|
软件包
|
原因
|
|
apt-cacher-ng
|
Enforce secured call to the server in maintenance job triggering [CVE-2020-5202]; allow .zst compression for tarballs; increase size of the decompression line buffer for configuration file reading
|
|
backuppc
|
Pass the username to start-stop-daemon when reloading, preventing reload failures
|
|
base-files
|
Update for the point release
|
|
brltty
|
Reduce severity of log message to avoid generating too many messages when used with new Orca versions
|
|
checkstyle
|
Fix XML External Entity injection issue [CVE-2019-9658 CVE-2019-10782]
|
|
choose-mirror
|
Update included mirror list
|
|
clamav
|
New upstream release [CVE-2020-3123]
|
|
corosync
|
totemsrp: Reduce MTU to avoid generating oversized packets
|
|
corosync-qdevice
|
Fix service startup
|
|
csync2
|
Fail HELLO command when SSL is required
|
|
cups
|
Fix heap buffer overflow [CVE-2020-3898] and the `ippReadIO` function may under-read an extension field [CVE-2019-8842]
|
|
dav4tbsync
|
New upstream release, restoring compatibility with newer Thunderbird versions
|
|
debian-edu-config
|
Add policy files for Firefox ESR and Thunderbird to fix the TLS/SSL setup
|
|
debian-installer
|
Update for the 4.19.0-9 kernel ABI
|
|
debian-installer-netboot-images
|
Rebuild against proposed-updates
|
|
debian-security-support
|
New upstream stable release; update status of several packages; use runuser rather than su
|
|
distro-info-data
|
Add Ubuntu 20.10, and likely end of support date for stretch
|
|
dojo
|
Fix improper regular expression usage [CVE-2019-10785]
|
|
dpdk
|
New upstream stable release
|
|
dtv-scan-tables
|
New upstream snapshot; add all current German DVB-T2 muxes and the Eutelsat-5-West-A satellite
|
|
eas4tbsync
|
New upstream release, restoring compatibility with newer Thunderbird versions
|
|
edk2
|
Security fixes [CVE-2019-14558 CVE-2019-14559 CVE-2019-14563 CVE-2019-14575 CVE-2019-14586 CVE-2019-14587]
|
|
el-api
|
Fix stretch to buster upgrades that involve Tomcat 8
|
|
fex
|
Fix a potential security issue in fexsrv
|
|
filezilla
|
Fix untrusted search path vulnerability [CVE-2019-5429]
|
|
frr
|
Fix extended next hop capability
|
|
fuse
|
Remove outdated udevadm commands from post-install scripts; don't explicitly remove fuse.conf on purge
|
|
fuse3
|
Remove outdated udevadm commands from post-install scripts; don't explicitly remove fuse.conf on purge; fix memory leak in fuse_session_new()
|
|
golang-github-prometheus-common
|
Extend validity of test certificates
|
|
gosa
|
Replace (un)serialize with json_encode/json_decode to mitigate PHP object injection [CVE-2019-14466]
|
|
hbci4java
|
Support EU directive on payment services (PSD2)
|
|
hibiscus
|
Support EU directive on payment services (PSD2)
|
|
iputils
|
Correct an issue in which ping would improperly exit with a failure code when there were untried addresses still available in the getaddrinfo() library call return value
|
|
ircd-hybrid
|
Use dhparam.pem to avoid crash on startup
|
|
jekyll
|
Allow use of ruby-i18n 0.x and 1.x
|
|
jsp-api
|
Fix stretch to buster upgrades that involve Tomcat 8
|
|
lemonldap-ng
|
Prevent unwanted access to administration endpoints [CVE-2019-19791]; fix the GrantSession plugin which could not prohibit logon when two factor authentication was used; fix arbitrary redirects with OIDC if redirect_uri was not used
|
|
libdatetime-timezone-perl
|
Update included data
|
|
libreoffice
|
Fix OpenGL slide transitions
|
|
libssh
|
Fix possible denial of service issue when handling AES-CTR keys with OpenSSL [CVE-2020-1730]
|
|
libvncserver
|
Fix heap overflow [CVE-2019-15690]
|
|
linux
|
New upstream stable release
|
|
linux-latest
|
Update kernel ABI to 4.19.0-9
|
|
linux-signed-amd64
|
New upstream stable release
|
|
linux-signed-arm64
|
New upstream stable release
|
|
linux-signed-i386
|
New upstream stable release
|
|
lwip
|
Fix buffer overflow [CVE-2020-8597]
|
|
lxc-templates
|
New upstream stable release; handle languages that are only UTF-8 encoded
|
|
manila
|
Fix missing access permissions check [CVE-2020-9543]
|
|
megatools
|
Add support for the new format of mega.nz links
|
|
mew
|
Fix server SSL certificate validity checking
|
|
mew-beta
|
Fix server SSL certificate validity checking
|
|
mkvtoolnix
|
Rebuild to tighten libmatroska6v5 dependency
|
|
ncbi-blast+
|
Disable SSE4.2 support
|
|
node-anymatch
|
Remove unnecessary dependencies
|
|
node-dot
|
Prevent code execution after prototype pollution [CVE-2020-8141]
|
|
node-dot-prop
|
Fix prototype pollution [CVE-2020-8116]
