This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --s3R40E2CeKfznoU0O2yfgHYCpvHbS2rAQ
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: quoted-printable

------------------------------------------------------------------------
The Debian Project https://www.debian.org/ Updated Debian 10: 10.10 released [email protected]
June 19th, 2021 https://www.debian.org/News/2021/20210619 ------------------------------------------------------------------------


The Debian project is pleased to announce the tenth update of its stable distribution Debian 10 (codename "buster"). This point release mainly
adds corrections for security issues, along with a few adjustments for
serious problems. Security advisories have already been published
separately and are referenced where available.

Please note that the point release does not constitute a new version of
Debian 10 but only updates some of the packages included. There is no
need to throw away old "buster" media. After installation, packages can
be upgraded to the current versions using an up-to-date Debian mirror.

Those who frequently install updates from security.debian.org won't have
to update many packages, and most such updates are included in the point release.

New installation images will be available soon at the regular locations.

Upgrading an existing installation to this revision can be achieved by
pointing the package management system at one of Debian's many HTTP
mirrors. A comprehensive list of mirrors is available at:

https://www.debian.org/mirror/list



Miscellaneous Bugfixes
----------------------

This stable update adds a few important corrections to the following
packages:

+---------------------------+------------------------------------------+
| Package | Reason | +---------------------------+------------------------------------------+
| apt [1] | Accept suite name changes for |
| | repositories by default (e.g. stable -> |
| | oldstable) |
| | |
| awstats [2] | Fix remote file access issues [CVE-2020- |
| | 29600 CVE-2020-35176] |
| | |
| base-files [3] | Update /etc/debian_version for the 10.10 |
| | point release |
| | |
| berusky2 [4] | Fix segfault at startup |
| | |
| clamav [5] | New upstream stable release; fix denial |
| | of security issue [CVE-2021-1405] |
| | |
| clevis [6] | Fix support for TPMs that only support |
| | SHA256 |
| | |
| connman [7] | dnsproxy: Check the length of buffers |
| | before memcpy [CVE-2021-33833] |
| | |
| crmsh [8] | Fix code execution issue [CVE-2020- |
| | 35459] |
| | |
| debian-installer [9] | Use 4.19.0-17 Linux kernel ABI |
| | |
| debian-installer-netboot- | Rebuild against proposed-updates |
| images [10] | |
| | |
| dnspython [11] | XFR: do not attempt to compare to a non- |
| | existent "expiration" value |
| | |
| dput-ng [12] | Fix crash in the sftp uploader in case |
| | of EACCES from the server; update |
| | codenames; make "dcut dm" work for |
| | non-uploading DMs; fix a TypeError in |
| | http upload exception handling; don't |
| | try and construct uploader email from |
| | system hostname in .dak-commands files |
| | |
| eterm [13] | Fix code execution issue [CVE-2021- |
| | 33477] |
| | |
| exactimage [14] | Fix build with C++11 and OpenEXR 2.5.x |
| | |
| fig2dev [15] | Fix buffer overflow [CVE-2021-3561]; |
| | several output fixes; rebuild testsuite |
| | during build and in autopkgtest |
| | |
| fluidsynth [16] | Fix use-after-free issue [CVE-2021- |
| | 28421] |
| | |
| freediameter [17] | Fix denial of service issue [CVE-2020- |
| | 6098] |
| | |
| fwupd [18] | Fix generation of the vendor SBAT |
| | string; stop using dpkg-dev in |
| | fwupd.preinst; new upstream stable |
| | version |
| | |
| fwupd-amd64-signed [19] | Sync with fwupd |
