The Debian Project
https://www.debian.org/Updated Debian 12: 12.13 released press@debian.org
January 10th, 2026
https://www.debian.org/News/2026/2026011002
The Debian project is pleased to announce the thirteenth update of its
oldstable distribution Debian 12 (codename "bookworm"). This point
release mainly adds corrections for security issues, along with a few
adjustments for serious problems. Security advisories have already been
published separately and are referenced where available.
Please note that the point release does not constitute a new version of
Debian 12 but only updates some of the packages included. There is no
need to throw away old "bookworm" media. After installation, packages
can be upgraded to the current versions using an up-to-date Debian
mirror.
Those who frequently install updates from security.debian.org won't have
to update many packages, and most such updates are included in the point
release.
New installation images will be available soon at the regular locations.
Upgrading an existing installation to this revision can be achieved by
pointing the package management system at one of Debian's many HTTP
mirrors. A comprehensive list of mirrors is available at:
https://www.debian.org/mirror/listMiscellaneous Bugfixes
This oldstable update adds a few important corrections to the following
packages:
+--------------------------+------------------------------------------+
| Package | Reason |
+--------------------------+------------------------------------------+
| allow-html-temp [1] | New upstream version to support newer |
| | Thunderbird releases |
| | |
| angular.js [2] | Fix regular _expression_-based denial of |
| | service issues [CVE-2022-25844 CVE-2023- |
| | 26116 CVE-2023-26117 CVE-2023-26118]; |
| | fix restriction bypass issues [CVE-2024- |
| | 8372 CVE-2024-8373]; fix denial of |
| | service issue [CVE-2024-21490]; fix |
| | improper sanitization issues [CVE-2025- |
| | 0716 CVE-2025-2336] |
| | |
| apache2 [3] | New upstream stable release; fix integer |
| | overflow issue [CVE-2025-55753]; don't |
| | pass querystring to #exec directives |
| | [CVE-2025-58098]; fix improper parsing |
| | of environment variables [CVE-2025- |
| | 65082]; fix mod_userdir+suexec bypass |
| | issue [CVE-2025-66200] |
| | |
| base-files [4] | Update for the point release |
| | |
| bash [5] | Rebuild with updated glibc |
| | |
| btrfs-progs [6] | Device stats: fix printing wrong values |
| | in tabular output |
| | |
| busybox [7] | Rebuild with updated glibc |
| | |
| c-icap-modules [8] | Rebuild against libclamav12; disable |
| | clamav support on armel, mipsel and |
| | mips64el |
| | |
| calibre [9] | Fix code execution issue [CVE-2025- |
| | 64486] |
| | |
| cdebootstrap [10] | Rebuild with updated glibc |
| | |
| chkrootkit [11] | Rebuild with updated glibc |
| | |
| clamav [12] | New upstream long term support release |
| | |
| composer [13] | Fix ANSI sequence injection [CVE-2025- |
| | 67746] |
| | |
| cups-filters [14] | Fix TIFF parser bounds/validation issues |
| | [CVE-2025-57812]; clamp oversized PDF |
| | MediaBox-derived page size in |
| | pdftoraster [CVE-2025-64503]; avoid |
| | rastertopclx infinite loop and heap |
| | overflow on crafted raster input |
| | [CVE-2025-64524] |
| | |
| cyrus-imapd [15] | Rebuild against libclamav12; disable |
| | clamav support on armel, mipsel and |
| | mips64el |
| | |
| dar [16] | Rebuild with updated glibc |
| | |
| debian-installer [17] | Increase Linux kernel ABI to 6.1.0-42; |
| | rebuild against oldstable-proposed- |
| | updates |
| | |
| debian-installer- | Rebuild against oldstable-proposed- |
| netboot-images [18] | updates |
| | |
| debian-security- | Mark hdf5, libsoup2.4, libsoup3 and |
| support [19] | zabbix as receiving limited support; |
| | mark dnsdist, pdns, pdns-recursor as |
| | unsupported |
| | |
| distro-info-data [20] | Update bookworm EoL date; add Ubuntu |
| | 26.04 LTS "Resolute Raccoon" |
| | |
| docker.io [21] | Rebuild with updated containerd, glibc |
| | |
| dpdk [22] | New upstream stable release |
| | |
| e2guardian [23] | Disable clamav support on armel, mipsel |
| | and mips64el |
