Add 10.12 and 11.3 point release announcements (English)

2 files changed, 624 insertions, 0 deletions

diff --git a/english/News/2022/20220326.wml b/english/News/2022/20220326.wml
new file mode 100644
index 00000000000..4c8327198c8
--- /dev/null
+++ b/english/News/2022/20220326.wml
@@ -0,0 +1,314 @@
+<define-tag pagetitle>Updated Debian 11: 11.3 released</define-tag>
+<define-tag release_date>2022-03-26</define-tag>
+#use wml::debian::news
+# $Id:
+
+<define-tag release>11</define-tag>
+<define-tag codename>bullseye</define-tag>
+<define-tag revision>11.3</define-tag>
+
+<define-tag dsa>
+    <tr><td align="center"><a href="$(HOME)/security/%0/dsa-%1">DSA-%1</a></td>
+        <td align="center"><:
+    my @p = ();
+    for my $p (split (/,\s*/, "%2")) {
+	push (@p, sprintf ('<a href="https://packages.debian.org/src:%s">%s</a>', $p, $p));
+    }
+    print join (", ", @p);
+:></td></tr>
+</define-tag>
+
+<define-tag correction>
+    <tr><td><a href="https://packages.debian.org/src:%0">%0</a></td>              <td>%1</td></tr>
+</define-tag>
+
+<define-tag srcpkg><a href="https://packages.debian.org/src:%0">%0</a></define-tag>
+
+<p>The Debian project is pleased to announce the third update of its
+stable distribution Debian <release> (codename <q><codename></q>). 
+This point release mainly adds corrections for security issues,
+along with a few adjustments for serious problems.  Security advisories
+have already been published separately and are referenced where available.</p>
+
+<p>Please note that the point release does not constitute a new version of Debian
+<release> but only updates some of the packages included.  There is
+no need to throw away old <q><codename></q> media. After installation,
+packages can be upgraded to the current versions using an up-to-date Debian
+mirror.</p>
+
+<p>Those who frequently install updates from security.debian.org won't have
+to update many packages, and most such updates are
+included in the point release.</p>
+
+<p>New installation images will be available soon at the regular locations.</p>
+
+<p>Upgrading an existing installation to this revision can be achieved by
+pointing the package management system at one of Debian's many HTTP mirrors.
+A comprehensive list of mirrors is available at:</p>
+
+<div class="center">
+  <a href="$(HOME)/mirror/list">https://www.debian.org/mirror/list</a>
+</div>
+
+
+
+
+<h2>Miscellaneous Bugfixes</h2>
+
+<p>This stable update adds a few important corrections to the following packages:</p>
+
+<table border=0>
+<tr><th>Package</th>               <th>Reason</th></tr>
+<correction apache-log4j1.2 "Resolve security issues [CVE-2021-4104 CVE-2022-23302 CVE-2022-23305 CVE-2022-23307], by removing support for the JMSSink, JDBCAppender, JMSAppender and Apache Chainsaw modules">
+<correction apache-log4j2 "Fix remote code execution issue [CVE-2021-44832]">
+<correction apache2 "New upstream release; fix crash due to random memory read [CVE-2022-22719]; fix HTTP request smuggling issue [CVE-2022-22720]; fix out-of-bounds write issues [CVE-2022-22721 CVE-2022-23943]">
+<correction atftp "Fix information leak issue [CVE-2021-46671]">
+<correction base-files "Update for the 11.3 point release">
+<correction bible-kjv "Fix off-by-one-error in search">
+<correction chrony "Allow reading the chronyd configuration file that timemaster(8) generates">
+<correction cinnamon "Fix crash when adding an online account with login">
+<correction clamav "New upstream stable release; fix denial of service issue [CVE-2022-20698]">
+<correction cups-filters "Apparmor: allow reading from Debian Edu's cups-browsed configuration file">
+<correction dask.distributed "Fix undesired listening of workers on public interfaces [CVE-2021-42343]; fix compatibility with Python 3.9">
+<correction debian-installer "Rebuild against proposed-updates; update Linux kernel ABI to 5.10.0-13">
+<correction debian-installer-netboot-images "Rebuild against proposed-updates">
+<correction debian-ports-archive-keyring "Add <q>Debian Ports Archive Automatic Signing Key (2023)</q>; move the 
+2021 signing key to the removed keyring">
+<correction django-allauth "Fix OpenID support">
+<correction djbdns "Raise the axfrdns, dnscache, and tinydns data limit">
+<correction dpdk "New upstream stable release">
+<correction e2guardian "Fix missing SSL certificate validation issue [CVE-2021-44273]">