| | |
| fwupd-arm64-signed [20] | Sync with fwupd |
| | |
| fwupd-armhf-signed [21] | Sync with fwupd |
| | |
| fwupd-i386-signed [22] | Sync with fwupd |
| | |
| fwupdate [23] | Improve SBAT support |
| | |
| fwupdate-amd64- | Sync with fwupdate |
| signed [24] | |
| | |
| fwupdate-arm64- | Sync with fwupdate |
| signed [25] | |
| | |
| fwupdate-armhf- | Sync with fwupdate |
| signed [26] | |
| | |
| fwupdate-i386-signed [27] | Sync with fwupdate |
| | |
| glib2.0 [28] | Fix several integer overflow issues |
| | [CVE-2021-27218 CVE-2021-27219]; fix a |
| | symlink attack affecting file-roller |
| | [CVE-2021-28153] |
| | |
| gnutls28 [29] | Fix null-pointer dereference issue |
| | [CVE-2020-24659]; add several |
| | improvements to memory reallocation |
| | |
| golang-github-docker- | Fix double free issue [CVE-2019-1020014] |
| docker-credential- | |
| helpers [30] | |
| | |
| htmldoc [31] | Fix buffer overflow issues [CVE-2019- |
| | 19630 CVE-2021-20308] |
| | |
| ipmitool [32] | Fix buffer overflow issues [CVE-2020- |
| | 5208] |
| | |
| ircii [33] | Fix denial of service issue [CVE-2021- |
| | 29376] |
| | |
| isc-dhcp [34] | Fix buffer overrun issue [CVE-2021- |
| | 25217] |
| | |
| isync [35] | Reject "funny" mailbox names from IMAP |
| | LIST/LSUB [CVE-2021-20247]; fix handling |
| | of unexpected APPENDUID response code |
| | [CVE-2021-3578] |
| | |
| jackson-databind [36] | Fix external entity expansion issue |
| | [CVE-2020-25649] and several |
| | serialization-related issues [CVE-2020- |
| | 24616 CVE-2020-24750 CVE-2020-35490 |
| | CVE-2020-35491 CVE-2020-35728 CVE-2020- |
| | 36179 CVE-2020-36180 CVE-2020-36181 |
| | CVE-2020-36182 CVE-2020-36183 CVE-2020- |
| | 36184 CVE-2020-36185 CVE-2020-36186 |
| | CVE-2020-36187 CVE-2020-36188 CVE-2020- |
| | 36189 CVE-2021-20190] |
| | |
| klibc [37] | malloc: Set errno on failure; fix |
| | several overflow issues [CVE-2021-31873 |
| | CVE-2021-31870 CVE-2021-31872]; cpio: |
| | Fix possible crash on 64-bit systems |
| | [CVE-2021-31871]; {set,long}jmp [s390x]: |
| | save/restore the correct FPU registers |
| | |
| libbusiness-us-usps- | Update to new US-USPS API |
| webtools-perl [38] | |
| | |
| libgcrypt20 [39] | Fix weak ElGamal encryption with keys |
| | not generated by GnuPG/libgcrypt |
| | [CVE-2021-33560] |
| | |
| libgetdata [40] | Fix use after free issue [CVE-2021- |
| | 20204] |
| | |
| libmateweather [41] | Adapt to renaming of America/Godthab to |
| | America/Nuuk in tzdata |
| | |
| libxml2 [42] | Fix out-of-bounds read in xmllint |
| | [CVE-2020-24977]; fix use-after-free |
| | issues in xmllint [CVE-2021-3516 |
| | CVE-2021-3518]; validate UTF8 in |
| | xmlEncodeEntities [CVE-2021-3517]; |
| | propagate error in |
| | xmlParseElementChildrenContentDeclPriv; |
| | fix exponential entity expansion attack |
| | [CVE-2021-3541] |
| | |
| liferea [43] | Fix compatibility with webkit2gtk >= |
| | 2.32 |
| | |
| linux [44] | New upstream stable release; increase |
| | ABI to 17; [rt] Update to 4.19.193-rt81 |
| | |
| linux-latest [45] | Update to 4.19.0-17 ABI |
| | |
| linux-signed-amd64 [46] | New upstream stable release; increase |
| | ABI to 17; [rt] Update to 4.19.193-rt81 |
| | |
| linux-signed-arm64 [47] | New upstream stable release; increase |
| | ABI to 17; [rt] Update to 4.19.193-rt81 |
| | |
| linux-signed-i386 [48] | New upstream stable release; increase |
| | ABI to 17; [rt] Update to 4.19.193-rt81 |
| | |
| mariadb-10.3 [49] | New upstream release; security fixes |
| | [CVE-2021-2154 CVE-2021-2166 CVE-2021- |
| | 27928]; fix Innotop support; ship |
| | caching_sha2_password.so |
| | |
| mqtt-client [50] | Fix denial of service issue [CVE-2019- |
| | 0222] |
