[Udate 24-09-25] Lenovo ThinkPand P1 - Debian GNU/Linux 11.11 (bullseye)

1. apt update && apt list --upgradable && apt upgrade
2. Hit:1 http://deb.debian.org/debian bullseye InRelease
3. Hit:2 http://security.debian.org/debian-security bullseye-security InRelease
4. Hit:3 http://deb.debian.org/debian bullseye-updates InRelease
5. Hit:4 https://updates.signal.org/desktop/apt xenial InRelease
6. Hit:5 https://apt.releases.hashicorp.com bullseye InRelease
7. Get:6 https://apt.syncthing.net syncthing InRelease [24.2 kB]
8. Hit:7 https://packages.element.io/debian default InRelease
9. Hit:8 https://packagecloud.io/slacktechnologies/slack/debian jessie InRelease
10. Err:9 https://download.sublimetext.com apt/stable/ InRelease
11. Could not connect to download.sublimetext.com:443 (104.236.0.104), connection timed out
12. Err:10 https://repo.fortinet.com/repo/7.0/debian stable InRelease
13. Could not connect to repo.fortinet.com:443 (208.91.114.61), connection timed out
14. Err:11 http://prerelease.keybase.io/deb stable InRelease
15. Could not connect to prerelease.keybase.io:80 (18.245.175.12), connection timed out Could not connect to prerelease.keybase.io:80 (18.245.175.16), connection timed out Could not connect to prerelease.keybase.io:80 (18.245.175.23), connection timed out Could not connect to prerelease.keybase.io:80 (18.245.175.65), connection timed out
16. Err:12 https://brave-browser-apt-release.s3.brave.com stable InRelease
17. Could not connect to brave-browser-apt-release.s3.brave.com:443 (18.245.175.125), connection timed out Could not connect to brave-browser-apt-release.s3.brave.com:443 (18.245.175.51), connection timed out Could not connect to brave-browser-apt-release.s3.brave.com:443 (18.245.175.4), connection timed out Could not connect to brave-browser-apt-release.s3.brave.com:443 (18.245.175.62), connection timed out
18. Fetched 24.2 kB in 31s (774 B/s)
19. Reading package lists... Done
20. Building dependency tree... Done
21. Reading state information... Done
22. 92 packages can be upgraded. Run 'apt list --upgradable' to see them.
23. W: Failed to fetch https://brave-browser-apt-release.s3.brave.com/dists/stable/InRelease Could not connect to brave-browser-apt-release.s3.brave.com:443 (18.245.175.125), connection timed out Could not connect to brave-browser-apt-release.s3.brave.com:443 (18.245.175.51), connection timed out Could not connect to brave-browser-apt-release.s3.brave.com:443 (18.245.175.4), connection timed out Could not connect to brave-browser-apt-release.s3.brave.com:443 (18.245.175.62), connection timed out
24. W: Failed to fetch https://repo.fortinet.com/repo/7.0/debian/dists/stable/InRelease Could not connect to repo.fortinet.com:443 (208.91.114.61), connection timed out
25. W: Failed to fetch http://prerelease.keybase.io/deb/dists/stable/InRelease Could not connect to prerelease.keybase.io:80 (18.245.175.12), connection timed out Could not connect to prerelease.keybase.io:80 (18.245.175.16), connection timed out Could not connect to prerelease.keybase.io:80 (18.245.175.23), connection timed out Could not connect to prerelease.keybase.io:80 (18.245.175.65), connection timed out
26. W: Failed to fetch https://download.sublimetext.com/apt/stable/InRelease Could not connect to download.sublimetext.com:443 (104.236.0.104), connection timed out
27. W: Some index files failed to download. They have been ignored, or old ones used instead.
28. Listing... Done
29. apache2-bin/oldoldstable-security 2.4.65-1~deb11u1 amd64 [upgradable from: 2.4.62-1~deb11u2]
30. brave-browser/stable 1.82.166 amd64 [upgradable from: 1.80.120]
31. brave-keyring/stable 1.19 all [upgradable from: 1.18]
32. ca-certificates-java/oldoldstable-security 20230710~deb12u1~deb11u1 all [upgradable from: 20190909+deb11u1]
33. cups-bsd/oldoldstable-security 2.3.3op2-3+deb11u10 amd64 [upgradable from: 2.3.3op2-3+deb11u9]
34. cups-client/oldoldstable-security 2.3.3op2-3+deb11u10 amd64 [upgradable from: 2.3.3op2-3+deb11u9]
35. cups-common/oldoldstable-security 2.3.3op2-3+deb11u10 all [upgradable from: 2.3.3op2-3+deb11u9]
36. cups-core-drivers/oldoldstable-security 2.3.3op2-3+deb11u10 amd64 [upgradable from: 2.3.3op2-3+deb11u9]
37. cups-daemon/oldoldstable-security 2.3.3op2-3+deb11u10 amd64 [upgradable from: 2.3.3op2-3+deb11u9]
38. cups-ipp-utils/oldoldstable-security 2.3.3op2-3+deb11u10 amd64 [upgradable from: 2.3.3op2-3+deb11u9]
39. cups-ppdc/oldoldstable-security 2.3.3op2-3+deb11u10 amd64 [upgradable from: 2.3.3op2-3+deb11u9]
40. cups-server-common/oldoldstable-security 2.3.3op2-3+deb11u10 all [upgradable from: 2.3.3op2-3+deb11u9]
41. cups/oldoldstable-security 2.3.3op2-3+deb11u10 amd64 [upgradable from: 2.3.3op2-3+deb11u9]
42. distro-info-data/oldoldstable-security 0.51+deb11u9 all [upgradable from: 0.51+deb11u8]
43. element-desktop/unknown 1.12.0 amd64 [upgradable from: 1.11.105]
44. firefox-esr/oldoldstable-security 140.3.0esr-1~deb11u2 amd64 [upgradable from: 128.12.0esr-1~deb11u1]
45. gir1.2-javascriptcoregtk-4.0/oldoldstable-security 2.48.5-1~deb11u1 amd64 [upgradable from: 2.48.3-1~deb11u1]
46. gir1.2-webkit2-4.0/oldoldstable-security 2.48.5-1~deb11u1 amd64 [upgradable from: 2.48.3-1~deb11u1]
47. gnutls-bin/oldoldstable-security 3.7.1-5+deb11u8 amd64 [upgradable from: 3.7.1-5+deb11u7]
48. imagemagick-6-common/oldoldstable-security 8:6.9.11.60+dfsg-1.3+deb11u6 all [upgradable from: 8:6.9.11.60+dfsg-1.3+deb11u5]
49. imagemagick-6.q16/oldoldstable-security 8:6.9.11.60+dfsg-1.3+deb11u6 amd64 [upgradable from: 8:6.9.11.60+dfsg-1.3+deb11u5]
50. imagemagick/oldoldstable-security 8:6.9.11.60+dfsg-1.3+deb11u6 amd64 [upgradable from: 8:6.9.11.60+dfsg-1.3+deb11u5]
51. jq/oldoldstable-security 1.6-2.1+deb11u1 amd64 [upgradable from: 1.6-2.1]
52. libcaca0/oldoldstable-security 0.99.beta19-2.2+deb11u1 amd64 [upgradable from: 0.99.beta19-2.2]
53. libcommons-lang3-java/oldoldstable-security 3.11-1+deb11u1 all [upgradable from: 3.11-1]
54. libcups2/oldoldstable-security 2.3.3op2-3+deb11u10 amd64 [upgradable from: 2.3.3op2-3+deb11u9]
55. libcupsimage2/oldoldstable-security 2.3.3op2-3+deb11u10 amd64 [upgradable from: 2.3.3op2-3+deb11u9]
56. libdjvulibre-text/oldoldstable-security 3.5.28-2.2~deb11u1 all [upgradable from: 3.5.28-2]
57. libdjvulibre21/oldoldstable-security 3.5.28-2.2~deb11u1 amd64 [upgradable from: 3.5.28-2]
58. libexempi8/oldoldstable-security 2.5.2-1+deb11u1 amd64 [upgradable from: 2.5.2-1]
59. libfastjson4/oldoldstable-security 0.99.9-1+deb11u1 amd64 [upgradable from: 0.99.9-1]
60. libgnutls-dane0/oldoldstable-security 3.7.1-5+deb11u8 amd64 [upgradable from: 3.7.1-5+deb11u7]
61. libgnutls30/oldoldstable-security 3.7.1-5+deb11u8 amd64 [upgradable from: 3.7.1-5+deb11u7]
62. libimage-magick-perl/oldoldstable-security 8:6.9.11.60+dfsg-1.3+deb11u6 all [upgradable from: 8:6.9.11.60+dfsg-1.3+deb11u5]
63. libimage-magick-q16-perl/oldoldstable-security 8:6.9.11.60+dfsg-1.3+deb11u6 amd64 [upgradable from: 8:6.9.11.60+dfsg-1.3+deb11u5]
64. libjavascriptcoregtk-4.0-18/oldoldstable-security 2.48.5-1~deb11u1 amd64 [upgradable from: 2.48.3-1~deb11u1]
65. libjq1/oldoldstable-security 1.6-2.1+deb11u1 amd64 [upgradable from: 1.6-2.1]
66. libmagick++-6.q16-8/oldoldstable-security 8:6.9.11.60+dfsg-1.3+deb11u6 amd64 [upgradable from: 8:6.9.11.60+dfsg-1.3+deb11u5]
67. libmagickcore-6.q16-6-extra/oldoldstable-security 8:6.9.11.60+dfsg-1.3+deb11u6 amd64 [upgradable from: 8:6.9.11.60+dfsg-1.3+deb11u5]
68. libmagickcore-6.q16-6/oldoldstable-security 8:6.9.11.60+dfsg-1.3+deb11u6 amd64 [upgradable from: 8:6.9.11.60+dfsg-1.3+deb11u5]
69. libmagickwand-6.q16-6/oldoldstable-security 8:6.9.11.60+dfsg-1.3+deb11u6 amd64 [upgradable from: 8:6.9.11.60+dfsg-1.3+deb11u5]
70. libmbedcrypto3/oldoldstable-security 2.16.9-0.1+deb11u3 amd64 [upgradable from: 2.16.9-0.1+deb11u1]
71. libmbedtls12/oldoldstable-security 2.16.9-0.1+deb11u3 amd64 [upgradable from: 2.16.9-0.1+deb11u1]
72. libmbedx509-0/oldoldstable-security 2.16.9-0.1+deb11u3 amd64 [upgradable from: 2.16.9-0.1+deb11u1]
73. libnextcloudsync0/oldoldstable-security 3.1.1-2+deb11u2 amd64 [upgradable from: 3.1.1-2+deb11u1]
74. libnss-myhostname/oldoldstable-security 247.3-7+deb11u7 amd64 [upgradable from: 247.3-7+deb11u6]
75. libnss-mymachines/oldoldstable-security 247.3-7+deb11u7 amd64 [upgradable from: 247.3-7+deb11u6]
76. libnss-resolve/oldoldstable-security 247.3-7+deb11u7 amd64 [upgradable from: 247.3-7+deb11u6]
77. libnss-systemd/oldoldstable-security 247.3-7+deb11u7 amd64 [upgradable from: 247.3-7+deb11u6]
78. libpam-modules-bin/oldoldstable-security 1.4.0-9+deb11u2 amd64 [upgradable from: 1.4.0-9+deb11u1]
79. libpam-modules/oldoldstable-security 1.4.0-9+deb11u2 amd64 [upgradable from: 1.4.0-9+deb11u1]
80. libpam-runtime/oldoldstable-security 1.4.0-9+deb11u2 all [upgradable from: 1.4.0-9+deb11u1]
81. libpam-systemd/oldoldstable-security 247.3-7+deb11u7 amd64 [upgradable from: 247.3-7+deb11u6]
82. libpam0g/oldoldstable-security 1.4.0-9+deb11u2 amd64 [upgradable from: 1.4.0-9+deb11u1]
83. libpq5/oldoldstable-security 13.22-0+deb11u1 amd64 [upgradable from: 13.21-0+deb11u1]
84. libsndfile1/oldoldstable-security 1.0.31-2+deb11u1 amd64 [upgradable from: 1.0.31-2]
85. libsystemd0/oldoldstable-security 247.3-7+deb11u7 amd64 [upgradable from: 247.3-7+deb11u6]
86. libudev1/oldoldstable-security 247.3-7+deb11u7 amd64 [upgradable from: 247.3-7+deb11u6]
87. libudisks2-0/oldoldstable-security 2.9.2-2+deb11u3 amd64 [upgradable from: 2.9.2-2+deb11u2]
88. libunbound8/oldoldstable-security 1.13.1-1+deb11u5 amd64 [upgradable from: 1.13.1-1+deb11u4]
