This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --WyxQLpWCdewckv7yVOEnsjmpY3nHIaP8U
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: quoted-printable

------------------------------------------------------------------------
The Debian Project https://www.debian.org/ Updated Debian 10: 10.7 released press@debian.org December 5th, 2020 https://www.debian.org/News/2020/20201205 ------------------------------------------------------------------------


The Debian project is pleased to announce the seventh update of its
stable distribution Debian 10 (codename "buster"). This point release
mainly adds corrections for security issues, along with a few
adjustments for serious problems. Security advisories have already been published separately and are referenced where available.

Please note that the point release does not constitute a new version of
Debian 10 but only updates some of the packages included. There is no
need to throw away old "buster" media. After installation, packages can
be upgraded to the current versions using an up-to-date Debian mirror.

Those who frequently install updates from security.debian.org won't have
to update many packages, and most such updates are included in the point release.

New installation images will be available soon at the regular locations.

Upgrading an existing installation to this revision can be achieved by
pointing the package management system at one of Debian's many HTTP
mirrors. A comprehensive list of mirrors is available at:

https://www.debian.org/mirror/list



Miscellaneous Bugfixes
----------------------

This stable update adds a few important corrections to the following
packages:

+-------------------------+-------------------------------------------+
| Package | Reason | +-------------------------+-------------------------------------------+
| base-files [1] | Update for the point release |
| | |
| choose-mirror [2] | Update mirror list |
| | |
| cups [3] | Fix 'printer-alert' invalid free |
| | |
| dav4tbsync [4] | New upstream release, compatible with |
| | newer Thunderbird versions |
| | |
| debian-installer [5] | Use 4.19.0-13 Linux kernel ABI; add grub2 |
| | to Built-Using |
| | |
| debian-installer- | Rebuild against proposed-updates |
| netboot-images [6] | |
| | |
| distro-info-data [7] | Add Ubuntu 21.04, Hirsute Hippo |
| | |
| dpdk [8] | New upstream stable release; fix remote |
| | code execution issue [CVE-2020-14374], |
| | TOCTOU issues [CVE-2020-14375], buffer |
| | overflow [CVE-2020-14376], buffer over |
| | read [CVE-2020-14377] and integer |
| | underflow [CVE-2020-14377]; fix armhf |
| | build with NEON |
| | |
| eas4tbsync [9] | New upstream release, compatible with |
| | newer Thunderbird versions |
| | |
| edk2 [10] | Fix integer overflow in |
| | DxeImageVerificationHandler [CVE-2019- |
| | 14562] |
| | |
| efivar [11] | Add support for nvme-fabrics and nvme- |
| | subsystem devices; fix uninitialized |
| | variable in parse_acpi_root, avoiding |
| | possible segfault |
| | |
| enigmail [12] | Introduce migration assistant to |
| | Thunderbird's built-in GPG support |
| | |
| espeak [13] | Fix using espeak with mbrola-fr4 when |
| | mbrola-fr1 is not installed |
| | |
| fastd [14] | Fix memory leak when receiving too many |
| | invalid packets [CVE-2020-27638] |
| | |
| fish [15] | Ensure TTY options are restored on exit |
| | |
| freecol [16] | Fix XML External Entity vulnerability |
| | [CVE-2018-1000825] |
| | |
| gajim-omemo [17] | Use 12-byte IV, for better compatibility |
| | with iOS clients |
| | |
| glances [18] | Listen only on localhost by default |
| | |
| iptables- | Don't force-load kernel modules; improve |
| persistent [19] | rule flushing logic |
| | |
| lacme [20] | Use upstream certificate chain instead of |
| | an hardcoded one, easing support for new |
| | Let's Encrypt root and intermediate |
| | certificates |
| | |
| libdatetime-timezone- | Update included data to tzdata 2020d |
| perl [21] | |
| | |
| libimobiledevice [22] | Add partial support for iOS 14 |
| | |
| libjpeg-turbo [23] | Fix denial of service [CVE-2018-1152], |
| | buffer over read [CVE-2018-14498], |
| | possible remote code execution [CVE-2019- |
| | 2201], buffer over read [CVE-2020-13790] |
| | |
| libxml2 [24] | Fix denial of service [CVE-2017-18258], |
| | NULL pointer dereference [CVE-2018- |
| | 14404], infinite loop [CVE-2018-14567], |
| | memory leak [CVE-2019-19956 CVE-2019- |
| | 20388], infinite loop [CVE-2020-7595] |
| | |
| linux [25] | New upstream stable release |
| | |
| linux-latest [26] | Update for 4.19.0-13 kernel ABI |
| | |
| linux-signed-amd64 [27] | New upstream stable release |
| | |
| linux-signed-arm64 [28] | New upstream stable release |
| | |
| linux-signed-i386 [29] | New upstream stable release |
| | |
| lmod [30] | Change architecture to "any" - required |
| | due to LUA_PATH and LUA_CPATH being |
| | determined at build time |
| | |
| mariadb-10.3 [31] | New upstream stable release; security |
| | fixes [CVE-2020-14765 CVE-2020-14776 |
| | CVE-2020-14789 CVE-2020-14812 CVE-2020- |
| | 28912] |
| | |
| mutt [32] | Ensure IMAP connection is closed after a |
| | connection error [CVE-2020-28896] |
| | |
| neomutt [33] | Ensure IMAP connection is closed after a |
| | connection error [CVE-2020-28896] |
| | |
| node-object-path [34] | Fix prototype pollution in set() |
| | [CVE-2020-15256] |
| | |
| node-pathval [35] | Fix prototype pollution [CVE-2020-7751] |
| | |
| okular [36] | Fix code execution via action link |
| | [CVE-2020-9359] |
| | |
| openjdk-11 [37] | New upstream release; fix JVM crash |
| | |
| partman-auto [38] | Increase /boot sizes in most recipes to |
| | between 512 and 768M, to better handle |
| | kernel ABI changes and larger |
| | initramfses; cap RAM size as used for |
| | swap partition calculations, resolving |
| | issues on machines with more RAM than |
| | disk space |
| | |
| pcaudiolib [39] | Cap cancellation latency to 10ms |
| | |
| plinth [40] | Apache: Disable mod_status [CVE-2020- |
| | 25073] |
| | |
| puma [41] | Fix HTTP injection and HTTP smuggling |
| | issues [CVE-2020-5247 CVE-2020-5249 |
| | CVE-2020-11076 CVE-2020-11077] |
| | |
| ros-ros-comm [42] | Fix integer overflow [CVE-2020-16124] |
| | |
| ruby2.5 [43] | Fix potential HTTP request smuggling |
| | vulnerability in WEBrick [CVE-2020-25613] |
| | |
| sleuthkit [44] | Fix stack buffer overflow in |
| | yaffsfs_istat [CVE-2020-10232] |
| | |
| sqlite3 [45] | Fix division by zero [CVE-2019-16168], |
| | NULL pointer dereference [CVE-2019- |
| | 19923], mishandling of NULL pathname |
| | during an update of a ZIP archive |
| | [CVE-2019-19925], mishandling of embedded |
| | NULs in filenames [CVE-2019-19959], |
| | possible crash (unwinding WITH stack) |
| | [CVE-2019-20218], integer overflow |
| | [CVE-2020-13434], segmentation fault |
| | [CVE-2020-13435], use-after-free issue |
| | [CVE-2020-13630], NULL pointer |
| | dereference [CVE-2020-13632], heap |
| | overflow [CVE-2020-15358] |
| | |
| systemd [46] | Basic/cap-list: parse/print numerical |
| | capabilities; recognise new capabilities |
| | from Linux kernel 5.8; networkd: do not |
| | generate MAC for bridge device |
| | |
| tbsync [47] | New upstream release, compatible with |
| | newer Thunderbird versions |
| | |
| tcpdump [48] | Fix untrusted input issue in the PPP |
| | printer [CVE-2020-8037] |
| | |
| tigervnc [49] | Properly store certificate exceptions in |
| | native and java VNC viewer [CVE-2020- |
| | 26117] |
| | |
| tor [50] | New upstream stable release; multiple |
| | security, usability, portability, and |
| | reliability fixes |
| | |
| transmission [51] | Fix memory leak |
| | |
| tzdata [52] | New upstream release |
| | |
| ublock-origin [53] | New upstream version; split plugin to |
| | browser-specific packages |
| | |
| vips [54] | Fix use of uninitialised variable |
| | [CVE-2020-20739] |
| | | +-------------------------+-------------------------------------------+

1: https://packages.debian.org/src:base-files
2: https://packages.debian.org/src:choose-mirror
3: https://packages.debian.org/src:cups
4: https://packages.debian.org/src:dav4tbsync
5: https://packages.debian.org/src:debian-installer
6: https://packages.debian.org/src:debian-installer-netboot-images
7: https://packages.debian.org/src:distro-info-data
8: https://packages.debian.org/src:dpdk
9: https://packages.debian.org/src:eas4tbsync
10: https://packages.debian.org/src:edk2
11: https://packages.debian.org/src:efivar
12: https://packages.debian.org/src:enigmail
13: https://packages.debian.org/src:espeak
14: https://packages.debian.org/src:fastd
15: https://packages.debian.org/src:fish
16: https://packages.debian.org/src:freecol
17: https://packages.debian.org/src:gajim-omemo
18: https://packages.debian.org/src:glances
19: https://packages.debian.org/src:iptables-persistent
20: https://packages.debian.org/src:lacme
21: https://packages.debian.org/src:libdatetime-timezone-perl
22: https://packages.debian.org/src:libimobiledevice
23: https://packages.debian.org/src:libjpeg-turbo
24: https://packages.debian.org/src:libxml2
25: https://packages.debian.org/src:linux
26: https://packages.debian.org/src:linux-latest
27: https://packages.debian.org/src:linux-signed-amd64
28: https://packages.debian.org/src:linux-signed-arm64
29: https://packages.debian.org/src:linux-signed-i386
30: https://packages.debian.org/src:lmod
31: https://packages.debian.org/src:mariadb-10.3
32: https://packages.debian.org/src:mutt
33: https://packages.debian.org/src:neomutt
34: https://packages.debian.org/src:node-object-path
35: https://packages.debian.org/src:node-pathval
36: https://packages.debian.org/src:okular
37: https://packages.debian.org/src:openjdk-11
38: https://packages.debian.org/src:partman-auto
39: https://packages.debian.org/src:pcaudiolib
40: https://packages.debian.org/src:plinth
41: https://packages.debian.org/src:puma
42: https://packages.debian.org/src:ros-ros-comm
43: https://packages.debian.org/src:ruby2.5
44: https://packages.debian.org/src:sleuthkit
45: https://packages.debian.org/src:sqlite3
46: https://packages.debian.org/src:systemd
47: https://packages.debian.org/src:tbsync
48: https://packages.debian.org/src:tcpdump
49: https://packages.debian.org/src:tigervnc
50: https://packages.debian.org/src:tor
51: https://packages.debian.org/src:transmission
52: https://packages.debian.org/src:tzdata
53: https://packages.debian.org/src:ublock-origin
54: https://packages.debian.org/src:vips

Security Updates
----------------

This revision adds the following security updates to the stable release.
The Security Team has already released an advisory for each of these
updates:

+----------------+----------------------------+
| Advisory ID | Package | +----------------+----------------------------+
| DSA-4766 [55] | rails [56] |
| | |
| DSA-4767 [57] | mediawiki [58] |
| | |
| DSA-4768 [59] | firefox-esr [60] |
| | |
| DSA-4769 [61] | xen [62] |
| | |
| DSA-4770 [63] | thunderbird [64] |
| | |
| DSA-4771 [65] | spice [66] |
| | |
| DSA-4772 [67] | httpcomponents-client [68] |
| | |
| DSA-4773 [69] | yaws [70] |
| | |
| DSA-4774 [71] | linux-latest [72] |
| | |
| DSA-4774 [73] | linux-signed-amd64 [74] |
| | |
| DSA-4774 [75] | linux-signed-arm64 [76] |
| | |
| DSA-4774 [77] | linux-signed-i386 [78] |
| | |
| DSA-4774 [79] | linux [80] |
| | |
| DSA-4775 [81] | python-flask-cors [82] |
| | |
| DSA-4776 [83] | mariadb-10.3 [84] |
| | |
| DSA-4777 [85] | freetype [86] |
| | |
| DSA-4778 [87] | firefox-esr [88] |
| | |
| DSA-4779 [89] | openjdk-11 [90] |
| | |
| DSA-4780 [91] | thunderbird [92] |
| | |
| DSA-4781 [93] | blueman [94] |
| | |
| DSA-4782 [95] | openldap [96] |
| | |
| DSA-4783 [97] | sddm [98] |
| | |
| DSA-4784 [99] | wordpress [100] |
| | |
| DSA-4785 [101] | raptor2 [102] |
| | |
| DSA-4786 [103] | libexif [104] |
| | |
| DSA-4787 [105] | moin [106] |
| | |
| DSA-4788 [107] | firefox-esr [108] |
| | |
| DSA-4789 [109] | codemirror-js [110] |
| | |
| DSA-4790 [111] | thunderbird [112] |
| | |
| DSA-4791 [113] | pacemaker [114] |
| | |
| DSA-4792 [115] | openldap [116] |
| | |
| DSA-4793 [117] | firefox-esr [118] |
| | |
| DSA-4794 [119] | mupdf [120] |
| | |
| DSA-4795 [121] | krb5 [122] |
| | |
| DSA-4796 [123] | thunderbird [124] |
| | |
| DSA-4798 [125] | spip [126] |
| | |
| DSA-4799 [127] | x11vnc [128] |
| | |
| DSA-4800 [129] | libproxy [130] |
| | | +----------------+----------------------------+

55: https://www.debian.org/security/2020/dsa-4766
56: https://packages.debian.org/src:rails
57: https://www.debian.org/security/2020/dsa-4767
58: https://packages.debian.org/src:mediawiki
59: https://www.debian.org/security/2020/dsa-4768
60: https://packages.debian.org/src:firefox-esr
61: https://www.debian.org/security/2020/dsa-4769
62: https://packages.debian.org/src:xen
63: https://www.debian.org/security/2020/dsa-4770
64: https://packages.debian.org/src:thunderbird
65: https://www.debian.org/security/2020/dsa-4771
66: https://packages.debian.org/src:spice
67: https://www.debian.org/security/2020/dsa-4772
68: https://packages.debian.org/src:httpcomponents-client
69: https://www.debian.org/security/2020/dsa-4773
70: https://packages.debian.org/src:yaws
71: https://www.debian.org/security/2020/dsa-4774
72: https://packages.debian.org/src:linux-latest
73: https://www.debian.org/security/2020/dsa-4774
74: https://packages.debian.org/src:linux-signed-amd64
75: https://www.debian.org/security/2020/dsa-4774
76: https://packages.debian.org/src:linux-signed-arm64
77: https://www.debian.org/security/2020/dsa-4774
78: https://packages.debian.org/src:linux-signed-i386
79: https://www.debian.org/security/2020/dsa-4774
80: https://packages.debian.org/src:linux
81: https://www.debian.org/security/2020/dsa-4775
82: https://packages.debian.org/src:python-flask-cors
83: https://www.debian.org/security/2020/dsa-4776
84: https://packages.debian.org/src:mariadb-10.3
85: https://www.debian.org/security/2020/dsa-4777
86: https://packages.debian.org/src:freetype
87: https://www.debian.org/security/2020/dsa-4778
88: https://packages.debian.org/src:firefox-esr
89: https://www.debian.org/security/2020/dsa-4779
90: https://packages.debian.org/src:openjdk-11
91: https://www.debian.org/security/2020/dsa-4780
92: https://packages.debian.org/src:thunderbird
93: https://www.debian.org/security/2020/dsa-4781
94: https://packages.debian.org/src:blueman
95: https://www.debian.org/security/2020/dsa-4782
96: https://packages.debian.org/src:openldap
97: https://www.debian.org/security/2020/dsa-4783
98: https://packages.debian.org/src:sddm
99: https://www.debian.org/security/2020/dsa-4784
100: https://packages.debian.org/src:wordpress
101: https://www.debian.org/security/2020/dsa-4785
102: https://packages.debian.org/src:raptor2
103: https://www.debian.org/security/2020/dsa-4786
104: https://packages.debian.org/src:libexif
105: https://www.debian.org/security/2020/dsa-4787
106: https://packages.debian.org/src:moin
107: https://www.debian.org/security/2020/dsa-4788
108: https://packages.debian.org/src:firefox-esr
109: https://www.debian.org/security/2020/dsa-4789
110: https://packages.debian.org/src:codemirror-js
111: https://www.debian.org/security/2020/dsa-4790
112: https://packages.debian.org/src:thunderbird
113: https://www.debian.org/security/2020/dsa-4791
114: https://packages.debian.org/src:pacemaker
115: https://www.debian.org/security/2020/dsa-4792
116: https://packages.debian.org/src:openldap
117: https://www.debian.org/security/2020/dsa-4793
118: https://packages.debian.org/src:firefox-esr
119: https://www.debian.org/security/2020/dsa-4794
120: https://packages.debian.org/src:mupdf
121: https://www.debian.org/security/2020/dsa-4795
122: https://packages.debian.org/src:krb5
123: https://www.debian.org/security/2020/dsa-4796
124: https://packages.debian.org/src:thunderbird
125: https://www.debian.org/security/2020/dsa-4798
126: https://packages.debian.org/src:spip
127: https://www.debian.org/security/2020/dsa-4799
128: https://packages.debian.org/src:x11vnc
129: https://www.debian.org/security/2020/dsa-4800
130: https://packages.debian.org/src:libproxy

Removed packages
----------------

The following packages were removed due to circumstances beyond our
control:

+-------------------------+--------------------------------------------+
| Package | Reason | +-------------------------+--------------------------------------------+
| freshplayerplugin [131] | Unsupported by browsers; discontinued |
| | upstream |
| | |
| nostalgy [132] | Incompatible with newer Thunderbird |
| | versions |
| | |
| sieve-extension [133] | Incompatible with newer Thunderbird |
| | versions |
| | | +-------------------------+--------------------------------------------+

131: https://packages.debian.org/src:freshplayerplugin
132: https://packages.debian.org/src:nostalgy
133: https://packages.debian.org/src:sieve-extension

Debian Installer
----------------

The installer has been updated to include the fixes incorporated into
stable by the point release.


URLs
----

The complete lists of packages that have changed with this revision:

http://ftp.debian.org/debian/dists/buster/ChangeLog


The current stable distribution:

http://ftp.debian.org/debian/dists/stable/


Proposed updates to the stable distribution:

http://ftp.debian.org/debian/dists/proposed-updates


stable distribution information (release notes, errata etc.):

https://www.debian.org/releases/stable/


Security announcements and information:

https://www.debian.org/security/



About Debian
------------

The Debian Project is an association of Free Software developers who
volunteer their time and effort in order to produce the completely free operating system Debian.


Contact Information
-------------------

For further information, please visit the Debian web pages at https://www.debian.org/, send mail to <press@debian.org>, or contact the
stable release team at <debian-release@lists.debian.org>.



--WyxQLpWCdewckv7yVOEnsjmpY3nHIaP8U--

-----BEGIN PGP SIGNATURE-----

wsF5BAABCAAjFiEEt6FfRVsofzhBdNXp5exKyb1iewUFAl/OHtMFAwAAAAAACgkQ5exKyb1iewV3 bRAAiHQNpu2b56yBj066B2AFXhQB8PvU/m+iUNaC+Mrpnq0qX9kNCl+IWVj4coO3Cxvl5fT5nSyQ be9NT5MmGSbWYt502qeR8XnjFHUkryMelqeCxzlFwFgeOTAMfzNTQ6HG6Xdx5mzsqZfob2savRqd gw8tqFa+sMsiyvTZMTm0CEHCTguFq1+MsaSzb/RlSb7w6iPGC5a4ieVyEUTZxBU9feyaFHlJcUo9 E6JmIQABk/odfyx0/VgLVSfFI+6fP+mf9Rpn+Y948hY5rP+0KAFsXJvRb+9zW4ecpcCWqOvU+x2u e8VuvJ5TbY8viR/sd7xY/L5mG8lk6hEeT5wO/sWPbRTI2q64ZiR/xJgTXjwumXKHgkZcR/+YP3jt v3c+2KyvHVu8AodmjIaOCqjOdWZw0RjGMp/MOifi8BGAFkdvlyttWwo3xRNF7NHYFE8BFtZmTcXH L9ZEDa0HE/fAOzuqW9JX4f8B1nIZsJLQ0uPDmWhZ3lXbNvQcvUPzvkWtwTTyo//CECEN5SrO6fuk yxMdqhIjgjgt4p9z/KkAxUl/V587yfMNiVmgy+Q6KaByliOuh/GkmyeTKbb8VRAV/t/NYNZYfx78 pg3/uw4p34gbDahs5OyH3nyyKetQoeCwg+g0Kb71QAe6M7SOY3/+hC2taXpbpZUj620tZKRbt1lf s3c=
=kCKz
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)