10.7 0 Iso

December 5th, 2020

  1. 1070 Southern Boulevard
  2. 1070 Song Fire

The Debian project is pleased to announce the seventh update of itsstable distribution Debian 10 (codename buster).This point release mainly adds corrections for security issues,along with a few adjustments for serious problems. Security advisorieshave already been published separately and are referenced where available.

Please note that the point release does not constitute a new version of Debian10 but only updates some of the packages included. There isno need to throw away old buster media. After installation,packages can be upgraded to the current versions using an up-to-date Debianmirror.

Those who frequently install updates from security.debian.org won't haveto update many packages, and most such updates areincluded in the point release.

I'm guessing a few of you saw my previous Lion installer in VMware, which used a bootable.vmdk file, however now it's pretty easy to install the retail vers.

New installation images will be available soon at the regular locations.

Debian 10.7.0 AMD64 Netinst ISO File by Debian GNU. Publication date 2020-01-05 Topics operating systems, debian Language English. AMD64 ISO image for Debian 10.7.0. Mac Os X 10 7 0 free download - Apple Mac OS X Snow Leopard, R for Mac OS X, Apple Mac OS X Lion 10.7.5 Supplemental Update, and many more programs. Debian-mac-10.7.0-amd64-netinst.iso 2020-12-05 13:47 CET: 335 MiB: Powered by SNT. Current bandwidth utilization 440.83 Mbit/s.

Upgrading an existing installation to this revision can be achieved bypointing the package management system at one of Debian's many HTTP mirrors.A comprehensive list of mirrors is available at:

Miscellaneous Bugfixes

This stable update adds a few important corrections to the following packages:

1070 south lake dr
dav4tbsyncNew upstream release, compatible with newer Thunderbird versions
debian-installerUse 4.19.0-13 Linux kernel ABI; add grub2 to Built-Using
debian-installer-netboot-imagesRebuild against proposed-updates
distro-info-dataAdd Ubuntu 21.04, Hirsute Hippo
dpdkNew upstream stable release; fix remote code execution issue [CVE-2020-14374], TOCTOU issues [CVE-2020-14375], buffer overflow [CVE-2020-14376], buffer over read [CVE-2020-14377] and integer underflow [CVE-2020-14377]; fix armhf build with NEON
eas4tbsyncNew upstream release, compatible with newer Thunderbird versions
edk2Fix integer overflow in DxeImageVerificationHandler [CVE-2019-14562]
efivarAdd support for nvme-fabrics and nvme-subsystem devices; fix uninitialized variable in parse_acpi_root, avoiding possible segfault
enigmailIntroduce migration assistant to Thunderbird's built-in GPG support
espeakFix using espeak with mbrola-fr4 when mbrola-fr1 is not installed
fastdFix memory leak when receiving too many invalid packets [CVE-2020-27638]
fishEnsure TTY options are restored on exit
freecolFix XML External Entity vulnerability [CVE-2018-1000825]
gajim-omemoUse 12-byte IV, for better compatibility with iOS clients
glancesListen only on localhost by default
iptables-persistentDon't force-load kernel modules; improve rule flushing logic
lacmeUse upstream certificate chain instead of an hardcoded one, easing support for new Let's Encrypt root and intermediate certificates
libdatetime-timezone-perlUpdate included data to tzdata 2020d
libimobiledeviceAdd partial support for iOS 14
libjpeg-turboFix denial of service [CVE-2018-1152], buffer over read [CVE-2018-14498], possible remote code execution [CVE-2019-2201], buffer over read [CVE-2020-13790]
libxml2Fix denial of service [CVE-2017-18258], NULL pointer dereference [CVE-2018-14404], infinite loop [CVE-2018-14567], memory leak [CVE-2019-19956 CVE-2019-20388], infinite loop [CVE-2020-7595]
linuxNew upstream stable release
linux-latestUpdate for 4.19.0-13 kernel ABI
linux-signed-amd64New upstream stable release
linux-signed-arm64New upstream stable release
linux-signed-i386New upstream stable release
lmodChange architecture to any - required due to LUA_PATH and LUA_CPATH being determined at build time
mariadb-10.3New upstream stable release; security fixes [CVE-2020-14765 CVE-2020-14776 CVE-2020-14789 CVE-2020-14812 CVE-2020-28912]
muttEnsure IMAP connection is closed after a connection error [CVE-2020-28896]
neomuttEnsure IMAP connection is closed after a connection error [CVE-2020-28896]
node-object-pathFix prototype pollution in set() [CVE-2020-15256]
node-pathvalFix prototype pollution [CVE-2020-7751]
okularFix code execution via action link [CVE-2020-9359]
openjdk-11New upstream release; fix JVM crash
partman-autoIncrease /boot sizes in most recipes to between 512 and 768M, to better handle kernel ABI changes and larger initramfses; cap RAM size as used for swap partition calculations, resolving issues on machines with more RAM than disk space
pcaudiolibCap cancellation latency to 10ms
plinthApache: Disable mod_status [CVE-2020-25073]
pumaFix HTTP injection and HTTP smuggling issues [CVE-2020-5247 CVE-2020-5249 CVE-2020-11076 CVE-2020-11077]
ros-ros-commFix integer overflow [CVE-2020-16124]
ruby2.5Fix potential HTTP request smuggling vulnerability in WEBrick [CVE-2020-25613]
sleuthkitFix stack buffer overflow in yaffsfs_istat [CVE-2020-10232]
sqlite3Fix division by zero [CVE-2019-16168], NULL pointer dereference [CVE-2019-19923], mishandling of NULL pathname during an update of a ZIP archive [CVE-2019-19925], mishandling of embedded NULs in filenames [CVE-2019-19959], possible crash (unwinding WITH stack) [CVE-2019-20218], integer overflow [CVE-2020-13434], segmentation fault [CVE-2020-13435], use-after-free issue [CVE-2020-13630], NULL pointer dereference [CVE-2020-13632], heap overflow [CVE-2020-15358]
systemdBasic/cap-list: parse/print numerical capabilities; recognise new capabilities from Linux kernel 5.8; networkd: do not generate MAC for bridge device
tbsyncNew upstream release, compatible with newer Thunderbird versions
tcpdumpFix untrusted input issue in the PPP printer [CVE-2020-8037]
tigervncProperly store certificate exceptions in native and java VNC viewer [CVE-2020-26117]
torNew upstream stable release; multiple security, usability, portability, and reliability fixes
transmissionFix memory leak
tzdataNew upstream release
ublock-originNew upstream version; split plugin to browser-specific packages
vipsFix use of uninitialised variable [CVE-2020-20739]