89. libwebkit2gtk-4.0-37/oldoldstable-security 2.48.5-1~deb11u1 amd64 [upgradable from: 2.48.3-1~deb11u1]
90. libxml2-utils/oldoldstable-security 2.9.10+dfsg-6.7+deb11u8 amd64 [upgradable from: 2.9.10+dfsg-6.7+deb11u7]
91. libxml2/oldoldstable-security 2.9.10+dfsg-6.7+deb11u8 amd64 [upgradable from: 2.9.10+dfsg-6.7+deb11u7]
92. nautilus-nextcloud/oldoldstable-security 3.1.1-2+deb11u2 all [upgradable from: 3.1.1-2+deb11u1]
93. nextcloud-desktop-common/oldoldstable-security 3.1.1-2+deb11u2 all [upgradable from: 3.1.1-2+deb11u1]
94. nextcloud-desktop-doc/oldoldstable-security 3.1.1-2+deb11u2 all [upgradable from: 3.1.1-2+deb11u1]
95. nextcloud-desktop-l10n/oldoldstable-security 3.1.1-2+deb11u2 all [upgradable from: 3.1.1-2+deb11u1]
96. nextcloud-desktop/oldoldstable-security 3.1.1-2+deb11u2 amd64 [upgradable from: 3.1.1-2+deb11u1]
97. openjdk-11-jdk-headless/oldoldstable-security 11.0.28+6-1~deb11u1 amd64 [upgradable from: 11.0.27+6-1~deb11u1]
98. openjdk-11-jdk/oldoldstable-security 11.0.28+6-1~deb11u1 amd64 [upgradable from: 11.0.27+6-1~deb11u1]
99. openjdk-11-jre-headless/oldoldstable-security 11.0.28+6-1~deb11u1 amd64 [upgradable from: 11.0.27+6-1~deb11u1]
100. openjdk-11-jre/oldoldstable-security 11.0.28+6-1~deb11u1 amd64 [upgradable from: 11.0.27+6-1~deb11u1]
101. openvpn/oldoldstable-security 2.5.1-3+deb11u2 amd64 [upgradable from: 2.5.1-3+deb11u1]
102. python3-libxml2/oldoldstable-security 2.9.10+dfsg-6.7+deb11u8 amd64 [upgradable from: 2.9.10+dfsg-6.7+deb11u7]
103. qemu-block-extra/oldoldstable-security 1:5.2+dfsg-11+deb11u5 amd64 [upgradable from: 1:5.2+dfsg-11+deb11u4]
104. qemu-guest-agent/oldoldstable-security 1:5.2+dfsg-11+deb11u5 amd64 [upgradable from: 1:5.2+dfsg-11+deb11u4]
105. qemu-system-common/oldoldstable-security 1:5.2+dfsg-11+deb11u5 amd64 [upgradable from: 1:5.2+dfsg-11+deb11u4]
106. qemu-system-data/oldoldstable-security 1:5.2+dfsg-11+deb11u5 all [upgradable from: 1:5.2+dfsg-11+deb11u4]
107. qemu-system-gui/oldoldstable-security 1:5.2+dfsg-11+deb11u5 amd64 [upgradable from: 1:5.2+dfsg-11+deb11u4]
108. qemu-system-x86/oldoldstable-security 1:5.2+dfsg-11+deb11u5 amd64 [upgradable from: 1:5.2+dfsg-11+deb11u4]
109. qemu-utils/oldoldstable-security 1:5.2+dfsg-11+deb11u5 amd64 [upgradable from: 1:5.2+dfsg-11+deb11u4]
110. signal-desktop/xenial 7.71.0 amd64 [upgradable from: 7.61.0]
111. slack-desktop/jessie 4.46.96 amd64 [upgradable from: 4.43.52]
112. systemd-container/oldoldstable-security 247.3-7+deb11u7 amd64 [upgradable from: 247.3-7+deb11u6]
113. systemd-sysv/oldoldstable-security 247.3-7+deb11u7 amd64 [upgradable from: 247.3-7+deb11u6]
114. systemd/oldoldstable-security 247.3-7+deb11u7 amd64 [upgradable from: 247.3-7+deb11u6]
115. thunderbird/oldoldstable-security 1:128.14.0esr-1~deb11u1 amd64 [upgradable from: 1:128.12.0esr-1~deb11u1]
116. udev/oldoldstable-security 247.3-7+deb11u7 amd64 [upgradable from: 247.3-7+deb11u6]
117. udisks2/oldoldstable-security 2.9.2-2+deb11u3 amd64 [upgradable from: 2.9.2-2+deb11u2]
118. vault/bullseye 1.20.3-1 amd64 [upgradable from: 1.20.0-1]
119. webkit2gtk-driver/oldoldstable-security 2.48.5-1~deb11u1 amd64 [upgradable from: 2.48.3-1~deb11u1]
120. wireless-regdb/oldoldstable-security 2025.07.10-1~deb11u1 all [upgradable from: 2025.02.20-1~deb11u1]
121. Reading package lists... Done
122. Building dependency tree... Done
123. Reading state information... Done
124. Calculating upgrade... Done
125. The following packages were automatically installed and are no longer required:
126. linux-headers-5.10.0-33-amd64 linux-headers-5.10.0-33-common linux-image-5.10.0-33-amd64
127. Use 'apt autoremove' to remove them.
128. The following packages will be upgraded:
129. apache2-bin brave-browser brave-keyring ca-certificates-java cups cups-bsd cups-client cups-common
130. cups-core-drivers cups-daemon cups-ipp-utils cups-ppdc cups-server-common distro-info-data
131. element-desktop firefox-esr gir1.2-javascriptcoregtk-4.0 gir1.2-webkit2-4.0 gnutls-bin imagemagick
132. imagemagick-6-common imagemagick-6.q16 jq libcaca0 libcommons-lang3-java libcups2 libcupsimage2
133. libdjvulibre-text libdjvulibre21 libexempi8 libfastjson4 libgnutls-dane0 libgnutls30
134. libimage-magick-perl libimage-magick-q16-perl libjavascriptcoregtk-4.0-18 libjq1 libmagick++-6.q16-8
135. libmagickcore-6.q16-6 libmagickcore-6.q16-6-extra libmagickwand-6.q16-6 libmbedcrypto3 libmbedtls12
136. libmbedx509-0 libnextcloudsync0 libnss-myhostname libnss-mymachines libnss-resolve libnss-systemd
137. libpam-modules libpam-modules-bin libpam-runtime libpam-systemd libpam0g libpq5 libsndfile1
138. libsystemd0 libudev1 libudisks2-0 libunbound8 libwebkit2gtk-4.0-37 libxml2 libxml2-utils
139. nautilus-nextcloud nextcloud-desktop nextcloud-desktop-common nextcloud-desktop-doc
140. nextcloud-desktop-l10n openjdk-11-jdk openjdk-11-jdk-headless openjdk-11-jre openjdk-11-jre-headless
141. openvpn python3-libxml2 qemu-block-extra qemu-guest-agent qemu-system-common qemu-system-data
142. qemu-system-gui qemu-system-x86 qemu-utils signal-desktop slack-desktop systemd systemd-container
143. systemd-sysv thunderbird udev udisks2 vault webkit2gtk-driver wireless-regdb
144. 92 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
145. Need to get 0 B/960 MB of archives.
146. After this operation, 55.9 MB of additional disk space will be used.
147. Do you want to continue? [Y/n] Y
148. Retrieving bug reports... Done
149. Parsing Found/Fixed information... Done
150. apt-listchanges: Reading changelogs...
151. Calling ['apt-get', '-qq', 'changelog', 'brave-keyring=1.19'] to retrieve changelog
152. apt-listchanges: Unable to retrieve changelog for package brave-keyring; 'apt-get changelog' failed with: E: Failed to fetch changelog:/brave-keyring.changelog Changelog unavailable for brave-keyring=1.19
153.  
154. Calling ['apt-get', '-qq', 'changelog', 'slack-desktop=4.46.96'] to retrieve changelog
155. apt-listchanges: Unable to retrieve changelog for package slack-desktop; 'apt-get changelog' failed with: E: Failed to fetch changelog:/slack-desktop.changelog Changelog unavailable for slack-desktop=4.46.96
156.  
157. Calling ['apt-get', '-qq', 'changelog', 'vault=1.20.3-1'] to retrieve changelog
158. apt-listchanges: Unable to retrieve changelog for package vault; 'apt-get changelog' failed with: E: Failed to fetch changelog:/vault.changelog Changelog unavailable for vault=1.20.3-1
159.  
160. apt-listchanges: Changelogs
161. ---------------------------
162.  
163. --- Changes for cups (cups-daemon cups-ipp-utils cups-common cups-bsd cups-client cups-core-drivers cups-ppdc cups-server-common cups libcupsimage2 libcups2) ---
164. cups (2.3.3op2-3+deb11u10) bullseye-security; urgency=high
165.  
166. * CVE-2025-58060
167. fix authentication bypass with AuthType Negotiate
168. * CVE-2025-58364
169. fix remote DoS via null dereference
170.  
171. -- Thorsten Alteholz <[email protected]> Sun, 07 Sep 2025 19:45:05 +0200
172.  
173. --- Changes for djvulibre (libdjvulibre-text libdjvulibre21) ---
174. djvulibre (3.5.28-2.1) unstable; urgency=high
175.  
176. * Non-maintainer upload.
177. * Fix potential buffer overflow in MMRDecoder (CVE-2025-53367)
178. (Closes: #1108729)
179.  
180. -- Salvatore Bonaccorso <[email protected]> Fri, 04 Jul 2025 07:38:58 +0200
181.  
182. djvulibre (3.5.28-2.2) unstable; urgency=medium
183.  
184. * Non-maintainer upload.
185. * CVE-2021-46310: Divide by zero in IW44Image::Map::image()
186. (Closes: #1052668)
187. * CVE-2021-46312: Divide by zero in IWBitmap::Encode::init()
188. (Closes: #1052669)
189.  
190. -- Adrian Bunk <[email protected]> Fri, 18 Jul 2025 20:57:51 +0300
191.  
192. djvulibre (3.5.28-2.2~deb11u1) bullseye-security; urgency=medium
193.  
194. * Non-maintainer upload by the LTS Team.
195. * Rebuild for bullseye.
196.  
197. -- Adrian Bunk <[email protected]> Mon, 21 Jul 2025 13:50:32 +0300
198.  
199. --- Changes for jq (jq libjq1) ---
200. jq (1.6-2.1+deb11u1) bullseye-security; urgency=high
201.  
202. * Non-maintainer upload by the LTS Team.
203. * CVE-2025-48060
204. fix heap-buffer-overflow
205.  
206. -- Thorsten Alteholz <[email protected]> Fri, 19 Sep 2025 19:03:02 +0200
207.  
208. --- Changes for libcaca (libcaca0) ---
209. libcaca (0.99.beta19-2.2+deb11u1) bullseye-security; urgency=high
210.  
211. * Non-maintainer upload by the LTS Team.
212. * CVE-2021-30498 + CVE-2021-30499
213. heap buffer overflow might lead to memory corruption
214.  
215. -- Thorsten Alteholz <[email protected]> Fri, 25 Jul 2025 17:03:02 +0200
216.  
217. --- Changes for libfastjson (libfastjson4) ---
218. libfastjson (0.99.9-1+deb11u1) bullseye-security; urgency=high
219.  
220. * Non-maintainer upload by the LTS Team.
221. * CVE-2020-12762
222. fix for out-of-bounds write with large JSON file
223.  
224. -- Thorsten Alteholz <[email protected]> Fri, 25 Jul 2025 19:03:02 +0200
225.  
226. --- Changes for libxml2 (libxml2 libxml2-utils python3-libxml2) ---
227. libxml2 (2.9.10+dfsg-6.7+deb11u8) bullseye-security; urgency=high
228.  
229. * Non-maintainer upload by the LTS Team.
230. * Fix CVE-2024-34459: Heap buffer overflow with `xmllint --htmlout`
231. (Closes: #1071162).
232. * Fix CVE-2025-6021: Integer overflow issue in xmlBuildQName. (Closes:
233. #1107720).
234. * Fix CVE-2025-6170: Potential buffer overflows in the interactive shell
235. (Closes: #1107938).
236. * Fix CVE-2025-49794: Use-after-free issue in xmlSchematronReportOutput
237. (Closes: #1107755).
238. * Fix CVE-2025-49796: Type confusion issue in xmlSchematronReportOutput
239. (Closes: #1107755).
240.  
241. -- Guilhem Moulin <[email protected]> Sat, 26 Jul 2025 17:38:14 +0200
242.  
243. --- Changes for openjdk-11 (openjdk-11-jdk openjdk-11-jdk-headless openjdk-11-jre openjdk-11-jre-headless) ---
244. openjdk-11 (11.0.28~3ea-1) unstable; urgency=medium
245.  
246. * OpenJDK 11.0.28+3 build (early access).
247.  
248. -- Matthias Klose <[email protected]> Tue, 03 Jun 2025 14:20:18 +0200
249.  
250. openjdk-11 (11.0.28+6-1) unstable; urgency=high
251.  
252. * OpenJDK 11.0.28 release, build 6.
253. - Addresses CVE-2025-5010, CVE-2025-50059, CVE-2025-30754, CVE-2025-30749.
254. See https://openjdk.org/groups/vulnerability/advisories/2025-07-15.
255. - Release notes:
256. https://mail.openjdk.org/pipermail/jdk-updates-dev/2025-July/045612.html
257.  
258. [ Vladimir Petko ]
259. * d/p/jdk-8359735-proposed.patch: Fix process tests failing in Ubuntu 25.10.
260. * d/copyright-generator/copyright-gen.py: bump copyright year.
261. * d/copyright: regenerate.
262.  
263. -- Matthias Klose <[email protected]> Sat, 19 Jul 2025 13:48:15 +0200
264.  
265. openjdk-11 (11.0.28+6-1~deb11u1) bullseye-security; urgency=medium
266.  
267. * Non-maintainer upload by the LTS Team.
268. * Backport to bullseye.
269.  
270. -- Emilio Pozuelo Monfort <[email protected]> Mon, 21 Jul 2025 13:00:49 +0200
271.  
272. --- Changes for udisks2 (libudisks2-0 udisks2) ---
273. udisks2 (2.9.2-2+deb11u3) bullseye-security; urgency=high
274.  
275. * Non-maintainer upload by the LTS Team.
276. * CVE-2025-8067
277. fix out-of-bounds read
278.  
279. -- Thorsten Alteholz <[email protected]> Sat, 23 Aug 2025 11:03:02 +0200
280.  
281. --- Changes for unbound (libunbound8) ---
282. unbound (1.13.1-1+deb11u5) bullseye-security; urgency=high
283.  
284. * Non-maintainer upload by the LTS Team.
285. * Fix CVE-2024-33655: The DNSBomb attack, via specially timed DNS queries
286. and answers, can cause a Denial of Service on resolvers and spoofed
287. targets. Unbound itself is not vulnerable for DoS, but it can be used to
288. take part in a pulsing DoS amplification attack.
289. * Fix CVE-2025-5994: Resolvers supporting ECS need to segregate outgoing
290. queries to accommodate for different outgoing ECS information. This
291. re-opens up resolvers to a birthday paradox attack (Rebirthday Attack)
292. that tries to match the DNS transaction ID in order to cache non-ECS
293. poisonous replies. (Closes: #1109427)
294. * Backport upstream's follow-up changes for CVE-2024-43168 and
295. CVE-2024-43167.
296. * DEP-8: Add `Depends: netcat-openbsd, xxd` to avoid skipping tests.
297.  
298. -- Guilhem Moulin <[email protected]> Sat, 23 Aug 2025 19:22:47 +0200
299.  
300. --- Changes for webkit2gtk (webkit2gtk-driver gir1.2-webkit2-4.0 gir1.2-javascriptcoregtk-4.0 libwebkit2gtk-4.0-37 libjavascriptcoregtk-4.0-18) ---
301. webkit2gtk (2.48.5-1) unstable; urgency=high
302.  
303. * New upstream release.
304. * The WebKitGTK security advisory WSA-2025-0005 lists the following
305. security fixes in the latest versions of WebKitGTK:
306. - CVE-2025-24189 (fixed in 2.48.0).
307. - CVE-2025-31273, CVE-2025-31278, CVE-2025-43211, CVE-2025-43212,
308. CVE-2025-43216, CVE-2025-43227, CVE-2025-43228, CVE-2025-43240,
309. CVE-2025-43265, CVE-2025-6558 (fixed in 2.48.5).
310. * debian/upstream/signing-key.asc:
311. - Update Adrian Perez's PGP key.
312. * debian/patches/fix-ftbfs-armv7.patch:
313. - Fix arm build.
314.  
315. -- Alberto Garcia <[email protected]> Mon, 11 Aug 2025 00:53:50 +0200
316.  
317. webkit2gtk (2.48.5-1~deb11u1) bullseye-security; urgency=medium
318.  
319. * Backport to bullseye.
320.  
321. -- Emilio Pozuelo Monfort <[email protected]> Tue, 19 Aug 2025 10:44:44 +0200
322.  
323. --- Changes for wireless-regdb ---
324. wireless-regdb (2025.07.10-1) unstable; urgency=medium
325.  
326. * New upstream version:
327. - Update regulatory info for Indonesia (ID) for 2025
328. - Permit 320 MHz bandwidth in 6 GHz band for GB
329. - Update regulatory info for Egypt (EG) for 2024
330. - Update regulatory rules for Brazil (BR) on 6GHz
331. - Update regulatory info for Vietnam (VN) for 2025
332. - Update regulatory info for Estonia (EE) for 2024
333. - update regulatory rules for Paraguay (PY) on 6 GHz for 2025
334. - Update regulatory info for CEPT countries for 6GHz listed by WiFi
335. Alliance
336. - update regulatory rules for Bosnia and Herzegovina (BA) for 6 GHz
337. * d/upstream/signing-key.asc: Update for later expiry date and new uids
338.  
339. -- Ben Hutchings <[email protected]> Fri, 18 Jul 2025 13:18:59 +0200
340.  
341. wireless-regdb (2025.07.10-1~deb11u1) bullseye-security; urgency=high
342.  
343. * Backport to bullseye:
344. - Add my signature for regulatory.bin
345.  
346. -- Ben Hutchings <[email protected]> Sat, 06 Sep 2025 17:22:58 +0200
347.  
348. --- Changes for apache2 (apache2-bin) ---
349. apache2 (2.4.65-1~deb11u1) bullseye-security; urgency=medium
350.  
351. * Team upload
352.  
353. [ Yadd ]
354. * Drop patches included in upstream
355. * New upstream version 2.4.65 (Closes: CVE-2025-23048, CVE-2024-42516,
356. CVE-2024-43204, CVE-2024-43394, CVE-2024-47252, CVE-2025-49630,
357. CVE-2025-49812, CVE-2025-53020, CVE-2025-54090)
358. * Unfuzz patches
359.  
360. [ Bastien Roucariès ]
361. * Add a NEWS entry following CVE-2025-23048
362.  
363. -- Bastien Roucariès <[email protected]> Tue, 29 Jul 2025 22:18:46 +0200
364.  
365. --- Changes for ca-certificates-java ---
366. ca-certificates-java (20220719) unstable; urgency=medium
367.  
368. [ Andreas Beckmann ]
369. * Team upload.
370. * Switch to debhelper-compat (= 13).
371. * Set Rules-Requires-Root: no.
372. * UpdateCertificates.java: Ignore empty lines in stdin. (Closes: #795244)
373. * Avoid warning about missing /etc/ssl/certs/java/cacerts on initial
374. install.
375. * Do not be satisfied by java7-runtime-headless.
376. * Remove support for upgrading from versions predating wheezy.
377. * Clean up misplaced symlinks in the root directory left over by ancient
378. versions. (Closes: #688415)
379. * Drop libnss3 manipulations, no longer needed since openjdk-6-jre-headless
380. at least.
381. * Add update-ca-certificates-java trigger and let jks-keystore record the
382. pending certificate updates and postpone them to the processing of this
383. trigger. (Closes: #908858)
384. * Add update-ca-certificates-java-fresh trigger, will be activated by
385. update-ca-certificates -f. (Closes: #922981)
386. * Remove obsolete certificates when building a fresh cacerts file.
387. (Closes: #767272)
388. * Bump ca-certificates dependency to 20210120.
389. * Skip Java certificates setup if no JRE is available.
390. * Add trigger on /usr/lib/jvm to perform Java certificates setup if a JRE
391. becomes available.
392. * Demote JRE dependency to Recommends to break dependency cycle.
393. (Closes: #929685, #940297)
394. * Foreign architecture JREs that place java in PATH are also usable.
395. (Closes: #776860, #864331)
396.  
397. [ Matthias Klose ]
398. * Support Java 18-21. Closes: #994152.
399. * Bump Standards-Version to 4.6.0.
400.  
401. -- Matthias Klose <[email protected]> Tue, 19 Jul 2022 16:02:33 +0200
402.  
403. ca-certificates-java (20230103) unstable; urgency=medium
404.  
405. * Promote again the JRE recommendation to a dependency. Otherwise
406. non-default OpenJDK versions are uninstallable.
407.  
408. -- Matthias Klose <[email protected]> Tue, 03 Jan 2023 09:10:44 +0100
409.  
410. ca-certificates-java (20230620) unstable; urgency=medium
411.  
412. [ Matthias Klose ]
413. * Bump standards version.
414. * Build-depend on default-jdk-headless instead of default-jdk.
415.  
416. [ Vladimir Petko ]
417. * d/ca-certificates-java.postinst: Work-around not yet configured jre.
418.  
419. -- Matthias Klose <[email protected]> Tue, 20 Jun 2023 06:09:44 +0200
420.  
421. ca-certificates-java (20230620~deb12u1) bookworm; urgency=medium
422.  
423. * Non-maintainer upload.
424. * Rebuild for bookworm. (Closes: #1039472)
425.  
426. -- Andreas Beckmann <[email protected]> Sun, 06 Aug 2023 16:24:13 +0200
427.  
428. ca-certificates-java (20230707) unstable; urgency=medium
429.  
430. [ Vladimir Petko ]
431. * Resolve circular JRE dependency:
432. - debian/ca-certificates-java.postinst: remove setup_path from "configure"
433. stage.
434. - debian/ca-certificates-java.postinst: do "fresh" update if cacerts file is
435. not found. Certificates are refreshed only in response to the trigger
436. activated by OpenJDK packages.
437. - debian/ca-certificates-java.postinst: fix cacert enumeration command for
438. Java 8.
439. - debian/control: remove JRE dependency.
440. - debian/control: add Breaks condition.
441. - debian/tests: add smoke tests.
442. - debian/ca-certificates-java.triggers: remove file trigger /usr/jvm,
443. explicitly declare triggers as -await.
444.  
445. [ Matthias Klose ]
446. * Adjust the breaks for Debian versions.
447.  
448. -- Matthias Klose <[email protected]> Fri, 07 Jul 2023 11:13:17 +0200
449.  
450. ca-certificates-java (20230710) unstable; urgency=medium
451.  
452. * Add apt-utils to the test dependencies.
453.  
454. -- Matthias Klose <[email protected]> Mon, 10 Jul 2023 09:59:59 +0200
455.  
456. ca-certificates-java (20230710~deb12u1) bookworm; urgency=medium
457.  
458. * Non-maintainer upload.
459. * Rebuild for bookworm. (Closes: #1041419, #1037478, #929685)
460.  
461. -- Andreas Beckmann <[email protected]> Sun, 03 Dec 2023 13:04:00 +0100
462.  
463. ca-certificates-java (20230710~deb12u1~deb11u1) bullseye-security; urgency=medium
464.  
465. * Non-maintainer upload by LTS team.
466. * Backport in order to solve circular JRE dependency
467. (Closes: #1041419, #1037478, #929685)
468. * Do not try to run foreign architecture java. Closes: #1043247.
469.  
470. -- Bastien Roucariès <[email protected]> Mon, 11 Aug 2025 18:12:03 +0200
471.  
472. --- Changes for distro-info-data ---
473. distro-info-data (0.51+deb11u9) bullseye-security; urgency=medium
474.  
475. * Update data to 0.66:
476. - Add Ubuntu end of Legacy Support dates (new eol-legacy column).
477. - Add release and estimated EoL dates for Debian 13 "Trixie".
478.  
479. -- Stefano Rivera <[email protected]> Sat, 09 Aug 2025 15:30:06 +0200
480.  
481. --- Changes for element-desktop ---
482. element-desktop (v1.12.0) default; urgency=medium
483.  
484. * 🦖 Deprecations
485.  
486. * Remove remaining support for outdated .well-known settings (https://github.com/element-hq/element-web/pull/30702). Contributed by @richvdh.
487.  
488.  
489. * ✨ Features
490.  
491. * Automatically select first source for desktop capture under Wayland (https://github.com/element-hq/element-desktop/pull/2526). Contributed by @byquanton.
492. * Add decline button to call notification toast (use new notification event) (https://github.com/element-hq/element-web/pull/30729). Contributed by @toger5.
493. * Use the new room list by default (https://github.com/element-hq/element-web/pull/30640). Contributed by @langleyd.
494. * "Verify this device" redesign (https://github.com/element-hq/element-web/pull/30596). Contributed by @uhoreg.
495. * Set Element Call "intents" when starting and answering DM calls. (https://github.com/element-hq/element-web/pull/30730). Contributed by @Half-Shot.
496. * Add axe compliance for new room list (https://github.com/element-hq/element-web/pull/30700). Contributed by @langleyd.
497. * Stop ringing and remove toast if another device answers a RTC call. (https://github.com/element-hq/element-web/pull/30728). Contributed by @Half-Shot.
498. * Automatically adjust history visibility when making a room private (https://github.com/element-hq/element-web/pull/30713). Contributed by @Half-Shot.
499. * Release announcement for new room list (https://github.com/element-hq/element-web/pull/30675). Contributed by @dbkr.
500.  
501.  
502. * 🐛 Bug Fixes
503.  
504. * Update Electron to v38.1.0 to fix Kernel crash on multi-GPU systems (https://github.com/element-hq/element-desktop/pull/2544). Contributed by @Arcitec.
505. * Fix Confirm your identity buttons being unclickable (https://github.com/element-hq/element-desktop/pull/2554). Contributed by @dbkr.
506. * Ensure dropdown is not a drag element on macOS (https://github.com/element-hq/element-desktop/pull/2540). Contributed by @t3chguy.
507. * https://github.com/element-hq/element-web/pull/30795). Contributed by @RiotRobot.
508. * https://github.com/element-hq/element-web/pull/30794). Contributed by @RiotRobot.
509. * Don't show release announcements while toasts are displayed (https://github.com/element-hq/element-web/pull/30770). Contributed by @dbkr.
510. * Fix enabling key backup not working if there is an untrusted key backup (https://github.com/element-hq/element-web/pull/30707). Contributed by @Half-Shot.
511. * Force `preload` to be false when setting an intent on an Element Call. (https://github.com/element-hq/element-web/pull/30759). Contributed by @Half-Shot.
512. * Fix handling of 413 server response when uploading media (https://github.com/element-hq/element-web/pull/30737). Contributed by @hughns.
513. * Make landmark navigation work with new room list (https://github.com/element-hq/element-web/pull/30747). Contributed by @dbkr.
514. * Prevent voice message from displaying spurious errors (https://github.com/element-hq/element-web/pull/30736). Contributed by @florianduros.
515. * Align default avatar and fix colors in composer pills (https://github.com/element-hq/element-web/pull/30739). Contributed by @florianduros.
516. * Use configured URL for link to desktop app in message search settings (https://github.com/element-hq/element-web/pull/30742). Contributed by @t3chguy.
517. * Fix history visibility when creating space rooms (https://github.com/element-hq/element-web/pull/30745). Contributed by @dbkr.
518. * Check HTML-encoded quotes when handling translations for embedded pages (such as welcome.html) (https://github.com/element-hq/element-web/pull/30743). Contributed by @Half-Shot.
519. * Fix local room encryption status always not enabled (https://github.com/element-hq/element-web/pull/30461). Contributed by @BillCarsonFr.
520. * fix: make url in topic in room intro clickable (https://github.com/element-hq/element-web/pull/30686). Contributed by @florianduros.
521. * Block change recovery key button while a change is ongoing. (https://github.com/element-hq/element-web/pull/30664). Contributed by @Half-Shot.
522. * Hide advanced settings during room creation when `UIFeature.advancedSettings=false` (https://github.com/element-hq/element-web/pull/30684). Contributed by @florianduros.
523. * A11y: improve accessibility of pinned messages (https://github.com/element-hq/element-web/pull/30558). Contributed by @florianduros.
524.  
525. -- RiotRobot <[email protected]> Tue, 23 Sep 2025 12:46:08 +0000
526.  
527. --- Changes for exempi (libexempi8) ---
528. exempi (2.5.2-1+deb11u1) bullseye-security; urgency=medium
529.  
530. * Non-maintainer upload by the LTS Team.
531. * CVE-2021-36045: Out-of-bounds Access
532. * CVE-2021-36046: Out-of-bounds Access
533. * CVE-2021-36047: Improper Input Validation
534. * CVE-2021-36048: Improper Input Validation
535. * CVE-2021-36050: Heap-based Buffer Overflow
536. * CVE-2021-36051: Heap-based Buffer Overflow
537. * CVE-2021-36052: Out-of-bounds Access
538. * CVE-2021-36053: Out-of-bounds Access
539. * CVE-2021-36054: Heap-based Buffer Overflow
540. * CVE-2021-36055: Heap-based Buffer Overflow
541. * CVE-2021-36056: Heap-based Buffer Overflow
542. * CVE-2021-36057: Write-what-where Condition
543. * CVE-2021-36058: Integer Overflow or Wraparound
544. * CVE-2021-36064: Buffer Underwrite
545. * CVE-2021-39847: Stack-based Buffer Overflow
546. * CVE-2021-40716: Out-of-bounds Access
547. * CVE-2021-40732: NULL Pointer Dereference
548. * CVE-2021-42528: NULL Pointer Dereference
549. * CVE-2021-42529: Stack-based Buffer Overflow
550. * CVE-2021-42530: Stack-based Buffer Overflow
551. * CVE-2021-42531: Stack-based Buffer Overflow
552. * CVE-2021-42532: Stack-based Buffer Overflow
553.  
554. -- Adrian Bunk <[email protected]> Sun, 03 Aug 2025 18:44:44 +0300
555.  
556. --- Changes for firefox-esr ---
557. firefox (129.0-1) unstable; urgency=medium
558.  
559. * New upstream release.
560. * Fixes for mfsa2024-33, also known as:
561. CVE-2024-7518, CVE-2024-7519, CVE-2024-7520, CVE-2024-7521,
562. CVE-2024-7522, CVE-2024-7524, CVE-2024-7525, CVE-2024-7526,
563. CVE-2024-7527, CVE-2024-7528, CVE-2024-7529, CVE-2024-7530,
564. CVE-2024-7531.
565.  
566. * debian/control*: Bump nss build dependency.
567.  
568. -- Mike Hommey <[email protected]> Wed, 07 Aug 2024 07:35:48 +0900
569.  
570. firefox (129.0.1-1) unstable; urgency=medium
571.  
572. * New upstream release.
573.  
574. -- Mike Hommey <[email protected]> Tue, 13 Aug 2024 23:04:27 +0900
575.  
576. firefox (129.0.2-1) unstable; urgency=medium
577.  
578. * New upstream release.
579.  
580. -- Mike Hommey <[email protected]> Wed, 21 Aug 2024 13:06:19 +0900
581.  
582. firefox (130.0-1) unstable; urgency=medium
583.  
584. * New upstream release.
585. * Fixes for mfsa2024-39, also known as:
586. CVE-2024-8385, CVE-2024-8381, CVE-2024-8382, CVE-2024-8383,
587. CVE-2024-8384, CVE-2024-8386, CVE-2024-8387, CVE-2024-8389.
588.  
589. * debian/control.in: Use rustc-web and cbindgen-web on bookworm and bullseye.
590. * debian/control.in, debian/rules: Use gcc-11 on bookworm, working around
591. #1056561.
592. * debian/browser.mozconfig.in, debian/browser.preinst.in, debian/control.in,
593. debian/l10n/browser-l10n.control, debian/l10n/browser-l10n.control.in,
594. debian/l10n/gen, debian/rules, debian/upstream.mk: Remove support for
595. buster.
596.  
597. -- Mike Hommey <[email protected]> Wed, 04 Sep 2024 06:29:13 +0900
598.  
599. firefox (130.0-2) unstable; urgency=medium
600.  
601. * debian/control.*: Bump nss build dependency. Closes: #1080470
602.  
603. * media/libyuv/libyuv/include/libyuv/macros_msa.h,
604. media/libyuv/libyuv/source/row_gcc.cc,
605. media/libyuv/libyuv/source/row_lsx.cc,
606. media/libyuv/libyuv/source/scale_gcc.cc: Add volatile for gcc inline to
607. avoid being removed. bz# 1916038. Closes: #1080518
608.  
609. -- Mike Hommey <[email protected]> Fri, 06 Sep 2024 07:55:20 +0900
610.  
611. firefox (130.0.1-1) unstable; urgency=medium
612.  
613. * New upstream release.
614.  
615. -- Mike Hommey <[email protected]> Wed, 18 Sep 2024 05:59:03 +0900
616.  
617. firefox (131.0-1) unstable; urgency=medium
618.  
619. * New upstream release.
620. * Fixes for mfsa2024-39, also known as:
621. CVE-2024-9392, CVE-2024-9393, CVE-2024-9394, CVE-2024-9396,
622. CVE-2024-9397, CVE-2024-9398, CVE-2024-9399, CVE-2024-9400,
623. CVE-2024-9401, CVE-2024-9402, CVE-2024-9403.
624.  
625. * debian/control.*: Bump nss build dependency.
626.  
627. -- Mike Hommey <[email protected]> Wed, 02 Oct 2024 06:19:42 +0900
628.  
629. firefox (131.0.2-1) unstable; urgency=medium
630.  
631. * New upstream release.
632. * Fixes for mfsa2024-51, also known as CVE-2024-9680.
633.  
634. * debian/rules:
635. - Fixed manual page header for firefox-esr.
636. - Use a single virtualenv for preprocessing and build.
637. - Get CXXFLAGS from dpkg-buildflags directly instead of deriving it
638. from CFLAGS.
639. * debian/iceweasel.*: Remove the remaining iceweasel files.
640. * debian/control*:
641. - Remove unnecessary dependency on autotools-dev.
642. - Remove explicit dependency on dpkg-dev.
643. - Remove Breaks: xul-ext-torbutton. The package was removed in bug
644. #796316, 9 years ago.
645. - Remove build dependency on yasm.
646. * debian/browser.lintian-overrides.in: Updated.
647. * debian/source/lintian-overrides: Updated.
648. * debian/copyright: Updated.
649.  
650. -- Mike Hommey <[email protected]> Thu, 10 Oct 2024 06:33:04 +0900
651.  
652. firefox (131.0.2-2) unstable; urgency=medium
653.  
654. * debian/rules: Exclude -g from CXXFLAGS too. It's handled by the upstream
655. build system, and leaving it there breaks the build on 32-bits platforms
656. because the debug info is just too large to handle for the address space.
657. That's how it was before the changes in 128.3.1esr-1 anyways.
658.  
659. -- Mike Hommey <[email protected]> Thu, 10 Oct 2024 15:50:40 +0900
660.  
661. firefox (131.0.3-1) unstable; urgency=medium
662.  
663. * New upstream release.
664. * Fixes for mfsa2024-53, also known as CVE-2024-9936.
665.  
666. * debian/browser.lintian-overrides.in: Adjusted to make the report on
667. udd.debian.org happy. For some reason local lintian doesn't agree.
668.  
669. -- Mike Hommey <[email protected]> Tue, 15 Oct 2024 05:40:52 +0900
670.  
671. firefox (132.0-1) unstable; urgency=medium
672.  
673. * New upstream release.
674. * Fixes for mfsa2024-55, also known as:
675. CVE-2024-10458, CVE-2024-10459, CVE-2024-10460, CVE-2024-10461,
676. CVE-2024-10462, CVE-2024-10463, CVE-2024-10468, CVE-2024-10464,
677. CVE-2024-10465, CVE-2024-10466, CVE-2024-10467.
678.  
679. * debian/control*: Bump nss build dependency.
680.  
681. -- Mike Hommey <[email protected]> Wed, 30 Oct 2024 06:44:52 +0900
682.  
683. firefox (132.0.1-1) unstable; urgency=medium
684.  
685. * New upstream release.
686.  
687. -- Mike Hommey <[email protected]> Tue, 05 Nov 2024 10:26:41 +0900
688.  
689. firefox (132.0.2-1) unstable; urgency=medium
690.  
691. * New upstream release.
692.  
693. * debian/control*: Build depend on libdbus-1-dev rather than
694. libdbus-glib-1-dev. Closes: #955890.
695.  
696. -- Mike Hommey <[email protected]> Wed, 13 Nov 2024 07:55:46 +0900
697.  
698. firefox (133.0-1) unstable; urgency=medium
699.  
700. * New upstream release.
