|
Package
|
Reason
|
|
appstream-glib
|
Fix build failures in 2020 and later
|
|
asunder
|
Use gnudb instead of freedb by default
|
|
b43-fwcutter
|
Ensure removal succeeds under non-English locales; do not fail removal if some files no longer exist; fix missing dependencies on pciutils and ca-certificates
|
|
balsa
|
Provide server identity when validating certificates, allowing successful validation when using the glib-networking patch for CVE-2020-13645
|
|
base-files
|
Update for the point release
|
|
batik
|
Fix server-side request forgery via xlink:href attributes [CVE-2019-17566]
|
|
borgbackup
|
Fix index corruption bug leading to data loss
|
|
bundler
|
Update required version of ruby-molinillo
|
|
c-icap-modules
|
Add support for ClamAV 0.102
|
|
cacti
|
Fix issue where UNIX timestamps after September 13th 2020 were rejected as graph start / end; fix remote code execution [CVE-2020-7237], cross-site scripting [CVE-2020-7106], CSRF issue [CVE-2020-13231]; disabling a user account does not immediately invalidate permissions [CVE-2020-13230]
|
|
calamares-settings-debian
|
Enable displaymanager module, fixing autologin options; use xdg-user-dir to specify Desktop directory
|
|
clamav
|
New upstream release; security fixes [CVE-2020-3327 CVE-2020-3341 CVE-2020-3350 CVE-2020-3327 CVE-2020-3481]
|
|
cloud-init
|
New upstream release
|
|
commons-configuration2
|
Prevent object creation when loading YAML files [CVE-2020-1953]
|
|
confget
|
Fix the Python module's handling of values containing =
|
|
dbus
|
New upstream stable release; prevent a denial of service issue [CVE-2020-12049]; prevent use-after-free if two usernames share a uid
|
|
debian-edu-config
|
Fix loss of dynamically allocated IPv4 address
|
|
debian-installer
|
Update Linux ABI to 4.19.0-10
|
|
debian-installer-netboot-images
|
Rebuild against proposed-updates
|
|
debian-ports-archive-keyring
|
Increase the expiration date of the 2020 key (84C573CD4E1AFD6C) by one year; add Debian Ports Archive Automatic Signing Key (2021); move the 2018 key (ID: 06AED62430CB581C) to the removed keyring
|
|
debian-security-support
|
Update support status of several packages
|
|
dpdk
|
New upstream release
|
|
exiv2
|
Adjust overly restrictive security patch [CVE-2018-10958 and CVE-2018-10999]; fix denial of service issue [CVE-2018-16336]
|
|
fdroidserver
|
Fix Litecoin address validation
|
|
file-roller
|
Security fix [CVE-2020-11736]
|
|
freerdp2
|
Fix smartcard logins; security fixes [CVE-2020-11521 CVE-2020-11522 CVE-2020-11523 CVE-2020-11524 CVE-2020-11525 CVE-2020-11526]
|
|
fwupd
|
New upstream release; fix possible signature verification issue [CVE-2020-10759]; use rotated Debian signing keys
|
|
fwupd-amd64-signed
|
New upstream release; fix possible signature verification issue [CVE-2020-10759]; use rotated Debian signing keys
|
|
fwupd-arm64-signed
|
New upstream release; fix possible signature verification issue [CVE-2020-10759]; use rotated Debian signing keys
|
|
fwupd-armhf-signed
|
New upstream release; fix possible signature verification issue [CVE-2020-10759]; use rotated Debian signing keys
|
|
fwupd-i386-signed
|
New upstream release; fix possible signature verification issue [CVE-2020-10759]; use rotated Debian signing keys
|
|
fwupdate
|
Use rotated Debian signing keys
|
|
fwupdate-amd64-signed
|
Use rotated Debian signing keys
|
|
fwupdate-arm64-signed
|
Use rotated Debian signing keys
|
|
fwupdate-armhf-signed
|
Use rotated Debian signing keys
|
|
fwupdate-i386-signed
|
Use rotated Debian signing keys
|
|
gist
|
Avoid deprecated authorization API
|
|
glib-networking
|
Return bad identity error if identity is unset [CVE-2020-13645]; break balsa older than 2.5.6-2+deb10u1 as the fix for CVE-2020-13645 breaks balsa's certificate verification
|
|
gnutls28
|
Fix TL1.2 resumption errors; fix memory leak; handle zero length session tickets, fixing connection errors on TLS1.2 sessions to some big hosting providers; fix verification error with alternate chains
|
|
intel-microcode
|
Downgrade some microcodes to previously issued versions, working around hangs on boot on Skylake-U/Y and Skylake Xeon E3
|
|
jackson-databind
|
Fix multiple security issues affecting BeanDeserializerFactory [CVE-2020-9548 CVE-2020-9547 CVE-2020-9546 CVE-2020-8840 CVE-2020-14195 CVE-2020-14062 CVE-2020-14061 CVE-2020-14060 CVE-2020-11620 CVE-2020-11619 CVE-2020-11113 CVE-2020-11112 CVE-2020-11111 CVE-2020-10969 CVE-2020-10968 CVE-2020-10673 CVE-2020-10672 CVE-2019-20330 CVE-2019-17531 and CVE-2019-17267]
|
|
jameica
|
Add mckoisqldb to classpath, allowing use of SynTAX plugin
|
|
jigdo
|
Fix HTTPS support in jigdo-lite and jigdo-mirror
|
|
ksh
|
Fix environment variable restriction issue [CVE-2019-14868]
|
|
lemonldap-ng
|
Fix nginx configuration regression introduced by the fix for CVE-2019-19791
