "Fix build with newer bullseye kernels">
-<correction mariadb "New upstream stable release; fix security issue [CVE-2024-21096]; fix denial of service issue [CVE-2025-21490]">
-<correction monero "Impose response limits on HTTP server connections [CVE-2025-26819]">
-<correction mozc "Install fcitx icons to the correct locations">
-<correction ndcube "Ignore test warnings from astropy">
-<correction nginx "Fix possible bypass of client certificate authentication [CVE-2025-23419]">
-<correction node-axios "Fix CSRF vulnerability [CVE-2023-45857]; fix potential vulnerability in URL when determining an origin [CVE-2024-57965]">
-<correction node-js-sdsl "Fix build failure">
-<correction node-postcss "Fix mishandling of non-integer values leading to denial of service in nanoid [CVE-2024-55565]; fix parsing of external untrusted CSS [CVE-2023-44270]">
-<correction node-recast "Fix build failure">
-<correction node-redis "Fix build failure">
-<correction node-rollup "Fix build failure arising from changed timeout API">
-<correction openh264 "Fix Cisco download URL">
-<correction php-nesbot-carbon "Fix arbitrary file include issue [CVE-2025-22145]">
-<correction postgresql-15 "New upstream stable release; harden PQescapeString and allied functions against invalidly-encoded strings; improve behavior of libpq's quoting functions [CVE-2025-1094]">
-<correction puma "Fix behavior when parsing chunked transfer encoding bodies and zero-length Content-Length headers [CVE-2023-40175]; limit size of chunk extensions [CVE-2024-21647]; prevent manipulation of headers set by intermediate proxies [CVE-2024-45614]">
-<correction python-django "Fix regular expression-based denial of service issue [CVE-2023-36053], denial of service issues [CVE-2024-38875 CVE-2024-39614 CVE-2024-41990 CVE-2024-41991], user enumeration issue [CVE-2024-39329], directory traversal issue [CVE-2024-39330], excessive memory consumption issue [CVE-2024-41989], SQL injection issue [CVE-2024-42005]">
-<correction python-pycdlib "Run tests only if /tmp is tmpfs, otherwise they are known to fail">
-<correction rapiddisk "Support Linux versions up to 6.10">
-<correction rsyslog "Avoid segmentation fault if a SIGTERM is received during startup">
-<correction runit-services "Do not enable dhclient service by default">
-<correction seqan3 "Fix parallel running of tests">
-<correction simgear "Fix sandbox bypass vulnerability in Nasal scripts [CVE-2025-0781]">
-<correction spamassassin "New upstream stable release">
-<correction sssd "Apply GPO policy consistently [CVE-2023-3758]">
-<correction subversion "Fix vulnerable parsing of control characters in paths served by mod_dav_svn [CVE-2024-46901]">
-<correction sunpy "Ignore test warnings from astropy">
-<correction systemd "New upstream stable release">
-<correction tzdata "New upstream release; update data for Paraguay; update leap second information">
-<correction vagrant "Fix URL of public Vagrant registry">
-<correction vim "Fix crash when expanding <q>~</q> in substitute [CVE-2023-2610]; fix buffer-overflow in vim_regsub_both() [CVE-2023-4738]; fix heap use after free in ins_compl_get_exp() [CVE-2023-4752]; fix heap-buffer-overflow in vim_regsub_both [CVE-2023-4781]; fix buffer-overflow in trunc_string() [CVE-2023-5344]; fix stack-buffer-overflow in option callback functions [CVE-2024-22667]; fix heap-buffer-overflow in ins_typebuf (CVE-2024-43802]; fix use-after-free when closing a buffer [CVE-2024-47814]; fix build failure on 32-bit architectures">
-<correction wget "Fix mishandling of semicolons in userinfo in URLs [CVE-2024-38428]">
-<correction xen "Allow direct kernel boot with kernels >= 6.12">
+<correction bash "Rebuild for outdated Built-Using (glibc/2.36-9+deb12u5)">