701. - Fixes FTBFS with python 3.13. Closes: #1084725
702. * Fixes for mfsa2024-63, also known as:
703. CVE-2024-11691, CVE-2024-11692, CVE-2024-11701, CVE-2024-11693,
704. CVE-2024-11694, CVE-2024-11695, CVE-2024-11696, CVE-2024-11697,
705. CVE-2024-11708, CVE-2024-11699.
706.  
707. * debian/control*: Bump nss build dependency.
708. * debian/browser.install.in: Remove minidump-analyzer, matching upstream
709. changes.
710.  
711. -- Mike Hommey <[email protected]> Wed, 27 Nov 2024 09:37:19 +0900
712.  
713. firefox (133.0.3-1) unstable; urgency=medium
714.  
715. * New upstream release.
716.  
717. * debian/rules: Switch to clang as the compiler for trixie.
718.  
719. * python/mach/mach/site.py: Fix virtual environment sysconfig path
720. calculation. bz#1935621.
721.  
722. -- Mike Hommey <[email protected]> Wed, 11 Dec 2024 05:12:24 +0900
723.  
724. firefox (134.0-1) unstable; urgency=medium
725.  
726. * New upstream release.
727. * Fixes for mfsa2025-01, also known as:
728. CVE-2025-0237, CVE-2025-0238, CVE-2025-0239, CVE-2025-0240,
729. CVE-2025-0241, CVE-2025-0242, CVE-2025-0243, CVE-2025-0247.
730.  
731. * debian/control*: Bump nss build dependency.
732.  
733. -- Mike Hommey <[email protected]> Wed, 08 Jan 2025 07:32:53 +0900
734.  
735. firefox (134.0.1-1) unstable; urgency=medium
736.  
737. * New upstream release.
738.  
739. * debian/rules:
740. - Properly enable clang only on trixie. Thanks David Turner.
741. - Revert work around for some binutils change. Upstream has had a fix for
742. it for a while now.
743.  
744. -- Mike Hommey <[email protected]> Wed, 15 Jan 2025 06:13:16 +0900
745.  
746. firefox (134.0.2-1) unstable; urgency=medium
747.  
748. * New upstream release.
749.  
750. -- Mike Hommey <[email protected]> Wed, 22 Jan 2025 07:55:35 +0900
751.  
752. firefox (134.0.2-2) unstable; urgency=medium
753.  
754. * gfx/cairo/libpixman/src/moz.build: Don't use clang clang's integrated
755. assembler to compile pixman ARM neon code.
756. * gfx/ycbcr/yuv_convert_arm.cpp: Move the .fpu neon directive around.
757. * third_party/wasm2c/src/prebuilt/wasm2c_simd_source_declarations.cc,
758. third_party/wasm2c/src/prebuilt/wasm2c_source_declarations.cc: Apply
759. wasm2c upstream fix for clang targetting mips.
760. * media/libyuv/libyuv/libyuv.gyp: Apply the neon flags to libyuv_neon,
761. not libyuv.
762.  
763. -- Mike Hommey <[email protected]> Wed, 22 Jan 2025 13:44:47 +0900
764.  
765. firefox (134.0.2-3) unstable; urgency=medium
766.  
767. * mozglue/misc/StackWalk.cpp: Work around glibc issue leading to crash in
768. _Unwind_Backtrace on aarch64 linux with PAC. bz#1944461. Closes: #1094429.
769.  
770. -- Mike Hommey <[email protected]> Thu, 30 Jan 2025 05:53:20 +0900
771.  
772. firefox (135.0-1) unstable; urgency=medium
773.  
774. * New upstream release.
775. * Fixes for mfsa2025-07, also known as:
776. CVE-2025-1009, CVE-2025-1010, CVE-2025-1018, CVE-2025-1011,
777. CVE-2025-1012, CVE-2025-1019, CVE-2025-1013, CVE-2025-1014,
778. CVE-2025-1016, CVE-2025-1017, CVE-2025-1020.
779.  
780. -- Mike Hommey <[email protected]> Wed, 05 Feb 2025 06:42:43 +0900
781.  
782. firefox (135.0.1-1) unstable; urgency=medium
783.  
784. * New upstream release.
785.  
786. -- Mike Hommey <[email protected]> Wed, 19 Feb 2025 05:34:58 +0900
787.  
788. firefox (136.0-1) unstable; urgency=medium
789.  
790. * New upstream release.
791. * Fixes for mfsa2025-15, also known as:
792. CVE-2025-1931, CVE-2025-1932, CVE-2025-1933, CVE-2025-1934,
793. CVE-2025-1942, CVE-2025-1935, CVE-2025-1936, CVE-2025-1937,
794. CVE-2025-1938, CVE-2025-1943.
795.  
796. * debian/control*: Bump nss build dependency.
797.  
798. * js/src/xsum/moz.build: Disable format-security warning when disabling
799. format warning.
800.  
801. -- Mike Hommey <[email protected]> Wed, 05 Mar 2025 07:17:24 +0900
802.  
803. firefox (136.0.1-1) unstable; urgency=medium
804.  
805. * New upstream release.
806.  
807. -- Mike Hommey <[email protected]> Wed, 12 Mar 2025 05:29:58 +0900
808.  
809. firefox (136.0.2-1) unstable; urgency=medium
810.  
811. * New upstream release.
812.  
813. -- Mike Hommey <[email protected]> Wed, 19 Mar 2025 04:50:38 +0900
814.  
815. firefox (136.0.3-1) unstable; urgency=medium
816.  
817. * New upstream release.
818.  
819. -- Mike Hommey <[email protected]> Wed, 26 Mar 2025 05:43:49 +0900
820.  
821. firefox (137.0-1) unstable; urgency=medium
822.  
823. * New upstream release.
824. * Fixes for mfsa2025-20, also known as:
825. CVE-2025-3028, CVE-2025-3031, CVE-2025-3032, CVE-2025-3029,
826. CVE-2025-3035, CVE-2025-3030, CVE-2025-3034.
827.  
828. * debian/control*: Bump nss and rustc build dependencies.
829. * debian/browser.dirs.in, debian/browser.links.in, debian/rules: Move
830. desktop icons to /usr/share/icons/hicolor/* and symlink them from
831. /usr/lib/$browser/browser/chrome/icons/default.
832. * debian/browser.install.in: Remove libipcclientcerts.so and libnssckbi.so.
833.  
834. -- Mike Hommey <[email protected]> Wed, 02 Apr 2025 06:09:15 +0900
835.  
836. firefox (137.0.1-1) unstable; urgency=medium
837.  
838. * New upstream release.
839.  
840. -- Mike Hommey <[email protected]> Wed, 09 Apr 2025 05:17:00 +0900
841.  
842. firefox (137.0.2-1) unstable; urgency=medium
843.  
844. * New upstream release.
845. * Fixes for mfsa2025-25, also known as CVE-2025-3608.
846.  
847. -- Mike Hommey <[email protected]> Wed, 16 Apr 2025 07:22:29 +0900
848.  
849. firefox (138.0-1) unstable; urgency=medium
850.  
851. * New upstream release.
852. * Fixes for mfsa2025-28, also known as:
853. CVE-2025-4083, CVE-2025-4085, CVE-2025-4087, CVE-2025-4088,
854. CVE-2025-4089, CVE-2025-4091, CVE-2025-4092.
855.  
856. * debian/control*: Bump nss and cbindgen build dependencies.
857. * debian/browser.install.in: Don't install now removed
858. /usr/lib/firefox/browser/features.
859.  
860. * build/moz.configure/bindgen.configure: Relax cbindgen build dependency.
861.  
862. -- Mike Hommey <[email protected]> Wed, 30 Apr 2025 09:50:07 +0900
863.  
864. firefox (138.0.1-1) unstable; urgency=medium
865.  
866. * New upstream release.
867.  
868. -- Mike Hommey <[email protected]> Fri, 02 May 2025 10:00:46 +0900
869.  
870. firefox (138.0.3-1) unstable; urgency=medium
871.  
872. * New upstream release.
873.  
874. * debian/browser.mozconfig.in, debian/rules: Disable wasm sandboxing on big
875. endian architectures. Thanks John Paul Adrian Glaubitz. Closes: #1105086
876. * debian/rules: Force-use BFD ld on ppc64. Closes: #1105090
877.  
878. -- Mike Hommey <[email protected]> Wed, 14 May 2025 05:53:10 +0900
879.  
880. firefox (138.0.4-1) unstable; urgency=medium
881.  
882. * New upstream release.
883. * Fixes for mfsa2025-36, also known as CVE-2025-4920, CVE-2025-4921.
884.  
885. -- Mike Hommey <[email protected]> Sun, 18 May 2025 06:50:18 +0900
886.  
887. firefox (139.0-1) unstable; urgency=medium
888.  
889. * New upstream release.
890. * Fixes for mfsa2025-42, also known as:
891. CVE-2025-5263, CVE-2025-5264, CVE-2025-5266, CVE-2025-5270,
892. CVE-2025-5271, CVE-2025-5267, CVE-2025-5268, CVE-2025-5272.
893.  
894. * debian/browser.install.in: Add crashhelper binary.
895.  
896. -- Mike Hommey <[email protected]> Wed, 28 May 2025 11:15:15 +0900
897.  
898. firefox (139.0.4-1) unstable; urgency=medium
899.  
900. * New upstream release.
901. * Fixes for mfsa2025-47, also known as: CVE-2025-49709, CVE-2025-49710.
902.  
903. -- Mike Hommey <[email protected]> Wed, 11 Jun 2025 07:24:30 +0900
904.  
905. firefox (140.0-1) unstable; urgency=medium
906.  
907. * New upstream release.
908. * Fixes for mfsa2025-51, also known as:
909. CVE-2025-6424, CVE-2025-6425, CVE-2025-6427, CVE-2025-6429,
910. CVE-2025-6430, CVE-2025-6432, CVE-2025-6433, CVE-2025-6434,
911. CVE-2025-6435, CVE-2025-6436.
912.  
913. -- Mike Hommey <[email protected]> Wed, 25 Jun 2025 06:27:19 +0900
914.  
915. firefox (140.0.1-1) unstable; urgency=medium
916.  
917. * New upstream release.
918.  
919. * debian/control*: Bump nss build dependency.
920.  
921. -- Mike Hommey <[email protected]> Fri, 27 Jun 2025 06:34:37 +0900
922.  
923. firefox (140.0.4-1) unstable; urgency=medium
924.  
925. * New upstream release.
926.  
927. -- Mike Hommey <[email protected]> Wed, 09 Jul 2025 07:58:40 +0900
928.  
929. firefox-esr (140.3.0esr-1) unstable; urgency=medium
930.  
931. * New upstream release.
932. * Fixes for mfsa2025-75, also known as:
933. CVE-2025-10527, CVE-2025-10528, CVE-2025-10529, CVE-2025-10532,
934. CVE-2025-10533, CVE-2025-10536, CVE-2025-10537.
935.  
936. -- Mike Hommey <[email protected]> Wed, 17 Sep 2025 08:35:15 +0900
937.  
938. firefox-esr (140.3.0esr-1~deb11u1) bullseye-security; urgency=medium
939.  
940. * Backport to bullseye.
941. * Use LLVM 19.
942. * Disable dwz.
943.  
944. -- Emilio Pozuelo Monfort <[email protected]> Wed, 17 Sep 2025 12:36:27 +0200
945.  
946. firefox-esr (140.3.0esr-1~deb11u2) bullseye-security; urgency=medium
947.  
948. * Disable SVE2 support on arm64, it's not supported with our toolchain
949. and libyuv is trying to use it by default, breaking the build.
950.  
951. -- Emilio Pozuelo Monfort <[email protected]> Fri, 19 Sep 2025 09:26:20 +0200
952.  
953. --- Changes for gnutls28 (libgnutls30 libgnutls-dane0 gnutls-bin) ---
954. gnutls28 (3.7.1-5+deb11u8) bullseye-security; urgency=medium
955.  
956. * Non-maintainer upload by the LTS Team.
957. * CVE-2025-6395: NULL dereference when 2nd Client Hello omits PSK
958. * CVE-2025-32988: Double-free upon error when exporting otherName in SAN
959. * CVE-2025-32990: 1-byte write buffer overrun in certtool
960.  
961. -- Adrian Bunk <[email protected]> Fri, 08 Aug 2025 14:02:50 +0300
962.  
963. --- Changes for imagemagick (libimage-magick-q16-perl libimage-magick-perl imagemagick-6-common libmagickcore-6.q16-6 libmagickwand-6.q16-6 imagemagick-6.q16 imagemagick libmagick++-6.q16-8 libmagickcore-6.q16-6-extra) ---
964. imagemagick (8:6.9.11.60+dfsg-1.3+deb11u6) bullseye-security; urgency=medium
965.  