+<correction epiphany-browser "Work around a bug in GLib, fixing a UI process crash">
+<correction espeak-ng "Drop spurious 50ms delay while processing events">
+<correction espeakup "debian/espeakup.service: Protect espeakup from system overloads">
+<correction fcitx5-chinese-addons "fcitx5-table: add missing dependencies on fcitx5-module-pinyinhelper and fcitx5-module-punctuation">
+<correction flac "Fix out-of-bounds write issue [CVE-2021-0561]">
+<correction freerdp2 "Disable additional debug logging">
+<correction galera-3 "New upstream release">
+<correction galera-4 "New upstream release">
+<correction gbonds "Use Treasury API for redemption data">
+<correction glewlwyd "Fix possible privilege escalation">
+<correction glibc "Fix bad conversion from ISO-2022-JP-3 with iconv [CVE-2021-43396]; fix buffer overflow issues [CVE-2022-23218 CVE-2022-23219]; fix use-after-free issue [CVE-2021-33574]; stop replacing older versions of /etc/nsswitch.conf; simplify the check for supported kernel versions, as 2.x kernels are no longer supported; support installation on kernels with a release number greater than 255">
+<correction glx-alternatives "After initial setup of the diversions, install a minimal alternative to the diverted files so that libraries are not missing until glx-alternative-mesa processes its triggers">
+<correction gnupg2 "scd: Fix CCID driver for SCM SPR332/SPR532; avoid network interaction in generator, which can lead to hangs">
+<correction gnuplot "Fix division by zero [CVE-2021-44917]">
+<correction golang-1.15 "Fix IsOnCurve for big.Int values that are not valid coordinates [CVE-2022-23806]; math/big: prevent large memory consumption in Rat.SetString [CVE-2022-23772]; cmd/go: prevent branches from materializing into versions [CVE-2022-23773]; fix stack exhaustion compiling deeply nested expressions [CVE-2022-24921]">
+<correction golang-github-containers-common "Update seccomp support to enable use of newer kernel versions">
+<correction golang-github-opencontainers-specs "Update seccomp support to enable use of newer kernel versions">
+<correction gtk+3.0 "Fix missing search results when using NFS; prevent Wayland clipboard handling from locking up in certain corner cases; improve printing to mDNS-discovered printers">
+<correction heartbeat "Fix creation of /run/heartbeat on systems using systemd">
+<correction htmldoc "Fix out-of-bounds read issue [CVE-2022-0534]">
+<correction installation-guide "Update documentation and translations">
+<correction intel-microcode "Update included microcode; mitigate some security issues [CVE-2020-8694 CVE-2020-8695 CVE-2021-0127 CVE-2021-0145 CVE-2021-0146 CVE-2021-33120]">
+<correction ldap2zone "Use <q>mktemp</q> rather than the deprecated <q>tempfile</q>, avoiding warnings">
+<correction lemonldap-ng "Fix auth process in password-testing plugins [CVE-2021-40874]">
+<correction libarchive "Fix extracting hardlinks to symlinks; fix handling of symlink ACLs [CVE-2021-23177]; never follow symlinks when setting file flags [CVE-2021-31566]">
+<correction libdatetime-timezone-perl "Update included data">
+<correction libgdal-grass "Rebuild against grass 7.8.5-1+deb11u1">
+<correction libpod "Update seccomp support to enable use of newer kernel versions">
+<correction libxml2 "Fix use-after-free issue [CVE-2022-23308]">
+<correction linux "New upstream stable release; [rt] Update to 5.10.106-rt64; increase ABI to 13">
+<correction linux-signed-amd64 "New upstream stable release; [rt] Update to 5.10.106-rt64; increase ABI to 13">
+<correction linux-signed-arm64 "New upstream stable release; [rt] Update to 5.10.106-rt64; increase ABI to 13">
+<correction linux-signed-i386 "New upstream stable release; [rt] Update to 5.10.106-rt64; increase ABI to 13">
+<correction mariadb-10.5 "New upstream release; security fixes [CVE-2021-35604 CVE-2021-46659 CVE-2021-46661 CVE-2021-46662 CVE-2021-46663 CVE-2021-46664 CVE-2021-46665 CVE-2021-46667 CVE-2021-46668 CVE-2022-24048 CVE-2022-24050 CVE-2022-24051 CVE-2022-24052]">
+<correction mpich "Add Breaks: on older versions of libmpich1.0-dev, resolving some upgrade issues">
+<correction mujs "Fix buffer overflow issue [CVE-2021-45005]">
+<correction mutter "Backport various fixes from upstream's stable branch">
+<correction node-cached-path-relative "Fix prototype pollution issue [CVE-2021-23518]">
+<correction node-fetch "Don't forward secure headers to third party domains [CVE-2022-0235]">