+<correction busybox "Rebuild for outdated Built-Using (glibc/2.36-9)">
+<correction cdebootstrap "Rebuild for outdated Built-Using (glibc/2.36-9)">
+<correction chkrootkit "Rebuild for outdated Built-Using (glibc/2.36-9+deb12u5)">
+<correction crowdsec "Rebuild for outdated Built-Using (docker.io/20.10.24+dfsg1-1)">
+<correction dar "Rebuild for outdated Built-Using (glibc/2.36-9+deb12u5)">
+<correction debian-archive-keyring "Add archive signing and SRM keys for trixie (Debian 13); move buster (Debian 10) keys to removed keyring">
+<correction debian-installer "Increase Linux kernel ABI to 6.1.0-35; rebuild against proposed-updates">
+<correction debian-installer-netboot-images "Rebuild against proposed-updates">
+<correction debian-security-support "Update list of packages receiving limited support, or unsupported, in bookworm">
+<correction distro-info-data "Add Debian 15 and Ubuntu 25.10">
+<correction docker.io "Rebuild for outdated Built-Using (containerd/1.6.20~ds1-1, glibc/2.36-9+deb12u8)">
+<correction dpdk "New upstream stable release">
+<correction fig2dev "Reject huge pattern lengths [CVE-2025-31162]; reject arcs with co-incident points [CVE-2025-31163]; allow an arc-box with zero radius [CVE-2025-31164]">
+<correction fossil "Fix interaction with an Apache HTTP server including the fix for CVE-2024-24795">
+<correction gcc-12 "Fix -fstack-protector handling of overflows on AArch64 [CVE-2023-4039]">
+<correction gcc-mingw-w64 "Rebuild for outdated Built-Using (gcc-12/12.2.0-13)">
+<correction glib2.0 "Fix integer overflow in g_date_time_new_from_iso8601() [CVE-2025-3360]">
+<correction golang-github-containerd-stargz-snapshotter "Rebuild for outdated Built-Using (containerd/1.6.20~ds1-1, runc/1.1.5+ds1-1)">
+<correction golang-github-containers-buildah "Rebuild for outdated Built-Using (containerd/1.6.20~ds1-1)">
+<correction golang-github-openshift-imagebuilder "Rebuild for outdated Built-Using (containerd/1.6.20~ds1-1, docker.io/20.10.24+dfsg1-1)">
+<correction haproxy "Fix heap buffer overflow issue [CVE-2025-32464]">
+<correction igtf-policy-bundle "Backport current policy bundle">
+<correction imagemagick "Fix <q>MIFF image depth mishandled after SetQuantumFormat</q> [CVE-2025-43965]">
+<correction initramfs-tools "Restore copy_file's handling of target ending in slash; exclude usr-merge symlinks in copy_file; add reset drivers when MODULES=dep">
+<correction krb5 "Fix memory leak in ndr.c [CVE-2024-26462]; prevent buffer overflow when calculating ulog buffer size [CVE-2025-24528]">
+<correction libbson-xs-perl "Fix security issues in embedded copy of libbson: denial of service [CVE-2017-14227]; buffer over-read [CVE-2018-16790]; infinite loop [CVE-2023-0437]; memory corruption [CVE-2024-6381]; buffer overflows [CVE-2024-6383 CVE-2025-0755]">
+<correction libcap2 "Fix incorrect recognition of group names [CVE-2025-1390]">
+<correction libdata-entropy-perl "Seed entropy pool with urandom by default [CVE-2025-1860]">
+<correction libpod "Rebuild for outdated Built-Using (containerd/1.6.20~ds1-1, docker.io/20.10.24+dfsg1-1, golang-github-containers-buildah/1.28.2+ds1-3)">
+<correction libsub-handlesvia-perl "Fix arbitrary code execution issue [CVE-2025-30673]">
+<correction linux "New upstream release; bump ABI to 35">
+<correction linux-signed-amd64 "New upstream release; bump ABI to 35">
+<correction linux-signed-arm64 "New upstream release; bump ABI to 35">
+<correction linux-signed-i386 "New upstream release; bump ABI to 35">
+<correction logcheck "Respect removal of /etc/logcheck/header.txt">
+<correction mongo-c-driver "Fix infinite loop issue [CVE-2023-0437]; fix integer overflow issue [CVE-2024-6381]; fix buffer overflow issues [CVE-2024-6383 CVE-2025-0755]">
