Saturday, May 16, 2026

[announce] Next NYC*BUG: June 3rd Let's review some OpenBSD mitigations, with Brian Callahan

Let's review some OpenBSD mitigations, with Brian Callahan
2026-06-03 @ 18:45 local (22:45 UTC) - Backroom of Brass Monkey 55 Little West 12th St
Remote participation: Plans are to stream via NYC*BUG website. Q&A will be via IRC on libera.chat channel #nycbug - please preface your questions with '[Q]'.How do we know that security mitigations actually work? How often should we review code to ensure they are continuing to provide?
Following two recent publications, let’s explore some of OpenBSD’s anti-ROP mitigations. We will explore what they do, how to test they work, how to port them to other operating systems, and how to understand larger questions about security mitigations. You’ll leave having a deeper appreciation for OpenBSD’s sustained security track record.
Brian is a long-time face in the *BSD world. While he claims semi-retirement from OpenBSD development, in reality he probably spends even more time on it getting students excited about the BSDs. He is the Director of the Monmouth University Cybersecurity Research Center, where here leads quantum cybers ecurity and other security research.
Nearest NYC Subway is the 14th Street/Eighth Avenue station L, A, C, E.


To get to the backroom, you must enter the front door, follow the long bar on your left, and walk all the way to the back. At the rear of the BrassMonkey, you will see an alcove for the 3 bathrooms our room is off to your right.


For more information, please visit:

https://www.nycbug.org/

_______________________________________________ announce mailing list announce@lists.nycbug.org https://lists.nycbug.org:8443/mailman/listinfo/announce

No comments:

Updated Debian 12: 12.14 released

------------------------------------------------------------------------ The Debian Project https://www.debian.org/ Updated Debian 12: 12.14 released press@debian.org May 16th, 2026 https://www.debian.org/News/2026/2026051602 ------------------------------------------------------------------------ The Debian project is pleased to announce the fourteenth update of its oldstable distribution Debian 12 (codename "bookworm"). This point release mainly adds corrections for security issues, along with a few adjustments for serious problems. Security advisories have already been published separately and are referenced where available. Please note that the point release does not constitute a new version of Debian 12 but only updates some of the packages included. There is no need to throw away old "bookworm" media. After installation, packages can be upgraded to the current versions using an up-to-date Debian mirror. Those who frequently install updates from security.debian.org won't have to update many packages, and most such updates are included in the point release. New installation images will be available soon at the regular locations. Upgrading an existing installation to this revision can be achieved by pointing the package management system at one of Debian's many HTTP mirrors. A comprehensive list of mirrors is available at: https://www.debian.org/mirror/list Miscellaneous Bugfixes ---------------------- This oldstable update adds a few important corrections to the following packages: +-------------------------+-------------------------------------------+ | Package | Reason | +-------------------------+-------------------------------------------+ | 7zip [1] | New upstream stable release; fix integer | | | underflow issue [CVE-2023-31102]; fix | | | code execution issues [CVE-2023-40481 | | | CVE-2025-11001 CVE-2025-11002]; fix | | | denial of service issue [CVE-2024-11612]; | | | fix null pointer dereference issue | | | [CVE-2025-53817]; fix handling of | | | symbolic links [CVE-2025-55188] | | | | | apache2 [2] | New upstream release: fix http2 | | | regression; fix use-after-free issue | | | [CVE-2026-23918]; fix privilege | | | escalation issue [CVE-2026-24072]; fix | | | NULL pointer dereference issues | | | [CVE-2026-29169 CVE-2026-33007]; fix | | | authentication bypass issue [CVE-2026- | | | 33006]; fix HTTP response splitting issue | | | [CVE-2026-33523]; fix out-of-bounds read | | | issues [CVE-2026-33857 CVE-2026-34032]; | | | fix buffer over-read issue [CVE-2026- | | | 34059] | | | | | arduino-core-avr [3] | New upstream stable release; fix buffer | | | overflow issue [CVE-2025-69209] | | | | | augeas [4] | Fix NULL pointer dereference issue | | | [CVE-2025-2588] | | | | | awstats [5] | Prevent command injection [CVE-2025- | | | 63261] | | | | | base-files [6] | Update for the point release | | | | | bash [7] | Rebuild with updated glibc | | | | | busybox [8] | Fix stack overflow [CVE-2022-48174] and | | | use-after-free [CVE-2023-42363 CVE-2023- | | | 42364 CVE-2023-42365] errors | | | | | c3p0 [9] | Fix recursive entity expansion issue | | | [CVE-2019-5427] | | | | | calibre [10] | Fix path traversal issues [CVE-2026-25635 | | | CVE-2026-25636 CVE-2026-26064 CVE-2026- | | | 26065]; fix code execution issue | | | [CVE-2026-25731]; fix HTTP response | | | header injection issue [CVE-2026-27810]; | | | fix IP ban bypass issue [CVE-2026-27824] | | | | | cdebootstrap [11] | Rebuild with updated glibc | | | | | chkrootkit [12] | Rebuild with updated glibc | | | | | chrony [13] | Open the PHC reference clock with the | | | O_RDWR flag when enabling the extpps | | | option | | | | | composer [14] | Fix code execution issue [CVE-2023- | | | 43655]; fix command injection issues | | | [CVE-2026-40261 CVE-2026-40176] | | | | | containerd [15] | Fix CRI Attach implementation [CVE-2025- | | | 64329]; fix overly broad directory | | | permissions [CVE-2024-25621]; fix large | | | UID:GID (> 32bit) overflow [CVE-2024- | | | 40635] | | | | | dar [16] | Rebuild with updated glibc | | | | | debian-installer [17] | Bump linux ABI to 6.1.0-47 | | | | | debian-installer- | Rebuild against oldstable-proposed- | | netboot-images [18] | updates | | | | | debsig-verify [19] | Rebuild with updated dpkg | | | | | deets [20] | Rebuild with updated dpkg | | | | | distro-info-data [21] | Add Ubuntu 26.10 "Stonking Stingray" | | | | | docker.io [22] | Rebuild with updated containerd, glibc | | | | | dovecot [23] | Correct incomplete backport of CVE-2026- | | | 27855 fix; fix memory leak in CVE-2026- | | | 27857 fix | | | | | dpkg [24] | New upstream stable release; fix | | | insufficient permissions check leading to | | | possible denial of service issue | | | [CVE-2025-6297]; fix denial of service | | | issue [CVE-2026-2219]; fix buffer over- | | | read issue; fix uninitialized variable | | | warning with Rules-Requires-Root; fix | | | segmentation fault in dpkg-trigger; | | | translation fixes | | | | | erlang [25] | Fix denial of service issues [CVE-2025- | | | 48038 CVE-2025-48039 CVE-2025-48040 | | | CVE-2025-48041]; fix HTTP request | | | smuggling issue [CVE-2026-23941]; fix | | | path traversal issues [CVE-2026-23942 | | | CVE-2026-21620]; fix compression bomb | | | issue [CVE-2026-23943] | | | | | exim4 [26] | Fix GnuTLS hostname verify of a server | | | certificate with a zero-length Subject; | | | fix denial of service issue [CVE-2026- | | | 40684]; fix out-of-bounds read/write | | | issues [CVE-2026-40685 CVE-2026-40686 | | | CVE-2026-40687] | | | | | fonttools [27] | Fix XML External Entity injection issue | | | [CVE-2023-45139]; fix code execution | | | issue [CVE-2025-66034] | | | | | glance [28] | Fix server-side request forgery issue | | | [CVE-2026-34881]; fix build failure | | | | | glib2.0 [29] | Fix timezone handling with Debian & | | | Ubuntu's symlinks; fix missing input | | | validation in | | | g_buffered_input_stream_peek [CVE-2026- | | | 0988]; fix integer overflow in base64 | | | encoding [CVE-2026-1484]; fix buffer | | | underflow issue in content type parsing | | | [CVE-2026-1485]; fix integer overflow in | | | unicode conversion [CVE-2026-1489] | | | | | glibc [30] | Fix integer overflow issue [CVE-2026- | | | 0861]; fix uninitialised memory use issue | | | [CVE-2025-15281]; fix incorrect handling | | | of DNS responses [CVE-2026-4437]; fix | | | return of invalid DNS hostnames | | | [CVE-2026-4438]; fix assertion failure | | | [CVE-2026-4046]; fix performance | | | bottleneck with ASAN on 32-bit arm; fix | | | incorrect backtrace unwinding; fix typo | | | in wmemset ifunc selector that caused | | | AVX2/AVX512 paths to be skipped; fix | | | POWER optimized rawmemchr function; fix | | | stack content leak issue [CVE-2026-0915] | | | | | gnuais [31] | Fix displaying map in gnuaisgui | | | | | golang-github- | Rebuild with updated containerd | | containerd-stargz- | | | snapshotter [32] | | | | | | golang-github- | Rebuild with updated containerd | | containers-buildah [33] | | | | | | golang-github- | Rebuild with updated containerd | | openshift- | | | imagebuilder [34] | | | | | | gpsd [35] | Fix out-of-bounds write issue [CVE-2025- | | | 67268]; fix integer underflow issue | | | [CVE-2025-67269] | | | | | grub-efi-amd64- | Remove NTFS and jfs from monolithic EFI | | signed [36] | image; update SBAT levels; set | | | "Protected: yes" for -signed packages so | | | they cannot easily be removed; backport | | | upstream regression fixes; fix "video/ | | | readers/jpeg: Do not permit duplicate | | | SOF0 markers in JPEG" [CVE-2024-45774]; | | | fix "commands/extcmd: Missing check for | | | failed allocation" [CVE-2024-45775]; fix | | | "commands/dump: The dump command is not | | | in lockdown when secure boot is | | | enabled" [CVE-2025-1118]; fix integer | | | overflow issues [CVE-2024-45776 CVE-2024- | | | 45777 CVE-2024-45778 CVE-2024-45779 | | | CVE-2024-45780 CVE-2025-0677 CVE-2025- | | | 0678 CVE-2025-0684 CVE-2025-0685 | | | CVE-2025-0690 CVE-2025-1125]; fix out-of- | | | bounds write issues [CVE-2024-45781 | | | CVE-2024-45782 CVE-2025-0624]; fix use- | | | after-free issues [CVE-2024-45783 | | | CVE-2025-0622]; fix buffer overflow issue | | | [CVE-2025-0689] | | | | | grub-efi-arm64- | Remove NTFS and jfs from monolithic EFI | | signed [37] | image; update SBAT levels; set | | | "Protected: yes" for -signed packages so | | | they cannot easily be removed; backport | | | upstream regression fixes; fix "video/ | | | readers/jpeg: Do not permit duplicate | | | SOF0 markers in JPEG" [CVE-2024-45774]; | | | fix "commands/extcmd: Missing check for | | | failed allocation" [CVE-2024-45775]; fix | | | "commands/dump: The dump command is not | | | in lockdown when secure boot is | | | enabled" [CVE-2025-1118]; fix integer | | | overflow issues [CVE-2024-45776 CVE-2024- | | | 45777 CVE-2024-45778 CVE-2024-45779 | | | CVE-2024-45780 CVE-2025-0677 CVE-2025- | | | 0678 CVE-2025-0684 CVE-2025-0685 | | | CVE-2025-0690 CVE-2025-1125]; fix out-of- | | | bounds write issues [CVE-2024-45781 | | | CVE-2024-45782 CVE-2025-0624]; fix use- | | | after-free issues [CVE-2024-45783 | | | CVE-2025-0622]; fix buffer overflow issue | | | [CVE-2025-0689] | | | | | grub-efi-ia32- | Remove NTFS and jfs from monolithic EFI | | signed [38] | image; update SBAT levels; set | | | "Protected: yes" for -signed packages so | | | they cannot easily be removed; backport | | | upstream regression fixes; fix "video/ | | | readers/jpeg: Do not permit duplicate | | | SOF0 markers in JPEG" [CVE-2024-45774]; | | | fix "commands/extcmd: Missing check for | | | failed allocation" [CVE-2024-45775]; fix | | | "commands/dump: The dump command is not | | | in lockdown when secure boot is | | | enabled" [CVE-2025-1118]; fix integer | | | overflow issues [CVE-2024-45776 CVE-2024- | | | 45777 CVE-2024-45778 CVE-2024-45779 | | | CVE-2024-45780 CVE-2025-0677 CVE-2025- | | | 0678 CVE-2025-0684 CVE-2025-0685 | | | CVE-2025-0690 CVE-2025-1125]; fix out-of- | | | bounds write issues [CVE-2024-45781 | | | CVE-2024-45782 CVE-2025-0624]; fix use- | | | after-free issues [CVE-2024-45783 | | | CVE-2025-0622]; fix buffer overflow issue | | | [CVE-2025-0689] | | | | | grub2 [39] | Remove NTFS and jfs from monolithic EFI | | | image; update SBAT levels; set | | | "Protected: yes" for -signed packages so | | | they cannot easily be removed; backport | | | upstream regression fixes; fix "video/ | | | readers/jpeg: Do not permit duplicate | | | SOF0 markers in JPEG" [CVE-2024-45774]; | | | fix "commands/extcmd: Missing check for | | | failed allocation" [CVE-2024-45775]; fix | | | "commands/dump: The dump command is not | | | in lockdown when secure boot is | | | enabled" [CVE-2025-1118]; fix integer | | | overflow issues [CVE-2024-45776 CVE-2024- | | | 45777 CVE-2024-45778 CVE-2024-45779 | | | CVE-2024-45780 CVE-2025-0677 CVE-2025- | | | 0678 CVE-2025-0684 CVE-2025-0685 | | | CVE-2025-0690 CVE-2025-1125]; fix out-of- | | | bounds write issues [CVE-2024-45781 | | | CVE-2024-45782 CVE-2025-0624]; fix use- | | | after-free issues [CVE-2024-45783 | | | CVE-2025-0622]; fix buffer overflow issue | | | [CVE-2025-0689] | | | | | gvfs [40] | Use control connection address for PASV | | | data [CVE-2026-28295]; reject paths | | | containing CR/LF characters [CVE-2026- | | | 28296] | | | | | kissfft [41] | Fix integer overflow issues [CVE-2025- | | | 34297 CVE-2026-41445] | | | | | kpackage [42] | Skip unreliable build-time test | | | | | lemonldap-ng [43] | Update documentation to avoid using | | | unsecured Nginx variable | | | | | libarchive [44] | Fix out-of-bounds read issues [CVE-2025- | | | 5918 CVE-2026-4424]; fix denial of | | | service issues [CVE-2026-4111 CVE-2026- | | | 4426]; fix possible code execution issue | | | [CVE-2026-5121] | | | | | libcap2 [45] | Fix time of check / time of use issue | | | [CVE-2026-4878]; rebuild with updated | | | glibc | | | | | libexif [46] | Fix integer underflow issues [CVE-2026- | | | 40386 CVE-2026-32775]; fix integer | | | overflow issue [CVE-2026-40385] | | | | | libnet-cidr-lite- | Fix ACL bypass issues [CVE-2026-40198 | | perl [47] | CVE-2026-40199] | | | | | libpng1.6 [48] | Fix heap buffer overflow issues | | | [CVE-2026-22801 CVE-2026-22695] | | | | | libpod [49] | Rebuild with updated containerd | | | | | libreoffice [50] | Fix incomplete fix for CVE-2024-12426 | | | | | libreoffice- | Add dependency on dvipng/dvisvgm | | texmaths [51] | | | | | | libuev [52] | Fix buffer overrun issue [CVE-2022-48620] | | | | | libvncserver [53] | Fix out-of-bounds read issue [CVE-2026- | | | 32853]; fix null pointer dereference | | | issue [CVE-2026-32854] | | | | | libxml-security- | Fix private key disclosure issue | | java [54] | [CVE-2023-44483] | | | | | libxslt [55] | Fix deterministic generate-id() | | | regression causing build failures in | | | other packages | | | | | lxc [56] | Fix authorisation bypass issue [CVE-2026- | | | 39402] | | | | | mapserver [57] | Fix SQL injection issue [CVE-2025-59431]; | | | fix buffer overflow issue [CVE-2026- | | | 33721]; fix heap-buffer-overflow and | | | double-free issues in maplexer | | | | | modsecurity-crs [58] | Fix rule bypass issue [CVE-2023-38199]; | | | fix file extension blocking bypass issue | | | [CVE-2026-33691] | | | | | mongo-c-driver [59] | Fix insufficient validation issues | | | [CVE-2025-14911 CVE-2026-6231]; fix | | | denial of service issue [CVE-2026-4359]; | | | fix buffer overflow issue [CVE-2026- | | | 6691]; improve handling of corrupt GridFS | | | files | | | | | nginx [60] | Fix buffer overflow issues [CVE-2026- | | | 27654 CVE-2026-27784 CVE-2026-32647]; fix | | | session authentication issues [CVE-2026- | | | 27651 CVE-2026-28753]; fix OCSP result | | | bypass issue [CVE-2026-28755]; use | | | "$host" instead of "$http_host" | | | | | openssh [61] | Fix possible code execution issues | | | [CVE-2025-61984 CVE-2025-61985]; ensure | | | scp does not unexpectedly make | | | transferred files setuid or setgid | | | [CVE-2026-35385]; fix command execution | | | issue [CVE-2026-35386]; fix incomplete | | | application of PubkeyAcceptedAlgorithms | | | and HostbasedAcceptedAlgorithms with | | | regard to ECDSA keys [CVE-2026-35387]; | | | use connection multiplexing confirmation | | | for proxy-mode multiplexing sessions | | | [CVE-2026-35388]; fix handling of the | | | authorized_keys "principals" option | | | [CVE-2026-35414]; validate user and host | | | names for ProxyJump/-J options passed via | | | the command line | | | | | openssl [62] | New upstream stable release | | | | | p7zip [63] | Rebase onto newer 7zip version; fix | | | integer underflow issue [CVE-2023-31102]; | | | fix code execution issues [CVE-2023-40481 | | | CVE-2025-11001 CVE-2025-11002]; fix | | | denial of service issue [CVE-2024-11612]; | | | fix null pointer dereference issue | | | [CVE-2025-53817]; fix handling of | | | symbolic links [CVE-2025-55188]; fix | | | buffer overflow issue [CVE-2023-52168]; | | | fix out-of-bounds read issues [CVE-2023- | | | 52169 CVE-2022-47069] | | | | | p7zip-rar [64] | Rebase onto newer 7zip version; fix | | | denial of service issue [CVE-2025-53816] | | | | | php-dompdf [65] | Fix denial of service issue [CVE-2023- | | | 50262] | | | | | php-league- | Fix cross site scripting issue [CVE-2025- | | commonmark [66] | 46734]; fix validation bypass issues | | | [CVE-2026-30838 CVE-2026-33347] | | | | | php-phpseclib [67] | Fix denial of service issue [CVE-2024- | | | 27355]; fix variable time comparison | | | issue [CVE-2026-40194] | | | | | php-phpseclib3 [68] | Fix denial of service issue [CVE-2024- | | | 27355]; fix variable time comparison | | | issue [CVE-2026-40194] | | | | | phpseclib [69] | Fix denial of service issue [CVE-2024- | | | 27355]; fix variable time comparison | | | issue [CVE-2026-40194] | | | | | plastimatch [70] | Remove non-free files | | | | | postgresql-15 [71] | New upstream stable release; fix buffer | | | overrun issue [CVE-2026-2006] | | | | | proftpd-dfsg [72] | Fix denial of service issue [CVE-2024- | | | 57392]; fix SQL injection issue | | | [CVE-2026-42167]; fix "mod_radius: | | | Message-Authenticator check always fails" | | | | | pymupdf [73] | Rebuild with updated mupdf | | | | | python-authlib [74] | Fix algorithm confusion issue [CVE-2024- | | | 37568]; fix cross-site request forgery | | | issue [CVE-2025-68158]; fix denial of | | | service issues [CVE-2025-62706 CVE-2025- | | | 61920]; fix policy bypass issue | | | [CVE-2025-59420] | | | | | python-django [75] | Fix regular expression-based denial of | | | service issue [CVE-2023-36053], denial of | | | service issues [CVE-2024-38875 CVE-2024- | | | 39614 CVE-2024-41990 CVE-2024-41991], | | | user enumeration issue [CVE-2024-39329], | | | directory traversal issue [CVE-2024- | | | 39330], excessive memory consumption | | | issue [CVE-2024-41989], SQL injection | | | issue [CVE-2024-42005] | | | | | python-ldap [76] | Fix insufficient escaping issue | | | [CVE-2025-61911]; fix denial of service | | | issue [CVE-2025-61912] | | | | | python3.11 [77] | Fix header injection issues [CVE-2025- | | | 11468 CVE-2025-15282 CVE-2026-0672 | | | CVE-2026-0865 CVE-2026-1299]; fix denial | | | of service issues [CVE-2025-12084 | | | CVE-2025-13836 CVE-2025-13837 CVE-2025- | | | 6069 CVE-2025-6075 CVE-2025-8194]; fix | | | insufficient validation in zipFile | | | [CVE-2025-8291]; fix use-after-free issue | | | [CVE-2025-4516] | | | | | qemu [78] | Rebuild with updated glibc, glib2.0, | | | gnutls28 | | | | | request-tracker5 [79] | Fix builds of CKEditor when firefox is >= | | | 148 | | | | | sash [80] | Rebuild with updated glibc | | | | | sed [81] | Fix time of check / time of use issue | | | [CVE-2026-5958] | | | | | sioyek [82] | Rebuild with updated mupdf | | | | | skeema [83] | Rebuild with updated containerd | | | | | snapd [84] | Rebuild with updated libcap2 | | | | | sudo [85] | Fix exec_mailer permissions checks | | | [CVE-2026-35535] | | | | | supermin [86] | Rebuild with updated glibc | | | | | swupdate [87] | Fix denial of service issue [CVE-2026- | | | 28525] | | | | | systemd [88] | Fix assert and freeze [CVE-2026-29111]; | | | fix code execution issues [CVE-2026-40225 | | | CVE-2026-4105]; fix nspawn escape-to-host | | | issue [CVE-2026-40226] | | | | | taglib [89] | Fix segmentation violation issue | | | [CVE-2023-47466] | | | | | tpm2-pkcs11 [90] | Fix NULL pointer dereference during | | | database migration | | | | | tripwire [91] | Rebuild with updated glibc | | | | | tzdata [92] | New upstream release; update data for | | | British Columbia | | | | | user-mode-linux [93] | Rebuild with updated linux | | | | | vips [94] | Fix buffer overflow issues [CVE-2026-2913 | | | CVE-2026-3147 CVE-2026-3281]; fix memory | | | corruption issue [CVE-2026-3145]; fix | | | null pointer dereference issue [CVE-2026- | | | 3146]; fix out of bound read issues | | | [CVE-2026-3282 CVE-2026-3283]; fix | | | integer overflow issue [CVE-2026-3284] | | | | | wireless-regdb [95] | New upstream stable release; update | | | regulatory information for several | | | countries | | | | | wireshark [96] | Fix denial of service issues [CVE-2024- | | | 11596 CVE-2024-9781 CVE-2025-11626 | | | CVE-2025-13499 CVE-2025-13945 CVE-2025- | | | 13946 CVE-2025-1492 CVE-2025-5601 | | | CVE-2025-9817 CVE-2026-0960] | | | | | xorg-server [97] | Fix buffer re-use issue [CVE-2026-33999]; | | | fix / improve bounds checking [CVE-2026- | | | 34000 CVE-2026-34003]; fix use after free | | | issue [CVE-2026-34001]; fix out-of-bounds | | | read issue [CVE-2026-34002] | | | | | zsh [98] | Rebuild with updated libcap2, glibc | | | | | zvbi [99] | Fix uninitialised pointer issue | | | [CVE-2025-2173]; fix integer overflow | | | issues [CVE-2025-2174 CVE-2025-2175 | | | CVE-2025-2176 CVE-2025-2177] | | | | +-------------------------+-------------------------------------------+ 1: https://packages.debian.org/src:7zip 2: https://packages.debian.org/src:apache2 3: https://packages.debian.org/src:arduino-core-avr 4: https://packages.debian.org/src:augeas 5: https://packages.debian.org/src:awstats 6: https://packages.debian.org/src:base-files 7: https://packages.debian.org/src:bash 8: https://packages.debian.org/src:busybox 9: https://packages.debian.org/src:c3p0 10: https://packages.debian.org/src:calibre 11: https://packages.debian.org/src:cdebootstrap 12: https://packages.debian.org/src:chkrootkit 13: https://packages.debian.org/src:chrony 14: https://packages.debian.org/src:composer 15: https://packages.debian.org/src:containerd 16: https://packages.debian.org/src:dar 17: https://packages.debian.org/src:debian-installer 18: https://packages.debian.org/src:debian-installer-netboot-images 19: https://packages.debian.org/src:debsig-verify 20: https://packages.debian.org/src:deets 21: https://packages.debian.org/src:distro-info-data 22: https://packages.debian.org/src:docker.io 23: https://packages.debian.org/src:dovecot 24: https://packages.debian.org/src:dpkg 25: https://packages.debian.org/src:erlang 26: https://packages.debian.org/src:exim4 27: https://packages.debian.org/src:fonttools 28: https://packages.debian.org/src:glance 29: https://packages.debian.org/src:glib2.0 30: https://packages.debian.org/src:glibc 31: https://packages.debian.org/src:gnuais 32: https://packages.debian.org/src:golang-github-containerd-stargz-snapshotter 33: https://packages.debian.org/src:golang-github-containers-buildah 34: https://packages.debian.org/src:golang-github-openshift-imagebuilder 35: https://packages.debian.org/src:gpsd 36: https://packages.debian.org/src:grub-efi-amd64-signed 37: https://packages.debian.org/src:grub-efi-arm64-signed 38: https://packages.debian.org/src:grub-efi-ia32-signed 39: https://packages.debian.org/src:grub2 40: https://packages.debian.org/src:gvfs 41: https://packages.debian.org/src:kissfft 42: https://packages.debian.org/src:kpackage 43: https://packages.debian.org/src:lemonldap-ng 44: https://packages.debian.org/src:libarchive 45: https://packages.debian.org/src:libcap2 46: https://packages.debian.org/src:libexif 47: https://packages.debian.org/src:libnet-cidr-lite-perl 48: https://packages.debian.org/src:libpng1.6 49: https://packages.debian.org/src:libpod 50: https://packages.debian.org/src:libreoffice 51: https://packages.debian.org/src:libreoffice-texmaths 52: https://packages.debian.org/src:libuev 53: https://packages.debian.org/src:libvncserver 54: https://packages.debian.org/src:libxml-security-java 55: https://packages.debian.org/src:libxslt 56: https://packages.debian.org/src:lxc 57: https://packages.debian.org/src:mapserver 58: https://packages.debian.org/src:modsecurity-crs 59: https://packages.debian.org/src:mongo-c-driver 60: https://packages.debian.org/src:nginx 61: https://packages.debian.org/src:openssh 62: https://packages.debian.org/src:openssl 63: https://packages.debian.org/src:p7zip 64: https://packages.debian.org/src:p7zip-rar 65: https://packages.debian.org/src:php-dompdf 66: https://packages.debian.org/src:php-league-commonmark 67: https://packages.debian.org/src:php-phpseclib 68: https://packages.debian.org/src:php-phpseclib3 69: https://packages.debian.org/src:phpseclib 70: https://packages.debian.org/src:plastimatch 71: https://packages.debian.org/src:postgresql-15 72: https://packages.debian.org/src:proftpd-dfsg 73: https://packages.debian.org/src:pymupdf 74: https://packages.debian.org/src:python-authlib 75: https://packages.debian.org/src:python-django 76: https://packages.debian.org/src:python-ldap 77: https://packages.debian.org/src:python3.11 78: https://packages.debian.org/src:qemu 79: https://packages.debian.org/src:request-tracker5 80: https://packages.debian.org/src:sash 81: https://packages.debian.org/src:sed 82: https://packages.debian.org/src:sioyek 83: https://packages.debian.org/src:skeema 84: https://packages.debian.org/src:snapd 85: https://packages.debian.org/src:sudo 86: https://packages.debian.org/src:supermin 87: https://packages.debian.org/src:swupdate 88: https://packages.debian.org/src:systemd 89: https://packages.debian.org/src:taglib 90: https://packages.debian.org/src:tpm2-pkcs11 91: https://packages.debian.org/src:tripwire 92: https://packages.debian.org/src:tzdata 93: https://packages.debian.org/src:user-mode-linux 94: https://packages.debian.org/src:vips 95: https://packages.debian.org/src:wireless-regdb 96: https://packages.debian.org/src:wireshark 97: https://packages.debian.org/src:xorg-server 98: https://packages.debian.org/src:zsh 99: https://packages.debian.org/src:zvbi Security Updates ---------------- This revision adds the following security updates to the oldstable release. The Security Team has already released an advisory for each of these updates: +----------------+------------------------------+ | Advisory ID | Package | +----------------+------------------------------+ | DSA-6003 [100] | firefox-esr [101] | | | | | DSA-6025 [102] | firefox-esr [103] | | | | | DSA-6054 [104] | firefox-esr [105] | | | | | DSA-6078 [106] | firefox-esr [107] | | | | | DSA-6093 [108] | gimp [109] | | | | | DSA-6094 [110] | libsodium [111] | | | | | DSA-6096 [112] | vlc [113] | | | | | DSA-6097 [114] | chromium [115] | | | | | DSA-6098 [116] | net-snmp [117] | | | | | DSA-6100 [118] | chromium [119] | | | | | DSA-6101 [120] | firefox-esr [121] | | | | | DSA-6102 [122] | python-urllib3 [123] | | | | | DSA-6103 [124] | thunderbird [125] | | | | | DSA-6105 [126] | modsecurity-crs [127] | | | | | DSA-6106 [128] | inetutils [129] | | | | | DSA-6107 [130] | bind9 [131] | | | | | DSA-6108 [132] | chromium [133] | | | | | DSA-6110 [134] | openjdk-17 [135] | | | | | DSA-6111 [136] | imagemagick [137] | | | | | DSA-6113 [138] | openssl [139] | | | | | DSA-6114 [140] | pyasn1 [141] | | | | | DSA-6115 [142] | gimp [143] | | | | | DSA-6116 [144] | chromium [145] | | | | | DSA-6118 [146] | thunderbird [147] | | | | | DSA-6120 [148] | tomcat10 [149] | | | | | DSA-6122 [150] | chromium [151] | | | | | DSA-6123 [152] | xrdp [153] | | | | | DSA-6125 [154] | usbmuxd [155] | | | | | DSA-6127 [156] | linux-signed-amd64 [157] | | | | | DSA-6127 [158] | linux-signed-arm64 [159] | | | | | DSA-6127 [160] | linux-signed-i386 [161] | | | | | DSA-6127 [162] | linux [163] | | | | | DSA-6128 [164] | shaarli [165] | | | | | DSA-6129 [166] | munge [167] | | | | | DSA-6131 [168] | nginx [169] | | | | | DSA-6132 [170] | postgresql-15 [171] | | | | | DSA-6135 [172] | chromium [173] | | | | | DSA-6136 [174] | python-django-storages [175] | | | | | DSA-6136 [176] | python-django [177] | | | | | DSA-6137 [178] | roundcube [179] | | | | | DSA-6138 [180] | libpng1.6 [181] | | | | | DSA-6139 [182] | gimp [183] | | | | | DSA-6140 [184] | gnutls28 [185] | | | | | DSA-6142 [186] | gegl [187] | | | | | DSA-6143 [188] | libvpx [189] | | | | | DSA-6145 [190] | nova [191] | | | | | DSA-6146 [192] | chromium [193] | | | | | DSA-6148 [194] | firefox-esr [195] | | | | | DSA-6149 [196] | nss [197] | | | | | DSA-6150 [198] | python-django [199] | | | | | DSA-6151 [200] | chromium [201] | | | | | DSA-6152 [202] | thunderbird [203] | | | | | DSA-6153 [204] | lxd [205] | | | | | DSA-6154 [206] | php8.2 [207] | | | | | DSA-6156 [208] | gimp [209] | | | | | DSA-6157 [210] | chromium [211] | | | | | DSA-6159 [212] | imagemagick [213] | | | | | DSA-6160 [214] | netty [215] | | | | | DSA-6163 [216] | linux-signed-amd64 [217] | | | | | DSA-6163 [218] | linux-signed-arm64 [219] | | | | | DSA-6163 [220] | linux-signed-i386 [221] | | | | | DSA-6163 [222] | linux [223] | | | | | DSA-6164 [224] | chromium [225] | | | | | DSA-6165 [226] | chromium [227] | | | | | DSA-6167 [228] | gst-plugins-base1.0 [229] | | | | | DSA-6170 [230] | snapd [231] | | | | | DSA-6171 [232] | chromium [233] | | | | | DSA-6172 [234] | webkit2gtk [235] | | | | | DSA-6173 [236] | freeciv [237] | | | | | DSA-6175 [238] | libyaml-syck-perl [239] | | | | | DSA-6176 [240] | strongswan [241] | | | | | DSA-6177 [242] | chromium [243] | | | | | DSA-6178 [244] | firefox-esr [245] | | | | | DSA-6179 [246] | thunderbird [247] | | | | | DSA-6180 [248] | ruby-rack [249] | | | | | DSA-6181 [250] | bind9 [251] | | | | | DSA-6182 [252] | libxml-parser-perl [253] | | | | | DSA-6185 [254] | phpseclib [255] | | | | | DSA-6186 [256] | php-phpseclib [257] | | | | | DSA-6187 [258] | php-phpseclib3 [259] | | | | | DSA-6188 [260] | lxd [261] | | | | | DSA-6189 [262] | libpng1.6 [263] | | | | | DSA-6190 [264] | gst-plugins-bad1.0 [265] | | | | | DSA-6191 [266] | gst-plugins-ugly1.0 [267] | | | | | DSA-6192 [268] | chromium [269] | | | | | DSA-6193 [270] | inetutils [271] | | | | | DSA-6194 [272] | pyasn1 [273] | | | | | DSA-6195 [274] | python-tornado [275] | | | | | DSA-6196 [276] | roundcube [277] | | | | | DSA-6197 [278] | dovecot [279] | | | | | DSA-6199 [280] | trafficserver [281] | | | | | DSA-6200 [282] | tor [283] | | | | | DSA-6201 [284] | openssl [285] | | | | | DSA-6202 [286] | firefox-esr [287] | | | | | DSA-6203 [288] | tiff [289] | | | | | DSA-6204 [290] | openssh [291] | | | | | DSA-6205 [292] | chromium [293] | | | | | DSA-6206 [294] | gdk-pixbuf [295] | | | | | DSA-6208 [296] | mediawiki [297] | | | | | DSA-6210 [298] | imagemagick [299] | | | | | DSA-6211 [300] | thunderbird [301] | | | | | DSA-6213 [302] | lxd [303] | | | | | DSA-6214 [304] | chromium [305] | | | | | DSA-6215 [306] | gimp [307] | | | | | DSA-6216 [308] | opam [309] | | | | | DSA-6218 [310] | mupdf [311] | | | | | DSA-6220 [312] | simpleeval [313] | | | | | DSA-6221 [314] | ntfs-3g [315] | | | | | DSA-6222 [316] | ngtcp2 [317] | | | | | DSA-6223 [318] | flatpak [319] | | | | | DSA-6224 [320] | xdg-dbus-proxy [321] | | | | | DSA-6225 [322] | firefox-esr [323] | | | | | DSA-6226 [324] | packagekit [325] | | | | | DSA-6227 [326] | strongswan [327] | | | | | DSA-6229 [328] | thunderbird [329] | | | | | DSA-6230 [330] | chromium [331] | | | | | DSA-6236 [332] | firefox-esr [333] | | | | | DSA-6237 [334] | jtreg7 [335] | | | | | DSA-6237 [336] | openjdk-17 [337] | | | | | DSA-6239 [338] | chromium [339] | | | | | DSA-6242 [340] | thunderbird [341] | | | | | DSA-6243 [342] | linux-signed-amd64 [343] | | | | | DSA-6243 [344] | linux-signed-arm64 [345] | | | | | DSA-6243 [346] | linux-signed-i386 [347] | | | | | DSA-6243 [348] | linux [349] | | | | | DSA-6245 [350] | imagemagick [351] | | | | | DSA-6247 [352] | lxd [353] | | | | | DSA-6248 [354] | apache2 [355] | | | | | DSA-6249 [356] | wireshark [357] | | | | | DSA-6251 [358] | libreoffice [359] | | | | | DSA-6252 [360] | prosody [361] | | | | | DSA-6254 [362] | firefox-esr [363] | | | | | DSA-6255 [364] | php8.2 [365] | | | | | DSA-6257 [366] | postorius [367] | | | | | DSA-6258 [368] | linux-signed-amd64 [369] | | | | | DSA-6258 [370] | linux-signed-arm64 [371] | | | | | DSA-6258 [372] | linux-signed-i386 [373] | | | | | DSA-6258 [374] | linux [375] | | | | | DSA-6259 [376] | pyjwt [377] | | | | | DSA-6260 [378] | tor [379] | | | | | DSA-6261 [380] | corosync [381] | | | | | DSA-6262 [382] | lcms2 [383] | | | | | DSA-6263 [384] | libpng1.6 [385] | | | | | DSA-6264 [386] | dnsmasq [387] | | | | | DSA-6265 [388] | exim4 [389] | | | | +----------------+------------------------------+ 100: https://www.debian.org/security/2025/dsa-6003 101: https://packages.debian.org/src:firefox-esr 102: https://www.debian.org/security/2025/dsa-6025 103: https://packages.debian.org/src:firefox-esr 104: https://www.debian.org/security/2025/dsa-6054 105: https://packages.debian.org/src:firefox-esr 106: https://www.debian.org/security/2025/dsa-6078 107: https://packages.debian.org/src:firefox-esr 108: https://www.debian.org/security/2026/dsa-6093 109: https://packages.debian.org/src:gimp 110: https://www.debian.org/security/2026/dsa-6094 111: https://packages.debian.org/src:libsodium 112: https://www.debian.org/security/2026/dsa-6096 113: https://packages.debian.org/src:vlc 114: https://www.debian.org/security/2026/dsa-6097 115: https://packages.debian.org/src:chromium 116: https://www.debian.org/security/2026/dsa-6098 117: https://packages.debian.org/src:net-snmp 118: https://www.debian.org/security/2026/dsa-6100 119: https://packages.debian.org/src:chromium 120: https://www.debian.org/security/2026/dsa-6101 121: https://packages.debian.org/src:firefox-esr 122: https://www.debian.org/security/2026/dsa-6102 123: https://packages.debian.org/src:python-urllib3 124: https://www.debian.org/security/2026/dsa-6103 125: https://packages.debian.org/src:thunderbird 126: https://www.debian.org/security/2026/dsa-6105 127: https://packages.debian.org/src:modsecurity-crs 128: https://www.debian.org/security/2026/dsa-6106 129: https://packages.debian.org/src:inetutils 130: https://www.debian.org/security/2026/dsa-6107 131: https://packages.debian.org/src:bind9 132: https://www.debian.org/security/2026/dsa-6108 133: https://packages.debian.org/src:chromium 134: https://www.debian.org/security/2026/dsa-6110 135: https://packages.debian.org/src:openjdk-17 136: https://www.debian.org/security/2026/dsa-6111 137: https://packages.debian.org/src:imagemagick 138: https://www.debian.org/security/2026/dsa-6113 139: https://packages.debian.org/src:openssl 140: https://www.debian.org/security/2026/dsa-6114 141: https://packages.debian.org/src:pyasn1 142: https://www.debian.org/security/2026/dsa-6115 143: https://packages.debian.org/src:gimp 144: https://www.debian.org/security/2026/dsa-6116 145: https://packages.debian.org/src:chromium 146: https://www.debian.org/security/2026/dsa-6118 147: https://packages.debian.org/src:thunderbird 148: https://www.debian.org/security/2026/dsa-6120 149: https://packages.debian.org/src:tomcat10 150: https://www.debian.org/security/2026/dsa-6122 151: https://packages.debian.org/src:chromium 152: https://www.debian.org/security/2026/dsa-6123 153: https://packages.debian.org/src:xrdp 154: https://www.debian.org/security/2026/dsa-6125 155: https://packages.debian.org/src:usbmuxd 156: https://www.debian.org/security/2026/dsa-6127 157: https://packages.debian.org/src:linux-signed-amd64 158: https://www.debian.org/security/2026/dsa-6127 159: https://packages.debian.org/src:linux-signed-arm64 160: https://www.debian.org/security/2026/dsa-6127 161: https://packages.debian.org/src:linux-signed-i386 162: https://www.debian.org/security/2026/dsa-6127 163: https://packages.debian.org/src:linux 164: https://www.debian.org/security/2026/dsa-6128 165: https://packages.debian.org/src:shaarli 166: https://www.debian.org/security/2026/dsa-6129 167: https://packages.debian.org/src:munge 168: https://www.debian.org/security/2026/dsa-6131 169: https://packages.debian.org/src:nginx 170: https://www.debian.org/security/2026/dsa-6132 171: https://packages.debian.org/src:postgresql-15 172: https://www.debian.org/security/2026/dsa-6135 173: https://packages.debian.org/src:chromium 174: https://www.debian.org/security/2026/dsa-6136 