|
Package
|
Reason
|
|
base-files
|
Update for the point release
|
|
choose-mirror
|
Update mirror list
|
|
cups
|
Fix 'printer-alert' invalid free
|
|
dav4tbsync
|
New upstream release, compatible with newer Thunderbird versions
|
|
debian-installer
|
Use 4.19.0-13 Linux kernel ABI; add grub2 to Built-Using
|
|
debian-installer-netboot-images
|
Rebuild against proposed-updates
|
|
distro-info-data
|
Add Ubuntu 21.04, Hirsute Hippo [参考Ubuntu 21.04代号是Hirsute Hippo,将升级GNOME和Linux kernel]
|
|
dpdk
|
New upstream stable release; fix remote code execution issue [CVE-2020-14374], TOCTOU issues [CVE-2020-14375], buffer overflow [CVE-2020-14376], buffer over read [CVE-2020-14377] and integer underflow [CVE-2020-14377]; fix armhf build with NEON
|
|
eas4tbsync
|
New upstream release, compatible with newer Thunderbird versions
|
|
edk2
|
Fix integer overflow in DxeImageVerificationHandler [CVE-2019-14562]
|
|
efivar
|
Add support for nvme-fabrics and nvme-subsystem devices; fix uninitialized variable in parse_acpi_root, avoiding possible segfault
|
|
enigmail
|
Introduce migration assistant to Thunderbird's built-in GPG support
|
|
espeak
|
Fix using espeak with mbrola-fr4 when mbrola-fr1 is not installed
|
|
fastd
|
Fix memory leak when receiving too many invalid packets [CVE-2020-27638]
|
|
fish
|
Ensure TTY options are restored on exit
|
|
freecol
|
Fix XML External Entity vulnerability [CVE-2018-1000825]
|
|
gajim-omemo
|
Use 12-byte IV, for better compatibility with iOS clients
|
|
glances
|
Listen only on localhost by default
|
|
iptables-persistent
|
Don't force-load kernel modules; improve rule flushing logic
|
|
lacme
|
Use upstream certificate chain instead of an hardcoded one, easing support for new Let's Encrypt root and intermediate certificates
|
|
libdatetime-timezone-perl
|
Update included data to tzdata 2020d
|
|
libimobiledevice
|
Add partial support for iOS 14
|
|
libjpeg-turbo
|
Fix denial of service [CVE-2018-1152], buffer over read [CVE-2018-14498], possible remote code execution [CVE-2019-2201], buffer over read [CVE-2020-13790]
|
|
libxml2
|
Fix denial of service [CVE-2017-18258], NULL pointer dereference [CVE-2018-14404], infinite loop [CVE-2018-14567], memory leak [CVE-2019-19956 CVE-2019-20388], infinite loop [CVE-2020-7595]
|
|
linux
|
New upstream stable release
|
|
linux-latest
|
Update for 4.19.0-13 kernel ABI
|
|
linux-signed-amd64
|
New upstream stable release
|
|
linux-signed-arm64
|
New upstream stable release
|
|
linux-signed-i386
|
New upstream stable release
|
|
lmod
|
Change architecture to any - required due to LUA_PATH and LUA_CPATH being determined at build time
|
|
mariadb-10.3
|
New upstream stable release; security fixes [CVE-2020-14765 CVE-2020-14776 CVE-2020-14789 CVE-2020-14812 CVE-2020-28912]
|
|
mutt
|
Ensure IMAP connection is closed after a connection error [CVE-2020-28896]
|
|
neomutt
|
Ensure IMAP connection is closed after a connection error [CVE-2020-28896]
|
|
node-object-path
|
Fix prototype pollution in set() [CVE-2020-15256]
|
|
node-pathval
|
Fix prototype pollution [CVE-2020-7751]
|
|
okular
|
Fix code execution via action link [CVE-2020-9359]
|
|
openjdk-11
|
New upstream release; fix JVM crash
|
|
partman-auto
|
Increase /boot sizes in most recipes to between 512 and 768M, to better handle kernel ABI changes and larger initramfses; cap RAM size as used for swap partition calculations, resolving issues on machines with more RAM than disk space
|
|
pcaudiolib
|
Cap cancellation latency to 10ms
|
|
plinth
|
Apache: Disable mod_status [CVE-2020-25073]
|
|
puma
|
Fix HTTP injection and HTTP smuggling issues [CVE-2020-5247 CVE-2020-5249 CVE-2020-11076 CVE-2020-11077]
|
|
ros-ros-comm
|
Fix integer overflow [CVE-2020-16124]
|
|
ruby2.5
|
Fix potential HTTP request smuggling vulnerability in WEBrick [CVE-2020-25613]
|
|
sleuthkit
|
Fix stack buffer overflow in yaffsfs_istat [CVE-2020-10232]
|
|
sqlite3
|
Fix division by zero [CVE-2019-16168], NULL pointer dereference [CVE-2019-19923], mishandling of NULL pathname during an update of a ZIP archive [CVE-2019-19925], mishandling of embedded NULs in filenames [CVE-2019-19959], possible crash (unwinding WITH stack [CVE-2019-20218], integer overflow [CVE-2020-13434], segmentation fault [CVE-2020-13435], use-after-free issue [CVE-2020-13630], NULL pointer dereference [CVE-2020-13632], heap overflow [CVE-2020-15358]
|
|
systemd
|
Basic/cap-list: parse/print numerical capabilities; recognise new capabilities from Linux kernel 5.8; networkd: do not generate MAC for bridge device
|
|
tbsync
|
New upstream release, compatible with newer Thunderbird versions
|
|
tcpdump
|
Fix untrusted input issue in the PPP printer [CVE-2020-8037]
|
|
tigervnc
|
Properly store certificate exceptions in native and java VNC viewer [CVE-2020-26117]
|
|
tor
|
New upstream stable release; multiple security, usability, portability, and reliability fixes
|
|
transmission
|
Fix memory leak
|
|
tzdata
|
New upstream release
|
|
ublock-origin
|
New upstream version; split plugin to browser-specific packages
|
|
vips
|
Fix use of uninitialised variable [CVE-2020-20739]
|