+<correction network-manager "Fix crash dereferencing NULL pointer during debug logging [CVE-2024-6501]">
+<correction nginx "Fix buffer underread and unordered chunk vulnerabilities in mp4 [CVE-2024-7347]">
+<correction node-fstream-ignore "Fix build failure by not running tests in parallel">
+<correction node-send "Fix cross-site scripting issue [CVE-2024-43799]">
+<correction node-serialize-javascript "Fix cross-site scripting issue [CVE-2024-11831]">
+<correction nvidia-graphics-drivers "New upstream stable release; remove ppc64el support (migrated to src:nvidia-graphics-drivers-tesla-535); fix build issues with newer kernel versions; security fixes [CVE-2024-0131 CVE-2024-0147 CVE-2024-0149 CVE-2024-0150 CVE-2024-53869 CVE-2025-23244]">
+<correction nvidia-graphics-drivers-tesla "New upstream stable release; transition to packages from src:nvidia-graphics-drivers-tesla-535 on ppc64el; fix build issues with newer kernel versions">
+<correction nvidia-graphics-drivers-tesla-535 "New package for the now EOL ppc64el support">
+<correction nvidia-open-gpu-kernel-modules "New upstream stable release; security fixes [CVE-2024-0131 CVE-2024-0147 CVE-2024-0149 CVE-2024-0150 CVE-2024-53869 CVE-2025-23244]">
+<correction nvidia-settings "New upstream stable release; drop support for some obsolete packages; relax the nvidia-alternative dependency to a suggestion on ppc64el">
+<correction openrazer "Fix out of bounds read issue [CVE-2025-32776]">
+<correction opensnitch "Rebuild for outdated Built-Using (golang-github-google-nftables/0.1.0-3)">
+<correction openssh "Fix the DisableForwarding directive [CVE-2025-32728]">
+<correction openssl "New upstream stable release; fix timing side channel issue [CVE-2024-13176]">
+<correction openvpn "Avoid possible ASSERT() on OpenVPN servers using --tls-crypt-v2 [CVE-2025-2704]; prevent malicious peer DoS or log-flooding [CVE-2024-5594]; refuse multiple exit notifications from authenticated clients [CVE-2024-28882]; update expired certificates in build tests">
+<correction phpmyadmin "Fix XSS vulnerabilities [CVE-2025-24529 CVE-2025-24530]">
+<correction policyd-rate-limit "Fix startup with newer python3-yaml">
+<correction poppler "Fix crash on malformed files [CVE-2023-34872]; fix out-of-bounds read issues [CVE-2024-56378 CVE-2025-32365]; fix floating point exception issue [CVE-2025-32364]">
+<correction postgresql-15 "New upstream stable release; fix buffer over-read issue [CVE-2025-4207]">
+<correction prometheus "Rebuild for outdated Built-Using (docker.io/20.10.24+dfsg1-1)">
+<correction prometheus-postfix-exporter "Rebuild for outdated Built-Using (docker.io/20.10.24+dfsg1-1)">
+<correction python-h11 "Fix request smuggling issue [CVE-2025-43859]">
+<correction python3.11 "Fix misparsing issues [CVE-2025-0938 CVE-2025-1795]">
+<correction qemu "Rebuild for outdated Built-Using (glibc/2.36-9+deb12u9, gnutls28/3.7.9-2+deb12u3); new upstream bugfix release">
+<correction qtbase-opensource-src "Delay HTTP2 communication until encrypted() can be responded to [CVE-2024-39936]; fix crash with null checks in table iface methods">
+<correction redis "Fix denial of service issue [CVE-2025-21605]">
+<correction renaissance "Avoid exception on startup">
+<correction sash "Rebuild for outdated Built-Using (glibc/2.36-9)">
+<correction shadow "Fix password leak issue [CVE-2023-4641]; fix chfn control character injection issue [CVE-2023-29383]">
+<correction skeema "Rebuild for outdated Built-Using (containerd/1.6.20~ds1-1, docker.io/20.10.24+dfsg1-1)">
+<correction skopeo "Rebuild for outdated Built-Using (docker.io/20.10.24+dfsg1-1)">