| | |
| mumble [51] | Fix remote code execution issue |
| | [CVE-2021-27229] |
| | |
| mupdf [52] | Fix use-after-free issue [CVE-2020- |
| | 16600] and double free issue [CVE-2021- |
| | 3407] |
| | |
| nmap [53] | Update included MAC prefix list |
| | |
| node-glob-parent [54] | Fix regular expression denial of service |
| | issue [CVE-2020-28469] |
| | |
| node-handlebars [55] | Fix code execution issues [CVE-2019- |
| | 20920 CVE-2021-23369] |
| | |
| node-hosted-git-info [56] | Fix regular expression denial of service |
| | issue [CVE-2021-23362] |
| | |
| node-redis [57] | Fix regular expression denial of service |
| | issue [CVE-2021-29469] |
| | |
| node-ws [58] | Fix regular expression-related denial of |
| | service issue [CVE-2021-32640] |
| | |
| nvidia-graphics- | Fix improper access control |
| drivers [59] | vulnerability [CVE-2021-1076] |
| | |
| nvidia-graphics-drivers- | Fix improper access control |
| legacy-390xx [60] | vulnerability [CVE-2021-1076]; fix |
| | installation failure on Linux 5.11 |
| | release candidates |
| | |
| opendmarc [61] | Fix heap overflow issue [CVE-2020-12460] |
| | |
| openvpn [62] | Fix "illegal client float" issue |
| | [CVE-2020-11810]; ensure key state is |
| | authenticated before sending push reply |
| | [CVE-2020-15078]; increase listen() |
| | backlog queue to 32 |
| | |
| php-horde-text- | Fix cross-site scripting issue |
| filter [63] | [CVE-2021-26929] |
| | |
| plinth [64] | Use session to verify first boot welcome |
| | step |
| | |
| ruby-websocket- | Fix denial of service issue [CVE-2020- |
| extensions [65] | 7663] |
| | |
| rust-rustyline [66] | Fix build with newer rustc |
| | |
| rxvt-unicode [67] | Disable ESC G Q escape sequence |
| | [CVE-2021-33477] |
| | |
| sabnzbdplus [68] | Fix code execution vulnerability |
| | [CVE-2020-13124] |
| | |
| scrollz [69] | Fix denial of service issue [CVE-2021- |
| | 29376] |
| | |
| shim [70] | New upstream release; add SBAT support; |
| | fix i386 binary relocations; don't call |
| | QueryVariableInfo() on EFI 1.10 machines |
| | (e.g. older Intel Macs); fix handling of |
| | ignore_db and user_insecure_mode; add |
| | maintainer scripts to the template |
| | packages to manage installing and |
| | removing fbXXX.efi and mmXXX.efi when we |
| | install/remove the shim-helpers-$arch- |
| | signed packages; exit cleanly if |
| | installed on a non-EFI system; don't |
| | fail if debconf calls return errors |
| | |
| shim-helpers-amd64- | Sync with shim |
| signed [71] | |
| | |
| shim-helpers-arm64- | Sync with shim |
| signed [72] | |
| | |
| shim-helpers-i386- | Sync with shim |
| signed [73] | |
| | |
| shim-signed [74] | Update for new shim; multiple bugfixes |
| | in postinst and postrm handling; provide |
| | unsigned binaries for arm64 (see |
| | NEWS.Debian); exit cleanly if installed |
| | on a non-EFI system; don't fail if |
| | debconf calls return errors; fix |
| | documentation links; build against shim- |
| | unsigned 15.4-5~deb10u1; add explicit |
| | dependency from shim-signed to shim- |
| | signed-common |
| | |
| speedtest-cli [75] | Handle case where "ignoreids" is empty |
| | or contains empty ids |
| | |
| tnef [76] | Fix buffer over-read issue [CVE-2019- |
| | 18849] |
| | |
| uim [77] | libuim-data: Copy "Breaks" from uim- |
| | data, fixing some upgrade scenarios |
| | |
| user-mode-linux [78] | Rebuild against Linux kernel 4.19.194-1 |
| | |
| velocity [79] | Fix potential arbitrary code execution |
| | issue [CVE-2020-13936] |
| | |
| wml [80] | Fix regression in Unicode handling |
| | |
| xfce4-weather-plugin [81] | Move to version 2.0 met.no API |
| | | +---------------------------+------------------------------------------+

