---------------------------------------------------------------------------- Debian Stable Updates Announcement SUA 279-1 https://www.debian.org/ [email protected] Adam D. Barratt March 10th, 2026 ----------------------------------------------------------------------------
Upcoming Debian 13 Update (13.4) An update to Debian 13 is scheduled for Saturday, March 14th, 2026. As of now it will include the following bug fixes. They can be found in "trixie- proposed-updates", which is carried by all official mirrors. Please note that packages published through security.debian.org are not listed, but will be included if possible. Some of the updates below are also already available through "trixie-updates". Testing and feedback would be appreciated. Bugs should be filed in the Debian Bug Tracking System, but please make the Release Team aware of them by copying "[email protected]" on your mails. The point release will also include a rebuild of debian-installer. Miscellaneous Bugfixes ---------------------- This stable update adds a few important corrections to the following packages: Package Reason ------- ------ akonadi Show all folders in kmail apache2 Fix HTTP/2 regression arduino-core-avr New upstream stable release; fix buffer overflow issue [CVE-2025-69209] asahi-scripts Fix SD card reader autosuspend augeas Fix null pointer dereference issue [CVE-2025-2588] base-files Update for the point release bash Rebuild with updated glibc bglibs Rebuild with updated glibc bird2 Use Restart=on-abnormal instead of on-abort; RAdv: Fix flags for deprecated prefixes; BMP: Fix crash when exporting a route with non-bgp attributes; ASPA check fix for AS_SET brltty Fix taking the VT number from the chosen session busybox Rebuild with updated glibc capstone New upstream stable release; fix buffer overflow issue [CVE-2025-67873]; fix buffer underflow and overflow issue [CVE-2025-68114] catatonit Rebuild with updated glibc cdebootstrap Rebuild with updated glibc chkrootkit Rebuild with updated glibc chrony Open refclock writeable to maintain compatibility with newer kernels civetweb Fix denial of service issue [CVE-2025-9648]; fix buffer overflow issue [CVE-2025-55763] ckb-next Fix init script installation and initialisation; ensure cryptographic verification of firmware updates clatd Fix systemd unit installation; correct NetworkManager dispatcher install path; provide example configuration; ensure obsolete dispatcher script is removed on upgrade condor Rebuild with updated glibc dar Rebuild with updated glibc, openssl debian-ports-archive- Add "Debian Ports Archive Automatic Signing Key keyring (2027)"; move 2025 signing key to the removed keys keyring debsig-verify Rebuild with updated dpkg debvm Only use the console in nographics mode; use correct variable name; autologin: prefer credentials to monkey patching unit; customize- resolved.sh: explicitly install systemd- resolved deets Rebuild with updated dpkg direwolf Fix stack buffer overflow [CVE-2025-34457] distribution-gpg-keys Update included keys distrobuilder Rebuild with updated incus docker.io Rebuild with updated glibc dovecot Fix possible crash in ldap userdb; fix crash in trash plugin; fix segfault when group ACLs are present but the user has no groups dpkg dpkg-query: Fix segfault with empty -S argument; Dpkg::OpenPGP: Do not run verify with no keyrings; Dpkg::Shlibs::Objdump::Object: Add support for "Version References" symbols; Dpkg::OpenPGP::Backend::GnuPG: Add missing Dpkg::Gettext import; fix denial of service issue [CVE-2026-2219] e2fsprogs Rebuild with updated glibc ejabberd Remove old apparmor profile file ejabberd-contrib Rebuild with updated ejabberd erlang Fix excessive resource use issues [CVE-2025-48038 CVE-2025-48039 CVE-2025-48040 CVE-2025-48041]; fix traffic redirection issue [CVE-2016-1000107] ffmpegfs Fix incomplete listing of files in output directory flatpak New upstream stable release fluidsynth Fix null pointer dereference issue [CVE-2025-56225] fonttools Fix arbitrary file write issue [CVE-2025-66034] glibc Update from upstream stable branch; fix heap corruption issue [CVE-2026-0861]; fix stack contents leak issue [CVE-2026-0915]; fix uninitialized memory use issue [CVE-2025-15281]; switch currency symbol for the bg_BG locale to euro; fix a null pointer dereference in symbol lookup when the symbol version hash is zero; fix various optimized functions gnome-shell Revert inadvertently backported change that can cause the Shell UI to not appear on some systems gnu-efi Fix build of UEFI binaries for armhf gnuais Fix displaying the map in gnuaisgui gnupg2 Rebuild with updated glibc gpsd Fix out-of-bounds write issue [CVE-2025-67268]; fix denial of service issue [CVE-2025-67269] grub-efi-amd64-signed Fix ZFS root identification grub-efi-arm64-signed Fix ZFS root identification grub-efi-ia32-signed