Debian buster Openstack images changelog 10.13.24-20240324 Updates in 4 source package(s), 14 binary package(s): Source gnutls28, binaries: libgnutls30:amd64 libgnutls30:arm64 gnutls28 (3.6.7-4+deb10u12) buster-security; urgency=high . * Non-maintainer upload by the LTS Security Team. * Fix CVE-2024-0553: Timing side-channel vulnerability inside RSA-PSK key exchange. (Closes: #1061046) Source python3.7, binaries: libpython3.7-minimal:amd64 libpython3.7-stdlib:amd64 python3.7:amd64 python3.7-minimal:amd64 libpython3.7-minimal:arm64 libpython3.7-stdlib:arm64 python3.7:arm64 python3.7-minimal:arm64 python3.7 (3.7.3-2+deb10u7) buster-security; urgency=medium . * Non-maintainer upload by the LTS Team. * CVE-2023-6597: tempfile.TemporaryDirectory failure to remove dir * CVE-2024-0450: quoted-overlap zipbomb DoS Source qemu, binaries: qemu-utils:amd64 qemu-utils:arm64 qemu (1:3.1+dfsg-8+deb10u12) buster-security; urgency=medium . * Non-maintainer upload by the LTS Team. * CVE-2023-2861: 9pfs did not prohibit opening special files on the host side * CVE-2023-3354: remote unauthenticated clients could cause denial of service in VNC server * CVE-2023-5088: IDE guest I/O operation addressed to an arbitrary disk offset might get targeted to offset 0 instead Source tar, binaries: tar:amd64 tar:arm64 tar (1.30+dfsg-6+deb10u1) buster-security; urgency=medium . * Non-maintainer upload by the LTS Team. * CVE-2023-39804: Incorrectly handling of extension attributes in PAX archives -- Steve McIntyre <93sam@debian.org> Sun, 24 Mar 2024 17:35:49 +0000 10.13.23-20240208 Updates in 4 source package(s), 10 binary package(s): Source bind9, binaries: libdns-export1104:amd64 libisc-export1100:amd64 libdns-export1104:arm64 libisc-export1100:arm64 bind9 (1:9.11.5.P4+dfsg-5.1+deb10u10) buster-security; urgency=high . * Non-maintainer upload by the LTS Team. * CVE-2023-3341 A stack exhaustion flaw was discovered in the control channel code which may result in denial of service (named daemon crash). Source jinja2, binaries: python3-jinja2:amd64 python3-jinja2:arm64 jinja2 (2.10-2+deb10u1) buster-security; urgency=high . * Non-maintainer upload by the Debian LTS team. * CVE-2024-22195: Fix an issue where it was possible to inject arbitrary HTML attributes into the rendered HTML via the "xmlattr" filter, potentially leading to a Cross-Site Scripting (XSS) attack. It may also have been possible to bypass attribute validation checks if they were blacklist-based. (Closes: #1060748) * Actually run the testsuite, on both Python 2.x and Python 3.x. Source linux-latest, binaries: linux-image-cloud-amd64:amd64 linux-image-arm64:arm64 linux-latest (105+deb10u21) buster-security; urgency=medium . * Update to 4.19.0-26 . linux-latest (105+deb10u20) buster-security; urgency=medium . * Update to 4.19.0-25 . linux-latest (105+deb10u19) buster-security; urgency=medium . * Update to 4.19.0-24 . linux-latest (105+deb10u18) buster-security; urgency=medium . * Update to 4.19.0-23 . linux-latest (105+deb10u17) buster-security; urgency=medium . * Update to 4.19.0-22 . linux-latest (105+deb10u16) buster-security; urgency=medium . * Update to 4.19.0-21 . linux-latest (105+deb10u15) buster; urgency=medium . * Update to 4.19.0-20 . linux-latest (105+deb10u14) buster-security; urgency=high . * Update to 4.19.0-19 * linux-image: Add NEWS for unprivileged eBPF change . linux-latest (105+deb10u13) buster; urgency=medium . * Update to 4.19.0-18 . linux-latest (105+deb10u12) buster; urgency=medium . * Update to 4.19.0-17 . linux-latest (105+deb10u11) buster; urgency=medium . * Update to 4.19.0-16 . linux-latest (105+deb10u10) buster; urgency=medium . * Update to 4.19.0-15 . linux-latest (105+deb10u9) buster-security; urgency=high . * Update to 4.19.0-14 . linux-latest (105+deb10u8) buster; urgency=medium . * Update to 4.19.0-13 . linux-latest (105+deb10u7) buster-security; urgency=high . * Update to 4.19.0-12 . linux-latest (105+deb10u6) buster; urgency=medium . * Update to 4.19.0-11 . linux-latest (105+deb10u5) buster; urgency=medium . * Update to 4.19.0-10 . linux-latest (105+deb10u4) buster; urgency=medium . * Update to 4.19.0-9 . linux-latest (105+deb10u3) buster; urgency=medium . * Update to 4.19.0-8 . linux-latest (105+deb10u2) buster; urgency=medium . * Update to 4.19.0-7 . linux-latest (105+deb10u1) buster; urgency=medium . * Update to 4.19.0-6 . linux-latest (105) unstable; urgency=medium . * Update to 4.19.0-5 . linux-latest (104) unstable; urgency=medium . * Update to 4.19.0-4 . linux-latest (103) unstable; urgency=medium . * Update to 4.19.0-3 . linux-latest (102) unstable; urgency=medium . * Update to 4.19.0-2 . linux-latest (101) unstable; urgency=medium . * Update to 4.19.0-1 . linux-latest (100) unstable; urgency=medium . [ Romain Perier ] * Update to 4.18.0-3 . linux-latest (99) unstable; urgency=medium . * Update to 4.18.0-2 . linux-latest (98) unstable; urgency=medium . * Update to 4.18.0-1 . linux-latest (97) unstable; urgency=medium . * Update to 4.17.0-3 . linux-latest (96) unstable; urgency=medium . [ Romain Perier ] * Update to 4.17.0-2 . linux-latest (95) unstable; urgency=medium . [ Romain Perier ] * Update to 4.17.0-1 . linux-latest (94) unstable; urgency=medium . [ Ben Hutchings ] * Substitute source package name in lintian-overrides * Change binary package names to include any source package name suffix * Don't build redundant linux-doc, linux-source, linux-tools packages . [ Salvatore Bonaccorso ] * Update to 4.16.0-2 . linux-latest (93) unstable; urgency=medium . * Update to 4.16.0-1 . linux-latest (92) unstable; urgency=medium . * Update to 4.15.0-3 . linux-latest (91) unstable; urgency=medium . [ Ben Hutchings ] * debian/control: Point Vcs URLs to Salsa . [ Salvatore Bonaccorso ] * Update to 4.15.0-2 . linux-latest (90) unstable; urgency=medium . * Update to 4.15.0-1 . linux-latest (89) unstable; urgency=medium . * Update to 4.14.0-3 . linux-latest (88) unstable; urgency=medium . * Update to 4.14.0-2 . linux-latest (87) unstable; urgency=medium . * linux-image: Add back-dated NEWS for vsyscall change in Linux 4.10 * linux-doc: Add symlinks to current documentation * Update to 4.14.0-1 * linux-image: Add back-dated NEWS about AppArmor introduction . linux-latest (86) unstable; urgency=medium . * Add myself to Uploaders * Update to 4.13.0-1 . linux-latest (85) unstable; urgency=medium . * debian/control: Remove Frederik Schüler from Uploaders field * Update to 4.12.0-2 . linux-latest (84) unstable; urgency=medium . * Update to 4.12.0-1 (Closes: #872055) . linux-latest (83) unstable; urgency=medium . * Update to 4.11.0-2 . linux-latest (82) unstable; urgency=medium . * Revert changes to debug symbol meta-packages (Closes: #866691) . linux-latest (81) unstable; urgency=medium . * Update to 4.11.0-1 * Stop generating various transitional packages needed in stretch . linux-latest (80) unstable; urgency=medium . * Re-introduce xen-linux-system-amd64 *again* as transitional package (Closes: #857039) * Update to 4.9.0-3 . linux-latest (79) unstable; urgency=medium . * Update to 4.9.0-2 . linux-latest (78) unstable; urgency=medium . * debian/rules: Use dpkg-parsechangelog -S option to select fields * linux-image: Delete NEWS for version 76 about vsyscall changes, now reverted * Update to 4.9.0-1 . linux-latest (77) unstable; urgency=medium . * Update to 4.8.0-2 * Use debhelper compatibility level 9 * Re-introduce xen-linux-system packages, accidentally dropped in version 75 . linux-latest (76) unstable; urgency=medium . * Update to 4.8.0-1 * linux-image-{686-pae,amd64}: Delete old NEWS * linux-image: Add back-dated NEWS for conntrack helpers change in Linux 4.7 (Closes: #839632) * linux-image: Add NEWS for security hardening config changes for Linux 4.8 . linux-latest (75) unstable; urgency=medium . * Update to 4.7.0-1 * Rename and move debug symbol meta-packages to the debug archive * debian/control: Set priority of transitional packages to extra * debian/control: Update Standards-Version to 3.9.8; no changes needed . linux-latest (74) unstable; urgency=medium . * Update to 4.6.0-1 . linux-latest (73) unstable; urgency=medium . * Update to 4.5.0-2 . linux-latest (72) unstable; urgency=medium . * Update to 4.5.0-1 . linux-latest (71) unstable; urgency=medium . * Update to 4.4.0-1 - Change linux-{image,headers}-{kirkwood,orion5x} to transitional packages . linux-latest (70) unstable; urgency=medium . * Change linux-{image,headers}-586 to transitional packages . linux-latest (69) unstable; urgency=medium . * Update to 4.3.0-1 . linux-latest (68) unstable; urgency=medium . * Update to 4.2.0-1 * debian/bin/gencontrol.py: Use Python 3 . linux-latest (67) unstable; urgency=medium . * Adjust for migration to git: - Add .gitignore file - debian/control: Update Vcs-* fields * .gitignore: Ignore linux-perf build directory * Update to 4.1.0-2 * Change source format to 3.0 (native) so that .git directory is excluded by default . linux-latest (66) unstable; urgency=medium . * Update to 4.1.0-1 * Rename linux-tools to linux-perf, providing linux-tools as a transitional package . linux-latest (65) unstable; urgency=medium . * Update to 4.0.0-2 . linux-latest (64) unstable; urgency=medium . * Update to 4.0.0-1 * Stop generating linux-{headers,image}-486 transitional packages * debian/control: Build-Depend on linux-headers-*-all, so that after an ABI bump linux is auto-built before linux-latest on each architecture. (Closes: #746618) . linux-latest (63) unstable; urgency=medium . * Update to 3.16.0-4 - Change linux-{image,headers}-486 to transitional packages . linux-latest (62) unstable; urgency=medium . * Update to 3.16-3 (Closes: #766078) . linux-latest (61) unstable; urgency=medium . * Update to 3.16-2 . linux-latest (60) unstable; urgency=medium . * linux-image-{686-pae,amd64}: Add backdated NEWS for introduction of xz compression affecting Xen (Closes: #727736) * Update to 3.16-1 . linux-latest (59) unstable; urgency=medium . * Update to 3.14-2 . linux-latest (58) unstable; urgency=medium . * Rebuild to include arm64 and ppc64el architectures . linux-latest (57) unstable; urgency=medium . * Suppress lintian warnings about linux-image-dbg metapackages not looking like debug info packages * debian/control: Update Standards-Version to 3.9.5; no changes needed * Update to 3.14-1 . linux-latest (56) unstable; urgency=medium . * Update to 3.13-1 . linux-latest (55) unstable; urgency=low . * Update to 3.12-1 . linux-latest (54) unstable; urgency=low . * Update to 3.11-2 . linux-latest (53) unstable; urgency=low . * Add linux-image--dbg metapackages, providing the virtual package linux-latest-image-dbg * Update standards-version to 3.9.4; no changes required * Change section and priority fields to match archive overrides * Update to 3.11-1 * Stop providing virtual package linux-headers . linux-latest (52) unstable; urgency=low . * Update to 3.10-3 . linux-latest (51) unstable; urgency=low . * Update to 3.10-2 . linux-latest (50) unstable; urgency=low . * Update to 3.10-1 . linux-latest (49) unstable; urgency=low . * Update to 3.9-1 . linux-latest (48) unstable; urgency=low . * Update to 3.8-2 (Closes: #708842) . linux-latest (47) unstable; urgency=low . * Update to 3.8-1 * Remove transitional packages provided in wheezy . linux-latest (46) unstable; urgency=low . * Set Priority: extra, as currently overridden in the archive (Closes: #689846) * Add Czech debconf template translation (Michal Šimůnek) (Closes: #685501) * Update to 3.2.0-4 (Closes: #688222, #689864) . linux-latest (45) unstable; urgency=low . * Update to 3.2.0-3 . linux-latest (44) unstable; urgency=high . [ Ben Hutchings ] * Update debconf template translations: - Add Polish (Michał Kułach) (Closes: #659571) - Add Turkish (Mert Dirik) (Closes: #660119) * Update standards-version to 3.9.3: - Do not move packages to the 'metapackages' section, as that will cause APT not to auto-remove their dependencies * Move transitional packages to the section 'oldlibs', so that APT will treat the replacement packages as manually installed * Update to 3.2.0-2 * Stop generating linux-{headers,image}-2.6- transitional packages for flavours added since Linux 3.0 . linux-latest (43) unstable; urgency=low . * Add Vcs-{Svn,Browser} fields * Add debconf template translations: - Danish (Joe Hansen) (Closes: #656642) - Spanish (Slime Siabef) (Closes: #654681) - Italian (Stefano Canepa) (Closes: #657386) * [s390] Update the check for flavours without modules, removing the useless linux-headers{,-2.6}-s390x-tape packages . linux-latest (42) unstable; urgency=low . * Rename source package to linux-latest * Add debconf template translations: - Portugese (Miguel Figueiredo) (Closes: #651123) - Serbian latin (Zlatan Todoric) (Closes: #635895) - Russian (Yuri Kozlov) (Closes: #652431) - Japanese (Nobuhiro Iwamatsu) (Closes: #655687) * Update to 3.2.0-1 . linux-latest-2.6 (41) unstable; urgency=low . * Remove dependency on module makefiles in linux-support package * Update to 3.1.0-1 . linux-latest-2.6 (40) unstable; urgency=low . * Add debconf template translations: - Serbian cyrillic (Zlatan Todoric) (Closes: #635893) - German (Holger Wansing) (Closes: #637764) - French (Debian French l10n team) (Closes: #636624) - Swedish (Martin Bagge) (Closes: #640058) - Dutch (Jeroen Schot) (Closes: #640115) - Catalan (Innocent De Marchi) (Closes: #642109) * Update to 3.0.0-2 . linux-latest-2.6 (39) unstable; urgency=low . * Update to 3.0.0-1 . linux-latest-2.6 (38) experimental; urgency=low . * Correct xen-linux-system transitional package names . linux-latest-2.6 (37) experimental; urgency=low . * Update to 3.0.0-rc5 * Restore xen-linux-system- packages * Remove common description text from linux-image-2.6- packages . linux-latest-2.6 (36) experimental; urgency=low . * Update to 3.0.0-rc1 - Add linux-doc, linux-headers-, linux-source and linux-tools packages - Change *-2.6-* to transitional packages . linux-latest-2.6 (35.1) unstable; urgency=low . [ Bastian Blank ] * Update to 2.6.39-2. . linux-latest-2.6 (35) unstable; urgency=low . * Update to 2.6.39-1 - Change linux-image{,-2.6}-686{,-bigmem} to transitional packages . linux-latest-2.6 (34) unstable; urgency=low . * [hppa] Update to 2.6.38-2a . linux-latest-2.6 (33) unstable; urgency=low . * Update to 2.6.38-2 . linux-latest-2.6 (32) unstable; urgency=low . * Update to 2.6.38-1 . linux-latest-2.6 (31) unstable; urgency=low . * Update to 2.6.37-2 . linux-latest-2.6 (30) unstable; urgency=low . * Update to 2.6.37-1 . linux-latest-2.6 (29) unstable; urgency=low . * Add xen-linux-system-2.6-* meta-packages (Closes: #402414) * Add bug presubj message for image meta packages directing users to the real image packages (Closes: #549591) * Fix repetition in description of linux-image-2.6-xen-amd64 (Closes: #598648) * [x86] Correct lists of suitable processors . linux-latest-2.6 (28) unstable; urgency=low . * Move NEWS from linux-2.6, since apt-listchanges only shows it for upgraded packages * Add linux-tools-2.6 meta package * Change versions for linux-doc-2.6 and linux-source-2.6 to match those of the other meta packages . linux-latest-2.6 (27) unstable; urgency=low . * Really build linux-doc-2.6 and linux-source-2.6 meta packages . linux-latest-2.6 (26) unstable; urgency=low . [ Joachim Breitner ] * Create linux-doc-2.6 and linux-source-2.6 meta packages (Closes: 347284) . [ Ben Hutchings ] * Update to 2.6.32-5. * Update standards-version to 3.8.4; no changes required. * Explicitly describe all packages as meta-packages. . linux-latest-2.6 (25) unstable; urgency=high . * Update package description templates in line with linux-2.6. * Update to 2.6.32-3. * Set urgency to 'high' since this must transition with linux-2.6. . linux-latest-2.6 (24) unstable; urgency=low . * Update to 2.6.32-2. . linux-latest-2.6 (23) unstable; urgency=low . * Update to 2.6.32-trunk. . linux-latest-2.6 (22) unstable; urgency=low . * Update to 2.6.31-1. . linux-latest-2.6 (21) unstable; urgency=low . [ Bastian Blank ] * Update to 2.6.30-2. . [ Ben Hutchings ] * Add myself to uploaders. . linux-latest-2.6 (20) unstable; urgency=low . * Move into kernel section. * Update to 2.6.30-1. . linux-latest-2.6 (19) unstable; urgency=low . * Update to 2.6.29-2. * Use debhelper compat level 7. * Update copyright file. . linux-latest-2.6 (18) unstable; urgency=low . * Update to 2.6.29-1. * Use dh_prep. * Remove lenny transition packages. . linux-latest-2.6 (17) unstable; urgency=low . * Use correct part of the config for image type. * Add description parts to all image packages. . linux-latest-2.6 (16) unstable; urgency=low . * Rebuild to pick up new images . linux-latest-2.6 (15) unstable; urgency=low . * Update to 2.6.26-1. * Make linux-image-* complete meta packages. . linux-latest-2.6 (14) unstable; urgency=low . * Update to 2.6.25-2. . linux-latest-2.6 (13) unstable; urgency=low . * Add transitional packages for k7. . linux-latest-2.6 (12) unstable; urgency=low . * Update to 2.6.24-1. . linux-latest-2.6 (11) unstable; urgency=low . * Update to 2.6.22-3. . linux-latest-2.6 (10) unstable; urgency=low . * Update to 2.6.22-2. . linux-latest-2.6 (9) unstable; urgency=low . * Update to 2.6.22-1. . linux-latest-2.6 (8) unstable; urgency=low . * Update to 2.6.21-2. * Add modules meta packages. * Provide linux-latest-modules-*. (closes: #428783) . linux-latest-2.6 (7) unstable; urgency=low . * Update to 2.6.21-1. * Remove etch transition packages. . linux-latest-2.6 (6) unstable; urgency=low . * Update to 2.6.18-4. * i386: Add amd64 transition packages. . linux-latest-2.6 (5) unstable; urgency=low . * Update to 2.6.18-3. Source sudo, binaries: sudo:amd64 sudo:arm64 sudo (1.8.27-1+deb10u6) buster-security; urgency=high . * Non-maintainer upload by the LTS Security Team. * Fix CVE-2023-7090: A flaw was found in sudo in the handling of ipa_hostname, where ipa_hostname from /etc/sssd/sssd.conf was not propagated in sudo. Therefore, it leads to privilege mismanagement vulnerability in applications, where client hosts retain privileges even after retracting them. * Fix CVE-2023-28486: Sudo did not escape control characters in log messages. * Fix CVE-2023-28487: Sudo did not escape control characters in sudoreplay output. * Regenerate parsers from yacc file. -- Steve McIntyre <93sam@debian.org> Fri, 09 Feb 2024 01:44:04 +0000 10.13.22-20231326 Updates in 5 source package(s), 22 binary package(s): Source gnutls28, binaries: libgnutls30:amd64 libgnutls30:arm64 gnutls28 (3.6.7-4+deb10u11) buster-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix CVE-2023-5981: A vulnerability was found in GnuTLS, a secure communications library, which may facilitate a timing attack to compromise a cryptographic system. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding. Only TLS ciphertext processing is affected. Source ncurses, binaries: libncurses6:amd64 libncursesw6:amd64 libtinfo6:amd64 ncurses-base:amd64 ncurses-bin:amd64 libncurses6:arm64 libncursesw6:arm64 libtinfo6:arm64 ncurses-base:arm64 ncurses-bin:arm64 ncurses (6.1+20181013-2+deb10u5) buster-security; urgency=high . * Non-maintainer upload by the LTS Security Team. * Fix CVE-2021-39537: Heap-based buffer overflow in _nc_captoinfo(). * Mitigate CVE-2023-29491: Configure with `--disable-root-environ` (changed to match the behavior of the `--disable-setuid-environ` flag introduced in the 20230423 patchlevel) in order to disallow loading of custom terminfo entries in setuid/setgid programs. (Closes: #1034372) * d/libtinfo5.symbols, d/libtinfo6.symbols: Add new exported symbol _nc_env_access (exposed by the new configure flag). Source openssh, binaries: openssh-client:amd64 openssh-server:amd64 openssh-sftp-server:amd64 openssh-client:arm64 openssh-server:arm64 openssh-sftp-server:arm64 openssh (1:7.9p1-10+deb10u4) buster-security; urgency=medium . * Non-maintainer upload by the LTS Team. * Rename debian/.gitlab-ci.yml to debian/salsa-ci.yml and use lts-team/pipeline recipe for buster in it. * [CVE-2023-48795] ssh(1), sshd(8): implement protocol extensions to thwart the so-called "Terrapin attack" discovered by Fabian Bäumer, Marcus Brinkmann and Jörg Schwenk. This attack allows a MITM to effect a limited break of the integrity of the early encrypted SSH transport protocol by sending extra messages prior to the commencement of encryption, and deleting an equal number of consecutive messages immediately after encryption starts. A peer SSH client/server would not be able to detect that messages were deleted. * [CVE-2023-51385] ssh(1): if an invalid user or hostname that contained shell metacharacters was passed to ssh(1), and a ProxyCommand, LocalCommand directive or "match exec" predicate referenced the user or hostname via %u, %h or similar expansion token, then an attacker who could supply arbitrary user/hostnames to ssh(1) could potentially perform command injection depending on what quoting was present in the user-supplied ssh_config(5) directive. ssh(1) now bans most shell metacharacters from user and hostnames supplied via the command-line. * [CVE-2021-41617]: sshd(8) from OpenSSH 6.2 through 8.7 failed to correctly initialise supplemental groups when executing an AuthorizedKeysCommand or AuthorizedPrincipalsCommand, where a AuthorizedKeysCommandUser or AuthorizedPrincipalsCommandUser directive has been set to run the command as a different user. Instead these commands would inherit the groups that sshd(8) was started with (closes: #995130). Source python-requestbuilder, binaries: python-requestbuilder:amd64 python-requestbuilder:arm64 python-requestbuilder (0.5.2-2+deb10u1) buster-security; urgency=medium . * Non maintainer upload by the LTS team * Render version PEP440 compliant. Source tzdata, binaries: tzdata:amd64 tzdata:arm64 tzdata (2021a-0+deb10u12) buster-security; urgency=medium . * Cherry-pick patches from upstream (thanks Aurelien Jarno) - 25-no-leap-second-on-2023-12-31.patch: Update leap-seconds.list from upstream. The new expiration date is 28 June 2024. Closes: #1057185, #1057186. - 26-egypt-dst-fix.patch: Fix a typo in the Egypt change introduced in tzdata 2021a-0+deb10u10. Closes: #1036104. -- Steve McIntyre <93sam@debian.org> Tue, 26 Dec 2023 06:42:23 +0000 10.13.21-20231112 Updates in 4 source package(s), 18 binary package(s): Source dbus, binaries: dbus:amd64 libdbus-1-3:amd64 dbus:arm64 libdbus-1-3:arm64 dbus (1.12.28-0+deb10u1) buster-security; urgency=medium . * Non-maintainer upload by the LTS Team. * New upstream stable release. Notable changes: - CVE-2023-34969: denial of service if a monitor is active. Source distro-info-data, binaries: distro-info-data:amd64 distro-info-data:arm64 distro-info-data (0.41+deb10u8) buster-security; urgency=medium . * Update data to 0.58, without new columns: - Add Ubuntu 24.04 LTS Noble Numbat (LP: #2041662). - Correct Ubuntu 16.04 EOL to 2021-04-30 - Correct Debian 3.1 EOL date to 2008-03-31 - Correct Debian 7 EOL date to 2016-04-25 - Move Debian 9 EOL to the 9.13 release date 2020-07-18 - Move Debian 10 EOL to the 10.13 release date 2022-09-10 * Catch up previously excluded historical updates from 0.46: - Tweak EOL dates, by a couple of days, for Ubuntu 9.10, 10.04, 12.04, 15.04, 15.10, and 19.04. Source krb5, binaries: libgssapi-krb5-2:amd64 libk5crypto3:amd64 libkrb5-3:amd64 libkrb5support0:amd64 libgssapi-krb5-2:arm64 libk5crypto3:arm64 libkrb5-3:arm64 libkrb5support0:arm64 krb5 (1.17-3+deb10u6) buster-security; urgency=medium . * Non-maintainer upload by the LTS Security Team. * CVE-2023-36054: Freeing of uninitialized pointer in kadm_rpc_xdr.c Source python-urllib3, binaries: python-urllib3:amd64 python3-urllib3:amd64 python-urllib3:arm64 python3-urllib3:arm64 python-urllib3 (1.24.1-1+deb10u2) buster-security; urgency=high . [ Sean Whitton ] * Non-maintainer upload by the LTS Security Team. * CVE-2023-43803: Request body isn't stripped during cross-origin redirects (Closes: #1054226). . [ Guilhem Moulin ] * Use system 'six' in test/with_dummyserver/test_https.py too. * Retroactively fix CVE-2018-25091. -- Steve McIntyre <93sam@debian.org> Sun, 12 Nov 2023 12:13:45 +0000 10.13.20-20231015 Updates in 6 source package(s), 42 binary package(s): Source grub2, binaries: grub-common:amd64 grub-pc:amd64 grub-pc-bin:amd64 grub2-common:amd64 grub-common:arm64 grub-efi-arm64:arm64 grub-efi-arm64-bin:arm64 grub2-common:arm64 grub2 (2.06-3~deb10u4) buster-security; urgency=medium . [ Mate Kukri ] * SECURITY UPDATE: Crafted file system images can cause out-of-bounds write and may leak sensitive information into the GRUB pager. - d/patches/ntfs-cve-fixes/fs-ntfs-Fix-an-OOB-read-when-parsing-a-volume- label.patch: fs/ntfs: Fix an OOB read when parsing a volume label - d/patches/ntfs-cve-fixes/fs-ntfs-Fix-an-OOB-read-when-parsing-bs-for- index-at.patch: fs/ntfs: Fix an OOB read when parsing bitmaps for index attributes - d/patches/ntfs-cve-fixes/fs-ntfs-Fix-an-OOB-read-when-parsing-dory- entries-fr.patch: fs/ntfs: Fix an OOB read when parsing directory entries from resident and non-resident index attributes - d/patches/ntfs-cve-fixes/fs-ntfs-Fix-an-OOB-read-when-reading-data-fhe- reside.patch: fs/ntfs: Fix an OOB read when reading data from the resident $DATA + attribute - CVE-2023-4693 * SECURITY UPDATE: Crafted file system images can cause heap-based buffer overflow and may allow arbitrary code execution and secure boot bypass. - d/patches/ntfs-cve-fixes/fs-ntfs-Fix-an-OOB-write-when-parsing-the- ATTRIBUTE_LIST-.patch: fs/ntfs: Fix an OOB write when parsing the $ATTRIBUTE_LIST attribute for the $MFT file - d/patches/ntfs-cve-fixes/fs-ntfs-Make-code-more-readable.patch fs/ntfs: Make code more readable - CVE-2023-4692 . [ Julian Andres Klode ] * Bump SBAT to grub,4 Source ncurses, binaries: libncurses6:amd64 libncursesw6:amd64 libtinfo6:amd64 ncurses-base:amd64 ncurses-bin:amd64 libncurses6:arm64 libncursesw6:arm64 libtinfo6:arm64 ncurses-base:arm64 ncurses-bin:arm64 ncurses (6.1+20181013-2+deb10u4) buster-security; urgency=medium . [ Sean Whitton ] * Non-maintainer upload by the LTS Security Team. * Cherry-pick upstream fix for CVE-2020-19189. * Add additional CVEs fixed to CVE-2019-17594.diff & CVE-2020-17595.diff. . [ Anton Gladky ] * Add debian/.gitlab-ci.yml. Source python-urllib3, binaries: python-urllib3:amd64 python3-urllib3:amd64 python-urllib3:arm64 python3-urllib3:arm64 python-urllib3 (1.24.1-1+deb10u1) buster-security; urgency=high . * Non-maintainer upload by the LTS Security Team. * Follow-up for CVE-2018-20060: Remove Authorization headers regardless of case on cross-origin redirects. * Fix CVE-2019-11236: An attacker controlling the request parameter can inject headers by injecting CR/LF characters. (Closes: #927172) * Fix CVE-2019-11324: When verifying HTTPS connections when an SSLContext is passed to urllib3, system CA certificates will be loaded into the SSLContext by default in addition to any manually-specified CA certificates. This causes TLS handshakes that should fail given only the manually specified certs to succeed based on system CA certs. (Closes: #927412) * Fix CVE-2020-26137: CRLF injection vulnerability when the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). * Fix CVE-2023-43804: Cookie request header isn't stripped during cross-origin redirects. (Closes: #1053626) Source python3.7, binaries: libpython3.7-minimal:amd64 libpython3.7-stdlib:amd64 python3.7:amd64 python3.7-minimal:amd64 libpython3.7-minimal:arm64 libpython3.7-stdlib:arm64 python3.7:arm64 python3.7-minimal:arm64 python3.7 (3.7.3-2+deb10u6) buster-security; urgency=high . * Non-maintainer upload by the LTS Security Team. * CVE-2022-48560: Use-after-free via heappushpop in heapq. * CVE-2022-48564: Potential DoS in read_ints in plistlib.py. * CVE-2022-48565: Avoid XML External Entity (XXE) issues by rejecting entity declarations in XML plist files in plistlib. * CVE-2022-48566: Avoid some possible constant-time-defeating compiler optimisations in the accumulator variable in hmac.compare_digest. * CVE-2023-40217: Fix possible bypass of some of the protections implemented by the TLS handshake in ssl.SSLSocket class. - Also apply two upstream commits to stabilise the test suite. Source qemu, binaries: qemu-utils:amd64 qemu-utils:arm64 qemu (1:3.1+dfsg-8+deb10u11) buster-security; urgency=high . * Non-maintainer upload by the LTS Security Team. * CVE-2020-24165: Use-after-free race could lead to the execution of arbitrary code. * CVE-2023-0330: A DMA-MMIO reentrancy problem in the lsi53c895a device may lead to memory corruption bugs like stack overflow or use-after-free. (Closes: #1029155). * CVE-2023-3180: The function virtio_crypto_sym_op_helper, part of the implementation of qemu's virtual crypto device, does not check that the values of 'src_len' and 'dst_len' are the same. This could lead to a heap buffer overflow. Source vim, binaries: vim:amd64 vim-common:amd64 vim-runtime:amd64 vim-tiny:amd64 xxd:amd64 vim:arm64 vim-common:arm64 vim-runtime:arm64 vim-tiny:arm64 xxd:arm64 vim (2:8.1.0875-5+deb10u6) buster-security; urgency=medium . * Non-maintainer upload by the LTS Security Team. * CVE-2023-4752: heap use after free in ins_compl_get_exp() * CVE-2023-4781: heap-buffer-overflow in vim_regsub_both() -- Steve McIntyre <93sam@debian.org> Sun, 15 Oct 2023 13:03:30 +0000 10.13.19-20230926 Updates in 3 source package(s), 12 binary package(s): Source elfutils, binaries: libelf1:amd64 libelf1:arm64 elfutils (0.176-1.1+deb10u1) buster-security; urgency=high . * Non-maintainer upload by the LTS Team. * CVE-2020-21047 The libcpu component suffers from denial-of-service vulnerability caused by out-of-bounds write (CWE-787), off-by-one error (CWE-193) and reachable assertion (CWE-617). Source glib2.0, binaries: libglib2.0-0:amd64 libglib2.0-0:arm64 glib2.0 (2.58.3-2+deb10u5) buster-security; urgency=medium . * Non-maintainer upload by the LTS Team * Add debian/salsa-ci.yml using lts-team/pipeline for buster * Fix several GVariant-related issues: * CVE-2023-29499: GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service. * CVE-2023-32611: GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service. * CVE-2023-32665: GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service. Source python2.7, binaries: libpython2.7-minimal:amd64 libpython2.7-stdlib:amd64 python2.7:amd64 python2.7-minimal:amd64 libpython2.7-minimal:arm64 libpython2.7-stdlib:arm64 python2.7:arm64 python2.7-minimal:arm64 python2.7 (2.7.16-2+deb10u3) buster-security; urgency=medium . * Non-maintainer upload by the LTS Team. * Add testsuite-fix-with-expat.diff: Fix autopkgtests with updated expat. * Fix issue9189.diff: Update test suite to match behaviour change. * autopkgtest: mark distutils as non-failing * Add CVE-2021-23336.diff: Only use '&' as query string separator * Add CVE-2022-0391.diff: Make urlsplit robust against newlines * Add CVE-2022-48560.diff: Fix use-after-free in heapq module. * Add CVE-2022-48565.diff: Reject entities declarations while parsing XML plists. * Add CVE-2022-48566.diff: Make constant time comparison more constant-time. * Add CVE-2023-24329.diff: More WHATWG-compatible URL parsing * Add CVE-2023-40217.diff: Prevent reading unauthenticated data on a SSLSocket -- Steve McIntyre <93sam@debian.org> Tue, 26 Sep 2023 17:13:24 +0000 10.13.18-20230817 Updates in 4 source package(s), 12 binary package(s): Source linux-signed-amd64, binaries: linux-image-4.19.0-25-cloud-amd64:amd64 linux-signed-amd64 (4.19.289+2) buster-security; urgency=high . * Sign kernel from linux 4.19.289-2 . * [x86] Add mitigations for Gather Data Sampling (GDS) (CVE-2022-40982) - init: Provide arch_cpu_finalize_init() - x86/cpu: Switch to arch_cpu_finalize_init() - ARM: cpu: Switch to arch_cpu_finalize_init() - init: Remove check_bugs() leftovers - init: Invoke arch_cpu_finalize_init() earlier - init, x86: Move mem_encrypt_init() into arch_cpu_finalize_init() - x86/fpu: Remove cpuinfo argument from init functions - x86/fpu: Mark init functions __init - x86/fpu: Move FPU initialization into arch_cpu_finalize_init() - x86/speculation: Add Gather Data Sampling mitigation - x86/speculation: Add force option to GDS mitigation - x86/speculation: Add Kconfig option for GDS - KVM: Add GDS_NO support to KVM - x86/xen: Fix secondary processors' FPU initialization - Documentation/x86: Fix backwards on/off logic about YMM support * [x86] cpu: Avoid ABI change for GDS mitigations Source linux-signed-arm64, binaries: linux-image-4.19.0-25-arm64:arm64 linux-signed-arm64 (4.19.289+2) buster-security; urgency=high . * Sign kernel from linux 4.19.289-2 . * [x86] Add mitigations for Gather Data Sampling (GDS) (CVE-2022-40982) - init: Provide arch_cpu_finalize_init() - x86/cpu: Switch to arch_cpu_finalize_init() - ARM: cpu: Switch to arch_cpu_finalize_init() - init: Remove check_bugs() leftovers - init: Invoke arch_cpu_finalize_init() earlier - init, x86: Move mem_encrypt_init() into arch_cpu_finalize_init() - x86/fpu: Remove cpuinfo argument from init functions - x86/fpu: Mark init functions __init - x86/fpu: Move FPU initialization into arch_cpu_finalize_init() - x86/speculation: Add Gather Data Sampling mitigation - x86/speculation: Add force option to GDS mitigation - x86/speculation: Add Kconfig option for GDS - KVM: Add GDS_NO support to KVM - x86/xen: Fix secondary processors' FPU initialization - Documentation/x86: Fix backwards on/off logic about YMM support * [x86] cpu: Avoid ABI change for GDS mitigations Source openssh, binaries: openssh-client:amd64 openssh-server:amd64 openssh-sftp-server:amd64 openssh-client:arm64 openssh-server:arm64 openssh-sftp-server:arm64 openssh (1:7.9p1-10+deb10u3) buster-security; urgency=high . * Non-maintainer upload. . [ Salvatore Bonaccorso ] * ssh(1): Fix bad interaction between the ssh_config ConnectTimeout and ConnectionAttempts directives - connection attempts after the first were ignoring the requested timeout (LP: #1798049). . [ Utkarsh Gupta ] * remote code execution relating to PKCS#11 providers - debian/patches/CVE-2023-38408-1.patch: terminate process if requested to load a PKCS#11 provider that isn't a PKCS#11 provider in ssh-pkcs11.c. - debian/patches/CVE-2023-38408-3.patch: ensure FIDO/PKCS11 libraries contain expected symbols in misc.c, misc.h, ssh-pkcs11.c, ssh-sk.c. - CVE-2023-38408 Source openssl, binaries: libssl1.1:amd64 openssl:amd64 libssl1.1:arm64 openssl:arm64 openssl (1.1.1n-0+deb10u6) buster-security; urgency=medium . * Non-maintainer upload by the LTS Security Team. * CVE-2023-3446 (Excessive time with over sized modulus in DH_check()). * CVE-2023-3817 (Skip checking q properties in DH_check() if it is obviously invalid). -- Steve McIntyre <93sam@debian.org> Thu, 17 Aug 2023 13:22:04 +0000 10.13.17-20230802 Updates in 3 source package(s), 8 binary package(s): Source bind9, binaries: libdns-export1104:amd64 libisc-export1100:amd64 libdns-export1104:arm64 libisc-export1100:arm64 bind9 (1:9.11.5.P4+dfsg-5.1+deb10u9) buster-security; urgency=high . * Non-maintainer upload by the Debian LTS Team. * CVE-2023-2828: It was discovered that the effectiveness of the cache-cleaning algorithm used in named(5) can be severely diminished by querying the resolver for specific RRsets in a certain order, effectively allowing the configured max-cache-size limit to be significantly exceeded. * Add debian/.gitlab-ci.yml * Allow blhc failures; "CPPFLAGS missing", etc. * Backport a1dbd6d68 and ef4eef07f4 from bind9.git to make autopkgtests pass. Source debian-archive-keyring, binaries: debian-archive-keyring:amd64 debian-archive-keyring:arm64 debian-archive-keyring (2019.1+deb10u2) buster-security; urgency=medium . * Non-maintainer upload by the LTS Security Team. * Add Debian Stable Release Key (12/bookworm) (ID: 0xF8D2585B8783D481) * Debian Archive Automatic Signing Key (12/bookworm) (ID: B7C5D7D6350947F8) * Debian Security Archive Automatic Signing Key (12/bookworm) (ID: 254CF3B5AEC0A8F0) Source linux-latest, binaries: linux-image-cloud-amd64:amd64 linux-image-arm64:arm64 linux-latest (105+deb10u20) buster-security; urgency=medium . * Update to 4.19.0-25 . linux-latest (105+deb10u19) buster-security; urgency=medium . * Update to 4.19.0-24 . linux-latest (105+deb10u18) buster-security; urgency=medium . * Update to 4.19.0-23 . linux-latest (105+deb10u17) buster-security; urgency=medium . * Update to 4.19.0-22 . linux-latest (105+deb10u16) buster-security; urgency=medium . * Update to 4.19.0-21 . linux-latest (105+deb10u15) buster; urgency=medium . * Update to 4.19.0-20 . linux-latest (105+deb10u14) buster-security; urgency=high . * Update to 4.19.0-19 * linux-image: Add NEWS for unprivileged eBPF change . linux-latest (105+deb10u13) buster; urgency=medium . * Update to 4.19.0-18 . linux-latest (105+deb10u12) buster; urgency=medium . * Update to 4.19.0-17 . linux-latest (105+deb10u11) buster; urgency=medium . * Update to 4.19.0-16 . linux-latest (105+deb10u10) buster; urgency=medium . * Update to 4.19.0-15 . linux-latest (105+deb10u9) buster-security; urgency=high . * Update to 4.19.0-14 . linux-latest (105+deb10u8) buster; urgency=medium . * Update to 4.19.0-13 . linux-latest (105+deb10u7) buster-security; urgency=high . * Update to 4.19.0-12 . linux-latest (105+deb10u6) buster; urgency=medium . * Update to 4.19.0-11 . linux-latest (105+deb10u5) buster; urgency=medium . * Update to 4.19.0-10 . linux-latest (105+deb10u4) buster; urgency=medium . * Update to 4.19.0-9 . linux-latest (105+deb10u3) buster; urgency=medium . * Update to 4.19.0-8 . linux-latest (105+deb10u2) buster; urgency=medium . * Update to 4.19.0-7 . linux-latest (105+deb10u1) buster; urgency=medium . * Update to 4.19.0-6 . linux-latest (105) unstable; urgency=medium . * Update to 4.19.0-5 . linux-latest (104) unstable; urgency=medium . * Update to 4.19.0-4 . linux-latest (103) unstable; urgency=medium . * Update to 4.19.0-3 . linux-latest (102) unstable; urgency=medium . * Update to 4.19.0-2 . linux-latest (101) unstable; urgency=medium . * Update to 4.19.0-1 . linux-latest (100) unstable; urgency=medium . [ Romain Perier ] * Update to 4.18.0-3 . linux-latest (99) unstable; urgency=medium . * Update to 4.18.0-2 . linux-latest (98) unstable; urgency=medium . * Update to 4.18.0-1 . linux-latest (97) unstable; urgency=medium . * Update to 4.17.0-3 . linux-latest (96) unstable; urgency=medium . [ Romain Perier ] * Update to 4.17.0-2 . linux-latest (95) unstable; urgency=medium . [ Romain Perier ] * Update to 4.17.0-1 . linux-latest (94) unstable; urgency=medium . [ Ben Hutchings ] * Substitute source package name in lintian-overrides * Change binary package names to include any source package name suffix * Don't build redundant linux-doc, linux-source, linux-tools packages . [ Salvatore Bonaccorso ] * Update to 4.16.0-2 . linux-latest (93) unstable; urgency=medium . * Update to 4.16.0-1 . linux-latest (92) unstable; urgency=medium . * Update to 4.15.0-3 . linux-latest (91) unstable; urgency=medium . [ Ben Hutchings ] * debian/control: Point Vcs URLs to Salsa . [ Salvatore Bonaccorso ] * Update to 4.15.0-2 . linux-latest (90) unstable; urgency=medium . * Update to 4.15.0-1 . linux-latest (89) unstable; urgency=medium . * Update to 4.14.0-3 . linux-latest (88) unstable; urgency=medium . * Update to 4.14.0-2 . linux-latest (87) unstable; urgency=medium . * linux-image: Add back-dated NEWS for vsyscall change in Linux 4.10 * linux-doc: Add symlinks to current documentation * Update to 4.14.0-1 * linux-image: Add back-dated NEWS about AppArmor introduction . linux-latest (86) unstable; urgency=medium . * Add myself to Uploaders * Update to 4.13.0-1 . linux-latest (85) unstable; urgency=medium . * debian/control: Remove Frederik Schüler from Uploaders field * Update to 4.12.0-2 . linux-latest (84) unstable; urgency=medium . * Update to 4.12.0-1 (Closes: #872055) . linux-latest (83) unstable; urgency=medium . * Update to 4.11.0-2 . linux-latest (82) unstable; urgency=medium . * Revert changes to debug symbol meta-packages (Closes: #866691) . linux-latest (81) unstable; urgency=medium . * Update to 4.11.0-1 * Stop generating various transitional packages needed in stretch . linux-latest (80) unstable; urgency=medium . * Re-introduce xen-linux-system-amd64 *again* as transitional package (Closes: #857039) * Update to 4.9.0-3 . linux-latest (79) unstable; urgency=medium . * Update to 4.9.0-2 . linux-latest (78) unstable; urgency=medium . * debian/rules: Use dpkg-parsechangelog -S option to select fields * linux-image: Delete NEWS for version 76 about vsyscall changes, now reverted * Update to 4.9.0-1 . linux-latest (77) unstable; urgency=medium . * Update to 4.8.0-2 * Use debhelper compatibility level 9 * Re-introduce xen-linux-system packages, accidentally dropped in version 75 . linux-latest (76) unstable; urgency=medium . * Update to 4.8.0-1 * linux-image-{686-pae,amd64}: Delete old NEWS * linux-image: Add back-dated NEWS for conntrack helpers change in Linux 4.7 (Closes: #839632) * linux-image: Add NEWS for security hardening config changes for Linux 4.8 . linux-latest (75) unstable; urgency=medium . * Update to 4.7.0-1 * Rename and move debug symbol meta-packages to the debug archive * debian/control: Set priority of transitional packages to extra * debian/control: Update Standards-Version to 3.9.8; no changes needed . linux-latest (74) unstable; urgency=medium . * Update to 4.6.0-1 . linux-latest (73) unstable; urgency=medium . * Update to 4.5.0-2 . linux-latest (72) unstable; urgency=medium . * Update to 4.5.0-1 . linux-latest (71) unstable; urgency=medium . * Update to 4.4.0-1 - Change linux-{image,headers}-{kirkwood,orion5x} to transitional packages . linux-latest (70) unstable; urgency=medium . * Change linux-{image,headers}-586 to transitional packages . linux-latest (69) unstable; urgency=medium . * Update to 4.3.0-1 . linux-latest (68) unstable; urgency=medium . * Update to 4.2.0-1 * debian/bin/gencontrol.py: Use Python 3 . linux-latest (67) unstable; urgency=medium . * Adjust for migration to git: - Add .gitignore file - debian/control: Update Vcs-* fields * .gitignore: Ignore linux-perf build directory * Update to 4.1.0-2 * Change source format to 3.0 (native) so that .git directory is excluded by default . linux-latest (66) unstable; urgency=medium . * Update to 4.1.0-1 * Rename linux-tools to linux-perf, providing linux-tools as a transitional package . linux-latest (65) unstable; urgency=medium . * Update to 4.0.0-2 . linux-latest (64) unstable; urgency=medium . * Update to 4.0.0-1 * Stop generating linux-{headers,image}-486 transitional packages * debian/control: Build-Depend on linux-headers-*-all, so that after an ABI bump linux is auto-built before linux-latest on each architecture. (Closes: #746618) . linux-latest (63) unstable; urgency=medium . * Update to 3.16.0-4 - Change linux-{image,headers}-486 to transitional packages . linux-latest (62) unstable; urgency=medium . * Update to 3.16-3 (Closes: #766078) . linux-latest (61) unstable; urgency=medium . * Update to 3.16-2 . linux-latest (60) unstable; urgency=medium . * linux-image-{686-pae,amd64}: Add backdated NEWS for introduction of xz compression affecting Xen (Closes: #727736) * Update to 3.16-1 . linux-latest (59) unstable; urgency=medium . * Update to 3.14-2 . linux-latest (58) unstable; urgency=medium . * Rebuild to include arm64 and ppc64el architectures . linux-latest (57) unstable; urgency=medium . * Suppress lintian warnings about linux-image-dbg metapackages not looking like debug info packages * debian/control: Update Standards-Version to 3.9.5; no changes needed * Update to 3.14-1 . linux-latest (56) unstable; urgency=medium . * Update to 3.13-1 . linux-latest (55) unstable; urgency=low . * Update to 3.12-1 . linux-latest (54) unstable; urgency=low . * Update to 3.11-2 . linux-latest (53) unstable; urgency=low . * Add linux-image--dbg metapackages, providing the virtual package linux-latest-image-dbg * Update standards-version to 3.9.4; no changes required * Change section and priority fields to match archive overrides * Update to 3.11-1 * Stop providing virtual package linux-headers . linux-latest (52) unstable; urgency=low . * Update to 3.10-3 . linux-latest (51) unstable; urgency=low . * Update to 3.10-2 . linux-latest (50) unstable; urgency=low . * Update to 3.10-1 . linux-latest (49) unstable; urgency=low . * Update to 3.9-1 . linux-latest (48) unstable; urgency=low . * Update to 3.8-2 (Closes: #708842) . linux-latest (47) unstable; urgency=low . * Update to 3.8-1 * Remove transitional packages provided in wheezy . linux-latest (46) unstable; urgency=low . * Set Priority: extra, as currently overridden in the archive (Closes: #689846) * Add Czech debconf template translation (Michal Šimůnek) (Closes: #685501) * Update to 3.2.0-4 (Closes: #688222, #689864) . linux-latest (45) unstable; urgency=low . * Update to 3.2.0-3 . linux-latest (44) unstable; urgency=high . [ Ben Hutchings ] * Update debconf template translations: - Add Polish (Michał Kułach) (Closes: #659571) - Add Turkish (Mert Dirik) (Closes: #660119) * Update standards-version to 3.9.3: - Do not move packages to the 'metapackages' section, as that will cause APT not to auto-remove their dependencies * Move transitional packages to the section 'oldlibs', so that APT will treat the replacement packages as manually installed * Update to 3.2.0-2 * Stop generating linux-{headers,image}-2.6- transitional packages for flavours added since Linux 3.0 . linux-latest (43) unstable; urgency=low . * Add Vcs-{Svn,Browser} fields * Add debconf template translations: - Danish (Joe Hansen) (Closes: #656642) - Spanish (Slime Siabef) (Closes: #654681) - Italian (Stefano Canepa) (Closes: #657386) * [s390] Update the check for