+<correction telegram-desktop "Rebuild for outdated Built-Using (ms-gsl/4.0.0-2)">
+<correction tripwire "Rebuild for outdated Built-Using (glibc/2.36-9+deb12u5)">
+<correction twitter-bootstrap3 "Fix cross-site scripting issues [CVE-2024-6485 CVE-2024-6484]">
+<correction twitter-bootstrap4 "Fix cross-site scripting issue [CVE-2024-6531]">
+<correction tzdata "New America/Coyhaique zone for Aysén Region in Chile">
+<correction user-mode-linux "Rebuild for outdated Built-Using (linux/6.1.82-1)">
+<correction varnish "Prevent HTTP/1 client-side desync [CVE-2025-30346]">
+<correction wireless-regdb "New upstream release">
+<correction xmedcon "Fix buffer overflow [CVE-2025-2581]">
+<correction zsh "Rebuild for outdated Built-Using (glibc/2.36-9+deb12u5, libcap2/1:2.66-4)">
</table>
@@ -137,49 +165,51 @@
<table border=0>
<tr><th>ID do aviso</th> <th>Pacote</th></tr>
-<dsa 2024 5834 chromium>
-<dsa 2024 5836 xen>
-<dsa 2025 5839 firefox-esr>
-<dsa 2025 5840 chromium>
-<dsa 2025 5841 thunderbird>
-<dsa 2025 5842 openafs>
-<dsa 2025 5843 rsync>
-<dsa 2025 5844 chromium>
-<dsa 2025 5845 tomcat10>
-<dsa 2025 5846 libreoffice>
-<dsa 2025 5847 snapcast>
-<dsa 2025 5848 chromium>
-<dsa 2025 5849 git-lfs>
-<dsa 2025 5850 git>
-<dsa 2025 5851 openjpeg2>
-<dsa 2025 5852 pdns-recursor>
-<dsa 2025 5853 pam-u2f>
-<dsa 2025 5854 bind9>
-<dsa 2025 5855 chromium>
-<dsa 2025 5856 redis>
-<dsa 2025 5857 openjdk-17>
-<dsa 2025 5858 firefox-esr>
-<dsa 2025 5859 chromium>
-<dsa 2025 5860 linux-signed-amd64>
-<dsa 2025 5860 linux-signed-arm64>
-<dsa 2025 5860 linux-signed-i386>
-<dsa 2025 5860 linux>
-<dsa 2025 5861 thunderbird>
-<dsa 2025 5862 cacti>
-<dsa 2025 5863 libtasn1-6>
-<dsa 2025 5864 pam-pkcs11>
-<dsa 2025 5865 webkit2gtk>
-<dsa 2025 5866 chromium>
-<dsa 2025 5867 gnutls28>
-<dsa 2025 5868 openssh>
-<dsa 2025 5869 chromium>
-<dsa 2025 5870 openh264>
-<dsa 2025 5871 emacs>
-<dsa 2025 5872 xorg-server>
-<dsa 2025 5873 libreoffice>
-<dsa 2025 5874 firefox-esr>
-<dsa 2025 5875 chromium>
-<dsa 2025 5876 thunderbird>
+<dsa 2025 5877 chromium>
+<dsa 2025 5878 php8.2>
+<dsa 2025 5879 opensaml>
+<dsa 2025 5880 freetype>
+<dsa 2025 5881 rails>
+<dsa 2025 5882 chromium>
+<dsa 2025 5883 mercurial>
+<dsa 2025 5884 libxslt>
+<dsa 2025 5885 webkit2gtk>
+<dsa 2025 5886 ruby-rack>
+<dsa 2025 5887 exim4>
+<dsa 2025 5888 ghostscript>
+<dsa 2025 5889 firefox-esr>
+<dsa 2025 5890 chromium>
+<dsa 2025 5891 thunderbird>
+<dsa 2025 5892 atop>
+<dsa 2025 5893 tomcat10>
+<dsa 2025 5894 jetty9>
+<dsa 2025 5895 xz-utils>
+<dsa 2025 5896 trafficserver>
+<dsa 2025 5897 lemonldap-ng>
+<dsa 2025 5898 chromium>
+<dsa 2025 5899 webkit2gtk>
+<dsa 2025 5900 linux-signed-amd64>
+<dsa 2025 5900 linux-signed-arm64>
+<dsa 2025 5900 linux-signed-i386>
+<dsa 2025 5900 linux>
+<dsa 2025 5901 mediawiki>
+<dsa 2025 5902 perl>
+<dsa 2025 5903 chromium>
+<dsa 2025 5904 libapache2-mod-auth-openidc>
+<dsa 2025 5905 graphicsmagick>
+<dsa 2025 5906 erlang>
+<dsa 2025 5907 linux-signed-amd64>
+<dsa 2025 5907 linux-signed-arm64>
+<dsa 2025 5907 linux-signed-i386>
+<dsa 2025 5907 linux>
+<dsa 2025 5908 libreoffice>
+<dsa 2025 5909 request-tracker5>
+<dsa 2025 5910 firefox-esr>
+<dsa 2025 5911 request-tracker4>
+<dsa 2025 5912 thunderbird>
+<dsa 2025 5913 openjdk-17>
+<dsa 2025 5915 vips>
+<dsa 2025 5917 libapache2-mod-auth-openidc>
</table>
@@ -190,10 +220,8 @@
<table border=0>
<tr><th>Pacote</th> <th>Justificativa</th></tr>
-<correction kanboard "Unmaintained; security issues">
-<correction libnet-easytcp-perl "Unmaintained upstream; security issues">
-<correction looking-glass "Not suitable for a stable release">
-
+<correction pidgin-skype "Useless as service discontinued">
+<correction viagee "No longer able to connect to gmail">
</table>
Reply to: