Updated Debian 11: 11.3 released

To: debian-announce@lists.debian.org
Subject: Updated Debian 11: 11.3 released
From: Laura Arjona Reina <larjona@debian.org>
Date: Sat, 26 Mar 2022 18:09:01 +0100
Message-id: <[🔎] eb33ac26-461b-5b3a-a294-f37ba168c069@debian.org>
------------------------------------------------------------------------
The Debian Project                               https://www.debian.org/
Updated Debian 11: 11.3 released                        press@debian.org
March 26th, 2022               https://www.debian.org/News/2022/20220326
------------------------------------------------------------------------


The Debian project is pleased to announce the third update of its stable
distribution Debian 11 (codename "bullseye"). This point release mainly
adds corrections for security issues, along with a few adjustments for
serious problems. Security advisories have already been published
separately and are referenced where available.

Please note that the point release does not constitute a new version of
Debian 11 but only updates some of the packages included. There is no
need to throw away old "bullseye" media. After installation, packages
can be upgraded to the current versions using an up-to-date Debian
mirror.

Those who frequently install updates from security.debian.org won't have
to update many packages, and most such updates are included in the point
release.

New installation images will be available soon at the regular locations.

Upgrading an existing installation to this revision can be achieved by
pointing the package management system at one of Debian's many HTTP
mirrors. A comprehensive list of mirrors is available at:

https://www.debian.org/mirror/list



Miscellaneous Bugfixes
----------------------

This stable update adds a few important corrections to the following
packages:

+--------------------------+------------------------------------------+
| Package                  | Reason                                   |
+--------------------------+------------------------------------------+
| apache-log4j1.2 [1]      | Resolve security issues [CVE-2021-4104   |
|                          | CVE-2022-23302 CVE-2022-23305 CVE-2022-  |
|                          | 23307], by removing support for the      |
|                          | JMSSink, JDBCAppender, JMSAppender and   |
|                          | Apache Chainsaw modules                  |
|                          |                                          |
| apache-log4j2 [2]        | Fix remote code execution issue          |
|                          | [CVE-2021-44832]                         |
|                          |                                          |
| apache2 [3]              | New upstream release; fix crash due to   |
|                          | random memory read [CVE-2022-22719]; fix |
|                          | HTTP request smuggling issue [CVE-2022-  |
|                          | 22720]; fix out-of-bounds write issues   |
|                          | [CVE-2022-22721 CVE-2022-23943]          |
|                          |                                          |
| atftp [4]                | Fix information leak issue [CVE-2021-    |
|                          | 46671]                                   |
|                          |                                          |
| base-files [5]           | Update for the 11.3 point release        |
|                          |                                          |
| bible-kjv [6]            | Fix off-by-one-error in search           |
|                          |                                          |
| chrony [7]               | Allow reading the chronyd configuration  |
|                          | file that timemaster(8) generates        |
|                          |                                          |
| cinnamon [8]             | Fix crash when adding an online account  |
|                          | with login                               |
|                          |                                          |
| clamav [9]               | New upstream stable release; fix denial  |
|                          | of service issue [CVE-2022-20698]        |
|                          |                                          |
| cups-filters [10]        | Apparmor: allow reading from Debian      |
|                          | Edu's cups-browsed configuration file    |
|                          |                                          |
| dask.distributed [11]    | Fix undesired listening of workers on    |
|                          | public interfaces [CVE-2021-42343]; fix  |
|                          | compatibility with Python 3.9            |
|                          |                                          |
| debian-installer [12]    | Rebuild against proposed-updates; update |
|                          | Linux kernel ABI to 5.10.0-13            |
|                          |                                          |
| debian-installer-        | Rebuild against proposed-updates         |
| netboot-images [13]      |                                          |
|                          |                                          |
| debian-ports-archive-    | Add  "Debian Ports Archive Automatic     |
| keyring [14]             | Signing Key (2023)" ; move the           |
|                          | 2021 signing key to the removed keyring  |
|                          |                                          |
| django-allauth [15]      | Fix OpenID support                       |
|                          |                                          |
| djbdns [16]              | Raise the axfrdns, dnscache, and tinydns |
|                          | data limit                               |
|                          |                                          |
| dpdk [17]                | New upstream stable release              |
|                          |                                          |
| e2guardian [18]          | Fix missing SSL certificate validation   |
|                          | issue [CVE-2021-44273]                   |
|                          |                                          |
| epiphany-browser [19]    | Work around a bug in GLib, fixing a UI   |
|                          | process crash                            |
|                          |                                          |
| espeak-ng [20]           | Drop spurious 50ms delay while           |
|                          | processing events                        |
|                          |                                          |
| espeakup [21]            | debian/espeakup.service: Protect         |
|                          | espeakup from system overloads           |
|                          |                                          |
| fcitx5-chinese-          | fcitx5-table: add missing dependencies   |
| addons [22]              | on fcitx5-module-pinyinhelper and        |
|                          | fcitx5-module-punctuation                |
|                          |                                          |
| flac [23]                | Fix out-of-bounds write issue [CVE-2021- |
|                          | 0561]                                    |
|                          |                                          |
| freerdp2 [24]            | Disable additional debug logging         |
|                          |                                          |
| galera-3 [25]            | New upstream release                     |
|                          |                                          |
| galera-4 [26]            | New upstream release                     |
|                          |                                          |
| gbonds [27]              | Use Treasury API for redemption data     |
|                          |                                          |
| glewlwyd [28]            | Fix possible privilege escalation        |
|                          |                                          |
| glibc [29]               | Fix bad conversion from ISO-2022-JP-3    |
|                          | with iconv [CVE-2021-43396]; fix buffer  |
|                          | overflow issues [CVE-2022-23218          |
|                          | CVE-2022-23219]; fix use-after-free      |
|                          | issue [CVE-2021-33574]; stop replacing   |
|                          | older versions of /etc/nsswitch.conf;    |
|                          | simplify the check for supported kernel  |
|                          | versions, as 2.x kernels are no longer   |
|                          | supported; support installation on       |
|                          | kernels with a release number greater    |
|                          | than 255                                 |
|                          |                                          |
| glx-alternatives [30]    | After initial setup of the diversions,   |
|                          | install a minimal alternative to the     |
|                          | diverted files so that libraries are not |
|                          | missing until glx-alternative-mesa       |
|                          | processes its triggers                   |
|                          |                                          |
| gnupg2 [31]              | scd: Fix CCID driver for SCM SPR332/     |
|                          | SPR532; avoid network interaction in     |
|                          | generator, which can lead to hangs       |
|                          |                                          |
| gnuplot [32]             | Fix division by zero [CVE-2021-44917]    |
|                          |                                          |
| golang-1.15 [33]         | Fix IsOnCurve for big.Int values that    |
|                          | are not valid coordinates [CVE-2022-     |
|                          | 23806]; math/big: prevent large memory   |
|                          | consumption in Rat.SetString [CVE-2022-  |
|                          | 23772]; cmd/go: prevent branches from    |