| | |
| freerdp2 [24] | New upstream release; fix multiple |
| | memory-safety vulnerabilities: integer |
| | overflow/underflow and out-of-bounds |
| | write in NSC, Clear, and GDI bitmap |
| | codecs [CVE-2024-22211 CVE-2024-32037 |
| | CVE-2024-32038 CVE-2024-32039 CVE-2024- |
| | 32040]; out-of-bounds reads in ZGFX, |
| | Planar, NCRUSH, Interleaved, and RFX |
| | codecs [CVE-2024-32041 CVE-2024-32457 |
| | CVE-2024-32458 CVE-2024-32459 CVE-2024- |
| | 32460]; invalid memory access in |
| | freerdp_peer_get_logon_info [CVE-2024- |
| | 32661]; bounds-check and overflow fixes; |
| | update for GCC 14 / FFmpeg 7 build |
| | compatibility |
| | |
| gcc-bpf [25] | Rebuild with updated glibc |
| | |
| gcc-or1k-elf [26] | Rebuild with updated glibc |
| | |
| gcc-riscv64-unknown- | Rebuild with updated glibc |
| elf [27] | |
| | |
| gcc-xtensa-lx106 [28] | Rebuild with updated glibc |
| | |
| gdk-pixbuf [29] | Fix buffer overflow issue [CVE-2025- |
| | 7345] |
| | |
| ghdl [30] | Rebuild with updated glibc |
| | |
| git [31] | Fix arbitrary file creation/truncation |
| | in gitk [CVE-2025-27613]; prevent |
| | arbitrary file overwrite in git-gui with |
| | crafted directory names [CVE-2025- |
| | 46835]; correct submodule path parsing |
| | with trailing CR [CVE-2025-48384]; |
| | validate bundle-uri to prevent protocol |
| | injection during clone [CVE-2025-48385] |
| | |
| glib2.0 [32] | Fix various integer overflow issues |
| | [CVE-2025-13601 CVE-2025-14087 CVE-2025- |
| | 14512] |
| | |
| gnupg2 [33] | Avoid potential downgrade to SHA1 in 3rd |
| | party key signatures; error out on |
| | unverified output for non-detached |
| | signatures; fix possible memory |
| | corruption in the armor parser |
| | [CVE-2025-68973]; do not use a default |
| | when asking for another output filename |
| | |
| golang-github- | Rebuild with updated containerd |
| containerd-stargz- | |
| snapshotter [34] | |
| | |
| golang-github- | Rebuild with updated containerd |
| containers-buildah [35] | |
| | |
| golang-github-openshift- | Rebuild with updated containerd |
| imagebuilder [36] | |
| | |
| imagemagick [37] | Fix denial of service issues [CVE-2025- |
| | 62594 CVE-2025-68618]; fix use-after- |
| | free issue [CVE-2025-65955]; fix integer |
| | overflow issues [CVE-2025-62171 |
| | CVE-2025-66628 CVE-2025-69204]; fix |
| | infinite loop issue [CVE-2025-68950] |
| | |
| intel-microcode [38] | Update Intel processor microcode to |
| | 20251111 |
| | |
| lemonldap-ng [39] | Fix sessions tablename when not default; |
| | fix oidc flow when user encountered an |
| | error on server side; fix Kerberos |
| | _javascript_ when used with "Choice" ; |
| | improve CORS checking; fix path_info |
| | handling; fix shell injection issue |
| | [CVE-2025-59518]; hide session id from |
| | Ajax responses |
| | |
| libcap2 [40] | Rebuild with updated glibc |
| | |
| libclamunrar [41] | New upstream release, aligning with |
| | clamav 1.4.3 |
| | |
| libcommons-lang- | Fix uncontrolled recursion issue |
| java [42] | [CVE-2025-48924] |
| | |
| libcommons-lang3- | Fix uncontrolled recursion issue |
| java [43] | [CVE-2025-48924] |
| | |
| libhtp [44] | Fix denial of service issue via |
| | unbounded HTTP header processing |
| | [CVE-2024-23837 CVE-2024-45797] |
| | |
| libnginx-mod-http- | Fix HTTP HEAD request smuggling |
| lua [45] | [CVE-2024-33452] |
| | |
| libphp-adodb [46] | Fix SQL injection in sqlite and sqlite3 |
| | metadata lookups [CVE-2025-54119] |
| | |
| libpod [47] | Rebuild with updated containerd |
| | |
| libreoffice [48] | Set Bulgaria locale default currency to |
| | EUR |
| | |
| libssh [49] | Fix integer overflow issue [CVE-2025- |
| | 4877]; fix use of uninitialized variable |
| | [CVE-2025-4878]; fix out of bounds |
| | memory access issue [CVE-2025-5318]; fix |
| | double free issue [CVE-2025-5351]; fix |
| | use of uninitialized memory [CVE-2025- |
| | 5372 CVE-2025-5987]; fix null pointer |
| | dereference issue [CVE-2025-8114]; fix |
| | memory leak [CVE-2025-8277] |
| | |
| libxml2 [50] | Fix denial of service issue [CVE-2025- |
| | 9714] |
| | |