|
|
libapache-mod-jk
|
Rename Apache configuration file so it can be automatically enabled and disabled
|
|
libclamunrar
|
New upstream stable release; add an unversioned meta-package
|
|
libembperl-perl
|
Handle error pages from Apache >= 2.4.40
|
|
libexif
|
Security fixes [CVE-2020-12767 CVE-2020-0093 CVE-2020-13112 CVE-2020-13113 CVE-2020-13114]; fix buffer overflow [CVE-2020-0182] and integer overflow [CVE-2020-0198]
|
|
libinput
|
Quirks: add trackpoint integration attribute
|
|
libntlm
|
Fix buffer overflow [CVE-2019-17455]
|
|
libpam-radius-auth
|
Fix buffer overflow in password field [CVE-2015-9542]
|
|
libunwind
|
Fix segfaults on mips; manually enable C++ exception support only on i386 and amd64
|
|
libyang
|
Fix cache corruption crash, CVE-2019-19333, CVE-2019-19334
|
|
linux
|
New upstream stable release
|
|
linux-latest
|
Update for 4.19.0-10 kernel ABI
|
|
linux-signed-amd64
|
New upstream stable release
|
|
linux-signed-arm64
|
New upstream stable release
|
|
linux-signed-i386
|
New upstream stable release
|
|
lirc
|
Fix conffile management
|
|
mailutils
|
maidag: drop setuid privileges for all delivery operations but mda [CVE-2019-18862]
|
|
mariadb-10.3
|
New upstream stable release; security fixes [CVE-2020-2752 CVE-2020-2760 CVE-2020-2812 CVE-2020-2814 CVE-2020-13249]; fix regression in RocksDB ZSTD detection
|
|
mod-gnutls
|
Fix a possible segfault on failed TLS handshake; fix test failures
|
|
multipath-tools
|
kpartx: use correct path to partx in udev rule
|
|
mutt
|
Don't check IMAP PREAUTH encryption if $tunnel is in use
|
|
mydumper
|
Link against libm
|
|
nfs-utils
|
statd: take user-id from /var/lib/nfs/sm [CVE-2019-3689]; don't make /var/lib/nfs owned by statd
|
|
nginx
|
Fix error page request smuggling vulnerability [CVE-2019-20372]
|
|
nmap
|
Update default key size to 2048 bits
|
|
node-dot-prop
|
Fix regression introduced in CVE-2020-8116 fix
|
|
node-handlebars
|
Disallow calling helperMissing and blockHelperMissing directly [CVE-2019-19919]
|
|
node-minimist
|
Fix prototype pollution [CVE-2020-7598]
|
|
nvidia-graphics-drivers
|
New upstream stable release; security fixes [CVE-2020-5963 CVE-2020-5967]
|
|
nvidia-graphics-drivers-legacy-390xx
|
New upstream stable release; security fixes [CVE-2020-5963 CVE-2020-5967]
|
|
openstack-debian-images
|
Install resolvconf if installing cloud-init
|
|
pagekite
|
Avoid issues with expiry of shipped SSL certificates by using those from the ca-certificates package
|
|
pdfchain
|
Fix crash at startup
|
|
perl
|
Fix multiple regular expression related security issues [CVE-2020-10543 CVE-2020-10878 CVE-2020-12723]
|
|
php-horde
|
Fix cross-site scripting vulnerability [CVE-2020-8035]
|
|
php-horde-gollem
|
Fix cross-site scripting vulnerability in breadcrumb output [CVE-2020-8034]
|
|
pillow
|
Fix multiple out-of-bounds read issues [CVE-2020-11538 CVE-2020-10378 CVE-2020-10177]
|
|
policyd-rate-limit
|
Fix issues in accounting due to socket reuse
|
|
postfix
|
New upstream stable release; fix segfault in the tlsproxy client role when the server role was disabled; fix maillog_file_rotate_suffix default value used the minute instead of the month ; fix several TLS related issues; README.Debian fixes
|
|
python-markdown2
|
Fix cross-site scripting issue [CVE-2020-11888]
|
|
python3.7
|
Avoid infinite loop when reading specially crafted TAR files using the tarfile module [CVE-2019-20907]; resolve hash collisions for IPv4Interface and IPv6Interface [CVE-2020-14422]; fix denial of service issue in urllib.request.AbstractBasicAuthHandler [CVE-2020-8492]
|
|
qdirstat
|
Fix saving of user-configured MIME categories
|
|
raspi3-firmware
|
Fix typo that could lead to unbootable systems
|
|
resource-agents
|
IPsrcaddr: make proto optional to fix regression when used without NetworkManager
|
|
ruby-json
|
Fix unsafe object creation vulnerability [CVE-2020-10663]
|
|
shim
|
Use rotated Debian signing keys
|
|
shim-helpers-amd64-signed
|
Use rotated Debian signing keys
|
|
shim-helpers-arm64-signed
|
Use rotated Debian signing keys
|
|
shim-helpers-i386-signed
|
Use rotated Debian signing keys
|
|
speedtest-cli
|
Pass correct headers to fix upload speed test
|
|
ssvnc
|
Fix out-of-bounds write [CVE-2018-20020], infinite loop [CVE-2018-20021], improper initialisation [CVE-2018-20022], potential denial-of-service [CVE-2018-20024]
|
|
storebackup
|
Fix possible privilege escalation vulnerability [CVE-2020-7040]
|
|
suricata
|
Fix dropping privileges in nflog runmode
|
|
tigervnc
|
Don't use libunwind on armel, armhf or arm64
|
|
transmission
|
Fix possible denial of service issue [CVE-2018-10756]
|
|
wav2cdr
|
Use C99 fixed-size integer types to fix runtime assertion on 64bit architectures other than amd64 and alpha
|
|
zipios++
|
Security fix [CVE-2019-13453]
|