+<correction node-follow-redirects "Don't send Cookie header across domains [CVE-2022-0155]; don't send confidential headers across schemes [CVE-2022-0536]">
+<correction node-markdown-it "Fix regular expression-based denial of service issue [CVE-2022-21670]">
+<correction node-nth-check "Fix regular expression-based denial of service issue [CVE-2021-3803]">
+<correction node-prismjs "Escape markup in command line output [CVE-2022-23647]; update minified files to ensure that Regular Expression Denial of Service issue is resolved [CVE-2021-3801]">
+<correction node-trim-newlines "Fix regular expression-based denial of service issue [CVE-2021-33623]">
+<correction nvidia-cuda-toolkit "cuda-gdb: Disable non-functional python support causing segmentation faults; use a snapshot of openjdk-8-jre (8u312-b07-1)">
+<correction nvidia-graphics-drivers-tesla-450 "New upstream release; fix denial of service issues [CVE-2022-21813 CVE-2022-21814]; nvidia-kernel-support: Provide /etc/modprobe.d/nvidia-options.conf as a template">
+<correction nvidia-modprobe "New upstream release">
+<correction openboard "Fix application icon">
+<correction openssl "New upstream release; fix armv8 pointer authentication">
+<correction openvswitch "Fix use-after-free issue [CVE-2021-36980]; fix installation of libofproto">
+<correction ostree "Fix compatibility with eCryptFS; avoid infinite recursion when recovering from certain errors; mark commits as partial before downloading; fix an assertion failure when using a backport or local build of GLib &gt;= 2.71; fix the ability to fetch OSTree content from paths containing non-URI characters (such as backslashes) or non-ASCII">
+<correction pdb2pqr "Fix compatibility of propka with Python 3.8 or above">
+<correction php-crypt-gpg "Prevent additional options being passed to GPG [CVE-2022-24953]">
+<correction php-laravel-framework "Fix cross-site scripting issue [CVE-2021-43808], missing blocking of executable content upload [CVE-2021-43617]">
+<correction phpliteadmin "Fix cross-site scripting issue [CVE-2021-46709]">
+<correction prips "Fix infinite wrapping if a range reaches 255.255.255.255; fix CIDR output with addresses that differ in their first bit">
+<correction pypy3 "Fix build failures by removing extraneous #endif from import.h">
+<correction python-django "Fix denial of service issue [CVE-2021-45115], information disclosure issue [CVE-2021-45116], directory traversal issue [CVE-2021-45452]; fix a traceback around the handling of RequestSite/get_current_site() due to a circular import">
+<correction python-pip "Avoid a race-condition when using zip-imported dependencies">
+<correction rust-cbindgen "New upstream stable release to support builds of newer firefox-esr and thunderbird versions">
+<correction s390-dasd "Stop passing deprecated -f option to dasdfmt">
+<correction schleuder "Migrate boolean values to integers, if the ActiveRecord SQLite3 connection adapter is in use, restoring functionality">
+<correction sphinx-bootstrap-theme "Fix search functionality">
+<correction spip "Fix several cross-site scripting issues">
+<correction symfony "Fix CVE injection issue [CVE-2021-41270]">
+<correction systemd "Fix uncontrolled recursion in systemd-tmpfiles [CVE-2021-3997]; demote systemd-timesyncd from Depends to Recommends, removing a dependency cycle; fix failure to bind mount a directory into a container using machinectl; fix regression in udev resulting in long delays when processing partitions with the same label; fix a regression when using systemd-networkd in an unprivileged LXD container">
+<correction sysvinit "Fix parsing of <q>shutdown +0</q>; clarify that when called with a <q>time</q> shutdown will not exit">
+<correction tasksel "Install CUPS for all *-desktop tasks, as task-print-service no longer exists">
+<correction usb.ids "Update included data">
+<correction weechat "Fix denial of service issue [CVE-2021-40516]">
+<correction wolfssl "Fix several issues related to OCSP-handling [CVE-2021-3336 CVE-2021-37155 CVE-2021-38597] and TLS1.3 support [CVE-2021-44718 CVE-2022-25638 CVE-2022-25640]">
+<correction xserver-xorg-video-intel "Fix SIGILL crash on non-SSE2 CPUs">
+<correction xterm "Fix buffer overflow issue [CVE-2022-24130]">
+<correction zziplib "Fix denial of service issue [CVE-2020-18442]">
+</table>
+
+
+<h2>Security Updates</h2>
+
+
+<p>This revision adds the following security updates to the stable release.