Security Updates

This revision adds the following security updates to the stable release.The Security Team has already released an advisory for each of theseupdates:

DSA-4766
rails
DSA-4767mediawiki
DSA-4768firefox-esr
DSA-4769xen
DSA-4770thunderbird
DSA-4771spice
DSA-4772httpcomponents-client
DSA-4773yaws
DSA-4774linux-latest
DSA-4774linux-signed-amd64
DSA-4774linux-signed-arm64
DSA-4774linux-signed-i386
DSA-4774linux
DSA-4775python-flask-cors
DSA-4776mariadb-10.3
DSA-4777freetype
DSA-4778firefox-esr
DSA-4779openjdk-11
DSA-4780thunderbird
DSA-4781blueman
DSA-4782openldap
DSA-4783sddm
DSA-4784wordpress
DSA-4785raptor2
DSA-4786libexif
DSA-4787moin
DSA-4788firefox-esr
DSA-4789codemirror-js
DSA-4790thunderbird
DSA-4791pacemaker
DSA-4792openldap
DSA-4793firefox-esr
DSA-4794mupdf
DSA-4795krb5
DSA-4796thunderbird
DSA-4798spip
DSA-4799x11vnc
DSA-4800libproxy

Removed packages

The following packages were removed due to circumstances beyond our control:

1070 Southern Boulevard

Proposed updates to the stable distribution:

1070 Song Fire

stable distribution information (release notes, errata etc.):

Security announcements and information:

About Debian

The Debian Project is an association of Free Software developers whovolunteer their time and effort in order to produce the completelyfree operating system Debian.

Contact Information

For further information, please visit the Debian web pages athttps://www.debian.org/, send mail to<press@debian.org>, or contact the stable release team at<debian-release@lists.debian.org>.

Comments are closed.