Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

Upcoming Debian 11 Update (11.9)

The Debian Project News and Announcements curated from official Debian news and rss feeds.

All information here is for reading only, please do not reply to threads in this forum.
Post Reply
Message
Author
User avatar
None1975
df -h | participant
df -h | participant
Posts: 1412
Joined: 2015-11-29 18:23
Location: Russia, Kaliningrad
Has thanked: 46 times
Been thanked: 70 times

Upcoming Debian 11 Update (11.9)

#1 Post by None1975 »

Upcoming Debian 11 Update (11.9)

An update to Debian 11 is scheduled for Saturday, February 10th, 2024. As of
now it will include the following bug fixes. They can be found in "bullseye-
proposed-updates", which is carried by all official mirrors.

Please note that packages published through security.debian.org are not
listed, but will be included if possible. Some of the updates below are also
already available through "bullseye-updates".

Miscellaneous Bugfixes
----------------------

This oldstable update adds a few important corrections to the following
packages:

Package Reason
------- ------

axis Filter out unsupported protocols in the client
class ServiceFactory [CVE-2023-40743]

base-files Update for the 11.9 point release

cifs-utils Fix non-parallel builds

compton Remove recommendation of picom

conda-package-handling Skip unreliable tests

conmon Do not hang when forwarding container
stdout/stderr with lots of output

crun Fix containers with systemd as their init
system, when using newer kernel versions

debian-installer Increase Linux kernel ABI to 5.10.0-28; rebuild
against proposed-updates

debian-ports-archive- Add Debian Ports Archive Automatic Signing Key
keyring (2025)

debian-security-support Mark tor, consul and xen as end-of-life; limit
samba support to non-AD DC use cases; match
golang packages with regular expression; drop
version-based checking; add chromium to
security-support-ended.deb11; add tiles and
libspring-java to security-support-limited

debootstrap Backport merged-/usr support changes from
trixie: implement merged-/usr by post-merging,
default to merged-/usr for suites newer than
bookworm in all profiles

distro-info Update tests for distro-info-data 0.58+deb12u1,
which adjusted Debian 7's EoL date

distro-info-data Add Ubuntu 24.04 LTS Noble Numbat; fix several
End Of Life dates

dpdk New upstream stable release

dropbear Fix security measure bypass issue
[CVE-2021-36369]; fix "terrapin" attack
[CVE-2023-48795]

exuberant-ctags Fix arbitrary command execution issue
[CVE-2022-4515]

filezilla Prevent 'Terrapin' exploit [CVE-2023-48795]

gimp Remove old versions of separately packaged dds
plugin

glib2.0 Align with upstream stable fixes; fix denial of
service issues [CVE-2023-32665 CVE-2023-32611
CVE-2023-29499 CVE-2023-32636]

glibc Fix a memory corruption in qsort() when using
nontransitive comparison functions.

gnutls28 Security fix for timing sidechannel attack
[CVE-2023-5981]

imagemagick Various security fixes [CVE-2021-20241
CVE-2021-20243 CVE-2021-20244 CVE-2021-20245
CVE-2021-20246 CVE-2021-20309 CVE-2021-3574
CVE-2021-39212 CVE-2021-4219 CVE-2022-1114
CVE-2022-28463 CVE-2022-32545 CVE-2022-32546]

jqueryui Fix cross-site scripting issue [CVE-2022-31160]

knewstuff Ensure correct ProvidersUrl to fix denial of
service

libdatetime-timezone-perl Update included timezone data

libde265 Fix segmentation violation in the function
decoder_context::process_slice_segment_header
[CVE-2023-27102]; fix heap buffer overflow in
the function derive_collocated_motion_vectors
[CVE-2023-27103]; fix buffer over-read in
pic_parameter_set::dump [CVE-2023-43887]; fix
buffer overflow in the slice_segment_header
function [CVE-2023-47471]; fix buffer overflow
issues [CVE-2023-49465 CVE-2023-49467
CVE-2023-49468]

libmateweather Update included location data; update data
server URL

libpod Fix incorrect handling of supplementary groups
[CVE-2022-2989]

libsolv Enable zstd compression support

libspreadsheet-parsexlsx- Fix possible memory bomb [CVE-2024-22368]; fix
perl XML External Entity issue [CVE-2024-23525]

linux New upstream stable release; increase ABI to 28

llvm-toolchain-16 New backported package to support builds of
newer chromium versions

mariadb-10.5 New upstream stable release; fix denial of
service issue [CVE-2023-22084]

minizip Reject overflows of zip header fields
[CVE-2023-45853]

modsecurity-apache Fix protection bypass issues [CVE-2022-48279
CVE-2023-24021]

nftables Fix incorrect bytecode generation

node-dottie Fix prototype pollution issue [CVE-2023-26132]

node-url-parse Fix authorisation bypass issue [CVE-2022-0512]

node-xml2js Fix prototype pollution issue [CVE-2023-0842]

nvidia-graphics-drivers New upstream release [CVE-2023-31022]

nvidia-graphics-drivers- New upstream release [CVE-2023-31022]
tesla-470

opendkim Properly delete Authentication-Results headers
[CVE-2022-48521]

perl Prevent buffer overflow via illegal Unicode
property [CVE-2023-47038]

plasma-desktop Fix denial of service bug in discover

plasma-discover Fix denial of service bug; fix build failure

postfix New upstream stable release; address SMTP
smuggling issue [CVE-2023-51764]

postgresql-13 New upstream stable release; fix SQL injection
issue [CVE-2023-39417]

postgresql-common Fix autopkgtests

python-cogent Skip parallel tests on single-CPU systems

python-django-imagekit Avoid triggering path traversal detection in
tests

python-websockets Fix predictable duration issue [CVE-2021-33880]

pyzoltan Build on single core systems

ruby-aws-sdk-core Include VERSION file in package

spip Fix cross-site scripting issue

swupdate Prevent acquiring root privileges through
inappropriate socket mode

symfony Ensure CodeExtension's filters properly escape
their input [CVE-2023-46734]

tar Fix boundary checking in base-256 decoder
[CVE-2022-48303], handling of extended header
prefixes [CVE-2023-39804]

tinyxml Fix assertion issue [CVE-2023-34194]

tzdata Update leap seconds file; fix a typo in the
Egypt change introduced in tzdata
2021a-1+deb11u9; new upstream stable release

unadf Fix stack buffer overflow issue
[CVE-2016-1243]; fix arbitary code execution
issue [CVE-2016-1244]

usb.ids Update included data list

vlfeat Fix FTBFS with newer ImageMagick

weborf Fix denial of service issue

wolfssl Fix buffer overflow issues [CVE-2022-39173
CVE-2022-42905], key disclosure issue
[CVE-2022-42961], predictable buffer in input
keying material [CVE-2023-3724]

xerces-c Fix use-after-free issue [CVE-2018-1311]; fix
integer overflow issue [CVE-2023-37536]

zeromq3 Fix fork() detection with gcc 7; update
copyright relicense statement


A complete list of all accepted and rejected packages together with
rationale is on the preparation page for this revision:

https://release.debian.org/proposed-upd ... stable.htm
OS: Debian 12.4 Bookworm / DE: Enlightenment
Debian Wiki | DontBreakDebian, My config files on github
Top
Post Reply

Return to “Debian News”