| libyaml-syck-perl [51] | Fix memory corruption leading to "str" |
| | value being set on empty keys |
| | |
| linux [52] | New upstream stable release |
| | |
| linux-signed-amd64 [53] | New upstream stable release |
| | |
| linux-signed-arm64 [54] | New upstream stable release |
| | |
| linux-signed-i386 [55] | New upstream stable release |
| | |
| log4cxx [56] | Fix improper escaping issues [CVE-2025- |
| | 54812 CVE-2025-54813] |
| | |
| luksmeta [57] | Fix data corruption issue with LUKS1 |
| | [CVE-2025-11568] |
| | |
| modsecurity-apache [58] | Fix request body error handling to |
| | propagate Apache filter/read failures |
| | correctly [CVE-2025-54571]; map request |
| | body read failures to appropriate HTTP |
| | status codes; simplify request body |
| | error propagation in mod_security2 |
| | |
| mongo-c-driver [59] | Avoid invalid memory reads [CVE-2025- |
| | 12119] |
| | |
| mydumper [60] | Fix arbitrary file read issue [CVE-2025- |
| | 30224] |
| | |
| nvidia-graphics- | New upstream bugfix release [CVE-2025- |
| drivers [61] | 23279 CVE-2025-23286] |
| | |
| nvidia-open-gpu-kernel- | New upstream bugfix release [CVE-2025- |
| modules [62] | 23279 CVE-2025-23286] |
| | |
| onetbb [63] | Fix build failure on single-CPU and CI |
| | environments by skipping problematic |
| | tests |
| | |
| open-vm-tools [64] | Disable SDMP service version collection |
| | by default to mitigate local privilege |
| | escalation [CVE-2025-41244] |
| | |
| openrefine [65] | Fix MySQL host parameter injection in |
| | JDBC URL parsing [CVE-2024-23833]; fix |
| | reflected XSS in gdata OAuth callback |
| | handler [CVE-2024-47878]; fix content- |
| | type confusion XSS in ExportRows |
| | endpoint [CVE-2024-47880]; prevent |
| | remote or extension loading via SQLite |
| | connection URL [CVE-2024-47881]; escape |
| | HTML in error stack traces [CVE-2024- |
| | 47882]; prevent path traversal in |
| | language file loading [CVE-2024-49760] |
| | |
| openssl [66] | New upstream stable release |
| | |
| pam [67] | Fix local privilege escalation in |
| | pam_namespace [CVE-2025-6020] |
| | |
| pg-snakeoil [68] | Rebuild against libclamav12 |
| | |
| pgbouncer [69] | Fix arbitary SQL execution issue |
| | [CVE-2025-12819]; fix expired password |
| | use issue [CVE-2025-2291] |
| | |
| postgresql-15 [70] | New upstream stable release; check for |
| | CREATE privileges on the schema in |
| | CREATE STATISTICS [CVE-2025-12817]; |
| | avoid integer overflow in allocation- |
| | size calculations within libpq |
| | [CVE-2025-12818] |
| | |
| qemu [71] | New upstream stable release; fix "qemu- |
| | img info
https://example.com" ; fix |
| | migration of guests using virtio-net; |
| | fix use after free issue [CVE-2025- |
| | 11234] |
| | |
| qpwgraph [72] | Add missing dependency on libqt6svg6 |
| | |
| r-cran-gh [73] | Fix sensitive data leak issue [CVE-2025- |
| | 54956] |
| | |
| rear [74] | Prevent created initrd from being world- |
| | readable when GRUB_RESCUE=y [CVE-2024- |
| | 23301] |
| | |
| rescue [75] | Improve btrfs support |
| | |
| rlottie [76] | Fix outlying coordinate rejection in |
| | FreeType rasteriser [CVE-2025-0634 |
| | CVE-2025-53074 CVE-2025-53075] |
| | |
| rsync [77] | Improve test coverage for future |
| | updates; fix out-of-bounds read via |
| | negative array index in sender file list |
| | handling [CVE-2025-10158] |
| | |
| ruby-sinatra [78] | Fix regular _expression_-based denial of |
| | service issue [CVE-2025-61921] |
| | |
| samba [79] | Fix information leak issue [CVE-2018- |
| | 14628]; fix command injection issue |
| | [CVE-2025-10230]; fix uninitialized |
| | memory disclosure issue [CVE-2025-9640] |
| | |
| sash [80] | Rebuild with updated glibc |
| | |
| shadow [81] | Fix segmentation fault in groupmod |
| | |
| skeema [82] | Rebuild with updated containerd |
| | |
| snapd [83] | Rebuild with updated containerd |
| | |
| sogo [84] | Fix HTML injection issue [CVE-2023- |
| | 48104]; fix CSS injection issue |
| | [CVE-2024-24510]; fix cross-site |
| | scripting issues [CVE-2025-63498 |
| | CVE-2025-63499]; fix crash on invalid |
| | mailIdentities |
| | |
