Debian 10 更新:10.2 发布
2019年11月16日
Debian 项目很高兴地宣布对 Debian 10 稳定版的第二次更新(发行版代号 buster
)。此次小版本更新主要添加了对安全问题的修正补丁,以及为一些严重问题所作的调整。安全通告已单独发布,并会在适当的情况下予以引用。
请注意,此更新并不是 Debian 10 的新版本,它仅更新了所包含的一些软件包。没有必要丢弃旧的buster
的安装介质。在安装之后,只需使用最新的 Debian 镜像更新旧的软件包即可。
经常从 security.debian.org 安装更新的用户将不必更新许多软件包,因本更新中包含了 security.debian.org 的大多数更新。
新的安装镜像即将于常规的位置予以提供。
只需令软件包管理系统指向 Debian 的许多 HTTP 镜像站点之一,您便能够把已有的系统升级至本次更新版本。详尽的镜像列表可以在以下网址处获得:
杂项错误修正
此稳定版更新为以下软件包添加了一些重要的修正:
软件包 | 原因 |
---|---|
aegisub | Fix crash when selecting a language from the bottom of the Spell checker languagelist; fix crash when right-clicking in the subtitles text box |
akonadi | Fix various crashes / deadlock issues |
base-files | Update /etc/debian_version for the point release |
capistrano | Fix failure to remove old releases when there were too many |
cron | 停止使用过时的 SELinux API |
cyrus-imapd | Fix data loss on upgrade from version 3.0.0 or earlier |
debian-edu-config | Handle newer Firefox ESR configuration files; add post-up stanza to /etc/network/interfaces eth0 entry conditionally |
debian-installer | 修复使用 EFI 引导的 netboot 映像时在 hidpi 显示器上出现的不可读字体 |
debian-installer-netboot-images | Rebuild against proposed-updates |
distro-info-data | Add Ubuntu 20.04 LTS, Focal Fossa |
dkimpy-milter | 新上游稳定释出版本; fix sysvinit support; catch more ASCII encoding errors to improve resilience against bad data; fix message extraction so that signing in the same pass through the milter as verifying works correctly |
emacs | Update the EPLA packaging key |
fence-agents | Fix incomplete removal of fence_amt_ws |
flatpak | 新上游稳定释出版本 |
flightcrew | Security fixes [CVE-2019-13032 CVE-2019-13241] |
fonts-noto-cjk | 修复中文环境下在现代浏览器中 Noto CJK 字体的过于激进的字体选择问题 |
freetype | Properly handle phantom points for variable hinted fonts |
gdb | Rebuild against new libbabeltrace, with higher version number to avoid conflict with earlier upload |
glib2.0 | Ensure libdbus clients can authenticate with a GDBusServer like the one in ibus |
gnome-shell | 新上游稳定释出版本; fix truncation of long messages in Shell-modal dialogs; avoid crash on reallocation of dead actors |
gnome-sound-recorder | Fix crash when selecting a recording |
gnustep-base | Disable gdomap daemon that was accidentally enabled on upgrades from stretch |
graphite-web | Remove unused send_emailfunction [CVE-2017-18638]; avoid hourly error in cron when there is no whisper database |
inn2 | Fix negotiation of DHE ciphersuites |
libapache-mod-auth-kerb | Fix use after free bug leading to crash |
libdate-holidays-de-perl | Mark International Childrens Day (Sep 20th) as a holiday in Thuringia from 2019 onwards |
libdatetime-timezone-perl | Update included data |
libofx | Fix null pointer dereference issue [CVE-2019-9656] |
libreoffice | Fix the postgresql driver with PostgreSQL 12 |
libsixel | Fix several security issues [CVE-2018-19756 CVE-2018-19757 CVE-2018-19759 CVE-2018-19761 CVE-2018-19762 CVE-2018-19763 CVE-2019-3573 CVE-2019-3574] |
libxslt | Fix dangling pointer in xsltCopyText [CVE-2019-18197] |
lucene-solr | Disable obsolete call to ContextHandler in solr-jetty9.xml; fix Jetty permissions on SOLR index |
mariadb-10.3 | 新上游稳定释出版本 |
modsecurity-crs | Fix PHP script upload rules [CVE-2019-13464] |
mutter | 新上游稳定释出版本 |
