|
Package
|
Reason
|
|
base-files
|
Update for the point release; add VERSION_CODENAME to os-release
|
|
basez
|
Properly decode base64url encoded strings
|
|
biomaj-watcher
|
Fix upgrades from jessie to stretch
|
|
c-icap-modules
|
Add support for clamav 0.101.1
|
|
chaosreader
|
Add missing dependency on libnet-dns-perl
|
|
clamav
|
New upstream stable release: add scan time limit to mitigate against zip-bombs [CVE-2019-12625]; fix out-of-bounds write within the NSIS bzip2 library [CVE-2019-12900]
|
|
corekeeper
|
Do not use a world-writable /var/crash with the dumper script; handle older versions of the Linux kernel in a safer way; do not truncate core names for executables with spaces
|
|
cups
|
Fix multiple security/disclosure issues - SNMP buffer overflows [CVE-2019-8696 CVE-2019-8675], IPP buffer overflow, Denial of Service and memory disclosure issues in the scheduler
|
|
dansguardian
|
Add support for clamav 0.101
|
|
dar
|
Rebuild to update built-using packages
|
|
debian-archive-keyring
|
Add buster keys; remove wheezy keys
|
|
fence-agents
|
Fix denial of service issue [CVE-2019-10153]
|
|
fig2dev
|
Do not segfault on circle/half circle arrowheads with a magnification larger than 42 [CVE-2019-14275]
|
|
fribidi
|
Fix right-to-left output in debian-installer text mode
|
|
fusiondirectory
|
Stricter checks on LDAP lookups; add missing dependency on php-xml
|
|
gettext
|
Stop xgettext() from crashing when run with --its=FILE option
|
|
glib2.0
|
Create directory and file with restrictive permissions when using the GKeyfileSettingsBackend [CVE-2019-13012]; avoid buffer read overrun when formatting error messages for invalid UTF-8 in GMarkup [CVE-2018-16429]; avoid NULL dereference when parsing invalid GMarkup with a malformed closing tag not paired with an opening tag [CVE-2018-16429]
|
|
gocode
|
gocode-auto-complete-el: Make pre-dependency on auto-complete-el versioned to fix upgrades from jessie to stretch
|
|
groonga
|
Mitigate privilege escalation by changing the owner and group of logs with su option
|
|
grub2
|
Fixes for Xen UEFI support
|
|
gsoap
|
Fix denial of service issue if a server application is built with the -DWITH_COOKIES flag [CVE-2019-7659]; fix issue with DIME protocol receiver and malformed DIME headers
|
|
gthumb
|
Fix double-free bug [CVE-2018-18718]
|
|
havp
|
Add support for clamav 0.101.1
|
|
icu
|
Fix segfault in pkgdata command
|
|
koji
|
Fix SQL injection issue [CVE-2018-1002161]; properly validate SCM paths [CVE-2017-1002153]
|
|
lemonldap-ng
|
Fix cross-domain authentication regression; fix XML external entity vulnerability
|
|
libcaca
|
Fix integer overflow issues [CVE-2018-20545 CVE-2018-20546 CVE-2018-20547 CVE-2018-20548 CVE-2018-20549]
|
|
libclamunrar
|
New upstream stable release
|
|
libconvert-units-perl
|
No-change rebuild with fixed version number
|
|
libdatetime-timezone-perl
|
Update included data
|
|
libebml
|
Apply upstream fixes for heap-based buffer over-reads
|
|
libevent-rpc-perl
|
Fix build failure due to expired test SSL certificates
|
|
libgd2
|
Fix uninitialized read in gdImageCreateFromXbm [CVE-2019-11038]
|
|
libgovirt
|
Re-generate test certificates with expiration date far in the future to avoid test failures
|
|
librecad
|
Fix denial of service via crafted file [CVE-2018-19105]
|
|
libsdl2-image
|
Fix multiple security issues
|
|
libthrift-java
|
Fix bypass of SASL negotiation [CVE-2018-1320]
|
|
libtk-img
|
Stop using internal copies of JPEG, Zlib and PixarLog codecs, fixing crashes
|
|
libu2f-host
|
Fix stack memory leak [CVE-2019-9578]
|
|
libxslt
|
Fix security framework bypass [CVE-2019-11068]; fix uninitialized read of xsl:number token [CVE-2019-13117]; fix uninitialized read with UTF-8 grouping chars [CVE-2019-13118]
