Saturday, January 10, 2026

Updated Debian 12: 12.13 released

------------------------------------------------------------------------
The Debian Project https://www.debian.org/
Updated Debian 12: 12.13 released press@debian.org
January 10th, 2026 https://www.debian.org/News/2026/2026011002
------------------------------------------------------------------------


The Debian project is pleased to announce the thirteenth update of its
oldstable distribution Debian 12 (codename "bookworm"). This point
release mainly adds corrections for security issues, along with a few
adjustments for serious problems. Security advisories have already been
published separately and are referenced where available.

Please note that the point release does not constitute a new version of
Debian 12 but only updates some of the packages included. There is no
need to throw away old "bookworm" media. After installation, packages
can be upgraded to the current versions using an up-to-date Debian
mirror.

Those who frequently install updates from security.debian.org won't have
to update many packages, and most such updates are included in the point
release.

New installation images will be available soon at the regular locations.

Upgrading an existing installation to this revision can be achieved by
pointing the package management system at one of Debian's many HTTP
mirrors. A comprehensive list of mirrors is available at:

https://www.debian.org/mirror/list



Miscellaneous Bugfixes
----------------------

This oldstable update adds a few important corrections to the following
packages:

+--------------------------+------------------------------------------+
| Package | Reason |
+--------------------------+------------------------------------------+
| allow-html-temp [1] | New upstream version to support newer |
| | Thunderbird releases |
| | |
| angular.js [2] | Fix regular expression-based denial of |
| | service issues [CVE-2022-25844 CVE-2023- |
| | 26116 CVE-2023-26117 CVE-2023-26118]; |
| | fix restriction bypass issues [CVE-2024- |
| | 8372 CVE-2024-8373]; fix denial of |
| | service issue [CVE-2024-21490]; fix |
| | improper sanitization issues [CVE-2025- |
| | 0716 CVE-2025-2336] |
| | |
| apache2 [3] | New upstream stable release; fix integer |
| | overflow issue [CVE-2025-55753]; don't |
| | pass querystring to #exec directives |
| | [CVE-2025-58098]; fix improper parsing |
| | of environment variables [CVE-2025- |
| | 65082]; fix mod_userdir+suexec bypass |
| | issue [CVE-2025-66200] |
| | |
| base-files [4] | Update for the point release |
| | |
| bash [5] | Rebuild with updated glibc |
| | |
| btrfs-progs [6] | Device stats: fix printing wrong values |
| | in tabular output |
| | |
| busybox [7] | Rebuild with updated glibc |
| | |
| c-icap-modules [8] | Rebuild against libclamav12; disable |
| | clamav support on armel, mipsel and |
| | mips64el |
| | |
| calibre [9] | Fix code execution issue [CVE-2025- |
| | 64486] |
| | |
| cdebootstrap [10] | Rebuild with updated glibc |
| | |
| chkrootkit [11] | Rebuild with updated glibc |
| | |
| clamav [12] | New upstream long term support release |
| | |
| composer [13] | Fix ANSI sequence injection [CVE-2025- |
| | 67746] |
| | |
| cups-filters [14] | Fix TIFF parser bounds/validation issues |
| | [CVE-2025-57812]; clamp oversized PDF |
| | MediaBox-derived page size in |
| | pdftoraster [CVE-2025-64503]; avoid |
| | rastertopclx infinite loop and heap |
| | overflow on crafted raster input |
| | [CVE-2025-64524] |
| | |
| cyrus-imapd [15] | Rebuild against libclamav12; disable |
| | clamav support on armel, mipsel and |
| | mips64el |
| | |
| dar [16] | Rebuild with updated glibc |
| | |
| debian-installer [17] | Increase Linux kernel ABI to 6.1.0-42; |
| | rebuild against oldstable-proposed- |
| | updates |
| | |
| debian-installer- | Rebuild against oldstable-proposed- |
| netboot-images [18] | updates |
| | |
| debian-security- | Mark hdf5, libsoup2.4, libsoup3 and |
| support [19] | zabbix as receiving limited support; |
| | mark dnsdist, pdns, pdns-recursor as |
| | unsupported |
| | |
| distro-info-data [20] | Update bookworm EoL date; add Ubuntu |
| | 26.04 LTS "Resolute Raccoon" |
| | |
| docker.io [21] | Rebuild with updated containerd, glibc |
| | |
| dpdk [22] | New upstream stable release |
| | |
| e2guardian [23] | Disable clamav support on armel, mipsel |
| | and mips64el |
| | |
| freerdp2 [24] | New upstream release; fix multiple |
| | memory-safety vulnerabilities: integer |
| | overflow/underflow and out-of-bounds |
| | write in NSC, Clear, and GDI bitmap |
| | codecs [CVE-2024-22211 CVE-2024-32037 |
| | CVE-2024-32038 CVE-2024-32039 CVE-2024- |
| | 32040]; out-of-bounds reads in ZGFX, |
| | Planar, NCRUSH, Interleaved, and RFX |
| | codecs [CVE-2024-32041 CVE-2024-32457 |
| | CVE-2024-32458 CVE-2024-32459 CVE-2024- |
| | 32460]; invalid memory access in |
| | freerdp_peer_get_logon_info [CVE-2024- |
| | 32661]; bounds-check and overflow fixes; |
| | update for GCC 14 / FFmpeg 7 build |
| | compatibility |
| | |
| gcc-bpf [25] | Rebuild with updated glibc |
| | |
| gcc-or1k-elf [26] | Rebuild with updated glibc |
| | |
| gcc-riscv64-unknown- | Rebuild with updated glibc |
| elf [27] | |
| | |
| gcc-xtensa-lx106 [28] | Rebuild with updated glibc |
| | |
| gdk-pixbuf [29] | Fix buffer overflow issue [CVE-2025- |
| | 7345] |
| | |
| ghdl [30] | Rebuild with updated glibc |
| | |
| git [31] | Fix arbitrary file creation/truncation |
| | in gitk [CVE-2025-27613]; prevent |
| | arbitrary file overwrite in git-gui with |
| | crafted directory names [CVE-2025- |
| | 46835]; correct submodule path parsing |
| | with trailing CR [CVE-2025-48384]; |
| | validate bundle-uri to prevent protocol |
| | injection during clone [CVE-2025-48385] |
| | |
| glib2.0 [32] | Fix various integer overflow issues |
| | [CVE-2025-13601 CVE-2025-14087 CVE-2025- |
| | 14512] |
| | |
| gnupg2 [33] | Avoid potential downgrade to SHA1 in 3rd |
| | party key signatures; error out on |
| | unverified output for non-detached |
| | signatures; fix possible memory |
| | corruption in the armor parser |
| | [CVE-2025-68973]; do not use a default |
| | when asking for another output filename |
| | |
| golang-github- | Rebuild with updated containerd |
| containerd-stargz- | |
| snapshotter [34] | |
| | |
| golang-github- | Rebuild with updated containerd |
| containers-buildah [35] | |
| | |
| golang-github-openshift- | Rebuild with updated containerd |
| imagebuilder [36] | |
| | |
| imagemagick [37] | Fix denial of service issues [CVE-2025- |
| | 62594 CVE-2025-68618]; fix use-after- |
| | free issue [CVE-2025-65955]; fix integer |
| | overflow issues [CVE-2025-62171 |
| | CVE-2025-66628 CVE-2025-69204]; fix |
| | infinite loop issue [CVE-2025-68950] |
| | |
| intel-microcode [38] | Update Intel processor microcode to |
| | 20251111 |
| | |
| lemonldap-ng [39] | Fix sessions tablename when not default; |
| | fix oidc flow when user encountered an |
| | error on server side; fix Kerberos |
| | JavaScript when used with "Choice" ; |
| | improve CORS checking; fix path_info |
| | handling; fix shell injection issue |
| | [CVE-2025-59518]; hide session id from |
| | Ajax responses |
| | |
| libcap2 [40] | Rebuild with updated glibc |
| | |
| libclamunrar [41] | New upstream release, aligning with |
| | clamav 1.4.3 |
| | |
| libcommons-lang- | Fix uncontrolled recursion issue |
| java [42] | [CVE-2025-48924] |
| | |
| libcommons-lang3- | Fix uncontrolled recursion issue |
| java [43] | [CVE-2025-48924] |
| | |
| libhtp [44] | Fix denial of service issue via |
| | unbounded HTTP header processing |
| | [CVE-2024-23837 CVE-2024-45797] |
| | |
| libnginx-mod-http- | Fix HTTP HEAD request smuggling |
| lua [45] | [CVE-2024-33452] |
| | |
| libphp-adodb [46] | Fix SQL injection in sqlite and sqlite3 |
| | metadata lookups [CVE-2025-54119] |
| | |
| libpod [47] | Rebuild with updated containerd |
| | |
| libreoffice [48] | Set Bulgaria locale default currency to |
| | EUR |
| | |
| libssh [49] | Fix integer overflow issue [CVE-2025- |
| | 4877]; fix use of uninitialized variable |
| | [CVE-2025-4878]; fix out of bounds |
| | memory access issue [CVE-2025-5318]; fix |
| | double free issue [CVE-2025-5351]; fix |
| | use of uninitialized memory [CVE-2025- |
| | 5372 CVE-2025-5987]; fix null pointer |
| | dereference issue [CVE-2025-8114]; fix |
| | memory leak [CVE-2025-8277] |
| | |
| libxml2 [50] | Fix denial of service issue [CVE-2025- |
| | 9714] |
| | |
| libyaml-syck-perl [51] | Fix memory corruption leading to "str" |
| | value being set on empty keys |
| | |
| linux [52] | New upstream stable release |
| | |
| linux-signed-amd64 [53] | New upstream stable release |
| | |
| linux-signed-arm64 [54] | New upstream stable release |
| | |
| linux-signed-i386 [55] | New upstream stable release |
| | |
| log4cxx [56] | Fix improper escaping issues [CVE-2025- |
| | 54812 CVE-2025-54813] |
| | |
| luksmeta [57] | Fix data corruption issue with LUKS1 |
| | [CVE-2025-11568] |
| | |
| modsecurity-apache [58] | Fix request body error handling to |
| | propagate Apache filter/read failures |
| | correctly [CVE-2025-54571]; map request |
| | body read failures to appropriate HTTP |
| | status codes; simplify request body |
| | error propagation in mod_security2 |
| | |
| mongo-c-driver [59] | Avoid invalid memory reads [CVE-2025- |
| | 12119] |
| | |
| mydumper [60] | Fix arbitrary file read issue [CVE-2025- |
| | 30224] |
| | |
| nvidia-graphics- | New upstream bugfix release [CVE-2025- |
| drivers [61] | 23279 CVE-2025-23286] |
| | |
| nvidia-open-gpu-kernel- | New upstream bugfix release [CVE-2025- |
| modules [62] | 23279 CVE-2025-23286] |
| | |
| onetbb [63] | Fix build failure on single-CPU and CI |
| | environments by skipping problematic |
| | tests |
| | |
| open-vm-tools [64] | Disable SDMP service version collection |
| | by default to mitigate local privilege |
| | escalation [CVE-2025-41244] |
| | |
| openrefine [65] | Fix MySQL host parameter injection in |
| | JDBC URL parsing [CVE-2024-23833]; fix |
| | reflected XSS in gdata OAuth callback |
| | handler [CVE-2024-47878]; fix content- |
| | type confusion XSS in ExportRows |
| | endpoint [CVE-2024-47880]; prevent |
| | remote or extension loading via SQLite |
| | connection URL [CVE-2024-47881]; escape |
| | HTML in error stack traces [CVE-2024- |
| | 47882]; prevent path traversal in |
| | language file loading [CVE-2024-49760] |
| | |
| openssl [66] | New upstream stable release |
| | |
| pam [67] | Fix local privilege escalation in |
| | pam_namespace [CVE-2025-6020] |
| | |
| pg-snakeoil [68] | Rebuild against libclamav12 |
| | |
| pgbouncer [69] | Fix arbitary SQL execution issue |
| | [CVE-2025-12819]; fix expired password |
| | use issue [CVE-2025-2291] |
| | |
| postgresql-15 [70] | New upstream stable release; check for |
| | CREATE privileges on the schema in |
| | CREATE STATISTICS [CVE-2025-12817]; |
| | avoid integer overflow in allocation- |
| | size calculations within libpq |
| | [CVE-2025-12818] |
| | |
| qemu [71] | New upstream stable release; fix "qemu- |
| | img info https://example.com" ; fix |
| | migration of guests using virtio-net; |
| | fix use after free issue [CVE-2025- |
| | 11234] |
| | |
| qpwgraph [72] | Add missing dependency on libqt6svg6 |
| | |
| r-cran-gh [73] | Fix sensitive data leak issue [CVE-2025- |
| | 54956] |
| | |
| rear [74] | Prevent created initrd from being world- |
| | readable when GRUB_RESCUE=y [CVE-2024- |
| | 23301] |
| | |
| rescue [75] | Improve btrfs support |
| | |
| rlottie [76] | Fix outlying coordinate rejection in |
| | FreeType rasteriser [CVE-2025-0634 |
| | CVE-2025-53074 CVE-2025-53075] |
| | |
| rsync [77] | Improve test coverage for future |
| | updates; fix out-of-bounds read via |
| | negative array index in sender file list |
| | handling [CVE-2025-10158] |
| | |
| ruby-sinatra [78] | Fix regular expression-based denial of |
| | service issue [CVE-2025-61921] |
| | |
| samba [79] | Fix information leak issue [CVE-2018- |
| | 14628]; fix command injection issue |
| | [CVE-2025-10230]; fix uninitialized |
| | memory disclosure issue [CVE-2025-9640] |
| | |
| sash [80] | Rebuild with updated glibc |
| | |
| shadow [81] | Fix segmentation fault in groupmod |
| | |
| skeema [82] | Rebuild with updated containerd |
| | |
| snapd [83] | Rebuild with updated containerd |
| | |
| sogo [84] | Fix HTML injection issue [CVE-2023- |
| | 48104]; fix CSS injection issue |
| | [CVE-2024-24510]; fix cross-site |
| | scripting issues [CVE-2025-63498 |
| | CVE-2025-63499]; fix crash on invalid |
| | mailIdentities |
| | |
| squid [85] | Fix denial of service issue [CVE-2023- |
| | 46728]; fix mishandling of long SNMP |
| | OIDs in ASN.1 [CVE-2025-59362]; disable |
| | ESI feature support, fixing several |
| | issues [CVE-2024-45802]; remove Gopher |
| | support |
| | |
| sudo [86] | Enable Intel CET on amd64 only |
| | |
| supermin [87] | Rebuild with updated glibc |
| | |
| symfony [88] | Fix PATH_INFO parsing [CVE-2025-64500]; |
| | drop failing Finder testsuite data |
| | entries |
| | |
| syslog-ng [89] | Fix incorrect wildcard matching in |
| | certificate names [CVE-2024-47619] |
| | |
| tripwire [90] | Rebuild with updated glibc |
| | |
| u-boot [91] | Fix integer overflow issues [CVE-2024- |
| | 57254 CVE-2024-57255 CVE-2024-57256 |
| | CVE-2024-57258]; fix stack consumption |
| | issue [CVE-2024-57257]; fix heap |
| | corruption issue [CVE-2024-57259] |
| | |
| ublock-origin [92] | New upstream release; improve user |
| | experience and add new filter |
| | capabilities; fix denial of service |
| | issue [CVE-2025-4215] |
| | |
| unbound [93] | Fix denial of service issue [CVE-2024- |
| | 33655]; fix possible domain hijack issue |
| | [CVE-2025-11411]; fix "unbound-anchor |
| | cannot deal with full disk" ; fix |
| | potential amplification DDoS attacks; |
| | fix incorrect return of NODATA for some |
| | ANY queries |
| | |
| user-mode-linux [94] | Rebuild with updated linux |
| | |
| vtk9 [95] | Fix inability to read VTK XML files with |
| | appended data on newer expat |
| | |
| zsh [96] | Rebuild with updated glibc, libcap2 |
| | |
+--------------------------+------------------------------------------+

1: https://packages.debian.org/src:allow-html-temp
2: https://packages.debian.org/src:angular.js
3: https://packages.debian.org/src:apache2
4: https://packages.debian.org/src:base-files
5: https://packages.debian.org/src:bash
6: https://packages.debian.org/src:btrfs-progs
7: https://packages.debian.org/src:busybox
8: https://packages.debian.org/src:c-icap-modules
9: https://packages.debian.org/src:calibre
10: https://packages.debian.org/src:cdebootstrap
11: https://packages.debian.org/src:chkrootkit
12: https://packages.debian.org/src:clamav
13: https://packages.debian.org/src:composer
14: https://packages.debian.org/src:cups-filters
15: https://packages.debian.org/src:cyrus-imapd
16: https://packages.debian.org/src:dar
17: https://packages.debian.org/src:debian-installer
18: https://packages.debian.org/src:debian-installer-netboot-images
19: https://packages.debian.org/src:debian-security-support
20: https://packages.debian.org/src:distro-info-data
21: https://packages.debian.org/src:docker.io
22: https://packages.debian.org/src:dpdk
23: https://packages.debian.org/src:e2guardian
24: https://packages.debian.org/src:freerdp2
25: https://packages.debian.org/src:gcc-bpf
26: https://packages.debian.org/src:gcc-or1k-elf
27: https://packages.debian.org/src:gcc-riscv64-unknown-elf
28: https://packages.debian.org/src:gcc-xtensa-lx106
29: https://packages.debian.org/src:gdk-pixbuf
30: https://packages.debian.org/src:ghdl
31: https://packages.debian.org/src:git
32: https://packages.debian.org/src:glib2.0
33: https://packages.debian.org/src:gnupg2
34:
https://packages.debian.org/src:golang-github-containerd-stargz-snapshotter
35: https://packages.debian.org/src:golang-github-containers-buildah
36: https://packages.debian.org/src:golang-github-openshift-imagebuilder
37: https://packages.debian.org/src:imagemagick
38: https://packages.debian.org/src:intel-microcode
39: https://packages.debian.org/src:lemonldap-ng
40: https://packages.debian.org/src:libcap2
41: https://packages.debian.org/src:libclamunrar
42: https://packages.debian.org/src:libcommons-lang-java
43: https://packages.debian.org/src:libcommons-lang3-java
44: https://packages.debian.org/src:libhtp
45: https://packages.debian.org/src:libnginx-mod-http-lua
46: https://packages.debian.org/src:libphp-adodb
47: https://packages.debian.org/src:libpod
48: https://packages.debian.org/src:libreoffice
49: https://packages.debian.org/src:libssh
50: https://packages.debian.org/src:libxml2
51: https://packages.debian.org/src:libyaml-syck-perl
52: https://packages.debian.org/src:linux
53: https://packages.debian.org/src:linux-signed-amd64
54: https://packages.debian.org/src:linux-signed-arm64
55: https://packages.debian.org/src:linux-signed-i386
56: https://packages.debian.org/src:log4cxx
57: https://packages.debian.org/src:luksmeta
58: https://packages.debian.org/src:modsecurity-apache
59: https://packages.debian.org/src:mongo-c-driver
60: https://packages.debian.org/src:mydumper
61: https://packages.debian.org/src:nvidia-graphics-drivers
62: https://packages.debian.org/src:nvidia-open-gpu-kernel-modules
63: https://packages.debian.org/src:onetbb
64: https://packages.debian.org/src:open-vm-tools
65: https://packages.debian.org/src:openrefine
66: https://packages.debian.org/src:openssl
67: https://packages.debian.org/src:pam
68: https://packages.debian.org/src:pg-snakeoil
69: https://packages.debian.org/src:pgbouncer
70: https://packages.debian.org/src:postgresql-15
71: https://packages.debian.org/src:qemu
72: https://packages.debian.org/src:qpwgraph
73: https://packages.debian.org/src:r-cran-gh
74: https://packages.debian.org/src:rear
75: https://packages.debian.org/src:rescue
76: https://packages.debian.org/src:rlottie
77: https://packages.debian.org/src:rsync
78: https://packages.debian.org/src:ruby-sinatra
79: https://packages.debian.org/src:samba
80: https://packages.debian.org/src:sash
81: https://packages.debian.org/src:shadow
82: https://packages.debian.org/src:skeema
83: https://packages.debian.org/src:snapd
84: https://packages.debian.org/src:sogo
85: https://packages.debian.org/src:squid
86: https://packages.debian.org/src:sudo
87: https://packages.debian.org/src:supermin
88: https://packages.debian.org/src:symfony
89: https://packages.debian.org/src:syslog-ng
90: https://packages.debian.org/src:tripwire
91: https://packages.debian.org/src:u-boot
92: https://packages.debian.org/src:ublock-origin
93: https://packages.debian.org/src:unbound
94: https://packages.debian.org/src:user-mode-linux
95: https://packages.debian.org/src:vtk9
96: https://packages.debian.org/src:zsh

Security Updates
----------------

This revision adds the following security updates to the oldstable
release. The Security Team has already released an advisory for each of
these updates:

+----------------+------------------------------+
| Advisory ID | Package |
+----------------+------------------------------+
| DSA-5979 [97] | libxslt [98] |
| | |
| DSA-5993 [99] | chromium [100] |
| | |
| DSA-5994 [101] | shibboleth-sp [102] |
| | |
| DSA-5996 [103] | chromium [104] |
| | |
| DSA-5997 [105] | imagemagick [106] |
| | |
| DSA-5998 [107] | cups [108] |
| | |
| DSA-5999 [109] | libjson-xs-perl [110] |
| | |
| DSA-6000 [111] | libcpanel-json-xs-perl [112] |
| | |
| DSA-6001 [113] | cjson [114] |
| | |
| DSA-6002 [115] | node-sha.js [116] |
| | |
| DSA-6003 [117] | firefox-esr [118] |
| | |
| DSA-6004 [119] | chromium [120] |
| | |
| DSA-6005 [121] | jetty9 [122] |
| | |
| DSA-6009 [123] | linux-signed-amd64 [124] |
| | |
| DSA-6009 [125] | linux-signed-arm64 [126] |
| | |
| DSA-6009 [127] | linux-signed-i386 [128] |
| | |
| DSA-6009 [129] | linux [130] |
| | |
| DSA-6010 [131] | chromium [132] |
| | |
| DSA-6012 [133] | nncp [134] |
| | |
| DSA-6013 [135] | node-tar-fs [136] |
| | |
| DSA-6015 [137] | openssl [138] |
| | |
| DSA-6016 [139] | chromium [140] |
| | |
| DSA-6017 [141] | haproxy [142] |
| | |
| DSA-6018 [143] | gegl [144] |
| | |
| DSA-6020 [145] | redis [146] |
| | |
| DSA-6021 [147] | chromium [148] |
| | |
| DSA-6023 [149] | tiff [150] |
| | |
| DSA-6024 [151] | ghostscript [152] |
| | |
| DSA-6025 [153] | firefox-esr [154] |
| | |
| DSA-6026 [155] | chromium [156] |
| | |
| DSA-6028 [157] | lxd [158] |
| | |
| DSA-6029 [159] | ark [160] |
| | |
| DSA-6030 [161] | intel-microcode [162] |
| | |
| DSA-6031 [163] | request-tracker5 [164] |
| | |
| DSA-6032 [165] | request-tracker4 [166] |
| | |
| DSA-6033 [167] | bind9 [168] |
| | |
| DSA-6034 [169] | tryton-sao [170] |
| | |
| DSA-6035 [171] | python-internetarchive [172] |
| | |
| DSA-6036 [173] | chromium [174] |
| | |
| DSA-6038 [175] | openjdk-17 [176] |
| | |
| DSA-6040 [177] | thunderbird [178] |
| | |
| DSA-6041 [179] | strongswan [180] |
| | |
| DSA-6042 [181] | evolution [182] |
| | |
| DSA-6042 [183] | webkit2gtk [184] |
| | |
| DSA-6043 [185] | gimp [186] |
| | |
| DSA-6044 [187] | xorg-server [188] |
| | |
| DSA-6046 [189] | chromium [190] |
| | |
| DSA-6047 [191] | squid [192] |
| | |
| DSA-6048 [193] | ruby-rack [194] |
| | |
| DSA-6049 [195] | gimp [196] |
| | |
| DSA-6050 [197] | chromium [198] |
| | |
| DSA-6053 [199] | linux-signed-amd64 [200] |
| | |
| DSA-6053 [201] | linux-signed-arm64 [202] |
| | |
| DSA-6053 [203] | linux-signed-i386 [204] |
| | |
| DSA-6053 [205] | linux [206] |
| | |
| DSA-6054 [207] | firefox-esr [208] |
| | |
| DSA-6055 [209] | chromium [210] |
| | |
| DSA-6056 [211] | keystone [212] |
| | |
| DSA-6056 [213] | swift [214] |
| | |
| DSA-6057 [215] | lxd [216] |
| | |
| DSA-6058 [217] | lasso [218] |
| | |
| DSA-6059 [219] | thunderbird [220] |
| | |
| DSA-6060 [221] | chromium [222] |
| | |
| DSA-6061 [223] | tryton-sao [224] |
| | |
| DSA-6062 [225] | pdfminer [226] |
| | |
| DSA-6064 [227] | tryton-server [228] |
| | |
| DSA-6065 [229] | krita [230] |
| | |
| DSA-6067 [231] | containerd [232] |
| | |
| DSA-6068 [233] | xen [234] |
| | |
| DSA-6069 [235] | openvpn [236] |
| | |
| DSA-6070 [237] | webkit2gtk [238] |
| | |
| DSA-6072 [239] | chromium [240] |
| | |
| DSA-6074 [241] | webkit2gtk [242] |
| | |
| DSA-6075 [243] | wordpress [244] |
| | |
| DSA-6076 [245] | libpng1.6 [246] |
| | |
| DSA-6078 [247] | firefox-esr [248] |
| | |
| DSA-6079 [249] | ffmpeg [250] |
| | |
| DSA-6080 [251] | chromium [252] |
| | |
| DSA-6081 [253] | thunderbird [254] |
| | |
| DSA-6082 [255] | vlc [256] |
| | |
| DSA-6083 [257] | webkit2gtk [258] |
| | |
| DSA-6085 [259] | mediawiki [260] |
| | |
| DSA-6087 [261] | roundcube [262] |
| | |
| DSA-6089 [263] | chromium [264] |
| | |
| DSA-6090 [265] | rails [266] |
| | |
+----------------+------------------------------+