|                          | materializing into versions [CVE-2022-   |
|                          | 23773]; fix stack exhaustion compiling   |
|                          | deeply nested expressions [CVE-2022-     |
|                          | 24921]                                   |
|                          |                                          |
| golang-github-           | Update seccomp support to enable use of  |
| containers-common [34]   | newer kernel versions                    |
|                          |                                          |
| golang-github-           | Update seccomp support to enable use of  |
| opencontainers-          | newer kernel versions                    |
| specs [35]               |                                          |
|                          |                                          |
| gtk+3.0 [36]             | Fix missing search results when using    |
|                          | NFS; prevent Wayland clipboard handling  |
|                          | from locking up in certain corner cases; |
|                          | improve printing to mDNS-discovered      |
|                          | printers                                 |
|                          |                                          |
| heartbeat [37]           | Fix creation of /run/heartbeat on        |
|                          | systems using systemd                    |
|                          |                                          |
| htmldoc [38]             | Fix out-of-bounds read issue [CVE-2022-  |
|                          | 0534]                                    |
|                          |                                          |
| installation-guide [39]  | Update documentation and translations    |
|                          |                                          |
| intel-microcode [40]     | Update included microcode; mitigate some |
|                          | security issues [CVE-2020-8694 CVE-2020- |
|                          | 8695 CVE-2021-0127 CVE-2021-0145         |
|                          | CVE-2021-0146 CVE-2021-33120]            |
|                          |                                          |
| ldap2zone [41]           | Use  "mktemp"  rather than the           |
|                          | deprecated  "tempfile" , avoiding        |
|                          | warnings                                 |
|                          |                                          |
| lemonldap-ng [42]        | Fix auth process in password-testing     |
|                          | plugins [CVE-2021-40874]                 |
|                          |                                          |
| libarchive [43]          | Fix extracting hardlinks to symlinks;    |
|                          | fix handling of symlink ACLs [CVE-2021-  |
|                          | 23177]; never follow symlinks when       |
|                          | setting file flags [CVE-2021-31566]      |
|                          |                                          |
| libdatetime-timezone-    | Update included data                     |
| perl [44]                |                                          |
|                          |                                          |
| libgdal-grass [45]       | Rebuild against grass 7.8.5-1+deb11u1    |
|                          |                                          |
| libpod [46]              | Update seccomp support to enable use of  |
|                          | newer kernel versions                    |
|                          |                                          |
| libxml2 [47]             | Fix use-after-free issue [CVE-2022-      |
|                          | 23308]                                   |
|                          |                                          |
| linux [48]               | New upstream stable release; [rt] Update |
|                          | to 5.10.106-rt64; increase ABI to 13     |
|                          |                                          |
| linux-signed-amd64 [49]  | New upstream stable release; [rt] Update |
|                          | to 5.10.106-rt64; increase ABI to 13     |
|                          |                                          |
| linux-signed-arm64 [50]  | New upstream stable release; [rt] Update |
|                          | to 5.10.106-rt64; increase ABI to 13     |
|                          |                                          |
| linux-signed-i386 [51]   | New upstream stable release; [rt] Update |
|                          | to 5.10.106-rt64; increase ABI to 13     |
|                          |                                          |
| mariadb-10.5 [52]        | New upstream release; security fixes     |
|                          | [CVE-2021-35604 CVE-2021-46659 CVE-2021- |
|                          | 46661 CVE-2021-46662 CVE-2021-46663      |
|                          | CVE-2021-46664 CVE-2021-46665 CVE-2021-  |
|                          | 46667 CVE-2021-46668 CVE-2022-24048      |
|                          | CVE-2022-24050 CVE-2022-24051 CVE-2022-  |
|                          | 24052]                                   |
|                          |                                          |
| mpich [53]               | Add Breaks: on older versions of         |
|                          | libmpich1.0-dev, resolving some upgrade  |
|                          | issues                                   |
|                          |                                          |
| mujs [54]                | Fix buffer overflow issue [CVE-2021-     |
|                          | 45005]                                   |
|                          |                                          |
| mutter [55]              | Backport various fixes from upstream's   |
|                          | stable branch                            |
|                          |                                          |
| node-cached-path-        | Fix prototype pollution issue [CVE-2021- |
| relative [56]            | 23518]                                   |
|                          |                                          |
| node-fetch [57]          | Don't forward secure headers to third    |
|                          | party domains [CVE-2022-0235]            |
|                          |                                          |
| node-follow-             | Don't send Cookie header across domains  |
| redirects [58]           | [CVE-2022-0155]; don't send confidential |
|                          | headers across schemes [CVE-2022-0536]   |
|                          |                                          |
| node-markdown-it [59]    | Fix regular expression-based denial of   |
|                          | service issue [CVE-2022-21670]           |
|                          |                                          |
| node-nth-check [60]      | Fix regular expression-based denial of   |
|                          | service issue [CVE-2021-3803]            |
|                          |                                          |
| node-prismjs [61]        | Escape markup in command line output     |
|                          | [CVE-2022-23647]; update minified files  |
|                          | to ensure that Regular Expression Denial |
|                          | of Service issue is resolved [CVE-2021-  |
|                          | 3801]                                    |
|                          |                                          |
| node-trim-newlines [62]  | Fix regular expression-based denial of   |
|                          | service issue [CVE-2021-33623]           |
|                          |                                          |
| nvidia-cuda-toolkit [63] | cuda-gdb: Disable non-functional python  |
|                          | support causing segmentation faults; use |
|                          | a snapshot of openjdk-8-jre (8u312-b07-  |
|                          | 1)                                       |
|                          |                                          |
| nvidia-graphics-drivers- | New upstream release; fix denial of      |
