------------------------------------------------------------------------
The Debian Project
https://www.debian.org/ Updated Debian 10: 10.3 released
press@debian.org February 8th, 2020
https://www.debian.org/News/2020/20200208 ------------------------------------------------------------------------
The Debian project is pleased to announce the third update of its stable distribution Debian 10 (codename "buster"). This point release mainly
adds corrections for security issues, along with a few adjustments for
serious problems. Security advisories have already been published
separately and are referenced where available.
Please note that the point release does not constitute a new version of
Debian 10 but only updates some of the packages included. There is no
need to throw away old "buster" media. After installation, packages can
be upgraded to the current versions using an up-to-date Debian mirror.
Those who frequently install updates from security.debian.org won't have
to update many packages, and most such updates are included in the point release.
New installation images will be available soon at the regular locations.
Upgrading an existing installation to this revision can be achieved by
pointing the package management system at one of Debian's many HTTP
mirrors. A comprehensive list of mirrors is available at:
https://www.debian.org/mirror/list
Miscellaneous Bugfixes
----------------------
This stable update adds a few important corrections to the following
packages:
+---------------------------+-----------------------------------------+
| Package | Reason | +---------------------------+-----------------------------------------+
| alot [1] | Remove expiration time from test suite |
| | keys, fixing build failure |
| | |
| atril [2] | Fix segfault when no document is |
| | loaded; fix read of uninitialised |
| | memory [CVE-2019-11459] |
| | |
| base-files [3] | Update for the point release |
| | |
| beagle [4] | Provide wrapper script instead of |
| | symlinks to JARs, making them work |
| | again |
| | |
| bgpdump [5] | Fix segmentation fault |
| | |
| boost1.67 [6] | Fix undefined behaviour leading to |
| | crashing libboost-numpy |
| | |
| brightd [7] | Actually compare the value read out |
| | of /sys/class/power_supply/AC/online |
| | with "0" |
| | |
| casacore-data-jplde [8] | Include tables up to 2040 |
| | |
| clamav [9] | New upstream release; fix denial of |
| | service issue [CVE-2019-15961]; remove |
| | ScanOnAccess option, replacing with |
| | clamonacc |
| | |
| compactheader [10] | New upstream release compatible with |
| | Thunderbird 68 |
| | |
| console-common [11] | Fix regression that led to files not |
| | being included |
| | |
| csh [12] | Fix segfault on eval |
| | |
| cups [13] | Fix memory leak in ppdOpen; fix |
| | validation of default language in |
| | ippSetValuetag [CVE-2019-2228] |
| | |
| cyrus-imapd [14] | Add BACKUP type to cyrus-upgrade-db, |
| | fixing upgrade issues |
| | |
| debian-edu-config [15] | Keep proxy settings on client if WPAD |
| | is unreachable |
| | |
| debian-installer [16] | Rebuild against proposed-updates; tweak |
| | mini.iso generation on arm so EFI |
| | netboot will work; update |
| | USE_UDEBS_FROM default from unstable to |
| | buster, to help users performing local |
| | builds |
| | |
| debian-installer-netboot- | Rebuild against proposed-updates |
| images [17] | |
| | |
| debian-security- | Update security support status of |
| support [18] | several packages |
| | |
| debos [19] | Rebuild against updated golang-github- |
| | go-debos-fakemachine |