97: https://www.debian.org/security/2025/dsa-5979
98: https://packages.debian.org/src:libxslt
99: https://www.debian.org/security/2025/dsa-5993
100: https://packages.debian.org/src:chromium
101: https://www.debian.org/security/2025/dsa-5994
102: https://packages.debian.org/src:shibboleth-sp
103: https://www.debian.org/security/2025/dsa-5996
104: https://packages.debian.org/src:chromium
105: https://www.debian.org/security/2025/dsa-5997
106: https://packages.debian.org/src:imagemagick
107: https://www.debian.org/security/2025/dsa-5998
108: https://packages.debian.org/src:cups
109: https://www.debian.org/security/2025/dsa-5999
110: https://packages.debian.org/src:libjson-xs-perl
111: https://www.debian.org/security/2025/dsa-6000
112: https://packages.debian.org/src:libcpanel-json-xs-perl
113: https://www.debian.org/security/2025/dsa-6001
114: https://packages.debian.org/src:cjson
115: https://www.debian.org/security/2025/dsa-6002
116: https://packages.debian.org/src:node-sha.js
117: https://www.debian.org/security/2025/dsa-6003
118: https://packages.debian.org/src:firefox-esr
119: https://www.debian.org/security/2025/dsa-6004
120: https://packages.debian.org/src:chromium
121: https://www.debian.org/security/2025/dsa-6005
122: https://packages.debian.org/src:jetty9
123: https://www.debian.org/security/2025/dsa-6009
124: https://packages.debian.org/src:linux-signed-amd64
125: https://www.debian.org/security/2025/dsa-6009
126: https://packages.debian.org/src:linux-signed-arm64
127: https://www.debian.org/security/2025/dsa-6009
128: https://packages.debian.org/src:linux-signed-i386
129: https://www.debian.org/security/2025/dsa-6009
130: https://packages.debian.org/src:linux
131: https://www.debian.org/security/2025/dsa-6010
132: https://packages.debian.org/src:chromium
133: https://www.debian.org/security/2025/dsa-6012
134: https://packages.debian.org/src:nncp
135: https://www.debian.org/security/2025/dsa-6013
136: https://packages.debian.org/src:node-tar-fs
137: https://www.debian.org/security/2025/dsa-6015
138: https://packages.debian.org/src:openssl
139: https://www.debian.org/security/2025/dsa-6016
140: https://packages.debian.org/src:chromium
141: https://www.debian.org/security/2025/dsa-6017
142: https://packages.debian.org/src:haproxy
143: https://www.debian.org/security/2025/dsa-6018
144: https://packages.debian.org/src:gegl
145: https://www.debian.org/security/2025/dsa-6020
146: https://packages.debian.org/src:redis
147: https://www.debian.org/security/2025/dsa-6021
148: https://packages.debian.org/src:chromium
149: https://www.debian.org/security/2025/dsa-6023
150: https://packages.debian.org/src:tiff
151: https://www.debian.org/security/2025/dsa-6024
152: https://packages.debian.org/src:ghostscript
153: https://www.debian.org/security/2025/dsa-6025
154: https://packages.debian.org/src:firefox-esr
155: https://www.debian.org/security/2025/dsa-6026
156: https://packages.debian.org/src:chromium
157: https://www.debian.org/security/2025/dsa-6028
158: https://packages.debian.org/src:lxd
159: https://www.debian.org/security/2025/dsa-6029
160: https://packages.debian.org/src:ark
161: https://www.debian.org/security/2025/dsa-6030
162: https://packages.debian.org/src:intel-microcode
163: https://www.debian.org/security/2025/dsa-6031
164: https://packages.debian.org/src:request-tracker5
165: https://www.debian.org/security/2025/dsa-6032
166: https://packages.debian.org/src:request-tracker4
167: https://www.debian.org/security/2025/dsa-6033
168: https://packages.debian.org/src:bind9
169: https://www.debian.org/security/2025/dsa-6034
170: https://packages.debian.org/src:tryton-sao
171: https://www.debian.org/security/2025/dsa-6035
172: https://packages.debian.org/src:python-internetarchive
173: https://www.debian.org/security/2025/dsa-6036
174: https://packages.debian.org/src:chromium
175: https://www.debian.org/security/2025/dsa-6038
176: https://packages.debian.org/src:openjdk-17
177: https://www.debian.org/security/2025/dsa-6040
178: https://packages.debian.org/src:thunderbird
179: https://www.debian.org/security/2025/dsa-6041
180: https://packages.debian.org/src:strongswan