966. * Fix CVE-2025-53014:
967. A heap buffer overflow was found in the `InterpretImageFilename`
968. function. The issue stems from an off-by-one error that causes
969. out-of-bounds memory access when processing format strings
970. containing consecutive percent signs (`%%`).
971. (Closes: #1109339)
972. * Fix CVE-2025-53019:
973. ImageMagick's `magick stream` command, specifying multiple
974. consecutive `%d` format specifiers in a filename template
975. causes a memory leak
976. * Fix CVE-2025-53101:
977. ImageMagick's `magick mogrify` command, specifying
978. multiple consecutive `%d` format specifiers in a filename
979. template causes internal pointer arithmetic to generate
980. an address below the beginning of the stack buffer,
981. resulting in a stack overflow through `vsnprintf()`.
982. * Fix CVE-2025-55154:
983. the magnified size calculations in ReadOneMNGIMage
984. (in coders/png.c) are unsafe and can overflow,
985. leading to memory corruption.
986. (Closes: #1111103)
987. * Fix CVE-2025-55212:
988. passing a geometry string containing only a colon (":")
989. to montage -geometry leads GetGeometry() to set width/height
990. to 0. Later, ThumbnailImage() divides by these zero dimensions,
991. triggering a crash (SIGFPE/abort)
992. (Closes: #1111587)
993. * Fix CVE-2025-55298:
994. A format string bug vulnerability exists in InterpretImageFilename
995. function where user input is directly passed to FormatLocaleString
996. without proper sanitization. An attacker can overwrite arbitrary
997. memory regions, enabling a wide range of attacks from heap
998. overflow to remote code execution.
999. (Closes: #1111586)
1000. * Fix CVE-2025-57803:
1001. A 32-bit integer overflow in the BMP encoder’s scanline-stride
1002. computation collapses bytes_per_line (stride) to a tiny
1003. value while the per-row writer still emits 3 × width bytes
1004. for 24-bpp images. The row base pointer advances using the
1005. (overflowed) stride, so the first row immediately writes
1006. past its slot and into adjacent heap memory with
1007. attacker-controlled bytes.
1008. (Closes: #1112469)
1009. * Fix CVE-2025-57807:
1010. A security problem was found in SeekBlob(), which permits
1011. advancing the stream offset beyond the current end without
1012. increasing capacity, and WriteBlob(), which then expands by
1013. quantum + length (amortized) instead of offset + length,
1014. and copies to data + offset. When offset ≫ extent, the
1015. copy targets memory beyond the allocation, producing a
1016. deterministic heap write on 64-bit builds. No 2⁶⁴
1017. arithmetic wrap, external delegates, or policy settings
1018. are required.
1019. (Closes: #1114520)
1020.  
1021. -- Bastien Roucariès <[email protected]> Tue, 09 Sep 2025 21:48:40 +0200
1022.  
1023. --- Changes for libcommons-lang3-java ---
1024. libcommons-lang3-java (3.11-1+deb11u1) bullseye-security; urgency=medium
1025.  
1026. * Non-maintainer upload by the Debian LTS team.
1027. * d/patches/CVE-2025-48924.patch: Add patch to fix CVE-2025-48924.
1028. - Fix an uncontrolled recursion vulnerability (closes: 1109125).
1029.  
1030. -- Daniel Leidert <[email protected]> Sun, 31 Aug 2025 17:45:36 +0200
1031.  
1032. --- Changes for libsndfile (libsndfile1) ---
1033. libsndfile (1.0.31-2+deb11u1) bullseye-security; urgency=medium
1034.  
1035. * Non-maintainer upload by the LTS Security Team.
1036. * d/gbp.conf: add configuration for bullseye
1037. * d/salsa-ci.yml: switch to the lts-team bullseye pipeline
1038. * d/patches: add patch for CVE-2022-33065 (upstream cherry-pick)
1039. * d/patches: add patch for CVE-2024-50612 (upstream backport)
1040.  
1041. -- Paride Legovini <[email protected]> Sun, 31 Aug 2025 22:56:04 +0200
1042.  
1043. --- Changes for mbedtls (libmbedcrypto3 libmbedx509-0 libmbedtls12) ---
1044. mbedtls (2.16.9-0.1+deb11u2) bullseye-security; urgency=medium
1045.  
1046. * Non-maintainer upload by the LTS Team.
1047. * Apply security fixes from the upstream:
1048. - CVE-2025-47917: Fix memory management in mbedtls_x509_string_to_names
1049. to avoid a possible double-free or use-after-free in the caller.
1050. - CVE-2025-48965 in mbedtls_asn1_store_named_data:
1051. + When allocating val.p, always set the new length to val_len.
1052. + Remove a case of memcpy() called with a null pointer and zero length.
1053. + Fix NULL pointer dereference.
1054. (The patch for the issue depends on two more patches fixing related
1055. issues.)
1056. - CVE-2025-52496: Fix a race condition in mbedtls_aes_ni_has_support.
1057. - CVE-2025-52497: Fix PEM handling:
1058. + Fix valid data length returned by mbedtls_pem_read_buffer.
1059. + Check data padding in DES/AES decrypted buffers.
1060. + Fix PEM underflow.
1061.  
1062. -- Andrej Shadura <[email protected]> Sun, 10 Aug 2025 13:35:00 +0200
1063.  
1064. mbedtls (2.16.9-0.1+deb11u3) bullseye-security; urgency=medium
1065.  
1066. * Non-maintainer upload by the LTS Team.
1067. * Restore behaviour of mbedtls_x509write_set_foo_name():
1068. Add missing patches from the CVE-2025-47917 fix restoring the behaviour
1069. of the public API. Thanks to Thorsten Alteholz for pointing out.
1070.  
1071. -- Andrej Shadura <[email protected]> Tue, 26 Aug 2025 17:18:38 +0200
1072.  
1073. --- Changes for nextcloud-desktop (nextcloud-desktop-common nautilus-nextcloud nextcloud-desktop-l10n nextcloud-desktop libnextcloudsync0 nextcloud-desktop-doc) ---
1074. nextcloud-desktop (3.1.1-2+deb11u2) bullseye-security; urgency=medium
1075.  
1076. * Non-maintainer upload by the LTS Team.
1077. * Fix CVE-2022-39331 CVE-2022-39332 CVE-2022-39333 CVE-2022-39334
1078. CVE-2023-28997.
1079.  
1080. -- Abhijith PA <[email protected]> Fri, 08 Aug 2025 13:01:11 +0530
1081.  
1082. --- Changes for openvpn ---
1083. openvpn (2.5.1-3+deb11u2) bullseye-security; urgency=medium
1084.  
1085. * Non-maintainer upload by the LTS Security Team.
1086. * debian/patches/:
1087. - CVE-2024-5594.patch: move added function inside #if P2MP clause.
1088. - CVE-2024-5594-regression-fix.patch: cherry-pick from upstream to fix a
1089. regression introduced with CVE-2024-5594's fix. (Closes: #1112516)
1090.  
1091. -- Carlos Henrique Lima Melara <[email protected]> Sun, 24 Aug 2025 22:27:31 -0300
1092.  
1093. --- Changes for pam (libpam0g libpam-modules-bin libpam-modules libpam-runtime) ---
1094. pam (1.4.0-9+deb11u2) bullseye-security; urgency=medium
1095.  
1096. * Non Maintainer Upload by LTS team
1097. * Backport autopkgtest from bookworm
1098. * Fix CVE-2024-22365 (Closes: #1061097)
1099. A denial of service (blocked login process) was found
1100. via mkfifo because the openat call (for protect_dir)
1101. lacks O_DIRECTORY.
1102. * Fix CVE-2025-6020 (Closes: #1107919)
1103. The module pam_namespace may use access user-controlled
1104. paths without proper protection, allowing local users
1105. to elevate their privileges to root via multiple symlink
1106. attacks and race conditions.
1107.  
1108. -- Bastien Roucariès <[email protected]> Sun, 03 Aug 2025 11:06:11 +0200
1109.  
1110. --- Changes for postgresql-13 (libpq5) ---
1111. postgresql-13 (13.22-0+deb11u1) bullseye-security; urgency=medium
1112.  
1113. * New upstream version 13.22.
1114.  
1115. + Tighten security checks in planner estimation functions (Dean Rasheed)
1116.  
1117. The fix for CVE-2017-7484, plus followup fixes, intended to prevent
1118. leaky functions from being applied to statistics data for columns that
1119. the calling user does not have permission to read. Two gaps in that
1120. protection have been found. One gap applies to partitioning and
1121. inheritance hierarchies where RLS policies on the tables should restrict
1122. access to statistics data, but did not.
1123.  
1124. The other gap applies to cases where the query accesses a table via a
1125. view, and the view owner has permissions to read the underlying table
1126. but the calling user does not have permissions on the view. The view
1127. owner's permissions satisfied the security checks, and the leaky
1128. function would get applied to the underlying table's statistics before
1129. we check the calling user's permissions on the view. This has been
1130. fixed by making security checks on views occur at the start of planning.
1131. That might cause permissions failures to occur earlier than before.
1132.  
1133. The PostgreSQL Project thanks Dean Rasheed for reporting this problem.
1134. (CVE-2025-8713)
1135.  
1136. + Prevent pg_dump scripts from being used to attack the user running the
1137. restore (Nathan Bossart)
1138.  
1139. Since dump/restore operations typically involve running SQL commands as
1140. superuser, the target database installation must trust the source
1141. server. However, it does not follow that the operating system user who
1142. executes psql to perform the restore should have to trust the source
1143. server. The risk here is that an attacker who has gained
1144. superuser-level control over the source server might be able to cause it
1145. to emit text that would be interpreted as psql meta-commands. That would
1146. provide shell-level access to the restoring user's own account,
1147. independently of access to the target database.
1148.  
1149. To provide a positive guarantee that this can't happen, extend psql with
1150. a \restrict command that prevents execution of further meta-commands,
1151. and teach pg_dump to issue that before any data coming from the source
1152. server.
1153.  
1154. The PostgreSQL Project thanks Martin Rakhmanov, Matthieu Denais, and
1155. RyotaK for reporting this problem. (CVE-2025-8714)
1156.  
1157. + Convert newlines to spaces in names included in comments in pg_dump
1158. output (Noah Misch)
1159.  
1160. Object names containing newlines offered the ability to inject arbitrary
1161. SQL commands into the output script. (Without the preceding fix,
1162. injection of psql meta-commands would also be possible this way.)
1163. CVE-2012-0868 fixed this class of problem at the time, but later work
1164. reintroduced several cases.
1165.  
1166. The PostgreSQL Project thanks Noah Misch for reporting this problem.
1167. (CVE-2025-8715)
1168.  
1169. -- Christoph Berg <[email protected]> Thu, 14 Aug 2025 15:59:31 +0200
1170.  
1171. --- Changes for qemu (qemu-guest-agent qemu-system-gui qemu-system-common qemu-utils qemu-system-data qemu-block-extra qemu-system-x86) ---
1172. qemu (1:5.2+dfsg-11+deb11u5) bullseye-security; urgency=medium
1173.  
1174. * Non-maintainer upload by the LTS Security Team.
1175.  
1176. [ Michael Tokarev ]
1177. * d/binfmt-install: stop using C (Credentials) flag for binfmt_misc registration
1178.  
1179. [ Santiago Ruano Rincón ]
1180. * Fix CVE-2024-7409: denial of service (DoS) in the NBD server via improper
1181. synchronization during socket closure
1182. * Add d/salsa-ci.yml to trigger the LTS Team pipeline for bullseye
1183.  
1184. -- Santiago Ruano Rincón <[email protected]> Mon, 08 Sep 2025 18:30:23 -0300
1185.  
1186. --- Changes for signal-desktop ---
1187. signal-desktop (7.71.0) whatever; urgency=medium
1188.  
1189. * Package created with FPM.
1190.  
1191. -- Signal Messenger, LLC <[email protected]> Thu, 18 Sep 2025 13:52:37 +0000
1192.  
1193. --- Changes for systemd (libsystemd0 libudev1 systemd libnss-resolve libnss-mymachines systemd-container libpam-systemd libnss-systemd udev systemd-sysv libnss-myhostname) ---
1194. systemd (247.3-7+deb11u7) bullseye-security; urgency=medium
1195.  
1196. * Non-maintainer upload by the LTS Team.
1197. * debian/patches/:
1198. - CVE-2025-4598-{0,1,2,3,4}.patch: import and backport patches
1199. from upstream to fix CVE-2025-4598.
1200. - fix-stack-overflow-in-coredump-filter-{0,1,2}.patch: import and
1201. backport patches from upstream to fix CoredumpFilter=all overflow.
1202. * debian/salsa-ci.yml: add (E)LTS pipeline for bullseye.
1203.  
1204. -- Carlos Henrique Lima Melara <[email protected]> Wed, 25 Jun 2025 21:44:53 -0300
1205.  
1206. --- Changes for thunderbird ---
1207. thunderbird (1:128.13.0esr-1) unstable; urgency=medium
1208.  
1209. * [a05512b] New upstream version 128.13.0esr
1210. Fixed CVE issues in upstream version 128.13 (MFSA 2025-62):
1211. CVE-2025-8027: JavaScript engine only wrote partial return value to stack
1212. CVE-2025-8028: Large branch table could lead to truncated instruction
1213. CVE-2025-8029: javascript: URLs executed on object and embed tags
1214. CVE-2025-8030: Potential user-assisted code execution in "Copy as cURL"
1215. command
1216. CVE-2025-8031: Incorrect URL stripping in CSP reports
1217. CVE-2025-8032: XSLT documents could bypass CSP
1218. CVE-2025-8033: Incorrect JavaScript state machine for generators
1219. CVE-2025-8034: Memory safety bugs fixed in Firefox ESR 115.26, Firefox ESR
1220. 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1,
1221. Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141
1222. CVE-2025-8035: Memory safety bugs fixed in Firefox ESR 128.13, Thunderbird
1223. ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1,
1224. Firefox 141 and Thunderbird 141
1225.  
1226. -- Christoph Goehre <[email protected]> Thu, 24 Jul 2025 17:13:48 +0200
1227.  
1228. thunderbird (1:128.13.0esr-1~deb12u1) bookworm-security; urgency=medium
1229.  
1230. * Rebuild for bookworm-security
1231.  
1232. -- Christoph Goehre <[email protected]> Fri, 25 Jul 2025 08:00:52 +0200
1233.  
1234. thunderbird (1:128.13.0esr-1~deb11u1) bullseye-security; urgency=medium
1235.  
1236. * Rebuild for bullseye-security
1237.  
1238. -- Christoph Goehre <[email protected]> Fri, 25 Jul 2025 09:01:46 +0200
1239.  
1240. thunderbird (1:128.14.0esr-1) unstable; urgency=medium
1241.  
1242. * [4f3d4b8] New upstream version 128.14.0esr
1243. Fixed CVE issues in upstream version 128.14 (MFSA 2025-71):
1244. CVE-2025-9179: Sandbox escape due to invalid pointer in the
1245. Audio/Video: GMP component
1246. CVE-2025-9180: Same-origin policy bypass in the Graphics: Canvas2D
1247. component
1248. CVE-2025-9181: Uninitialized memory in the JavaScript Engine component
1249. CVE-2025-9185: Memory safety bugs fixed in Firefox ESR 115.27, Firefox ESR
1250. 128.14, Thunderbird ESR 128.14, Firefox ESR 140.2,
1251. Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142
1252.  
1253. -- Carsten Schoenert <[email protected]> Thu, 21 Aug 2025 17:45:12 +0200
1254.  
1255. thunderbird (1:128.14.0esr-1~deb13u1) trixie-security; urgency=medium
1256.  
1257. * Rebuild for trixie-security
1258.  
1259. -- Carsten Schoenert <[email protected]> Thu, 21 Aug 2025 18:37:18 +0200
1260.  
1261. thunderbird (1:128.14.0esr-1~deb12u1) bookworm-security; urgency=medium
1262.  
1263. * Rebuild for bookworm-security
1264.  
1265. -- Carsten Schoenert <[email protected]> Sat, 23 Aug 2025 11:11:13 +0200
1266.  
1267. thunderbird (1:128.14.0esr-1~deb11u1) bullseye-security; urgency=medium
1268.  
1269. * Rebuild for bullseye-security
1270.  
1271. -- Carsten Schoenert <[email protected]> Sat, 23 Aug 2025 12:01:37 +0200
1272.  
1273. --- Changes for brave-browser ---
1274. brave-browser (1.82.166) stable; urgency=low
1275.  
1276. * Build spec: https://github.com/brave/brave-browser/releases/tag/v1.82.166
1277. * Release Notes: https://brave.com/latest/
1278.  
1279. -- Brave Software <[email protected]> Wed, 10 Sep 2025 08:33:58 +0000
1280.  
1281. apt-listchanges: Do you want to continue? [Y/n] Y
1282. apt-listchanges: Mailing root: apt-listchanges: changelogs for tassos
1283. sendmail: account default not found: no configuration file available
1284. apt-listchanges warning: Failed to send mail to root: Command '['/usr/sbin/sendmail', '-oi', '-t']' returned non-zero exit status 78.
1285. Extracting templates from packages: 100%
1286. Preconfiguring packages ...
1287. (Reading database ... 483105 files and directories currently installed.)
1288. Preparing to unpack .../libpam0g_1.4.0-9+deb11u2_amd64.deb ...
1289. Unpacking libpam0g:amd64 (1.4.0-9+deb11u2) over (1.4.0-9+deb11u1) ...
1290. Setting up libpam0g:amd64 (1.4.0-9+deb11u2) ...
1291. (Reading database ... 483105 files and directories currently installed.)
1292. Preparing to unpack .../libpam-modules-bin_1.4.0-9+deb11u2_amd64.deb ...
1293. Unpacking libpam-modules-bin (1.4.0-9+deb11u2) over (1.4.0-9+deb11u1) ...
1294. Setting up libpam-modules-bin (1.4.0-9+deb11u2) ...
1295. (Reading database ... 483105 files and directories currently installed.)
1296. Preparing to unpack .../libpam-modules_1.4.0-9+deb11u2_amd64.deb ...
1297. Unpacking libpam-modules:amd64 (1.4.0-9+deb11u2) over (1.4.0-9+deb11u1) ...
1298. Setting up libpam-modules:amd64 (1.4.0-9+deb11u2) ...
1299. Installing new version of config file /etc/security/namespace.init ...
1300. (Reading database ... 483105 files and directories currently installed.)
1301. Preparing to unpack .../libsystemd0_247.3-7+deb11u7_amd64.deb ...
1302. Unpacking libsystemd0:amd64 (247.3-7+deb11u7) over (247.3-7+deb11u6) ...
1303. Setting up libsystemd0:amd64 (247.3-7+deb11u7) ...
1304. (Reading database ... 483105 files and directories currently installed.)
1305. Preparing to unpack .../0-libnss-resolve_247.3-7+deb11u7_amd64.deb ...
1306. Unpacking libnss-resolve:amd64 (247.3-7+deb11u7) over (247.3-7+deb11u6) ...
1307. Preparing to unpack .../1-libnss-mymachines_247.3-7+deb11u7_amd64.deb ...
1308. Unpacking libnss-mymachines:amd64 (247.3-7+deb11u7) over (247.3-7+deb11u6) ...
1309. Preparing to unpack .../2-systemd-container_247.3-7+deb11u7_amd64.deb ...
1310. Unpacking systemd-container (247.3-7+deb11u7) over (247.3-7+deb11u6) ...
1311. Preparing to unpack .../3-libpam-systemd_247.3-7+deb11u7_amd64.deb ...
1312. Unpacking libpam-systemd:amd64 (247.3-7+deb11u7) over (247.3-7+deb11u6) ...
1313. Preparing to unpack .../4-libnss-systemd_247.3-7+deb11u7_amd64.deb ...
1314. Unpacking libnss-systemd:amd64 (247.3-7+deb11u7) over (247.3-7+deb11u6) ...
1315. Preparing to unpack .../5-systemd_247.3-7+deb11u7_amd64.deb ...
1316. Unpacking systemd (247.3-7+deb11u7) over (247.3-7+deb11u6) ...
1317. Preparing to unpack .../6-udev_247.3-7+deb11u7_amd64.deb ...
1318. Unpacking udev (247.3-7+deb11u7) over (247.3-7+deb11u6) ...
1319. Preparing to unpack .../7-libudev1_247.3-7+deb11u7_amd64.deb ...
1320. Unpacking libudev1:amd64 (247.3-7+deb11u7) over (247.3-7+deb11u6) ...
1321. Setting up libudev1:amd64 (247.3-7+deb11u7) ...
1322. Setting up systemd (247.3-7+deb11u7) ...
1323. (Reading database ... 483105 files and directories currently installed.)
1324. Preparing to unpack .../systemd-sysv_247.3-7+deb11u7_amd64.deb ...
1325. Unpacking systemd-sysv (247.3-7+deb11u7) over (247.3-7+deb11u6) ...
1326. Preparing to unpack .../libpam-runtime_1.4.0-9+deb11u2_all.deb ...
1327. Unpacking libpam-runtime (1.4.0-9+deb11u2) over (1.4.0-9+deb11u1) ...
1328. Setting up libpam-runtime (1.4.0-9+deb11u2) ...
1329. (Reading database ... 483105 files and directories currently installed.)
1330. Preparing to unpack .../libunbound8_1.13.1-1+deb11u5_amd64.deb ...
1331. Unpacking libunbound8:amd64 (1.13.1-1+deb11u5) over (1.13.1-1+deb11u4) ...
1332. Preparing to unpack .../libgnutls-dane0_3.7.1-5+deb11u8_amd64.deb ...
1333. Unpacking libgnutls-dane0:amd64 (3.7.1-5+deb11u8) over (3.7.1-5+deb11u7) ...
1334. Preparing to unpack .../libgnutls30_3.7.1-5+deb11u8_amd64.deb ...
1335. Unpacking libgnutls30:amd64 (3.7.1-5+deb11u8) over (3.7.1-5+deb11u7) ...
1336. Setting up libgnutls30:amd64 (3.7.1-5+deb11u8) ...
1337. (Reading database ... 483105 files and directories currently installed.)
1338. Preparing to unpack .../00-cups-daemon_2.3.3op2-3+deb11u10_amd64.deb ...
1339. Unpacking cups-daemon (2.3.3op2-3+deb11u10) over (2.3.3op2-3+deb11u9) ...
1340. Preparing to unpack .../01-cups-ipp-utils_2.3.3op2-3+deb11u10_amd64.deb ...
1341. Unpacking cups-ipp-utils (2.3.3op2-3+deb11u10) over (2.3.3op2-3+deb11u9) ...
1342. Preparing to unpack .../02-cups-common_2.3.3op2-3+deb11u10_all.deb ...
1343. Unpacking cups-common (2.3.3op2-3+deb11u10) over (2.3.3op2-3+deb11u9) ...
1344. Preparing to unpack .../03-cups-bsd_2.3.3op2-3+deb11u10_amd64.deb ...
1345. Unpacking cups-bsd (2.3.3op2-3+deb11u10) over (2.3.3op2-3+deb11u9) ...
1346. Preparing to unpack .../04-cups-client_2.3.3op2-3+deb11u10_amd64.deb ...
1347. Unpacking cups-client (2.3.3op2-3+deb11u10) over (2.3.3op2-3+deb11u9) ...
1348. Preparing to unpack .../05-cups-core-drivers_2.3.3op2-3+deb11u10_amd64.deb ...
1349. Unpacking cups-core-drivers (2.3.3op2-3+deb11u10) over (2.3.3op2-3+deb11u9) ...
1350. Preparing to unpack .../06-cups-ppdc_2.3.3op2-3+deb11u10_amd64.deb ...
1351. Unpacking cups-ppdc (2.3.3op2-3+deb11u10) over (2.3.3op2-3+deb11u9) ...
1352. Preparing to unpack .../07-cups-server-common_2.3.3op2-3+deb11u10_all.deb ...
1353. Unpacking cups-server-common (2.3.3op2-3+deb11u10) over (2.3.3op2-3+deb11u9) ...
1354. Preparing to unpack .../08-cups_2.3.3op2-3+deb11u10_amd64.deb ...
1355. Unpacking cups (2.3.3op2-3+deb11u10) over (2.3.3op2-3+deb11u9) ...
1356. Preparing to unpack .../09-libcupsimage2_2.3.3op2-3+deb11u10_amd64.deb ...
1357. Unpacking libcupsimage2:amd64 (2.3.3op2-3+deb11u10) over (2.3.3op2-3+deb11u9) ...
1358. Preparing to unpack .../10-libcups2_2.3.3op2-3+deb11u10_amd64.deb ...
1359. Unpacking libcups2:amd64 (2.3.3op2-3+deb11u10) over (2.3.3op2-3+deb11u9) ...
1360. Preparing to unpack .../11-brave-keyring_1.19_all.deb ...
1361. Unpacking brave-keyring (1.19) over (1.18) ...
1362. Preparing to unpack .../12-brave-browser_1.82.166_amd64.deb ...
1363. Unpacking brave-browser (1.82.166) over (1.80.120) ...
1364. Preparing to unpack .../13-element-desktop_1.12.0_amd64.deb ...
1365. Unpacking element-desktop (1.12.0) over (1.11.105) ...
1366. Preparing to unpack .../14-libxml2_2.9.10+dfsg-6.7+deb11u8_amd64.deb ...
1367. Unpacking libxml2:amd64 (2.9.10+dfsg-6.7+deb11u8) over (2.9.10+dfsg-6.7+deb11u7) ...
1368. Preparing to unpack .../15-libimage-magick-q16-perl_8%3a6.9.11.60+dfsg-1.3+deb11u6_amd64.deb ...
1369. Unpacking libimage-magick-q16-perl (8:6.9.11.60+dfsg-1.3+deb11u6) over (8:6.9.11.60+dfsg-1.3+deb11u5) ...
1370. Preparing to unpack .../16-libimage-magick-perl_8%3a6.9.11.60+dfsg-1.3+deb11u6_all.deb ...
1371. Unpacking libimage-magick-perl (8:6.9.11.60+dfsg-1.3+deb11u6) over (8:6.9.11.60+dfsg-1.3+deb11u5) ...
1372. Preparing to unpack .../17-imagemagick-6-common_8%3a6.9.11.60+dfsg-1.3+deb11u6_all.deb ...
1373. Unpacking imagemagick-6-common (8:6.9.11.60+dfsg-1.3+deb11u6) over (8:6.9.11.60+dfsg-1.3+deb11u5) ...
1374. Preparing to unpack .../18-libmagickcore-6.q16-6_8%3a6.9.11.60+dfsg-1.3+deb11u6_amd64.deb ...
1375. Unpacking libmagickcore-6.q16-6:amd64 (8:6.9.11.60+dfsg-1.3+deb11u6) over (8:6.9.11.60+dfsg-1.3+deb11u5) .
1376. ..