+The Security Team has already released an advisory for each of these
+updates:</p>
+
+<table border=0>
+<tr><th>Advisory ID</th>  <th>Package</th></tr>
+<dsa 2021 5000 openjdk-11>
+<dsa 2021 5001 redis>
+<dsa 2021 5012 openjdk-17>
+<dsa 2021 5021 mediawiki>
+<dsa 2021 5023 modsecurity-apache>
+<dsa 2021 5024 apache-log4j2>
+<dsa 2021 5025 tang>
+<dsa 2021 5027 xorg-server>
+<dsa 2021 5028 spip>
+<dsa 2021 5029 sogo>
+<dsa 2021 5030 webkit2gtk>
+<dsa 2021 5031 wpewebkit>
+<dsa 2021 5033 fort-validator>
+<dsa 2022 5035 apache2>
+<dsa 2022 5037 roundcube>
+<dsa 2022 5038 ghostscript>
+<dsa 2022 5039 wordpress>
+<dsa 2022 5040 lighttpd>
+<dsa 2022 5041 cfrpki>
+<dsa 2022 5042 epiphany-browser>
+<dsa 2022 5043 lxml>
+<dsa 2022 5046 chromium>
+<dsa 2022 5047 prosody>
+<dsa 2022 5048 libreswan>
+<dsa 2022 5049 flatpak-builder>
+<dsa 2022 5049 flatpak>
+<dsa 2022 5050 linux-signed-amd64>
+<dsa 2022 5050 linux-signed-arm64>
+<dsa 2022 5050 linux-signed-i386>
+<dsa 2022 5050 linux>
+<dsa 2022 5051 aide>
+<dsa 2022 5052 usbview>
+<dsa 2022 5053 pillow>
+<dsa 2022 5054 chromium>
+<dsa 2022 5055 util-linux>
+<dsa 2022 5056 strongswan>
+<dsa 2022 5057 openjdk-11>
+<dsa 2022 5058 openjdk-17>
+<dsa 2022 5059 policykit-1>
+<dsa 2022 5060 webkit2gtk>
+<dsa 2022 5061 wpewebkit>
+<dsa 2022 5062 nss>
+<dsa 2022 5063 uriparser>
+<dsa 2022 5064 python-nbxmpp>
+<dsa 2022 5065 ipython>
+<dsa 2022 5067 ruby2.7>
+<dsa 2022 5068 chromium>
+<dsa 2022 5070 cryptsetup>
+<dsa 2022 5071 samba>
+<dsa 2022 5072 debian-edu-config>
+<dsa 2022 5073 expat>
+<dsa 2022 5075 minetest>
+<dsa 2022 5076 h2database>
+<dsa 2022 5077 librecad>
+<dsa 2022 5078 zsh>
+<dsa 2022 5079 chromium>
+<dsa 2022 5080 snapd>
+<dsa 2022 5081 redis>
+<dsa 2022 5082 php7.4>
+<dsa 2022 5083 webkit2gtk>
+<dsa 2022 5084 wpewebkit>
+<dsa 2022 5085 expat>
+<dsa 2022 5087 cyrus-sasl2>
+<dsa 2022 5088 varnish>
+<dsa 2022 5089 chromium>
+<dsa 2022 5091 containerd>
+<dsa 2022 5092 linux-signed-amd64>
+<dsa 2022 5092 linux-signed-arm64>
+<dsa 2022 5092 linux-signed-i386>
+<dsa 2022 5092 linux>
+<dsa 2022 5093 spip>
+<dsa 2022 5095 linux-signed-amd64>
+<dsa 2022 5095 linux-signed-arm64>
+<dsa 2022 5095 linux-signed-i386>
+<dsa 2022 5095 linux>
+<dsa 2022 5098 tryton-server>
+<dsa 2022 5099 tryton-proteus>
+<dsa 2022 5100 nbd>
+<dsa 2022 5101 libphp-adodb>
+<dsa 2022 5102 haproxy>
+<dsa 2022 5103 openssl>
+<dsa 2022 5104 chromium>
+<dsa 2022 5105 bind9>
+</table>
+
+
+<h2>Removed packages</h2>
+
+<p>The following packages were removed due to circumstances beyond our control:</p>
+
+<table border=0>
+<tr><th>Package</th>               <th>Reason</th></tr>
+<correction angular-maven-plugin "No longer useful">
+<correction minify-maven-plugin "No longer useful">
+
+</table>
+
+<h2>Debian Installer</h2>
+<p>The installer has been updated to include the fixes incorporated
+into stable by the point release.</p>
+
+<h2>URLs</h2>
+
+<p>The complete lists of packages that have changed with this revision:</p>
+
+<div class="center">
+  <url "https://deb.debian.org/debian/dists/<downcase <codename>>/ChangeLog">
+</div>
+
+<p>The current stable distribution:</p>
+
+<div class="center">
+  <url "https://deb.debian.org/debian/dists/stable/">
+</div>
+
+<p>Proposed updates to the stable distribution:</p>
+
+<div class="center">
+  <url "https://deb.debian.org/debian/dists/proposed-updates">
+</div>
+
+<p>stable distribution information (release notes, errata etc.):</p>
+
+<div class="center">
+  <a
+  href="$(HOME)/releases/stable/">https://www.debian.org/releases/stable/</a>
+</div>
+
+<p>Security announcements and information:</p>
+
+<div class="center">
+  <a href="$(HOME)/security/">https://www.debian.org/security/</a>
+</div>
+
+<h2>About Debian</h2>
+
+<p>The Debian Project is an association of Free Software developers who