ncurses | Fix several security issues [CVE-2019-17594 CVE-2019-17595] and other issues in tic |
ndppd | Avoid world writable PID file, that was breaking daemon init scripts |
network-manager | Fix file permissions for /var/lib/NetworkManager/secret_keyand /var/lib/NetworkManager |
node-fstream | Fix arbitrary file overwrite issue [CVE-2019-13173] |
node-set-value | Fix prototype pollution [CVE-2019-10747] |
node-yarnpkg | Force using HTTPS for regular registries |
nx-libs | Fix regressions introduced in previous upload, affecting x2go |
open-vm-tools | Fix memory leaks and error handling |
openvswitch | Update debian/ifupdown.sh to allow setting-up the MTU; fix Python dependencies to use Python 3 |
picard | Update translations to fix crash with Spanish locale |
plasma-applet-redshift-control | Fix manual mode when used with redshift versions above 1.12 |
postfix | 新上游稳定释出版本; work around poor TCP loopback performance |
python-cryptography | Fix test suite failures when built against newer OpenSSL versions; fix a memory leak triggerable when parsing x509 certificate extensions like AIA |
python-flask-rdf | Add Depends on python{3,}-rdflib |
python-oslo.messaging | 新上游稳定释出版本; fix switch connection destination when a rabbitmq cluster node disappears |
python-werkzeug | Ensure Docker containers have unique debugger PINs [CVE-2019-14806] |
python2.7 | Fix several security issues [CVE-2018-20852 CVE-2019-10160 CVE-2019-16056 CVE-2019-16935 CVE-2019-9740 CVE-2019-9947] |
quota | Fix rpc.rquotad spinning at 100% CPU |
rpcbind | Allow remote calls to be enabled at run-time |
shelldap | Repair SASL authentications, add a 'sasluser' option |
sogo | Fix display of PGP-signed e-mails |
spf-engine | 新上游稳定释出版本; fix sysvinit support |
standardskriver | Fix deprecation warning from config.RawConfigParser; use external ipcommand rather than deprecated ifconfigcommand |
swi-prolog | Use HTTPS when contacting upstream pack servers |
systemd | core: never propagate reload failure to service result; fix sync_file_range failures in nspawn containers on arm, ppc; fix RootDirectory not working when used in combination with User; ensure that access controls on systemd-resolved's D-Bus interface are enforced correctly [CVE-2019-15718]; fix StopWhenUnneeded=true for mount units; make MountFlags=shared work again |
tmpreaper | Prevent breaking of systemd services that use PrivateTmp=true |
trapperkeeper-webserver-jetty9-clojure | Restore SSL compatibility with newer Jetty versions |
tzdata | 新上游发行版本 |
ublock-origin | 新上游版本,与 Firefox ESR68 兼容 |
uim | Resurrect libuim-data as a transitional package, fixing some issues after upgrades to buster |
vanguards | 新上游稳定释出版本; prevent a reload of tor's configuration via SIGHUP causing a denial-of-service for vanguards protections |
安全更新
此修订版本将以下安全更新添加到了稳定发行版本中。安全团队已经分别为这些更新发布了通告:
删除的软件包
由于我们无法控制的情况,以下软件包已被删除:
软件包 | 原因 |
---|---|
firefox-esr | [armel] 由于 nodejs 构建依赖的缘故不再受支持 |
Debian 安装器
安装器已经更新,以配合发布时包含在稳定版本中的修正内容。
链接
此修订版本中有更改的软件包的完整列表:
当前稳定发行版:
拟议的稳定发行版更新:
稳定发行版信息(发行说明,勘误等):
安全公告及信息:
关于 Debian
Debian 项目是一个自由软件开发者组织,这些志愿者为制作完全自由免费的 Debian 操作系统而自愿贡献时间和精力。
联系信息
更多信息,请访问 Debian 主页 https://www.debian.org/、发送邮件至 <press@debian.org> ,或联系稳定版本发布团队 <debian-release@lists.debian.org>。