Debian 10.5 released
([Distributions] Aug 3, 2020 14:56 UTC (Mon) (ris))
- Reference: 0000827922
- News link: https://lwn.net/Articles/827922
- Source link:
Debian 10 "buster" received a fifth update. In addition to the usual security and bug fixes, this point release addresses Debian Security Advisory: [1]DSA-4735-1 grub2 . This security update covers multiple CVE issues regarding the [2]GRUB2 UEFI SecureBoot 'BootHole' vulnerability .
From :
Donald Norwood <donald-AT-debian.org>
To :
debian-announce-AT-lists.debian.org
Subject :
Updated Debian 10: 10.5 released
Date :
Sat, 1 Aug 2020 11:34:15 -0400
Message-ID :
<a40bd007-09d9-38fa-d391-05ca66ac00dc@debian.org>
Archive-link :
[3]Article
------------------------------------------------------------------------
The Debian Project https://www.debian.org/
Updated Debian 10: 10.5 released press@debian.org
August 1st, 2020 https://www.debian.org/News/2020/20200801
------------------------------------------------------------------------
The Debian project is pleased to announce the fifth update of its stable
distribution Debian 10 (codename "buster"). This point release mainly
adds corrections for security issues, along with a few adjustments for
serious problems. Security advisories have already been published
separately and are referenced where available.
This point release also addresses Debian Security Advisory: DSA-4735-1
grub2 -- security update [1] which covers multiple CVE issues regarding
the GRUB2 UEFI SecureBoot 'BootHole' vulnerability [2].
1: https://www.debian.org/security/2020/dsa-4735
2: https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot/
Please note that the point release does not constitute a new version of
Debian 10 but only updates some of the packages included. There is no
need to throw away old "buster" media. After installation, packages can
be upgraded to the current versions using an up-to-date Debian mirror.
Those who frequently install updates from security.debian.org won't have
to update many packages, and most such updates are included in the point
release.
New installation images will be available soon at the regular locations.
Upgrading an existing installation to this revision can be achieved by
pointing the package management system at one of Debian's many HTTP
mirrors. A comprehensive list of mirrors is available at:
https://www.debian.org/mirror/list
Miscellaneous Bugfixes
----------------------
This stable update adds a few important corrections to the following
packages:
+---------------------------+------------------------------------------+
| Package | Reason |
+---------------------------+------------------------------------------+
| appstream-glib [3] | Fix build failures in 2020 and later |
| | |
| asunder [4] | Use gnudb instead of freedb by default |
| | |
| b43-fwcutter [5] | Ensure removal succeeds under non- |
| | English locales; do not fail removal if |
| | some files no longer exist; fix missing |
| | dependencies on pciutils and ca- |
| | certificates |
| | |
| balsa [6] | Provide server identity when validating |
| | certificates, allowing successful |
| | validation when using the glib- |
| | networking patch for CVE-2020-13645 |
| | |
| base-files [7] | Update for the point release |
| | |
| batik [8] | Fix server-side request forgery via |
| | xlink:href attributes [CVE-2019-17566] |
| | |
| borgbackup [9] | Fix index corruption bug leading to data |
| | loss |
| | |
| bundler [10] | Update required version of ruby- |
| | molinillo |
| | |
| c-icap-modules [11] | Add support for ClamAV 0.102 |
| | |
| cacti [12] | Fix issue where UNIX timestamps after |
| | September 13th 2020 were rejected as |
| | graph start / end; fix remote code |
| | execution [CVE-2020-7237], cross-site |
| | scripting [CVE-2020-7106], CSRF issue |
| | [CVE-2020-13231]; disabling a user |
| | account does not immediately invalidate |
| | permissions [CVE-2020-13230] |
| | |
| calamares-settings- | Enable displaymanager module, fixing |
| debian [13] | autologin options; use xdg-user-dir to |
| | specify Desktop directory |
| | |
| clamav [14] | New upstream release; security fixes |
| | [CVE-2020-3327 CVE-2020-3341 CVE-2020- |
| | 3350 CVE-2020-3327 CVE-2020-3481] |
| | |
| cloud-init [15] | New upstream release |
| | |
| commons- | Prevent object creation when loading |
| configuration2 [16] | YAML files [CVE-2020-1953] |
| | |
| confget [17] | Fix the Python module's handling of |
| | values containing "=" |
| | |
| dbus [18] | New upstream stable release; prevent a |
| | denial of service issue [CVE-2020- |
| | 12049]; prevent use-after-free if two |
| | usernames share a uid |
| | |
| debian-edu-config [19] | Fix loss of dynamically allocated IPv4 |
| | address |
| | |
| debian-installer [20] | Update Linux ABI to 4.19.0-10 |
| | |
| debian-installer-netboot- | Rebuild against proposed-updates |
| images [21] | |
| | |
| debian-ports-archive- | Increase the expiration date of the 2020 |
| keyring [22] | key (84C573CD4E1AFD6C) by one year; add |
| | Debian Ports Archive Automatic Signing |
| | Key (2021); move the 2018 key (ID: |
| | 06AED62430CB581C) to the removed keyring |
| | |
| debian-security- | Update support status of several |
| support [23] | packages |
| | |
| dpdk [24] | New upstream release |
| | |
| exiv2 [25] | Adjust overly restrictive security patch |
| | [CVE-2018-10958 and CVE-2018-10999]; fix |
| | denial of service issue [CVE-2018-16336] |
| | |
| fdroidserver [26] | Fix Litecoin address validation |
| | |
| file-roller [27] | Security fix [CVE-2020-11736] |
| | |
| freerdp2 [28] | Fix smartcard logins; security fixes |
| | [CVE-2020-11521 CVE-2020-11522 CVE-2020- |
| | 11523 CVE-2020-11524 CVE-2020-11525 |
| | CVE-2020-11526] |
| | |
| fwupd [29] | New upstream release; fix possible |
| | signature verification issue [CVE-2020- |
| | 10759]; use rotated Debian signing keys |
| | |
| fwupd-amd64-signed [30] | New upstream release; fix possible |
| | signature verification issue [CVE-2020- |
| | 10759]; use rotated Debian signing keys |
| | |
| fwupd-arm64-signed [31] | New upstream release; fix possible |
| | signature verification issue [CVE-2020- |
| | 10759]; use rotated Debian signing keys |
| | |
| fwupd-armhf-signed [32] | New upstream release; fix possible |
| | signature verification issue [CVE-2020- |
| | 10759]; use rotated Debian signing keys |
| | |
| fwupd-i386-signed [33] | New upstream release; fix possible |
| | signature verification issue [CVE-2020- |
| | 10759]; use rotated Debian signing keys |
| | |
| fwupdate [34] | Use rotated Debian signing keys |
| | |
| fwupdate-amd64- | Use rotated Debian signing keys |
| signed [35] | |
| | |
| fwupdate-arm64- | Use rotated Debian signing keys |
| signed [36] | |
| | |
| fwupdate-armhf- | Use rotated Debian signing keys |
| signed [37] | |
| | |
| fwupdate-i386-signed [38] | Use rotated Debian signing keys |
| | |
| gist [39] | Avoid deprecated authorization API |
| | |
| glib-networking [40] | Return bad identity error if identity is |
| | unset [CVE-2020-13645]; break balsa |
| | older than 2.5.6-2+deb10u1 as the fix |
| | for CVE-2020-13645 breaks balsa's |
| | certificate verification |
| | |
| gnutls28 [41] | Fix TL1.2 resumption errors; fix memory |
| | leak; handle zero length session |
| | tickets, fixing connection errors on |
| | TLS1.2 sessions to some big hosting |
| | providers; fix verification error with |
| | alternate chains |
| | |
| intel-microcode [42] | Downgrade some microcodes to previously |
| | issued versions, working around hangs on |
| | boot on Skylake-U/Y and Skylake Xeon E3 |
| | |
| jackson-databind [43] | Fix multiple security issues affecting |
| | BeanDeserializerFactory [CVE-2020-9548 |
| | CVE-2020-9547 CVE-2020-9546 CVE-2020- |
| | 8840 CVE-2020-14195 CVE-2020-14062 |
| | CVE-2020-14061 CVE-2020-14060 CVE-2020- |
| | 11620 CVE-2020-11619 CVE-2020-11113 |
| | CVE-2020-11112 CVE-2020-11111 CVE-2020- |
| | 10969 CVE-2020-10968 CVE-2020-10673 |
| | CVE-2020-10672 CVE-2019-20330 CVE-2019- |
| | 17531 and CVE-2019-17267] |
| | |
| jameica [44] | Add mckoisqldb to classpath, allowing |
| | use of SynTAX plugin |
| | |
| jigdo [45] | Fix HTTPS support in jigdo-lite and |
| | jigdo-mirror |
| | |
| ksh [46] | Fix environment variable restriction |
| | issue [CVE-2019-14868] |
| | |
| lemonldap-ng [47] | Fix nginx configuration regression |
| | introduced by the fix for CVE-2019-19791 |
| | |
| libapache-mod-jk [48] | Rename Apache configuration file so it |
| | can be automatically enabled and |
| | disabled |
| | |
| libclamunrar [49] | New upstream stable release; add an |
| | unversioned meta-package |
| | |
| libembperl-perl [50] | Handle error pages from Apache = 2.4.40 |
| | |
| libexif [51] | Security fixes [CVE-2020-12767 CVE-2020- |
| | 0093 CVE-2020-13112 CVE-2020-13113 |
| | CVE-2020-13114]; fix buffer overflow |
| | [CVE-2020-0182] and integer overflow |
| | [CVE-2020-0198] |
| | |
| libinput [52] | Quirks: add trackpoint integration |
| | attribute |
| | |
| libntlm [53] | Fix buffer overflow [CVE-2019-17455] |
| | |
| libpam-radius-auth [54] | Fix buffer overflow in password field |
| | [CVE-2015-9542] |
| | |
| libunwind [55] | Fix segfaults on mips; manually enable C |
| | ++ exception support only on i386 and |
| | amd64 |
| | |
| libyang [56] | Fix cache corruption crash, CVE-2019- |
| | 19333, CVE-2019-19334 |
| | |
| linux [57] | New upstream stable release |
| | |
| linux-latest [58] | Update for 4.19.0-10 kernel ABI |
| | |
| linux-signed-amd64 [59] | New upstream stable release |
| | |
| linux-signed-arm64 [60] | New upstream stable release |
| | |
| linux-signed-i386 [61] | New upstream stable release |
| | |
| lirc [62] | Fix conffile management |
| | |
| mailutils [63] | maidag: drop setuid privileges for all |
| | delivery operations but mda [CVE-2019- |
| | 18862] |
| | |
| mariadb-10.3 [64] | New upstream stable release; security |
| | fixes [CVE-2020-2752 CVE-2020-2760 |
| | CVE-2020-2812 CVE-2020-2814 CVE-2020- |
| | 13249]; fix regression in RocksDB ZSTD |
| | detection |
| | |
| mod-gnutls [65] | Fix a possible segfault on failed TLS |
| | handshake; fix test failures |
| | |
| multipath-tools [66] | kpartx: use correct path to partx in |
| | udev rule |
| | |
| mutt [67] | Don't check IMAP PREAUTH encryption if |
| | $tunnel is in use |
| | |
| mydumper [68] | Link against libm |
| | |
| nfs-utils [69] | statd: take user-id from /var/lib/nfs/sm |
| | [CVE-2019-3689]; don't make /var/lib/nfs |
| | owned by statd |
| | |
| nginx [70] | Fix error page request smuggling |
| | vulnerability [CVE-2019-20372] |
| | |
| nmap [71] | Update default key size to 2048 bits |
| | |
| node-dot-prop [72] | Fix regression introduced in CVE-2020- |
| | 8116 fix |
| | |
| node-handlebars [73] | Disallow calling "helperMissing" and |
| | "blockHelperMissing" directly |
| | [CVE-2019-19919] |
| | |
| node-minimist [74] | Fix prototype pollution [CVE-2020-7598] |
| | |
| nvidia-graphics- | New upstream stable release; security |
| drivers [75] | fixes [CVE-2020-5963 CVE-2020-5967] |
| | |
| nvidia-graphics-drivers- | New upstream stable release; security |
| legacy-390xx [76] | fixes [CVE-2020-5963 CVE-2020-5967] |
| | |
| openstack-debian- | Install resolvconf if installing cloud- |
| images [77] | init |
| | |
| pagekite [78] | Avoid issues with expiry of shipped SSL |
| | certificates by using those from the ca- |
| | certificates package |
| | |
| pdfchain [79] | Fix crash at startup |
| | |
| perl [80] | Fix multiple regular expression related |
| | security issues [CVE-2020-10543 |
| | CVE-2020-10878 CVE-2020-12723] |
| | |
| php-horde [81] | Fix cross-site scripting vulnerability |
| | [CVE-2020-8035] |
| | |
| php-horde-gollem [82] | Fix cross-site scripting vulnerability |
| | in breadcrumb output [CVE-2020-8034] |
| | |
| pillow [83] | Fix multiple out-of-bounds read issues |
| | [CVE-2020-11538 CVE-2020-10378 CVE-2020- |
| | 10177] |
| | |
| policyd-rate-limit [84] | Fix issues in accounting due to socket |
| | reuse |
| | |
| postfix [85] | New upstream stable release; fix |
| | segfault in the tlsproxy client role |
| | when the server role was disabled; fix |
| | "maillog_file_rotate_suffix default |
| | value used the minute instead of the |
| | month" ; fix several TLS related issues; |
| | README.Debian fixes |
| | |
| python-markdown2 [86] | Fix cross-site scripting issue |
| | [CVE-2020-11888] |
| | |
| python3.7 [87] | Avoid infinite loop when reading |
| | specially crafted TAR files using the |
| | tarfile module [CVE-2019-20907]; resolve |
| | hash collisions for IPv4Interface and |
| | IPv6Interface [CVE-2020-14422]; fix |
| | denial of service issue in |
| | urllib.request.AbstractBasicAuthHandler |
| | [CVE-2020-8492] |
| | |
| qdirstat [88] | Fix saving of user-configured MIME |
| | categories |
| | |
| raspi3-firmware [89] | Fix typo that could lead to unbootable |
| | systems |
| | |
| resource-agents [90] | IPsrcaddr: make "proto" optional to |
| | fix regression when used without |
| | NetworkManager |
| | |
| ruby-json [91] | Fix unsafe object creation vulnerability |
| | [CVE-2020-10663] |
| | |
| shim [92] | Use rotated Debian signing keys |
| | |
| shim-helpers-amd64- | Use rotated Debian signing keys |
| signed [93] | |
| | |
| shim-helpers-arm64- | Use rotated Debian signing keys |
| signed [94] | |
| | |
| shim-helpers-i386- | Use rotated Debian signing keys |
| signed [95] | |
| | |
| speedtest-cli [96] | Pass correct headers to fix upload speed |
| | test |
| | |
| ssvnc [97] | Fix out-of-bounds write [CVE-2018- |
| | 20020], infinite loop [CVE-2018-20021], |
| | improper initialisation [CVE-2018- |
| | 20022], potential denial-of-service |
| | [CVE-2018-20024] |
| | |
| storebackup [98] | Fix possible privilege escalation |
| | vulnerability [CVE-2020-7040] |
| | |
| suricata [99] | Fix dropping privileges in nflog runmode |
| | |
| tigervnc [100] | Don't use libunwind on armel, armhf or |
| | arm64 |
| | |
| transmission [101] | Fix possible denial of service issue |
| | [CVE-2018-10756] |
| | |
| wav2cdr [102] | Use C99 fixed-size integer types to fix |
| | runtime assertion on 64bit architectures |
| | other than amd64 and alpha |
| | |
| zipios++ [103] | Security fix [CVE-2019-13453] |
| | |
+---------------------------+------------------------------------------+
3: https://packages.debian.org/src:appstream-glib
4: https://packages.debian.org/src:asunder
5: https://packages.debian.org/src:b43-fwcutter
6: https://packages.debian.org/src:balsa
7: https://packages.debian.org/src:base-files
8: https://packages.debian.org/src:batik
9: https://packages.debian.org/src:borgbackup
10: https://packages.debian.org/src:bundler
11: https://packages.debian.org/src:c-icap-modules
12: https://packages.debian.org/src:cacti
13: https://packages.debian.org/src:calamares-settings-debian
14: https://packages.debian.org/src:clamav
15: https://packages.debian.org/src:cloud-init
16: https://packages.debian.org/src:commons-configuration2
17: https://packages.debian.org/src:confget
18: https://packages.debian.org/src:dbus
19: https://packages.debian.org/src:debian-edu-config
20: https://packages.debian.org/src:debian-installer
21: https://packages.debian.org/src:debian-installer-netboot-...
22: https://packages.debian.org/src:debian-ports-archive-keyring
23: https://packages.debian.org/src:debian-security-support
24: https://packages.debian.org/src:dpdk
25: https://packages.debian.org/src:exiv2
26: https://packages.debian.org/src:fdroidserver
27: https://packages.debian.org/src:file-roller
28: https://packages.debian.org/src:freerdp2
29: https://packages.debian.org/src:fwupd
30: https://packages.debian.org/src:fwupd-amd64-signed
31: https://packages.debian.org/src:fwupd-arm64-signed
32: https://packages.debian.org/src:fwupd-armhf-signed
33: https://packages.debian.org/src:fwupd-i386-signed
34: https://packages.debian.org/src:fwupdate
35: https://packages.debian.org/src:fwupdate-amd64-signed
36: https://packages.debian.org/src:fwupdate-arm64-signed
37: https://packages.debian.org/src:fwupdate-armhf-signed
38: https://packages.debian.org/src:fwupdate-i386-signed
39: https://packages.debian.org/src:gist
40: https://packages.debian.org/src:glib-networking
41: https://packages.debian.org/src:gnutls28
42: https://packages.debian.org/src:intel-microcode
43: https://packages.debian.org/src:jackson-databind
44: https://packages.debian.org/src:jameica
45: https://packages.debian.org/src:jigdo
46: https://packages.debian.org/src:ksh
47: https://packages.debian.org/src:lemonldap-ng
48: https://packages.debian.org/src:libapache-mod-jk
49: https://packages.debian.org/src:libclamunrar
50: https://packages.debian.org/src:libembperl-perl
51: https://packages.debian.org/src:libexif
52: https://packages.debian.org/src:libinput
53: https://packages.debian.org/src:libntlm
54: https://packages.debian.org/src:libpam-radius-auth
55: https://packages.debian.org/src:libunwind
56: https://packages.debian.org/src:libyang
57: https://packages.debian.org/src:linux
58: https://packages.debian.org/src:linux-latest
59: https://packages.debian.org/src:linux-signed-amd64
60: https://packages.debian.org/src:linux-signed-arm64
61: https://packages.debian.org/src:linux-signed-i386
62: https://packages.debian.org/src:lirc
63: https://packages.debian.org/src:mailutils
64: https://packages.debian.org/src:mariadb-10.3
65: https://packages.debian.org/src:mod-gnutls
66: https://packages.debian.org/src:multipath-tools
67: https://packages.debian.org/src:mutt
68: https://packages.debian.org/src:mydumper
69: https://packages.debian.org/src:nfs-utils
70: https://packages.debian.org/src:nginx
71: https://packages.debian.org/src:nmap
72: https://packages.debian.org/src:node-dot-prop
73: https://packages.debian.org/src:node-handlebars
74: https://packages.debian.org/src:node-minimist
75: https://packages.debian.org/src:nvidia-graphics-drivers
76: https://packages.debian.org/src:nvidia-graphics-drivers-l...
77: https://packages.debian.org/src:openstack-debian-images
78: https://packages.debian.org/src:pagekite
79: https://packages.debian.org/src:pdfchain
80: https://packages.debian.org/src:perl
81: https://packages.debian.org/src:php-horde
82: https://packages.debian.org/src:php-horde-gollem
83: https://packages.debian.org/src:pillow
84: https://packages.debian.org/src:policyd-rate-limit
85: https://packages.debian.org/src:postfix
86: https://packages.debian.org/src:python-markdown2
87: https://packages.debian.org/src:python3.7
88: https://packages.debian.org/src:qdirstat
89: https://packages.debian.org/src:raspi3-firmware
90: https://packages.debian.org/src:resource-agents
91: https://packages.debian.org/src:ruby-json
92: https://packages.debian.org/src:shim
93: https://packages.debian.org/src:shim-helpers-amd64-signed
94: https://packages.debian.org/src:shim-helpers-arm64-signed
95: https://packages.debian.org/src:shim-helpers-i386-signed
96: https://packages.debian.org/src:speedtest-cli
97: https://packages.debian.org/src:ssvnc
98: https://packages.debian.org/src:storebackup
99: https://packages.debian.org/src:suricata
100: https://packages.debian.org/src:tigervnc
101: https://packages.debian.org/src:transmission
102: https://packages.debian.org/src:wav2cdr
103: https://packages.debian.org/src:zipios++
Security Updates
----------------
This revision adds the following security updates to the stable release.
The Security Team has already released an advisory for each of these
updates:
+----------------+-----------------------------+
| Advisory ID | Package |
+----------------+-----------------------------+
| DSA-4626 [104] | php7.3 [105] |
| | |
| DSA-4674 [106] | roundcube [107] |
| | |
| DSA-4675 [108] | graphicsmagick [109] |
| | |
| DSA-4676 [110] | salt [111] |
| | |
| DSA-4677 [112] | wordpress [113] |
| | |
| DSA-4678 [114] | firefox-esr [115] |
| | |
| DSA-4679 [116] | keystone [117] |
| | |
| DSA-4680 [118] | tomcat9 [119] |
| | |
| DSA-4681 [120] | webkit2gtk [121] |
| | |
| DSA-4682 [122] | squid [123] |
| | |
| DSA-4683 [124] | thunderbird [125] |
| | |
| DSA-4684 [126] | libreswan [127] |
| | |
| DSA-4685 [128] | apt [129] |
| | |
| DSA-4686 [130] | apache-log4j1.2 [131] |
| | |
| DSA-4687 [132] | exim4 [133] |
| | |
| DSA-4688 [134] | dpdk [135] |
| | |
| DSA-4689 [136] | bind9 [137] |
| | |
| DSA-4690 [138] | dovecot [139] |
| | |
| DSA-4691 [140] | pdns-recursor [141] |
| | |
| DSA-4692 [142] | netqmail [143] |
| | |
| DSA-4694 [144] | unbound [145] |
| | |
| DSA-4695 [146] | firefox-esr [147] |
| | |
| DSA-4696 [148] | nodejs [149] |
| | |
| DSA-4697 [150] | gnutls28 [151] |
| | |
| DSA-4699 [152] | linux-signed-amd64 [153] |
| | |
| DSA-4699 [154] | linux-signed-arm64 [155] |
| | |
| DSA-4699 [156] | linux-signed-i386 [157] |
| | |
| DSA-4699 [158] | linux [159] |
| | |
| DSA-4700 [160] | roundcube [161] |
| | |
| DSA-4701 [162] | intel-microcode [163] |
| | |
| DSA-4702 [164] | thunderbird [165] |
| | |
| DSA-4704 [166] | vlc [167] |
| | |
| DSA-4705 [168] | python-django [169] |
| | |
| DSA-4707 [170] | mutt [171] |
| | |
| DSA-4708 [172] | neomutt [173] |
| | |
| DSA-4709 [174] | wordpress [175] |
| | |
| DSA-4710 [176] | trafficserver [177] |
| | |
| DSA-4711 [178] | coturn [179] |
| | |
| DSA-4712 [180] | imagemagick [181] |
| | |
| DSA-4713 [182] | firefox-esr [183] |
| | |
| DSA-4714 [184] | chromium [185] |
| | |
| DSA-4716 [186] | docker.io [187] |
| | |
| DSA-4718 [188] | thunderbird [189] |
| | |
| DSA-4719 [190] | php7.3 [191] |
| | |
| DSA-4720 [192] | roundcube [193] |
| | |
| DSA-4721 [194] | ruby2.5 [195] |
| | |
| DSA-4722 [196] | ffmpeg [197] |
| | |
| DSA-4723 [198] | xen [199] |
| | |
| DSA-4724 [200] | webkit2gtk [201] |
| | |
| DSA-4725 [202] | evolution-data-server [203] |
| | |
| DSA-4726 [204] | nss [205] |
| | |
| DSA-4727 [206] | tomcat9 [207] |
| | |
| DSA-4728 [208] | qemu [209] |
| | |
| DSA-4729 [210] | libopenmpt [211] |
| | |
| DSA-4730 [212] | ruby-sanitize [213] |
| | |
| DSA-4731 [214] | redis [215] |
| | |
| DSA-4732 [216] | squid [217] |
| | |
| DSA-4733 [218] | qemu [219] |
| | |
| DSA-4735 [220] | grub-efi-amd64-signed [221] |
| | |
| DSA-4735 [222] | grub-efi-arm64-signed [223] |
| | |
| DSA-4735 [224] | grub-efi-ia32-signed [225] |
| | |
| DSA-4735 [226] | grub2 [227] |
| | |
+----------------+-----------------------------+
104: https://www.debian.org/security/2020/dsa-4626
105: https://packages.debian.org/src:php7.3
106: https://www.debian.org/security/2020/dsa-4674
107: https://packages.debian.org/src:roundcube
108: https://www.debian.org/security/2020/dsa-4675
109: https://packages.debian.org/src:graphicsmagick
110: https://www.debian.org/security/2020/dsa-4676
111: https://packages.debian.org/src:salt
112: https://www.debian.org/security/2020/dsa-4677
113: https://packages.debian.org/src:wordpress
114: https://www.debian.org/security/2020/dsa-4678
115: https://packages.debian.org/src:firefox-esr
116: https://www.debian.org/security/2020/dsa-4679
117: https://packages.debian.org/src:keystone
118: https://www.debian.org/security/2020/dsa-4680
119: https://packages.debian.org/src:tomcat9
120: https://www.debian.org/security/2020/dsa-4681
121: https://packages.debian.org/src:webkit2gtk
122: https://www.debian.org/security/2020/dsa-4682
123: https://packages.debian.org/src:squid
124: https://www.debian.org/security/2020/dsa-4683
125: https://packages.debian.org/src:thunderbird
126: https://www.debian.org/security/2020/dsa-4684
127: https://packages.debian.org/src:libreswan
128: https://www.debian.org/security/2020/dsa-4685
129: https://packages.debian.org/src:apt
130: https://www.debian.org/security/2020/dsa-4686
131: https://packages.debian.org/src:apache-log4j1.2
132: https://www.debian.org/security/2020/dsa-4687
133: https://packages.debian.org/src:exim4
134: https://www.debian.org/security/2020/dsa-4688
135: https://packages.debian.org/src:dpdk
136: https://www.debian.org/security/2020/dsa-4689
137: https://packages.debian.org/src:bind9
138: https://www.debian.org/security/2020/dsa-4690
139: https://packages.debian.org/src:dovecot
140: https://www.debian.org/security/2020/dsa-4691
141: https://packages.debian.org/src:pdns-recursor
142: https://www.debian.org/security/2020/dsa-4692
143: https://packages.debian.org/src:netqmail
144: https://www.debian.org/security/2020/dsa-4694
145: https://packages.debian.org/src:unbound
146: https://www.debian.org/security/2020/dsa-4695
147: https://packages.debian.org/src:firefox-esr
148: https://www.debian.org/security/2020/dsa-4696
149: https://packages.debian.org/src:nodejs
150: https://www.debian.org/security/2020/dsa-4697
151: https://packages.debian.org/src:gnutls28
152: https://www.debian.org/security/2020/dsa-4699
153: https://packages.debian.org/src:linux-signed-amd64
154: https://www.debian.org/security/2020/dsa-4699
155: https://packages.debian.org/src:linux-signed-arm64
156: https://www.debian.org/security/2020/dsa-4699
157: https://packages.debian.org/src:linux-signed-i386
158: https://www.debian.org/security/2020/dsa-4699
159: https://packages.debian.org/src:linux
160: https://www.debian.org/security/2020/dsa-4700
161: https://packages.debian.org/src:roundcube
162: https://www.debian.org/security/2020/dsa-4701
163: https://packages.debian.org/src:intel-microcode
164: https://www.debian.org/security/2020/dsa-4702
165: https://packages.debian.org/src:thunderbird
166: https://www.debian.org/security/2020/dsa-4704
167: https://packages.debian.org/src:vlc
168: https://www.debian.org/security/2020/dsa-4705
169: https://packages.debian.org/src:python-django
170: https://www.debian.org/security/2020/dsa-4707
171: https://packages.debian.org/src:mutt
172: https://www.debian.org/security/2020/dsa-4708
173: https://packages.debian.org/src:neomutt
174: https://www.debian.org/security/2020/dsa-4709
175: https://packages.debian.org/src:wordpress
176: https://www.debian.org/security/2020/dsa-4710
177: https://packages.debian.org/src:trafficserver
178: https://www.debian.org/security/2020/dsa-4711
179: https://packages.debian.org/src:coturn
180: https://www.debian.org/security/2020/dsa-4712
181: https://packages.debian.org/src:imagemagick
182: https://www.debian.org/security/2020/dsa-4713
183: https://packages.debian.org/src:firefox-esr
184: https://www.debian.org/security/2020/dsa-4714
185: https://packages.debian.org/src:chromium
186: https://www.debian.org/security/2020/dsa-4716
187: https://packages.debian.org/src:docker.io
188: https://www.debian.org/security/2020/dsa-4718
189: https://packages.debian.org/src:thunderbird
190: https://www.debian.org/security/2020/dsa-4719
191: https://packages.debian.org/src:php7.3
192: https://www.debian.org/security/2020/dsa-4720
193: https://packages.debian.org/src:roundcube
194: https://www.debian.org/security/2020/dsa-4721
195: https://packages.debian.org/src:ruby2.5
196: https://www.debian.org/security/2020/dsa-4722
197: https://packages.debian.org/src:ffmpeg
198: https://www.debian.org/security/2020/dsa-4723
199: https://packages.debian.org/src:xen
200: https://www.debian.org/security/2020/dsa-4724
201: https://packages.debian.org/src:webkit2gtk
202: https://www.debian.org/security/2020/dsa-4725
203: https://packages.debian.org/src:evolution-data-server
204: https://www.debian.org/security/2020/dsa-4726
205: https://packages.debian.org/src:nss
206: https://www.debian.org/security/2020/dsa-4727
207: https://packages.debian.org/src:tomcat9
208: https://www.debian.org/security/2020/dsa-4728
209: https://packages.debian.org/src:qemu
210: https://www.debian.org/security/2020/dsa-4729
211: https://packages.debian.org/src:libopenmpt
212: https://www.debian.org/security/2020/dsa-4730
213: https://packages.debian.org/src:ruby-sanitize
214: https://www.debian.org/security/2020/dsa-4731
215: https://packages.debian.org/src:redis
216: https://www.debian.org/security/2020/dsa-4732
217: https://packages.debian.org/src:squid
218: https://www.debian.org/security/2020/dsa-4733
219: https://packages.debian.org/src:qemu
220: https://www.debian.org/security/2020/dsa-4735
221: https://packages.debian.org/src:grub-efi-amd64-signed
222: https://www.debian.org/security/2020/dsa-4735
223: https://packages.debian.org/src:grub-efi-arm64-signed
224: https://www.debian.org/security/2020/dsa-4735
225: https://packages.debian.org/src:grub-efi-ia32-signed
226: https://www.debian.org/security/2020/dsa-4735
227: https://packages.debian.org/src:grub2
Removed packages
----------------
The following packages were removed due to circumstances beyond our
control:
+--------------------------------+------------------------------------+
| Package | Reason |
+--------------------------------+------------------------------------+
| golang-github-unknwon- | Security issues; unmaintained |
| cae [228] | |
| | |
| janus [229] | Not supportable in stable |
| | |
| mathematica-fonts [230] | Relies on unavailable download |
| | location |
| | |
| matrix-synapse [231] | Security issues; unsupportable |
| | |
| selenium-firefoxdriver [232] | Incompatible with newer Firefox |
| | ESR versions |
| | |
+--------------------------------+------------------------------------+
228: https://packages.debian.org/src:golang-github-unknwon-cae
229: https://packages.debian.org/src:janus
230: https://packages.debian.org/src:mathematica-fonts
231: https://packages.debian.org/src:matrix-synapse
232: https://packages.debian.org/src:selenium-firefoxdriver
Debian Installer
----------------
The installer has been updated to include the fixes incorporated into
stable by the point release.
URLs
----
The complete lists of packages that have changed with this revision:
http://ftp.debian.org/debian/dists/buster/ChangeLog
The current stable distribution:
http://ftp.debian.org/debian/dists/stable/
Proposed updates to the stable distribution:
http://ftp.debian.org/debian/dists/proposed-updates
stable distribution information (release notes, errata etc.):
https://www.debian.org/releases/stable/
Security announcements and information:
https://www.debian.org/security/
About Debian
------------
The Debian Project is an association of Free Software developers who
volunteer their time and effort in order to produce the completely free
operating system Debian.
Contact Information
-------------------
For further information, please visit the Debian web pages at
https://www.debian.org/, send mail to press@debian.org, or contact the
stable release team at debian-release@lists.debian.org.
[1] https://www.debian.org/security/2020/dsa-4735
[2] https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot/
[3] https://lwn.net/ml/debian-announce/a40bd007-09d9-38fa-d391-05ca66ac00dc@debian.org
From :
Donald Norwood <donald-AT-debian.org>
To :
debian-announce-AT-lists.debian.org
Subject :
Updated Debian 10: 10.5 released
Date :
Sat, 1 Aug 2020 11:34:15 -0400
Message-ID :
<a40bd007-09d9-38fa-d391-05ca66ac00dc@debian.org>
Archive-link :
[3]Article
------------------------------------------------------------------------
The Debian Project https://www.debian.org/
Updated Debian 10: 10.5 released press@debian.org
August 1st, 2020 https://www.debian.org/News/2020/20200801
------------------------------------------------------------------------
The Debian project is pleased to announce the fifth update of its stable
distribution Debian 10 (codename "buster"). This point release mainly
adds corrections for security issues, along with a few adjustments for
serious problems. Security advisories have already been published
separately and are referenced where available.
This point release also addresses Debian Security Advisory: DSA-4735-1
grub2 -- security update [1] which covers multiple CVE issues regarding
the GRUB2 UEFI SecureBoot 'BootHole' vulnerability [2].
1: https://www.debian.org/security/2020/dsa-4735
2: https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot/
Please note that the point release does not constitute a new version of
Debian 10 but only updates some of the packages included. There is no
need to throw away old "buster" media. After installation, packages can
be upgraded to the current versions using an up-to-date Debian mirror.
Those who frequently install updates from security.debian.org won't have
to update many packages, and most such updates are included in the point
release.
New installation images will be available soon at the regular locations.
Upgrading an existing installation to this revision can be achieved by
pointing the package management system at one of Debian's many HTTP
mirrors. A comprehensive list of mirrors is available at:
https://www.debian.org/mirror/list
Miscellaneous Bugfixes
----------------------
This stable update adds a few important corrections to the following
packages:
+---------------------------+------------------------------------------+
| Package | Reason |
+---------------------------+------------------------------------------+
| appstream-glib [3] | Fix build failures in 2020 and later |
| | |
| asunder [4] | Use gnudb instead of freedb by default |
| | |
| b43-fwcutter [5] | Ensure removal succeeds under non- |
| | English locales; do not fail removal if |
| | some files no longer exist; fix missing |
| | dependencies on pciutils and ca- |
| | certificates |
| | |
| balsa [6] | Provide server identity when validating |
| | certificates, allowing successful |
| | validation when using the glib- |
| | networking patch for CVE-2020-13645 |
| | |
| base-files [7] | Update for the point release |
| | |
| batik [8] | Fix server-side request forgery via |
| | xlink:href attributes [CVE-2019-17566] |
| | |
| borgbackup [9] | Fix index corruption bug leading to data |
| | loss |
| | |
| bundler [10] | Update required version of ruby- |
| | molinillo |
| | |
| c-icap-modules [11] | Add support for ClamAV 0.102 |
| | |
| cacti [12] | Fix issue where UNIX timestamps after |
| | September 13th 2020 were rejected as |
| | graph start / end; fix remote code |
| | execution [CVE-2020-7237], cross-site |
| | scripting [CVE-2020-7106], CSRF issue |
| | [CVE-2020-13231]; disabling a user |
| | account does not immediately invalidate |
| | permissions [CVE-2020-13230] |
| | |
| calamares-settings- | Enable displaymanager module, fixing |
| debian [13] | autologin options; use xdg-user-dir to |
| | specify Desktop directory |
| | |
| clamav [14] | New upstream release; security fixes |
| | [CVE-2020-3327 CVE-2020-3341 CVE-2020- |
| | 3350 CVE-2020-3327 CVE-2020-3481] |
| | |
| cloud-init [15] | New upstream release |
| | |
| commons- | Prevent object creation when loading |
| configuration2 [16] | YAML files [CVE-2020-1953] |
| | |
| confget [17] | Fix the Python module's handling of |
| | values containing "=" |
| | |
| dbus [18] | New upstream stable release; prevent a |
| | denial of service issue [CVE-2020- |
| | 12049]; prevent use-after-free if two |
| | usernames share a uid |
| | |
| debian-edu-config [19] | Fix loss of dynamically allocated IPv4 |
| | address |
| | |
| debian-installer [20] | Update Linux ABI to 4.19.0-10 |
| | |
| debian-installer-netboot- | Rebuild against proposed-updates |
| images [21] | |
| | |
| debian-ports-archive- | Increase the expiration date of the 2020 |
| keyring [22] | key (84C573CD4E1AFD6C) by one year; add |
| | Debian Ports Archive Automatic Signing |
| | Key (2021); move the 2018 key (ID: |
| | 06AED62430CB581C) to the removed keyring |
| | |
| debian-security- | Update support status of several |
| support [23] | packages |
| | |
| dpdk [24] | New upstream release |
| | |
| exiv2 [25] | Adjust overly restrictive security patch |
| | [CVE-2018-10958 and CVE-2018-10999]; fix |
| | denial of service issue [CVE-2018-16336] |
| | |
| fdroidserver [26] | Fix Litecoin address validation |
| | |
| file-roller [27] | Security fix [CVE-2020-11736] |
| | |
| freerdp2 [28] | Fix smartcard logins; security fixes |
| | [CVE-2020-11521 CVE-2020-11522 CVE-2020- |
| | 11523 CVE-2020-11524 CVE-2020-11525 |
| | CVE-2020-11526] |
| | |
| fwupd [29] | New upstream release; fix possible |
| | signature verification issue [CVE-2020- |
| | 10759]; use rotated Debian signing keys |
| | |
| fwupd-amd64-signed [30] | New upstream release; fix possible |
| | signature verification issue [CVE-2020- |
| | 10759]; use rotated Debian signing keys |
| | |
| fwupd-arm64-signed [31] | New upstream release; fix possible |
| | signature verification issue [CVE-2020- |
| | 10759]; use rotated Debian signing keys |
| | |
| fwupd-armhf-signed [32] | New upstream release; fix possible |
| | signature verification issue [CVE-2020- |
| | 10759]; use rotated Debian signing keys |
| | |
| fwupd-i386-signed [33] | New upstream release; fix possible |
| | signature verification issue [CVE-2020- |
| | 10759]; use rotated Debian signing keys |
| | |
| fwupdate [34] | Use rotated Debian signing keys |
| | |
| fwupdate-amd64- | Use rotated Debian signing keys |
| signed [35] | |
| | |
| fwupdate-arm64- | Use rotated Debian signing keys |
| signed [36] | |
| | |
| fwupdate-armhf- | Use rotated Debian signing keys |
| signed [37] | |
| | |
| fwupdate-i386-signed [38] | Use rotated Debian signing keys |
| | |
| gist [39] | Avoid deprecated authorization API |
| | |
| glib-networking [40] | Return bad identity error if identity is |
| | unset [CVE-2020-13645]; break balsa |
| | older than 2.5.6-2+deb10u1 as the fix |
| | for CVE-2020-13645 breaks balsa's |
| | certificate verification |
| | |
| gnutls28 [41] | Fix TL1.2 resumption errors; fix memory |
| | leak; handle zero length session |
| | tickets, fixing connection errors on |
| | TLS1.2 sessions to some big hosting |
| | providers; fix verification error with |
| | alternate chains |
| | |
| intel-microcode [42] | Downgrade some microcodes to previously |
| | issued versions, working around hangs on |
| | boot on Skylake-U/Y and Skylake Xeon E3 |
| | |
| jackson-databind [43] | Fix multiple security issues affecting |
| | BeanDeserializerFactory [CVE-2020-9548 |
| | CVE-2020-9547 CVE-2020-9546 CVE-2020- |
| | 8840 CVE-2020-14195 CVE-2020-14062 |
| | CVE-2020-14061 CVE-2020-14060 CVE-2020- |
| | 11620 CVE-2020-11619 CVE-2020-11113 |
| | CVE-2020-11112 CVE-2020-11111 CVE-2020- |
| | 10969 CVE-2020-10968 CVE-2020-10673 |
| | CVE-2020-10672 CVE-2019-20330 CVE-2019- |
| | 17531 and CVE-2019-17267] |
| | |
| jameica [44] | Add mckoisqldb to classpath, allowing |
| | use of SynTAX plugin |
| | |
| jigdo [45] | Fix HTTPS support in jigdo-lite and |
| | jigdo-mirror |
| | |
| ksh [46] | Fix environment variable restriction |
| | issue [CVE-2019-14868] |
| | |
| lemonldap-ng [47] | Fix nginx configuration regression |
| | introduced by the fix for CVE-2019-19791 |
| | |
| libapache-mod-jk [48] | Rename Apache configuration file so it |
| | can be automatically enabled and |
| | disabled |
| | |
| libclamunrar [49] | New upstream stable release; add an |
| | unversioned meta-package |
| | |
| libembperl-perl [50] | Handle error pages from Apache = 2.4.40 |
| | |
| libexif [51] | Security fixes [CVE-2020-12767 CVE-2020- |
| | 0093 CVE-2020-13112 CVE-2020-13113 |
| | CVE-2020-13114]; fix buffer overflow |
| | [CVE-2020-0182] and integer overflow |
| | [CVE-2020-0198] |
| | |
| libinput [52] | Quirks: add trackpoint integration |
| | attribute |
| | |
| libntlm [53] | Fix buffer overflow [CVE-2019-17455] |
| | |
| libpam-radius-auth [54] | Fix buffer overflow in password field |
| | [CVE-2015-9542] |
| | |
| libunwind [55] | Fix segfaults on mips; manually enable C |
| | ++ exception support only on i386 and |
| | amd64 |
| | |
| libyang [56] | Fix cache corruption crash, CVE-2019- |
| | 19333, CVE-2019-19334 |
| | |
| linux [57] | New upstream stable release |
| | |
| linux-latest [58] | Update for 4.19.0-10 kernel ABI |
| | |
| linux-signed-amd64 [59] | New upstream stable release |
| | |
| linux-signed-arm64 [60] | New upstream stable release |
| | |
| linux-signed-i386 [61] | New upstream stable release |
| | |
| lirc [62] | Fix conffile management |
| | |
| mailutils [63] | maidag: drop setuid privileges for all |
| | delivery operations but mda [CVE-2019- |
| | 18862] |
| | |
| mariadb-10.3 [64] | New upstream stable release; security |
| | fixes [CVE-2020-2752 CVE-2020-2760 |
| | CVE-2020-2812 CVE-2020-2814 CVE-2020- |
| | 13249]; fix regression in RocksDB ZSTD |
| | detection |
| | |
| mod-gnutls [65] | Fix a possible segfault on failed TLS |
| | handshake; fix test failures |
| | |
| multipath-tools [66] | kpartx: use correct path to partx in |
| | udev rule |
| | |
| mutt [67] | Don't check IMAP PREAUTH encryption if |
| | $tunnel is in use |
| | |
| mydumper [68] | Link against libm |
| | |
| nfs-utils [69] | statd: take user-id from /var/lib/nfs/sm |
| | [CVE-2019-3689]; don't make /var/lib/nfs |
| | owned by statd |
| | |
| nginx [70] | Fix error page request smuggling |
| | vulnerability [CVE-2019-20372] |
| | |
| nmap [71] | Update default key size to 2048 bits |
| | |
| node-dot-prop [72] | Fix regression introduced in CVE-2020- |
| | 8116 fix |
| | |
| node-handlebars [73] | Disallow calling "helperMissing" and |
| | "blockHelperMissing" directly |
| | [CVE-2019-19919] |
| | |
| node-minimist [74] | Fix prototype pollution [CVE-2020-7598] |
| | |
| nvidia-graphics- | New upstream stable release; security |
| drivers [75] | fixes [CVE-2020-5963 CVE-2020-5967] |
| | |
| nvidia-graphics-drivers- | New upstream stable release; security |
| legacy-390xx [76] | fixes [CVE-2020-5963 CVE-2020-5967] |
| | |
| openstack-debian- | Install resolvconf if installing cloud- |
| images [77] | init |
| | |
| pagekite [78] | Avoid issues with expiry of shipped SSL |
| | certificates by using those from the ca- |
| | certificates package |
| | |
| pdfchain [79] | Fix crash at startup |
| | |
| perl [80] | Fix multiple regular expression related |
| | security issues [CVE-2020-10543 |
| | CVE-2020-10878 CVE-2020-12723] |
| | |
| php-horde [81] | Fix cross-site scripting vulnerability |
| | [CVE-2020-8035] |
| | |
| php-horde-gollem [82] | Fix cross-site scripting vulnerability |
| | in breadcrumb output [CVE-2020-8034] |
| | |
| pillow [83] | Fix multiple out-of-bounds read issues |
| | [CVE-2020-11538 CVE-2020-10378 CVE-2020- |
| | 10177] |
| | |
| policyd-rate-limit [84] | Fix issues in accounting due to socket |
| | reuse |
| | |
| postfix [85] | New upstream stable release; fix |
| | segfault in the tlsproxy client role |
| | when the server role was disabled; fix |
| | "maillog_file_rotate_suffix default |
| | value used the minute instead of the |
| | month" ; fix several TLS related issues; |
| | README.Debian fixes |
| | |
| python-markdown2 [86] | Fix cross-site scripting issue |
| | [CVE-2020-11888] |
| | |
| python3.7 [87] | Avoid infinite loop when reading |
| | specially crafted TAR files using the |
| | tarfile module [CVE-2019-20907]; resolve |
| | hash collisions for IPv4Interface and |
| | IPv6Interface [CVE-2020-14422]; fix |
| | denial of service issue in |
| | urllib.request.AbstractBasicAuthHandler |
| | [CVE-2020-8492] |
| | |
| qdirstat [88] | Fix saving of user-configured MIME |
| | categories |
| | |
| raspi3-firmware [89] | Fix typo that could lead to unbootable |
| | systems |
| | |
| resource-agents [90] | IPsrcaddr: make "proto" optional to |
| | fix regression when used without |
| | NetworkManager |
| | |
| ruby-json [91] | Fix unsafe object creation vulnerability |
| | [CVE-2020-10663] |
| | |
| shim [92] | Use rotated Debian signing keys |
| | |
| shim-helpers-amd64- | Use rotated Debian signing keys |
| signed [93] | |
| | |
| shim-helpers-arm64- | Use rotated Debian signing keys |
| signed [94] | |
| | |
| shim-helpers-i386- | Use rotated Debian signing keys |
| signed [95] | |
| | |
| speedtest-cli [96] | Pass correct headers to fix upload speed |
| | test |
| | |
| ssvnc [97] | Fix out-of-bounds write [CVE-2018- |
| | 20020], infinite loop [CVE-2018-20021], |
| | improper initialisation [CVE-2018- |
| | 20022], potential denial-of-service |
| | [CVE-2018-20024] |
| | |
| storebackup [98] | Fix possible privilege escalation |
| | vulnerability [CVE-2020-7040] |
| | |
| suricata [99] | Fix dropping privileges in nflog runmode |
| | |
| tigervnc [100] | Don't use libunwind on armel, armhf or |
| | arm64 |
| | |
| transmission [101] | Fix possible denial of service issue |
| | [CVE-2018-10756] |
| | |
| wav2cdr [102] | Use C99 fixed-size integer types to fix |
| | runtime assertion on 64bit architectures |
| | other than amd64 and alpha |
| | |
| zipios++ [103] | Security fix [CVE-2019-13453] |
| | |
+---------------------------+------------------------------------------+
3: https://packages.debian.org/src:appstream-glib
4: https://packages.debian.org/src:asunder
5: https://packages.debian.org/src:b43-fwcutter
6: https://packages.debian.org/src:balsa
7: https://packages.debian.org/src:base-files
8: https://packages.debian.org/src:batik
9: https://packages.debian.org/src:borgbackup
10: https://packages.debian.org/src:bundler
11: https://packages.debian.org/src:c-icap-modules
12: https://packages.debian.org/src:cacti
13: https://packages.debian.org/src:calamares-settings-debian
14: https://packages.debian.org/src:clamav
15: https://packages.debian.org/src:cloud-init
16: https://packages.debian.org/src:commons-configuration2
17: https://packages.debian.org/src:confget
18: https://packages.debian.org/src:dbus
19: https://packages.debian.org/src:debian-edu-config
20: https://packages.debian.org/src:debian-installer
21: https://packages.debian.org/src:debian-installer-netboot-...
22: https://packages.debian.org/src:debian-ports-archive-keyring
23: https://packages.debian.org/src:debian-security-support
24: https://packages.debian.org/src:dpdk
25: https://packages.debian.org/src:exiv2
26: https://packages.debian.org/src:fdroidserver
27: https://packages.debian.org/src:file-roller
28: https://packages.debian.org/src:freerdp2
29: https://packages.debian.org/src:fwupd
30: https://packages.debian.org/src:fwupd-amd64-signed
31: https://packages.debian.org/src:fwupd-arm64-signed
32: https://packages.debian.org/src:fwupd-armhf-signed
33: https://packages.debian.org/src:fwupd-i386-signed
34: https://packages.debian.org/src:fwupdate
35: https://packages.debian.org/src:fwupdate-amd64-signed
36: https://packages.debian.org/src:fwupdate-arm64-signed
37: https://packages.debian.org/src:fwupdate-armhf-signed
38: https://packages.debian.org/src:fwupdate-i386-signed
39: https://packages.debian.org/src:gist
40: https://packages.debian.org/src:glib-networking
41: https://packages.debian.org/src:gnutls28
42: https://packages.debian.org/src:intel-microcode
43: https://packages.debian.org/src:jackson-databind
44: https://packages.debian.org/src:jameica
45: https://packages.debian.org/src:jigdo
46: https://packages.debian.org/src:ksh
47: https://packages.debian.org/src:lemonldap-ng
48: https://packages.debian.org/src:libapache-mod-jk
49: https://packages.debian.org/src:libclamunrar
50: https://packages.debian.org/src:libembperl-perl
51: https://packages.debian.org/src:libexif
52: https://packages.debian.org/src:libinput
53: https://packages.debian.org/src:libntlm
54: https://packages.debian.org/src:libpam-radius-auth
55: https://packages.debian.org/src:libunwind
56: https://packages.debian.org/src:libyang
57: https://packages.debian.org/src:linux
58: https://packages.debian.org/src:linux-latest
59: https://packages.debian.org/src:linux-signed-amd64
60: https://packages.debian.org/src:linux-signed-arm64
61: https://packages.debian.org/src:linux-signed-i386
62: https://packages.debian.org/src:lirc
63: https://packages.debian.org/src:mailutils
64: https://packages.debian.org/src:mariadb-10.3
65: https://packages.debian.org/src:mod-gnutls
66: https://packages.debian.org/src:multipath-tools
67: https://packages.debian.org/src:mutt
68: https://packages.debian.org/src:mydumper
69: https://packages.debian.org/src:nfs-utils
70: https://packages.debian.org/src:nginx
71: https://packages.debian.org/src:nmap
72: https://packages.debian.org/src:node-dot-prop
73: https://packages.debian.org/src:node-handlebars
74: https://packages.debian.org/src:node-minimist
75: https://packages.debian.org/src:nvidia-graphics-drivers
76: https://packages.debian.org/src:nvidia-graphics-drivers-l...
77: https://packages.debian.org/src:openstack-debian-images
78: https://packages.debian.org/src:pagekite
79: https://packages.debian.org/src:pdfchain
80: https://packages.debian.org/src:perl
81: https://packages.debian.org/src:php-horde
82: https://packages.debian.org/src:php-horde-gollem
83: https://packages.debian.org/src:pillow
84: https://packages.debian.org/src:policyd-rate-limit
85: https://packages.debian.org/src:postfix
86: https://packages.debian.org/src:python-markdown2
87: https://packages.debian.org/src:python3.7
88: https://packages.debian.org/src:qdirstat
89: https://packages.debian.org/src:raspi3-firmware
90: https://packages.debian.org/src:resource-agents
91: https://packages.debian.org/src:ruby-json
92: https://packages.debian.org/src:shim
93: https://packages.debian.org/src:shim-helpers-amd64-signed
94: https://packages.debian.org/src:shim-helpers-arm64-signed
95: https://packages.debian.org/src:shim-helpers-i386-signed
96: https://packages.debian.org/src:speedtest-cli
97: https://packages.debian.org/src:ssvnc
98: https://packages.debian.org/src:storebackup
99: https://packages.debian.org/src:suricata
100: https://packages.debian.org/src:tigervnc
101: https://packages.debian.org/src:transmission
102: https://packages.debian.org/src:wav2cdr
103: https://packages.debian.org/src:zipios++
Security Updates
----------------
This revision adds the following security updates to the stable release.
The Security Team has already released an advisory for each of these
updates:
+----------------+-----------------------------+
| Advisory ID | Package |
+----------------+-----------------------------+
| DSA-4626 [104] | php7.3 [105] |
| | |
| DSA-4674 [106] | roundcube [107] |
| | |
| DSA-4675 [108] | graphicsmagick [109] |
| | |
| DSA-4676 [110] | salt [111] |
| | |
| DSA-4677 [112] | wordpress [113] |
| | |
| DSA-4678 [114] | firefox-esr [115] |
| | |
| DSA-4679 [116] | keystone [117] |
| | |
| DSA-4680 [118] | tomcat9 [119] |
| | |
| DSA-4681 [120] | webkit2gtk [121] |
| | |
| DSA-4682 [122] | squid [123] |
| | |
| DSA-4683 [124] | thunderbird [125] |
| | |
| DSA-4684 [126] | libreswan [127] |
| | |
| DSA-4685 [128] | apt [129] |
| | |
| DSA-4686 [130] | apache-log4j1.2 [131] |
| | |
| DSA-4687 [132] | exim4 [133] |
| | |
| DSA-4688 [134] | dpdk [135] |
| | |
| DSA-4689 [136] | bind9 [137] |
| | |
| DSA-4690 [138] | dovecot [139] |
| | |
| DSA-4691 [140] | pdns-recursor [141] |
| | |
| DSA-4692 [142] | netqmail [143] |
| | |
| DSA-4694 [144] | unbound [145] |
| | |
| DSA-4695 [146] | firefox-esr [147] |
| | |
| DSA-4696 [148] | nodejs [149] |
| | |
| DSA-4697 [150] | gnutls28 [151] |
| | |
| DSA-4699 [152] | linux-signed-amd64 [153] |
| | |
| DSA-4699 [154] | linux-signed-arm64 [155] |
| | |
| DSA-4699 [156] | linux-signed-i386 [157] |
| | |
| DSA-4699 [158] | linux [159] |
| | |
| DSA-4700 [160] | roundcube [161] |
| | |
| DSA-4701 [162] | intel-microcode [163] |
| | |
| DSA-4702 [164] | thunderbird [165] |
| | |
| DSA-4704 [166] | vlc [167] |
| | |
| DSA-4705 [168] | python-django [169] |
| | |
| DSA-4707 [170] | mutt [171] |
| | |
| DSA-4708 [172] | neomutt [173] |
| | |
| DSA-4709 [174] | wordpress [175] |
| | |
| DSA-4710 [176] | trafficserver [177] |
| | |
| DSA-4711 [178] | coturn [179] |
| | |
| DSA-4712 [180] | imagemagick [181] |
| | |
| DSA-4713 [182] | firefox-esr [183] |
| | |
| DSA-4714 [184] | chromium [185] |
| | |
| DSA-4716 [186] | docker.io [187] |
| | |
| DSA-4718 [188] | thunderbird [189] |
| | |
| DSA-4719 [190] | php7.3 [191] |
| | |
| DSA-4720 [192] | roundcube [193] |
| | |
| DSA-4721 [194] | ruby2.5 [195] |
| | |
| DSA-4722 [196] | ffmpeg [197] |
| | |
| DSA-4723 [198] | xen [199] |
| | |
| DSA-4724 [200] | webkit2gtk [201] |
| | |
| DSA-4725 [202] | evolution-data-server [203] |
| | |
| DSA-4726 [204] | nss [205] |
| | |
| DSA-4727 [206] | tomcat9 [207] |
| | |
| DSA-4728 [208] | qemu [209] |
| | |
| DSA-4729 [210] | libopenmpt [211] |
| | |
| DSA-4730 [212] | ruby-sanitize [213] |
| | |
| DSA-4731 [214] | redis [215] |
| | |
| DSA-4732 [216] | squid [217] |
| | |
| DSA-4733 [218] | qemu [219] |
| | |
| DSA-4735 [220] | grub-efi-amd64-signed [221] |
| | |
| DSA-4735 [222] | grub-efi-arm64-signed [223] |
| | |
| DSA-4735 [224] | grub-efi-ia32-signed [225] |
| | |
| DSA-4735 [226] | grub2 [227] |
| | |
+----------------+-----------------------------+
104: https://www.debian.org/security/2020/dsa-4626
105: https://packages.debian.org/src:php7.3
106: https://www.debian.org/security/2020/dsa-4674
107: https://packages.debian.org/src:roundcube
108: https://www.debian.org/security/2020/dsa-4675
109: https://packages.debian.org/src:graphicsmagick
110: https://www.debian.org/security/2020/dsa-4676
111: https://packages.debian.org/src:salt
112: https://www.debian.org/security/2020/dsa-4677
113: https://packages.debian.org/src:wordpress
114: https://www.debian.org/security/2020/dsa-4678
115: https://packages.debian.org/src:firefox-esr
116: https://www.debian.org/security/2020/dsa-4679
117: https://packages.debian.org/src:keystone
118: https://www.debian.org/security/2020/dsa-4680
119: https://packages.debian.org/src:tomcat9
120: https://www.debian.org/security/2020/dsa-4681
121: https://packages.debian.org/src:webkit2gtk
122: https://www.debian.org/security/2020/dsa-4682
123: https://packages.debian.org/src:squid
124: https://www.debian.org/security/2020/dsa-4683
125: https://packages.debian.org/src:thunderbird
126: https://www.debian.org/security/2020/dsa-4684
127: https://packages.debian.org/src:libreswan
128: https://www.debian.org/security/2020/dsa-4685
129: https://packages.debian.org/src:apt
130: https://www.debian.org/security/2020/dsa-4686
131: https://packages.debian.org/src:apache-log4j1.2
132: https://www.debian.org/security/2020/dsa-4687
133: https://packages.debian.org/src:exim4
134: https://www.debian.org/security/2020/dsa-4688
135: https://packages.debian.org/src:dpdk
136: https://www.debian.org/security/2020/dsa-4689
137: https://packages.debian.org/src:bind9
138: https://www.debian.org/security/2020/dsa-4690
139: https://packages.debian.org/src:dovecot
140: https://www.debian.org/security/2020/dsa-4691
141: https://packages.debian.org/src:pdns-recursor
142: https://www.debian.org/security/2020/dsa-4692
143: https://packages.debian.org/src:netqmail
144: https://www.debian.org/security/2020/dsa-4694
145: https://packages.debian.org/src:unbound
146: https://www.debian.org/security/2020/dsa-4695
147: https://packages.debian.org/src:firefox-esr
148: https://www.debian.org/security/2020/dsa-4696
149: https://packages.debian.org/src:nodejs
150: https://www.debian.org/security/2020/dsa-4697
151: https://packages.debian.org/src:gnutls28
152: https://www.debian.org/security/2020/dsa-4699
153: https://packages.debian.org/src:linux-signed-amd64
154: https://www.debian.org/security/2020/dsa-4699
155: https://packages.debian.org/src:linux-signed-arm64
156: https://www.debian.org/security/2020/dsa-4699
157: https://packages.debian.org/src:linux-signed-i386
158: https://www.debian.org/security/2020/dsa-4699
159: https://packages.debian.org/src:linux
160: https://www.debian.org/security/2020/dsa-4700
161: https://packages.debian.org/src:roundcube
162: https://www.debian.org/security/2020/dsa-4701
163: https://packages.debian.org/src:intel-microcode
164: https://www.debian.org/security/2020/dsa-4702
165: https://packages.debian.org/src:thunderbird
166: https://www.debian.org/security/2020/dsa-4704
167: https://packages.debian.org/src:vlc
168: https://www.debian.org/security/2020/dsa-4705
169: https://packages.debian.org/src:python-django
170: https://www.debian.org/security/2020/dsa-4707
171: https://packages.debian.org/src:mutt
172: https://www.debian.org/security/2020/dsa-4708
173: https://packages.debian.org/src:neomutt
174: https://www.debian.org/security/2020/dsa-4709
175: https://packages.debian.org/src:wordpress
176: https://www.debian.org/security/2020/dsa-4710
177: https://packages.debian.org/src:trafficserver
178: https://www.debian.org/security/2020/dsa-4711
179: https://packages.debian.org/src:coturn
180: https://www.debian.org/security/2020/dsa-4712
181: https://packages.debian.org/src:imagemagick
182: https://www.debian.org/security/2020/dsa-4713
183: https://packages.debian.org/src:firefox-esr
184: https://www.debian.org/security/2020/dsa-4714
185: https://packages.debian.org/src:chromium
186: https://www.debian.org/security/2020/dsa-4716
187: https://packages.debian.org/src:docker.io
188: https://www.debian.org/security/2020/dsa-4718
189: https://packages.debian.org/src:thunderbird
190: https://www.debian.org/security/2020/dsa-4719
191: https://packages.debian.org/src:php7.3
192: https://www.debian.org/security/2020/dsa-4720
193: https://packages.debian.org/src:roundcube
194: https://www.debian.org/security/2020/dsa-4721
195: https://packages.debian.org/src:ruby2.5
196: https://www.debian.org/security/2020/dsa-4722
197: https://packages.debian.org/src:ffmpeg
198: https://www.debian.org/security/2020/dsa-4723
199: https://packages.debian.org/src:xen
200: https://www.debian.org/security/2020/dsa-4724
201: https://packages.debian.org/src:webkit2gtk
202: https://www.debian.org/security/2020/dsa-4725
203: https://packages.debian.org/src:evolution-data-server
204: https://www.debian.org/security/2020/dsa-4726
205: https://packages.debian.org/src:nss
206: https://www.debian.org/security/2020/dsa-4727
207: https://packages.debian.org/src:tomcat9
208: https://www.debian.org/security/2020/dsa-4728
209: https://packages.debian.org/src:qemu
210: https://www.debian.org/security/2020/dsa-4729
211: https://packages.debian.org/src:libopenmpt
212: https://www.debian.org/security/2020/dsa-4730
213: https://packages.debian.org/src:ruby-sanitize
214: https://www.debian.org/security/2020/dsa-4731
215: https://packages.debian.org/src:redis
216: https://www.debian.org/security/2020/dsa-4732
217: https://packages.debian.org/src:squid
218: https://www.debian.org/security/2020/dsa-4733
219: https://packages.debian.org/src:qemu
220: https://www.debian.org/security/2020/dsa-4735
221: https://packages.debian.org/src:grub-efi-amd64-signed
222: https://www.debian.org/security/2020/dsa-4735
223: https://packages.debian.org/src:grub-efi-arm64-signed
224: https://www.debian.org/security/2020/dsa-4735
225: https://packages.debian.org/src:grub-efi-ia32-signed
226: https://www.debian.org/security/2020/dsa-4735
227: https://packages.debian.org/src:grub2
Removed packages
----------------
The following packages were removed due to circumstances beyond our
control:
+--------------------------------+------------------------------------+
| Package | Reason |
+--------------------------------+------------------------------------+
| golang-github-unknwon- | Security issues; unmaintained |
| cae [228] | |
| | |
| janus [229] | Not supportable in stable |
| | |
| mathematica-fonts [230] | Relies on unavailable download |
| | location |
| | |
| matrix-synapse [231] | Security issues; unsupportable |
| | |
| selenium-firefoxdriver [232] | Incompatible with newer Firefox |
| | ESR versions |
| | |
+--------------------------------+------------------------------------+
228: https://packages.debian.org/src:golang-github-unknwon-cae
229: https://packages.debian.org/src:janus
230: https://packages.debian.org/src:mathematica-fonts
231: https://packages.debian.org/src:matrix-synapse
232: https://packages.debian.org/src:selenium-firefoxdriver
Debian Installer
----------------
The installer has been updated to include the fixes incorporated into
stable by the point release.
URLs
----
The complete lists of packages that have changed with this revision:
http://ftp.debian.org/debian/dists/buster/ChangeLog
The current stable distribution:
http://ftp.debian.org/debian/dists/stable/
Proposed updates to the stable distribution:
http://ftp.debian.org/debian/dists/proposed-updates
stable distribution information (release notes, errata etc.):
https://www.debian.org/releases/stable/
Security announcements and information:
https://www.debian.org/security/
About Debian
------------
The Debian Project is an association of Free Software developers who
volunteer their time and effort in order to produce the completely free
operating system Debian.
Contact Information
-------------------
For further information, please visit the Debian web pages at
https://www.debian.org/, send mail to press@debian.org, or contact the
stable release team at debian-release@lists.debian.org.
[1] https://www.debian.org/security/2020/dsa-4735
[2] https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot/
[3] https://lwn.net/ml/debian-announce/a40bd007-09d9-38fa-d391-05ca66ac00dc@debian.org