| tesla-450 [64]           | service issues [CVE-2022-21813 CVE-2022- |
|                          | 21814]; nvidia-kernel-support: Provide / |
|                          | etc/modprobe.d/nvidia-options.conf as a  |
|                          | template                                 |
|                          |                                          |
| nvidia-modprobe [65]     | New upstream release                     |
|                          |                                          |
| openboard [66]           | Fix application icon                     |
|                          |                                          |
| openssl [67]             | New upstream release; fix armv8 pointer  |
|                          | authentication                           |
|                          |                                          |
| openvswitch [68]         | Fix use-after-free issue [CVE-2021-      |
|                          | 36980]; fix installation of libofproto   |
|                          |                                          |
| ostree [69]              | Fix compatibility with eCryptFS; avoid   |
|                          | infinite recursion when recovering from  |
|                          | certain errors; mark commits as partial  |
|                          | before downloading; fix an assertion     |
|                          | failure when using a backport or local   |
|                          | build of GLib >= 2.71; fix the ability   |
|                          | to fetch OSTree content from paths       |
|                          | containing non-URI characters (such as   |
|                          | backslashes) or non-ASCII                |
|                          |                                          |
| pdb2pqr [70]             | Fix compatibility of propka with Python  |
|                          | 3.8 or above                             |
|                          |                                          |
| php-crypt-gpg [71]       | Prevent additional options being passed  |
|                          | to GPG [CVE-2022-24953]                  |
|                          |                                          |
| php-laravel-             | Fix cross-site scripting issue           |
| framework [72]           | [CVE-2021-43808], missing blocking of    |
|                          | executable content upload [CVE-2021-     |
|                          | 43617]                                   |
|                          |                                          |
| phpliteadmin [73]        | Fix cross-site scripting issue           |
|                          | [CVE-2021-46709]                         |
|                          |                                          |
| prips [74]               | Fix infinite wrapping if a range reaches |
|                          | 255.255.255.255; fix CIDR output with    |
|                          | addresses that differ in their first bit |
|                          |                                          |
| pypy3 [75]               | Fix build failures by removing           |
|                          | extraneous #endif from import.h          |
|                          |                                          |
| python-django [76]       | Fix denial of service issue [CVE-2021-   |
|                          | 45115], information disclosure issue     |
|                          | [CVE-2021-45116], directory traversal    |
|                          | issue [CVE-2021-45452]; fix a traceback  |
|                          | around the handling of RequestSite/      |
|                          | get_current_site() due to a circular     |
|                          | import                                   |
|                          |                                          |
| python-pip [77]          | Avoid a race-condition when using zip-   |
|                          | imported dependencies                    |
|                          |                                          |
| rust-cbindgen [78]       | New upstream stable release to support   |
|                          | builds of newer firefox-esr and          |
|                          | thunderbird versions                     |
|                          |                                          |
| s390-dasd [79]           | Stop passing deprecated -f option to     |
|                          | dasdfmt                                  |
|                          |                                          |
| schleuder [80]           | Migrate boolean values to integers, if   |
|                          | the ActiveRecord SQLite3 connection      |
|                          | adapter is in use, restoring             |
|                          | functionality                            |
|                          |                                          |
| sphinx-bootstrap-        | Fix search functionality                 |
| theme [81]               |                                          |
|                          |                                          |
| spip [82]                | Fix several cross-site scripting issues  |
|                          |                                          |
| symfony [83]             | Fix CVE injection issue [CVE-2021-41270] |
|                          |                                          |
| systemd [84]             | Fix uncontrolled recursion in systemd-   |
|                          | tmpfiles [CVE-2021-3997]; demote         |
|                          | systemd-timesyncd from Depends to        |
|                          | Recommends, removing a dependency cycle; |
|                          | fix failure to bind mount a directory    |
|                          | into a container using machinectl; fix   |
|                          | regression in udev resulting in long     |
|                          | delays when processing partitions with   |
|                          | the same label; fix a regression when    |
|                          | using systemd-networkd in an             |
|                          | unprivileged LXD container               |
|                          |                                          |
| sysvinit [85]            | Fix parsing of  "shutdown +0" ; clarify  |
|                          | that when called with a  "time"          |
|                          | shutdown will not exit                   |
|                          |                                          |
| tasksel [86]             | Install CUPS for all *-desktop tasks, as |
|                          | task-print-service no longer exists      |
|                          |                                          |
| usb.ids [87]             | Update included data                     |
|                          |                                          |
| weechat [88]             | Fix denial of service issue [CVE-2021-   |
|                          | 40516]                                   |
|                          |                                          |
| wolfssl [89]             | Fix several issues related to OCSP-      |
|                          | handling [CVE-2021-3336 CVE-2021-37155   |
|                          | CVE-2021-38597] and TLS1.3 support       |
|                          | [CVE-2021-44718 CVE-2022-25638 CVE-2022- |
|                          | 25640]                                   |
|                          |                                          |
| xserver-xorg-video-      | Fix SIGILL crash on non-SSE2 CPUs        |
| intel [90]               |                                          |
|                          |                                          |
| xterm [91]               | Fix buffer overflow issue [CVE-2022-     |
|                          | 24130]                                   |
|                          |                                          |
| zziplib [92]             | Fix denial of service issue [CVE-2020-   |
|                          | 18442]                                   |
|                          |                                          |
+--------------------------+------------------------------------------+

    1: https://packages.debian.org/src:apache-log4j1.2
    2: https://packages.debian.org/src:apache-log4j2
    3: https://packages.debian.org/src:apache2
    4: https://packages.debian.org/src:atftp
    5: https://packages.debian.org/src:base-files
    6: https://packages.debian.org/src:bible-kjv
    7: https://packages.debian.org/src:chrony
    8: https://packages.debian.org/src:cinnamon
    9: https://packages.debian.org/src:clamav
   10: https://packages.debian.org/src:cups-filters
   11: https://packages.debian.org/src:dask.distributed
   12: https://packages.debian.org/src:debian-installer
   13: https://packages.debian.org/src:debian-installer-netboot-images
   14: https://packages.debian.org/src:debian-ports-archive-keyring
   15: https://packages.debian.org/src:django-allauth
   16: https://packages.debian.org/src:djbdns
   17: https://packages.debian.org/src:dpdk
   18: https://packages.debian.org/src:e2guardian
   19: https://packages.debian.org/src:epiphany-browser
   20: https://packages.debian.org/src:espeak-ng
   21: https://packages.debian.org/src:espeakup
   22: https://packages.debian.org/src:fcitx5-chinese-addons
   23: https://packages.debian.org/src:flac
   24: https://packages.debian.org/src:freerdp2
   25: https://packages.debian.org/src:galera-3
   26: https://packages.debian.org/src:galera-4
   27: https://packages.debian.org/src:gbonds
   28: https://packages.debian.org/src:glewlwyd
   29: https://packages.debian.org/src:glibc
   30: https://packages.debian.org/src:glx-alternatives
   31: https://packages.debian.org/src:gnupg2
   32: https://packages.debian.org/src:gnuplot
   33: https://packages.debian.org/src:golang-1.15
   34: https://packages.debian.org/src:golang-github-containers-common
   35: https://packages.debian.org/src:golang-github-opencontainers-specs
   36: https://packages.debian.org/src:gtk+3.0
   37: https://packages.debian.org/src:heartbeat
   38: https://packages.debian.org/src:htmldoc
   39: https://packages.debian.org/src:installation-guide
   40: https://packages.debian.org/src:intel-microcode
   41: https://packages.debian.org/src:ldap2zone
   42: https://packages.debian.org/src:lemonldap-ng
   43: https://packages.debian.org/src:libarchive
   44: https://packages.debian.org/src:libdatetime-timezone-perl
   45: https://packages.debian.org/src:libgdal-grass
   46: https://packages.debian.org/src:libpod
   47: https://packages.debian.org/src:libxml2
   48: https://packages.debian.org/src:linux
   49: https://packages.debian.org/src:linux-signed-amd64
   50: https://packages.debian.org/src:linux-signed-arm64
   51: https://packages.debian.org/src:linux-signed-i386
   52: https://packages.debian.org/src:mariadb-10.5
   53: https://packages.debian.org/src:mpich
   54: https://packages.debian.org/src:mujs
   55: https://packages.debian.org/src:mutter
   56: https://packages.debian.org/src:node-cached-path-relative
   57: https://packages.debian.org/src:node-fetch
   58: https://packages.debian.org/src:node-follow-redirects
   59: https://packages.debian.org/src:node-markdown-it
   60: https://packages.debian.org/src:node-nth-check
   61: https://packages.debian.org/src:node-prismjs
   62: https://packages.debian.org/src:node-trim-newlines
   63: https://packages.debian.org/src:nvidia-cuda-toolkit
   64: https://packages.debian.org/src:nvidia-graphics-drivers-tesla-450
   65: https://packages.debian.org/src:nvidia-modprobe
   66: https://packages.debian.org/src:openboard
   67: https://packages.debian.org/src:openssl
   68: https://packages.debian.org/src:openvswitch
   69: https://packages.debian.org/src:ostree
   70: https://packages.debian.org/src:pdb2pqr
   71: https://packages.debian.org/src:php-crypt-gpg
   72: https://packages.debian.org/src:php-laravel-framework
   73: https://packages.debian.org/src:phpliteadmin
   74: https://packages.debian.org/src:prips
   75: https://packages.debian.org/src:pypy3
   76: https://packages.debian.org/src:python-django
   77: https://packages.debian.org/src:python-pip
   78: https://packages.debian.org/src:rust-cbindgen
   79: https://packages.debian.org/src:s390-dasd
   80: https://packages.debian.org/src:schleuder
   81: https://packages.debian.org/src:sphinx-bootstrap-theme
   82: https://packages.debian.org/src:spip
   83: https://packages.debian.org/src:symfony
   84: https://packages.debian.org/src:systemd
   85: https://packages.debian.org/src:sysvinit
   86: https://packages.debian.org/src:tasksel
   87: https://packages.debian.org/src:usb.ids
   88: https://packages.debian.org/src:weechat
   89: https://packages.debian.org/src:wolfssl
   90: https://packages.debian.org/src:xserver-xorg-video-intel
   91: https://packages.debian.org/src:xterm
   92: https://packages.debian.org/src:zziplib

