Re: [SUA 237-1] Upcoming Debian 12 Update (12.1)
Hi, be aware of this crash of the mate desktop volume control applet:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=971783
Thanks.
Max.
17 juillet 2023 à 18:59 "Jonathan Wiltshire" <jmw@debian.org> a écrit:
>
> ----------------------------------------------------------------------------
> Debian Stable Updates Announcement SUA 237-1 https://www.debian.org/
> debian-release@lists.debian.org Jonathan Wiltshire
> July 17th, 2023
> ----------------------------------------------------------------------------
>
> Upcoming Debian 12 Update (12.1)
>
> An update to Debian 12 is scheduled for Saturday, July 22nd 2023. As of now
> it will include the following bug fixes. They can be found in
> "bookworm-proposed-updates", which is carried by all official mirrors.
>
> Please note that packages published through security.debian.org are not
> listed, but will be included if possible. Some of the updates below are also
> already available through "bookworm-updates".
>
> Testing and feedback would be appreciated. Bugs should be filed in the
> Debian Bug Tracking System, but please make the Release Team aware of them
> by copying "debian-release@lists.debian.org" on your mails.
>
> Miscellaneous Bugfixes
> ----------------------
>
> This stable update adds a few important corrections to the following
> packages:
>
> Package Reason
> ------- ------
>
> aide Properly handle creating the system user; fix
> child directory processing on equal match
>
> autofs Fix hang when using Kerberos-authenticated LDAP
>
> ayatana-indicator-datetime Fix playing of custom alarm sounds
>
> base-files Update for the point release
>
> bepasty Fix rendering of text uploads
>
> boost1.81 Add missing dependency on libboost-json1.81.0
> to libboost-json1.81-dev
>
> bup Correctly restore POSIX ACLs
>
> chromium Security update (from bookworm-security during
> late freeze)
>
> context Enable socket in ConTeXt mtxrun
>
> cpdb-libs Fix a buffer overflow vulnerability
> [CVE-2023-34095]
>
> cpp-httplib Fix CRLF injection issue [CVE-2023-26130]
>
> crowdsec Fix default acquis.yaml to also include the
> journalctl datasource, limited to the
> ssh.service unit, making sure acquisition works
> even without the traditional auth.log file;
> make sure an invalid datasource doesn't make
> the engine error out
>
> cups Security fixes: use-after-free
> [CVE-2023-34241]; heap buffer overflow
> [CVE-2023-32324]
>
> cvs Configure full path to ssh
>
> dbus New upstream stable release; fix denial of
> service issue [CVE-2023-34969]; stop trying to
> take DPKG_ROOT into account, restoring copying
> of systemd's /etc/machine-id in preference to
> creating an entirely new machine ID
>
> desktop-base Remove emerald alternatives on package
> uninstallation
>
> dh-python Re-introduce Breaks+Replaces on python2 needed
> to help apt in some upgrade scenarios
>
> dkms Add Breaks against obsolete, incompatible
> *-dkms packages
>
> dnf Fix default DNF const PYTHON_INSTALL_DIR
>
> dpdk New upstream stable release
>
> exim4 Fix argument parsing for ${run } expansion; fix
> ${srs_encode ..} returning incorrect result
> every 1024 days
>
> fai Fix IP address lifetime
>
> firefox-esr Security update (from bookworm-security during
> late freeze)
>
> glibc Fix a buffer overflow in gmon; fix a deadlock
> in getaddrinfo (__check_pf) with deferred
> cancellation; fix y2038 support in strftime on
> 32-bit architectures; fix corner case parsing
> of /etc/gshadow which can return bad pointers,
> causing segfaults in applications; fix a
> deadlock in system() when called concurrently
> from multiple threads; cdefs: limit definition
> of fortification macros to __FORTIFY_LEVEL > 0
> to support old C90 compilers
>
> gnome-control-center New upstream bugfix release
>
> gnome-maps New upstream bugfix release
>
> gnome-shell New upstream bugfix release
>
> gnome-software New upstream release; memory leak fixes
>
> gosa Silence PHP 8.2 deprecation warnings; fix
> missing template in default theme; fix table
> styling, fixing use of debugLevel > 0
>
> groonga Fix documentation links
>
> guestfs-tools Security update (from bookworm-security during
> late freeze)
>
> indent Restore the ROUND_UP macro and adjust the
> initial buffer size
>
> installation-guide Enable Indonesian translation
>
> kanboard Various security fixes [CVE-2023-32685
> CVE-2023-33956 CVE-2023-33968 CVE-2023-33969
> CVE-2023-33970]
>
> kf5-messagelib Search also for subkeys
>
> libmatekbd Fix memory leaks
>
> libnginx-mod-http-modsecurity
> Binary rebuild with pcre2
>
> libreoffice New upstream bugfix release
>
> libreswan Fix potential denial-of-service issue
> [CVE-2023-30570]
>
> libxml2 Fix NULL pointer dereference issue
> [CVE-2022-2309]
>
> linux New upstream stable release; netfilter:
> nf_tables: do not ignore genmask when looking
> up chain by id [CVE-2023-31248], prevent OOB