flavours without modules, removing the useless linux-headers{,-2.6}-s390x-tape packages . linux-latest (42) unstable; urgency=low . * Rename source package to linux-latest * Add debconf template translations: - Portugese (Miguel Figueiredo) (Closes: #651123) - Serbian latin (Zlatan Todoric) (Closes: #635895) - Russian (Yuri Kozlov) (Closes: #652431) - Japanese (Nobuhiro Iwamatsu) (Closes: #655687) * Update to 3.2.0-1 . linux-latest-2.6 (41) unstable; urgency=low . * Remove dependency on module makefiles in linux-support package * Update to 3.1.0-1 . linux-latest-2.6 (40) unstable; urgency=low . * Add debconf template translations: - Serbian cyrillic (Zlatan Todoric) (Closes: #635893) - German (Holger Wansing) (Closes: #637764) - French (Debian French l10n team) (Closes: #636624) - Swedish (Martin Bagge) (Closes: #640058) - Dutch (Jeroen Schot) (Closes: #640115) - Catalan (Innocent De Marchi) (Closes: #642109) * Update to 3.0.0-2 . linux-latest-2.6 (39) unstable; urgency=low . * Update to 3.0.0-1 . linux-latest-2.6 (38) experimental; urgency=low . * Correct xen-linux-system transitional package names . linux-latest-2.6 (37) experimental; urgency=low . * Update to 3.0.0-rc5 * Restore xen-linux-system- packages * Remove common description text from linux-image-2.6- packages . linux-latest-2.6 (36) experimental; urgency=low . * Update to 3.0.0-rc1 - Add linux-doc, linux-headers-, linux-source and linux-tools packages - Change *-2.6-* to transitional packages . linux-latest-2.6 (35.1) unstable; urgency=low . [ Bastian Blank ] * Update to 2.6.39-2. . linux-latest-2.6 (35) unstable; urgency=low . * Update to 2.6.39-1 - Change linux-image{,-2.6}-686{,-bigmem} to transitional packages . linux-latest-2.6 (34) unstable; urgency=low . * [hppa] Update to 2.6.38-2a . linux-latest-2.6 (33) unstable; urgency=low . * Update to 2.6.38-2 . linux-latest-2.6 (32) unstable; urgency=low . * Update to 2.6.38-1 . linux-latest-2.6 (31) unstable; urgency=low . * Update to 2.6.37-2 . linux-latest-2.6 (30) unstable; urgency=low . * Update to 2.6.37-1 . linux-latest-2.6 (29) unstable; urgency=low . * Add xen-linux-system-2.6-* meta-packages (Closes: #402414) * Add bug presubj message for image meta packages directing users to the real image packages (Closes: #549591) * Fix repetition in description of linux-image-2.6-xen-amd64 (Closes: #598648) * [x86] Correct lists of suitable processors . linux-latest-2.6 (28) unstable; urgency=low . * Move NEWS from linux-2.6, since apt-listchanges only shows it for upgraded packages * Add linux-tools-2.6 meta package * Change versions for linux-doc-2.6 and linux-source-2.6 to match those of the other meta packages . linux-latest-2.6 (27) unstable; urgency=low . * Really build linux-doc-2.6 and linux-source-2.6 meta packages . linux-latest-2.6 (26) unstable; urgency=low . [ Joachim Breitner ] * Create linux-doc-2.6 and linux-source-2.6 meta packages (Closes: 347284) . [ Ben Hutchings ] * Update to 2.6.32-5. * Update standards-version to 3.8.4; no changes required. * Explicitly describe all packages as meta-packages. . linux-latest-2.6 (25) unstable; urgency=high . * Update package description templates in line with linux-2.6. * Update to 2.6.32-3. * Set urgency to 'high' since this must transition with linux-2.6. . linux-latest-2.6 (24) unstable; urgency=low . * Update to 2.6.32-2. . linux-latest-2.6 (23) unstable; urgency=low . * Update to 2.6.32-trunk. . linux-latest-2.6 (22) unstable; urgency=low . * Update to 2.6.31-1. . linux-latest-2.6 (21) unstable; urgency=low . [ Bastian Blank ] * Update to 2.6.30-2. . [ Ben Hutchings ] * Add myself to uploaders. . linux-latest-2.6 (20) unstable; urgency=low . * Move into kernel section. * Update to 2.6.30-1. . linux-latest-2.6 (19) unstable; urgency=low . * Update to 2.6.29-2. * Use debhelper compat level 7. * Update copyright file. . linux-latest-2.6 (18) unstable; urgency=low . * Update to 2.6.29-1. * Use dh_prep. * Remove lenny transition packages. . linux-latest-2.6 (17) unstable; urgency=low . * Use correct part of the config for image type. * Add description parts to all image packages. . linux-latest-2.6 (16) unstable; urgency=low . * Rebuild to pick up new images . linux-latest-2.6 (15) unstable; urgency=low . * Update to 2.6.26-1. * Make linux-image-* complete meta packages. . linux-latest-2.6 (14) unstable; urgency=low . * Update to 2.6.25-2. . linux-latest-2.6 (13) unstable; urgency=low . * Add transitional packages for k7. . linux-latest-2.6 (12) unstable; urgency=low . * Update to 2.6.24-1. . linux-latest-2.6 (11) unstable; urgency=low . * Update to 2.6.22-3. . linux-latest-2.6 (10) unstable; urgency=low . * Update to 2.6.22-2. . linux-latest-2.6 (9) unstable; urgency=low . * Update to 2.6.22-1. . linux-latest-2.6 (8) unstable; urgency=low . * Update to 2.6.21-2. * Add modules meta packages. * Provide linux-latest-modules-*. (closes: #428783) . linux-latest-2.6 (7) unstable; urgency=low . * Update to 2.6.21-1. * Remove etch transition packages. . linux-latest-2.6 (6) unstable; urgency=low . * Update to 2.6.18-4. * i386: Add amd64 transition packages. . linux-latest-2.6 (5) unstable; urgency=low . * Update to 2.6.18-3. -- Steve McIntyre <93sam@debian.org> Wed, 02 Aug 2023 19:17:26 +0000 10.13.16-20230701 Updates in 5 source package(s), 36 binary package(s): Source libfastjson, binaries: libfastjson4:amd64 libfastjson4:arm64 libfastjson (0.99.8-2+deb10u1) buster-security; urgency=high * Non-maintainer upload by the LTS Team. * CVE-2020-12762 fix for out-of-bounds write with large JSON file Source python3.7, binaries: libpython3.7-minimal:amd64 libpython3.7-stdlib:amd64 python3.7:amd64 python3.7-minimal:amd64 libpython3.7-minimal:arm64 libpython3.7-stdlib:arm64 python3.7:arm64 python3.7-minimal:arm64 python3.7 (3.7.3-2+deb10u5) buster-security; urgency=medium * Non-maintainer upload by the LTS Security Team. * CVE-2015-20107: The mailcap module did not add escape characters into commands discovered in the system mailcap file. * CVE-2020-10735: Prevent DoS with very large int. * CVE-2021-3426: Remove the pydoc getfile feature which could be abused to read arbitrary files on the disk. * CVE-2021-3733: Regular Expression Denial of Service in urllib's AbstractBasicAuthHandler class. * CVE-2021-3737: Infinite loop in the HTTP client code. * CVE-2021-4189: Make ftplib not trust the PASV response. * CVE-2022-45061: Quadratic time in the IDNA decoder. Source requests, binaries: python-requests:amd64 python3-requests:amd64 python-requests:arm64 python3-requests:arm64 requests (2.21.0-1+deb10u1) buster-security; urgency=high * Non-maintainer upload by the LTS team. * Fix CVE-2023-32681: Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. For HTTP connections sent through the tunnel, the proxy will identify the header in the request itself and remove it prior to forwarding to the destination server. However when sent over HTTPS, the `Proxy-Authorization` header must be sent in the CONNECT request as the proxy has no visibility into the tunneled request. This results in Requests forwarding proxy credentials to the destination server unintentionally, allowing a malicious actor to potentially exfiltrate sensitive information. Source systemd, binaries: libpam-systemd:amd64 libsystemd0:amd64 libudev1:amd64 systemd:amd64 systemd-sysv:amd64 udev:amd64 libpam-systemd:arm64 libsystemd0:arm64 libudev1:arm64 systemd:arm64 systemd-sysv:arm64 udev:arm64 systemd (241-7~deb10u10) buster-security; urgency=medium * Non-maintainer upload by the LTS Security Team. * CVE-2022-3821: Buffer overrun in format_timespan(). * logind: Fix getting property OnExternalPower via D-Bus. * Fix memory leak on daemon-reload. Source vim, binaries: vim:amd64 vim-common:amd64 vim-runtime:amd64 vim-tiny:amd64 xxd:amd64 vim:arm64 vim-common:arm64 vim-runtime:arm64 vim-tiny:arm64 xxd:arm64 vim (2:8.1.0875-5+deb10u5) buster-security; urgency=high * Non-maintainer upload by the LTS team. * Fix CVE-2022-4141, CVE-2023-0054, CVE-2023-1175, CVE-2023-2610: Multiple security vulnerabilities have been discovered in vim, an enhanced vi editor. Buffer overflows and out-of-bounds reads may lead to a denial-of-service (application crash) or other unspecified impact. -- Steve McIntyre <93sam@debian.org> Sat, 01 Jul 2023 17:23:14 +0000 10.13.15-20230609 Updates in 2 source package(s), 6 binary package(s): Source cpio, binaries: cpio:amd64 cpio:arm64 cpio (2.12+dfsg-9+deb10u1) buster-security; urgency=medium * Non-maintainer upload by the LTS Security Team. * CVE-2019-14866: Improper validation of input files when generating tar archives. * CVE-2021-38185: Arbitrary code via crafted pattern file. Source openssl, binaries: libssl1.1:amd64 openssl:amd64 libssl1.1:arm64 openssl:arm64 openssl (1.1.1n-0+deb10u5) buster-security; urgency=medium [ Sylvain Beucler ] * Non-maintainer upload by the LTS Security Team. [ Sebastian Andrzej Siewior ] * CVE-2023-0464 (Excessive Resource Usage Verifying X.509 Policy Constraints) (Closes: #1034720). * CVE-2023-0465 (Invalid certificate policies in leaf certificates are silently ignored). * CVE-2023-0466 (Certificate policy check not enabled). * Alternative fix for CVE-2022-4304 (Timing Oracle in RSA Decryption). * CVE-2023-2650 (Possible DoS translating ASN.1 object identifiers). -- Steve McIntyre <93sam@debian.org> Fri, 09 Jun 2023 12:45:25 +0000 10.13.14-20230528 Updates in 3 source package(s), 12 binary package(s): Source linux-latest, binaries: linux-image-cloud-amd64:amd64 linux-image-arm64:arm64 linux-latest (105+deb10u19) buster-security; urgency=medium * Update to 4.19.0-24 linux-latest (105+deb10u18) buster-security; urgency=medium * Update to 4.19.0-23 linux-latest (105+deb10u17) buster-security; urgency=medium * Update to 4.19.0-22 linux-latest (105+deb10u16) buster-security; urgency=medium * Update to 4.19.0-21 linux-latest (105+deb10u15) buster; urgency=medium * Update to 4.19.0-20 linux-latest (105+deb10u14) buster-security; urgency=high * Update to 4.19.0-19 * linux-image: Add NEWS for unprivileged eBPF change linux-latest (105+deb10u13) buster; urgency=medium * Update to 4.19.0-18 linux-latest (105+deb10u12) buster; urgency=medium * Update to 4.19.0-17 linux-latest (105+deb10u11) buster; urgency=medium * Update to 4.19.0-16 linux-latest (105+deb10u10) buster; urgency=medium * Update to 4.19.0-15 linux-latest (105+deb10u9) buster-security; urgency=high * Update to 4.19.0-14 linux-latest (105+deb10u8) buster; urgency=medium * Update to 4.19.0-13 linux-latest (105+deb10u7) buster-security; urgency=high * Update to 4.19.0-12 linux-latest (105+deb10u6) buster; urgency=medium * Update to 4.19.0-11 linux-latest (105+deb10u5) buster; urgency=medium * Update to 4.19.0-10 linux-latest (105+deb10u4) buster; urgency=medium * Update to 4.19.0-9 linux-latest (105+deb10u3) buster; urgency=medium * Update to 4.19.0-8 linux-latest (105+deb10u2) buster; urgency=medium * Update to 4.19.0-7 linux-latest (105+deb10u1) buster; urgency=medium * Update to 4.19.0-6 linux-latest (105) unstable; urgency=medium * Update to 4.19.0-5 linux-latest (104) unstable; urgency=medium * Update to 4.19.0-4 linux-latest (103) unstable; urgency=medium * Update to 4.19.0-3 linux-latest (102) unstable; urgency=medium * Update to 4.19.0-2 linux-latest (101) unstable; urgency=medium * Update to 4.19.0-1 linux-latest (100) unstable; urgency=medium [ Romain Perier ] * Update to 4.18.0-3 linux-latest (99) unstable; urgency=medium * Update to 4.18.0-2 linux-latest (98) unstable; urgency=medium * Update to 4.18.0-1 linux-latest (97) unstable; urgency=medium * Update to 4.17.0-3 linux-latest (96) unstable; urgency=medium [ Romain Perier ] * Update to 4.17.0-2 linux-latest (95) unstable; urgency=medium [ Romain Perier ] * Update to 4.17.0-1 linux-latest (94) unstable; urgency=medium [ Ben Hutchings ] * Substitute source package name in lintian-overrides * Change binary package names to include any source package name suffix * Don't build redundant linux-doc, linux-source, linux-tools packages [ Salvatore Bonaccorso ] * Update to 4.16.0-2 linux-latest (93) unstable; urgency=medium * Update to 4.16.0-1 linux-latest (92) unstable; urgency=medium * Update to 4.15.0-3 linux-latest (91) unstable; urgency=medium [ Ben Hutchings ] * debian/control: Point Vcs URLs to Salsa [ Salvatore Bonaccorso ] * Update to 4.15.0-2 linux-latest (90) unstable; urgency=medium * Update to 4.15.0-1 linux-latest (89) unstable; urgency=medium * Update to 4.14.0-3 linux-latest (88) unstable; urgency=medium * Update to 4.14.0-2 linux-latest (87) unstable; urgency=medium * linux-image: Add back-dated NEWS for vsyscall change in Linux 4.10 * linux-doc: Add symlinks to current documentation * Update to 4.14.0-1 * linux-image: Add back-dated NEWS about AppArmor introduction linux-latest (86) unstable; urgency=medium * Add myself to Uploaders * Update to 4.13.0-1 linux-latest (85) unstable; urgency=medium * debian/control: Remove Frederik Schüler from Uploaders field * Update to 4.12.0-2 linux-latest (84) unstable; urgency=medium * Update to 4.12.0-1 (Closes: #872055) linux-latest (83) unstable; urgency=medium * Update to 4.11.0-2 linux-latest (82) unstable; urgency=medium * Revert changes to debug symbol meta-packages (Closes: #866691) linux-latest (81) unstable; urgency=medium * Update to 4.11.0-1 * Stop generating various transitional packages needed in stretch linux-latest (80) unstable; urgency=medium * Re-introduce xen-linux-system-amd64 *again* as transitional package (Closes: #857039) * Update to 4.9.0-3 linux-latest (79) unstable; urgency=medium * Update to 4.9.0-2 linux-latest (78) unstable; urgency=medium * debian/rules: Use dpkg-parsechangelog -S option to select fields * linux-image: Delete NEWS for version 76 about vsyscall changes, now reverted * Update to 4.9.0-1 linux-latest (77) unstable; urgency=medium * Update to 4.8.0-2 * Use debhelper compatibility level 9 * Re-introduce xen-linux-system packages, accidentally dropped in version 75 linux-latest (76) unstable; urgency=medium * Update to 4.8.0-1 * linux-image-{686-pae,amd64}: Delete old NEWS * linux-image: Add back-dated NEWS for conntrack helpers change in Linux 4.7 (Closes: #839632) * linux-image: Add NEWS for security hardening config changes for Linux 4.8 linux-latest (75) unstable; urgency=medium * Update to 4.7.0-1 * Rename and move debug symbol meta-packages to the debug archive * debian/control: Set priority of transitional packages to extra * debian/control: Update Standards-Version to 3.9.8; no changes needed linux-latest (74) unstable; urgency=medium * Update to 4.6.0-1 linux-latest (73) unstable; urgency=medium * Update to 4.5.0-2 linux-latest (72) unstable; urgency=medium * Update to 4.5.0-1 linux-latest (71) unstable; urgency=medium * Update to 4.4.0-1 - Change linux-{image,headers}-{kirkwood,orion5x} to transitional packages linux-latest (70) unstable; urgency=medium * Change linux-{image,headers}-586 to transitional packages linux-latest (69) unstable; urgency=medium * Update to 4.3.0-1 linux-latest (68) unstable; urgency=medium * Update to 4.2.0-1 * debian/bin/gencontrol.py: Use Python 3 linux-latest (67) unstable; urgency=medium * Adjust for migration to git: - Add .gitignore file - debian/control: Update Vcs-* fields * .gitignore: Ignore linux-perf build directory * Update to 4.1.0-2 * Change source format to 3.0 (native) so that .git directory is excluded by default linux-latest (66) unstable; urgency=medium * Update to 4.1.0-1 * Rename linux-tools to linux-perf, providing linux-tools as a transitional package linux-latest (65) unstable; urgency=medium * Update to 4.0.0-2 linux-latest (64) unstable; urgency=medium * Update to 4.0.0-1 * Stop generating linux-{headers,image}-486 transitional packages * debian/control: Build-Depend on linux-headers-*-all, so that after an ABI bump linux is auto-built before linux-latest on each architecture. (Closes: #746618) linux-latest (63) unstable; urgency=medium * Update to 3.16.0-4 - Change linux-{image,headers}-486 to transitional packages linux-latest (62) unstable; urgency=medium * Update to 3.16-3 (Closes: #766078) linux-latest (61) unstable; urgency=medium * Update to 3.16-2 linux-latest (60) unstable; urgency=medium * linux-image-{686-pae,amd64}: Add backdated NEWS for introduction of xz compression affecting Xen (Closes: #727736) * Update to 3.16-1 linux-latest (59) unstable; urgency=medium * Update to 3.14-2 linux-latest (58) unstable; urgency=medium * Rebuild to include arm64 and ppc64el architectures linux-latest (57) unstable; urgency=medium * Suppress lintian warnings about linux-image-dbg metapackages not looking like debug info packages * debian/control: Update Standards-Version to 3.9.5; no changes needed * Update to 3.14-1 linux-latest (56) unstable; urgency=medium * Update to 3.13-1 linux-latest (55) unstable; urgency=low * Update to 3.12-1 linux-latest (54) unstable; urgency=low * Update to 3.11-2 linux-latest (53) unstable; urgency=low * Add linux-image--dbg metapackages, providing the virtual package linux-latest-image-dbg * Update standards-version to 3.9.4; no changes required * Change section and priority fields to match archive overrides * Update to 3.11-1 * Stop providing virtual package linux-headers linux-latest (52) unstable; urgency=low * Update to 3.10-3 linux-latest (51) unstable; urgency=low * Update to 3.10-2 linux-latest (50) unstable; urgency=low * Update to 3.10-1 linux-latest (49) unstable; urgency=low * Update to 3.9-1 linux-latest (48) unstable; urgency=low * Update to 3.8-2 (Closes: #708842) linux-latest (47) unstable; urgency=low * Update to 3.8-1 * Remove transitional packages provided in wheezy linux-latest (46) unstable; urgency=low * Set Priority: extra, as currently overridden in the archive (Closes: #689846) * Add Czech debconf template translation (Michal Šimůnek) (Closes: #685501) * Update to 3.2.0-4 (Closes: #688222, #689864) linux-latest (45) unstable; urgency=low * Update to 3.2.0-3 linux-latest (44) unstable; urgency=high [ Ben Hutchings ] * Update debconf template translations: - Add Polish (Michał Kułach) (Closes: #659571) - Add Turkish (Mert Dirik) (Closes: #660119) * Update standards-version to 3.9.3: - Do not move packages to the 'metapackages' section, as that will cause APT not to auto-remove their dependencies * Move transitional packages to the section 'oldlibs', so that APT will treat the replacement packages as manually installed * Update to 3.2.0-2 * Stop generating linux-{headers,image}-2.6- transitional packages for flavours added since Linux 3.0 linux-latest (43) unstable; urgency=low * Add Vcs-{Svn,Browser} fields * Add debconf template translations: - Danish (Joe Hansen) (Closes: #656642) - Spanish (Slime Siabef) (Closes: #654681) - Italian (Stefano Canepa) (Closes: #657386) * [s390] Update the check for flavours without modules, removing the useless linux-headers{,-2.6}-s390x-tape packages linux-latest (42) unstable; urgency=low * Rename source package to linux-latest * Add debconf template translations: - Portugese (Miguel Figueiredo) (Closes: #651123) - Serbian latin (Zlatan Todoric) (Closes: #635895) - Russian (Yuri Kozlov) (Closes: #652431) - Japanese (Nobuhiro Iwamatsu) (Closes: #655687) * Update to 3.2.0-1 linux-latest-2.6 (41) unstable; urgency=low * Remove dependency on module makefiles in linux-support package * Update to 3.1.0-1 linux-latest-2.6 (40) unstable; urgency=low * Add debconf template translations: - Serbian cyrillic (Zlatan Todoric) (Closes: #635893) - German (Holger Wansing) (Closes: #637764) - French (Debian French l10n team) (Closes: #636624) - Swedish (Martin Bagge) (Closes: #640058) - Dutch (Jeroen Schot) (Closes: #640115) - Catalan (Innocent De Marchi) (Closes: #642109) * Update to 3.0.0-2 linux-latest-2.6 (39) unstable; urgency=low * Update to 3.0.0-1 linux-latest-2.6 (38) experimental; urgency=low * Correct xen-linux-system transitional package names linux-latest-2.6 (37) experimental; urgency=low * Update to 3.0.0-rc5 * Restore xen-linux-system- packages * Remove common description text from linux-image-2.6- packages linux-latest-2.6 (36) experimental; urgency=low * Update to 3.0.0-rc1 - Add linux-doc, linux-headers-, linux-source and linux-tools packages - Change *-2.6-* to transitional packages linux-latest-2.6 (35.1) unstable; urgency=low [ Bastian Blank ] * Update to 2.6.39-2. linux-latest-2.6 (35) unstable; urgency=low * Update to 2.6.39-1 - Change linux-image{,-2.6}-686{,-bigmem} to transitional packages linux-latest-2.6 (34) unstable; urgency=low * [hppa] Update to 2.6.38-2a linux-latest-2.6 (33) unstable; urgency=low * Update to 2.6.38-2 linux-latest-2.6 (32) unstable; urgency=low * Update to 2.6.38-1 linux-latest-2.6 (31) unstable; urgency=low * Update to 2.6.37-2 linux-latest-2.6 (30) unstable; urgency=low * Update to 2.6.37-1 linux-latest-2.6 (29) unstable; urgency=low * Add xen-linux-system-2.6-* meta-packages (Closes: #402414) * Add bug presubj message for image meta packages directing users to the real image packages (Closes: #549591) * Fix repetition in description of linux-image-2.6-xen-amd64 (Closes: #598648) * [x86] Correct lists of suitable processors linux-latest-2.6 (28) unstable; urgency=low * Move NEWS from linux-2.6, since apt-listchanges only shows it for upgraded packages * Add linux-tools-2.6 meta package * Change versions for linux-doc-2.6 and linux-source-2.6 to match those of the other meta packages linux-latest-2.6 (27) unstable; urgency=low * Really build linux-doc-2.6 and linux-source-2.6 meta packages linux-latest-2.6 (26) unstable; urgency=low [ Joachim Breitner ] * Create linux-doc-2.6 and linux-source-2.6 meta packages (Closes: 347284) [ Ben Hutchings ] * Update to 2.6.32-5. * Update standards-version to 3.8.4; no changes required. * Explicitly describe all packages as meta-packages. linux-latest-2.6 (25) unstable; urgency=high * Update package description templates in line with linux-2.6. * Update to 2.6.32-3. * Set urgency to 'high' since this must transition with linux-2.6. linux-latest-2.6 (24) unstable; urgency=low * Update to 2.6.32-2. linux-latest-2.6 (23) unstable; urgency=low * Update to 2.6.32-trunk. linux-latest-2.6 (22) unstable; urgency=low * Update to 2.6.31-1. linux-latest-2.6 (21) unstable; urgency=low [ Bastian Blank ] * Update to 2.6.30-2. [ Ben Hutchings ] * Add myself to uploaders. linux-latest-2.6 (20) unstable; urgency=low * Move into kernel section. * Update to 2.6.30-1. linux-latest-2.6 (19) unstable; urgency=low * Update to 2.6.29-2. * Use debhelper compat level 7. * Update copyright file. linux-latest-2.6 (18) unstable; urgency=low * Update to 2.6.29-1. * Use dh_prep. * Remove lenny transition packages. linux-latest-2.6 (17) unstable; urgency=low * Use correct part of the config for image type. * Add description parts to all image packages. linux-latest-2.6 (16) unstable; urgency=low * Rebuild to pick up new images linux-latest-2.6 (15) unstable; urgency=low * Update to 2.6.26-1. * Make linux-image-* complete meta packages. linux-latest-2.6 (14) unstable; urgency=low * Update to 2.6.25-2. linux-latest-2.6 (13) unstable; urgency=low * Add transitional packages for k7. linux-latest-2.6 (12) unstable; urgency=low * Update to 2.6.24-1. linux-latest-2.6 (11) unstable; urgency=low * Update to 2.6.22-3. linux-latest-2.6 (10) unstable; urgency=low * Update to 2.6.22-2. linux-latest-2.6 (9) unstable; urgency=low * Update to 2.6.22-1. linux-latest-2.6 (8) unstable; urgency=low * Update to 2.6.21-2. * Add modules meta packages. * Provide linux-latest-modules-*. (closes: #428783) linux-latest-2.6 (7) unstable; urgency=low * Update to 2.6.21-1. * Remove etch transition packages. linux-latest-2.6 (6) unstable; urgency=low * Update to 2.6.18-4. * i386: Add amd64 transition packages. linux-latest-2.6 (5) unstable; urgency=low * Update to 2.6.18-3. Source python2.7, binaries: libpython2.7-minimal:amd64 libpython2.7-stdlib:amd64 python2.7:amd64 python2.7-minimal:amd64 libpython2.7-minimal:arm64 libpython2.7-stdlib:arm64 python2.7:arm64 python2.7-minimal:arm64 python2.7 (2.7.16-2+deb10u2) buster-security; urgency=high * Non-maintainer upload by the LTS Security Team. * Update self-signed.pythontest.net SSL certificate in testsuite (fixes test_httplib test suite) * CVE-2015-20107: the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input (if they lack validation of user-provided filenames or arguments). * CVE-2019-20907: in Lib/tarfile.py, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation. (Closes: #970099) * CVE-2020-8492: Python allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking. (Closes: #970099) * CVE-2020-26116: http.client allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request. * CVE-2021-3177: Python has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param. This occurs because sprintf is used unsafely. * CVE-2021-3733: There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafted payload that is sent by the server to the client. * CVE-2021-3737: An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. * CVE-2021-4189: the FTP (File Transfer Protocol) client library in PASV (passive) mode trusts the host from the PASV response by default. This flaw allows an attacker to set up a malicious FTP server that can trick FTP clients into connecting back to a given IP address and port. This vulnerability could lead to FTP client scanning ports. For the rare user who wants the previous behavior, set a `trust_server_pasv_ipv4_address` attribute on your `ftplib.FTP` instance to True. * CVE-2022-45061: An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Source tzdata, binaries: tzdata:amd64 tzdata:arm64 tzdata (2021a-0+deb10u11) buster-security; urgency=medium * Sync patchset with bullseye. * Revert the Lebanon DST change. * Update templates and add translations for Ciudad Juarez. * No leap second in June 2023. -- Steve McIntyre <93sam@debian.org> Sun, 28 May 2023 18:20:13 +0000 10.13.13-20230501 Updates in 3 source package(s), 16 binary package(s): Source distro-info-data, binaries: distro-info-data:amd64 distro-info-data:arm64 distro-info-data (0.41+deb10u7) buster-security; urgency=medium * Update data to 0.58, without new columns: - Add Debian 14 "forky" with a vague creation date. - Correct Ubuntu 23.04 release date to 2023-04-20. - Tighten validate-csv-data heuristics, restricting Ubuntu EoLs to Tue-Thursday. - Document Ubuntu ESM overlap period (LP: #2003949) - Add Ubuntu 23.10 Mantic Minotaur (LP: #2018028) - Set the planned release date for Debian bookworm (and an EoL based on it). - Adjust trixie's creation date to match bookworm's release. Source libxml2, binaries: libxml2:amd64 libxml2:arm64 libxml2 (2.9.4+dfsg1-7+deb10u6) buster-security; urgency=high * Non-maintainer upload by the LTS Team. * schemas: Fix null-pointer-deref in xmlSchemaCheckCOSSTDerivedOK * CVE-2023-28484 Fix null deref in xmlSchemaFixupComplexType * CVE-2023-29469 Hashing of empty dict strings isn't deterministic Source systemd, binaries: libpam-systemd:amd64 libsystemd0:amd64 libudev1:amd64 systemd:amd64 systemd-sysv:amd64 udev:amd64 libpam-systemd:arm64 libsystemd0:arm64 libudev1:arm64 systemd:arm64 systemd-sysv:arm64 udev:arm64 systemd (241-7~deb10u9) buster-security; urgency=medium * Non-maintainer upload by the LTS Security Team. * CVE-2023-26604: Local privilege escalation for some sudo configurations. -- Steve McIntyre <93sam@debian.org> Mon, 01 May 2023 14:09:08 +0000 10.13.12-20230325 Updates in 5 source package(s), 10 binary package(s): Source pcre2, binaries: libpcre2-8-0:amd64 libpcre2-8-0:arm64 pcre2 (10.32-5+deb10u1) buster-security; urgency=high * Non-maintainer upload by the LTS Security Team. * CVE-2019-20454: Out-of-bounds read when the pattern \X is JIT compiled and used to match specially crafted subjects in non-UTF mode. * CVE-2022-1586: Out-of-bounds read involving unicode property matching in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT. (Closes: #1011954). * CVE-2022-1587: Out-of-bounds read affecting recursions in JIT-compiled regular expressions caused by duplicate data transfers. (Closes: #1011954). * Subject buffer overread in JIT when UTF is disabled and \X or \R has a greater than 1 fixed quantifier. Source python-cryptography, binaries: python3-cryptography:amd64 python3-cryptography:arm64 python-cryptography (2.6.1-3+deb10u4) buster-security; urgency=high * Adjust which call to CFFI's from_buffer is marked require_writable=True to address an issue in 2.6.1-3+deb10u4's attempt to fix CVE-2023-23931. python-cryptography (2.6.1-3+deb10u3) buster-security; urgency=high * Non-maintainer upload by the Debian LTS team. * CVE-2023-23931: Prevent a potential memory corruption vulnerability caused by a programming confusion between mutable and immutable buffers. (Closes: #1031049) Source qemu, binaries: qemu-utils:amd64 qemu-utils:arm64 qemu (1:3.1+dfsg-8+deb10u10) buster-security; urgency=high * Non-maintainer upload by the LTS Security Team. * CVE-2020-14394: An infinite loop flaw was found in the USB xHCI controller emulation of QEMU while computing the length of the Transfer Request Block (TRB) Ring. This flaw allows a privileged guest user to hang the QEMU process on the host, resulting in a denial of service. (Closes: #979677) * CVE-2020-17380/CVE-2021-3409: A heap-based buffer overflow was found in QEMU in the SDHCI device emulation support. It could occur while doing a multi block SDMA transfer via the sdhci_sdma_transfer_multi_blocks() routine in hw/sd/sdhci.c. A guest user or process could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition, or potentially execute arbitrary code with privileges of the QEMU process on the host. (Closes: #970937, #986795) * CVE-2020-29130: slirp.c has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length. * CVE-2021-3592: An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the bootp_input() function and could occur while processing a udp packet that is smaller than the size of the 'bootp_t' structure. A malicious guest could use this flaw to leak 10 bytes of uninitialized heap memory from the host. (Closes: #989993) * CVE-2021-3593: An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp6_input() function and could occur while processing a udp packet that is smaller than the size of the 'udphdr' structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. (Closes: #989994) * CVE-2021-3594: An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp_input() function and could occur