|
|
linux
|
New upstream version with ABI bump; security fixes [CVE-2015-8553 CVE-2017-5967 CVE-2018-20509 CVE-2018-20510 CVE-2018-20836 CVE-2018-5995 CVE-2019-11487 CVE-2019-3882]
|
|
linux-latest
|
Update for 4.9.0-11 kernel ABI
|
|
liquidsoap
|
Fix compilation with Ocaml 4.02
|
|
llvm-toolchain-7
|
New package to support building new Firefox versions
|
|
mariadb-10.1
|
New upstream stable release; security fixes [CVE-2019-2737 CVE-2019-2739 CVE-2019-2740 CVE-2019-2805 CVE-2019-2627 CVE-2019-2614]
|
|
minissdpd
|
Prevent a use-after-free vulnerability that would allow a remote attacker to crash the process [CVE-2019-12106]
|
|
miniupnpd
|
Fix denial of service issues [CVE-2019-12108 CVE-2019-12109 CVE-2019-12110]; fix information leak [CVE-2019-12107]
|
|
mitmproxy
|
Blacklist tests that require Internet access; prevent insertion of unwanted upper-bound versioned dependencies
|
|
monkeysphere
|
Fix build failure by updating the tests to accommodate an updated GnuPG in stretch now producing a different output
|
|
nasm-mozilla
|
New package to support building new Firefox versions
|
|
ncbi-tools6
|
Repackage without non-free data/UniVec.*
|
|
node-growl
|
Sanitize input before passing it to exec
|
|
node-ws
|
Restrict upload size [CVE-2016-10542]
|
|
open-vm-tools
|
Fix possible security issue with the permissions of the intermediate staging directory and path
|
|
openldap
|
Restrict rootDN proxyauthz to its own databases [CVE-2019-13057]; enforce sasl_ssf ACL statement on every connection [CVE-2019-13565]; fix slapo-rwm to not free original filter when rewritten filter is invalid
|
|
openssh
|
Fix deadlock in key matching
|
|
passwordsafe
|
Don't install localization files under an extra subdirectory
|
|
pound
|
Fix request smuggling via crafted headers [CVE-2016-10711]
|
|
prelink
|
Rebuild to update built-using packages
|
|
python-clamav
|
Add support for clamav 0.101.1
|
|
reportbug
|
Update release names, following buster release
|
|
resiprocate
|
Resolve an installation issue with libssl-dev and --install-recommends
|
|
sash
|
Rebuild to update built-using packages
|
|
sdl-image1.2
|
Fix buffer overflows [CVE-2018-3977 CVE-2019-5058 CVE-2019-5052], out-of-bounds access [CVE-2019-12216 CVE-2019-12217 CVE-2019-12218 CVE-2019-12219 CVE-2019-12220 CVE-2019-12221 CVE-2019-12222 CVE-2019-5051]
|
|
signing-party
|
Fix unsafe shell call enabling shell injection via a User ID [CVE-2019-11627]
|
|
slurm-llnl
|
Fix potential heap overflow on 32-bit systems [CVE-2019-6438]
|
|
sox
|
Fix several security issues [CVE-2019-8354 CVE-2019-8355 CVE-2019-8356 CVE-2019-8357 927906 CVE-2019-1010004 CVE-2017-18189 881121 CVE-2017-15642 882144 CVE-2017-15372 878808 CVE-2017-15371 878809 CVE-2017-15370 878810 CVE-2017-11359 CVE-2017-11358 CVE-2017-11332
|
|
systemd
|
Do not stop ndisc client in case of configuration error
|
|
t-digest
|
No-change rebuild to avoid re-use of pre-epoch version 3.0-1
|
|
tenshi
|
Fix PID file issue that allows local users to kill arbitrary processes [CVE-2017-11746]
|
|
tzdata
|
New upstream release
|
|
unzip
|
Fix incorrect parsing of 64-bit values in fileio.c; fix zip-bomb issues [CVE-2019-13232]
|
|
usbutils
|
Update USB ID list
|
|
xymon
|
Fix several (server only) security issues [CVE-2019-13273 CVE-2019-13274 CVE-2019-13451 CVE-2019-13452 CVE-2019-13455 CVE-2019-13484 CVE-2019-13485 CVE-2019-13486]
|
|
yubico-piv-tool
|
Fix security issues [CVE-2018-14779 CVE-2018-14780]
|
|
z3
|
Do not set the SONAME of libz3java.so to libz3.so.4
|
|
zfs-auto-snapshot
|
Make cron jobs exit silently after package removal
|
|
zsh
|
Rebuild to update built-using packages
|