175: https://packages.debian.org/src:python-django-storages 176: https://www.debian.org/security/2026/dsa-6136 177: https://packages.debian.org/src:python-django 178: https://www.debian.org/security/2026/dsa-6137 179: https://packages.debian.org/src:roundcube 180: https://www.debian.org/security/2026/dsa-6138 181: https://packages.debian.org/src:libpng1.6 182: https://www.debian.org/security/2026/dsa-6139 183: https://packages.debian.org/src:gimp 184: https://www.debian.org/security/2026/dsa-6140 185: https://packages.debian.org/src:gnutls28 186: https://www.debian.org/security/2026/dsa-6142 187: https://packages.debian.org/src:gegl 188: https://www.debian.org/security/2026/dsa-6143 189: https://packages.debian.org/src:libvpx 190: https://www.debian.org/security/2026/dsa-6145 191: https://packages.debian.org/src:nova 192: https://www.debian.org/security/2026/dsa-6146 193: https://packages.debian.org/src:chromium 194: https://www.debian.org/security/2026/dsa-6148 195: https://packages.debian.org/src:firefox-esr 196: https://www.debian.org/security/2026/dsa-6149 197: https://packages.debian.org/src:nss 198: https://www.debian.org/security/2026/dsa-6150 199: https://packages.debian.org/src:python-django 200: https://www.debian.org/security/2026/dsa-6151 201: https://packages.debian.org/src:chromium 202: https://www.debian.org/security/2026/dsa-6152 203: https://packages.debian.org/src:thunderbird 204: https://www.debian.org/security/2026/dsa-6153 205: https://packages.debian.org/src:lxd 206: https://www.debian.org/security/2026/dsa-6154 207: https://packages.debian.org/src:php8.2 208: https://www.debian.org/security/2026/dsa-6156 209: https://packages.debian.org/src:gimp 210: https://www.debian.org/security/2026/dsa-6157 211: https://packages.debian.org/src:chromium 212: https://www.debian.org/security/2026/dsa-6159 213: https://packages.debian.org/src:imagemagick 214: https://www.debian.org/security/2026/dsa-6160 215: https://packages.debian.org/src:netty 216: https://www.debian.org/security/2026/dsa-6163 217: https://packages.debian.org/src:linux-signed-amd64 218: https://www.debian.org/security/2026/dsa-6163 219: https://packages.debian.org/src:linux-signed-arm64 220: https://www.debian.org/security/2026/dsa-6163 221: https://packages.debian.org/src:linux-signed-i386 222: https://www.debian.org/security/2026/dsa-6163 223: https://packages.debian.org/src:linux 224: https://www.debian.org/security/2026/dsa-6164 225: https://packages.debian.org/src:chromium 226: https://www.debian.org/security/2026/dsa-6165 227: https://packages.debian.org/src:chromium 228: https://www.debian.org/security/2026/dsa-6167 229: https://packages.debian.org/src:gst-plugins-base1.0 230: https://www.debian.org/security/2026/dsa-6170 231: https://packages.debian.org/src:snapd 232: https://www.debian.org/security/2026/dsa-6171 233: https://packages.debian.org/src:chromium 234: https://www.debian.org/security/2026/dsa-6172 235: https://packages.debian.org/src:webkit2gtk 236: https://www.debian.org/security/2026/dsa-6173 237: https://packages.debian.org/src:freeciv 238: https://www.debian.org/security/2026/dsa-6175 239: https://packages.debian.org/src:libyaml-syck-perl 240: https://www.debian.org/security/2026/dsa-6176 241: https://packages.debian.org/src:strongswan 242: https://www.debian.org/security/2026/dsa-6177 243: https://packages.debian.org/src:chromium 244: https://www.debian.org/security/2026/dsa-6178 245: https://packages.debian.org/src:firefox-esr 246: https://www.debian.org/security/2026/dsa-6179 247: https://packages.debian.org/src:thunderbird 248: https://www.debian.org/security/2026/dsa-6180 249: https://packages.debian.org/src:ruby-rack 250: https://www.debian.org/security/2026/dsa-6181 251: https://packages.debian.org/src:bind9 252: https://www.debian.org/security/2026/dsa-6182 253: https://packages.debian.org/src:libxml-parser-perl 254: https://www.debian.org/security/2026/dsa-6185 255: https://packages.debian.org/src:phpseclib 256: https://www.debian.org/security/2026/dsa-6186 257: https://packages.debian.org/src:php-phpseclib 258: https://www.debian.org/security/2026/dsa-6187 259: https://packages.debian.org/src:php-phpseclib3 260: https://www.debian.org/security/2026/dsa-6188 261: https://packages.debian.org/src:lxd 262: https://www.debian.org/security/2026/dsa-6189 263: https://packages.debian.org/src:libpng1.6 264: https://www.debian.org/security/2026/dsa-6190 265: https://packages.debian.org/src:gst-plugins-bad1.0 266: https://www.debian.org/security/2026/dsa-6191 267: https://packages.debian.org/src:gst-plugins-ugly1.0 268: https://www.debian.org/security/2026/dsa-6192 269: https://packages.debian.org/src:chromium 270: https://www.debian.org/security/2026/dsa-6193 271: https://packages.debian.org/src:inetutils 272: https://www.debian.org/security/2026/dsa-6194 273: https://packages.debian.org/src:pyasn1 274: https://www.debian.org/security/2026/dsa-6195 275: https://packages.debian.org/src:python-tornado 276: https://www.debian.org/security/2026/dsa-6196 277: https://packages.debian.org/src:roundcube 278: https://www.debian.org/security/2026/dsa-6197 279: https://packages.debian.org/src:dovecot 280: https://www.debian.org/security/2026/dsa-6199 281: https://packages.debian.org/src:trafficserver 282: https://www.debian.org/security/2026/dsa-6200 283: https://packages.debian.org/src:tor 284: https://www.debian.org/security/2026/dsa-6201 285: https://packages.debian.org/src:openssl 286: https://www.debian.org/security/2026/dsa-6202 287: https://packages.debian.org/src:firefox-esr 288: https://www.debian.org/security/2026/dsa-6203 289: https://packages.debian.org/src:tiff 290: https://www.debian.org/security/2026/dsa-6204 291: https://packages.debian.org/src:openssh 292: https://www.debian.org/security/2026/dsa-6205 293: https://packages.debian.org/src:chromium 294: https://www.debian.org/security/2026/dsa-6206 295: https://packages.debian.org/src:gdk-pixbuf 296: https://www.debian.org/security/2026/dsa-6208 297: https://packages.debian.org/src:mediawiki 298: https://www.debian.org/security/2026/dsa-6210 299: https://packages.debian.org/src:imagemagick 300: https://www.debian.org/security/2026/dsa-6211 301: https://packages.debian.org/src:thunderbird 302: https://www.debian.org/security/2026/dsa-6213 303: https://packages.debian.org/src:lxd 304: https://www.debian.org/security/2026/dsa-6214 305: https://packages.debian.org/src:chromium 306: https://www.debian.org/security/2026/dsa-6215 307: https://packages.debian.org/src:gimp 308: https://www.debian.org/security/2026/dsa-6216 309: https://packages.debian.org/src:opam 310: https://www.debian.org/security/2026/dsa-6218 311: https://packages.debian.org/src:mupdf 312: https://www.debian.org/security/2026/dsa-6220 313: https://packages.debian.org/src:simpleeval 314: https://www.debian.org/security/2026/dsa-6221 315: https://packages.debian.org/src:ntfs-3g 316: https://www.debian.org/security/2026/dsa-6222 317: https://packages.debian.org/src:ngtcp2 318: https://www.debian.org/security/2026/dsa-6223 319: https://packages.debian.org/src:flatpak 320: https://www.debian.org/security/2026/dsa-6224 321: https://packages.debian.org/src:xdg-dbus-proxy 322: https://www.debian.org/security/2026/dsa-6225 323: https://packages.debian.org/src:firefox-esr 324: https://www.debian.org/security/2026/dsa-6226 325: https://packages.debian.org/src:packagekit 326: https://www.debian.org/security/2026/dsa-6227 327: https://packages.debian.org/src:strongswan 328: https://www.debian.org/security/2026/dsa-6229 329: https://packages.debian.org/src:thunderbird 330: https://www.debian.org/security/2026/dsa-6230 331: https://packages.debian.org/src:chromium 332: https://www.debian.org/security/2026/dsa-6236 333: https://packages.debian.org/src:firefox-esr 334: https://www.debian.org/security/2026/dsa-6237 335: https://packages.debian.org/src:jtreg7 336: https://www.debian.org/security/2026/dsa-6237 337: https://packages.debian.org/src:openjdk-17 338: https://www.debian.org/security/2026/dsa-6239 339: https://packages.debian.org/src:chromium 340: https://www.debian.org/security/2026/dsa-6242 341: https://packages.debian.org/src:thunderbird 342: https://www.debian.org/security/2026/dsa-6243 343: https://packages.debian.org/src:linux-signed-amd64 344: https://www.debian.org/security/2026/dsa-6243 345: https://packages.debian.org/src:linux-signed-arm64 346: https://www.debian.org/security/2026/dsa-6243 347: https://packages.debian.org/src:linux-signed-i386 348: https://www.debian.org/security/2026/dsa-6243 349: https://packages.debian.org/src:linux 350: https://www.debian.org/security/2026/dsa-6245 351: https://packages.debian.org/src:imagemagick 352: https://www.debian.org/security/2026/dsa-6247 353: https://packages.debian.org/src:lxd 354: https://www.debian.org/security/2026/dsa-6248 355: https://packages.debian.org/src:apache2 356: https://www.debian.org/security/2026/dsa-6249 357: https://packages.debian.org/src:wireshark 358: https://www.debian.org/security/2026/dsa-6251 359: https://packages.debian.org/src:libreoffice 360: https://www.debian.org/security/2026/dsa-6252 361: https://packages.debian.org/src:prosody 362: https://www.debian.org/security/2026/dsa-6254 363: https://packages.debian.org/src:firefox-esr 364: https://www.debian.org/security/2026/dsa-6255 365: https://packages.debian.org/src:php8.2 366: https://www.debian.org/security/2026/dsa-6257 367: https://packages.debian.org/src:postorius 368: https://www.debian.org/security/2026/dsa-6258 369: https://packages.debian.org/src:linux-signed-amd64 370: https://www.debian.org/security/2026/dsa-6258 371: https://packages.debian.org/src:linux-signed-arm64 372: https://www.debian.org/security/2026/dsa-6258 373: https://packages.debian.org/src:linux-signed-i386 374: https://www.debian.org/security/2026/dsa-6258 375: https://packages.debian.org/src:linux 376: https://www.debian.org/security/2026/dsa-6259 377: https://packages.debian.org/src:pyjwt 378: https://www.debian.org/security/2026/dsa-6260 379: https://packages.debian.org/src:tor 380: https://www.debian.org/security/2026/dsa-6261 381: https://packages.debian.org/src:corosync 382: https://www.debian.org/security/2026/dsa-6262 383: https://packages.debian.org/src:lcms2 384: https://www.debian.org/security/2026/dsa-6263 385: https://packages.debian.org/src:libpng1.6 386: https://www.debian.org/security/2026/dsa-6264 387: https://packages.debian.org/src:dnsmasq 388: https://www.debian.org/security/2026/dsa-6265 389: https://packages.debian.org/src:exim4 Removed packages ---------------- The following packages were removed due to circumstances beyond our control: +-----------------+----------------------------------------------------+ | Package | Reason | +-----------------+----------------------------------------------------+ | suricata [390] | Unsupportable; possible security issues; | | | maintained via backports | | | | | zulucrypt [391] | Security issues; unmaintained | | | | +-----------------+----------------------------------------------------+ 390: https://packages.debian.org/src:suricata 391: https://packages.debian.org/src:zulucrypt Debian Installer ---------------- The installer has been updated to include the fixes incorporated into oldstable by the point release. URLs ---- The complete lists of packages that have changed with this revision: https://deb.debian.org/debian/dists/bookworm/ChangeLog The current oldstable distribution: https://deb.debian.org/debian/dists/oldstable/ Proposed updates to the oldstable distribution: https://deb.debian.org/debian/dists/oldstable-proposed-updates oldstable distribution information (release notes, errata etc.): https://www.debian.org/releases/oldstable/ Security announcements and information: https://www.debian.org/security/ About Debian ------------ The Debian Project is an association of Free Software developers who volunteer their time and effort in order to produce the completely free operating system Debian. Contact Information ------------------- For further information, please visit the Debian web pages at https://www.debian.org/, send mail to <press@debian.org>, or contact the stable release team at <debian-release@lists.debian.org>.

No comments:

Updated Debian 13: 13.5 released

------------------------------------------------------------------------ The Debian Project https://www.debian.org/ Updated Debian 13: 13.5 released press@debian.org May 16th, 2026 https://www.debian.org/News/2026/20260516 ------------------------------------------------------------------------ The Debian project is pleased to announce the fifth update of its stable distribution Debian 13 (codename "trixie"). This point release mainly adds corrections for security issues, along with a few adjustments for serious problems. Security advisories have already been published separately and are referenced where available. Please note that the point release does not constitute a new version of Debian 13 but only updates some of the packages included. There is no need to throw away old "trixie" media. After installation, packages can be upgraded to the current versions using an up-to-date Debian mirror. Those who frequently install updates from security.debian.org won't have to update many packages, and most such updates are included in the point release. New installation images will be available soon at the regular locations. Upgrading an existing installation to this revision can be achieved by pointing the package management system at one of Debian's many HTTP mirrors. A comprehensive list of mirrors is available at: https://www.debian.org/mirror/list Miscellaneous Bugfixes ---------------------- This stable update adds a few important corrections to the following packages: +-----------------------+---------------------------------------------+ | Package | Reason | +-----------------------+---------------------------------------------+ | 389-ds-base [1] | Fix heap overflow issue [CVE-2025-14905] | | | | | 7zip [2] | Relax Breaks / Replaces versions to ease | | | upgrades from bookworm | | | | | apache2 [3] | New upstream stable release; fix use-after- | | | free issue [CVE-2026-23918]; fix privilege | | | escalation issue [CVE-2026-24072]; fix NULL | | | pointer dereference issues [CVE-2026-29169 | | | CVE-2026-33007]; fix authentication bypass | | | issue [CVE-2026-33006]; fix HTTP response | | | splitting issue [CVE-2026-33523]; fix out- | | | of-bounds read issues [CVE-2026-33857 | | | CVE-2026-34032]; fix buffer over-read issue | | | [CVE-2026-34059] | | | | | awstats [4] | Prevent command injection [CVE-2025-63261] | | | | | base-files [5] | Update for the point release | | | | | bash [6] | Rebuild with updated glibc | | | | | beads [7] | Rebuild with updated cimg | | | | | bepasty [8] | Fix loading pygments CSS | | | | | bglibs [9] | Rebuild with updated glibc | | | | | bird2 [10] | ASPA: Fix downstream validation; BGP: Fix | | | restart behavior on reconfiguration; | | | filters: Fix string attributes; logging: | | | Fix error handling | | | | | black [11] | Fix arbitrary file write issue [CVE-2026- | | | 32274] | | | | | bubblewrap [12] | Fix privilege escalation issue [CVE-2026- | | | 41163] | | | | | busybox [13] | Rebuild with updated glibc | | | | | calibre [14] | Fix path traversal issues [CVE-2026-25635 | | | CVE-2026-25636 CVE-2026-26064 CVE-2026- | | | 26065]; fix code execution issue [CVE-2026- | | | 25731]; fix HTTP response header injection | | | issue [CVE-2026-27810]; fix IP ban bypass | | | issue [CVE-2026-27824] | | | | | catatonit [15] | Rebuild with updated glibc | | | | | cdebootstrap [16] | Rebuild with updated glibc | | | | | chkrootkit [17] | Rebuild with updated glibc | | | | | cimg [18] | Fix overflow issue [CVE-2026-42144]; fix | | | out of memory issue with crafted files | | | [CVE-2026-42146] | | | | | cockpit [19] | Fix code execution issue [CVE-2026-4631] | | | | | composer [20] | Fix command injection issues [CVE-2026- | | | 40261 CVE-2026-40176] | | | | | condor [21] | Rebuild with updated glibc | | | | | curl [22] | Fix server certificate verification issue | | | [CVE-2025-13034] | | | | | dar [23] | Rebuild with updated glibc, libcap2, | | | openssl | | | | | debian-installer [24] | Bump linux ABI to 6.12.86+deb13 | | | | | debian-installer- | Rebuild against proposed-updates | | netboot-images [25] | | | | | | debmirror [26] | Add debmirror-specific User-Agent header | | | | | distribution-gpg- | Update included keys | | keys [27] | | | | | | distro-info-data [28] | Add Ubuntu 26.10 "Stonking Stingray" | | | | | distrobuilder [29] | Rebuild with updated incus | | | | | docker.io [30] | Rebuild with updated glibc | | | | | dovecot [31] | Fix memory leak in CVE-2026-27857 fix | | | | | e2fsprogs [32] | Rebuild with updated glibc | | | | | efibootguard [33] | Rebuild against gnu-efi with #1086705 fixed | | | | | ejabberd [34] | Ignore certificate purpose for incoming s2s | | | connections | | | | | ejabberd-contrib [35] | Rebuild with updated ejabberd | | | | | epics-base [36] | Skip failing build-time test | | | | | erlang [37] | Fix path traversal issues [CVE-2026-21620 | | | CVE-2026-23942[; fix HTTP request smuggling | | | issue [CVE-2026-23941]; fix denial of | | | service issue [CVE-2026-23943] | | | | | erlang-p1-tls [38] | Accept client certificates without | | | sslpurpose flag | | | | | exim4 [39] | Fix GnuTLS hostname verify of a server | | | certificate with a zero-length Subject; fix | | | denial of service issue [CVE-2026-40684]; | | | fix out-of-bounds read/write issues | | | [CVE-2026-40685 CVE-2026-40686 CVE-2026- | | | 40687] | | | | | feed2toot [40] | Ensure compatibility with Python 3.13 | | | | | firewalld [41] | Prevent local users from being able to | | | modify runtime firewall state without prior | | | authentication if the desktop policy is | | | active [CVE-2026-4948] | | | | | freerdp3 [42] | Fix issues with large certificates; fix | | | clipboard paste issue; fix segmentation | | | fault issue [CVE-2025-4478]; fix use-after- | | | free issues [CVE-2026-22851 CVE-2026-22856 | | | CVE-2026-22857 CVE-2026-23883 CVE-2026- | | | 23884 CVE-2026-24491 CVE-2026-24675 | | | CVE-2026-24676 CVE-2026-24678 CVE-2026- | | | 24680 CVE-2026-24681 CVE-2026-24683 | | | CVE-2026-24684 CVE-2026-25952 CVE-2026- | | | 25953 CVE-2026-25954 CVE-2026-25955 | | | CVE-2026-25959 CVE-2026-25997 CVE-2026- | | | 26986]; fix buffer overflow issues | | | [CVE-2026-22852 CVE-2026-22853 CVE-2026- | | | 22854 CVE-2026-23530 CVE-2026-23531 | | | CVE-2026-23532 CVE-2026-23533 CVE-2026- | | | 23534 CVE-2026-23732]; fix out-of-bounds | | | read issues [CVE-2026-22855 CVE-2026-22859 | | | CVE-2026-24677 CVE-2026-24679 CVE-2026- | | | 24682 CVE-2026-25941 CVE-2026-25942]; fix | | | buffer underflow issues [CVE-2026-22858 | | | CVE-2026-26955]; fix null pointer | | | dereference issue [CVE-2026-23948]; fix | | | buffer over-read issue [CVE-2026-26271; fix | | | out-of-bounds write issue [CVE-2026-26965]; | | | fix denial of service issue [CVE-2026- | | | 27015]; fix buffer overflow issues | | | [CVE-2026-29774 CVE-2026-31806 CVE-2026- | | | 31883 CVE-2026-33982 CVE-2026-33984]; fix | | | out-of-bounds read/write issues [CVE-2026- | | | 29775 CVE-2026-31885 CVE-2026-31897 | | | CVE-2026-33986 CVE-2026-33987]; fix integer | | | underflow issue [CVE-2026-29776]; fix | | | denial of service issues [CVE-2026-31884 | | | CVE-2026-33952 CVE-2026-33977 CVE-2026- | | | 33983]; fix data leak issue [CVE-2026- | | | 33985]; fix double free issue [CVE-2026- | | | 33995]; fix path traversal issue [CVE-2026- | | | 40254] | | | | | fwupd [43] | Thunderbolt: Fix deploying the thunderbolt | | | controller on the X280 | | | | | git-lfs [44] | Fix arbitrary file write issue [CVE-2025- | | | 26625] | | | | | glance [45] | Fix server-side request forgery issue | | | [CVE-2026-34881]; fix build failure | | | | | glib2.0 [46] | Fix timezone handling with Debian & | | | Ubuntu's symlinks; fix missing input | | | validation in g_buffered_input_stream_peek | | | [CVE-2026-0988]; fix integer overflow in | | | base64 encoding [CVE-2026-1484]; fix buffer | | | underflow issue in content type parsing | | | [CVE-2026-1485]; fix integer overflow in | | | unicode conversion [CVE-2026-1489] | | | | | glibc [47] | Fix incorrect handling of DNS responses | | | [CVE-2026-4437]; fix return of invalid DNS | | | hostnames [CVE-2026-4438]; fix assertion | | | failure [CVE-2026-4046]; fix a null pointer | | | dereference in the | | | nss_database_check_reload_and_get function; | | | fix invalid pointer arithmetic in | | | ANSI_X3.110 iconv module; various test | | | suite fixes | | | | | gnupg2 [48] | Rebuild with updated glibc | | | | | gnutls28 [49] | Preserve extension order across client | | | Hello retry | | | | | grub-efi-amd64- | Fix an illegal instruction on riscv64 | | signed [50] | | | | | | grub-efi-arm64- | Fix an illegal instruction on riscv64 | | signed [51] | | | | | | grub-efi-ia32- | Fix an illegal instruction on riscv64 | | signed [52] | | | | | | grub2 [53] | Fix an illegal instruction on riscv64 | | | | | gvfs [54] | Use control connection address for PASV | | | data [CVE-2026-28295]; reject paths | | | containing CR/LF characters [CVE-2026- | | | 28296] | | | | | harfbuzz [55] | Fix NULL pointer dereference issue | | | [CVE-2026-22693] | | | | | heimdal [56] | Fix memory leak in heimdal-clients; add | | | build dependency on libcrypt-dev | | | | | initramfs-tools [57] | Include Cadence driver, fixing failure to | | | boot from USB storage on boards using | | | Starfive SoC; unmkinitramfs: Accept lower- | | | case hex digits in cpio headers, fixing | | | compatibility with some other tools | | | | | integrit [58] | Rebuild with updated glibc | | | | | jpeg-xl [59] | Fix uninitialised memory read issues | | | [CVE-2025-12474 CVE-2026-1837]; fix cross | | | build failure; fix "nojava" build | | | profile; fix build on big-endian | | | architectures | | | | | jq [60] | Fix buffer overflow issue [CVE-2026-32316]; | | | fix denial of service issues [CVE-2026- | | | 33947 CVE-2026-39956]; fix validation | | | bypass issue [CVE-2026-33948]; fix out-of- | | | bounds read issue [CVE-2026-39979]; fix use | | | of hardcoded seed [CVE-2026-40164] | | | | | kissfft [61] | Fix integer overflow issues [CVE-2025-34297 | | | CVE-2026-41445] | | | | | kpackage [62] | Skip unreliable build-time test | | | | | lemonldap-ng [63] | OIDC: don't ignore non default signature | | | algorithm; OIDC: register Front-Channel- | | | Logout URL; really hide passwords in | | | session-explorer when stored in session; | | | update documentation to avoid using | | | unsecured Nginx variable | | | | | libarchive [64] | Fix out-of-bounds read issues [CVE-2025- | | | 5918 CVE-2026-4424]; fix denial of service | | | issues [CVE-2026-4111 CVE-2026-4426]; fix | | | possible code execution issue [CVE-2026- | | | 5121] | | | | | libcap2 [65] | Fix time of check / time of use issue | | | [CVE-2026-4878] | | | | | libcdio [66] | Fix buffer overflow issue [CVE-2024-36600] | | | | | libcoap3 [67] | Fix out-of-bounds read issue [CVE-2026- | | | 29013]; fix buffer overflow issue | | | [CVE-2025-34468] | | | | | libcryptx-perl [68] | Fix "Crypt::PK key generation is not fork | | | safe and will generate identical | | | keys" [CVE-2026-41564] | | | | | libdatetime-timezone- | Update to database 2026a; update included | | perl [69] | timezone data | | | | | libexif [70] | Fix integer underflow issues [CVE-2026- | | | 40386 CVE-2026-32775]; fix integer overflow | | | issue [CVE-2026-40385] | | | | | libfinance-quote- | Fix date in quotes retrieved from XETRA | | perl [71] | source | | | | | libnet-cidr-lite- | Fix ACL bypass issues [CVE-2026-40198 | | perl [72] | CVE-2026-40199] | | | | | libreoffice- | Add dependency on dvipng/dvisvgm | | texmaths [73] | | | | | | libtext-csv-xs- | Fix stack corruption issue [CVE-2026-7111] | | perl [74] | | | | | | libvncserver [75] | Fix out of bounds read issue [CVE-2026- | | | 32853]; fix NULL pointer dereference issue | | | [CVE-2026-32854] | | | | | libxml-security- | Fix private key disclosure issue [CVE-2023- | | java [76] | 44483] | | | | | libxslt [77] | Fix deterministic generate-id() regression | | | causing build failures in other packages | | | | | lxc [78] | Fix authorisation bypass issue [CVE-2026- | | | 39402] | | | | | mailman-suite [79] | Add django.contrib.humanize to recommended | | | apps in sample config | | | | | mapserver [80] | Fix buffer overflow issue [CVE-2026-33721] | | | | | mksh [81] | Rebuild with updated musl | | | | | modsecurity-crs [82] | Fix file extension blocking bypass issue | | | [CVE-2026-33691] | | | | | mongo-c-driver [83] | Fix insufficient validation issues | | | [CVE-2025-14911 CVE-2026-6231]; fix denial | | | of service issue [CVE-2026-4359]; fix | | | buffer overflow issue [CVE-2026-6691]; | | | improve handling of corrupt GridFS files | | | | | mumble [84] | Fix Opus buffer overrun leading to crash | | | | | musl [85] | Fix denial of service issue [CVE-2026- | | | 6042]; fix stack corruption issue | | | [CVE-2026-40200] | | | | | nano [86] | Fix overly broad permissions issue | | | [CVE-2026-6842]; fix format string issue | | | [CVE-2026-6843] | | | | | nautilus-wipe [87] | Remove Multi-Arch: same | | | | | netatalk [88] | Fix authentication in complex AD | | | environments | | | | | nginx [89] | Fix buffer overflow issues [CVE-2026-27654 | | | CVE-2026-27784 CVE-2026-32647]; fix session | | | authentication issues [CVE-2026-27651 | | | CVE-2026-28753]; fix OCSP result bypass | | | issue [CVE-2026-28755]; use "$host" | | | instead of "$http_host" | | | | | node-flatted [90] | Fix prototype pollution issue [CVE-2026- | | | 33228] | | | | | node-node-rsa [91] | Fix builds with OpenSSL 3 | | | | | node-tar [92] | Properly sanitize absolute linkpaths | | | [CVE-2026-23745]; normalize out unicode | | | ligatures [CVE-2026-23950]; properly | | | sanitize hard links containing | | | '..' [CVE-2026-24842]; prevent hardlinking | | | to files outside the extraction root | | | [CVE-2026-26960]; strip leading '/' before | | | sanitizing '..' [CVE-2026-29786]; prevent | | | escaping symlinks with drive-relative paths | | | [CVE-2026-31802] | | | | | numba [93] | Conditionally skip tests requiring more | | | CPUs than available | | | | | openssh [94] | Ensure scp does not unexpectedly make | | | transferred files setuid or setgid | | | [CVE-2026-35385]; fix command execution | | | issue [CVE-2026-35386]; fix incomplete | | | application of PubkeyAcceptedAlgorithms and | | | HostbasedAcceptedAlgorithms with regard to | | | ECDSA keys [CVE-2026-35387]; use connection | | | multiplexing confirmation for proxy-mode | | | multiplexing sessions [CVE-2026-35388]; fix | | | handling of the authorized_keys | | | "principals" option [CVE-2026-35414]; | | | validate user and host names for | | | ProxyJump/-J options passed via the command | | | line; IPQoS handling improvements; don't | | | reuse c->isatty for signalling that the | | | remote channel has a tty attached | | | | | openssl [95] | New upstream stable release | | | | | orca [96] | Remove lightdm wrapper on package removal | | | | | osdlyrics [97] | Add missing runtime dependency python3- | | | pycurl; rebuild in a clean environment | | | | | pgbouncer [98] | Fix integer overflow issue [CVE-2026-6664]; | | | fix stack overflow issues [CVE-2026-6665]; | | | fix NULL pointer dereference issue | | | [CVE-2026-6666]; fix missing authorization | | | check [CVE-2026-6667] | | | | | phosh [99] | Cell-broadcast-prompt: close dialog on | | | swipe; strip whitespace; wifi-network: | | | don't unconditionally overwrite active | | | access point; don't set active indicator | | | visible | | | | | php-league- | Fix DisallowedRawHtml bypass via newline/ | | commonmark [100] | tab in tag names [CVE-2026-30838]; fix | | | DomainFilteringAdapter hostname boundary | | | bypass [CVE-2026-33347] | | | | | php-phpseclib [101] | Fix denial of service issue [CVE-2024- | | | 27355]; fix variable time comparison issue | | | [CVE-2026-40194] | | | | | php-phpseclib3 [102] | Fix denial of service issue [CVE-2024- | | | 27355]; fix variable time comparison issue | | | [CVE-2026-40194] | | | | | phpseclib [103] | Fix denial of service issue [CVE-2024- | | | 27355]; fix variable time comparison issue | | | [CVE-2026-40194] | | | | | proftpd-dfsg [104] | Fix SQL injection issue [CVE-2026-42167] | | | | | pymupdf [105] | Improve safety of 'pymupdf embed-extract' | | | when dealing with existing files [CVE-2026- | | | 3029] | | | | | python-authlib [106] | Fix cross-site request forgery issue | | | [CVE-2025-68158]; fix denial of service | | | issues [CVE-2025-62706 CVE-2025-61920]; fix | | | policy bypass issue [CVE-2025-59420] | | | | | python-bottle- | Fix compaibility with Python 3.11+ | | sqlite [107] | | | | | | python-certbot [108] | Re-use selected profile for renewals | | | | | python-ldap [109] | Fix insufficient escaping issue [CVE-2025- | | | 61911]; fix denial of service issue | | | [CVE-2025-61912] | | | | | python-mapbox- | Remove "Multi-Arch: same" annotation | | earcut [110] | | | | | | python-oslo.db [111] | Fix compatibility with newer mariadb | | | versions | | | | | python3-lxc [112] | Fix compatibility with Python 3.13 | | | | | python3.13 [113] | Fix header injection issues [CVE-2025-11468 | | | CVE-2025-15282 CVE-2026-0672 CVE-2026-0865 | | | CVE-2026-1299]; fix denial of service | | | issues [CVE-2025-12084 CVE-2025-13836 | | | CVE-2025-13837 CVE-2025-6069 CVE-2025-6075 | | | CVE-2025-8194]; fix incorrect parsing of | | | TarInfo header [CVE-2025-13462]; fix | | | insufficient validation in zipFile | | | [CVE-2025-8291]; fix missing sys.audit | | | invocation [CVE-2026-2297]; fix early halt | | | of base64 processing [CVE-2026-3446]; fix | | | validation bypass issue [CVE-2026-3644]; | | | fix stack overflow issue [CVE-2026-4224]; | | | fix insufficient validation issue | | | [CVE-2026-4519]; fix insufficient escaping | | | issue [CVE-2026-6019]; fix use-after-free | | | issue | | | | | qcoro [114] | Skip unreliable build-time tests | | | | | qemu [115] | Rebuild with updated glib2.0, glibc | | | | | qt6-base [116] | Fix data race issues | | | | | remmina [117] | Disable "phone home" functionality | | | | | request- | Fix builds of CKEditor when firefox is >= | | tracker5 [118] | 148 | | | | | rsync [119] | Fix symlink handling on the receiver; fix | | | use-after-free issue [CVE-2026-41035] | | | | | sash [120] | Rebuild with updated glibc | | | | | sed [121] | Fix time of check / time of use issue | | | [CVE-2026-5958] | | | | | snapd [122] | Rebuild with updated libcap2, glibc | | | | | starlet [123] | Fix HTTP request smuggling issue [CVE-2026- | | | 40561] | | | | | stayrtr [124] | Stop serving stale VRPs when the validator | | | is stuck; use Restart=on-abnormal instead | | | of on-abort | | | | | sudo [125] | Fix privilege escalation issue [CVE-2026- | | | 35535] | | | | | supermin [126] | Rebuild with updated musl | | | | | superqt [127] | Skip unreliable font metrics test | | | | | suricata [128] | Fix denial of service issues [CVE-2026- | | | 31932 CVE-2026-31933 CVE-2026-31935 | | | CVE-2026-31937] | | | | | swupdate [129] | Fix denial of service issue [CVE-2026- | | | 28525] | | | | | sylpheed [130] | Add link check to address [CVE-2021-37746] | | | | | systemd [131] | New upstream stable release; ensure /tmp | | | workaround does not override local unit/ | | | fstab; fix assert and freeze [CVE-2026- | | | 29111]; fix code execution issues | | | [CVE-2026-40225 CVE-2026-4105]; fix nspawn | | | escape-to-host issue [CVE-2026-40226] | | | | | systemd-boot-efi- | New upstream stable release; ensure /tmp | | amd64-signed [132] | workaround does not override local unit/ | | | fstab; fix assert and freeze [CVE-2026- | | | 29111]; fix code execution issues | | | [CVE-2026-40225 CVE-2026-4105]; fix nspawn | | | escape-to-host issue [CVE-2026-40226] | | | | | systemd-boot-efi- | New upstream stable release; ensure /tmp | | arm64-signed [133] | workaround does not override local unit/ | | | fstab; fix assert and freeze [CVE-2026- | | | 29111]; fix code execution issues | | | [CVE-2026-40225 CVE-2026-4105]; fix nspawn | | | escape-to-host issue [CVE-2026-40226] | | | | | tini [134] | Rebuild with updated glibc | | | | | tiv [135] | Rebuild with updated cimg | | | | | toil [136] | Conditionally skip build-time tests | | | requiring more CPUs than available | | | | | tripwire [137] | Rebuild with updated glibc | | | | | tsocks [138] | Rebuild with updated glibc | | | | | tzdata [139] | New upstream release; update data for | | | British Columbia | | | | | unbound [140] | Never try TLS to reach root nameservers | | | | | user-mode-linux [141] | Rebuild with updated linux | | | | | vips [142] | Fix buffer overflow issues [CVE-2026-2913 | | | CVE-2026-3147 CVE-2026-3281]; fix memory | | | corruption issue [CVE-2026-3145]; fix null | | | pointer dereference issue [CVE-2026-3146]; | | | fix out of bound read issues [CVE-2026-3282 | | | CVE-2026-3283]; fix integer overflow issue | | | [CVE-2026-3284] | | | | | xorg-server [143] | Fix buffer re-use issue [CVE-2026-33999]; | | | fix / improve bounds checking [CVE-2026- | | | 34000 CVE-2026-34003]; fix use after free | | | issue [CVE-2026-34001]; fix out-of-bounds | | | read issue [CVE-2026-34002] | | | | | zsh [144] | Rebuild with updated libcap2, glibc | | | | +-----------------------+---------------------------------------------+ 1: https://packages.debian.org/src:389-ds-base 2: https://packages.debian.org/src:7zip 3: https://packages.debian.org/src:apache2 4: https://packages.debian.org/src:awstats 5: https://packages.debian.org/src:base-files 6: https://packages.debian.org/src:bash 7: https://packages.debian.org/src:beads 8: https://packages.debian.org/src:bepasty 9: https://packages.debian.org/src:bglibs 10: https://packages.debian.org/src:bird2 11: https://packages.debian.org/src:black 12: https://packages.debian.org/src:bubblewrap 13: https://packages.debian.org/src:busybox 14: https://packages.debian.org/src:calibre 15: https://packages.debian.org/src:catatonit 16: https://packages.debian.org/src:cdebootstrap 17: https://packages.debian.org/src:chkrootkit 18: https://packages.debian.org/src:cimg 19: https://packages.debian.org/src:cockpit 20: https://packages.debian.org/src:composer 