Security Updates
----------------

This revision adds the following security updates to the stable release.
The Security Team has already released an advisory for each of these
updates:

+----------------+--------------------------+
| Advisory ID    | Package                  |
+----------------+--------------------------+
| DSA-5000 [93]  | openjdk-11 [94]          |
|                |                          |
| DSA-5001 [95]  | redis [96]               |
|                |                          |
| DSA-5012 [97]  | openjdk-17 [98]          |
|                |                          |
| DSA-5021 [99]  | mediawiki [100]          |
|                |                          |
| DSA-5023 [101] | modsecurity-apache [102] |
|                |                          |
| DSA-5024 [103] | apache-log4j2 [104]      |
|                |                          |
| DSA-5025 [105] | tang [106]               |
|                |                          |
| DSA-5027 [107] | xorg-server [108]        |
|                |                          |
| DSA-5028 [109] | spip [110]               |
|                |                          |
| DSA-5029 [111] | sogo [112]               |
|                |                          |
| DSA-5030 [113] | webkit2gtk [114]         |
|                |                          |
| DSA-5031 [115] | wpewebkit [116]          |
|                |                          |
| DSA-5033 [117] | fort-validator [118]     |
|                |                          |
| DSA-5035 [119] | apache2 [120]            |
|                |                          |
| DSA-5037 [121] | roundcube [122]          |
|                |                          |
| DSA-5038 [123] | ghostscript [124]        |
|                |                          |
| DSA-5039 [125] | wordpress [126]          |
|                |                          |
| DSA-5040 [127] | lighttpd [128]           |
|                |                          |
| DSA-5041 [129] | cfrpki [130]             |
|                |                          |
| DSA-5042 [131] | epiphany-browser [132]   |
|                |                          |
| DSA-5043 [133] | lxml [134]               |
|                |                          |
| DSA-5046 [135] | chromium [136]           |
|                |                          |
| DSA-5047 [137] | prosody [138]            |
|                |                          |
| DSA-5048 [139] | libreswan [140]          |
|                |                          |
| DSA-5049 [141] | flatpak-builder [142]    |
|                |                          |
| DSA-5049 [143] | flatpak [144]            |
|                |                          |
| DSA-5050 [145] | linux-signed-amd64 [146] |
|                |                          |
| DSA-5050 [147] | linux-signed-arm64 [148] |
|                |                          |
| DSA-5050 [149] | linux-signed-i386 [150]  |
|                |                          |
| DSA-5050 [151] | linux [152]              |
|                |                          |
| DSA-5051 [153] | aide [154]               |
|                |                          |
| DSA-5052 [155] | usbview [156]            |
|                |                          |
| DSA-5053 [157] | pillow [158]             |
|                |                          |
| DSA-5054 [159] | chromium [160]           |
|                |                          |
| DSA-5055 [161] | util-linux [162]         |
|                |                          |
| DSA-5056 [163] | strongswan [164]         |
|                |                          |
| DSA-5057 [165] | openjdk-11 [166]         |
|                |                          |
| DSA-5058 [167] | openjdk-17 [168]         |
|                |                          |
| DSA-5059 [169] | policykit-1 [170]        |
|                |                          |
| DSA-5060 [171] | webkit2gtk [172]         |
|                |                          |
| DSA-5061 [173] | wpewebkit [174]          |
|                |                          |
| DSA-5062 [175] | nss [176]                |
|                |                          |
| DSA-5063 [177] | uriparser [178]          |
|                |                          |
| DSA-5064 [179] | python-nbxmpp [180]      |
|                |                          |
| DSA-5065 [181] | ipython [182]            |
|                |                          |
| DSA-5067 [183] | ruby2.7 [184]            |
|                |                          |
| DSA-5068 [185] | chromium [186]           |
|                |                          |
| DSA-5070 [187] | cryptsetup [188]         |
|                |                          |
| DSA-5071 [189] | samba [190]              |
|                |                          |
| DSA-5072 [191] | debian-edu-config [192]  |
|                |                          |
| DSA-5073 [193] | expat [194]              |
|                |                          |
| DSA-5075 [195] | minetest [196]           |
|                |                          |
| DSA-5076 [197] | h2database [198]         |
|                |                          |
| DSA-5077 [199] | librecad [200]           |
|                |                          |
| DSA-5078 [201] | zsh [202]                |
|                |                          |
| DSA-5079 [203] | chromium [204]           |
|                |                          |
| DSA-5080 [205] | snapd [206]              |
|                |                          |
| DSA-5081 [207] | redis [208]              |
|                |                          |
| DSA-5082 [209] | php7.4 [210]             |
|                |                          |
| DSA-5083 [211] | webkit2gtk [212]         |
|                |                          |
| DSA-5084 [213] | wpewebkit [214]          |
|                |                          |
| DSA-5085 [215] | expat [216]              |
|                |                          |
| DSA-5087 [217] | cyrus-sasl2 [218]        |
|                |                          |
| DSA-5088 [219] | varnish [220]            |
|                |                          |
| DSA-5089 [221] | chromium [222]           |
|                |                          |
| DSA-5091 [223] | containerd [224]         |
|                |                          |
| DSA-5092 [225] | linux-signed-amd64 [226] |
|                |                          |
| DSA-5092 [227] | linux-signed-arm64 [228] |
|                |                          |
| DSA-5092 [229] | linux-signed-i386 [230]  |
|                |                          |
| DSA-5092 [231] | linux [232]              |
|                |                          |
| DSA-5093 [233] | spip [234]               |
|                |                          |
| DSA-5095 [235] | linux-signed-amd64 [236] |
|                |                          |
| DSA-5095 [237] | linux-signed-arm64 [238] |
|                |                          |
| DSA-5095 [239] | linux-signed-i386 [240]  |
|                |                          |
| DSA-5095 [241] | linux [242]              |
|                |                          |
| DSA-5098 [243] | tryton-server [244]      |
|                |                          |
| DSA-5099 [245] | tryton-proteus [246]     |
|                |                          |
| DSA-5100 [247] | nbd [248]                |
|                |                          |
| DSA-5101 [249] | libphp-adodb [250]       |
|                |                          |
| DSA-5102 [251] | haproxy [252]            |
|                |                          |
| DSA-5103 [253] | openssl [254]            |
|                |                          |
| DSA-5104 [255] | chromium [256]           |
|                |                          |
| DSA-5105 [257] | bind9 [258]              |
|                |                          |
+----------------+--------------------------+