1: https://packages.debian.org/src:apt
2: https://packages.debian.org/src:awstats
3: https://packages.debian.org/src:base-files
4: https://packages.debian.org/src:berusky2
5: https://packages.debian.org/src:clamav
6: https://packages.debian.org/src:clevis
7: https://packages.debian.org/src:connman
8: https://packages.debian.org/src:crmsh
9: https://packages.debian.org/src:debian-installer
10: https://packages.debian.org/src:debian-installer-netboot-images
11: https://packages.debian.org/src:dnspython
12: https://packages.debian.org/src:dput-ng
13: https://packages.debian.org/src:eterm
14: https://packages.debian.org/src:exactimage
15: https://packages.debian.org/src:fig2dev
16: https://packages.debian.org/src:fluidsynth
17: https://packages.debian.org/src:freediameter
18: https://packages.debian.org/src:fwupd
19: https://packages.debian.org/src:fwupd-amd64-signed
20: https://packages.debian.org/src:fwupd-arm64-signed
21: https://packages.debian.org/src:fwupd-armhf-signed
22: https://packages.debian.org/src:fwupd-i386-signed
23: https://packages.debian.org/src:fwupdate
24: https://packages.debian.org/src:fwupdate-amd64-signed
25: https://packages.debian.org/src:fwupdate-arm64-signed
26: https://packages.debian.org/src:fwupdate-armhf-signed
27: https://packages.debian.org/src:fwupdate-i386-signed
28: https://packages.debian.org/src:glib2.0
29: https://packages.debian.org/src:gnutls28
30: https://packages.debian.org/src:golang-github-docker-docker-credential-helpers
31: https://packages.debian.org/src:htmldoc
32: https://packages.debian.org/src:ipmitool
33: https://packages.debian.org/src:ircii
34: https://packages.debian.org/src:isc-dhcp
35: https://packages.debian.org/src:isync
36: https://packages.debian.org/src:jackson-databind
37: https://packages.debian.org/src:klibc
38: https://packages.debian.org/src:libbusiness-us-usps-webtools-perl
39: https://packages.debian.org/src:libgcrypt20
40: https://packages.debian.org/src:libgetdata
41: https://packages.debian.org/src:libmateweather
42: https://packages.debian.org/src:libxml2
43: https://packages.debian.org/src:liferea
44: https://packages.debian.org/src:linux
45: https://packages.debian.org/src:linux-latest
46: https://packages.debian.org/src:linux-signed-amd64
47: https://packages.debian.org/src:linux-signed-arm64
48: https://packages.debian.org/src:linux-signed-i386
49: https://packages.debian.org/src:mariadb-10.3
50: https://packages.debian.org/src:mqtt-client
51: https://packages.debian.org/src:mumble
52: https://packages.debian.org/src:mupdf
53: https://packages.debian.org/src:nmap
54: https://packages.debian.org/src:node-glob-parent
55: https://packages.debian.org/src:node-handlebars
56: https://packages.debian.org/src:node-hosted-git-info
57: https://packages.debian.org/src:node-redis
58: https://packages.debian.org/src:node-ws
59: https://packages.debian.org/src:nvidia-graphics-drivers
60: https://packages.debian.org/src:nvidia-graphics-drivers-legacy-390xx
61: https://packages.debian.org/src:opendmarc
62: https://packages.debian.org/src:openvpn
63: https://packages.debian.org/src:php-horde-text-filter
64: https://packages.debian.org/src:plinth
65: https://packages.debian.org/src:ruby-websocket-extensions
66: https://packages.debian.org/src:rust-rustyline
67: https://packages.debian.org/src:rxvt-unicode
68: https://packages.debian.org/src:sabnzbdplus
69: https://packages.debian.org/src:scrollz
70: https://packages.debian.org/src:shim
71: https://packages.debian.org/src:shim-helpers-amd64-signed
72: https://packages.debian.org/src:shim-helpers-arm64-signed
73: https://packages.debian.org/src:shim-helpers-i386-signed
74: https://packages.debian.org/src:shim-signed
75: https://packages.debian.org/src:speedtest-cli
76: https://packages.debian.org/src:tnef
77: https://packages.debian.org/src:uim
78: https://packages.debian.org/src:user-mode-linux
79: https://packages.debian.org/src:velocity
80: https://packages.debian.org/src:wml
81: https://packages.debian.org/src:xfce4-weather-plugin