|
|
node-knockout
|
Fix escaping with older Internet Explorer versions [CVE-2019-14862]
|
|
node-mongodb
|
Reject invalid _bsontypes [CVE-2019-2391 CVE-2020-7610]
|
|
node-yargs-parser
|
Fix prototype pollution [CVE-2020-7608]
|
|
npm
|
Fix arbitrary path access [CVE-2019-16775 CVE-2019-16776 CVE-2019-16777]
|
|
nvidia-graphics-drivers
|
New upstream stable release
|
|
nvidia-graphics-drivers-legacy-390xx
|
New upstream stable release
|
|
nvidia-settings-legacy-340xx
|
New upstream release
|
|
oar
|
Revert to stretch behavior for Storable::dclone perl function, fixing recursion depth issues
|
|
opam
|
Prefer mccs over aspcud
|
|
openvswitch
|
Fix vswitchd abort when a port is added and the controller is down
|
|
orocos-kdl
|
Fix string conversion with Python 3
|
|
owfs
|
Remove broken Python 3 packages
|
|
pango1.0
|
Fix crash in pango_fc_font_key_get_variations() when key is null
|
|
pgcli
|
Add missing dependency on python3-pkg-resources
|
|
php-horde-data
|
Fix authenticated remote code execution vulnerability [CVE-2020-8518]
|
|
php-horde-form
|
Fix authenticated remote code execution vulnerability [CVE-2020-8866]
|
|
php-horde-trean
|
Fix authenticated remote code execution vulnerability [CVE-2020-8865]
|
|
postfix
|
New upstream stable release; fix panic with Postfix multi-Milter configuration during MAIL FROM; fix d/init.d running change so it works with multi-instance again
|
|
proftpd-dfsg
|
Fix memory access issue in keyboard-interative code in mod_sftp; properly handle DEBUG, IGNORE, DISCONNECT, and UNIMPLEMENTED messages in keyboard-interactive mode
|
|
puma
|
Fix Denial of Service issue [CVE-2019-16770]
|
|
purple-discord
|
Fix crashes in ssl_nss_read
|
|
python-oslo.utils
|
Fix leak of sensitive information via mistral logs [CVE-2019-3866]
|
|
rails
|
Fix possible cross-site scripting via Javascript escape helper [CVE-2020-5267]
|
|
rake
|
Fix command injection vulnerability [CVE-2020-8130]
|
|
raspi3-firmware
|
Fix dtb names mismatch in z50-raspi-firmware; fix boot on Raspberry Pi families 1 and 0
|
|
resource-agents
|
Fix ethmonitor does not list interfaces without assigned IP address ; remove no longer required xen-toolstack patch; fix non-standard usage in ZFS agent
|
|
rootskel
|
Disable multiple console support if preseeding is in use
|
|
ruby-i18n
|
Fix gemspec generation
|
|
rubygems-integration
|
Avoid deprecation warnings when users install a newer version of Rubygems via gem update --system
|
|
schleuder
|
Improve patch to handle encoding errors introduced in the previous version; switch default encoding to UTF-8; let x-add-key handle mails with attached, quoted-printable encoded keys; fix x-attach-listkey with mails created by Thunderbird that include protected headers
|
|
scilab
|
Fix library loading with OpenJDK 11.0.7
|
|
serverspec-runner
|
Support Ruby 2.5
|
|
softflowd
|
Fix broken flow aggregation which might result in flow table overflow and 100% CPU usage
|
|
speech-dispatcher
|
Fix default pulseaudio latency which triggers scratchy output
|
|
spl-linux
|
Fix deadlock
|
|
sssd
|
Fix sssd_be busy-looping when LDAP connection is intermittent
|
|
systemd
|
when authorizing via PolicyKit re-resolve callback/userdata instead of caching it [CVE-2020-1712]; install 60-block.rules in udev-udeb and initramfs-tools
|
|
taglib
|
Fix corruption issues with OGG files
|
|
tbsync
|
New upstream release, restoring compatibility with newer Thunderbird versions
|
|
timeshift
|
Fix predictable temporary directory use [CVE-2020-10174]
|
|
tinyproxy
|
Only set PIDDIR, if PIDFILE is a non-zero length string
|
|
tzdata
|
New upstream stable release
|
|
uim
|
unregister modules that are not installed, fixing a regression in the previous upload
|
|
user-mode-linux
|
Fix build failure with current stable kernels
|
|
vite
|
Fix crash when there are more than 32 elements
|
|
waagent
|
New upstream release; support co-installation with cloud-init
|
|
websocket-api
|
Fix stretch to buster upgrades that involve Tomcat 8
|
|
wpa
|
Do not try to detect PSK mismatch during PTK rekeying; check for FT support when selecting FT suites; fix MAC randomisation issue with some cards
|
|
xdg-utils
|
xdg-open: fix pcmanfm check and handling of directories with spaces in their names; xdg-screensaver: Sanitise window name before sending it over D-Bus; xdg-mime: Create config directory if it does not exist yet
|
|
xtrlock
|
Fix blocking of (some) multitouch devices while locked [CVE-2016-10894]
|
|
zfs-linux
|
Fix potential deadlock issues
|