181: https://www.debian.org/security/2025/dsa-6042
182: https://packages.debian.org/src:evolution
183: https://www.debian.org/security/2025/dsa-6042
184: https://packages.debian.org/src:webkit2gtk
185: https://www.debian.org/security/2025/dsa-6043
186: https://packages.debian.org/src:gimp
187: https://www.debian.org/security/2025/dsa-6044
188: https://packages.debian.org/src:xorg-server
189: https://www.debian.org/security/2025/dsa-6046
190: https://packages.debian.org/src:chromium
191: https://www.debian.org/security/2025/dsa-6047
192: https://packages.debian.org/src:squid
193: https://www.debian.org/security/2025/dsa-6048
194: https://packages.debian.org/src:ruby-rack
195: https://www.debian.org/security/2025/dsa-6049
196: https://packages.debian.org/src:gimp
197: https://www.debian.org/security/2025/dsa-6050
198: https://packages.debian.org/src:chromium
199: https://www.debian.org/security/2025/dsa-6053
200: https://packages.debian.org/src:linux-signed-amd64
201: https://www.debian.org/security/2025/dsa-6053
202: https://packages.debian.org/src:linux-signed-arm64
203: https://www.debian.org/security/2025/dsa-6053
204: https://packages.debian.org/src:linux-signed-i386
205: https://www.debian.org/security/2025/dsa-6053
206: https://packages.debian.org/src:linux
207: https://www.debian.org/security/2025/dsa-6054
208: https://packages.debian.org/src:firefox-esr
209: https://www.debian.org/security/2025/dsa-6055
210: https://packages.debian.org/src:chromium
211: https://www.debian.org/security/2025/dsa-6056
212: https://packages.debian.org/src:keystone
213: https://www.debian.org/security/2025/dsa-6056
214: https://packages.debian.org/src:swift
215: https://www.debian.org/security/2025/dsa-6057
216: https://packages.debian.org/src:lxd
217: https://www.debian.org/security/2025/dsa-6058
218: https://packages.debian.org/src:lasso
219: https://www.debian.org/security/2025/dsa-6059
220: https://packages.debian.org/src:thunderbird
221: https://www.debian.org/security/2025/dsa-6060
222: https://packages.debian.org/src:chromium
223: https://www.debian.org/security/2025/dsa-6061
224: https://packages.debian.org/src:tryton-sao
225: https://www.debian.org/security/2025/dsa-6062
226: https://packages.debian.org/src:pdfminer
227: https://www.debian.org/security/2025/dsa-6064
228: https://packages.debian.org/src:tryton-server
229: https://www.debian.org/security/2025/dsa-6065
230: https://packages.debian.org/src:krita
231: https://www.debian.org/security/2025/dsa-6067
232: https://packages.debian.org/src:containerd
233: https://www.debian.org/security/2025/dsa-6068
234: https://packages.debian.org/src:xen
235: https://www.debian.org/security/2025/dsa-6069
236: https://packages.debian.org/src:openvpn
237: https://www.debian.org/security/2025/dsa-6070
238: https://packages.debian.org/src:webkit2gtk
239: https://www.debian.org/security/2025/dsa-6072
240: https://packages.debian.org/src:chromium
241: https://www.debian.org/security/2025/dsa-6074
242: https://packages.debian.org/src:webkit2gtk
243: https://www.debian.org/security/2025/dsa-6075
244: https://packages.debian.org/src:wordpress
245: https://www.debian.org/security/2025/dsa-6076
246: https://packages.debian.org/src:libpng1.6
247: https://www.debian.org/security/2025/dsa-6078
248: https://packages.debian.org/src:firefox-esr
249: https://www.debian.org/security/2025/dsa-6079
250: https://packages.debian.org/src:ffmpeg
251: https://www.debian.org/security/2025/dsa-6080
252: https://packages.debian.org/src:chromium
253: https://www.debian.org/security/2025/dsa-6081
254: https://packages.debian.org/src:thunderbird
255: https://www.debian.org/security/2025/dsa-6082
256: https://packages.debian.org/src:vlc
257: https://www.debian.org/security/2025/dsa-6083
258: https://packages.debian.org/src:webkit2gtk
259: https://www.debian.org/security/2025/dsa-6085
260: https://packages.debian.org/src:mediawiki
261: https://www.debian.org/security/2025/dsa-6087
262: https://packages.debian.org/src:roundcube
263: https://www.debian.org/security/2025/dsa-6089
264: https://packages.debian.org/src:chromium
265: https://www.debian.org/security/2025/dsa-6090
266: https://packages.debian.org/src:rails