Security Updates
----------------

This revision adds the following security updates to the stable release.
The Security Team has already released an advisory for each of these
updates:

+----------------+------------------------------+
| Advisory ID | Package | +----------------+------------------------------+
| DSA-4848 [82] | golang-1.11 [83] |
| | |
| DSA-4865 [84] | docker.io [85] |
| | |
| DSA-4873 [86] | squid [87] |
| | |
| DSA-4874 [88] | firefox-esr [89] |
| | |
| DSA-4875 [90] | openssl [91] |
| | |
| DSA-4877 [92] | webkit2gtk [93] |
| | |
| DSA-4878 [94] | pygments [95] |
| | |
| DSA-4879 [96] | spamassassin [97] |
| | |
| DSA-4880 [98] | lxml [99] |
| | |
| DSA-4881 [100] | curl [101] |
| | |
| DSA-4882 [102] | openjpeg2 [103] |
| | |
| DSA-4883 [104] | underscore [105] |
| | |
| DSA-4884 [106] | ldb [107] |
| | |
| DSA-4885 [108] | netty [109] |
| | |
| DSA-4886 [110] | chromium [111] |
| | |
| DSA-4887 [112] | lib3mf [113] |
| | |
| DSA-4888 [114] | xen [115] |
| | |
| DSA-4889 [116] | mediawiki [117] |
| | |
| DSA-4890 [118] | ruby-kramdown [119] |
| | |
| DSA-4891 [120] | tomcat9 [121] |
| | |
| DSA-4892 [122] | python-bleach [123] |
| | |
| DSA-4893 [124] | xorg-server [125] |
| | |
| DSA-4894 [126] | php-pear [127] |
| | |
| DSA-4895 [128] | firefox-esr [129] |
| | |
| DSA-4896 [130] | wordpress [131] |
| | |
| DSA-4898 [132] | wpa [133] |
| | |
| DSA-4899 [134] | openjdk-11-jre-dcevm [135] |
| | |
| DSA-4899 [136] | openjdk-11 [137] |
| | |
| DSA-4900 [138] | gst-plugins-good1.0 [139] |
| | |
| DSA-4901 [140] | gst-libav1.0 [141] |
| | |
| DSA-4902 [142] | gst-plugins-bad1.0 [143] |
| | |
| DSA-4903 [144] | gst-plugins-base1.0 [145] |
| | |
| DSA-4904 [146] | gst-plugins-ugly1.0 [147] |
| | |
| DSA-4905 [148] | shibboleth-sp [149] |
| | |
| DSA-4907 [150] | composer [151] |
| | |
| DSA-4908 [152] | libhibernate3-java [153] |
| | |
| DSA-4909 [154] | bind9 [155] |
| | |
| DSA-4910 [156] | libimage-exiftool-perl [157] |
| | |
| DSA-4912 [158] | exim4 [159] |
| | |
| DSA-4913 [160] | hivex [161] |
| | |
| DSA-4914 [162] | graphviz [163] |
| | |

[continued in next message]

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)