----------------------------------------------------------------------------
Debian Stable Updates Announcement SUA 273-1 https://www.debian.org/
debian-release@lists.debian.org Adam D. Barratt
September 2nd, 2025
----------------------------------------------------------------------------
Upcoming Debian 13 Update (13.1)
An update to Debian 13 is scheduled for Saturday, September 6th, 2025. As of
now it will include the following bug fixes. They can be found in "trixie-
proposed-updates", which is carried by all official mirrors.
Please note that packages published through security.debian.org are not
listed, but will be included if possible. Some of the updates below are also
already available through "trixie-updates".
Testing and feedback would be appreciated. Bugs should be filed in the
Debian Bug Tracking System, but please make the Release Team aware of them
by copying "debian-release@lists.debian.org" on your mails.
The point release will also include a rebuild of debian-installer.
Miscellaneous Bugfixes
----------------------
This stable update adds a few important corrections to the following
packages:
Package Reason
------- ------
auto-apt-proxy Check explicitly configured proxies before
network gateway
base-files Update for the point release
courier Fix courier-webmin
desktop-base Fix placement of plymouth prompts in multi-
monitor setups
devscripts Update suite and codename mappings
dpdk New upstream point release
ethtool netlink: fix print_string when the value is
NULL
firebird3.0 Fix null pointer dereference in XDR message
parsing [CVE-2025-54989]
flvstreamer Stop installing rtmpsrv and rtmpsuck, avoiding
file conflict with the rtmpdump package
galera-4 New upstream stable release
git New upstream bug-fix release; fix arbitrary
file write issues [CVE-2025-27613
CVE-2025-46835]; fix code execution issues
[CVE-2025-27614 CVE-2025-48384]; fix protocol
injection issue, possibly leading to arbitrary
code execution [CVE-2025-48385]
glib2.0 New upstream bugfix release; fix a corner case
when upgrading from bookworm
gnome-control-center Fix a UI issue and an error display issue;
translation updates
gnome-online-accounts New upstream bug-fix release; update
translations
gnome-shell New upstream bugfix release
golang-github-gin-contrib- Fix mishandling of wildcards [CVE-2019-25211]
cors
gssdp New upstream bug-fix release; fix issues with
Since: and Deprecated: declarations in
documentation
imagemagick Security fixes: heap buffer overflow in the
"InterpretImageFilename" function
[CVE-2025-53014]; infinite loop when writing
during a specific XMP file conversion command
[CVE-2025-53015]; memory leak in the "magick
stream" command [CVE-2025-53019]; stack
overflow through "vsnprintf()"
[CVE-2025-53101]; use-after-free when
SetQuantumFormat is used [CVE-2025-43965]; in
multispectral MIFF image processing,
packet_size mishandling [CVE-2025-46393]
init-system-helpers Fix handling of os-release diversions from
live-build, ensuring they don't exist in non-
live systems
installation-guide Enable Hungarian and Ukrainian translations; fix
boot-dev-select-arm64 and armhf-armmp-
supported-platforms hyperlinks
iperf3 Fix buffer overflow issue [CVE-2025-54349]; fix
assertion failure [CVE-2025-54350]
kamailio Relax OpenSSL version check to only match
against major version
libadwaita-1 New upstream bugfix release
libcgi-simple-perl Fix HTTP response splitting issue
[CVE-2025-40927]
libcoap3 Fix buffer overflow issue [CVE-2024-0962]; fix
integer overflow issue [CVE-2024-31031]
libreoffice Add EUR support for Bulgaria; fix installation
of Impress sound effects; fix playing of videos
in Impress under Qt6
librepo New upstream bug-fix release, fixing support
for DNF5; improve handling of SELinux in the
Debian packaging
linux New upstream stable release
linux-signed-amd64 New usptream stable release
linux-signed-arm64 New upstream stable release
live-boot Fix handling of os-release diversions from
live-build, ensuring they don't exist in non-
live systems
live-build Fix handling of os-release diversions, ensuring
they don't exist in non-live systems
mame Fix translation building
mariadb New upstream stable release
mate-sensors-applet Fix crash at startup
mmdebstrap Support numeric UID in /etc/subgid and
/etc/subuid
modemmanager Fix support for Fibocom FM350-GL
mozjs128 New upstream stable release; fix uninitialised
memory issue [CVE-2025-9181], memory safety
issues [CVE-2025-9185]
network-manager-openvpn New upstream stable release; fix multi-factor
authentication in combination with non-ASCII
characters
nginx Fix potential information leak in
ngx_mail_smtp_module [CVE-2025-53859]
node-tmp Fix arbitrary file write issue [CVE-2025-54798]
open-iscsi Ensure /var/lib exists in initramfs
openjpeg2 Fix out-of-bounds write issue [CVE-2025-54874]
orca Add dependencies on python3-setproctitle and
python3-psutil
orphan-sysvinit-scripts Fix installation of mdadm scripts
pcre2 New upstream stable release; fix potential
information disclosure issue [CVE-2025-58050]
postfix New upstream stable release; fix copying of
files to chroot
postgresql-17 New upstream stable release; tighten security
checks in planner estimation functions
[CVE-2025-8713]; prevent pg_dump scripts from
being used to attack the user running the
restore [CVE-2025-8714]; convert newlines to
spaces in names included in comments in pg_dump
output [CVE-2025-8715]
ptyxis New upstream bugfix release
pyraf Ensure compatibility with Python 3.13
qemu New upstream bugfix release
rabbitmq-server Show proper plugin version numbers
remind Fix buffer overflow in DUMPVARS
renpy Fix font symlinks
resource-agents Handle cases where more than one route for an
IP address exists
rkward Restore compatibility with R 4.5
samba New upstream bugfix release
sbuild Support UID in /etc/sub(u|g)id; fix build path
permissions when building as root; always
append newline in binNMU changelog; allow empty
BUILD_PATH in command line options
shaarli Fix cross site scripting issue [CVE-2025-55291]
sound-theme-freedesktop Link front-center sample to audio-channel-mono
strongswan Fix OpenSSL 3.5.1 support
systemd New upstream stable release
systemd-boot-efi-amd64- New upstream stable release
signed
systemd-boot-efi-arm64- New upstream stable release
signed
thunar Fix prompt before permanently deleting files
timescaledb Disable test that fails with Postgresql 17.6
transmission Fix GTK app crash when LANG=fr
tzdata Confirm leap second status for 2025
wolfssl Avoid weak and predictable random numbers
[CVE-2025-7394]
A complete list of all accepted and rejected packages together with
rationale is on the preparation page for this revision:
<https://release.debian.org/proposed-updates/stable.html>
Removed packages
----------------
The following packages will be removed due to circumstances beyond our
control:
Package Reason
------- ------
guix Unsupportable; security issues
If you encounter any issues, please don't hesitate to get in touch with the
Debian Release Team at "debian-release@lists.debian.org".
Attachment:
signature.asc
Description: This is a digitally signed message part