+volunteer their time and effort in order to produce the completely
+free operating system Debian.</p>
+
+<h2>Contact Information</h2>
+
+<p>For further information, please visit the Debian web pages at
+<a href="$(HOME)/">https://www.debian.org/</a>, send mail to
+&lt;press@debian.org&gt;, or contact the stable release team at
+&lt;debian-release@lists.debian.org&gt;.</p>
+
+
diff --git a/english/News/2022/2022032602.wml b/english/News/2022/2022032602.wml
new file mode 100644
index 00000000000..7bc7c5d8ecb
--- /dev/null
+++ b/english/News/2022/2022032602.wml
@@ -0,0 +1,310 @@
+<define-tag pagetitle>Updated Debian 10: 10.12 released</define-tag>
+<define-tag release_date>2022-03-26</define-tag>
+#use wml::debian::news
+# $Id:
+
+<define-tag release>10</define-tag>
+<define-tag codename>buster</define-tag>
+<define-tag revision>10.12</define-tag>
+
+<define-tag dsa>
+    <tr><td align="center"><a href="$(HOME)/security/%0/dsa-%1">DSA-%1</a></td>
+        <td align="center"><:
+    my @p = ();
+    for my $p (split (/,\s*/, "%2")) {
+	push (@p, sprintf ('<a href="https://packages.debian.org/src:%s">%s</a>', $p, $p));
+    }
+    print join (", ", @p);
+:></td></tr>
+</define-tag>
+
+<define-tag correction>
+    <tr><td><a href="https://packages.debian.org/src:%0">%0</a></td>              <td>%1</td></tr>
+</define-tag>
+
+<define-tag srcpkg><a href="https://packages.debian.org/src:%0">%0</a></define-tag>
+
+<p>The Debian project is pleased to announce the twelvth update of its
+oldstable distribution Debian <release> (codename <q><codename></q>). 
+This point release mainly adds corrections for security issues,
+along with a few adjustments for serious problems.  Security advisories
+have already been published separately and are referenced where available.</p>
+
+<p>Please note that the point release does not constitute a new version of Debian
+<release> but only updates some of the packages included.  There is
+no need to throw away old <q><codename></q> media. After installation,
+packages can be upgraded to the current versions using an up-to-date Debian
+mirror.</p>
+
+<p>Those who frequently install updates from security.debian.org won't have
+to update many packages, and most such updates are
+included in the point release.</p>
+
+<p>New installation images will be available soon at the regular locations.</p>
+
+<p>Upgrading an existing installation to this revision can be achieved by
+pointing the package management system at one of Debian's many HTTP mirrors.
+A comprehensive list of mirrors is available at:</p>
+
+<div class="center">
+  <a href="$(HOME)/mirror/list">https://www.debian.org/mirror/list</a>
+</div>
+
+
+
+<h2>OpenSSL signature algorithm check tightening</h2>
+
+<p>The OpenSSL update provided in this point release includes a
+change to ensure that the requested signature algorithm is
+supported by the active security level.</p>
+
+<p>Although this will not affect most use-cases, it could lead to
+error messages being generated if a non-supported algorithm is
+requested - for example, use of RSA+SHA1 signatures with the default
+security level of 2.</p>
+
+<p>In such cases, the security level will need to be explicitly
+lowered, either for individual requests or more globally. This
+may require changes to the configuration of applications. For
+OpenSSL itself, per-request lowering can be achieved using a
+command-line option such as:</p>
+
+<p>-cipher <q>ALL:@SECLEVEL=1</q></p>
+
+<p>with the relevant system-level configuration being found in
+/etc/ssl/openssl.cnf</p>
+
+
+<h2>Miscellaneous Bugfixes</h2>
+
+<p>This oldstable update adds a few important corrections to the following packages:</p>
+
+<table border=0>
+<tr><th>Package</th>               <th>Reason</th></tr>