   93: https://www.debian.org/security/2021/dsa-5000
   94: https://packages.debian.org/src:openjdk-11
   95: https://www.debian.org/security/2021/dsa-5001
   96: https://packages.debian.org/src:redis
   97: https://www.debian.org/security/2021/dsa-5012
   98: https://packages.debian.org/src:openjdk-17
   99: https://www.debian.org/security/2021/dsa-5021
  100: https://packages.debian.org/src:mediawiki
  101: https://www.debian.org/security/2021/dsa-5023
  102: https://packages.debian.org/src:modsecurity-apache
  103: https://www.debian.org/security/2021/dsa-5024
  104: https://packages.debian.org/src:apache-log4j2
  105: https://www.debian.org/security/2021/dsa-5025
  106: https://packages.debian.org/src:tang
  107: https://www.debian.org/security/2021/dsa-5027
  108: https://packages.debian.org/src:xorg-server
  109: https://www.debian.org/security/2021/dsa-5028
  110: https://packages.debian.org/src:spip
  111: https://www.debian.org/security/2021/dsa-5029
  112: https://packages.debian.org/src:sogo
  113: https://www.debian.org/security/2021/dsa-5030
  114: https://packages.debian.org/src:webkit2gtk
  115: https://www.debian.org/security/2021/dsa-5031
  116: https://packages.debian.org/src:wpewebkit
  117: https://www.debian.org/security/2021/dsa-5033
  118: https://packages.debian.org/src:fort-validator
  119: https://www.debian.org/security/2022/dsa-5035
  120: https://packages.debian.org/src:apache2
  121: https://www.debian.org/security/2022/dsa-5037
  122: https://packages.debian.org/src:roundcube
  123: https://www.debian.org/security/2022/dsa-5038
  124: https://packages.debian.org/src:ghostscript
  125: https://www.debian.org/security/2022/dsa-5039
  126: https://packages.debian.org/src:wordpress
  127: https://www.debian.org/security/2022/dsa-5040
  128: https://packages.debian.org/src:lighttpd
  129: https://www.debian.org/security/2022/dsa-5041
  130: https://packages.debian.org/src:cfrpki
  131: https://www.debian.org/security/2022/dsa-5042
  132: https://packages.debian.org/src:epiphany-browser
  133: https://www.debian.org/security/2022/dsa-5043
  134: https://packages.debian.org/src:lxml
  135: https://www.debian.org/security/2022/dsa-5046
  136: https://packages.debian.org/src:chromium
  137: https://www.debian.org/security/2022/dsa-5047
  138: https://packages.debian.org/src:prosody
  139: https://www.debian.org/security/2022/dsa-5048
  140: https://packages.debian.org/src:libreswan
  141: https://www.debian.org/security/2022/dsa-5049
  142: https://packages.debian.org/src:flatpak-builder
  143: https://www.debian.org/security/2022/dsa-5049
  144: https://packages.debian.org/src:flatpak
  145: https://www.debian.org/security/2022/dsa-5050
  146: https://packages.debian.org/src:linux-signed-amd64
  147: https://www.debian.org/security/2022/dsa-5050
  148: https://packages.debian.org/src:linux-signed-arm64
  149: https://www.debian.org/security/2022/dsa-5050
  150: https://packages.debian.org/src:linux-signed-i386
  151: https://www.debian.org/security/2022/dsa-5050
  152: https://packages.debian.org/src:linux
  153: https://www.debian.org/security/2022/dsa-5051
  154: https://packages.debian.org/src:aide
  155: https://www.debian.org/security/2022/dsa-5052
  156: https://packages.debian.org/src:usbview
  157: https://www.debian.org/security/2022/dsa-5053
  158: https://packages.debian.org/src:pillow
  159: https://www.debian.org/security/2022/dsa-5054
  160: https://packages.debian.org/src:chromium
  161: https://www.debian.org/security/2022/dsa-5055
  162: https://packages.debian.org/src:util-linux
  163: https://www.debian.org/security/2022/dsa-5056
  164: https://packages.debian.org/src:strongswan
  165: https://www.debian.org/security/2022/dsa-5057
  166: https://packages.debian.org/src:openjdk-11
  167: https://www.debian.org/security/2022/dsa-5058
  168: https://packages.debian.org/src:openjdk-17
  169: https://www.debian.org/security/2022/dsa-5059
  170: https://packages.debian.org/src:policykit-1
  171: https://www.debian.org/security/2022/dsa-5060
  172: https://packages.debian.org/src:webkit2gtk
  173: https://www.debian.org/security/2022/dsa-5061
  174: https://packages.debian.org/src:wpewebkit
  175: https://www.debian.org/security/2022/dsa-5062
  176: https://packages.debian.org/src:nss
  177: https://www.debian.org/security/2022/dsa-5063
  178: https://packages.debian.org/src:uriparser
  179: https://www.debian.org/security/2022/dsa-5064
  180: https://packages.debian.org/src:python-nbxmpp
  181: https://www.debian.org/security/2022/dsa-5065
  182: https://packages.debian.org/src:ipython
  183: https://www.debian.org/security/2022/dsa-5067
  184: https://packages.debian.org/src:ruby2.7
  185: https://www.debian.org/security/2022/dsa-5068
  186: https://packages.debian.org/src:chromium
  187: https://www.debian.org/security/2022/dsa-5070
  188: https://packages.debian.org/src:cryptsetup
  189: https://www.debian.org/security/2022/dsa-5071
  190: https://packages.debian.org/src:samba
  191: https://www.debian.org/security/2022/dsa-5072
  192: https://packages.debian.org/src:debian-edu-config
  193: https://www.debian.org/security/2022/dsa-5073
  194: https://packages.debian.org/src:expat
  195: https://www.debian.org/security/2022/dsa-5075
  196: https://packages.debian.org/src:minetest
  197: https://www.debian.org/security/2022/dsa-5076
  198: https://packages.debian.org/src:h2database
  199: https://www.debian.org/security/2022/dsa-5077
  200: https://packages.debian.org/src:librecad
  201: https://www.debian.org/security/2022/dsa-5078
  202: https://packages.debian.org/src:zsh
  203: https://www.debian.org/security/2022/dsa-5079
  204: https://packages.debian.org/src:chromium
  205: https://www.debian.org/security/2022/dsa-5080
  206: https://packages.debian.org/src:snapd
  207: https://www.debian.org/security/2022/dsa-5081
  208: https://packages.debian.org/src:redis
  209: https://www.debian.org/security/2022/dsa-5082
  210: https://packages.debian.org/src:php7.4
  211: https://www.debian.org/security/2022/dsa-5083
  212: https://packages.debian.org/src:webkit2gtk
  213: https://www.debian.org/security/2022/dsa-5084
  214: https://packages.debian.org/src:wpewebkit
  215: https://www.debian.org/security/2022/dsa-5085
  216: https://packages.debian.org/src:expat
  217: https://www.debian.org/security/2022/dsa-5087
  218: https://packages.debian.org/src:cyrus-sasl2
  219: https://www.debian.org/security/2022/dsa-5088
  220: https://packages.debian.org/src:varnish
  221: https://www.debian.org/security/2022/dsa-5089
  222: https://packages.debian.org/src:chromium
  223: https://www.debian.org/security/2022/dsa-5091
  224: https://packages.debian.org/src:containerd
  225: https://www.debian.org/security/2022/dsa-5092
  226: https://packages.debian.org/src:linux-signed-amd64
  227: https://www.debian.org/security/2022/dsa-5092
  228: https://packages.debian.org/src:linux-signed-arm64
  229: https://www.debian.org/security/2022/dsa-5092
  230: https://packages.debian.org/src:linux-signed-i386
  231: https://www.debian.org/security/2022/dsa-5092
  232: https://packages.debian.org/src:linux
  233: https://www.debian.org/security/2022/dsa-5093
  234: https://packages.debian.org/src:spip
  235: https://www.debian.org/security/2022/dsa-5095
  236: https://packages.debian.org/src:linux-signed-amd64
  237: https://www.debian.org/security/2022/dsa-5095
  238: https://packages.debian.org/src:linux-signed-arm64
  239: https://www.debian.org/security/2022/dsa-5095
  240: https://packages.debian.org/src:linux-signed-i386
  241: https://www.debian.org/security/2022/dsa-5095
  242: https://packages.debian.org/src:linux
  243: https://www.debian.org/security/2022/dsa-5098
  244: https://packages.debian.org/src:tryton-server
  245: https://www.debian.org/security/2022/dsa-5099
  246: https://packages.debian.org/src:tryton-proteus
  247: https://www.debian.org/security/2022/dsa-5100
  248: https://packages.debian.org/src:nbd
  249: https://www.debian.org/security/2022/dsa-5101
  250: https://packages.debian.org/src:libphp-adodb
  251: https://www.debian.org/security/2022/dsa-5102
  252: https://packages.debian.org/src:haproxy
  253: https://www.debian.org/security/2022/dsa-5103
  254: https://packages.debian.org/src:openssl
  255: https://www.debian.org/security/2022/dsa-5104
  256: https://packages.debian.org/src:chromium
  257: https://www.debian.org/security/2022/dsa-5105
  258: https://packages.debian.org/src:bind9

