Jeśli często instalujesz aktualizację z security.debian.org, nie będziesz musiał aktualizować wielu pakietów, a większość takich aktualizacji znajduje się w w/w wydaniu

Nowe obrazy instalacyjne będą dostępne już wkrętce

Uaktualnienie istniejącej instalacji do aktualnej wersji można wykonać z wielu serwerów lustrzanych dostępnych pod adresem

Poprawski błędów

Lista poprawionych pakietów

• aegisub - Fix crash when selecting a language from the bottom of the "Spell checker language" list; fix crash when right-clicking in the subtitles text box
• akonadi - Fix various crashes / deadlock issues
• base-files - Update /etc/debian_version for the point release
• capistrano - Fix failure to remove old releases when there were too many
• cron - Stop using obsolete SELinux API
• cyrus-imapd - Fix data loss on upgrade from version 3.0.0 or earlier
• debian-edu-config - Handle newer Firefox ESR configuration files; add post-up stanza to /etc/network/interfaces eth0 entry conditionally
• debian-installer - Fix unreadable fonts on hidpi displays in netboot images booted with EFI
• debian-installer-netboot-images - Rebuild against proposed-updates
• distro-info-data - Add Ubuntu 20.04 LTS, Focal Fossa
• dkimpy-milter - New upstream stable release; fix sysvinit support; catch more ASCII encoding errors to improve resilience against bad data; fix message extraction so that signing in the same pass through the milter as verifying works correctly
• emacs - Update the EPLA packaging key
• fence-agents - Fix incomplete removal of fence_amt_ws
• flatpak - New upstream stable release
• flightcrew - Security fixes [CVE-2019-13032 CVE-2019-13241]
• fonts-noto-cjk - Fix over-aggressive font selection of Noto CJK fonts in modern web browsers under Chinese locale
• freetype - Properly handle phantom points for variable hinted fonts
• gdb - Rebuild against new libbabeltrace, with higher version number to avoid conflict with earlier upload
• glib2.0 - Ensure libdbus clients can authenticate with a GDBusServer like the one in ibus
• gnome-shell - New upstream stable release; fix truncation of long messages in Shell-modal dialogs; avoid crash on reallocation of dead actors
• gnome-sound-recorder - Fix crash when selecting a recording
• gnustep-base - Disable gdomap daemon that was accidentally enabled on upgrades from stretch
• graphite-web - Remove unused "send_email" function [CVE-2017-18638]; avoid hourly error in cron when there is no whisper database
• inn2 - Fix negotiation of DHE ciphersuites
• libapache-mod-auth-kerb - Fix use after free bug leading to crash
• libdate-holidays-de-perl - Mark International Childrens Day (Sep 20th) as a holiday in Thuringia from 2019 onwards
• libdatetime-timezone-perl - Update included data
• libofx - Fix null pointer dereference issue [CVE-2019-9656]
• libreoffice - Fix the postgresql driver with PostgreSQL 12
• libsixel - Fix several security issues [CVE-2018-19756 CVE-2018-19757 CVE-2018-19759 CVE-2018-19761 CVE-2018-19762 CVE-2018-19763 CVE-2019-3573 CVE-2019-3574]
• libxslt - Fix dangling pointer in xsltCopyText [CVE-2019-18197]
• lucene-solr - Disable obsolete call to ContextHandler in solr-jetty9.xml; fix Jetty permissions on SOLR index
• mariadb-10.3 - New upstream stable release
• modsecurity-crs - Fix PHP script upload rules [CVE-2019-13464]
• mutter - New upstream stable release
• ncurses - Fix several security issues [CVE-2019-17594 CVE-2019-17595] and other issues in tic
• ndppd - Avoid world writable PID file, that was breaking daemon init scripts
• network-manager - Fix file permissions for "/var/lib/NetworkManager/secret_key" and /var/lib/NetworkManager
• node-fstream - Fix arbitrary file overwrite issue [CVE-2019-13173]
• node-set-value - Fix prototype pollution [CVE-2019-10747]
• node-yarnpkg - Force using HTTPS for regular registries
• nx-libs - Fix regressions introduced in previous upload, affecting x2go
• open-vm-tools - Fix memory leaks and error handling
• openvswitch - Update debian/ifupdown.sh to allow setting-up the MTU; fix Python dependencies to use Python 3
• picard - Update translations to fix crash with Spanish locale
• plasma-applet-redshift-control - Fix manual mode when used with redshift versions above 1.12
• postfix - New upstream stable release; work around poor TCP loopback performance
• python-cryptography - Fix test suite failures when built against newer OpenSSL versions; fix a memory leak triggerable when parsing x509 certificate extensions like AIA
• python-flask-rdf - Add Depends on python{3,}-rdflib
• python-oslo.messaging - New upstream stable release; fix switch connection destination when a rabbitmq cluster node disappears
• python-werkzeug - Ensure Docker containers have unique debugger PINs [CVE-2019-14806]
• python2.7 - Fix several security issues [CVE-2018-20852 CVE-2019-10160 CVE-2019-16056 CVE-2019-16935 CVE-2019-9740 CVE-2019-9947]
• quota - Fix rpc.rquotad spinning at 100% CPU
• rpcbind - Allow remote calls to be enabled at run-time
• shelldap - Repair SASL authentications, add a 'sasluser' option
• sogo - Fix display of PGP-signed e-mails
• spf-engine - New upstream stable release; fix sysvinit support
• standardskriver - Fix deprecation warning from config.RawConfigParser; use external "ip" command rather than deprecated "ifconfig" command
• swi-prolog - Use HTTPS when contacting upstream pack servers
• systemd - core: never propagate reload failure to service result; fix sync_file_range failures in nspawn containers on arm, ppc; fix RootDirectory not working when used in combination with User; ensure that access controls on systemd-resolved's D-Bus interface are enforced correctly [CVE-2019-15718]; fix StopWhenUnneeded=true for mount units; make MountFlags=shared work again
• tmpreaper - Prevent breaking of systemd services that use PrivateTmp=true
• trapperkeeper-webserver-jetty9-clojure - Restore SSL compatibility with newer Jetty versions
• tzdata - New upstream release
• ublock-origin - New upstream version, compatible with Firefox ESR68
• uim - Resurrect libuim-data as a transitional package, fixing some issues after upgrades to buster
• vanguards - New upstream stable release; prevent a reload of tor's configuration via SIGHUP causing a denial-of-service for vanguards protections

Usunięte pakiety

• firefox-esr - [armel] No longer supportable due to nodejs build-dependency