+<correction apache-log4j1.2 "Resolve security issues [CVE-2021-4104 CVE-2022-23302 CVE-2022-23305 CVE-2022-23307], by removing support for the JMSSink, JDBCAppender, JMSAppender and Apache Chainsaw modules">
+<correction apache-log4j2 "Fix remote code execution issue [CVE-2021-44832]">
+<correction atftp "Fix information leak issue [CVE-2021-46671]">
+<correction base-files "Update for the 10.12 point release">
+<correction beads "Rebuild against updated cimg to fix multiple heap buffer overflows [CVE-2020-25693]">
+<correction btrbk "Fix regression in the update for CVE-2021-38173">
+<correction cargo-mozilla "New package, backported from Debian 11, to help build new rust versions">
+<correction chrony "Allow reading the chronyd configuration file that timemaster(8) generates">
+<correction cimg "Fix heap buffer overflow issues [CVE-2020-25693]">
+<correction clamav "New upstream stable release; fix denial of service issue [CVE-2022-20698]">
+<correction cups "Fix <q>an input validation issue might allow a malicious application to read restricted memory</q> [CVE-2020-10001]">
+<correction debian-installer "Rebuild against oldstable-proposed-updates; update kernel ABI to -20">
+<correction debian-installer-netboot-images "Rebuild against oldstable-proposed-updates">
+<correction detox "Fix processing of large files on ARM architectures">
+<correction evolution-data-server "Fix crash on malformed server reponse [CVE-2020-16117]">
+<correction flac "Fix out of bounds read issue [CVE-2020-0499]">
+<correction gerbv "Fix code execution issue [CVE-2021-40391]">
+<correction glibc "Import several fixes from upstream's stable branch; simplify the check for supported kernel versions, as 2.x kernels are no longer supported; support installation on kernels with a release number greater than 255">
+<correction gmp "Fix integer and buffer overflow issue [CVE-2021-43618]">
+<correction graphicsmagick "Fix buffer overflow issue [CVE-2020-12672]">
+<correction htmldoc "Fix out-of-bounds read issue [CVE-2022-0534], buffer overflow issues [CVE-2021-43579 CVE-2021-40985]">
+<correction http-parser "Resolve inadvertent ABI break">
+<correction icu "Fix <q>pkgdata</q> utility">
+<correction intel-microcode "Update included microcode; mitigate some security issues [CVE-2020-8694 CVE-2020-8695 CVE-2021-0127 CVE-2021-0145 CVE-2021-0146 CVE-2021-33120]">
+<correction jbig2dec "Fix buffer overflow issue [CVE-2020-12268]">
+<correction jtharness "New upstream version to support builds of newer OpenJDK-11 versions">
+<correction jtreg "New upstream version to support builds of newer OpenJDK-11 versions">
+<correction lemonldap-ng "Fix auth process in password-testing plugins [CVE-2021-20874]; add recommends on gsfonts, fixing captcha">
+<correction leptonlib "Fix denial of service issue [CVE-2020-36277], buffer over-read issues [CVE-2020-36278 CVE-2020-36279 CVE-2020-36280 CVE-2020-36281]">
+<correction libdatetime-timezone-perl "Update included data">
+<correction libencode-perl "Fix a memory leak in Encode.xs">
+<correction libetpan "Fix STARTTLS response injection issue [CVE-2020-15953]">
+<correction libextractor "Fix invalid read issue [CVE-2019-15531]">
+<correction libjackson-json-java "Fix code execution issues [CVE-2017-15095 CVE-2017-7525], XML external entity issues [CVE-2019-10172]">
+<correction libmodbus "Fix out of bound read issues [CVE-2019-14462 CVE-2019-14463]">
+<correction libpcap "Check PHB header length before using it to allocate memory [CVE-2019-15165]">
+<correction libsdl1.2 "Properly handle input focus events; fix buffer overflow issues [CVE-2019-13616 CVE-2019-7637], buffer over-read issues [CVE-2019-7572 CVE-2019-7573 CVE-2019-7574 CVE-2019-7575 CVE-2019-7576 CVE-2019-7577 CVE-2019-7578 CVE-2019-7635 CVE-2019-7636 CVE-2019-7638]">
+<correction libxml2 "Fix use-after-free issue [CVE-2022-23308]">
