Debian 10 更新:10.2 發佈

2019年11月16日

Debian 項目很高興地宣佈對 Debian 10 穩定版的第二次更新(發行版代號 buster)。此次小版本更新主要添加了對安全問題的修正補丁,以及為一些嚴重問題所作的調整。安全通告已單獨發佈,並會在適當的情況下予以引用。

請注意,此更新並不是 Debian 10 的新版本,它僅更新了所包含的一些套件。沒有必要丟棄舊的buster的安裝介質。在安裝之後,只需使用最新的 Debian 映射站台更新舊的套件即可。

經常從 security.debian.org 安裝更新的使用者將不必更新許多套件,因本更新中包含了 security.debian.org 的大多數更新。

新的安裝映射站台即將於常規的位置予以提供。

只需令套件管理系統指向 Debian 的許多 HTTP 映射站台之一,您便能夠把已有的系統升級至本次更新版本。詳盡的映射站台列表可以在以下網址處獲得:

https://www.debian.org/mirror/list

雜項錯誤修正

此穩定版更新為以下套件添加了一些重要的修正:

套件 原因
aegisub Fix crash when selecting a language from the bottom of the Spell checker language list; fix crash when right-clicking in the subtitles text box
akonadi Fix various crashes / deadlock issues
base-files Update /etc/debian_version for the point release
capistrano Fix failure to remove old releases when there were too many
cron 停止使用過時的 SELinux API
cyrus-imapd Fix data loss on upgrade from version 3.0.0 or earlier
debian-edu-config Handle newer Firefox ESR configuration files; add post-up stanza to /etc/network/interfaces eth0 entry conditionally
debian-installer 修復使用 EFI 引導的 netboot 映像時在 hidpi 顯示器上出現的不可讀字型
debian-installer-netboot-images Rebuild against proposed-updates
distro-info-data Add Ubuntu 20.04 LTS, Focal Fossa
dkimpy-milter 新上游穩定釋出版本; fix sysvinit support; catch more ASCII encoding errors to improve resilience against bad data; fix message extraction so that signing in the same pass through the milter as verifying works correctly
emacs Update the EPLA packaging key
fence-agents Fix incomplete removal of fence_amt_ws
flatpak 新上游穩定釋出版本
flightcrew Security fixes [CVE-2019-13032 CVE-2019-13241]
fonts-noto-cjk 修復中文環境下在現代瀏覽器中 Noto CJK 字型的過於激進的字型選擇問題
freetype Properly handle phantom points for variable hinted fonts
gdb Rebuild against new libbabeltrace, with higher version number to avoid conflict with earlier upload
glib2.0 Ensure libdbus clients can authenticate with a GDBusServer like the one in ibus
gnome-shell 新上游穩定釋出版本; fix truncation of long messages in Shell-modal dialogs; avoid crash on reallocation of dead actors
gnome-sound-recorder Fix crash when selecting a recording
gnustep-base Disable gdomap daemon that was accidentally enabled on upgrades from stretch
graphite-web Remove unused send_email function [CVE-2017-18638]; avoid hourly error in cron when there is no whisper database
inn2 Fix negotiation of DHE ciphersuites
libapache-mod-auth-kerb Fix use after free bug leading to crash
libdate-holidays-de-perl Mark International Childrens Day (Sep 20th) as a holiday in Thuringia from 2019 onwards
libdatetime-timezone-perl Update included data
libofx Fix null pointer dereference issue [CVE-2019-9656]
libreoffice Fix the postgresql driver with PostgreSQL 12
libsixel Fix several security issues [CVE-2018-19756 CVE-2018-19757 CVE-2018-19759 CVE-2018-19761 CVE-2018-19762 CVE-2018-19763 CVE-2019-3573 CVE-2019-3574]
libxslt Fix dangling pointer in xsltCopyText [CVE-2019-18197]
lucene-solr Disable obsolete call to ContextHandler in solr-jetty9.xml; fix Jetty permissions on SOLR index
mariadb-10.3 新上游穩定釋出版本
modsecurity-crs Fix PHP script upload rules [CVE-2019-13464]
mutter 新上游穩定釋出版本
ncurses Fix several security issues [CVE-2019-17594 CVE-2019-17595] and other issues in tic
ndppd Avoid world writable PID file, that was breaking daemon init scripts
network-manager Fix file permissions for /var/lib/NetworkManager/secret_key and /var/lib/NetworkManager
node-fstream Fix arbitrary file overwrite issue [CVE-2019-13173]
node-set-value Fix prototype pollution [CVE-2019-10747]
node-yarnpkg Force using HTTPS for regular registries
nx-libs Fix regressions introduced in previous upload, affecting x2go
open-vm-tools Fix memory leaks and error handling
openvswitch Update debian/ifupdown.sh to allow setting-up the MTU; fix Python dependencies to use Python 3
picard Update translations to fix crash with Spanish locale
plasma-applet-redshift-control Fix manual mode when used with redshift versions above 1.12
postfix 新上游穩定釋出版本; work around poor TCP loopback performance
python-cryptography Fix test suite failures when built against newer OpenSSL versions; fix a memory leak triggerable when parsing x509 certificate extensions like AIA
python-flask-rdf Add Depends on python{3,}-rdflib
python-oslo.messaging 新上游穩定釋出版本; fix switch connection destination when a rabbitmq cluster node disappears
python-werkzeug Ensure Docker containers have unique debugger PINs [CVE-2019-14806]
python2.7 Fix several security issues [CVE-2018-20852 CVE-2019-10160 CVE-2019-16056 CVE-2019-16935 CVE-2019-9740 CVE-2019-9947]
quota Fix rpc.rquotad spinning at 100% CPU
rpcbind Allow remote calls to be enabled at run-time
shelldap Repair SASL authentications, add a 'sasluser' option
sogo Fix display of PGP-signed e-mails
spf-engine 新上游穩定釋出版本; fix sysvinit support
standardskriver Fix deprecation warning from config.RawConfigParser; use external ip command rather than deprecated ifconfig command
swi-prolog Use HTTPS when contacting upstream pack servers
systemd core: never propagate reload failure to service result; fix sync_file_range failures in nspawn containers on arm, ppc; fix RootDirectory not working when used in combination with User; ensure that access controls on systemd-resolved's D-Bus interface are enforced correctly [CVE-2019-15718]; fix StopWhenUnneeded=true for mount units; make MountFlags=shared work again
tmpreaper Prevent breaking of systemd services that use PrivateTmp=true
trapperkeeper-webserver-jetty9-clojure Restore SSL compatibility with newer Jetty versions
tzdata 新上游發行版本
ublock-origin 新上游版本,與 Firefox ESR68 兼容
uim Resurrect libuim-data as a transitional package, fixing some issues after upgrades to buster
vanguards 新上游穩定釋出版本; prevent a reload of tor's configuration via SIGHUP causing a denial-of-service for vanguards protections

安全更新

此修訂版本將以下安全更新添加到了穩定發行版本中。安全團隊已經分別為這些更新發布了通告:

通告編號 套件
DSA-4509 apache2
DSA-4511 nghttp2
DSA-4512 qemu
DSA-4514 varnish
DSA-4515 webkit2gtk
DSA-4516 firefox-esr
DSA-4517 exim4
DSA-4518 ghostscript
DSA-4519 libreoffice
DSA-4520 trafficserver
DSA-4521 docker.io
DSA-4523 thunderbird
DSA-4524 dino-im
DSA-4525 ibus
DSA-4526 opendmarc
DSA-4527 php7.3
DSA-4528 bird
DSA-4530 expat
DSA-4531 linux-signed-amd64
DSA-4531 linux-signed-i386
DSA-4531 linux
DSA-4531 linux-signed-arm64
DSA-4532 spip
DSA-4533 lemonldap-ng
DSA-4534 golang-1.11
DSA-4535 e2fsprogs
DSA-4536 exim4
DSA-4538 wpa
DSA-4539 openssl
DSA-4539 openssh
DSA-4541 libapreq2
DSA-4542 jackson-databind
DSA-4543 sudo
DSA-4544 unbound
DSA-4545 mediawiki
DSA-4547 tcpdump
DSA-4549 firefox-esr
DSA-4550 file
DSA-4551 golang-1.11
DSA-4553 php7.3
DSA-4554 ruby-loofah
DSA-4555 pam-python
DSA-4556 qtbase-opensource-src
DSA-4557 libarchive
DSA-4558 webkit2gtk
DSA-4559 proftpd-dfsg
DSA-4560 simplesamlphp
DSA-4561 fribidi
DSA-4562 chromium

刪除的套件

由於我們無法控制的情況,以下套件已被刪除:

套件 原因
firefox-esr [armel] 由於 nodejs 構建依賴的緣故不再受支持

Debian 安裝器

安裝器已經更新,以配合發佈時包含在穩定版本中的修正內容。

鏈接

此修訂版本中有更改的套件的完整列表:

http://ftp.debian.org/debian/dists/buster/ChangeLog

當前穩定發行版:

http://ftp.debian.org/debian/dists/stable/

擬議的穩定發行版更新:

http://ftp.debian.org/debian/dists/proposed-updates

穩定發行版信息(發行說明,勘誤等):

https://www.debian.org/releases/stable/

安全公告及信息:

https://www.debian.org/security/

關於 Debian

Debian 項目是一個自由軟體開發者組織,這些志願者為製作完全自由免費的 Debian 作業系統而自願貢獻時間和精力。

聯繫信息

更多信息,請訪問 Debian 主頁 https://www.debian.org/、發送郵件至 <press@debian.org> ,或聯繫穩定版本發佈團隊 <debian-release@lists.debian.org>。