21: https://packages.debian.org/src:condor 22: https://packages.debian.org/src:curl 23: https://packages.debian.org/src:dar 24: https://packages.debian.org/src:debian-installer 25: https://packages.debian.org/src:debian-installer-netboot-images 26: https://packages.debian.org/src:debmirror 27: https://packages.debian.org/src:distribution-gpg-keys 28: https://packages.debian.org/src:distro-info-data 29: https://packages.debian.org/src:distrobuilder 30: https://packages.debian.org/src:docker.io 31: https://packages.debian.org/src:dovecot 32: https://packages.debian.org/src:e2fsprogs 33: https://packages.debian.org/src:efibootguard 34: https://packages.debian.org/src:ejabberd 35: https://packages.debian.org/src:ejabberd-contrib 36: https://packages.debian.org/src:epics-base 37: https://packages.debian.org/src:erlang 38: https://packages.debian.org/src:erlang-p1-tls 39: https://packages.debian.org/src:exim4 40: https://packages.debian.org/src:feed2toot 41: https://packages.debian.org/src:firewalld 42: https://packages.debian.org/src:freerdp3 43: https://packages.debian.org/src:fwupd 44: https://packages.debian.org/src:git-lfs 45: https://packages.debian.org/src:glance 46: https://packages.debian.org/src:glib2.0 47: https://packages.debian.org/src:glibc 48: https://packages.debian.org/src:gnupg2 49: https://packages.debian.org/src:gnutls28 50: https://packages.debian.org/src:grub-efi-amd64-signed 51: https://packages.debian.org/src:grub-efi-arm64-signed 52: https://packages.debian.org/src:grub-efi-ia32-signed 53: https://packages.debian.org/src:grub2 54: https://packages.debian.org/src:gvfs 55: https://packages.debian.org/src:harfbuzz 56: https://packages.debian.org/src:heimdal 57: https://packages.debian.org/src:initramfs-tools 58: https://packages.debian.org/src:integrit 59: https://packages.debian.org/src:jpeg-xl 60: https://packages.debian.org/src:jq 61: https://packages.debian.org/src:kissfft 62: https://packages.debian.org/src:kpackage 63: https://packages.debian.org/src:lemonldap-ng 64: https://packages.debian.org/src:libarchive 65: https://packages.debian.org/src:libcap2 66: https://packages.debian.org/src:libcdio 67: https://packages.debian.org/src:libcoap3 68: https://packages.debian.org/src:libcryptx-perl 69: https://packages.debian.org/src:libdatetime-timezone-perl 70: https://packages.debian.org/src:libexif 71: https://packages.debian.org/src:libfinance-quote-perl 72: https://packages.debian.org/src:libnet-cidr-lite-perl 73: https://packages.debian.org/src:libreoffice-texmaths 74: https://packages.debian.org/src:libtext-csv-xs-perl 75: https://packages.debian.org/src:libvncserver 76: https://packages.debian.org/src:libxml-security-java 77: https://packages.debian.org/src:libxslt 78: https://packages.debian.org/src:lxc 79: https://packages.debian.org/src:mailman-suite 80: https://packages.debian.org/src:mapserver 81: https://packages.debian.org/src:mksh 82: https://packages.debian.org/src:modsecurity-crs 83: https://packages.debian.org/src:mongo-c-driver 84: https://packages.debian.org/src:mumble 85: https://packages.debian.org/src:musl 86: https://packages.debian.org/src:nano 87: https://packages.debian.org/src:nautilus-wipe 88: https://packages.debian.org/src:netatalk 89: https://packages.debian.org/src:nginx 90: https://packages.debian.org/src:node-flatted 91: https://packages.debian.org/src:node-node-rsa 92: https://packages.debian.org/src:node-tar 93: https://packages.debian.org/src:numba 94: https://packages.debian.org/src:openssh 95: https://packages.debian.org/src:openssl 96: https://packages.debian.org/src:orca 97: https://packages.debian.org/src:osdlyrics 98: https://packages.debian.org/src:pgbouncer 99: https://packages.debian.org/src:phosh 100: https://packages.debian.org/src:php-league-commonmark 101: https://packages.debian.org/src:php-phpseclib 102: https://packages.debian.org/src:php-phpseclib3 103: https://packages.debian.org/src:phpseclib 104: https://packages.debian.org/src:proftpd-dfsg 105: https://packages.debian.org/src:pymupdf 106: https://packages.debian.org/src:python-authlib 107: https://packages.debian.org/src:python-bottle-sqlite 108: https://packages.debian.org/src:python-certbot 109: https://packages.debian.org/src:python-ldap 110: https://packages.debian.org/src:python-mapbox-earcut 111: https://packages.debian.org/src:python-oslo.db 112: https://packages.debian.org/src:python3-lxc 113: https://packages.debian.org/src:python3.13 114: https://packages.debian.org/src:qcoro 115: https://packages.debian.org/src:qemu 116: https://packages.debian.org/src:qt6-base 117: https://packages.debian.org/src:remmina 118: https://packages.debian.org/src:request-tracker5 119: https://packages.debian.org/src:rsync 120: https://packages.debian.org/src:sash 121: https://packages.debian.org/src:sed 122: https://packages.debian.org/src:snapd 123: https://packages.debian.org/src:starlet 124: https://packages.debian.org/src:stayrtr 125: https://packages.debian.org/src:sudo 126: https://packages.debian.org/src:supermin 127: https://packages.debian.org/src:superqt 128: https://packages.debian.org/src:suricata 129: https://packages.debian.org/src:swupdate 130: https://packages.debian.org/src:sylpheed 131: https://packages.debian.org/src:systemd 132: https://packages.debian.org/src:systemd-boot-efi-amd64-signed 133: https://packages.debian.org/src:systemd-boot-efi-arm64-signed 134: https://packages.debian.org/src:tini 135: https://packages.debian.org/src:tiv 136: https://packages.debian.org/src:toil 137: https://packages.debian.org/src:tripwire 138: https://packages.debian.org/src:tsocks 139: https://packages.debian.org/src:tzdata 140: https://packages.debian.org/src:unbound 141: https://packages.debian.org/src:user-mode-linux 142: https://packages.debian.org/src:vips 143: https://packages.debian.org/src:xorg-server 144: https://packages.debian.org/src:zsh Security Updates ---------------- This revision adds the following security updates to the stable release. The Security Team has already released an advisory for each of these updates: +----------------+---------------------------+ | Advisory ID | Package | +----------------+---------------------------+ | DSA-6088 [145] | php8.4 [146] | | | | | DSA-6158 [147] | imagemagick [148] | | | | | DSA-6160 [149] | netty [150] | | | | | DSA-6161 [151] | multipart [152] | | | | | DSA-6162 [153] | linux-signed-amd64 [154] | | | | | DSA-6162 [155] | linux-signed-arm64 [156] | | | | | DSA-6162 [157] | linux [158] | | | | | DSA-6164 [159] | chromium [160] | | | | | DSA-6165 [161] | chromium [162] | | | | | DSA-6166 [163] | nodejs [164] | | | | | DSA-6167 [165] | gst-plugins-base1.0 [166] | | | | | DSA-6168 [167] | freetype [168] | | | | | DSA-6169 [169] | imagemagick [170] | | | | | DSA-6170 [171] | snapd [172] | | | | | DSA-6171 [173] | chromium [174] | | | | | DSA-6172 [175] | webkit2gtk [176] | | | | | DSA-6173 [177] | freeciv [178] | | | | | DSA-6174 [179] | spip [180] | | | | | DSA-6175 [181] | libyaml-syck-perl [182] | | | | | DSA-6176 [183] | strongswan [184] | | | | | DSA-6177 [185] | chromium [186] | | | | | DSA-6178 [187] | firefox-esr [188] | | | | | DSA-6179 [189] | thunderbird [190] | | | | | DSA-6180 [191] | ruby-rack [192] | | | | | DSA-6181 [193] | bind9 [194] | | | | | DSA-6182 [195] | libxml-parser-perl [196] | | | | | DSA-6183 [197] | nodejs [198] | | | | | DSA-6184 [199] | incus [200] | | | | | DSA-6185 [201] | phpseclib [202] | | | | | DSA-6186 [203] | php-phpseclib [204] | | | | | DSA-6187 [205] | php-phpseclib3 [206] | | | | | DSA-6188 [207] | lxd [208] | | | | | DSA-6189 [209] | libpng1.6 [210] | | | | | DSA-6190 [211] | gst-plugins-bad1.0 [212] | | | | | DSA-6191 [213] | gst-plugins-ugly1.0 [214] | | | | | DSA-6192 [215] | chromium [216] | | | | | DSA-6193 [217] | inetutils [218] | | | | | DSA-6194 [219] | pyasn1 [220] | | | | | DSA-6195 [221] | python-tornado [222] | | | | | DSA-6196 [223] | roundcube [224] | | | | | DSA-6197 [225] | dovecot [226] | | | | | DSA-6198 [227] | valkey [228] | | | | | DSA-6200 [229] | tor [230] | | | | | DSA-6201 [231] | openssl [232] | | | | | DSA-6202 [233] | firefox-esr [234] | | | | | DSA-6203 [235] | tiff [236] | | | | | DSA-6204 [237] | openssh [238] | | | | | DSA-6205 [239] | chromium [240] | | | | | DSA-6206 [241] | gdk-pixbuf [242] | | | | | DSA-6207 [243] | flatpak [244] | | | | | DSA-6208 [245] | mediawiki [246] | | | | | DSA-6209 [247] | xdg-dbus-proxy [248] | | | | | DSA-6211 [249] | thunderbird [250] | | | | | DSA-6212 [251] | incus [252] | | | | | DSA-6213 [253] | lxd [254] | | | | | DSA-6214 [255] | chromium [256] | | | | | DSA-6215 [257] | gimp [258] | | | | | DSA-6216 [259] | opam [260] | | | | | DSA-6217 [261] | luanti [262] | | | | | DSA-6218 [263] | mupdf [264] | | | | | DSA-6219 [265] | pillow [266] | | | | | DSA-6220 [267] | simpleeval [268] | | | | | DSA-6221 [269] | ntfs-3g [270] | | | | | DSA-6222 [271] | ngtcp2 [272] | | | | | DSA-6225 [273] | firefox-esr [274] | | | | | DSA-6226 [275] | packagekit [276] | | | | | DSA-6227 [277] | strongswan [278] | | | | | DSA-6228 [279] | cpp-httplib [280] | | | | | DSA-6229 [281] | thunderbird [282] | | | | | DSA-6230 [283] | chromium [284] | | | | | DSA-6231 [285] | jtreg7 [286] | | | | | DSA-6231 [287] | openjdk-21 [288] | | | | | DSA-6232 [289] | webkit2gtk [290] | | | | | DSA-6233 [291] | pdns [292] | | | | | DSA-6234 [293] | pdns-recursor [294] | | | | | DSA-6235 [295] | dnsdist [296] | | | | | DSA-6236 [297] | firefox-esr [298] | | | | | DSA-6238 [299] | linux-signed-amd64 [300] | | | | | DSA-6238 [301] | linux-signed-arm64 [302] | | | | | DSA-6238 [303] | linux [304] | | | | | DSA-6239 [305] | chromium [306] | | | | | DSA-6240 [307] | imagemagick [308] | | | | | DSA-6241 [309] | python-aiohttp [310] | | | | | DSA-6242 [311] | thunderbird [312] | | | | | DSA-6244 [313] | incus [314] | | | | | DSA-6246 [315] | openjdk-25 [316] | | | | | DSA-6247 [317] | lxd [318] | | | | | DSA-6248 [319] | apache2 [320] | | | | | DSA-6249 [321] | wireshark [322] | | | | | DSA-6251 [323] | libreoffice [324] | | | | | DSA-6252 [325] | prosody [326] | | | | | DSA-6253 [327] | linux-signed-amd64 [328] | | | | | DSA-6253 [329] | linux-signed-arm64 [330] | | | | | DSA-6253 [331] | linux [332] | | | | | DSA-6254 [333] | firefox-esr [334] | | | | | DSA-6257 [335] | postorius [336] | | | | | DSA-6259 [337] | pyjwt [338] | | | | | DSA-6260 [339] | tor [340] | | | | | DSA-6261 [341] | corosync [342] | | | | | DSA-6262 [343] | lcms2 [344] | | | | | DSA-6263 [345] | libpng1.6 [346] | | | | | DSA-6264 [347] | dnsmasq [348] | | | | | DSA-6265 [349] | exim4 [350] | | | | +----------------+---------------------------+ 145: https://www.debian.org/security/2025/dsa-6088 146: https://packages.debian.org/src:php8.4 147: https://www.debian.org/security/2026/dsa-6158 148: https://packages.debian.org/src:imagemagick 149: https://www.debian.org/security/2026/dsa-6160 150: https://packages.debian.org/src:netty 151: https://www.debian.org/security/2026/dsa-6161 152: https://packages.debian.org/src:multipart 153: https://www.debian.org/security/2026/dsa-6162 154: https://packages.debian.org/src:linux-signed-amd64 155: https://www.debian.org/security/2026/dsa-6162 156: https://packages.debian.org/src:linux-signed-arm64 157: https://www.debian.org/security/2026/dsa-6162 158: https://packages.debian.org/src:linux 159: https://www.debian.org/security/2026/dsa-6164 160: https://packages.debian.org/src:chromium 161: https://www.debian.org/security/2026/dsa-6165 162: https://packages.debian.org/src:chromium 163: https://www.debian.org/security/2026/dsa-6166 164: https://packages.debian.org/src:nodejs 165: https://www.debian.org/security/2026/dsa-6167 166: https://packages.debian.org/src:gst-plugins-base1.0 167: https://www.debian.org/security/2026/dsa-6168 168: https://packages.debian.org/src:freetype 169: https://www.debian.org/security/2026/dsa-6169 170: https://packages.debian.org/src:imagemagick 171: https://www.debian.org/security/2026/dsa-6170 172: https://packages.debian.org/src:snapd 173: https://www.debian.org/security/2026/dsa-6171 174: https://packages.debian.org/src:chromium 175: https://www.debian.org/security/2026/dsa-6172 176: https://packages.debian.org/src:webkit2gtk 177: https://www.debian.org/security/2026/dsa-6173 178: https://packages.debian.org/src:freeciv 179: https://www.debian.org/security/2026/dsa-6174 180: https://packages.debian.org/src:spip 181: https://www.debian.org/security/2026/dsa-6175 182: https://packages.debian.org/src:libyaml-syck-perl 183: https://www.debian.org/security/2026/dsa-6176 184: https://packages.debian.org/src:strongswan 185: https://www.debian.org/security/2026/dsa-6177 186: https://packages.debian.org/src:chromium 187: https://www.debian.org/security/2026/dsa-6178 188: https://packages.debian.org/src:firefox-esr 189: https://www.debian.org/security/2026/dsa-6179 190: https://packages.debian.org/src:thunderbird 191: https://www.debian.org/security/2026/dsa-6180 192: https://packages.debian.org/src:ruby-rack 193: https://www.debian.org/security/2026/dsa-6181 194: https://packages.debian.org/src:bind9 195: https://www.debian.org/security/2026/dsa-6182 196: https://packages.debian.org/src:libxml-parser-perl 197: https://www.debian.org/security/2026/dsa-6183 198: https://packages.debian.org/src:nodejs 199: https://www.debian.org/security/2026/dsa-6184 200: https://packages.debian.org/src:incus 201: https://www.debian.org/security/2026/dsa-6185 202: https://packages.debian.org/src:phpseclib 203: https://www.debian.org/security/2026/dsa-6186 204: https://packages.debian.org/src:php-phpseclib 205: https://www.debian.org/security/2026/dsa-6187 206: https://packages.debian.org/src:php-phpseclib3 207: https://www.debian.org/security/2026/dsa-6188 208: https://packages.debian.org/src:lxd 209: https://www.debian.org/security/2026/dsa-6189 210: https://packages.debian.org/src:libpng1.6 211: https://www.debian.org/security/2026/dsa-6190 212: https://packages.debian.org/src:gst-plugins-bad1.0 213: https://www.debian.org/security/2026/dsa-6191 214: https://packages.debian.org/src:gst-plugins-ugly1.0 215: https://www.debian.org/security/2026/dsa-6192 216: https://packages.debian.org/src:chromium 217: https://www.debian.org/security/2026/dsa-6193 218: https://packages.debian.org/src:inetutils 219: https://www.debian.org/security/2026/dsa-6194 220: https://packages.debian.org/src:pyasn1 221: https://www.debian.org/security/2026/dsa-6195 222: https://packages.debian.org/src:python-tornado 223: https://www.debian.org/security/2026/dsa-6196 224: https://packages.debian.org/src:roundcube 225: https://www.debian.org/security/2026/dsa-6197 226: https://packages.debian.org/src:dovecot 227: https://www.debian.org/security/2026/dsa-6198 228: https://packages.debian.org/src:valkey 229: https://www.debian.org/security/2026/dsa-6200 230: https://packages.debian.org/src:tor 231: https://www.debian.org/security/2026/dsa-6201 232: https://packages.debian.org/src:openssl 233: https://www.debian.org/security/2026/dsa-6202 234: https://packages.debian.org/src:firefox-esr 235: https://www.debian.org/security/2026/dsa-6203 236: https://packages.debian.org/src:tiff 237: https://www.debian.org/security/2026/dsa-6204 238: https://packages.debian.org/src:openssh 239: https://www.debian.org/security/2026/dsa-6205 240: https://packages.debian.org/src:chromium 241: https://www.debian.org/security/2026/dsa-6206 242: https://packages.debian.org/src:gdk-pixbuf 243: https://www.debian.org/security/2026/dsa-6207 244: https://packages.debian.org/src:flatpak 245: https://www.debian.org/security/2026/dsa-6208 246: https://packages.debian.org/src:mediawiki 247: https://www.debian.org/security/2026/dsa-6209 248: https://packages.debian.org/src:xdg-dbus-proxy 249: https://www.debian.org/security/2026/dsa-6211 250: https://packages.debian.org/src:thunderbird 251: https://www.debian.org/security/2026/dsa-6212 252: https://packages.debian.org/src:incus 253: https://www.debian.org/security/2026/dsa-6213 254: https://packages.debian.org/src:lxd 255: https://www.debian.org/security/2026/dsa-6214 256: https://packages.debian.org/src:chromium 257: https://www.debian.org/security/2026/dsa-6215 258: https://packages.debian.org/src:gimp 259: https://www.debian.org/security/2026/dsa-6216 260: https://packages.debian.org/src:opam 261: https://www.debian.org/security/2026/dsa-6217 262: https://packages.debian.org/src:luanti 263: https://www.debian.org/security/2026/dsa-6218 264: https://packages.debian.org/src:mupdf 265: https://www.debian.org/security/2026/dsa-6219 266: https://packages.debian.org/src:pillow 267: https://www.debian.org/security/2026/dsa-6220 268: https://packages.debian.org/src:simpleeval 269: https://www.debian.org/security/2026/dsa-6221 270: https://packages.debian.org/src:ntfs-3g 271: https://www.debian.org/security/2026/dsa-6222 272: https://packages.debian.org/src:ngtcp2 273: https://www.debian.org/security/2026/dsa-6225 274: https://packages.debian.org/src:firefox-esr 275: https://www.debian.org/security/2026/dsa-6226 276: https://packages.debian.org/src:packagekit 277: https://www.debian.org/security/2026/dsa-6227 278: https://packages.debian.org/src:strongswan 279: https://www.debian.org/security/2026/dsa-6228 280: https://packages.debian.org/src:cpp-httplib 281: https://www.debian.org/security/2026/dsa-6229 282: https://packages.debian.org/src:thunderbird 283: https://www.debian.org/security/2026/dsa-6230 284: https://packages.debian.org/src:chromium 285: https://www.debian.org/security/2026/dsa-6231 286: https://packages.debian.org/src:jtreg7 287: https://www.debian.org/security/2026/dsa-6231 288: https://packages.debian.org/src:openjdk-21 289: https://www.debian.org/security/2026/dsa-6232 290: https://packages.debian.org/src:webkit2gtk 291: https://www.debian.org/security/2026/dsa-6233 292: https://packages.debian.org/src:pdns 293: https://www.debian.org/security/2026/dsa-6234 294: https://packages.debian.org/src:pdns-recursor 295: https://www.debian.org/security/2026/dsa-6235 296: https://packages.debian.org/src:dnsdist 297: https://www.debian.org/security/2026/dsa-6236 298: https://packages.debian.org/src:firefox-esr 299: https://www.debian.org/security/2026/dsa-6238 300: https://packages.debian.org/src:linux-signed-amd64 301: https://www.debian.org/security/2026/dsa-6238 302: https://packages.debian.org/src:linux-signed-arm64 303: https://www.debian.org/security/2026/dsa-6238 304: https://packages.debian.org/src:linux 305: https://www.debian.org/security/2026/dsa-6239 306: https://packages.debian.org/src:chromium 307: https://www.debian.org/security/2026/dsa-6240 308: https://packages.debian.org/src:imagemagick 309: https://www.debian.org/security/2026/dsa-6241 310: https://packages.debian.org/src:python-aiohttp 311: https://www.debian.org/security/2026/dsa-6242 312: https://packages.debian.org/src:thunderbird 313: https://www.debian.org/security/2026/dsa-6244 314: https://packages.debian.org/src:incus 315: https://www.debian.org/security/2026/dsa-6246 316: https://packages.debian.org/src:openjdk-25 317: https://www.debian.org/security/2026/dsa-6247 318: https://packages.debian.org/src:lxd 319: https://www.debian.org/security/2026/dsa-6248 320: https://packages.debian.org/src:apache2 321: https://www.debian.org/security/2026/dsa-6249 322: https://packages.debian.org/src:wireshark 323: https://www.debian.org/security/2026/dsa-6251 324: https://packages.debian.org/src:libreoffice 325: https://www.debian.org/security/2026/dsa-6252 326: https://packages.debian.org/src:prosody 327: https://www.debian.org/security/2026/dsa-6253 328: https://packages.debian.org/src:linux-signed-amd64 329: https://www.debian.org/security/2026/dsa-6253 330: https://packages.debian.org/src:linux-signed-arm64 331: https://www.debian.org/security/2026/dsa-6253 332: https://packages.debian.org/src:linux 333: https://www.debian.org/security/2026/dsa-6254 334: https://packages.debian.org/src:firefox-esr 335: https://www.debian.org/security/2026/dsa-6257 336: https://packages.debian.org/src:postorius 337: https://www.debian.org/security/2026/dsa-6259 338: https://packages.debian.org/src:pyjwt 339: https://www.debian.org/security/2026/dsa-6260 340: https://packages.debian.org/src:tor 341: https://www.debian.org/security/2026/dsa-6261 342: https://packages.debian.org/src:corosync 343: https://www.debian.org/security/2026/dsa-6262 344: https://packages.debian.org/src:lcms2 345: https://www.debian.org/security/2026/dsa-6263 346: https://packages.debian.org/src:libpng1.6 347: https://www.debian.org/security/2026/dsa-6264 348: https://packages.debian.org/src:dnsmasq 349: https://www.debian.org/security/2026/dsa-6265 350: https://packages.debian.org/src:exim4 Removed packages ---------------- The following packages were removed due to circumstances beyond our control: +------------------+-------------------------------+ | Package | Reason | +------------------+-------------------------------+ | dav4tbsync [351] | Superseded by Thunderbird 140 | | | | +------------------+-------------------------------+ 351: https://packages.debian.org/src:dav4tbsync Debian Installer ---------------- The installer has been updated to include the fixes incorporated into stable by the point release. URLs ---- The complete lists of packages that have changed with this revision: https://deb.debian.org/debian/dists/trixie/ChangeLog The current stable distribution: https://deb.debian.org/debian/dists/stable/ Proposed updates to the stable distribution: https://deb.debian.org/debian/dists/proposed-updates stable distribution information (release notes, errata etc.): https://www.debian.org/releases/stable/ Security announcements and information: https://www.debian.org/security/ About Debian ------------ The Debian Project is an association of Free Software developers who volunteer their time and effort in order to produce the completely free operating system Debian. Contact Information ------------------- For further information, please visit the Debian web pages at https://www.debian.org/, send mail to <press@debian.org>, or contact the stable release team at <debian-release@lists.debian.org>.

No comments:
Subscribe to: Posts (Atom)