Debian buster Openstack images changelog 10.12.4-20220524 Updates in 1 source package(s), 2 binary package(s): Source libxml2, binaries: libxml2:amd64 libxml2:arm64 libxml2 (2.9.4+dfsg1-7+deb10u4) buster-security; urgency=high * Non-maintainer upload by the Security Team. * Fix integer overflow in xmlBufferResize * Fix integer overflows in xmlBuf and xmlBuffer (CVE-2022-29824) (Closes: #1010526) -- Steve McIntyre <93sam@debian.org> Tue, 24 May 2022 19:39:20 +0000 10.12.3-20220518 Updates in 1 source package(s), 4 binary package(s): Source openssl, binaries: libssl1.1:amd64 openssl:amd64 libssl1.1:arm64 openssl:arm64 openssl (1.1.1n-0+deb10u2) buster-security; urgency=medium * CVE-2022-1292 (The c_rehash script allows command injection). -- Steve McIntyre <93sam@debian.org> Wed, 18 May 2022 23:28:24 +0000 10.12.2-20220419 Updates in 2 source package(s), 4 binary package(s): Source gzip, binaries: gzip:amd64 gzip:arm64 gzip (1.9-3+deb10u1) buster-security; urgency=high * zgrep: fix arbitrary-file-write vulnerability addressing CVE-2022-1271 (closes: #1009168) * debian/rules: set execute mode bit on test scripts Source xz-utils, binaries: liblzma5:amd64 liblzma5:arm64 xz-utils (5.2.4-1+deb10u1) buster-security; urgency=high * Non-maintainer upload by the Security Team. * xzgrep: Fix escaping of malicious filenames (ZDI-CAN-16587) (CVE-2022-1271) (Closes: #1009167) -- Steve McIntyre <93sam@debian.org> Wed, 20 Apr 2022 00:24:09 +0000 10.12.1-20220403 Updates in 2 source package(s), 4 binary package(s): Source tzdata, binaries: tzdata:amd64 tzdata:arm64 tzdata (2021a-0+deb10u4) buster; urgency=medium * Cherry-pick patches from tzdata-2022a: - 06-palestine-dst2.patch: Palestine will spring forward on 2022-03-27, not -03-26. Source zlib, binaries: zlib1g:amd64 zlib1g:arm64 zlib (1:1.2.11.dfsg-1+deb10u1) buster-security; urgency=high * Non-maintainer upload by the Security Team. * Fix a bug that can crash deflate on some input when using Z_FIXED (CVE-2018-25032) (Closes: #1008265) -- Steve McIntyre <93sam@debian.org> Sun, 03 Apr 2022 04:45:27 +0000 10.12.0 First build for 10.12.0 release -- Steve McIntyre <93sam@debian.org> Sat, 26 Mar 2022 21:19:41 +0000