| squid [85] | Fix denial of service issue [CVE-2023- |
| | 46728]; fix mishandling of long SNMP |
| | OIDs in ASN.1 [CVE-2025-59362]; disable |
| | ESI feature support, fixing several |
| | issues [CVE-2024-45802]; remove Gopher |
| | support |
| | |
| sudo [86] | Enable Intel CET on amd64 only |
| | |
| supermin [87] | Rebuild with updated glibc |
| | |
| symfony [88] | Fix PATH_INFO parsing [CVE-2025-64500]; |
| | drop failing Finder testsuite data |
| | entries |
| | |
| syslog-ng [89] | Fix incorrect wildcard matching in |
| | certificate names [CVE-2024-47619] |
| | |
| tripwire [90] | Rebuild with updated glibc |
| | |
| u-boot [91] | Fix integer overflow issues [CVE-2024- |
| | 57254 CVE-2024-57255 CVE-2024-57256 |
| | CVE-2024-57258]; fix stack consumption |
| | issue [CVE-2024-57257]; fix heap |
| | corruption issue [CVE-2024-57259] |
| | |
| ublock-origin [92] | New upstream release; improve user |
| | experience and add new filter |
| | capabilities; fix denial of service |
| | issue [CVE-2025-4215] |
| | |
| unbound [93] | Fix denial of service issue [CVE-2024- |
| | 33655]; fix possible domain hijack issue |
| | [CVE-2025-11411]; fix "unbound-anchor |
| | cannot deal with full disk" ; fix |
| | potential amplification DDoS attacks; |
| | fix incorrect return of NODATA for some |
| | ANY queries |
| | |
| user-mode-linux [94] | Rebuild with updated linux |
| | |
| vtk9 [95] | Fix inability to read VTK XML files with |
| | appended data on newer expat |
| | |
| zsh [96] | Rebuild with updated glibc, libcap2 |
| | |
+--------------------------+------------------------------------------+
1:
https://packages.debian.org/src:allow-html-temp 2:
https://packages.debian.org/src:angular.js 3:
https://packages.debian.org/src:apache2 4:
https://packages.debian.org/src:base-files 5:
https://packages.debian.org/src:bash 6:
https://packages.debian.org/src:btrfs-progs 7:
https://packages.debian.org/src:busybox 8:
https://packages.debian.org/src:c-icap-modules 9:
https://packages.debian.org/src:calibre 10:
https://packages.debian.org/src:cdebootstrap 11:
https://packages.debian.org/src:chkrootkit 12:
https://packages.debian.org/src:clamav 13:
https://packages.debian.org/src:composer 14:
https://packages.debian.org/src:cups-filters 15:
https://packages.debian.org/src:cyrus-imapd 16:
https://packages.debian.org/src:dar 17:
https://packages.debian.org/src:debian-installer 18:
https://packages.debian.org/src:debian-installer-netboot-images 19:
https://packages.debian.org/src:debian-security-support 20:
https://packages.debian.org/src:distro-info-data 21:
https://packages.debian.org/src:docker.io 22:
https://packages.debian.org/src:dpdk 23:
https://packages.debian.org/src:e2guardian 24:
https://packages.debian.org/src:freerdp2 25:
https://packages.debian.org/src:gcc-bpf 26:
https://packages.debian.org/src:gcc-or1k-elf 27:
https://packages.debian.org/src:gcc-riscv64-unknown-elf 28:
https://packages.debian.org/src:gcc-xtensa-lx106 29:
https://packages.debian.org/src:gdk-pixbuf 30:
https://packages.debian.org/src:ghdl 31:
https://packages.debian.org/src:git 32:
https://packages.debian.org/src:glib2.0 33:
https://packages.debian.org/src:gnupg2 34:
https://packages.debian.org/src:golang-github-containerd-stargz-snapshotter 35:
https://packages.debian.org/src:golang-github-containers-buildah 36:
https://packages.debian.org/src:golang-github-openshift-imagebuilder 37:
https://packages.debian.org/src:imagemagick 38:
https://packages.debian.org/src:intel-microcode 39:
https://packages.debian.org/src:lemonldap-ng 40:
https://packages.debian.org/src:libcap2 41:
https://packages.debian.org/src:libclamunrar 42:
https://packages.debian.org/src:libcommons-lang-java 43:
https://packages.debian.org/src:libcommons-lang3-java 44:
https://packages.debian.org/src:libhtp 45:
https://packages.debian.org/src:libnginx-mod-http-lua 46:
https://packages.debian.org/src:libphp-adodb 47:
https://packages.debian.org/src:libpod 48:
https://packages.debian.org/src:libreoffice 49:
https://packages.debian.org/src:libssh 50:
https://packages.debian.org/src:libxml2 51:
https://packages.debian.org/src:libyaml-syck-perl 52:
https://packages.debian.org/src:linux 53:
https://packages.debian.org/src:linux-signed-amd64 54:
https://packages.debian.org/src:linux-signed-arm64 55:
https://packages.debian.org/src:linux-signed-i386 56:
https://packages.debian.org/src:log4cxx 57:
https://packages.debian.org/src:luksmeta 58:
https://packages.debian.org/src:modsecurity-apache 59:
https://packages.debian.org/src:mongo-c-driver 60:
https://packages.debian.org/src:mydumper 61:
https://packages.debian.org/src:nvidia-graphics-drivers 62:
https://packages.debian.org/src:nvidia-open-gpu-kernel-modules 63:
https://packages.debian.org/src:onetbb 64:
https://packages.debian.org/src:open-vm-tools 65:
https://packages.debian.org/src:openrefine 66:
https://packages.debian.org/src:openssl 67:
https://packages.debian.org/src:pam 68:
https://packages.debian.org/src:pg-snakeoil 69:
https://packages.debian.org/src:pgbouncer 70:
https://packages.debian.org/src:postgresql-15 71:
https://packages.debian.org/src:qemu 72:
https://packages.debian.org/src:qpwgraph 73:
https://packages.debian.org/src:r-cran-gh 74:
https://packages.debian.org/src:rear 75:
https://packages.debian.org/src:rescue 76:
https://packages.debian.org/src:rlottie 77:
https://packages.debian.org/src:rsync 78:
https://packages.debian.org/src:ruby-sinatra 79:
https://packages.debian.org/src:samba 80:
https://packages.debian.org/src:sash 81:
https://packages.debian.org/src:shadow 82:
https://packages.debian.org/src:skeema 83:
https://packages.debian.org/src:snapd 84:
https://packages.debian.org/src:sogo 85:
https://packages.debian.org/src:squid 86:
https://packages.debian.org/src:sudo 87:
https://packages.debian.org/src:supermin 88:
https://packages.debian.org/src:symfony 89:
https://packages.debian.org/src:syslog-ng 90:
https://packages.debian.org/src:tripwire 91:
https://packages.debian.org/src:u-boot 92:
https://packages.debian.org/src:ublock-origin 93:
https://packages.debian.org/src:unbound 94:
https://packages.debian.org/src:user-mode-linux 95:
https://packages.debian.org/src:vtk9 96:
https://packages.debian.org/src:zshSecurity Updates
This revision adds the following security updates to the oldstable
release. The Security Team has already released an advisory for each of
these updates:
+----------------+------------------------------+
| Advisory ID | Package |
+----------------+------------------------------+
| DSA-5979 [97] | libxslt [98] |
| | |
| DSA-5993 [99] | chromium [100] |
| | |
| DSA-5994 [101] | shibboleth-sp [102] |
| | |
| DSA-5996 [103] | chromium [104] |
| | |
| DSA-5997 [105] | imagemagick [106] |
| | |
| DSA-5998 [107] | cups [108] |
| | |
| DSA-5999 [109] | libjson-xs-perl [110] |
| | |
| DSA-6000 [111] | libcpanel-json-xs-perl [112] |
| | |
| DSA-6001 [113] | cjson [114] |
| | |
| DSA-6002 [115] | node-sha.js [116] |
| | |
| DSA-6003 [117] | firefox-esr [118] |
| | |
| DSA-6004 [119] | chromium [120] |
| | |
| DSA-6005 [121] | jetty9 [122] |
| | |
| DSA-6009 [123] | linux-signed-amd64 [124] |
| | |
| DSA-6009 [125] | linux-signed-arm64 [126] |
| | |
| DSA-6009 [127] | linux-signed-i386 [128] |
| | |
| DSA-6009 [129] | linux [130] |
| | |
| DSA-6010 [131] | chromium [132] |
| | |
| DSA-6012 [133] | nncp [134] |
| | |
| DSA-6013 [135] | node-tar-fs [136] |
| | |
| DSA-6015 [137] | openssl [138] |
| | |
| DSA-6016 [139] | chromium [140] |
| | |
| DSA-6017 [141] | haproxy [142] |
| | |
| DSA-6018 [143] | gegl [144] |
| | |
| DSA-6020 [145] | redis [146] |
| | |
| DSA-6021 [147] | chromium [148] |
| | |
| DSA-6023 [149] | tiff [150] |
| | |
| DSA-6024 [151] | ghostscript [152] |
| | |
| DSA-6025 [153] | firefox-esr [154] |
| | |
| DSA-6026 [155] | chromium [156] |
| | |
| DSA-6028 [157] | lxd [158] |
| | |
| DSA-6029 [159] | ark [160] |
| | |
| DSA-6030 [161] | intel-microcode [162] |
| | |
| DSA-6031 [163] | request-tracker5 [164] |
| | |
| DSA-6032 [165] | request-tracker4 [166] |
| | |
| DSA-6033 [167] | bind9 [168] |
| | |
| DSA-6034 [169] | tryton-sao [170] |
| | |
| DSA-6035 [171] | python-internetarchive [172] |
| | |
| DSA-6036 [173] | chromium [174] |
| | |
| DSA-6038 [175] | openjdk-17 [176] |
| | |
| DSA-6040 [177] | thunderbird [178] |
| | |
| DSA-6041 [179] | strongswan [180] |
| | |
| DSA-6042 [181] | evolution [182] |
| | |
| DSA-6042 [183] | webkit2gtk [184] |
| | |
| DSA-6043 [185] | gimp [186] |
| | |
| DSA-6044 [187] | xorg-server [188] |
| | |
| DSA-6046 [189] | chromium [190] |
| | |
| DSA-6047 [191] | squid [192] |
| | |
| DSA-6048 [193] | ruby-rack [194] |
| | |
| DSA-6049 [195] | gimp [196] |
| | |
| DSA-6050 [197] | chromium [198] |
| | |
| DSA-6053 [199] | linux-signed-amd64 [200] |
| | |
| DSA-6053 [201] | linux-signed-arm64 [202] |
| | |
| DSA-6053 [203] | linux-signed-i386 [204] |
| | |
| DSA-6053 [205] | linux [206] |
| | |
| DSA-6054 [207] | firefox-esr [208] |
| | |
| DSA-6055 [209] | chromium [210] |
| | |
| DSA-6056 [211] | keystone [212] |
| | |
| DSA-6056 [213] | swift [214] |
| | |
| DSA-6057 [215] | lxd [216] |
| | |
| DSA-6058 [217] | lasso [218] |
| | |
| DSA-6059 [219] | thunderbird [220] |
| | |
| DSA-6060 [221] | chromium [222] |
| | |
| DSA-6061 [223] | tryton-sao [224] |
| | |
| DSA-6062 [225] | pdfminer [226] |
| | |
| DSA-6064 [227] | tryton-server [228] |
| | |
| DSA-6065 [229] | krita [230] |
| | |
| DSA-6067 [231] | containerd [232] |
| | |
| DSA-6068 [233] | xen [234] |
| | |
| DSA-6069 [235] | openvpn [236] |
| | |
| DSA-6070 [237] | webkit2gtk [238] |
| | |
| DSA-6072 [239] | chromium [240] |
| | |
| DSA-6074 [241] | webkit2gtk [242] |
| | |
| DSA-6075 [243] | wordpress [244] |
| | |
| DSA-6076 [245] | libpng1.6 [246] |
| | |
| DSA-6078 [247] | firefox-esr [248] |
| | |
| DSA-6079 [249] | ffmpeg [250] |
| | |
| DSA-6080 [251] | chromium [252] |
| | |
| DSA-6081 [253] | thunderbird [254] |
| | |
| DSA-6082 [255] | vlc [256] |
| | |
| DSA-6083 [257] | webkit2gtk [258] |
| | |
| DSA-6085 [259] | mediawiki [260] |
| | |
| DSA-6087 [261] | roundcube [262] |
| | |
| DSA-6089 [263] | chromium [264] |
| | |
| DSA-6090 [265] | rails [266] |
| | |
+----------------+------------------------------+
97:
https://www.debian.org/security/2025/dsa-5979 98:
https://packages.debian.org/src:libxslt 99:
https://www.debian.org/security/2025/dsa-5993 100:
https://packages.debian.org/src:chromium 101:
https://www.debian.org/security/2025/dsa-5994 102:
https://packages.debian.org/src:shibboleth-sp 103:
https://www.debian.org/security/2025/dsa-5996 104:
https://packages.debian.org/src:chromium 105:
https://www.debian.org/security/2025/dsa-5997 106:
https://packages.debian.org/src:imagemagick 107:
https://www.debian.org/security/2025/dsa-5998 108:
https://packages.debian.org/src:cups 109:
https://www.debian.org/security/2025/dsa-5999 110:
https://packages.debian.org/src:libjson-xs-perl 111:
https://www.debian.org/security/2025/dsa-6000 112:
https://packages.debian.org/src:libcpanel-json-xs-perl 113:
https://www.debian.org/security/2025/dsa-6001 114:
https://packages.debian.org/src:cjson 115:
https://www.debian.org/security/2025/dsa-6002 116:
https://packages.debian.org/src:node-sha.js 117:
https://www.debian.org/security/2025/dsa-6003 118:
https://packages.debian.org/src:firefox-esr 119:
https://www.debian.org/security/2025/dsa-6004 120:
https://packages.debian.org/src:chromium 121:
https://www.debian.org/security/2025/dsa-6005 122:
https://packages.debian.org/src:jetty9 123:
https://www.debian.org/security/2025/dsa-6009 124:
https://packages.debian.org/src:linux-signed-amd64 125:
https://www.debian.org/security/2025/dsa-6009 126:
https://packages.debian.org/src:linux-signed-arm64 127:
https://www.debian.org/security/2025/dsa-6009 128:
https://packages.debian.org/src:linux-signed-i386 129:
https://www.debian.org/security/2025/dsa-6009 130:
https://packages.debian.org/src:linux 131:
https://www.debian.org/security/2025/dsa-6010 132:
https://packages.debian.org/src:chromium 133:
https://www.debian.org/security/2025/dsa-6012 134:
https://packages.debian.org/src:nncp 135:
https://www.debian.org/security/2025/dsa-6013 136:
https://packages.debian.org/src:node-tar-fs 137:
https://www.debian.org/security/2025/dsa-6015 138:
https://packages.debian.org/src:openssl 139:
https://www.debian.org/security/2025/dsa-6016 140:
https://packages.debian.org/src:chromium 141:
https://www.debian.org/security/2025/dsa-6017 142:
https://packages.debian.org/src:haproxy 143:
https://www.debian.org/security/2025/dsa-6018 144:
https://packages.debian.org/src:gegl 145:
https://www.debian.org/security/2025/dsa-6020 146:
https://packages.debian.org/src:redis 147:
https://www.debian.org/security/2025/dsa-6021 148:
https://packages.debian.org/src:chromium 149:
https://www.debian.org/security/2025/dsa-6023 150:
https://packages.debian.org/src:tiff 151:
https://www.debian.org/security/2025/dsa-6024 152:
https://packages.debian.org/src:ghostscript 153:
https://www.debian.org/security/2025/dsa-6025 154:
https://packages.debian.org/src:firefox-esr 155:
https://www.debian.org/security/2025/dsa-6026 156:
https://packages.debian.org/src:chromium 157:
https://www.debian.org/security/2025/dsa-6028 158:
https://packages.debian.org/src:lxd 159:
https://www.debian.org/security/2025/dsa-6029 160:
https://packages.debian.org/src:ark 161:
https://www.debian.org/security/2025/dsa-6030 162:
https://packages.debian.org/src:intel-microcode 163:
https://www.debian.org/security/2025/dsa-6031 164:
https://packages.debian.org/src:request-tracker5 165:
https://www.debian.org/security/2025/dsa-6032 166:
https://packages.debian.org/src:request-tracker4 167:
https://www.debian.org/security/2025/dsa-6033 168:
https://packages.debian.org/src:bind9 169:
https://www.debian.org/security/2025/dsa-6034 170:
https://packages.debian.org/src:tryton-sao 171:
https://www.debian.org/security/2025/dsa-6035 172:
https://packages.debian.org/src:python-internetarchive 173:
https://www.debian.org/security/2025/dsa-6036 174:
https://packages.debian.org/src:chromium 175:
https://www.debian.org/security/2025/dsa-6038 176:
https://packages.debian.org/src:openjdk-17 177:
https://www.debian.org/security/2025/dsa-6040 178:
https://packages.debian.org/src:thunderbird 179:
https://www.debian.org/security/2025/dsa-6041 180:
https://packages.debian.org/src:strongswan 181:
https://www.debian.org/security/2025/dsa-6042 182:
https://packages.debian.org/src:evolution 183:
https://www.debian.org/security/2025/dsa-6042 184:
https://packages.debian.org/src:webkit2gtk 185:
https://www.debian.org/security/2025/dsa-6043 186:
https://packages.debian.org/src:gimp 187:
https://www.debian.org/security/2025/dsa-6044 188:
https://packages.debian.org/src:xorg-server 189:
https://www.debian.org/security/2025/dsa-6046 190:
https://packages.debian.org/src:chromium 191:
https://www.debian.org/security/2025/dsa-6047 192:
https://packages.debian.org/src:squid 193:
https://www.debian.org/security/2025/dsa-6048 194:
https://packages.debian.org/src:ruby-rack 195:
https://www.debian.org/security/2025/dsa-6049 196:
https://packages.debian.org/src:gimp 197:
https://www.debian.org/security/2025/dsa-6050 198:
https://packages.debian.org/src:chromium 199:
https://www.debian.org/security/2025/dsa-6053 200:
https://packages.debian.org/src:linux-signed-amd64 201:
https://www.debian.org/security/2025/dsa-6053 202:
https://packages.debian.org/src:linux-signed-arm64 203:
https://www.debian.org/security/2025/dsa-6053 204:
https://packages.debian.org/src:linux-signed-i386 205:
https://www.debian.org/security/2025/dsa-6053 206:
https://packages.debian.org/src:linux 207:
https://www.debian.org/security/2025/dsa-6054 208:
https://packages.debian.org/src:firefox-esr 209:
https://www.debian.org/security/2025/dsa-6055 210:
https://packages.debian.org/src:chromium 211:
https://www.debian.org/security/2025/dsa-6056 212:
https://packages.debian.org/src:keystone 213:
https://www.debian.org/security/2025/dsa-6056 214:
https://packages.debian.org/src:swift 215:
https://www.debian.org/security/2025/dsa-6057 216:
https://packages.debian.org/src:lxd 217:
https://www.debian.org/security/2025/dsa-6058 218:
https://packages.debian.org/src:lasso 219:
https://www.debian.org/security/2025/dsa-6059 220:
https://packages.debian.org/src:thunderbird 221:
https://www.debian.org/security/2025/dsa-6060 222:
https://packages.debian.org/src:chromium 223:
https://www.debian.org/security/2025/dsa-6061 224:
https://packages.debian.org/src:tryton-sao 225:
https://www.debian.org/security/2025/dsa-6062 226:
https://packages.debian.org/src:pdfminer 227:
https://www.debian.org/security/2025/dsa-6064 228:
https://packages.debian.org/src:tryton-server 229:
https://www.debian.org/security/2025/dsa-6065 230:
https://packages.debian.org/src:krita 231:
https://www.debian.org/security/2025/dsa-6067 232:
https://packages.debian.org/src:containerd 233:
https://www.debian.org/security/2025/dsa-6068 234:
https://packages.debian.org/src:xen 235:
https://www.debian.org/security/2025/dsa-6069 236:
https://packages.debian.org/src:openvpn 237:
https://www.debian.org/security/2025/dsa-6070 238:
https://packages.debian.org/src:webkit2gtk 239:
https://www.debian.org/security/2025/dsa-6072 240:
https://packages.debian.org/src:chromium 241:
https://www.debian.org/security/2025/dsa-6074 242:
https://packages.debian.org/src:webkit2gtk 243:
https://www.debian.org/security/2025/dsa-6075 244:
https://packages.debian.org/src:wordpress 245:
https://www.debian.org/security/2025/dsa-6076 246:
https://packages.debian.org/src:libpng1.6 247:
https://www.debian.org/security/2025/dsa-6078 248:
https://packages.debian.org/src:firefox-esr 249:
https://www.debian.org/security/2025/dsa-6079 250:
https://packages.debian.org/src:ffmpeg 251:
https://www.debian.org/security/2025/dsa-6080 252:
https://packages.debian.org/src:chromium 253:
https://www.debian.org/security/2025/dsa-6081 254:
https://packages.debian.org/src:thunderbird 255:
https://www.debian.org/security/2025/dsa-6082 256:
https://packages.debian.org/src:vlc 257:
https://www.debian.org/security/2025/dsa-6083 258:
https://packages.debian.org/src:webkit2gtk 259:
https://www.debian.org/security/2025/dsa-6085 260:
https://packages.debian.org/src:mediawiki 261:
https://www.debian.org/security/2025/dsa-6087 262:
https://packages.debian.org/src:roundcube 263:
https://www.debian.org/security/2025/dsa-6089 264:
https://packages.debian.org/src:chromium 265:
https://www.debian.org/security/2025/dsa-6090 266:
https://packages.debian.org/src:railsRemoved packages
The following packages were removed due to circumstances beyond our
control:
+------------------------------+--------------------------------------+
| Package | Reason |
+------------------------------+--------------------------------------+
| clamav [267] | [armel mipsel mips64el] No longer |
| | supportable on architectures without |
| | newer Rust support |
| | |
| clamsmtp [268] | [armel mipsel mips64el] Depends on |
| | to-be-removed clamav |
| | |
| libc-icap-mod-virus- | [armel mipsel mips64el] Depends on |
| scan [269] | to-be-removed clamav |
| | |
| libclamunrar [270] | [armel mipsel mips64el] Depends on |
| | to-be-removed clamav |
| | |
| pagure [271] | Broken, security issues |
| | |
| pg-snakeoil [272] | [armel mipsel mips64el] Depends on |
| | to-be-removed clamav |
| | |
+------------------------------+--------------------------------------+
267:
https://packages.debian.org/src:clamav 268:
https://packages.debian.org/src:clamsmtp 269:
https://packages.debian.org/src:libc-icap-mod-virus-scan 270:
https://packages.debian.org/src:libclamunrar 271:
https://packages.debian.org/src:pagure 272:
https://packages.debian.org/src:pg-snakeoilDebian Installer
The installer has been updated to include the fixes incorporated into
oldstable by the point release.
URLs
The complete lists of packages that have changed with this revision:
https://deb.debian.org/debian/dists/bookworm/ChangeLogThe current oldstable distribution:
https://deb.debian.org/debian/dists/oldstable/Proposed updates to the oldstable distribution:
https://deb.debian.org/debian/dists/oldstable-proposed-updatesoldstable distribution information (release notes, errata etc.):
https://www.debian.org/releases/oldstable/Security announcements and information:
https://www.debian.org/security/About Debian
The Debian Project is an association of Free Software developers who
volunteer their time and effort in order to produce the completely free
operating system Debian.
Contact Information
For further information, please visit the Debian web pages at
https://www.debian.org/, send mail to <press@debian.org>, or contact the
stable release team at <debian-release@lists.debian.org>.