Removed packages
----------------

The following packages were removed due to circumstances beyond our
control:

+------------------------------+--------------------------------------+
| Package | Reason |
+------------------------------+--------------------------------------+
| clamav [267] | [armel mipsel mips64el] No longer |
| | supportable on architectures without |
| | newer Rust support |
| | |
| clamsmtp [268] | [armel mipsel mips64el] Depends on |
| | to-be-removed clamav |
| | |
| libc-icap-mod-virus- | [armel mipsel mips64el] Depends on |
| scan [269] | to-be-removed clamav |
| | |
| libclamunrar [270] | [armel mipsel mips64el] Depends on |
| | to-be-removed clamav |
| | |
| pagure [271] | Broken, security issues |
| | |
| pg-snakeoil [272] | [armel mipsel mips64el] Depends on |
| | to-be-removed clamav |
| | |
+------------------------------+--------------------------------------+

267: https://packages.debian.org/src:clamav
268: https://packages.debian.org/src:clamsmtp
269: https://packages.debian.org/src:libc-icap-mod-virus-scan
270: https://packages.debian.org/src:libclamunrar
271: https://packages.debian.org/src:pagure
272: https://packages.debian.org/src:pg-snakeoil

Debian Installer
----------------

The installer has been updated to include the fixes incorporated into
oldstable by the point release.


URLs
----

The complete lists of packages that have changed with this revision:

https://deb.debian.org/debian/dists/bookworm/ChangeLog


The current oldstable distribution:

https://deb.debian.org/debian/dists/oldstable/


Proposed updates to the oldstable distribution:

https://deb.debian.org/debian/dists/oldstable-proposed-updates


oldstable distribution information (release notes, errata etc.):

https://www.debian.org/releases/oldstable/


Security announcements and information:

https://www.debian.org/security/



About Debian
------------

The Debian Project is an association of Free Software developers who
volunteer their time and effort in order to produce the completely free
operating system Debian.


Contact Information
-------------------

For further information, please visit the Debian web pages at
https://www.debian.org/, send mail to <press@debian.org>, or contact the
stable release team at <debian-release@lists.debian.org>.

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)