| | |
| dispmua [20] | New upstream release compatible with |
| | Thunderbird 68 |
| | |
| dkimpy [21] | New upstream stable release |
| | |
| dkimpy-milter [22] | Fix privilege management at startup so |
| | Unix sockets work |
| | |
| dpdk [23] | New upstream stable release |
| | |
| e2fsprogs [24] | Fix potential stack underflow in e2fsck |
| | [CVE-2019-5188]; fix use after free in |
| | e2fsck |
| | |
| fig2dev [25] | Allow Fig v2 text strings ending with |
| | multiple ^A [CVE-2019-19555]; reject |
| | huge arrow types causing integer |
| | overflow [CVE-2019-19746]; fix several |
| | crashes [CVE-2019-19797] |
| | |
| freerdp2 [26] | Fix realloc return handling [CVE-2019- |
| | 17177] |
| | |
| freetds [27] | tds: Make sure UDT has varint set to 8 |
| | [CVE-2019-13508] |
| | |
| git-lfs [28] | Fix build issues with newer Go versions |
| | |
| gnubg [29] | Increase the size of static buffers |
| | used to build messages during program |
| | start so that the Spanish translation |
| | doesn't overflow a buffer |
| | |
| gnutls28 [30] | Fix interop problems with gnutls 2.x; |
| | fix parsing of certificates using |
| | RegisteredID |
| | |
| gtk2-engines-murrine [31] | Fix co-installability with other themes |
| | |
| guile-2.2 [32] | Fix build failure |
| | |
| libburn [33] | Fix "cdrskin multi-track burning was |
| | slow and stalled after track 1" |
| | |
| libcgns [34] | Fix build failure on ppc64el |
| | |
| libimobiledevice [35] | Properly handle partial SSL writes |
| | |
| libmatroska [36] | Increase shared library dependency to |
| | 1.4.7 since that version introduced new |
| | symbols |
| | |
| libmysofa [37] | Security fixes [CVE-2019-16091 |
| | CVE-2019-16092 CVE-2019-16093 CVE-2019- |
| | 16094 CVE-2019-16095] |
| | |
| libole-storage-lite- | Fix interpretation of years from 2020 |
| perl [38] | onwards |
| | |
| libparse-win32registry- | Fix interpretation of years from 2020 |
| perl [39] | onwards |
| | |
| libperl4-corelibs- | Fix interpretation of years from 2020 |
| perl [40] | onwards |
| | |
| libsolv [41] | Fix heap buffer overflow [CVE-2019- |
| | 20387] |
| | |
| libspreadsheet-wright- | Fix previously unusable OpenDocument |
| perl [42] | spreadsheets and passing of JSON |
| | formatting options |
| | |
| libtimedate-perl [43] | Fix interpretation of years from 2020 |
| | onwards |
| | |
| libvirt [44] | Apparmor: Allow one to run pygrub; |
| | don't render osxsave, ospke into QEMU |
| | command line; this helps newer QEMU |
| | with some configs generated by virt- |
| | install |
| | |
| libvncserver [45] | RFBserver: don't leak stack memory to |
| | the remote [CVE-2019-15681]; resolve a |
| | freeze during connection closure and a |
| | segmentation fault on multi-threaded |
| | VNC servers; fix issue connecting to |
| | VMWare servers; fix crashing of x11vnc |
| | when vncviewer connects |
| | |
| limnoria [46] | Fix remote information disclosure and |
| | possibly remote code execution in the |
| | Math plugin [CVE-2019-19010] |
| | |
| linux [47] | New upstream stable release |
| | |
| linux-latest [48] | Update for 4.19.0-8 Linux kernel ABI |
| | |
| linux-signed-amd64 [49] | New upstream stable release |
| | |
| linux-signed-arm64 [50] | New upstream stable release |
| | |
| linux-signed-i386 [51] | New upstream stable release |
| | |
| mariadb-10.3 [52] | New upstream stable release [CVE-2019- |
| | 2938 CVE-2019-2974 CVE-2020-2574] |
| | |
| mesa [53] | Call shmget() with permission 0600 |
| | instead of 0777 [CVE-2019-5068] |
| | |
| mnemosyne [54] | Add missing dependency on PIL |
| | |
| modsecurity [55] | Fix cookie header parsing bug |
| | [CVE-2019-19886] |
| | |
| node-handlebars [56] | Disallow calling "helperMissing" and |
| | "blockHelperMissing" directly |
| | [CVE-2019-19919] |
| | |
| node-kind-of [57] | Fix type checking vulnerability in |
| | ctorName() [CVE-2019-20149] |
| | |
| ntpsec [58] | Fix slow DNS retries; fix ntpdate -s |
| | (syslog) to fix the if-up hook; |
| | documentation fixes |
| | |
| numix-gtk-theme [59] | Fix co-installability with other themes |
| | |
| nvidia-graphics-drivers- | New upstream stable release |
| legacy-340xx [60] | |
| | |
| nyancat [61] | Rebuild in a clean environment to add |
| | the systemd unit for nyancat-server |
| | |
| openjpeg2 [62] | Fix heap overflow [CVE-2018-21010] and |
| | integer overflow [CVE-2018-20847] |
| | |
| opensmtpd [63] | Warn users of change of smtpd.conf |
| | syntax (in earlier versions); install |
| | smtpctl setgid opensmtpq; handle non- |
| | zero exit code from hostname during |
| | config phase |
| | |
| openssh [64] | Deny (non-fatally) ipc in the seccomp |
| | sandbox, fixing failures with OpenSSL |
| | 1.1.1d and Linux < 3.19 on some |
| | architectures |
| | |
| php-horde [65] | Fix stored cross-site scripting issue |
| | in Horde Cloud Block [CVE-2019-12095] |
| | |
| php-horde-text- | Fix invalid regular expressions |
| filter [66] | |
| | |
| postfix [67] | New upstream stable release |
| | |
| postgresql-11 [68] | New upstream stable release |
| | |
| print-manager [69] | Fix crash if CUPS returns the same ID |
| | for multiple print jobs |
| | |
| proftpd-dfsg [70] | Fix CRL issues [CVE-2019-19270 |
| | CVE-2019-19269] |
| | |
| pykaraoke [71] | Fix path to fonts |
| | |
| python-evtx [72] | Fix import of "hexdump" |
| | |
| python- | Close file after getting hash, avoiding |
| internetarchive [73] | file descriptor exhaustion |
| | |
| python3.7 [74] | Security fixes [CVE-2019-9740 CVE-2019- |
| | 9947 CVE-2019-9948 CVE-2019-10160 |
| | CVE-2019-16056 CVE-2019-16935] |
| | |
| qtbase-opensource- | Add support for non-PPD printers and |
| src [75] | avoid silent fallback to a printer |
| | supporting PPD; fix crash when using |
| | QLabels with rich text; fix graphics |
| | tablet hover events |
| | |
| qtwebengine-opensource- | Fix PDF parsing; disable executable |
| src [76] | stack |
| | |
| quassel [77] | Fix quasselcore AppArmor denials when |
| | the config is saved; correct default |
| | channel for Debian; remove unnecessary |
| | NEWS file |
| | |
| qwinff [78] | Fix crash due to incorrect file |
| | detection |
| | |
| raspi3-firmware [79] | Fix detection of serial console with |
| | kernel 5.x |
| | |
| ros-ros-comm [80] | Fix security issues [CVE-2019-13566 |
| | CVE-2019-13465 CVE-2019-13445] |
| | |
| roundcube [81] | New upstream stable release; fix |
| | insecure permissions in enigma plugin |
| | [CVE-2018-1000071] |
| | |
| schleuder [82] | Fix recognizing keywords in mails with |
| | "protected headers" and empty subject; |
| | strip non-self-signatures when |
| | refreshing or fetching keys; error if |
| | the argument provided to `refresh_keys` |
| | is not an existing list; add missing |
| | List-Id header to notification mails |
| | sent to admins; handle decryption |
| | problems gracefully; default to |
| | ASCII-8BIT encoding |
| | |
| simplesamlphp [83] | Fix incompatibility with PHP 7.3 |
| | |
| sogo-connector [84] | New upstream release compatible with |
| | Thunderbird 68 |
| | |
| spf-engine [85] | Fix privilege management at startup so |
| | Unix sockets work; update documentation |
| | for TestOnly |
| | |
| sudo [86] | Fix a (non-exploitable in buster) |
| | buffer overflow when pwfeedback is |
| | enabled and input is a not a tty |
| | [CVE-2019-18634] |
| | |
| systemd [87] | Set fs.file-max sysctl to LONG_MAX |
| | rather than ULONG_MAX; change |
| | ownership/mode of the execution |
| | directories also for static users, |
| | ensuring that execution directories |
| | like CacheDirectory and StateDirectory |
| | are properly chowned to the user |
| | specified in User= before launching the |
| | service |
| | |
| tifffile [88] | Fix wrapper script |
| | |
| tigervnc [89] | Security fixes [CVE-2019-15691 |
| | CVE-2019-15692 CVE-2019-15693 CVE-2019- |
| | 15694 CVE-2019-15695] |
| | |
| tightvnc [90] | Security fixes [CVE-2014-6053 CVE-2019- |
| | 8287 CVE-2018-20021 CVE-2018-20022 |
| | CVE-2018-20748 CVE-2018-7225 CVE-2019- |
| | 15678 CVE-2019-15679 CVE-2019-15680 |
| | CVE-2019-15681] |
| | |
| uif [91] | Fix paths to ip(6)tables-restore in |
| | light of the migration to nftables |
| | |
| unhide [92] | Fix stack exhaustion |
| | |
| x2goclient [93] | Strip ~/, ~user{,/}, ${HOME}{,/} and |
| | $HOME{,/} from destination paths in SCP |
| | mode; fixes regression with newer |
| | libssh versions with fixes for |
| | CVE-2019-14889 applied |
| | |
| xmltooling [94] | Fix race condition that could lead to |
| | crash under load |
| | | +---------------------------+-----------------------------------------+
1:
https://packages.debian.org/src:alot
2:
https://packages.debian.org/src:atril
3:
https://packages.debian.org/src:base-files
4:
https://packages.debian.org/src:beagle
5:
https://packages.debian.org/src:bgpdump
6:
https://packages.debian.org/src:boost1.67
7:
https://packages.debian.org/src:brightd
8:
https://packages.debian.org/src:casacore-data-jplde
9:
https://packages.debian.org/src:clamav
10:
https://packages.debian.org/src:compactheader
11:
https://packages.debian.org/src:console-common
12:
https://packages.debian.org/src:csh
13:
https://packages.debian.org/src:cups
14:
https://packages.debian.org/src:cyrus-imapd
15:
https://packages.debian.org/src:debian-edu-config
16:
https://packages.debian.org/src:debian-installer
17:
https://packages.debian.org/src:debian-installer-netboot-images
18:
https://packages.debian.org/src:debian-security-support
19:
https://packages.debian.org/src:debos
20:
https://packages.debian.org/src:dispmua
21:
https://packages.debian.org/src:dkimpy
22:
https://packages.debian.org/src:dkimpy-milter
23:
https://packages.debian.org/src:dpdk
24:
https://packages.debian.org/src:e2fsprogs
25:
https://packages.debian.org/src:fig2dev
26:
https://packages.debian.org/src:freerdp2
27:
https://packages.debian.org/src:freetds
28:
https://packages.debian.org/src:git-lfs
29:
https://packages.debian.org/src:gnubg
30:
https://packages.debian.org/src:gnutls28
31:
https://packages.debian.org/src:gtk2-engines-murrine
32:
https://packages.debian.org/src:guile-2.2
33:
https://packages.debian.org/src:libburn
34:
https://packages.debian.org/src:libcgns
35:
https://packages.debian.org/src:libimobiledevice
36:
https://packages.debian.org/src:libmatroska
37:
https://packages.debian.org/src:libmysofa
38:
https://packages.debian.org/src:libole-storage-lite-perl
39:
https://packages.debian.org/src:libparse-win32registry-perl
40:
https://packages.debian.org/src:libperl4-corelibs-perl
41:
https://packages.debian.org/src:libsolv
42:
https://packages.debian.org/src:libspreadsheet-wright-perl
43:
https://packages.debian.org/src:libtimedate-perl
44:
https://packages.debian.org/src:libvirt
45:
https://packages.debian.org/src:libvncserver
46:
https://packages.debian.org/src:limnoria
47:
https://packages.debian.org/src:linux
48:
https://packages.debian.org/src:linux-latest
49:
https://packages.debian.org/src:linux-signed-amd64
50:
https://packages.debian.org/src:linux-signed-arm64
51:
https://packages.debian.org/src:linux-signed-i386
52:
https://packages.debian.org/src:mariadb-10.3
53:
https://packages.debian.org/src:mesa
54:
https://packages.debian.org/src:mnemosyne
55:
https://packages.debian.org/src:modsecurity
56:
https://packages.debian.org/src:node-handlebars
57:
https://packages.debian.org/src:node-kind-of
58:
https://packages.debian.org/src:ntpsec
59:
https://packages.debian.org/src:numix-gtk-theme
60:
https://packages.debian.org/src:nvidia-graphics-drivers-legacy-340xx
61:
https://packages.debian.org/src:nyancat
62:
https://packages.debian.org/src:openjpeg2
63:
https://packages.debian.org/src:opensmtpd
64:
https://packages.debian.org/src:openssh
65:
https://packages.debian.org/src:php-horde
66:
https://packages.debian.org/src:php-horde-text-filter
67:
https://packages.debian.org/src:postfix
68:
https://packages.debian.org/src:postgresql-11
69:
https://packages.debian.org/src:print-manager
70:
https://packages.debian.org/src:proftpd-dfsg
71:
https://packages.debian.org/src:pykaraoke
72:
https://packages.debian.org/src:python-evtx
73:
https://packages.debian.org/src:python-internetarchive
74:
https://packages.debian.org/src:python3.7
75:
https://packages.debian.org/src:qtbase-opensource-src
76:
https://packages.debian.org/src:qtwebengine-opensource-src
77:
https://packages.debian.org/src:quassel
78:
https://packages.debian.org/src:qwinff
79:
https://packages.debian.org/src:raspi3-firmware
80:
https://packages.debian.org/src:ros-ros-comm
81:
https://packages.debian.org/src:roundcube
82:
https://packages.debian.org/src:schleuder
83:
https://packages.debian.org/src:simplesamlphp
84:
https://packages.debian.org/src:sogo-connector
85:
https://packages.debian.org/src:spf-engine
86:
https://packages.debian.org/src:sudo
87:
https://packages.debian.org/src:systemd
88:
https://packages.debian.org/src:tifffile
89:
https://packages.debian.org/src:tigervnc
90:
https://packages.debian.org/src:tightvnc
91:
https://packages.debian.org/src:uif
92:
https://packages.debian.org/src:unhide
93:
https://packages.debian.org/src:x2goclient
94:
https://packages.debian.org/src:xmltooling
Security Updates
----------------
This revision adds the following security updates to the stable release.
The Security Team has already released an advisory for each of these
updates:
+----------------+--------------------------+
| Advisory ID | Package | +----------------+--------------------------+
| DSA-4546 [95] | openjdk-11 [96] |
| | |
| DSA-4563 [97] | webkit2gtk [98] |
| | |
| DSA-4564 [99] | linux [100] |
| | |
| DSA-4564 [101] | linux-signed-i386 [102] |
| | |
| DSA-4564 [103] | linux-signed-arm64 [104] |
| | |
| DSA-4564 [105] | linux-signed-amd64 [106] |
| | |
| DSA-4565 [107] | intel-microcode [108] |
| | |
| DSA-4566 [109] | qemu [110] |
| | |
| DSA-4567 [111] | dpdk [112] |
| | |
| DSA-4568 [113] | postgresql-common [114] |
| | |
| DSA-4569 [115] | ghostscript [116] |
| | |
| DSA-4570 [117] | mosquitto [118] |
| | |
| DSA-4571 [119] | enigmail [120] |
| | |
| DSA-4571 [121] | thunderbird [122] |
| | |
| DSA-4572 [123] | slurm-llnl [124] |
| | |
| DSA-4573 [125] | symfony [126] |
| | |
| DSA-4575 [127] | chromium [128] |
| | |
[continued in next message]
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)