Package
Reason
audiofile
Fix denial of service [CVE-2018-13440] and buffer overflow issues [CVE-2018-17095]
base-files
Update for the point release
bwa
Fix buffer overflow [CVE-2019-10269]
ca-certificates-java
Fix bashisms in postinst and jks-keystore
cernlib
Apply optimization flag -O to Fortran modules instead of -O2 which generates broken code; fix build failure on arm64 by disabling PIE for Fortran executables
choose-mirror
Update included mirror list
chrony
Fix logging of measurements and statistics, and stopping of chronyd, on some platforms when seccomp filtering is enabled
ckermit
Drop OpenSSL version check
clamav
Fix out-of-bounds heap access when scanning PDF documents [CVE-2019-1787], PE files packed using Aspack [CVE-2019-1789] or OLE2 files [CVE-2019-1788]
dansguardian
Add missingok to logrotate configuration
debian-installer
Rebuild against proposed-updates
debian-installer-netboot-images
Rebuild against proposed-updates
debian-security-support
Update support statuses
diffoscope
Fix tests to work with Ghostscript 9.26
dns-root-data
Update root data to 2019031302
dnsruby
Add new root key (KSK-2017); ruby 2.3.0 deprecates TimeoutError, use Timeout::Error
dpdk
New upstream stable release
edk2
Fix buffer overflow in BlockIo service [CVE-2018-12180]; DNS: Check received packet size before using [CVE-2018-12178]; fix stack overflow with corrupted BMP [CVE-2018-12181]
firmware-nonfree
atheros / iwlwifi: update BlueTooth firmware [CVE-2018-5383]
flatpak
Reject all ioctls that the kernel will interpret as TIOCSTI [CVE-2019-10063]
geant321
Rebuild against cernlib with fixed Fortran optmisations
gnome-chemistry-utils
Stop building the obsolete gcu-plugin package
gocode
gocode-auto-complete-el: Promote auto-complete-el to Pre-Depends to ensure successful upgrades
gpac
Fix buffer overflows [CVE-2018-7752 CVE-2018-20762], heap overflows [CVE-2018-13005 CVE-2018-13006 CVE-2018-20761], out-of-bounds writes [CVE-2018-20760 CVE-2018-20763]
icedtea-web
Stop building the browser plugin, no longer works with Firefox 60
igraph
Fix a crash when loading malformed GraphML files [CVE-2018-20349]
jabref
Fix XML External Entity attack [CVE-2018-1000652]
java-common
Remove the default-java-plugin package, as the icedtea-web Xul plugin is being removed
jquery
Prevent Object.prototype pollution [CVE-2019-11358]
kauth
Fix insecure handling of arguments in helpers [CVE-2019-7443]
libdate-holidays-de-perl
Add March 8th (from 2019 onwards) and May 8th (2020 only) as public holidays (Berlin only)
libdatetime-timezone-perl
Update included data
libreoffice
Introduce next Japanese gengou era 'Reiwa'; make -core conflict against openjdk-8-jre-headless (= 8u181-b13-2~deb9u1), which had a broken ClassPathURLCheck
linux
New upstream stable version
linux-latest
Update for -9 kernel ABI
mariadb-10.1
New upstream stable version
mclibs
Rebuild against cernlib with fixed Fortran optmisations
ncmpc
Fix NULL pointer dereference [CVE-2018-9240]
node-superagent
Fix ZIP bomb attacks [CVE-2017-16129]; fix syntax error
nvidia-graphics-drivers
New upstream stable release [CVE-2018-6260]
nvidia-settings
New upstream stable release
obs-build
Do not allow writing to files in the host system [CVE-2017-14804]
paw
Rebuild against cernlib with fixed Fortran optmisations
perlbrew
Allow HTTPS CPAN URLs
postfix
New upstream stable release
postgresql-9.6
New upstream stable release
psk31lx
Make version sort correctly to avoid potential upgrade issues
publicsuffix
Update included data
pyca
Add missingok to logrotate configuration
python-certbot
Revert to debhelper compat 9, to ensure systemd timers are correctly started
python-cryptography
Remove BIO_callback_ctrl: The prototype differs with the OpenSSL's definition of it after it was changed (fixed) within OpenSSL
python-django-casclient
Apply django 1.10 middleware fix; python(3)-django-casclient: fix missing dependencies on python(3)-django
python-mode
Remove support for xemacs21
python-pip
Properly catch requests' HTTPError in index.py
python-pykmip
Fix potential denial of service issue [CVE-2018-1000872]
r-cran-igraph
Fix denial of service via crafted object [CVE-2018-20349]
rails
Fix information disclosure issues [CVE-2018-16476 CVE-2019-5418], denial of service issue [CVE-2019-5419]
rsync
Several security fixes for zlib [CVE-2016-9840 CVE-2016-9841 CVE-2016-9842 CVE-2016-9843]
ruby-i18n
Prevent a remote denial-of-service vulnerability [CVE-2014-10077]
ruby2.3
Fix FTBFS
runc
Fix root privilege escalation vulnerability [CVE-2019-5736]
systemd
journald: fix assertion failure on journal_file_link_data; tmpfiles: fix e to support shell style globs; mount-util: accept that name_to_handle_at() might fail with EPERM; automount: ack automount requests even when already mounted [CVE-2018-1049]; fix potential root privilege escalation [CVE-2018-15686]
twitter-bootstrap3
Fix cross site scripting issue in tooltips or popovers [CVE-2019-8331]
tzdata
New upstream release
unzip
Fix buffer overflow in password protected ZIP archives [CVE-2018-1000035]
vcftools
Fix information disclosure [CVE-2018-11099] and denial of service [CVE-2018-11129 CVE-2018-11130] via crafted files
vips
Fix NULL function pointer dereference [CVE-2018-7998], uninitialised memory access [CVE-2019-6976]
waagent
New upstream release, with many Azure fixes [CVE-2019-0804]
yorick-av
Rescale frame timestamps; set VBV buffer size for MPEG1/2 files
zziplib
Fix invalid memory access [CVE-2018-6381], bus error [CVE-2018-6540], out-of-bounds read [CVE-2018-7725], crash via crafted zip file [CVE-2018-7726], memory leak [CVE-2018-16548]; reject ZIP file if the size of the central directory and/or the offset of start of central directory point beyond the end of the ZIP file [CVE-2018-6484, CVE-2018-6541, CVE-2018-6869]