while processing a udp packet that is smaller than the size of the 'udphdr' structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. (Closes: #989995) * CVE-2021-3595: An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the tftp_input() function and could occur while processing a udp packet that is smaller than the size of the 'tftp_t' structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. (Closes: #989996) * CVE-2022-0216: A use-after-free vulnerability was found in the LSI53C895A SCSI Host Bus Adapter emulation of QEMU. The flaw occurs while processing repeated messages to cancel the current SCSI request via the lsi_do_msgout function. This flaw allows a malicious privileged user within the guest to crash the QEMU process on the host, resulting in a denial of service. (Closes: #1014590) * CVE-2022-1050: A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. This flaw allows a crafted guest driver to execute HW commands when shared buffers are not yet allocated, potentially leading to a use-after-free condition. (Closes: #1014589) Source tzdata, binaries: tzdata:amd64 tzdata:arm64 tzdata (2021a-0+deb10u10) buster-security; urgency=medium * Update DST rules for Greenland * Update DST rules for Egypt * Update DST rules for Morocco * Update DST rules for Palestine tzdata (2021a-0+deb10u9) buster-security; urgency=medium * Backport changes from upstream: - Fiji no longer observes DST. - Update DST rules for Mexico. - Update DST rules for Lebanon. * Add myself to Uploaders. Source xapian-core, binaries: libxapian30:amd64 libxapian30:arm64 xapian-core (1.4.11-1+deb10u1) buster-security; urgency=medium * debian/patches/fix-db-corruption-on-ENOSPC.patch: New patch to fix potential database corruption if switching the new revision live fails with ENOSPC but the recovery process does NOT get ENOSPC. The fix here is taken from upstream's 1.4.22 release and is the simplest way to address the problem: simply reread the current version file from disk which means the in memory state will match the previously committed state. Closes: #1032398 * debian/patches/fix-check-on-replication-changesets.patch: Fix xapian-check and Database::check() on a database with valid replication changesets to not incorrectly fail with "DatabaseError: Changes file - bad table code". The fix here is taken from upstream's 1.4.15 release. -- Steve McIntyre <93sam@debian.org> Sat, 25 Mar 2023 14:33:56 +0000 10.13.11-20230221 Updates in 3 source package(s), 10 binary package(s): Source gnutls28, binaries: libgnutls30:amd64 libgnutls30:arm64 gnutls28 (3.6.7-4+deb10u10) buster-security; urgency=high * Non-maintainer upload by the LTS team. * Fix CVE-2023-0361: Hubert Kario discovered a timing side channel in the RSA decryption implementation of the GNU TLS library. Source isc-dhcp, binaries: isc-dhcp-client:amd64 isc-dhcp-common:amd64 isc-dhcp-client:arm64 isc-dhcp-common:arm64 isc-dhcp (4.4.1-2+deb10u3) buster-security; urgency=medium * Non-maintainer upload. * Backport missing IPv6 address lifetime handling. (closes: #1022969) Source openssl, binaries: libssl1.1:amd64 openssl:amd64 libssl1.1:arm64 openssl:arm64 openssl (1.1.1n-0+deb10u4) buster-security; urgency=medium * Non-maintainer upload by the LTS Team. * CVE-2022-4450 (Double free after calling PEM_read_bio_ex). * CVE-2023-0286 (X.400 address type confusion in X.509 GeneralName). * CVE-2023-0215 (Use-after-free following BIO_new_NDEF). * CVE-2022-4304 (Timing Oracle in RSA Decryption). * CVE-2022-2097 (AES OCB fails to encrypt some bytes). -- Steve McIntyre <93sam@debian.org> Tue, 21 Feb 2023 16:51:01 +0000 10.13.10-20230122 Updates in 3 source package(s), 6 binary package(s): Source libtasn1-6, binaries: libtasn1-6:amd64 libtasn1-6:arm64 libtasn1-6 (4.13-3+deb10u1) buster-security; urgency=high * Non-maintainer upload by the Debian LTS team. * CVE-2021-46848: Fix an off-by-one array size issue that affected the asn1_encode_simple_der function. * Add debian/.gitlab-ci.yml and disable crossbuilding tests. * Move texinfo to Build-Depends to fix "any"-style build. Source linux-latest, binaries: linux-image-cloud-amd64:amd64 linux-image-arm64:arm64 linux-latest (105+deb10u18) buster-security; urgency=medium * Update to 4.19.0-23 linux-latest (105+deb10u17) buster-security; urgency=medium * Update to 4.19.0-22 linux-latest (105+deb10u16) buster-security; urgency=medium * Update to 4.19.0-21 linux-latest (105+deb10u15) buster; urgency=medium * Update to 4.19.0-20 linux-latest (105+deb10u14) buster-security; urgency=high * Update to 4.19.0-19 * linux-image: Add NEWS for unprivileged eBPF change linux-latest (105+deb10u13) buster; urgency=medium * Update to 4.19.0-18 linux-latest (105+deb10u12) buster; urgency=medium * Update to 4.19.0-17 linux-latest (105+deb10u11) buster; urgency=medium * Update to 4.19.0-16 linux-latest (105+deb10u10) buster; urgency=medium * Update to 4.19.0-15 linux-latest (105+deb10u9) buster-security; urgency=high * Update to 4.19.0-14 linux-latest (105+deb10u8) buster; urgency=medium * Update to 4.19.0-13 linux-latest (105+deb10u7) buster-security; urgency=high * Update to 4.19.0-12 linux-latest (105+deb10u6) buster; urgency=medium * Update to 4.19.0-11 linux-latest (105+deb10u5) buster; urgency=medium * Update to 4.19.0-10 linux-latest (105+deb10u4) buster; urgency=medium * Update to 4.19.0-9 linux-latest (105+deb10u3) buster; urgency=medium * Update to 4.19.0-8 linux-latest (105+deb10u2) buster; urgency=medium * Update to 4.19.0-7 linux-latest (105+deb10u1) buster; urgency=medium * Update to 4.19.0-6 linux-latest (105) unstable; urgency=medium * Update to 4.19.0-5 linux-latest (104) unstable; urgency=medium * Update to 4.19.0-4 linux-latest (103) unstable; urgency=medium * Update to 4.19.0-3 linux-latest (102) unstable; urgency=medium * Update to 4.19.0-2 linux-latest (101) unstable; urgency=medium * Update to 4.19.0-1 linux-latest (100) unstable; urgency=medium [ Romain Perier ] * Update to 4.18.0-3 linux-latest (99) unstable; urgency=medium * Update to 4.18.0-2 linux-latest (98) unstable; urgency=medium * Update to 4.18.0-1 linux-latest (97) unstable; urgency=medium * Update to 4.17.0-3 linux-latest (96) unstable; urgency=medium [ Romain Perier ] * Update to 4.17.0-2 linux-latest (95) unstable; urgency=medium [ Romain Perier ] * Update to 4.17.0-1 linux-latest (94) unstable; urgency=medium [ Ben Hutchings ] * Substitute source package name in lintian-overrides * Change binary package names to include any source package name suffix * Don't build redundant linux-doc, linux-source, linux-tools packages [ Salvatore Bonaccorso ] * Update to 4.16.0-2 linux-latest (93) unstable; urgency=medium * Update to 4.16.0-1 linux-latest (92) unstable; urgency=medium * Update to 4.15.0-3 linux-latest (91) unstable; urgency=medium [ Ben Hutchings ] * debian/control: Point Vcs URLs to Salsa [ Salvatore Bonaccorso ] * Update to 4.15.0-2 linux-latest (90) unstable; urgency=medium * Update to 4.15.0-1 linux-latest (89) unstable; urgency=medium * Update to 4.14.0-3 linux-latest (88) unstable; urgency=medium * Update to 4.14.0-2 linux-latest (87) unstable; urgency=medium * linux-image: Add back-dated NEWS for vsyscall change in Linux 4.10 * linux-doc: Add symlinks to current documentation * Update to 4.14.0-1 * linux-image: Add back-dated NEWS about AppArmor introduction linux-latest (86) unstable; urgency=medium * Add myself to Uploaders * Update to 4.13.0-1 linux-latest (85) unstable; urgency=medium * debian/control: Remove Frederik Schüler from Uploaders field * Update to 4.12.0-2 linux-latest (84) unstable; urgency=medium * Update to 4.12.0-1 (Closes: #872055) linux-latest (83) unstable; urgency=medium * Update to 4.11.0-2 linux-latest (82) unstable; urgency=medium * Revert changes to debug symbol meta-packages (Closes: #866691) linux-latest (81) unstable; urgency=medium * Update to 4.11.0-1 * Stop generating various transitional packages needed in stretch linux-latest (80) unstable; urgency=medium * Re-introduce xen-linux-system-amd64 *again* as transitional package (Closes: #857039) * Update to 4.9.0-3 linux-latest (79) unstable; urgency=medium * Update to 4.9.0-2 linux-latest (78) unstable; urgency=medium * debian/rules: Use dpkg-parsechangelog -S option to select fields * linux-image: Delete NEWS for version 76 about vsyscall changes, now reverted * Update to 4.9.0-1 linux-latest (77) unstable; urgency=medium * Update to 4.8.0-2 * Use debhelper compatibility level 9 * Re-introduce xen-linux-system packages, accidentally dropped in version 75 linux-latest (76) unstable; urgency=medium * Update to 4.8.0-1 * linux-image-{686-pae,amd64}: Delete old NEWS * linux-image: Add back-dated NEWS for conntrack helpers change in Linux 4.7 (Closes: #839632) * linux-image: Add NEWS for security hardening config changes for Linux 4.8 linux-latest (75) unstable; urgency=medium * Update to 4.7.0-1 * Rename and move debug symbol meta-packages to the debug archive * debian/control: Set priority of transitional packages to extra * debian/control: Update Standards-Version to 3.9.8; no changes needed linux-latest (74) unstable; urgency=medium * Update to 4.6.0-1 linux-latest (73) unstable; urgency=medium * Update to 4.5.0-2 linux-latest (72) unstable; urgency=medium * Update to 4.5.0-1 linux-latest (71) unstable; urgency=medium * Update to 4.4.0-1 - Change linux-{image,headers}-{kirkwood,orion5x} to transitional packages linux-latest (70) unstable; urgency=medium * Change linux-{image,headers}-586 to transitional packages linux-latest (69) unstable; urgency=medium * Update to 4.3.0-1 linux-latest (68) unstable; urgency=medium * Update to 4.2.0-1 * debian/bin/gencontrol.py: Use Python 3 linux-latest (67) unstable; urgency=medium * Adjust for migration to git: - Add .gitignore file - debian/control: Update Vcs-* fields * .gitignore: Ignore linux-perf build directory * Update to 4.1.0-2 * Change source format to 3.0 (native) so that .git directory is excluded by default linux-latest (66) unstable; urgency=medium * Update to 4.1.0-1 * Rename linux-tools to linux-perf, providing linux-tools as a transitional package linux-latest (65) unstable; urgency=medium * Update to 4.0.0-2 linux-latest (64) unstable; urgency=medium * Update to 4.0.0-1 * Stop generating linux-{headers,image}-486 transitional packages * debian/control: Build-Depend on linux-headers-*-all, so that after an ABI bump linux is auto-built before linux-latest on each architecture. (Closes: #746618) linux-latest (63) unstable; urgency=medium * Update to 3.16.0-4 - Change linux-{image,headers}-486 to transitional packages linux-latest (62) unstable; urgency=medium * Update to 3.16-3 (Closes: #766078) linux-latest (61) unstable; urgency=medium * Update to 3.16-2 linux-latest (60) unstable; urgency=medium * linux-image-{686-pae,amd64}: Add backdated NEWS for introduction of xz compression affecting Xen (Closes: #727736) * Update to 3.16-1 linux-latest (59) unstable; urgency=medium * Update to 3.14-2 linux-latest (58) unstable; urgency=medium * Rebuild to include arm64 and ppc64el architectures linux-latest (57) unstable; urgency=medium * Suppress lintian warnings about linux-image-dbg metapackages not looking like debug info packages * debian/control: Update Standards-Version to 3.9.5; no changes needed * Update to 3.14-1 linux-latest (56) unstable; urgency=medium * Update to 3.13-1 linux-latest (55) unstable; urgency=low * Update to 3.12-1 linux-latest (54) unstable; urgency=low * Update to 3.11-2 linux-latest (53) unstable; urgency=low * Add linux-image--dbg metapackages, providing the virtual package linux-latest-image-dbg * Update standards-version to 3.9.4; no changes required * Change section and priority fields to match archive overrides * Update to 3.11-1 * Stop providing virtual package linux-headers linux-latest (52) unstable; urgency=low * Update to 3.10-3 linux-latest (51) unstable; urgency=low * Update to 3.10-2 linux-latest (50) unstable; urgency=low * Update to 3.10-1 linux-latest (49) unstable; urgency=low * Update to 3.9-1 linux-latest (48) unstable; urgency=low * Update to 3.8-2 (Closes: #708842) linux-latest (47) unstable; urgency=low * Update to 3.8-1 * Remove transitional packages provided in wheezy linux-latest (46) unstable; urgency=low * Set Priority: extra, as currently overridden in the archive (Closes: #689846) * Add Czech debconf template translation (Michal Šimůnek) (Closes: #685501) * Update to 3.2.0-4 (Closes: #688222, #689864) linux-latest (45) unstable; urgency=low * Update to 3.2.0-3 linux-latest (44) unstable; urgency=high [ Ben Hutchings ] * Update debconf template translations: - Add Polish (Michał Kułach) (Closes: #659571) - Add Turkish (Mert Dirik) (Closes: #660119) * Update standards-version to 3.9.3: - Do not move packages to the 'metapackages' section, as that will cause APT not to auto-remove their dependencies * Move transitional packages to the section 'oldlibs', so that APT will treat the replacement packages as manually installed * Update to 3.2.0-2 * Stop generating linux-{headers,image}-2.6- transitional packages for flavours added since Linux 3.0 linux-latest (43) unstable; urgency=low * Add Vcs-{Svn,Browser} fields * Add debconf template translations: - Danish (Joe Hansen) (Closes: #656642) - Spanish (Slime Siabef) (Closes: #654681) - Italian (Stefano Canepa) (Closes: #657386) * [s390] Update the check for flavours without modules, removing the useless linux-headers{,-2.6}-s390x-tape packages linux-latest (42) unstable; urgency=low * Rename source package to linux-latest * Add debconf template translations: - Portugese (Miguel Figueiredo) (Closes: #651123) - Serbian latin (Zlatan Todoric) (Closes: #635895) - Russian (Yuri Kozlov) (Closes: #652431) - Japanese (Nobuhiro Iwamatsu) (Closes: #655687) * Update to 3.2.0-1 linux-latest-2.6 (41) unstable; urgency=low * Remove dependency on module makefiles in linux-support package * Update to 3.1.0-1 linux-latest-2.6 (40) unstable; urgency=low * Add debconf template translations: - Serbian cyrillic (Zlatan Todoric) (Closes: #635893) - German (Holger Wansing) (Closes: #637764) - French (Debian French l10n team) (Closes: #636624) - Swedish (Martin Bagge) (Closes: #640058) - Dutch (Jeroen Schot) (Closes: #640115) - Catalan (Innocent De Marchi) (Closes: #642109) * Update to 3.0.0-2 linux-latest-2.6 (39) unstable; urgency=low * Update to 3.0.0-1 linux-latest-2.6 (38) experimental; urgency=low * Correct xen-linux-system transitional package names linux-latest-2.6 (37) experimental; urgency=low * Update to 3.0.0-rc5 * Restore xen-linux-system- packages * Remove common description text from linux-image-2.6- packages linux-latest-2.6 (36) experimental; urgency=low * Update to 3.0.0-rc1 - Add linux-doc, linux-headers-, linux-source and linux-tools packages - Change *-2.6-* to transitional packages linux-latest-2.6 (35.1) unstable; urgency=low [ Bastian Blank ] * Update to 2.6.39-2. linux-latest-2.6 (35) unstable; urgency=low * Update to 2.6.39-1 - Change linux-image{,-2.6}-686{,-bigmem} to transitional packages linux-latest-2.6 (34) unstable; urgency=low * [hppa] Update to 2.6.38-2a linux-latest-2.6 (33) unstable; urgency=low * Update to 2.6.38-2 linux-latest-2.6 (32) unstable; urgency=low * Update to 2.6.38-1 