+<correction linux "New upstream stable release; [rt] Update to 4.19.233-rt105; increase ABI to 20">
+<correction linux-latest "Update to 4.19.0-20 ABI">
+<correction linux-signed-amd64 "New upstream stable release; [rt] Update to 4.19.233-rt105; increase ABI to 20">
+<correction linux-signed-arm64 "New upstream stable release; [rt] Update to 4.19.233-rt105; increase ABI to 20">
+<correction linux-signed-i386 "New upstream stable release; [rt] Update to 4.19.233-rt105; increase ABI to 20">
+<correction llvm-toolchain-11 "New package, backported from Debian 11, to help build new rust versions">
+<correction lxcfs "Fix misreporting of swap usage">
+<correction mailman "Fix cross-site scripting issue [CVE-2021-43331]; fix <q>a list moderator can crack the list admin password encrypted in a CSRF token</q> [CVE-2021-43332]; fix potential CSRF attack against a list admin from a list member or moderator [CVE-2021-44227]; fix regressions in fixes for CVE-2021-42097 and CVE-2021-44227">
+<correction mariadb-10.3 "New upstream stable release; security fixes [CVE-2021-35604 CVE-2021-46659 CVE-2021-46661 CVE-2021-46662 CVE-2021-46663 CVE-2021-46664 CVE-2021-46665 CVE-2021-46667 CVE-2021-46668 CVE-2022-24048 CVE-2022-24050 CVE-2022-24051 CVE-2022-24052]">
+<correction node-getobject "Fix prototype pollution issue [CVE-2020-28282]">
+<correction opensc "Fix out-of-bounds access issues [CVE-2019-15945 CVE-2019-15946], crash due to read of unknown memory [CVE-2019-19479], double free issue [CVE-2019-20792], buffer overflow issues [CVE-2020-26570 CVE-2020-26571 CVE-2020-26572]">
+<correction openscad "Fix buffer overflows in STL parser [CVE-2020-28599 CVE-2020-28600]">
+<correction openssl "New upstream release">
+<correction php-illuminate-database "Fix query binding issue [CVE-2021-21263], SQL injection issue when used with Microsoft SQL Server">
+<correction phpliteadmin "Fix cross-site scripting issue [CVE-2021-46709]">
+<correction plib "Fix integer overflow issue [CVE-2021-38714]">
+<correction privoxy "Fix memory leak [CVE-2021-44540] and cross-site scripting issue [CVE-2021-44543]">
+<correction publicsuffix "Update included data">
+<correction python-virtualenv "Avoid attempting to install pkg_resources from PyPI">
+<correction raptor2 "Fix out of bounds array access issue [CVE-2020-25713]">
+<correction ros-ros-comm "Fix denial of service issue [CVE-2021-37146]">
+<correction rsyslog "Fix heap overflow issues [CVE-2019-17041 CVE-2019-17042]">
+<correction ruby-httpclient "Use system certificate store">
+<correction rust-cbindgen "New upstream stable release to support builds of newer firefox-esr and thunderbird versions">
+<correction rustc-mozilla "New source package to support building of newer firefox-esr and thunderbird versions">
+<correction s390-dasd "Stop passing deprecated -f option to dasdfmt">
+<correction spip "Fix cross-site scripting issue">
+<correction tzdata "Update data for Fiji and Palestine">
+<correction vim "Fix ability to execute code while in restricted mode [CVE-2019-20807], buffer overflow issues [CVE-2021-3770 CVE-2021-3778 CVE-2021-3875], use after free issue [CVE-2021-3796]; remove accidentally included patch">
+<correction wavpack "Fix use of uninitialized values [CVE-2019-1010317 CVE-2019-1010319]">
+<correction weechat "Fix several denial of service issues [CVE-2020-8955 CVE-2020-9759 CVE-2020-9760 CVE-2021-40516]">
+<correction wireshark "Fix several security issues in dissectors [CVE-2021-22207 CVE-2021-22235 CVE-2021-39921 CVE-2021-39922 CVE-2021-39923 CVE-2021-39924 CVE-2021-39928 CVE-2021-39929]">
+<correction xterm "Fix buffer overflow issue [CVE-2022-24130]">
+<correction zziplib "Fix denial of service issue [CVE-2020-18442]">
+</table>
+
+
+<h2>Security Updates</h2>
+
+
+<p>This revision adds the following security updates to the oldstable release.