> access in nft_byteorder_eval [CVE-2023-35001]
>
> linux-signed-amd64 New upstream stable release; netfilter:
> nf_tables: do not ignore genmask when looking
> up chain by id [CVE-2023-31248], prevent OOB
> access in nft_byteorder_eval [CVE-2023-35001]
>
> linux-signed-arm64 New upstream stable release; netfilter:
> nf_tables: do not ignore genmask when looking
> up chain by id [CVE-2023-31248], prevent OOB
> access in nft_byteorder_eval [CVE-2023-35001]
>
> linux-signed-i386 New upstream stable release; netfilter:
> nf_tables: do not ignore genmask when looking
> up chain by id [CVE-2023-31248], prevent OOB
> access in nft_byteorder_eval [CVE-2023-35001]
>
> mailman3 Drop redundant cron job; handle ordering of
> services when MariaDB is present
>
> marco Show correct window title when owned by
> superuser
>
> mate-control-center Fix various memory leaks
>
> mate-power-manager Fix serveral memory leaks
>
> mate-session-manager Fix several memory leaks; allow clutter
> backends other than x11
>
> mrtg Handle relocated configuration file;
> translation updates
>
> multipath-tools Hide underlying paths from LVM; prevent initial
> service failure on new installations
>
> mutter New upstream bugfix release
>
> network-manager-strongswan Build editor component with GTK 4 support
>
> nfdump Return success when starting; fix segfault in
> option parsing
>
> nftables Fix regression in set listing format
>
> node-openpgp-seek-bzip Correct installation of files in seek-bzip
> package
>
> node-tough-cookie Security fix (prototype pollution)
> [CVE-2023-26136]
>
> node-undici Security fixes: protect "Host" HTTP header from
> CLRF injection [CVE-2023-23936]; potential
> ReDoS on Headers.set and Headers.append
> [CVE-2023-24807]
>
> node-webpack Security fix (cross-realm objects)
> [CVE-2023-28154]
>
> nvidia-cuda-toolkit Update bundled openjdk-8-jre
>
> nvidia-graphics-drivers New upstream stable release; security fixes
> [CVE-2023-25515 CVE-2023-25516]
>
> nvidia-graphics-drivers-tesla
> New upstream stable release; security fixes
> [CVE-2023-25515 CVE-2023-25516]
>
> nvidia-graphics-drivers-tesla-470
> New upstream stable release; security fixes
> [CVE-2023-25515 CVE-2023-25516]
>
> nvidia-modprobe New upstream bugfix release
>
> nvidia-open-gpu-kernel-modules
> New upstream stable release; security fixes
> [CVE-2023-25515 CVE-2023-25516]
>
> nvidia-support Add Breaks against incompatible packages from
> bullseye
>
> onionshare Fix installation of desktop furniture
>
> openvpn Fix memory leak and dangling pointer (possible
> crash vector)
>
> pacemaker Fix regression in the resource scheduler
>
> postfix New upstream bugfix release; fix "postfix set-
> permissions"
>
> proftpd-dfsg Do not enable inetd-style socket at
> installation
>
> qemu New upstream stable release; fix USB devices
> not being available to XEN HVM domUs; 9pfs:
> prevent opening special files [CVE-2023-2861];
> fix reentrancy issues in the LSI controller
> [CVE-2023-0330]
>
> request-tracker5 Fix links to documentation
>
> rime-cantonese Sort words and characters by frequency
>
> rime-luna-pinyin Install missing pinyin schema data
>
> samba New upstream stable release; ensure manpages
> are generated during build; enable ability to
> store kerberos tickets in kernel keyring; fix
> build issues on armel and mipsel; fix windows
> logon/trust issues with 2023-07 windows updates
>
> schleuder-cli Security fix (value escaping)
>
> smarty4 Fix arbitrary code execution issue
> [CVE-2023-28447]
>
> spip Various security issues; security fix
> (authentication data filtering)
>
> sra-sdk Fix installation of files in libngs-java
>
> sudo Fix event log format
>
> systemd New upstream bugfix release; new upstream
> stable release
>
> tang Fix race condition when creating/rotating keys
> [CVE-2023-1672]
>
> texlive-bin Disable socket in luatex by default
> [CVE-2023-32668]; make installable on i386
>
> unixodbc Add Breaks+Replaces against odbcinst1debian1
>
> usb.ids Data update
>
> vm Disable byte compilation
>
> vte2.91 New upstream bugfix release
>
> xerial-sqlite-jdbc Use a UUID for connection ID [CVE-2023-32697]
>
> yajl Memory leak security fix; fix denial of service
> issue [CVE-2017-16516], integer overflow issue
> [CVE-2022-24795]
>
> A complete list of all accepted and rejected packages together with
> rationale is on the preparation page for this revision:
>
> <https://release.debian.org/proposed-updates/stable.html> https://release.debian.org/proposed-updates/stable.html%3E
>
> If you encounter any issues, please don't hesitate to get in touch with the
> Debian Release Team at "debian-release@lists.debian.org".
>
> --
> Jonathan Wiltshire jmw@debian.org
> Debian Developer http://people.debian.org/~jmw
>
> 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51
> ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
>
Reply to: