|
Package
|
Reason
|
|
audiofile
|
Fix denial of service [CVE-2018-13440] and buffer overflow issues [CVE-2018-17095]
|
|
base-files
|
Update for the point release
|
|
bwa
|
Fix buffer overflow [CVE-2019-10269]
|
|
ca-certificates-java
|
Fix bashisms in postinst and jks-keystore
|
|
cernlib
|
Apply optimization flag -O to Fortran modules instead of -O2 which generates broken code; fix build failure on arm64 by disabling PIE for Fortran executables
|
|
choose-mirror
|
Update included mirror list
|
|
chrony
|
Fix logging of measurements and statistics, and stopping of chronyd, on some platforms when seccomp filtering is enabled
|
|
ckermit
|
Drop OpenSSL version check
|
|
clamav
|
Fix out-of-bounds heap access when scanning PDF documents [CVE-2019-1787], PE files packed using Aspack [CVE-2019-1789] or OLE2 files [CVE-2019-1788]
|
|
dansguardian
|
Add missingok to logrotate configuration
|
|
debian-installer
|
Rebuild against proposed-updates
|
|
debian-installer-netboot-images
|
Rebuild against proposed-updates
|
|
debian-security-support
|
Update support statuses
|
|
diffoscope
|
Fix tests to work with Ghostscript 9.26
|
|
dns-root-data
|
Update root data to 2019031302
|
|
dnsruby
|
Add new root key (KSK-2017); ruby 2.3.0 deprecates TimeoutError, use Timeout::Error
|
|
dpdk
|
New upstream stable release
|
|
edk2
|
Fix buffer overflow in BlockIo service [CVE-2018-12180]; DNS: Check received packet size before using [CVE-2018-12178]; fix stack overflow with corrupted BMP [CVE-2018-12181]
|
|
firmware-nonfree
|
atheros / iwlwifi: update BlueTooth firmware [CVE-2018-5383]
|
|
flatpak
|
Reject all ioctls that the kernel will interpret as TIOCSTI [CVE-2019-10063]
|
|
geant321
|
Rebuild against cernlib with fixed Fortran optmisations
|
|
gnome-chemistry-utils
|
Stop building the obsolete gcu-plugin package
|
|
gocode
|
gocode-auto-complete-el: Promote auto-complete-el to Pre-Depends to ensure successful upgrades
|
|
gpac
|
Fix buffer overflows [CVE-2018-7752 CVE-2018-20762], heap overflows [CVE-2018-13005 CVE-2018-13006 CVE-2018-20761], out-of-bounds writes [CVE-2018-20760 CVE-2018-20763]
|
|
icedtea-web
|
Stop building the browser plugin, no longer works with Firefox 60
|
|
igraph
|
Fix a crash when loading malformed GraphML files [CVE-2018-20349]
|
|
jabref
|
Fix XML External Entity attack [CVE-2018-1000652]
|
|
java-common
|
Remove the default-java-plugin package, as the icedtea-web Xul plugin is being removed
|
|
jquery
|
Prevent Object.prototype pollution [CVE-2019-11358]
|
|
kauth
|
Fix insecure handling of arguments in helpers [CVE-2019-7443]
|
|
libdate-holidays-de-perl
|
Add March 8th (from 2019 onwards) and May 8th (2020 only) as public holidays (Berlin only)
|
|
libdatetime-timezone-perl
|
Update included data
|
|
libreoffice
|
Introduce next Japanese gengou era 'Reiwa'; make -core conflict against openjdk-8-jre-headless (= 8u181-b13-2~deb9u1), which had a broken ClassPathURLCheck
|
|
linux
|
New upstream stable version
|
|
linux-latest
|
Update for -9 kernel ABI
|
|
mariadb-10.1
|
New upstream stable version
|
|
mclibs
|
Rebuild against cernlib with fixed Fortran optmisations
|
|
ncmpc
|
Fix NULL pointer dereference [CVE-2018-9240]
|
|
node-superagent
|
Fix ZIP bomb attacks [CVE-2017-16129]; fix syntax error
|
|
nvidia-graphics-drivers
|
New upstream stable release [CVE-2018-6260]
|
|
nvidia-settings
|
New upstream stable release
|
|
obs-build
|
Do not allow writing to files in the host system [CVE-2017-14804]
|
|
paw
|
Rebuild against cernlib with fixed Fortran optmisations
|
|
perlbrew
|
Allow HTTPS CPAN URLs
|
|
postfix
|
New upstream stable release
|
|
postgresql-9.6
|
New upstream stable release
|
|
psk31lx
|
Make version sort correctly to avoid potential upgrade issues
|
|
publicsuffix
|
Update included data
|
|
pyca
|
Add missingok to logrotate configuration
|
|
python-certbot
|
Revert to debhelper compat 9, to ensure systemd timers are correctly started
|
|
python-cryptography
|
Remove BIO_callback_ctrl: The prototype differs with the OpenSSL's definition of it after it was changed (fixed) within OpenSSL
|
|
python-django-casclient
|
Apply django 1.10 middleware fix; python(3)-django-casclient: fix missing dependencies on python(3)-django
|
|
python-mode
|
Remove support for xemacs21
|
|
python-pip
|
Properly catch requests' HTTPError in index.py
|
|
python-pykmip
|
Fix potential denial of service issue [CVE-2018-1000872]
|
|
r-cran-igraph
|
Fix denial of service via crafted object [CVE-2018-20349]
|
|
rails
|
Fix information disclosure issues [CVE-2018-16476 CVE-2019-5418], denial of service issue [CVE-2019-5419]
|
|
rsync
|
Several security fixes for zlib [CVE-2016-9840 CVE-2016-9841 CVE-2016-9842 CVE-2016-9843]
|
|
ruby-i18n
|
Prevent a remote denial-of-service vulnerability [CVE-2014-10077]
|
|
ruby2.3
|
Fix FTBFS
|
|
runc
|
Fix root privilege escalation vulnerability [CVE-2019-5736]
|
|
systemd
|
journald: fix assertion failure on journal_file_link_data; tmpfiles: fix e to support shell style globs; mount-util: accept that name_to_handle_at() might fail with EPERM; automount: ack automount requests even when already mounted [CVE-2018-1049]; fix potential root privilege escalation [CVE-2018-15686]
|
|
twitter-bootstrap3
|
Fix cross site scripting issue in tooltips or popovers [CVE-2019-8331]
|
|
tzdata
|
New upstream release
|
|
unzip
|
Fix buffer overflow in password protected ZIP archives [CVE-2018-1000035]
|
|
vcftools
|
Fix information disclosure [CVE-2018-11099] and denial of service [CVE-2018-11129 CVE-2018-11130] via crafted files
|
|
vips
|
Fix NULL function pointer dereference [CVE-2018-7998], uninitialised memory access [CVE-2019-6976]
|
|
waagent
|
New upstream release, with many Azure fixes [CVE-2019-0804]
|
|
yorick-av
|
Rescale frame timestamps; set VBV buffer size for MPEG1/2 files
|
|
zziplib
|
Fix invalid memory access [CVE-2018-6381], bus error [CVE-2018-6540], out-of-bounds read [CVE-2018-7725], crash via crafted zip file [CVE-2018-7726], memory leak [CVE-2018-16548]; reject ZIP file if the size of the central directory and/or the offset of start of central directory point beyond the end of the ZIP file [CVE-2018-6484, CVE-2018-6541, CVE-2018-6869]
|