linux-latest-2.6 (31) unstable; urgency=low * Update to 2.6.37-2 linux-latest-2.6 (30) unstable; urgency=low * Update to 2.6.37-1 linux-latest-2.6 (29) unstable; urgency=low * Add xen-linux-system-2.6-* meta-packages (Closes: #402414) * Add bug presubj message for image meta packages directing users to the real image packages (Closes: #549591) * Fix repetition in description of linux-image-2.6-xen-amd64 (Closes: #598648) * [x86] Correct lists of suitable processors linux-latest-2.6 (28) unstable; urgency=low * Move NEWS from linux-2.6, since apt-listchanges only shows it for upgraded packages * Add linux-tools-2.6 meta package * Change versions for linux-doc-2.6 and linux-source-2.6 to match those of the other meta packages linux-latest-2.6 (27) unstable; urgency=low * Really build linux-doc-2.6 and linux-source-2.6 meta packages linux-latest-2.6 (26) unstable; urgency=low [ Joachim Breitner ] * Create linux-doc-2.6 and linux-source-2.6 meta packages (Closes: 347284) [ Ben Hutchings ] * Update to 2.6.32-5. * Update standards-version to 3.8.4; no changes required. * Explicitly describe all packages as meta-packages. linux-latest-2.6 (25) unstable; urgency=high * Update package description templates in line with linux-2.6. * Update to 2.6.32-3. * Set urgency to 'high' since this must transition with linux-2.6. linux-latest-2.6 (24) unstable; urgency=low * Update to 2.6.32-2. linux-latest-2.6 (23) unstable; urgency=low * Update to 2.6.32-trunk. linux-latest-2.6 (22) unstable; urgency=low * Update to 2.6.31-1. linux-latest-2.6 (21) unstable; urgency=low [ Bastian Blank ] * Update to 2.6.30-2. [ Ben Hutchings ] * Add myself to uploaders. linux-latest-2.6 (20) unstable; urgency=low * Move into kernel section. * Update to 2.6.30-1. linux-latest-2.6 (19) unstable; urgency=low * Update to 2.6.29-2. * Use debhelper compat level 7. * Update copyright file. linux-latest-2.6 (18) unstable; urgency=low * Update to 2.6.29-1. * Use dh_prep. * Remove lenny transition packages. linux-latest-2.6 (17) unstable; urgency=low * Use correct part of the config for image type. * Add description parts to all image packages. linux-latest-2.6 (16) unstable; urgency=low * Rebuild to pick up new images linux-latest-2.6 (15) unstable; urgency=low * Update to 2.6.26-1. * Make linux-image-* complete meta packages. linux-latest-2.6 (14) unstable; urgency=low * Update to 2.6.25-2. linux-latest-2.6 (13) unstable; urgency=low * Add transitional packages for k7. linux-latest-2.6 (12) unstable; urgency=low * Update to 2.6.24-1. linux-latest-2.6 (11) unstable; urgency=low * Update to 2.6.22-3. linux-latest-2.6 (10) unstable; urgency=low * Update to 2.6.22-2. linux-latest-2.6 (9) unstable; urgency=low * Update to 2.6.22-1. linux-latest-2.6 (8) unstable; urgency=low * Update to 2.6.21-2. * Add modules meta packages. * Provide linux-latest-modules-*. (closes: #428783) linux-latest-2.6 (7) unstable; urgency=low * Update to 2.6.21-1. * Remove etch transition packages. linux-latest-2.6 (6) unstable; urgency=low * Update to 2.6.18-4. * i386: Add amd64 transition packages. linux-latest-2.6 (5) unstable; urgency=low * Update to 2.6.18-3. Source sudo, binaries: sudo:amd64 sudo:arm64 sudo (1.8.27-1+deb10u5) buster-security; urgency=high * Non-maintainer upload by the LTS Team. * CVE-2023-22809 sudoedit: do not permit editor arguments to include "--" -- Steve McIntyre <93sam@debian.org> Sun, 22 Jan 2023 16:10:05 +0000 10.13.9-20221214 Updates in 3 source package(s), 26 binary package(s): Source grub2, binaries: grub-common:amd64 grub-pc:amd64 grub-pc-bin:amd64 grub2-common:amd64 grub-common:arm64 grub-efi-arm64:arm64 grub-efi-arm64-bin:arm64 grub2-common:arm64 grub2 (2.06-3~deb10u3) buster-security; urgency=high [ Steve McIntyre ] * Actually ensure the patches are applied for CVE-2022-2601 and CVE-2022-3775. Closes: #1024617 * Include fonts in the memdisk build for EFI images. * Fix bug in core file code so errors are handled better. This makes the fallback font-handling patch work properly. * Bump Debian SBAT level to 4 - Due to a mistake in the buster upload (2.06-3~deb10u2) that left the CVE-2022-2601 bugs in place, we need to bump SBAT for all of the Debian GRUB binaries. :-( Source krb5, binaries: libgssapi-krb5-2:amd64 libk5crypto3:amd64 libkrb5-3:amd64 libkrb5support0:amd64 libgssapi-krb5-2:arm64 libk5crypto3:arm64 libkrb5-3:arm64 libkrb5support0:arm64 krb5 (1.17-3+deb10u5) buster-security; urgency=high * Non-maintainer upload by the Debian LTS team. * CVE-2022-42898: Prevent integer overflows in PAC parsing; potentially critical for 32-bit KDCs or when cross-realm acts maliciously. (Closes: #1024267) Source vim, binaries: vim:amd64 vim-common:amd64 vim-runtime:amd64 vim-tiny:amd64 xxd:amd64 vim:arm64 vim-common:arm64 vim-runtime:arm64 vim-tiny:arm64 xxd:arm64 vim (2:8.1.0875-5+deb10u4) buster-security; urgency=medium * Non-maintainer upload by the LTS team. * Add missing CVE to previous changelog entry. * Fix CVE-2022-0318, CVE-2022-0392, CVE-2022-0629, CVE-2022-0696, CVE-2022-1619, CVE-2022-1621, CVE-2022-1785, CVE-2022-1897, CVE-2022-1942, CVE-2022-2000, CVE-2022-2129, CVE-2022-3235, CVE-2022-3256, CVE-2022-3352 -- Steve McIntyre <93sam@debian.org> Wed, 14 Dec 2022 13:36:46 +0000 10.13.8-20221118 Updates in 3 source package(s), 20 binary package(s): Source grub2, binaries: grub-common:amd64 grub-pc:amd64 grub-pc-bin:amd64 grub2-common:amd64 grub-common:arm64 grub-efi-arm64:arm64 grub-efi-arm64-bin:arm64 grub2-common:arm64 grub2 (2.06-3~deb10u2) buster-security; urgency=medium [ Steve McIntyre ] * Pull in upstream patches to harden font and image handling - CVE-2022-2601, CVE-2022-3775. * Bump SBAT level to 3 for grub-efi packages. Source sudo, binaries: sudo:amd64 sudo:arm64 sudo (1.8.27-1+deb10u4) buster-security; urgency=high * Non-maintainer upload by the Debian LTS team. * CVE-2021-23239: Prevent an issue where a local unprivileged user may have been able to perform arbitrary directory-existence tests by exploiting a race condition in sudoedit by replacing a user-controlled directory by a symlink to an arbitrary path. Source vim, binaries: vim:amd64 vim-common:amd64 vim-runtime:amd64 vim-tiny:amd64 xxd:amd64 vim:arm64 vim-common:arm64 vim-runtime:arm64 vim-tiny:arm64 xxd:arm64 vim (2:8.1.0875-5+deb10u3) buster-security; urgency=high * Non-maintainer upload by the LTS team. * Fix CVE-2021-3927, CVE-2021-3928, CVE-2021-3974, CVE-2021-3984, CVE-2021-4019, CVE-2021-4069, CVE-2021-4192, CVE-2021-4193, CVE-2022-0213, CVE-2022-0261, CVE-2022-0319, CVE-2022-0351, CVE-2022-0359, CVE-2022-0361, CVE-2022-0368, CVE-2022-0408, CVE-2022-0413, CVE-2022-0417, CVE-2022-0443, CVE-2022-0554, CVE-2022-0572, CVE-2022-0685, CVE-2022-0714, CVE-2022-0729, CVE-2022-0943, CVE-2022-1154, CVE-2022-1616, CVE-2022-1720, CVE-2022-1851, CVE-2022-1898, CVE_2022-1968, CVE-2022-2285, CVE-2022-2304, CVE-2022-2598, CVE-2022-2946, CVE-2022-3099, CVE-2022-3134, CVE-2022-3234, CVE-2022-3324, CVE-2022-3705 Multiple security vulnerabilities have been discovered in vim, an enhanced vi editor. Buffer overflows, out-of-bounds reads and use-after-free may lead to a denial-of-service (application crash) or other unspecified impact. -- Steve McIntyre <93sam@debian.org> Fri, 18 Nov 2022 20:12:29 +0000 10.13.7-20221101 Updates in 4 source package(s), 22 binary package(s): Source distro-info-data, binaries: distro-info-data:amd64 distro-info-data:arm64 distro-info-data (0.41+deb10u6) buster-security; urgency=medium * Update data to 0.55, without new columns: - Correct release date of Debian 8 (jessie) to 2015-04-26 - Add dates for Ubuntu 23.04, Lunar Lobster (LP: #1993667) Source libxml2, binaries: libxml2:amd64 libxml2:arm64 libxml2 (2.9.4+dfsg1-7+deb10u5) buster-security; urgency=high * Non-maintainer upload by the LTS team. * Fix CVE-2022-40303: Parsing a XML document with the XML_PARSE_HUGE option enabled can result in an integer overflow because safety checks were missing in some functions. Also, the xmlParseEntityValue function didn't have any length limitation. * Fix CVE-2022-40304: When a reference cycle is detected in the XML entity cleanup function the XML entity data can be stored in a dictionary. In this case, the dictionary becomes corrupted resulting in logic errors, including memory errors like double free. Source ncurses, binaries: libncurses6:amd64 libncursesw6:amd64 libtinfo6:amd64 ncurses-base:amd64 ncurses-bin:amd64 libncurses6:arm64 libncursesw6:arm64 libtinfo6:arm64 ncurses-base:arm64 ncurses-bin:arm64 ncurses (6.1+20181013-2+deb10u3) buster-security; urgency=medium * Non-maintainer upload by the LTS Team. * CVE-2022-29458 Avoid out-of-bounds read in convert_strings in the terminfo library. Source python3.7, binaries: libpython3.7-minimal:amd64 libpython3.7-stdlib:amd64 python3.7:amd64 python3.7-minimal:amd64 libpython3.7-minimal:arm64 libpython3.7-stdlib:arm64 python3.7:arm64 python3.7-minimal:arm64 python3.7 (3.7.3-2+deb10u4) buster-security; urgency=medium * Non-maintainer upload by the LTS Security Team. * Resolve CVE-2022-37454, a buffer overflow it the SHA-3 implementation in the _sha3 (and thus hashlib) module. -- Steve McIntyre <93sam@debian.org> Tue, 01 Nov 2022 12:39:17 +0000 10.13.6-20221028 Updates in 2 source package(s), 4 binary package(s): Source expat, binaries: libexpat1:amd64 libexpat1:arm64 expat (2.2.6-2+deb10u6) buster-security; urgency=high * Non-maintainer upload by the LTS Team. * Add patch to fix heap use-after-free after overeager destruction of a shared DTD in function XML_ExternalEntityParserCreate in out-of-memory situations. (Fixes: CVE-2022-43680) (Closes: #1022743) Source tzdata, binaries: tzdata:amd64 tzdata:arm64 tzdata (2021a-0+deb10u8) buster-security; urgency=medium * Cherry-pick patches from upstream (thanks Aurelien Jarno): - 12-syria-dst.patch: Syria is abandoning the DST regime and is changing to permanent +03, so it will not fall back from +03 to +02 on 2022-10-28. - 13-jordan-dst.patch: Jordan is abandoning the DST regime and are changing to permanent +03, so it will not fall back from +03 to +02 on 2022-10-28. -- Steve McIntyre <93sam@debian.org> Fri, 28 Oct 2022 17:54:47 +0000 10.13.5-20221022 Updates in 1 source package(s), 10 binary package(s): Source glibc, binaries: libc-bin:amd64 libc-l10n:amd64 libc6:amd64 locales:amd64 locales-all:amd64 libc-bin:arm64 libc-l10n:arm64 libc6:arm64 locales:arm64 locales-all:arm64 glibc (2.28-10+deb10u2) buster-security; urgency=medium * Non-maintainer upload by LTS team. * CVE-2016-10228 iconv option parsing Closes: #856503 * CVE-2019-19126 setuid environment filtering Closes: #945250 * CVE-2019-25013 oob read in iconv Closes: #979273 * CVE-2020-1752 use after free in glob Closes: #953788 * CVE-2020-6096 [arm] memcpy underflow Closes: #961452 * CVE-2020-10029 sinl buffer overflow Closes: #953108 * CVE-2020-27618 iconv infinite loop Closes: #973914 * CVE-2021-3326 iconv abort Closes: #981198 * CVE-2021-3999 oob write for getcwd size 1 * CVE-2021-27645 nscd double free Closes: #983479 * CVE-2021-33574 mq_notify use after free Closes: #989147 * CVE-2021-35942 wordexp input validation Closes: #990542 * CVE-2022-23218 svcunix_create buffer overflow * CVE-2022-23219 clnt_create buffer overflow -- Steve McIntyre <93sam@debian.org> Sat, 22 Oct 2022 16:43:04 +0000 10.13.4-20221012 Updates in 2 source package(s), 6 binary package(s): Source dbus, binaries: dbus:amd64 libdbus-1-3:amd64 dbus (1.12.24-0+deb10u1) buster-security; urgency=medium * Non-maintainer upload by the LTS Team. * New upstream stable release. Notable changes: - Fix several denial of service issues where an authenticated attacker can crash the system bus by sending crafted messages (CVE-2022-42010, CVE-2022-42011, CVE-2022-42012) - Use a path-based Unix socket for the session bus, avoiding sandbox escape for Flatpak apps with network access (dbus#416) - Don't crash if asked to watch more than 128 directories for changes Source isc-dhcp, binaries: isc-dhcp-client:amd64 isc-dhcp-common:amd64 isc-dhcp-client:arm64 isc-dhcp-common:arm64 isc-dhcp (4.4.1-2+deb10u2) buster-security; urgency=high * Non-maintainer upload by the LTS team. (Closes: #1021320) * An option refcount overflow exists in dhcpd. (Fixes: CVE-2022-2928) * DHCP memory leak. (Fixes: CVE-2022-2929) -- Steve McIntyre <93sam@debian.org> Wed, 12 Oct 2022 14:43:39 +0000 10.13.3-20221010 Updates in 4 source package(s), 12 binary package(s): Source bind9, binaries: libdns-export1104:amd64 libisc-export1100:amd64 libdns-export1104:arm64 libisc-export1100:arm64 bind9 (1:9.11.5.P4+dfsg-5.1+deb10u8) buster-security; urgency=medium * Non-maintainer upload by the LTS Team. * CVE-2022-2795: degraded performance when processing large delegations. * CVE-2022-38177: memory leak in ECDSA verification. * CVE-2022-38178: memory leak in EdDSA verification. Source dbus, binaries: dbus:amd64 libdbus-1-3:amd64 dbus:arm64 libdbus-1-3:arm64 dbus (1.12.24-0+deb10u1) buster-security; urgency=medium * Non-maintainer upload by the LTS Team. * New upstream stable release. Notable changes: - Fix several denial of service issues where an authenticated attacker can crash the system bus by sending crafted messages (CVE-2022-42010, CVE-2022-42011, CVE-2022-42012) - Use a path-based Unix socket for the session bus, avoiding sandbox escape for Flatpak apps with network access (dbus#416) - Don't crash if asked to watch more than 128 directories for changes Source linux-latest, binaries: linux-image-cloud-amd64:amd64 linux-image-arm64:arm64 linux-latest (105+deb10u17) buster-security; urgency=medium * Update to 4.19.0-22 linux-latest (105+deb10u16) buster-security; urgency=medium * Update to 4.19.0-21 linux-latest (105+deb10u15) buster; urgency=medium * Update to 4.19.0-20 linux-latest (105+deb10u14) buster-security; urgency=high * Update to 4.19.0-19 * linux-image: Add NEWS for unprivileged eBPF change linux-latest (105+deb10u13) buster; urgency=medium * Update to 4.19.0-18 linux-latest (105+deb10u12) buster; urgency=medium * Update to 4.19.0-17 linux-latest (105+deb10u11) buster; urgency=medium * Update to 4.19.0-16 linux-latest (105+deb10u10) buster; urgency=medium * Update to 4.19.0-15 linux-latest (105+deb10u9) buster-security; urgency=high * Update to 4.19.0-14 linux-latest (105+deb10u8) buster; urgency=medium * Update to 4.19.0-13 linux-latest (105+deb10u7) buster-security; urgency=high * Update to 4.19.0-12 linux-latest (105+deb10u6) buster; urgency=medium * Update to 4.19.0-11 linux-latest (105+deb10u5) buster; urgency=medium * Update to 4.19.0-10 linux-latest (105+deb10u4) buster; urgency=medium * Update to 4.19.0-9 linux-latest (105+deb10u3) buster; urgency=medium * Update to 4.19.0-8 linux-latest (105+deb10u2) buster; urgency=medium * Update to 4.19.0-7 linux-latest (105+deb10u1) buster; urgency=medium * Update to 4.19.0-6 linux-latest (105) unstable; urgency=medium * Update to 4.19.0-5 linux-latest (104) unstable; urgency=medium * Update to 4.19.0-4 linux-latest (103) unstable; urgency=medium * Update to 4.19.0-3 linux-latest (102) unstable; urgency=medium * Update to 4.19.0-2 linux-latest (101) unstable; urgency=medium * Update to 4.19.0-1 linux-latest (100) unstable; urgency=medium [ Romain Perier ] * Update to 4.18.0-3 linux-latest (99) unstable; urgency=medium * Update to 4.18.0-2 linux-latest (98) unstable; urgency=medium * Update to 4.18.0-1 linux-latest (97) unstable; urgency=medium * Update to 4.17.0-3 linux-latest (96) unstable; urgency=medium [ Romain Perier ] * Update to 4.17.0-2 linux-latest (95) unstable; urgency=medium [ Romain Perier ] * Update to 4.17.0-1 linux-latest (94) unstable; urgency=medium [ Ben Hutchings ] * Substitute source package name in lintian-overrides * Change binary package names to include any source package name suffix * Don't build redundant linux-doc, linux-source, linux-tools packages [ Salvatore Bonaccorso ] * Update to 4.16.0-2 linux-latest (93) unstable; urgency=medium * Update to 4.16.0-1 linux-latest (92) unstable; urgency=medium * Update to 4.15.0-3 linux-latest (91) unstable; urgency=medium [ Ben Hutchings ] * debian/control: Point Vcs URLs to Salsa [ Salvatore Bonaccorso ] * Update to 4.15.0-2 linux-latest (90) unstable; urgency=medium * Update to 4.15.0-1 linux-latest (89) unstable; urgency=medium * Update to 4.14.0-3 linux-latest (88) unstable; urgency=medium * Update to 4.14.0-2 linux-latest (87) unstable; urgency=medium * linux-image: Add back-dated NEWS for vsyscall change in Linux 4.10 * linux-doc: Add symlinks to current documentation * Update to 4.14.0-1 * linux-image: Add back-dated NEWS about AppArmor introduction linux-latest (86) unstable; urgency=medium * Add myself to Uploaders * Update to 4.13.0-1 linux-latest (85) unstable; urgency=medium * debian/control: Remove Frederik Schüler from Uploaders field * Update to 4.12.0-2 linux-latest (84) unstable; urgency=medium * Update to 4.12.0-1 (Closes: #872055) linux-latest (83) unstable; urgency=medium * Update to 4.11.0-2 linux-latest (82) unstable; urgency=medium * Revert changes to debug symbol meta-packages (Closes: #866691) linux-latest (81) unstable; urgency=medium * Update to 4.11.0-1 * Stop generating various transitional packages needed in stretch linux-latest (80) unstable; urgency=medium * Re-introduce xen-linux-system-amd64 *again* as transitional package (Closes: #857039) * Update to 4.9.0-3 linux-latest (79) unstable; urgency=medium * Update to 4.9.0-2 linux-latest (78) unstable; urgency=medium * debian/rules: Use dpkg-parsechangelog -S option to select fields * linux-image: Delete NEWS for version 76 about vsyscall changes, now reverted * Update to 4.9.0-1 linux-latest (77) unstable; urgency=medium * Update to 4.8.0-2 * Use debhelper compatibility level 9 * Re-introduce xen-linux-system packages, accidentally dropped in version 75 linux-latest (76) unstable; urgency=medium * Update to 4.8.0-1 * linux-image-{686-pae,amd64}: Delete old NEWS * linux-image: Add back-dated NEWS for conntrack helpers change in Linux 4.7 (Closes: #839632) * linux-image: Add NEWS for security hardening config changes for Linux 4.8 linux-latest (75) unstable; urgency=medium * Update to 4.7.0-1 * Rename and move debug symbol meta-packages to the debug archive * debian/control: Set priority of transitional packages to extra * debian/control: Update Standards-Version to 3.9.8; no changes needed linux-latest (74) unstable; urgency=medium * Update to 4.6.0-1 linux-latest (73) unstable; urgency=medium * Update to 4.5.0-2 linux-latest (72) unstable; urgency=medium * Update to 4.5.0-1 linux-latest (71) unstable; urgency=medium * Update to 4.4.0-1 - Change linux-{image,headers}-{kirkwood,orion5x} to transitional packages linux-latest (70) unstable; urgency=medium * Change linux-{image,headers}-586 to transitional packages linux-latest (69) unstable; urgency=medium * Update to 4.3.0-1 linux-latest (68) unstable; urgency=medium * Update to 4.2.0-1 * debian/bin/gencontrol.py: Use Python 3 linux-latest (67) unstable; urgency=medium * Adjust for migration to git: - Add .gitignore file - debian/control: Update Vcs-* fields * .gitignore: Ignore linux-perf build directory * Update to 4.1.0-2 * Change source format to 3.0 (native) so that .git directory is excluded by default linux-latest (66) unstable; urgency=medium * Update to 4.1.0-1 * Rename linux-tools to linux-perf, providing linux-tools as a transitional package linux-latest (65) unstable; urgency=medium * Update to 4.0.0-2 linux-latest (64) unstable; urgency=medium * Update to 4.0.0-1 * Stop generating linux-{headers,image}-486 transitional packages * debian/control: Build-Depend on linux-headers-*-all, so that after an ABI bump linux is auto-built before linux-latest on each architecture. (Closes: #746618) linux-latest (63) unstable; urgency=medium * Update to 3.16.0-4 - Change linux-{image,headers}-486 to transitional packages linux-latest (62) unstable; urgency=medium * Update to 3.16-3 (Closes: #766078) linux-latest (61) unstable; urgency=medium * Update to 3.16-2 linux-latest (60) unstable; urgency=medium * linux-image-{686-pae,amd64}: Add backdated NEWS for introduction of xz compression affecting Xen (Closes: #727736) * Update to 3.16-1 linux-latest (59) unstable; urgency=medium * Update to 3.14-2 linux-latest (58) unstable; urgency=medium * Rebuild to include arm64 and ppc64el architectures linux-latest (57) unstable; urgency=medium * Suppress lintian warnings about linux-image-dbg metapackages not looking like debug info packages * debian/control: Update Standards-Version to 3.9.5; no changes needed * Update to 3.14-1 linux-latest (56) unstable; urgency=medium * Update to 3.13-1 linux-latest (55) unstable; urgency=low * Update to 3.12-1 linux-latest (54) unstable; urgency=low * Update to 3.11-2 linux-latest (53) unstable; urgency=low * Add linux-image--dbg metapackages, providing the virtual package linux-latest-image-dbg * Update standards-version to 3.9.4; no changes required * Change section and priority fields to match archive overrides * Update to 3.11-1 * Stop providing virtual package linux-headers linux-latest (52) unstable; urgency=low * Update to 3.10-3 linux-latest (51) unstable; urgency=low * Update to 3.10-2 linux-latest (50) unstable; urgency=low * Update to 3.10-1 linux-latest (49) unstable; urgency=low * Update to 3.9-1 linux-latest (48) unstable; urgency=low * Update to 3.8-2 (Closes: #708842) linux-latest (47) unstable; urgency=low * Update to 3.8-1 * Remove transitional packages provided in wheezy linux-latest (46) unstable; urgency=low * Set Priority: extra, as currently overridden in the archive (Closes: #689846) * Add Czech debconf template translation (Michal Šimůnek) (Closes: #685501) * Update to 3.2.0-4 (Closes: #688222, #689864) linux-latest (45) unstable; urgency=low * Update to 3.2.0-3 linux-latest (44) unstable; urgency=high [ Ben Hutchings ] * Update debconf template translations: - Add Polish (Michał Kułach) (Closes: #659571) - Add Turkish (Mert Dirik) (Closes: #660119) * Update standards-version to 3.9.3: - Do not move packages to the 'metapackages' section, as that will cause APT not to auto-remove their dependencies * Move transitional packages to the section 'oldlibs', so that APT will treat the replacement packages as manually installed * Update to 3.2.0-2 * Stop generating linux-{headers,image}-2.6- transitional packages for flavours added since Linux 3.0 linux-latest (43) unstable; urgency=low * Add Vcs-{Svn,Browser} fields * Add debconf template translations: - Danish (Joe Hansen) (Closes: #656642) - Spanish (Slime Siabef) (Closes: #654681) - Italian (Stefano Canepa) (Closes: #657386) * [s390] Update the check for flavours without modules, removing the useless linux-headers{,-2.6}-s390x-tape packages linux-latest (42) unstable; urgency=low * Rename source package to linux-latest * Add debconf template translations: - Portugese (Miguel Figueiredo) (Closes: #651123) - Serbian latin (Zlatan Todoric) (Closes: #635895) - Russian (Yuri Kozlov) (Closes: #652431) - Japanese (Nobuhiro Iwamatsu) (Closes: #655687) * Update to 3.2.0-1 linux-latest-2.6 (41) unstable; urgency=low * Remove dependency on module makefiles in linux-support package * Update to 3.1.0-1 linux-latest-2.6 (40) unstable; urgency=low * Add debconf template translations: - Serbian cyrillic (Zlatan Todoric) (Closes: #635893) - German (Holger Wansing) (Closes: #637764) - French (Debian French l10n team) (Closes: #636624) - Swedish (Martin Bagge) (Closes: #640058) - Dutch (Jeroen Schot) (Closes: #640115) - Catalan (Innocent De Marchi) (Closes: #642109) * Update to 3.0.0-2 linux-latest-2.6 (39) unstable; urgency=low * Update to 3.0.0-1 linux-latest-2.6 (38) experimental; urgency=low * Correct xen-linux-system transitional package names linux-latest-2.6 (37) experimental; urgency=low * Update to 3.0.0-rc5 * Restore xen-linux-system- packages * Remove common description text from linux-image-2.6- packages linux-latest-2.6 (36) experimental; urgency=low * Update to 3.0.0-rc1 - Add linux-doc, linux-headers-, linux-source and linux-tools packages - Change *-2.6-* to transitional packages linux-latest-2.6 (35.1) unstable; urgency=low [ Bastian Blank ] * Update to 2.6.39-2. linux-latest-2.6 (35) unstable; urgency=low * Update to 2.6.39-1 - Change linux-image{,-2.6}-686{,-bigmem} to transitional packages linux-latest-2.6 (34) unstable; urgency=low * [hppa] Update to 2.6.38-2a linux-latest-2.6 (33) unstable; urgency=low * Update to 2.6.38-2 linux-latest-2.6 (32) unstable; urgency=low * Update to 2.6.38-1 linux-latest-2.6 (31) unstable; urgency=low * Update to 2.6.37-2 linux-latest-2.6 (30) unstable; urgency=low * Update to 2.6.37-1 linux-latest-2.6 (29) unstable; urgency=low * Add xen-linux-system-2.6-* meta-packages (Closes: #402414) * Add bug presubj message for image meta packages directing users to the real image packages (Closes: #549591) * Fix repetition in description of linux-image-2.6-xen-amd64 (Closes: #598648) * [x86] Correct lists of suitable processors linux-latest-2.6 (28) unstable; urgency=low * Move NEWS from linux-2.6, since apt-listchanges only shows it for upgraded packages * Add linux-tools-2.6 meta package * Change versions for linux-doc-2.6 and linux-source-2.6 to match those of the other meta packages linux-latest-2.6 (27) unstable; urgency=low * Really build linux-doc-2.6 and linux-source-2.6 meta packages linux-latest-2.6 (26) unstable; urgency=low [ Joachim Breitner ] * Create linux-doc-2.6 and linux-source-2.6 meta packages (Closes: 347284) [ Ben Hutchings ] * Update to 2.6.32-5. * Update standards-version to 3.8.4; no changes required. * Explicitly describe all packages as meta-packages. linux-latest-2.6 (25) unstable; urgency=high * Update package description templates in line with linux-2.6. * Update to 2.6.32-3. * Set urgency to 'high' since this must transition with linux-2.6. linux-latest-2.6 (24) unstable; urgency=low * Update to 2.6.32-2. linux-latest-2.6 (23) unstable; urgency=low * Update to 2.6.32-trunk. linux-latest-2.6 (22) unstable; urgency=low * Update to 2.6.31-1. linux-latest-2.6 (21) unstable; urgency=low [ Bastian Blank ] * Update to 2.6.30-2. [ Ben Hutchings ] * Add myself to uploaders. linux-latest-2.6 (20) unstable; urgency=low * Move into kernel section. * Update to 2.6.30-1. linux-latest-2.6 (19) unstable; urgency=low * Update to 2.6.29-2. * Use debhelper compat level 7. * Update copyright file. linux-latest-2.6 (18) unstable; urgency=low * Update to 2.6.29-1. * Use dh_prep. * Remove lenny transition packages. linux-latest-2.6 (17) unstable; urgency=low * Use correct part of the config for image type. * Add description parts to all image packages. linux-latest-2.6 (16) unstable; urgency=low * Rebuild to pick up new images linux-latest-2.6 (15) unstable; urgency=low * Update to 2.6.26-1. * Make linux-image-* complete meta packages. linux-latest-2.6 (14) unstable; urgency=low * Update to 2.6.25-2. linux-latest-2.6 (13) unstable; urgency=low * Add transitional packages for k7. linux-latest-2.6 (12) unstable; urgency=low * Update to 2.6.24-1. linux-latest-2.6 (11) unstable; urgency=low * Update to 2.6.22-3. linux-latest-2.6 (10) unstable; urgency=low * Update to 2.6.22-2. linux-latest-2.6 (9) unstable; urgency=low * Update to 2.6.22-1. linux-latest-2.6 (8) unstable; urgency=low * Update to 2.6.21-2. * Add modules meta packages. * Provide linux-latest-modules-*. (closes: #428783) linux-latest-2.6 (7) unstable; urgency=low * Update to 2.6.21-1. * Remove etch transition packages. linux-latest-2.6 (6) unstable; urgency=low * Update to 2.6.18-4. * i386: Add amd64 transition packages. linux-latest-2.6 (5) unstable; urgency=low * Update to 2.6.18-3. Source tzdata, binaries: tzdata:amd64 tzdata:arm64 tzdata (2021a-0+deb10u7) buster-security; urgency=medium * Cherry-pick patches from upstream (thanks Aurelien Jarno): - 10-no-leap-second-2022-12-31.patch: update leap-seconds.list, new expiration date on 28 June 2023. - 11-palestine-dst3.patch: Palestine transitions are now Saturdays at 02:00. This means 2022 falls back 10-29 at 02:00, not 10-28 at 01:00. -- Steve McIntyre <93sam@debian.org> Mon, 10 Oct 2022 16:11:18 +0000 10.13.2-20220925 Updates in 3 source package(s), 8 binary package(s): Source bzip2, binaries: bzip2:amd64 libbz2-1.0:amd64 bzip2:arm64 libbz2-1.0:arm64 bzip2 (1.0.6-9.2~deb10u2) buster-security; urgency=medium * Append -D_FILE_OFFSET_BITS=64 variable to buildflags, to renable handling big files in 32-bit archs (Closes: #944557) * debian/patches/40-bzdiff-l.patch: Fix bzdiff does not work when comparing two bzip2 compressed files. Thanks to Joey Schulze . (Closes: #965309) Source expat, binaries: libexpat1:amd64 libexpat1:arm64 expat (2.2.6-2+deb10u5) buster-security; urgency=high * Non-maintainer upload by the LTS Team. * CVE-2022-40674 heap use-after-free issue in doContent() (based on the backport for Bullseye made by Laszlo Boszormenyi) * update test-* patches to be able to run testsuite * debian/rules: add run of testsuite (but leave it deactivated as I only tested on amd64) Source glib2.0, binaries: libglib2.0-0:amd64 libglib2.0-0:arm64 glib2.0 (2.58.3-2+deb10u4) buster-security; urgency=medium * CVE-2021-3800: information leak using CHARSETALIASDIR envvar. -- Steve McIntyre <93sam@debian.org> Sun, 25 Sep 2022 14:56:18 +0000 10.13.1-20220915 Updates in 3 source package(s), 6 binary package(s): Source glib2.0, binaries: libglib2.0-0:amd64 libglib2.0-0:arm64 glib2.0 (2.58.3-2+deb10u4) buster-security; urgency=medium * CVE-2021-3800: information leak using CHARSETALIASDIR envvar. Source sqlite3, binaries: libsqlite3-0:amd64 libsqlite3-0:arm64 sqlite3 (3.27.2-3+deb10u2) buster-security; urgency=high * CVE-2020-35525: Prevent a potential null pointer deference issue in INTERSEC query processing. * CVE-2020-35527: Prevent an out-of-bounds access issue that could be exploited via ALTER TABLE in views that have a nested FROM clauses. * CVE-2021-20223: Prevent an issue with the "unicode61" tokenizer related to Unicode control characters ("class Cc") and embedded NUL characters being misinterpreted as tokens. Source zlib, binaries: zlib1g:amd64 zlib1g:arm64 zlib (1:1.2.11.dfsg-1+deb10u2) buster-security; urgency=medium * Non-maintainer upload by the LTS Team. * CVE-2022-37434: heap buffer overflow via large gzip header extra field (Closes: #1016710). -- Steve McIntyre <93sam@debian.org> Thu, 15 Sep 2022 12:47:24 +0000 10.13.0 First build for 10.13.0 release -- Steve McIntyre <93sam@debian.org> Sat, 10 Sep 2022 21:13:47 +0000