+The Security Team has already released an advisory for each of these
+updates:</p>
+
+<table border=0>
+<tr><th>Advisory ID</th>  <th>Package</th></tr>
+<dsa 2019 4513 samba>
+<dsa 2021 4982 apache2>
+<dsa 2021 4983 neutron>
+<dsa 2021 4985 wordpress>
+<dsa 2021 4986 tomcat9>
+<dsa 2021 4987 squashfs-tools>
+<dsa 2021 4989 strongswan>
+<dsa 2021 4990 ffmpeg>
+<dsa 2021 4991 mailman>
+<dsa 2021 4993 php7.3>
+<dsa 2021 4994 bind9>
+<dsa 2021 4995 webkit2gtk>
+<dsa 2021 4997 tiff>
+<dsa 2021 5000 openjdk-11>
+<dsa 2021 5001 redis>
+<dsa 2021 5004 libxstream-java>
+<dsa 2021 5005 ruby-kaminari>
+<dsa 2021 5006 postgresql-11>
+<dsa 2021 5010 libxml-security-java>
+<dsa 2021 5011 salt>
+<dsa 2021 5013 roundcube>
+<dsa 2021 5014 icu>
+<dsa 2021 5015 samba>
+<dsa 2021 5016 nss>
+<dsa 2021 5018 python-babel>
+<dsa 2021 5019 wireshark>
+<dsa 2021 5020 apache-log4j2>
+<dsa 2021 5021 mediawiki>
+<dsa 2021 5022 apache-log4j2>
+<dsa 2021 5023 modsecurity-apache>
+<dsa 2021 5024 apache-log4j2>
+<dsa 2021 5027 xorg-server>
+<dsa 2021 5028 spip>
+<dsa 2021 5029 sogo>
+<dsa 2021 5030 webkit2gtk>
+<dsa 2021 5032 djvulibre>
+<dsa 2022 5035 apache2>
+<dsa 2022 5036 sphinxsearch>
+<dsa 2022 5037 roundcube>
+<dsa 2022 5038 ghostscript>
+<dsa 2022 5039 wordpress>
+<dsa 2022 5040 lighttpd>
+<dsa 2022 5043 lxml>
+<dsa 2022 5047 prosody>
+<dsa 2022 5051 aide>
+<dsa 2022 5052 usbview>
+<dsa 2022 5053 pillow>
+<dsa 2022 5056 strongswan>
+<dsa 2022 5057 openjdk-11>
+<dsa 2022 5059 policykit-1>
+<dsa 2022 5060 webkit2gtk>
+<dsa 2022 5062 nss>
+<dsa 2022 5063 uriparser>
+<dsa 2022 5065 ipython>
+<dsa 2022 5066 ruby2.5>
+<dsa 2022 5071 samba>
+<dsa 2022 5072 debian-edu-config>
+<dsa 2022 5073 expat>
+<dsa 2022 5075 minetest>
+<dsa 2022 5076 h2database>
+<dsa 2022 5078 zsh>
+<dsa 2022 5081 redis>
+<dsa 2022 5083 webkit2gtk>
+<dsa 2022 5085 expat>
+<dsa 2022 5087 cyrus-sasl2>
+<dsa 2022 5088 varnish>
+<dsa 2022 5093 spip>
+<dsa 2022 5096 linux-latest>
+<dsa 2022 5096 linux-signed-amd64>
+<dsa 2022 5096 linux-signed-arm64>
+<dsa 2022 5096 linux-signed-i386>
+<dsa 2022 5096 linux>
+<dsa 2022 5098 tryton-server>
+<dsa 2022 5099 tryton-proteus>
+<dsa 2022 5100 nbd>
+<dsa 2022 5101 libphp-adodb>
+<dsa 2022 5103 openssl>
+<dsa 2022 5105 bind9>
+</table>
+
+
+<h2>Removed packages</h2>
+
+<p>The following packages were removed due to circumstances beyond our control:</p>
+
+<table border=0>
+<tr><th>Package</th>               <th>Reason</th></tr>
+<correction angular-maven-plugin "No longer useful">
+<correction minify-maven-plugin "No longer useful">
+
+</table>
+
+<h2>Debian Installer</h2>
+<p>The installer has been updated to include the fixes incorporated
+into oldstable by the point release.</p>
+
+<h2>URLs</h2>
+
+<p>The complete lists of packages that have changed with this revision:</p>
+
+<div class="center">
+  <url "https://deb.debian.org/debian/dists/<downcase <codename>>/ChangeLog">
+</div>
+
+<p>The current oldstable distribution:</p>
+
+<div class="center">
+  <url "https://deb.debian.org/debian/dists/oldstable/">
+</div>
+
+<p>Proposed updates to the oldstable distribution:</p>
+
+<div class="center">
+  <url "https://deb.debian.org/debian/dists/oldstable-proposed-updates">
+</div>
+
+<p>oldstable distribution information (release notes, errata etc.):</p>
+
+<div class="center">
+  <a
+  href="$(HOME)/releases/oldstable/">https://www.debian.org/releases/oldstable/</a>
+</div>
+
+<p>Security announcements and information:</p>
+
+<div class="center">
+  <a href="$(HOME)/security/">https://www.debian.org/security/</a>
+</div>
+
+<h2>About Debian</h2>
+
+<p>The Debian Project is an association of Free Software developers who
+volunteer their time and effort in order to produce the completely
+free operating system Debian.</p>
+
+<h2>Contact Information</h2>
+
+<p>For further information, please visit the Debian web pages at
+<a href="$(HOME)/">https://www.debian.org/</a>, send mail to
+&lt;press@debian.org&gt;, or contact the stable release team at
+&lt;debian-release@lists.debian.org&gt;.</p>
+
+