Upcoming Debian 11 Update (11.9)
An update to Debian 11 is scheduled for Saturday, February 10th, 2024. As of
now it will include the following bug fixes. They can be found in "bullseye-
proposed-updates", which is carried by all official mirrors.
Please note that packages published through security.debian.org are not
listed, but will be included if possible. Some of the updates below are also
already available through "bullseye-updates".
Miscellaneous Bugfixes
----------------------
This oldstable update adds a few important corrections to the following
packages:
Package Reason
------- ------
axis Filter out unsupported protocols in the client
class ServiceFactory [CVE-2023-40743]
base-files Update for the 11.9 point release
cifs-utils Fix non-parallel builds
compton Remove recommendation of picom
conda-package-handling Skip unreliable tests
conmon Do not hang when forwarding container
stdout/stderr with lots of output
crun Fix containers with systemd as their init
system, when using newer kernel versions
debian-installer Increase Linux kernel ABI to 5.10.0-28; rebuild
against proposed-updates
debian-ports-archive- Add Debian Ports Archive Automatic Signing Key
keyring (2025)
debian-security-support Mark tor, consul and xen as end-of-life; limit
samba support to non-AD DC use cases; match
golang packages with regular expression; drop
version-based checking; add chromium to
security-support-ended.deb11; add tiles and
libspring-java to security-support-limited
debootstrap Backport merged-/usr support changes from
trixie: implement merged-/usr by post-merging,
default to merged-/usr for suites newer than
bookworm in all profiles
distro-info Update tests for distro-info-data 0.58+deb12u1,
which adjusted Debian 7's EoL date
distro-info-data Add Ubuntu 24.04 LTS Noble Numbat; fix several
End Of Life dates
dpdk New upstream stable release
dropbear Fix security measure bypass issue
[CVE-2021-36369]; fix "terrapin" attack
[CVE-2023-48795]
exuberant-ctags Fix arbitrary command execution issue
[CVE-2022-4515]
filezilla Prevent 'Terrapin' exploit [CVE-2023-48795]
gimp Remove old versions of separately packaged dds
plugin
glib2.0 Align with upstream stable fixes; fix denial of
service issues [CVE-2023-32665 CVE-2023-32611
CVE-2023-29499 CVE-2023-32636]
glibc Fix a memory corruption in qsort() when using
nontransitive comparison functions.
gnutls28 Security fix for timing sidechannel attack
[CVE-2023-5981]
imagemagick Various security fixes [CVE-2021-20241
CVE-2021-20243 CVE-2021-20244 CVE-2021-20245
CVE-2021-20246 CVE-2021-20309 CVE-2021-3574
CVE-2021-39212 CVE-2021-4219 CVE-2022-1114
CVE-2022-28463 CVE-2022-32545 CVE-2022-32546]
jqueryui Fix cross-site scripting issue [CVE-2022-31160]
knewstuff Ensure correct ProvidersUrl to fix denial of
service
libdatetime-timezone-perl Update included timezone data
libde265 Fix segmentation violation in the function
decoder_context::process_slice_segment_header
[CVE-2023-27102]; fix heap buffer overflow in
the function derive_collocated_motion_vectors
[CVE-2023-27103]; fix buffer over-read in
pic_parameter_set::dump [CVE-2023-43887]; fix
buffer overflow in the slice_segment_header
function [CVE-2023-47471]; fix buffer overflow
issues [CVE-2023-49465 CVE-2023-49467
CVE-2023-49468]
libmateweather Update included location data; update data
server URL
libpod Fix incorrect handling of supplementary groups
[CVE-2022-2989]
libsolv Enable zstd compression support
libspreadsheet-parsexlsx- Fix possible memory bomb [CVE-2024-22368]; fix
perl XML External Entity issue [CVE-2024-23525]
linux New upstream stable release; increase ABI to 28
llvm-toolchain-16 New backported package to support builds of
newer chromium versions
mariadb-10.5 New upstream stable release; fix denial of
service issue [CVE-2023-22084]
minizip Reject overflows of zip header fields
[CVE-2023-45853]
modsecurity-apache Fix protection bypass issues [CVE-2022-48279
CVE-2023-24021]
nftables Fix incorrect bytecode generation
node-dottie Fix prototype pollution issue [CVE-2023-26132]
node-url-parse Fix authorisation bypass issue [CVE-2022-0512]
node-xml2js Fix prototype pollution issue [CVE-2023-0842]
nvidia-graphics-drivers New upstream release [CVE-2023-31022]
nvidia-graphics-drivers- New upstream release [CVE-2023-31022]
tesla-470
opendkim Properly delete Authentication-Results headers
[CVE-2022-48521]
perl Prevent buffer overflow via illegal Unicode
property [CVE-2023-47038]
plasma-desktop Fix denial of service bug in discover
plasma-discover Fix denial of service bug; fix build failure
postfix New upstream stable release; address SMTP
smuggling issue [CVE-2023-51764]
postgresql-13 New upstream stable release; fix SQL injection
issue [CVE-2023-39417]
postgresql-common Fix autopkgtests
python-cogent Skip parallel tests on single-CPU systems
python-django-imagekit Avoid triggering path traversal detection in
tests
python-websockets Fix predictable duration issue [CVE-2021-33880]
pyzoltan Build on single core systems
ruby-aws-sdk-core Include VERSION file in package
spip Fix cross-site scripting issue
swupdate Prevent acquiring root privileges through
inappropriate socket mode
symfony Ensure CodeExtension's filters properly escape
their input [CVE-2023-46734]
tar Fix boundary checking in base-256 decoder
[CVE-2022-48303], handling of extended header
prefixes [CVE-2023-39804]
tinyxml Fix assertion issue [CVE-2023-34194]
tzdata Update leap seconds file; fix a typo in the
Egypt change introduced in tzdata
2021a-1+deb11u9; new upstream stable release
unadf Fix stack buffer overflow issue
[CVE-2016-1243]; fix arbitary code execution
issue [CVE-2016-1244]
usb.ids Update included data list
vlfeat Fix FTBFS with newer ImageMagick
weborf Fix denial of service issue
wolfssl Fix buffer overflow issues [CVE-2022-39173
CVE-2022-42905], key disclosure issue
[CVE-2022-42961], predictable buffer in input
keying material [CVE-2023-3724]
xerces-c Fix use-after-free issue [CVE-2018-1311]; fix
integer overflow issue [CVE-2023-37536]
zeromq3 Fix fork() detection with gcc 7; update
copyright relicense statement
A complete list of all accepted and rejected packages together with
rationale is on the preparation page for this revision:
https://release.debian.org/proposed-upd ... stable.htm
Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230
Upcoming Debian 11 Update (11.9)
- None1975
- df -h | participant
- Posts: 1412
- Joined: 2015-11-29 18:23
- Location: Russia, Kaliningrad
- Has thanked: 46 times
- Been thanked: 70 times
Upcoming Debian 11 Update (11.9)
OS: Debian 12.4 Bookworm / DE: Enlightenment
Debian Wiki | DontBreakDebian, My config files on github
Debian Wiki | DontBreakDebian, My config files on github