Debian Buster Openstack images changelog 10.7.3-20201230 Updates in 2 source package(s), 4 binary package(s): Source tzdata, binaries: tzdata:amd64 tzdata:arm64 tzdata (2020e-0+deb10u1) buster; urgency=medium * New upstream version, affecting the following future timestamp: - Volgograd switches to Moscow time on 2020-12-27 at 02:00. Source lxml, binaries: python-lxml:amd64 python-lxml:arm64 lxml (4.3.2-1+deb10u2) buster-security; urgency=medium * Enable the test suite (non-fatal). * math-svg.patch: update expected results for the test suite. * Fix regression in Python 2 in the last part of CVE-2020-27783. Closes: #977387. lxml (4.3.2-1+deb10u1) buster-security; urgency=medium * CVE-2020-27783 * Backport a105ab8dc262ec6735977c25c13f0bdfcdec72a7 for similar issue * Pass --with-cython to make sure the C parts get actually rebuilt -- Steve McIntyre <93sam@debian.org> Wed, 30 Dec 2020 16:50:09 +0000 10.7.2-20201210 Updates in 1 source package(s), 8 binary package(s): Source apt, binaries: apt:amd64 apt-utils:amd64 libapt-inst2.0:amd64 libapt-pkg5.0:amd64 apt:arm64 apt-utils:arm64 libapt-inst2.0:arm64 libapt-pkg5.0:arm64 apt (1.8.2.2) buster-security; urgency=high * SECURITY UPDATE: Integer overflow in parsing (LP: #1899193) - apt-pkg/contrib/arfile.cc: add extra checks. - apt-pkg/contrib/tarfile.cc: limit tar item sizes to 128 GiB - apt-pkg/deb/debfile.cc: limit control file sizes to 64 MiB - test/*: add tests. - CVE-2020-27350 * Additional hardening: - apt-pkg/contrib/tarfile.cc: Limit size of long names and links to 1 MiB * Fix autopkgtest regression in 1.8.2.1 security update -- Steve McIntyre <93sam@debian.org> Fri, 11 Dec 2020 13:21:49 +0000 10.7.1-20201209 Updates in 1 source package(s), 4 binary package(s): Source openssl, binaries: libssl1.1:amd64 openssl:amd64 libssl1.1:arm64 openssl:arm64 openssl (1.1.1d-0+deb10u4) buster-security; urgency=medium * CVE-2020-1971 (EDIPARTYNAME NULL pointer de-reference). -- Steve McIntyre <93sam@debian.org> Tue, 09 Dec 2020 10:15:01 +0000 10.7.0 First build for 10.7.0 release -- Steve McIntyre <93sam@debian.org> Sun, 06 Dec 2020 01:42:01 +0000