Removed packages
----------------

The following packages were removed due to circumstances beyond our
control:

+----------------------------+------------------+
| Package                    | Reason           |
+----------------------------+------------------+
| angular-maven-plugin [259] | No longer useful |
|                            |                  |
| minify-maven-plugin [260]  | No longer useful |
|                            |                  |
+----------------------------+------------------+

  259: https://packages.debian.org/src:angular-maven-plugin
  260: https://packages.debian.org/src:minify-maven-plugin

Debian Installer
----------------

The installer has been updated to include the fixes incorporated into
stable by the point release.


URLs
----

The complete lists of packages that have changed with this revision:

https://deb.debian.org/debian/dists/bullseye/ChangeLog


The current stable distribution:

https://deb.debian.org/debian/dists/stable/


Proposed updates to the stable distribution:

https://deb.debian.org/debian/dists/proposed-updates


stable distribution information (release notes, errata etc.):

https://www.debian.org/releases/stable/


Security announcements and information:

https://www.debian.org/security/



About Debian
------------

The Debian Project is an association of Free Software developers who
volunteer their time and effort in order to produce the completely free
operating system Debian.


Contact Information
-------------------

For further information, please visit the Debian web pages at
https://www.debian.org/, send mail to <press@debian.org>, or contact the
stable release team at <debian-release@lists.debian.org>.
Attachment: OpenPGP_signature
Description: OpenPGP digital signature
Reply to:
Next by Date: Updated Debian 10: 10.12 released
Next by thread: Updated Debian 10: 10.12 released
Index(es):
- Date
- Thread