Updated Debian 12: 12.14 released

------------------------------------------------------------------------ The Debian Project https://www.debian.org/ Updated Debian 12: 12.14 released press@debian.org May 16th, 2026 https://www.debian.org/News/2026/2026051602 ------------------------------------------------------------------------ The Debian project is pleased to announce the fourteenth update of its oldstable distribution Debian 12 (codename "bookworm"). This point release mainly adds corrections for security issues, along with a few adjustments for serious problems. Security advisories have already been published separately and are referenced where available. Please note that the point release does not constitute a new version of Debian 12 but only updates some of the packages included. There is no need to throw away old "bookworm" media. After installation, packages can be upgraded to the current versions using an up-to-date Debian mirror. Those who frequently install updates from security.debian.org won't have to update many packages, and most such updates are included in the point release. New installation images will be available soon at the regular locations. Upgrading an existing installation to this revision can be achieved by pointing the package management system at one of Debian's many HTTP mirrors. A comprehensive list of mirrors is available at: https://www.debian.org/mirror/list Miscellaneous Bugfixes ---------------------- This oldstable update adds a few important corrections to the following packages: +-------------------------+-------------------------------------------+ | Package | Reason | +-------------------------+-------------------------------------------+ | 7zip [1] | New upstream stable release; fix integer | | | underflow issue [CVE-2023-31102]; fix | | | code execution issues [CVE-2023-40481 | | | CVE-2025-11001 CVE-2025-11002]; fix | | | denial of service issue [CVE-2024-11612]; | | | fix null pointer dereference issue | | | [CVE-2025-53817]; fix handling of | | | symbolic links [CVE-2025-55188] | | | | | apache2 [2] | New upstream release: fix http2 | | | regression; fix use-after-free issue | | | [CVE-2026-23918]; fix privilege | | | escalation issue [CVE-2026-24072]; fix | | | NULL pointer dereference issues | | | [CVE-2026-29169 CVE-2026-33007]; fix | | | authentication bypass issue [CVE-2026- | | | 33006]; fix HTTP response splitting issue | | | [CVE-2026-33523]; fix out-of-bounds read | | | issues [CVE-2026-33857 CVE-2026-34032]; | | | fix buffer over-read issue [CVE-2026- | | | 34059] | | | | | arduino-core-avr [3] | New upstream stable release; fix buffer | | | overflow issue [CVE-2025-69209] | | | | | augeas [4] | Fix NULL pointer dereference issue | | | [CVE-2025-2588] | | | | | awstats [5] | Prevent command injection [CVE-2025- | | | 63261] | | | | | base-files [6] | Update for the point release | | | | | bash [7] | Rebuild with updated glibc | | | | | busybox [8] | Fix stack overflow [CVE-2022-48174] and | | | use-after-free [CVE-2023-42363 CVE-2023- | | | 42364 CVE-2023-42365] errors | | | | | c3p0 [9] | Fix recursive entity expansion issue | | | [CVE-2019-5427] | | | | | calibre [10] | Fix path traversal issues [CVE-2026-25635 | | | CVE-2026-25636 CVE-2026-26064 CVE-2026- | | | 26065]; fix code execution issue | | | [CVE-2026-25731]; fix HTTP response | | | header injection issue [CVE-2026-27810]; | | | fix IP ban bypass issue [CVE-2026-27824] | | | | | cdebootstrap [11] | Rebuild with updated glibc | | | | | chkrootkit [12] | Rebuild with updated glibc | | | | | chrony [13] | Open the PHC reference clock with the | | | O_RDWR flag when enabling the extpps | | | option | | | | | composer [14] | Fix code execution issue [CVE-2023- | | | 43655]; fix command injection issues | | | [CVE-2026-40261 CVE-2026-40176] | | | | | containerd [15] | Fix CRI Attach implementation [CVE-2025- | | | 64329]; fix overly broad directory | | | permissions [CVE-2024-25621]; fix large | | | UID:GID (> 32bit) overflow [CVE-2024- | | | 40635] | | | | | dar [16] | Rebuild with updated glibc | | | | | debian-installer [17] | Bump linux ABI to 6.1.0-47 | | | | | debian-installer- | Rebuild against oldstable-proposed- | | netboot-images [18] | updates | | | | | debsig-verify [19] | Rebuild with updated dpkg | | | | | deets [20] | Rebuild with updated dpkg | | | | | distro-info-data [21] | Add Ubuntu 26.10 "Stonking Stingray" | | | | | docker.io [22] | Rebuild with updated containerd, glibc | | | | | dovecot [23] | Correct incomplete backport of CVE-2026- | | | 27855 fix; fix memory leak in CVE-2026- | | | 27857 fix | | | | | dpkg [24] | New upstream stable release; fix | | | insufficient permissions check leading to | | | possible denial of service issue | | | [CVE-2025-6297]; fix denial of service | | | issue [CVE-2026-2219]; fix buffer over- | | | read issue; fix uninitialized variable | | | warning with Rules-Requires-Root; fix | | | segmentation fault in dpkg-trigger; | | | translation fixes | | | | | erlang [25] | Fix denial of service issues [CVE-2025- | | | 48038 CVE-2025-48039 CVE-2025-48040 | | | CVE-2025-48041]; fix HTTP request | | | smuggling issue [CVE-2026-23941]; fix | | | path traversal issues [CVE-2026-23942 | | | CVE-2026-21620]; fix compression bomb | | | issue [CVE-2026-23943] | | | | | exim4 [26] | Fix GnuTLS hostname verify of a server | | | certificate with a zero-length Subject; | | | fix denial of service issue [CVE-2026- | | | 40684]; fix out-of-bounds read/write | | | issues [CVE-2026-40685 CVE-2026-40686 | | | CVE-2026-40687] | | | | | fonttools [27] | Fix XML External Entity injection issue | | | [CVE-2023-45139]; fix code execution | | | issue [CVE-2025-66034] | | | | | glance [28] | Fix server-side request forgery issue | | | [CVE-2026-34881]; fix build failure | | | | | glib2.0 [29] | Fix timezone handling with Debian & | | | Ubuntu's symlinks; fix missing input | | | validation in | | | g_buffered_input_stream_peek [CVE-2026- | | | 0988]; fix integer overflow in base64 | | | encoding [CVE-2026-1484]; fix buffer | | | underflow issue in content type parsing | | | [CVE-2026-1485]; fix integer overflow in | | | unicode conversion [CVE-2026-1489] | | | | | glibc [30] | Fix integer overflow issue [CVE-2026- | | | 0861]; fix uninitialised memory use issue | | | [CVE-2025-15281]; fix incorrect handling | | | of DNS responses [CVE-2026-4437]; fix | | | return of invalid DNS hostnames | | | [CVE-2026-4438]; fix assertion failure | | | [CVE-2026-4046]; fix performance | | | bottleneck with ASAN on 32-bit arm; fix | | | incorrect backtrace unwinding; fix typo | | | in wmemset ifunc selector that caused | | | AVX2/AVX512 paths to be skipped; fix | | | POWER optimized rawmemchr function; fix | | | stack content leak issue [CVE-2026-0915] | | | | | gnuais [31] | Fix displaying map in gnuaisgui | | | | | golang-github- | Rebuild with updated containerd | | containerd-stargz- | | | snapshotter [32] | | | | | | golang-github- | Rebuild with updated containerd | | containers-buildah [33] | | | | | | golang-github- | Rebuild with updated containerd | | openshift- | | | imagebuilder [34] | | | | | | gpsd [35] | Fix out-of-bounds write issue [CVE-2025- | | | 67268]; fix integer underflow issue | | | [CVE-2025-67269] | | | | | grub-efi-amd64- | Remove NTFS and jfs from monolithic EFI | | signed [36] | image; update SBAT levels; set | | | "Protected: yes" for -signed packages so | | | they cannot easily be removed; backport | | | upstream regression fixes; fix "video/ | | | readers/jpeg: Do not permit duplicate | | | SOF0 markers in JPEG" [CVE-2024-45774]; | | | fix "commands/extcmd: Missing check for | | | failed allocation" [CVE-2024-45775]; fix | | | "commands/dump: The dump command is not | | | in lockdown when secure boot is | | | enabled" [CVE-2025-1118]; fix integer | | | overflow issues [CVE-2024-45776 CVE-2024- | | | 45777 CVE-2024-45778 CVE-2024-45779 | | | CVE-2024-45780 CVE-2025-0677 CVE-2025- | | | 0678 CVE-2025-0684 CVE-2025-0685 | | | CVE-2025-0690 CVE-2025-1125]; fix out-of- | | | bounds write issues [CVE-2024-45781 | | | CVE-2024-45782 CVE-2025-0624]; fix use- | | | after-free issues [CVE-2024-45783 | | | CVE-2025-0622]; fix buffer overflow issue | | | [CVE-2025-0689] | | | | | grub-efi-arm64- | Remove NTFS and jfs from monolithic EFI | | signed [37] | image; update SBAT levels; set | | | "Protected: yes" for -signed packages so | | | they cannot easily be removed; backport | | | upstream regression fixes; fix "video/ | | | readers/jpeg: Do not permit duplicate | | | SOF0 markers in JPEG" [CVE-2024-45774]; | | | fix "commands/extcmd: Missing check for | | | failed allocation" [CVE-2024-45775]; fix | | | "commands/dump: The dump command is not | | | in lockdown when secure boot is | | | enabled" [CVE-2025-1118]; fix integer | | | overflow issues [CVE-2024-45776 CVE-2024- | | | 45777 CVE-2024-45778 CVE-2024-45779 | | | CVE-2024-45780 CVE-2025-0677 CVE-2025- | | | 0678 CVE-2025-0684 CVE-2025-0685 | | | CVE-2025-0690 CVE-2025-1125]; fix out-of- | | | bounds write issues [CVE-2024-45781 | | | CVE-2024-45782 CVE-2025-0624]; fix use- | | | after-free issues [CVE-2024-45783 | | | CVE-2025-0622]; fix buffer overflow issue | | | [CVE-2025-0689] | | | | | grub-efi-ia32- | Remove NTFS and jfs from monolithic EFI | | signed [38] | image; update SBAT levels; set | | | "Protected: yes" for -signed packages so | | | they cannot easily be removed; backport | | | upstream regression fixes; fix "video/ | | | readers/jpeg: Do not permit duplicate | | | SOF0 markers in JPEG" [CVE-2024-45774]; | | | fix "commands/extcmd: Missing check for | | | failed allocation" [CVE-2024-45775]; fix | | | "commands/dump: The dump command is not | | | in lockdown when secure boot is | | | enabled" [CVE-2025-1118]; fix integer | | | overflow issues [CVE-2024-45776 CVE-2024- | | | 45777 CVE-2024-45778 CVE-2024-45779 | | | CVE-2024-45780 CVE-2025-0677 CVE-2025- | | | 0678 CVE-2025-0684 CVE-2025-0685 | | | CVE-2025-0690 CVE-2025-1125]; fix out-of- | | | bounds write issues [CVE-2024-45781 | | | CVE-2024-45782 CVE-2025-0624]; fix use- | | | after-free issues [CVE-2024-45783 | | | CVE-2025-0622]; fix buffer overflow issue | | | [CVE-2025-0689] | | | | | grub2 [39] | Remove NTFS and jfs from monolithic EFI | | | image; update SBAT levels; set | | | "Protected: yes" for -signed packages so | | | they cannot easily be removed; backport | | | upstream regression fixes; fix "video/ | | | readers/jpeg: Do not permit duplicate | | | SOF0 markers in JPEG" [CVE-2024-45774]; | | | fix "commands/extcmd: Missing check for | | | failed allocation" [CVE-2024-45775]; fix | | | "commands/dump: The dump command is not | | | in lockdown when secure boot is | | | enabled" [CVE-2025-1118]; fix integer | | | overflow issues [CVE-2024-45776 CVE-2024- | | | 45777 CVE-2024-45778 CVE-2024-45779 | | | CVE-2024-45780 CVE-2025-0677 CVE-2025- | | | 0678 CVE-2025-0684 CVE-2025-0685 | | | CVE-2025-0690 CVE-2025-1125]; fix out-of- | | | bounds write issues [CVE-2024-45781 | | | CVE-2024-45782 CVE-2025-0624]; fix use- | | | after-free issues [CVE-2024-45783 | | | CVE-2025-0622]; fix buffer overflow issue | | | [CVE-2025-0689] | | | | | gvfs [40] | Use control connection address for PASV | | | data [CVE-2026-28295]; reject paths | | | containing CR/LF characters [CVE-2026- | | | 28296] | | | | | kissfft [41] | Fix integer overflow issues [CVE-2025- | | | 34297 CVE-2026-41445] | | | | | kpackage [42] | Skip unreliable build-time test | | | | | lemonldap-ng [43] | Update documentation to avoid using | | | unsecured Nginx variable | | | | | libarchive [44] | Fix out-of-bounds read issues [CVE-2025- | | | 5918 CVE-2026-4424]; fix denial of | | | service issues [CVE-2026-4111 CVE-2026- | | | 4426]; fix possible code execution issue | | | [CVE-2026-5121] | | | | | libcap2 [45] | Fix time of check / time of use issue | | | [CVE-2026-4878]; rebuild with updated | | | glibc | | | | | libexif [46] | Fix integer underflow issues [CVE-2026- | | | 40386 CVE-2026-32775]; fix integer | | | overflow issue [CVE-2026-40385] | | | | | libnet-cidr-lite- | Fix ACL bypass issues [CVE-2026-40198 | | perl [47] | CVE-2026-40199] | | | | | libpng1.6 [48] | Fix heap buffer overflow issues | | | [CVE-2026-22801 CVE-2026-22695] | | | | | libpod [49] | Rebuild with updated containerd | | | | | libreoffice [50] | Fix incomplete fix for CVE-2024-12426 | | | | | libreoffice- | Add dependency on dvipng/dvisvgm | | texmaths [51] | | | | | | libuev [52] | Fix buffer overrun issue [CVE-2022-48620] | | | | | libvncserver [53] | Fix out-of-bounds read issue [CVE-2026- | | | 32853]; fix null pointer dereference | | | issue [CVE-2026-32854] | | | | | libxml-security- | Fix private key disclosure issue | | java [54] | [CVE-2023-44483] | | | | | libxslt [55] | Fix deterministic generate-id() | | | regression causing build failures in | | | other packages | | | | | lxc [56] | Fix authorisation bypass issue [CVE-2026- | | | 39402] | | | | | mapserver [57] | Fix SQL injection issue [CVE-2025-59431]; | | | fix buffer overflow issue [CVE-2026- | | | 33721]; fix heap-buffer-overflow and | | | double-free issues in maplexer | | | | | modsecurity-crs [58] | Fix rule bypass issue [CVE-2023-38199]; | | | fix file extension blocking bypass issue | | | [CVE-2026-33691] | | | | | mongo-c-driver [59] | Fix insufficient validation issues | | | [CVE-2025-14911 CVE-2026-6231]; fix | | | denial of service issue [CVE-2026-4359]; | | | fix buffer overflow issue [CVE-2026- | | | 6691]; improve handling of corrupt GridFS | | | files | | | | | nginx [60] | Fix buffer overflow issues [CVE-2026- | | | 27654 CVE-2026-27784 CVE-2026-32647]; fix | | | session authentication issues [CVE-2026- | | | 27651 CVE-2026-28753]; fix OCSP result | | | bypass issue [CVE-2026-28755]; use | | | "$host" instead of "$http_host" | | | | | openssh [61] | Fix possible code execution issues | | | [CVE-2025-61984 CVE-2025-61985]; ensure | | | scp does not unexpectedly make | | | transferred files setuid or setgid | | | [CVE-2026-35385]; fix command execution | | | issue [CVE-2026-35386]; fix incomplete | | | application of PubkeyAcceptedAlgorithms | | | and HostbasedAcceptedAlgorithms with | | | regard to ECDSA keys [CVE-2026-35387]; | | | use connection multiplexing confirmation | | | for proxy-mode multiplexing sessions | | | [CVE-2026-35388]; fix handling of the | | | authorized_keys "principals" option | | | [CVE-2026-35414]; validate user and host | | | names for ProxyJump/-J options passed via | | | the command line | | | | | openssl [62] | New upstream stable release | | | | | p7zip [63] | Rebase onto newer 7zip version; fix | | | integer underflow issue [CVE-2023-31102]; | | | fix code execution issues [CVE-2023-40481 | | | CVE-2025-11001 CVE-2025-11002]; fix | | | denial of service issue [CVE-2024-11612]; | | | fix null pointer dereference issue | | | [CVE-2025-53817]; fix handling of | | | symbolic links [CVE-2025-55188]; fix | | | buffer overflow issue [CVE-2023-52168]; | | | fix out-of-bounds read issues [CVE-2023- | | | 52169 CVE-2022-47069] | | | | | p7zip-rar [64] | Rebase onto newer 7zip version; fix | | | denial of service issue [CVE-2025-53816] | | | | | php-dompdf [65] | Fix denial of service issue [CVE-2023- | | | 50262] | | | | | php-league- | Fix cross site scripting issue [CVE-2025- | | commonmark [66] | 46734]; fix validation bypass issues | | | [CVE-2026-30838 CVE-2026-33347] | | | | | php-phpseclib [67] | Fix denial of service issue [CVE-2024- | | | 27355]; fix variable time comparison | | | issue [CVE-2026-40194] | | | | | php-phpseclib3 [68] | Fix denial of service issue [CVE-2024- | | | 27355]; fix variable time comparison | | | issue [CVE-2026-40194] | | | | | phpseclib [69] | Fix denial of service issue [CVE-2024- | | | 27355]; fix variable time comparison | | | issue [CVE-2026-40194] | | | | | plastimatch [70] | Remove non-free files | | | | | postgresql-15 [71] | New upstream stable release; fix buffer | | | overrun issue [CVE-2026-2006] | | | | | proftpd-dfsg [72] | Fix denial of service issue [CVE-2024- | | | 57392]; fix SQL injection issue | | | [CVE-2026-42167]; fix "mod_radius: | | | Message-Authenticator check always fails" | | | | | pymupdf [73] | Rebuild with updated mupdf | | | | | python-authlib [74] | Fix algorithm confusion issue [CVE-2024- | | | 37568]; fix cross-site request forgery | | | issue [CVE-2025-68158]; fix denial of | | | service issues [CVE-2025-62706 CVE-2025- | | | 61920]; fix policy bypass issue | | | [CVE-2025-59420] | | | | | python-django [75] | Fix regular expression-based denial of | | | service issue [CVE-2023-36053], denial of | | | service issues [CVE-2024-38875 CVE-2024- | | | 39614 CVE-2024-41990 CVE-2024-41991], | | | user enumeration issue [CVE-2024-39329], | | | directory traversal issue [CVE-2024- | | | 39330], excessive memory consumption | | | issue [CVE-2024-41989], SQL injection | | | issue [CVE-2024-42005] | | | | | python-ldap [76] | Fix insufficient escaping issue | | | [CVE-2025-61911]; fix denial of service | | | issue [CVE-2025-61912] | | | | | python3.11 [77] | Fix header injection issues [CVE-2025- | | | 11468 CVE-2025-15282 CVE-2026-0672 | | | CVE-2026-0865 CVE-2026-1299]; fix denial | | | of service issues [CVE-2025-12084 | | | CVE-2025-13836 CVE-2025-13837 CVE-2025- | | | 6069 CVE-2025-6075 CVE-2025-8194]; fix | | | insufficient validation in zipFile | | | [CVE-2025-8291]; fix use-after-free issue | | | [CVE-2025-4516] | | | | | qemu [78] | Rebuild with updated glibc, glib2.0, | | | gnutls28 | | | | | request-tracker5 [79] | Fix builds of CKEditor when firefox is >= | | | 148 | | | | | sash [80] | Rebuild with updated glibc | | | | | sed [81] | Fix time of check / time of use issue | | | [CVE-2026-5958] | | | | | sioyek [82] | Rebuild with updated mupdf | | | | | skeema [83] | Rebuild with updated containerd | | | | | snapd [84] | Rebuild with updated libcap2 | | | | | sudo [85] | Fix exec_mailer permissions checks | | | [CVE-2026-35535] | | | | | supermin [86] | Rebuild with updated glibc | | | | | swupdate [87] | Fix denial of service issue [CVE-2026- | | | 28525] | | | | | systemd [88] | Fix assert and freeze [CVE-2026-29111]; | | | fix code execution issues [CVE-2026-40225 | | | CVE-2026-4105]; fix nspawn escape-to-host | | | issue [CVE-2026-40226] | | | | | taglib [89] | Fix segmentation violation issue | | | [CVE-2023-47466] | | | | | tpm2-pkcs11 [90] | Fix NULL pointer dereference during | | | database migration | | | | | tripwire [91] | Rebuild with updated glibc | | | | | tzdata [92] | New upstream release; update data for | | | British Columbia | | | | | user-mode-linux [93] | Rebuild with updated linux | | | | | vips [94] | Fix buffer overflow issues [CVE-2026-2913 | | | CVE-2026-3147 CVE-2026-3281]; fix memory | | | corruption issue [CVE-2026-3145]; fix | | | null pointer dereference issue [CVE-2026- | | | 3146]; fix out of bound read issues | | | [CVE-2026-3282 CVE-2026-3283]; fix | | | integer overflow issue [CVE-2026-3284] | | | | | wireless-regdb [95] | New upstream stable release; update | | | regulatory information for several | | | countries | | | | | wireshark [96] | Fix denial of service issues [CVE-2024- | | | 11596 CVE-2024-9781 CVE-2025-11626 | | | CVE-2025-13499 CVE-2025-13945 CVE-2025- | | | 13946 CVE-2025-1492 CVE-2025-5601 | | | CVE-2025-9817 CVE-2026-0960] | | | | | xorg-server [97] | Fix buffer re-use issue [CVE-2026-33999]; | | | fix / improve bounds checking [CVE-2026- | | | 34000 CVE-2026-34003]; fix use after free | | | issue [CVE-2026-34001]; fix out-of-bounds | | | read issue [CVE-2026-34002] | | | | | zsh [98] | Rebuild with updated libcap2, glibc | | | | | zvbi [99] | Fix uninitialised pointer issue | | | [CVE-2025-2173]; fix integer overflow | | | issues [CVE-2025-2174 CVE-2025-2175 | | | CVE-2025-2176 CVE-2025-2177] | | | | +-------------------------+-------------------------------------------+ 1: https://packages.debian.org/src:7zip 2: https://packages.debian.org/src:apache2 3: https://packages.debian.org/src:arduino-core-avr 4: https://packages.debian.org/src:augeas 5: https://packages.debian.org/src:awstats 6: https://packages.debian.org/src:base-files 7: https://packages.debian.org/src:bash 8: https://packages.debian.org/src:busybox 9: https://packages.debian.org/src:c3p0 10: https://packages.debian.org/src:calibre 11: https://packages.debian.org/src:cdebootstrap 12: https://packages.debian.org/src:chkrootkit 13: https://packages.debian.org/src:chrony 14: https://packages.debian.org/src:composer 15: https://packages.debian.org/src:containerd 16: https://packages.debian.org/src:dar 17: https://packages.debian.org/src:debian-installer 18: https://packages.debian.org/src:debian-installer-netboot-images 19: https://packages.debian.org/src:debsig-verify 20: https://packages.debian.org/src:deets 21: https://packages.debian.org/src:distro-info-data 22: https://packages.debian.org/src:docker.io 23: https://packages.debian.org/src:dovecot 24: https://packages.debian.org/src:dpkg 25: https://packages.debian.org/src:erlang 26: https://packages.debian.org/src:exim4 27: https://packages.debian.org/src:fonttools 28: https://packages.debian.org/src:glance 29: https://packages.debian.org/src:glib2.0 30: https://packages.debian.org/src:glibc 31: https://packages.debian.org/src:gnuais 32: https://packages.debian.org/src:golang-github-containerd-stargz-snapshotter 33: https://packages.debian.org/src:golang-github-containers-buildah 34: https://packages.debian.org/src:golang-github-openshift-imagebuilder 35: https://packages.debian.org/src:gpsd 36: https://packages.debian.org/src:grub-efi-amd64-signed 37: https://packages.debian.org/src:grub-efi-arm64-signed 38: https://packages.debian.org/src:grub-efi-ia32-signed 39: https://packages.debian.org/src:grub2 40: https://packages.debian.org/src:gvfs 41: https://packages.debian.org/src:kissfft 42: https://packages.debian.org/src:kpackage 43: https://packages.debian.org/src:lemonldap-ng 44: https://packages.debian.org/src:libarchive 45: https://packages.debian.org/src:libcap2 46: https://packages.debian.org/src:libexif 47: https://packages.debian.org/src:libnet-cidr-lite-perl 48: https://packages.debian.org/src:libpng1.6 49: https://packages.debian.org/src:libpod 50: https://packages.debian.org/src:libreoffice 51: https://packages.debian.org/src:libreoffice-texmaths 52: https://packages.debian.org/src:libuev 53: https://packages.debian.org/src:libvncserver 54: https://packages.debian.org/src:libxml-security-java 55: https://packages.debian.org/src:libxslt 56: https://packages.debian.org/src:lxc 57: https://packages.debian.org/src:mapserver 58: https://packages.debian.org/src:modsecurity-crs 59: https://packages.debian.org/src:mongo-c-driver 60: https://packages.debian.org/src:nginx 61: https://packages.debian.org/src:openssh 62: https://packages.debian.org/src:openssl 63: https://packages.debian.org/src:p7zip 64: https://packages.debian.org/src:p7zip-rar 65: https://packages.debian.org/src:php-dompdf 66: https://packages.debian.org/src:php-league-commonmark 67: https://packages.debian.org/src:php-phpseclib 68: https://packages.debian.org/src:php-phpseclib3 69: https://packages.debian.org/src:phpseclib 70: https://packages.debian.org/src:plastimatch 71: https://packages.debian.org/src:postgresql-15 72: https://packages.debian.org/src:proftpd-dfsg 73: https://packages.debian.org/src:pymupdf 74: https://packages.debian.org/src:python-authlib 75: https://packages.debian.org/src:python-django 76: https://packages.debian.org/src:python-ldap 77: https://packages.debian.org/src:python3.11 78: https://packages.debian.org/src:qemu 79: https://packages.debian.org/src:request-tracker5 80: https://packages.debian.org/src:sash 81: https://packages.debian.org/src:sed 82: https://packages.debian.org/src:sioyek 83: https://packages.debian.org/src:skeema 84: https://packages.debian.org/src:snapd 85: https://packages.debian.org/src:sudo 86: https://packages.debian.org/src:supermin 87: https://packages.debian.org/src:swupdate 88: https://packages.debian.org/src:systemd 89: https://packages.debian.org/src:taglib 90: https://packages.debian.org/src:tpm2-pkcs11 91: https://packages.debian.org/src:tripwire 92: https://packages.debian.org/src:tzdata 93: https://packages.debian.org/src:user-mode-linux 94: https://packages.debian.org/src:vips 95: https://packages.debian.org/src:wireless-regdb 96: https://packages.debian.org/src:wireshark 97: https://packages.debian.org/src:xorg-server 98: https://packages.debian.org/src:zsh 99: https://packages.debian.org/src:zvbi Security Updates ---------------- This revision adds the following security updates to the oldstable release. The Security Team has already released an advisory for each of these updates: +----------------+------------------------------+ | Advisory ID | Package | +----------------+------------------------------+ | DSA-6003 [100] | firefox-esr [101] | | | | | DSA-6025 [102] | firefox-esr [103] | | | | | DSA-6054 [104] | firefox-esr [105] | | | | | DSA-6078 [106] | firefox-esr [107] | | | | | DSA-6093 [108] | gimp [109] | | | | | DSA-6094 [110] | libsodium [111] | | | | | DSA-6096 [112] | vlc [113] | | | | | DSA-6097 [114] | chromium [115] | | | | | DSA-6098 [116] | net-snmp [117] | | | | | DSA-6100 [118] | chromium [119] | | | | | DSA-6101 [120] | firefox-esr [121] | | | | | DSA-6102 [122] | python-urllib3 [123] | | | | | DSA-6103 [124] | thunderbird [125] | | | | | DSA-6105 [126] | modsecurity-crs [127] | | | | | DSA-6106 [128] | inetutils [129] | | | | | DSA-6107 [130] | bind9 [131] | | | | | DSA-6108 [132] | chromium [133] | | | | | DSA-6110 [134] | openjdk-17 [135] | | | | | DSA-6111 [136] | imagemagick [137] | | | | | DSA-6113 [138] | openssl [139] | | | | | DSA-6114 [140] | pyasn1 [141] | | | | | DSA-6115 [142] | gimp [143] | | | | | DSA-6116 [144] | chromium [145] | | | | | DSA-6118 [146] | thunderbird [147] | | | | | DSA-6120 [148] | tomcat10 [149] | | | | | DSA-6122 [150] | chromium [151] | | | | | DSA-6123 [152] | xrdp [153] | | | | | DSA-6125 [154] | usbmuxd [155] | | | | | DSA-6127 [156] | linux-signed-amd64 [157] | | | | | DSA-6127 [158] | linux-signed-arm64 [159] | | | | | DSA-6127 [160] | linux-signed-i386 [161] | | | | | DSA-6127 [162] | linux [163] | | | | | DSA-6128 [164] | shaarli [165] | | | | | DSA-6129 [166] | munge [167] | | | | | DSA-6131 [168] | nginx [169] | | | | | DSA-6132 [170] | postgresql-15 [171] | | | | | DSA-6135 [172] | chromium [173] | | | | | DSA-6136 [174] | python-django-storages [175] | | | | | DSA-6136 [176] | python-django [177] | | | | | DSA-6137 [178] | roundcube [179] | | | | | DSA-6138 [180] | libpng1.6 [181] | | | | | DSA-6139 [182] | gimp [183] | | | | | DSA-6140 [184] | gnutls28 [185] | | | | | DSA-6142 [186] | gegl [187] | | | | | DSA-6143 [188] | libvpx [189] | | | | | DSA-6145 [190] | nova [191] | | | | | DSA-6146 [192] | chromium [193] | | | | | DSA-6148 [194] | firefox-esr [195] | | | | | DSA-6149 [196] | nss [197] | | | | | DSA-6150 [198] | python-django [199] | | | | | DSA-6151 [200] | chromium [201] | | | | | DSA-6152 [202] | thunderbird [203] | | | | | DSA-6153 [204] | lxd [205] | | | | | DSA-6154 [206] | php8.2 [207] | | | | | DSA-6156 [208] | gimp [209] | | | | | DSA-6157 [210] | chromium [211] | | | | | DSA-6159 [212] | imagemagick [213] | | | | | DSA-6160 [214] | netty [215] | | | | | DSA-6163 [216] | linux-signed-amd64 [217] | | | | | DSA-6163 [218] | linux-signed-arm64 [219] | | | | | DSA-6163 [220] | linux-signed-i386 [221] | | | | | DSA-6163 [222] | linux [223] | | | | | DSA-6164 [224] | chromium [225] | | | | | DSA-6165 [226] | chromium [227] | | | | | DSA-6167 [228] | gst-plugins-base1.0 [229] | | | | | DSA-6170 [230] | snapd [231] | | | | | DSA-6171 [232] | chromium [233] | | | | | DSA-6172 [234] | webkit2gtk [235] | | | | | DSA-6173 [236] | freeciv [237] | | | | | DSA-6175 [238] | libyaml-syck-perl [239] | | | | | DSA-6176 [240] | strongswan [241] | | | | | DSA-6177 [242] | chromium [243] | | | | | DSA-6178 [244] | firefox-esr [245] | | | | | DSA-6179 [246] | thunderbird [247] | | | | | DSA-6180 [248] | ruby-rack [249] | | | | | DSA-6181 [250] | bind9 [251] | | | | | DSA-6182 [252] | libxml-parser-perl [253] | | | | | DSA-6185 [254] | phpseclib [255] | | | | | DSA-6186 [256] | php-phpseclib [257] | | | | | DSA-6187 [258] | php-phpseclib3 [259] | | | | | DSA-6188 [260] | lxd [261] | | | | | DSA-6189 [262] | libpng1.6 [263] | | | | | DSA-6190 [264] | gst-plugins-bad1.0 [265] | | | | | DSA-6191 [266] | gst-plugins-ugly1.0 [267] | | | | | DSA-6192 [268] | chromium [269] | | | | | DSA-6193 [270] | inetutils [271] | | | | | DSA-6194 [272] | pyasn1 [273] | | | | | DSA-6195 [274] | python-tornado [275] | | | | | DSA-6196 [276] | roundcube [277] | | | | | DSA-6197 [278] | dovecot [279] | | | | | DSA-6199 [280] | trafficserver [281] | | | | | DSA-6200 [282] | tor [283] | | | | | DSA-6201 [284] | openssl [285] | | | | | DSA-6202 [286] | firefox-esr [287] | | | | | DSA-6203 [288] | tiff [289] | | | | | DSA-6204 [290] | openssh [291] | | | | | DSA-6205 [292] | chromium [293] | | | | | DSA-6206 [294] | gdk-pixbuf [295] | | | | | DSA-6208 [296] | mediawiki [297] | | | | | DSA-6210 [298] | imagemagick [299] | | | | | DSA-6211 [300] | thunderbird [301] | | | | | DSA-6213 [302] | lxd [303] | | | | | DSA-6214 [304] | chromium [305] | | | | | DSA-6215 [306] | gimp [307] | | | | | DSA-6216 [308] | opam [309] | | | | | DSA-6218 [310] | mupdf [311] | | | | | DSA-6220 [312] | simpleeval [313] | | | | | DSA-6221 [314] | ntfs-3g [315] | | | | | DSA-6222 [316] | ngtcp2 [317] | | | | | DSA-6223 [318] | flatpak [319] | | | | | DSA-6224 [320] | xdg-dbus-proxy [321] | | | | | DSA-6225 [322] | firefox-esr [323] | | | | | DSA-6226 [324] | packagekit [325] | | | | | DSA-6227 [326] | strongswan [327] | | | | | DSA-6229 [328] | thunderbird [329] | | | | | DSA-6230 [330] | chromium [331] | | | | | DSA-6236 [332] | firefox-esr [333] | | | | | DSA-6237 [334] | jtreg7 [335] | | | | | DSA-6237 [336] | openjdk-17 [337] | | | | | DSA-6239 [338] | chromium [339] | | | | | DSA-6242 [340] | thunderbird [341] | | | | | DSA-6243 [342] | linux-signed-amd64 [343] | | | | | DSA-6243 [344] | linux-signed-arm64 [345] | | | | | DSA-6243 [346] | linux-signed-i386 [347] | | | | | DSA-6243 [348] | linux [349] | | | | | DSA-6245 [350] | imagemagick [351] | | | | | DSA-6247 [352] | lxd [353] | | | | | DSA-6248 [354] | apache2 [355] | | | | | DSA-6249 [356] | wireshark [357] | | | | | DSA-6251 [358] | libreoffice [359] | | | | | DSA-6252 [360] | prosody [361] | | | | | DSA-6254 [362] | firefox-esr [363] | | | | | DSA-6255 [364] | php8.2 [365] | | | | | DSA-6257 [366] | postorius [367] | | | | | DSA-6258 [368] | linux-signed-amd64 [369] | | | | | DSA-6258 [370] | linux-signed-arm64 [371] | | | | | DSA-6258 [372] | linux-signed-i386 [373] | | | | | DSA-6258 [374] | linux [375] | | | | | DSA-6259 [376] | pyjwt [377] | | | | | DSA-6260 [378] | tor [379] | | | | | DSA-6261 [380] | corosync [381] | | | | | DSA-6262 [382] | lcms2 [383] | | | | | DSA-6263 [384] | libpng1.6 [385] | | | | | DSA-6264 [386] | dnsmasq [387] | | | | | DSA-6265 [388] | exim4 [389] | | | | +----------------+------------------------------+ 100: https://www.debian.org/security/2025/dsa-6003 101: https://packages.debian.org/src:firefox-esr 102: https://www.debian.org/security/2025/dsa-6025 103: https://packages.debian.org/src:firefox-esr 104: https://www.debian.org/security/2025/dsa-6054 105: https://packages.debian.org/src:firefox-esr 106: https://www.debian.org/security/2025/dsa-6078 107: https://packages.debian.org/src:firefox-esr 108: https://www.debian.org/security/2026/dsa-6093 109: https://packages.debian.org/src:gimp 110: https://www.debian.org/security/2026/dsa-6094 111: https://packages.debian.org/src:libsodium 112: https://www.debian.org/security/2026/dsa-6096 113: https://packages.debian.org/src:vlc 114: https://www.debian.org/security/2026/dsa-6097 115: https://packages.debian.org/src:chromium 116: https://www.debian.org/security/2026/dsa-6098 117: https://packages.debian.org/src:net-snmp 118: https://www.debian.org/security/2026/dsa-6100 119: https://packages.debian.org/src:chromium 120: https://www.debian.org/security/2026/dsa-6101 121: https://packages.debian.org/src:firefox-esr 122: https://www.debian.org/security/2026/dsa-6102 123: https://packages.debian.org/src:python-urllib3 124: https://www.debian.org/security/2026/dsa-6103 125: https://packages.debian.org/src:thunderbird 126: https://www.debian.org/security/2026/dsa-6105 127: https://packages.debian.org/src:modsecurity-crs 128: https://www.debian.org/security/2026/dsa-6106 129: https://packages.debian.org/src:inetutils 130: https://www.debian.org/security/2026/dsa-6107 131: https://packages.debian.org/src:bind9 132: https://www.debian.org/security/2026/dsa-6108 133: https://packages.debian.org/src:chromium 134: https://www.debian.org/security/2026/dsa-6110 135: https://packages.debian.org/src:openjdk-17 136: https://www.debian.org/security/2026/dsa-6111 137: https://packages.debian.org/src:imagemagick 138: https://www.debian.org/security/2026/dsa-6113 139: https://packages.debian.org/src:openssl 140: https://www.debian.org/security/2026/dsa-6114 141: https://packages.debian.org/src:pyasn1 142: https://www.debian.org/security/2026/dsa-6115 143: https://packages.debian.org/src:gimp 144: https://www.debian.org/security/2026/dsa-6116 145: https://packages.debian.org/src:chromium 146: https://www.debian.org/security/2026/dsa-6118 147: https://packages.debian.org/src:thunderbird 148: https://www.debian.org/security/2026/dsa-6120 149: https://packages.debian.org/src:tomcat10 150: https://www.debian.org/security/2026/dsa-6122 151: https://packages.debian.org/src:chromium 152: https://www.debian.org/security/2026/dsa-6123 153: https://packages.debian.org/src:xrdp 154: https://www.debian.org/security/2026/dsa-6125 155: https://packages.debian.org/src:usbmuxd 156: https://www.debian.org/security/2026/dsa-6127 157: https://packages.debian.org/src:linux-signed-amd64 158: https://www.debian.org/security/2026/dsa-6127 159: https://packages.debian.org/src:linux-signed-arm64 160: https://www.debian.org/security/2026/dsa-6127 161: https://packages.debian.org/src:linux-signed-i386 162: https://www.debian.org/security/2026/dsa-6127 163: https://packages.debian.org/src:linux 164: https://www.debian.org/security/2026/dsa-6128 165: https://packages.debian.org/src:shaarli 166: https://www.debian.org/security/2026/dsa-6129 167: https://packages.debian.org/src:munge 168: https://www.debian.org/security/2026/dsa-6131 169: https://packages.debian.org/src:nginx 170: https://www.debian.org/security/2026/dsa-6132 171: https://packages.debian.org/src:postgresql-15 172: https://www.debian.org/security/2026/dsa-6135 173: https://packages.debian.org/src:chromium 174: https://www.debian.org/security/2026/dsa-6136 175: https://packages.debian.org/src:python-django-storages 176: https://www.debian.org/security/2026/dsa-6136 177: https://packages.debian.org/src:python-django 178: https://www.debian.org/security/2026/dsa-6137 179: https://packages.debian.org/src:roundcube 180: https://www.debian.org/security/2026/dsa-6138 181: https://packages.debian.org/src:libpng1.6 182: https://www.debian.org/security/2026/dsa-6139 183: https://packages.debian.org/src:gimp 184: https://www.debian.org/security/2026/dsa-6140 185: https://packages.debian.org/src:gnutls28 186: https://www.debian.org/security/2026/dsa-6142 187: https://packages.debian.org/src:gegl 188: https://www.debian.org/security/2026/dsa-6143 189: https://packages.debian.org/src:libvpx 190: https://www.debian.org/security/2026/dsa-6145 191: https://packages.debian.org/src:nova 192: https://www.debian.org/security/2026/dsa-6146 193: https://packages.debian.org/src:chromium 194: https://www.debian.org/security/2026/dsa-6148 195: https://packages.debian.org/src:firefox-esr 196: https://www.debian.org/security/2026/dsa-6149 197: https://packages.debian.org/src:nss 198: https://www.debian.org/security/2026/dsa-6150 199: https://packages.debian.org/src:python-django 200: https://www.debian.org/security/2026/dsa-6151 201: https://packages.debian.org/src:chromium 202: https://www.debian.org/security/2026/dsa-6152 203: https://packages.debian.org/src:thunderbird 204: https://www.debian.org/security/2026/dsa-6153 205: https://packages.debian.org/src:lxd 206: https://www.debian.org/security/2026/dsa-6154 207: https://packages.debian.org/src:php8.2 208: https://www.debian.org/security/2026/dsa-6156 209: https://packages.debian.org/src:gimp 210: https://www.debian.org/security/2026/dsa-6157 211: https://packages.debian.org/src:chromium 212: https://www.debian.org/security/2026/dsa-6159 213: https://packages.debian.org/src:imagemagick 214: https://www.debian.org/security/2026/dsa-6160 215: https://packages.debian.org/src:netty 216: https://www.debian.org/security/2026/dsa-6163 217: https://packages.debian.org/src:linux-signed-amd64 218: https://www.debian.org/security/2026/dsa-6163 219: https://packages.debian.org/src:linux-signed-arm64 220: https://www.debian.org/security/2026/dsa-6163 221: https://packages.debian.org/src:linux-signed-i386 222: https://www.debian.org/security/2026/dsa-6163 223: https://packages.debian.org/src:linux 224: https://www.debian.org/security/2026/dsa-6164 225: https://packages.debian.org/src:chromium 226: https://www.debian.org/security/2026/dsa-6165 227: https://packages.debian.org/src:chromium 228: https://www.debian.org/security/2026/dsa-6167 229: https://packages.debian.org/src:gst-plugins-base1.0 230: https://www.debian.org/security/2026/dsa-6170 231: https://packages.debian.org/src:snapd 232: https://www.debian.org/security/2026/dsa-6171 233: https://packages.debian.org/src:chromium 234: https://www.debian.org/security/2026/dsa-6172 235: https://packages.debian.org/src:webkit2gtk 236: https://www.debian.org/security/2026/dsa-6173 237: https://packages.debian.org/src:freeciv 238: https://www.debian.org/security/2026/dsa-6175 239: https://packages.debian.org/src:libyaml-syck-perl 240: https://www.debian.org/security/2026/dsa-6176 241: https://packages.debian.org/src:strongswan 242: https://www.debian.org/security/2026/dsa-6177 243: https://packages.debian.org/src:chromium 244: https://www.debian.org/security/2026/dsa-6178 245: https://packages.debian.org/src:firefox-esr 246: https://www.debian.org/security/2026/dsa-6179 247: https://packages.debian.org/src:thunderbird 248: https://www.debian.org/security/2026/dsa-6180 249: https://packages.debian.org/src:ruby-rack 250: https://www.debian.org/security/2026/dsa-6181 251: https://packages.debian.org/src:bind9 252: https://www.debian.org/security/2026/dsa-6182 253: https://packages.debian.org/src:libxml-parser-perl 254: https://www.debian.org/security/2026/dsa-6185 255: https://packages.debian.org/src:phpseclib 256: https://www.debian.org/security/2026/dsa-6186 257: https://packages.debian.org/src:php-phpseclib 258: https://www.debian.org/security/2026/dsa-6187 259: https://packages.debian.org/src:php-phpseclib3 260: https://www.debian.org/security/2026/dsa-6188 261: https://packages.debian.org/src:lxd 262: https://www.debian.org/security/2026/dsa-6189 263: https://packages.debian.org/src:libpng1.6 264: https://www.debian.org/security/2026/dsa-6190 265: https://packages.debian.org/src:gst-plugins-bad1.0 266: https://www.debian.org/security/2026/dsa-6191 267: https://packages.debian.org/src:gst-plugins-ugly1.0 268: https://www.debian.org/security/2026/dsa-6192 269: https://packages.debian.org/src:chromium 270: https://www.debian.org/security/2026/dsa-6193 271: https://packages.debian.org/src:inetutils 272: https://www.debian.org/security/2026/dsa-6194 273: https://packages.debian.org/src:pyasn1 274: https://www.debian.org/security/2026/dsa-6195 275: https://packages.debian.org/src:python-tornado 276: https://www.debian.org/security/2026/dsa-6196 277: https://packages.debian.org/src:roundcube 278: https://www.debian.org/security/2026/dsa-6197 279: https://packages.debian.org/src:dovecot 280: https://www.debian.org/security/2026/dsa-6199 281: https://packages.debian.org/src:trafficserver 282: https://www.debian.org/security/2026/dsa-6200 283: https://packages.debian.org/src:tor 284: https://www.debian.org/security/2026/dsa-6201 285: https://packages.debian.org/src:openssl 286: https://www.debian.org/security/2026/dsa-6202 287: https://packages.debian.org/src:firefox-esr 288: https://www.debian.org/security/2026/dsa-6203 289: https://packages.debian.org/src:tiff 290: https://www.debian.org/security/2026/dsa-6204 291: https://packages.debian.org/src:openssh 292: https://www.debian.org/security/2026/dsa-6205 293: https://packages.debian.org/src:chromium 294: https://www.debian.org/security/2026/dsa-6206 295: https://packages.debian.org/src:gdk-pixbuf 296: https://www.debian.org/security/2026/dsa-6208 297: https://packages.debian.org/src:mediawiki 298: https://www.debian.org/security/2026/dsa-6210 299: https://packages.debian.org/src:imagemagick 300: https://www.debian.org/security/2026/dsa-6211 301: https://packages.debian.org/src:thunderbird 302: https://www.debian.org/security/2026/dsa-6213 303: https://packages.debian.org/src:lxd 304: https://www.debian.org/security/2026/dsa-6214 305: https://packages.debian.org/src:chromium 306: https://www.debian.org/security/2026/dsa-6215 307: https://packages.debian.org/src:gimp 308: https://www.debian.org/security/2026/dsa-6216 309: https://packages.debian.org/src:opam 310: https://www.debian.org/security/2026/dsa-6218 311: https://packages.debian.org/src:mupdf 312: https://www.debian.org/security/2026/dsa-6220 313: https://packages.debian.org/src:simpleeval 314: https://www.debian.org/security/2026/dsa-6221 315: https://packages.debian.org/src:ntfs-3g 316: https://www.debian.org/security/2026/dsa-6222 317: https://packages.debian.org/src:ngtcp2 318: https://www.debian.org/security/2026/dsa-6223 319: https://packages.debian.org/src:flatpak 320: https://www.debian.org/security/2026/dsa-6224 321: https://packages.debian.org/src:xdg-dbus-proxy 322: https://www.debian.org/security/2026/dsa-6225 323: https://packages.debian.org/src:firefox-esr 324: https://www.debian.org/security/2026/dsa-6226 325: https://packages.debian.org/src:packagekit 326: https://www.debian.org/security/2026/dsa-6227 327: https://packages.debian.org/src:strongswan 328: https://www.debian.org/security/2026/dsa-6229 329: https://packages.debian.org/src:thunderbird 330: https://www.debian.org/security/2026/dsa-6230 331: https://packages.debian.org/src:chromium 332: https://www.debian.org/security/2026/dsa-6236 333: https://packages.debian.org/src:firefox-esr 334: https://www.debian.org/security/2026/dsa-6237 335: https://packages.debian.org/src:jtreg7 336: https://www.debian.org/security/2026/dsa-6237 337: https://packages.debian.org/src:openjdk-17 338: https://www.debian.org/security/2026/dsa-6239 339: https://packages.debian.org/src:chromium 340: https://www.debian.org/security/2026/dsa-6242 341: https://packages.debian.org/src:thunderbird 342: https://www.debian.org/security/2026/dsa-6243 343: https://packages.debian.org/src:linux-signed-amd64 344: https://www.debian.org/security/2026/dsa-6243 345: https://packages.debian.org/src:linux-signed-arm64 346: https://www.debian.org/security/2026/dsa-6243 347: https://packages.debian.org/src:linux-signed-i386 348: https://www.debian.org/security/2026/dsa-6243 349: https://packages.debian.org/src:linux 350: https://www.debian.org/security/2026/dsa-6245 351: https://packages.debian.org/src:imagemagick 352: https://www.debian.org/security/2026/dsa-6247 353: https://packages.debian.org/src:lxd 354: https://www.debian.org/security/2026/dsa-6248 355: https://packages.debian.org/src:apache2 356: https://www.debian.org/security/2026/dsa-6249 357: https://packages.debian.org/src:wireshark 358: https://www.debian.org/security/2026/dsa-6251 359: https://packages.debian.org/src:libreoffice 360: https://www.debian.org/security/2026/dsa-6252 361: https://packages.debian.org/src:prosody 362: https://www.debian.org/security/2026/dsa-6254 363: https://packages.debian.org/src:firefox-esr 364: https://www.debian.org/security/2026/dsa-6255 365: https://packages.debian.org/src:php8.2 366: https://www.debian.org/security/2026/dsa-6257 367: https://packages.debian.org/src:postorius 368: https://www.debian.org/security/2026/dsa-6258 369: https://packages.debian.org/src:linux-signed-amd64 370: https://www.debian.org/security/2026/dsa-6258 371: https://packages.debian.org/src:linux-signed-arm64 372: https://www.debian.org/security/2026/dsa-6258 373: https://packages.debian.org/src:linux-signed-i386 374: https://www.debian.org/security/2026/dsa-6258 375: https://packages.debian.org/src:linux 376: https://www.debian.org/security/2026/dsa-6259 377: https://packages.debian.org/src:pyjwt 378: https://www.debian.org/security/2026/dsa-6260 379: https://packages.debian.org/src:tor 380: https://www.debian.org/security/2026/dsa-6261 381: https://packages.debian.org/src:corosync 382: https://www.debian.org/security/2026/dsa-6262 383: https://packages.debian.org/src:lcms2 384: https://www.debian.org/security/2026/dsa-6263 385: https://packages.debian.org/src:libpng1.6 386: https://www.debian.org/security/2026/dsa-6264 387: https://packages.debian.org/src:dnsmasq 388: https://www.debian.org/security/2026/dsa-6265 389: https://packages.debian.org/src:exim4 Removed packages ---------------- The following packages were removed due to circumstances beyond our control: +-----------------+----------------------------------------------------+ | Package | Reason | +-----------------+----------------------------------------------------+ | suricata [390] | Unsupportable; possible security issues; | | | maintained via backports | | | | | zulucrypt [391] | Security issues; unmaintained | | | | +-----------------+----------------------------------------------------+ 390: https://packages.debian.org/src:suricata 391: https://packages.debian.org/src:zulucrypt Debian Installer ---------------- The installer has been updated to include the fixes incorporated into oldstable by the point release. URLs ---- The complete lists of packages that have changed with this revision: https://deb.debian.org/debian/dists/bookworm/ChangeLog The current oldstable distribution: https://deb.debian.org/debian/dists/oldstable/ Proposed updates to the oldstable distribution: https://deb.debian.org/debian/dists/oldstable-proposed-updates oldstable distribution information (release notes, errata etc.): https://www.debian.org/releases/oldstable/ Security announcements and information: https://www.debian.org/security/ About Debian ------------ The Debian Project is an association of Free Software developers who volunteer their time and effort in order to produce the completely free operating system Debian. Contact Information ------------------- For further information, please visit the Debian web pages at https://www.debian.org/, send mail to <press@debian.org>, or contact the stable release team at <debian-release@lists.debian.org>.