Fix ZFS root identification grub2 Fix ZFS root identification ifupdown Fix IPv6 DAD handling in ifup; correct dhclient invocation ordering for IPv6; restore correct executable path detection in ifup scripts integrit Rebuild with updated glibc jaraco.context Prevent path traversal [CVE-2026-23949] libcap2 Rebuild with updated glibc libguestfs Add dependency on isc-dhcp-client libpng1.6 Fix heap buffer overflow issues [CVE-2026-22801 CVE-2026-22695] libsndfile Fix memory leak issue [CVE-2025-56226] linux-base Use compatible hook dir names for headers packages lxc Fix data corruption during heavy IO on PTS; update lxc-default-with-nesting apparmor profile; rebuild with updated glibc mariadb New upstream stable release; fix arbitrary code execution issue [CVE-2025-13699]; fix denial of service issue [CVE-CVE-2026-21968]; use tmpfiles.d to generate runtime directory; fix upgrades from version 10.4 when encryption is enabled; fix innodb_linux_aio support mpg123 Do not modify raw ID3v2 data while parsing node-proxy-agents Fix path traversal issue [CVE-2026-27699] open-iscsi Fix discovery of "static" nodes openssh Fix mistracking of MaxStartups process exits in some situations; fix possible code execution issues [CVE-2025-61984 CVE-2025-61985] openssl New upstream stable release passt Increase AppArmor ABI version to 4.0 to enable user namespace creation pcsx2 Fix code execution issue [CVE-2025-49589] pdudaemon Add missing dependency on setuputils phpunit Fix unsafe deserialization issue [CVE-2026-24765] plastimatch Repack to exclude non-free source files policyd-rate-limit Fix operation with Python >= 3.12 postgresql-17 New upstream stable release; fix buffer overrun issue [CVE-2026-2006] python-cryptography Fix missing validation in EC public key creation [CVE-2026-26007] python-filelock Fix TOCTOU symlink handling vulnerability in lock file creation [CVE-2025-68146] python-multipart Fix arbitrary file write issue [CVE-2026-24486] python-os-ken Accept empty "OXM" fields python-pyspnego Fix deprecation warnings qemu New upstream stable release; fix denial of service issues [CVE-2025-14876 CVE-2026-0665]; rebuild with updated capstone, glibc qtbase-opensource-src Fix data races; X11: set fallback logical DPI to 96, fixing incorrect calculation reprepro Fix incorrect tracking data when copying packages requests Fix credential leak issue [CVE-2024-47081] riseup-vpn Support additional polkit providers runit-services slim: start in foreground with -n; dbus- dep.fixer: correctly test for existing services definitions, only start dbus services, even with the sysv override rust-ntp-proto Fix excessive load issue [CVE-2026-26076] rust-ntpd Rebuild with rust-ntp-proto 1.4.0-4+deb13u1 to fix CVE-2026-26076 rust-tealdeer Update archive URL samba New upstream stable release sash Rebuild with updated glibc scilab Fix build failure snapd Rebuild with updated glibc sqlite3 Prevent integer overflow in FTSS extension [CVE-2025-7709]; add missing build dependency on pkgconf starlette Fix denial of service issue [CVE-2025-62727] sudo Only enable Intel CET on amd64; fix regression with sudoers.d filenames containing colons suricata Fix denial of service issues [CVE-2026-22258 CVE-2026-22259 CVE-2026-22261]; fix stack overflow issue [CVE-2026-22262]; fix heap overflow issue [CVE-2026-22264] tayga Fix EAM mapping for host addresses tini Rebuild with updated glibc torsocks Use correct environment variable; explicitly trigger ldconfig trigger tripwire Rebuild with updated glibc tsocks Rebuild with updated glibc tzdata New upstream release; Moldova has used EU transition times since 2022 uglifyjs Fix test failure units Update URLs to packetizer.com user-mode-linux Rebuild with updated linux wget2 Fix file overwrite issue with metalink [CVE-2025-69194]; fix remote buffer overflow [CVE-2025-69195] wireless-regdb New upstream stable release; update regulatory information for several countries wireshark New upstream stable release; fix USB HID dissector memory exhaustion [CVE-2026-3201]; fix RF4CE Profile dissector crash [CVE-2026-3203] xen New upstream stable release; fix buffer overrun issue [CVE-2025-58150]; fix incomplete vCPU isolation issue [CVE-2026-23553] zabbix New upstream stable release; fix data leakage issues [CVE-2025-27231 CVE-2025-27233 CVE-2025-27236 CVE-2025-27238 CVE-2025-49641]; fix denial of service issue [CVE-2025-49643] zookeeper Fix build failure by skipping some flaky tests zsh Rebuild with updated glibc A complete list of all accepted and rejected packages together with rationale is on the preparation page for this revision: <https://release.debian.org/proposed-updates/stable.html> If you encounter any issues, please don't hesitate to get in touch with the Debian Release Team at "[email protected]".
signature.asc
Description: This is a digitally signed message part