1377. Preparing to unpack .../19-libmagickwand-6.q16-6_8%3a6.9.11.60+dfsg-1.3+deb11u6_amd64.deb ...
1378. Unpacking libmagickwand-6.q16-6:amd64 (8:6.9.11.60+dfsg-1.3+deb11u6) over (8:6.9.11.60+dfsg-1.3+deb11u5) .
1379. ..
1380. Preparing to unpack .../20-qemu-guest-agent_1%3a5.2+dfsg-11+deb11u5_amd64.deb ...
1381. Unpacking qemu-guest-agent (1:5.2+dfsg-11+deb11u5) over (1:5.2+dfsg-11+deb11u4) ...
1382. Preparing to unpack .../21-apache2-bin_2.4.65-1~deb11u1_amd64.deb ...
1383. Unpacking apache2-bin (2.4.65-1~deb11u1) over (2.4.62-1~deb11u2) ...
1384. Preparing to unpack .../22-ca-certificates-java_20230710~deb12u1~deb11u1_all.deb ...
1385. Unpacking ca-certificates-java (20230710~deb12u1~deb11u1) over (20190909+deb11u1) ...
1386. Preparing to unpack .../23-distro-info-data_0.51+deb11u9_all.deb ...
1387. Unpacking distro-info-data (0.51+deb11u9) over (0.51+deb11u8) ...
1388. Preparing to unpack .../24-firefox-esr_140.3.0esr-1~deb11u2_amd64.deb ...
1389. Leaving 'diversion of /usr/bin/firefox to /usr/bin/firefox.real by firefox-esr'
1390. Unpacking firefox-esr (140.3.0esr-1~deb11u2) over (128.12.0esr-1~deb11u1) ...
1391. Preparing to unpack .../25-webkit2gtk-driver_2.48.5-1~deb11u1_amd64.deb ...
1392. Unpacking webkit2gtk-driver (2.48.5-1~deb11u1) over (2.48.3-1~deb11u1) ...
1393. Preparing to unpack .../26-gir1.2-webkit2-4.0_2.48.5-1~deb11u1_amd64.deb ...
1394. Unpacking gir1.2-webkit2-4.0:amd64 (2.48.5-1~deb11u1) over (2.48.3-1~deb11u1) ...
1395. Preparing to unpack .../27-gir1.2-javascriptcoregtk-4.0_2.48.5-1~deb11u1_amd64.deb ...
1396. Unpacking gir1.2-javascriptcoregtk-4.0:amd64 (2.48.5-1~deb11u1) over (2.48.3-1~deb11u1) ...
1397. Preparing to unpack .../28-libwebkit2gtk-4.0-37_2.48.5-1~deb11u1_amd64.deb ...
1398. Unpacking libwebkit2gtk-4.0-37:amd64 (2.48.5-1~deb11u1) over (2.48.3-1~deb11u1) ...
1399. Preparing to unpack .../29-libjavascriptcoregtk-4.0-18_2.48.5-1~deb11u1_amd64.deb ...
1400. Unpacking libjavascriptcoregtk-4.0-18:amd64 (2.48.5-1~deb11u1) over (2.48.3-1~deb11u1) ...
1401. Preparing to unpack .../30-gnutls-bin_3.7.1-5+deb11u8_amd64.deb ...
1402. Unpacking gnutls-bin (3.7.1-5+deb11u8) over (3.7.1-5+deb11u7) ...
1403. Preparing to unpack .../31-imagemagick-6.q16_8%3a6.9.11.60+dfsg-1.3+deb11u6_amd64.deb ...
1404. Unpacking imagemagick-6.q16 (8:6.9.11.60+dfsg-1.3+deb11u6) over (8:6.9.11.60+dfsg-1.3+deb11u5) ...
1405. Preparing to unpack .../32-imagemagick_8%3a6.9.11.60+dfsg-1.3+deb11u6_amd64.deb ...
1406. Unpacking imagemagick (8:6.9.11.60+dfsg-1.3+deb11u6) over (8:6.9.11.60+dfsg-1.3+deb11u5) ...
1407. Preparing to unpack .../33-jq_1.6-2.1+deb11u1_amd64.deb ...
1408. Unpacking jq (1.6-2.1+deb11u1) over (1.6-2.1) ...
1409. Preparing to unpack .../34-libjq1_1.6-2.1+deb11u1_amd64.deb ...
1410. Unpacking libjq1:amd64 (1.6-2.1+deb11u1) over (1.6-2.1) ...
1411. Preparing to unpack .../35-libcaca0_0.99.beta19-2.2+deb11u1_amd64.deb ...
1412. Unpacking libcaca0:amd64 (0.99.beta19-2.2+deb11u1) over (0.99.beta19-2.2) ...
1413. Preparing to unpack .../36-libcommons-lang3-java_3.11-1+deb11u1_all.deb ...
1414. Unpacking libcommons-lang3-java (3.11-1+deb11u1) over (3.11-1) ...
1415. Preparing to unpack .../37-libdjvulibre-text_3.5.28-2.2~deb11u1_all.deb ...
1416. Unpacking libdjvulibre-text (3.5.28-2.2~deb11u1) over (3.5.28-2) ...
1417. Preparing to unpack .../38-libdjvulibre21_3.5.28-2.2~deb11u1_amd64.deb ...
1418. Unpacking libdjvulibre21:amd64 (3.5.28-2.2~deb11u1) over (3.5.28-2) ...
1419. Preparing to unpack .../39-libexempi8_2.5.2-1+deb11u1_amd64.deb ...
1420. Unpacking libexempi8:amd64 (2.5.2-1+deb11u1) over (2.5.2-1) ...
1421. Preparing to unpack .../40-libfastjson4_0.99.9-1+deb11u1_amd64.deb ...
1422. Unpacking libfastjson4:amd64 (0.99.9-1+deb11u1) over (0.99.9-1) ...
1423. Preparing to unpack .../41-libmagick++-6.q16-8_8%3a6.9.11.60+dfsg-1.3+deb11u6_amd64.deb ...
1424. Unpacking libmagick++-6.q16-8:amd64 (8:6.9.11.60+dfsg-1.3+deb11u6) over (8:6.9.11.60+dfsg-1.3+deb11u5) ...
1425. Preparing to unpack .../42-libmagickcore-6.q16-6-extra_8%3a6.9.11.60+dfsg-1.3+deb11u6_amd64.deb ...
1426. Unpacking libmagickcore-6.q16-6-extra:amd64 (8:6.9.11.60+dfsg-1.3+deb11u6) over (8:6.9.11.60+dfsg-1.3+deb1
1427. 1u5) ...
1428. Preparing to unpack .../43-libmbedcrypto3_2.16.9-0.1+deb11u3_amd64.deb ...
1429. Unpacking libmbedcrypto3:amd64 (2.16.9-0.1+deb11u3) over (2.16.9-0.1+deb11u1) ...
1430. Preparing to unpack .../44-libmbedx509-0_2.16.9-0.1+deb11u3_amd64.deb ...
1431. Unpacking libmbedx509-0:amd64 (2.16.9-0.1+deb11u3) over (2.16.9-0.1+deb11u1) ...
1432. Preparing to unpack .../45-libmbedtls12_2.16.9-0.1+deb11u3_amd64.deb ...
1433. Unpacking libmbedtls12:amd64 (2.16.9-0.1+deb11u3) over (2.16.9-0.1+deb11u1) ...
1434. Preparing to unpack .../46-nextcloud-desktop-common_3.1.1-2+deb11u2_all.deb ...
1435. Unpacking nextcloud-desktop-common (3.1.1-2+deb11u2) over (3.1.1-2+deb11u1) ...
1436. Preparing to unpack .../47-nautilus-nextcloud_3.1.1-2+deb11u2_all.deb ...
1437. Unpacking nautilus-nextcloud (3.1.1-2+deb11u2) over (3.1.1-2+deb11u1) ...
1438. Preparing to unpack .../48-nextcloud-desktop-l10n_3.1.1-2+deb11u2_all.deb ...
1439. Unpacking nextcloud-desktop-l10n (3.1.1-2+deb11u2) over (3.1.1-2+deb11u1) ...
1440. Preparing to unpack .../49-nextcloud-desktop_3.1.1-2+deb11u2_amd64.deb ...
1441. Unpacking nextcloud-desktop (3.1.1-2+deb11u2) over (3.1.1-2+deb11u1) ...
1442. Preparing to unpack .../50-libnextcloudsync0_3.1.1-2+deb11u2_amd64.deb ...
1443. Unpacking libnextcloudsync0:amd64 (3.1.1-2+deb11u2) over (3.1.1-2+deb11u1) ...
1444. Preparing to unpack .../51-libnss-myhostname_247.3-7+deb11u7_amd64.deb ...
1445. Unpacking libnss-myhostname:amd64 (247.3-7+deb11u7) over (247.3-7+deb11u6) ...
1446. Preparing to unpack .../52-libpq5_13.22-0+deb11u1_amd64.deb ...
1447. Unpacking libpq5:amd64 (13.22-0+deb11u1) over (13.21-0+deb11u1) ...
1448. Preparing to unpack .../53-libsndfile1_1.0.31-2+deb11u1_amd64.deb ...
1449. Unpacking libsndfile1:amd64 (1.0.31-2+deb11u1) over (1.0.31-2) ...
1450. Preparing to unpack .../54-libudisks2-0_2.9.2-2+deb11u3_amd64.deb ...
1451. Unpacking libudisks2-0:amd64 (2.9.2-2+deb11u3) over (2.9.2-2+deb11u2) ...
1452. Preparing to unpack .../55-libxml2-utils_2.9.10+dfsg-6.7+deb11u8_amd64.deb ...
1453. Unpacking libxml2-utils (2.9.10+dfsg-6.7+deb11u8) over (2.9.10+dfsg-6.7+deb11u7) ...
1454. Preparing to unpack .../56-nextcloud-desktop-doc_3.1.1-2+deb11u2_all.deb ...
1455. Unpacking nextcloud-desktop-doc (3.1.1-2+deb11u2) over (3.1.1-2+deb11u1) ...
1456. Preparing to unpack .../57-openjdk-11-jdk_11.0.28+6-1~deb11u1_amd64.deb ...
1457. Unpacking openjdk-11-jdk:amd64 (11.0.28+6-1~deb11u1) over (11.0.27+6-1~deb11u1) ...
1458. Preparing to unpack .../58-openjdk-11-jdk-headless_11.0.28+6-1~deb11u1_amd64.deb ...
1459. Unpacking openjdk-11-jdk-headless:amd64 (11.0.28+6-1~deb11u1) over (11.0.27+6-1~deb11u1) ...
1460. Preparing to unpack .../59-openjdk-11-jre_11.0.28+6-1~deb11u1_amd64.deb ...
1461. Unpacking openjdk-11-jre:amd64 (11.0.28+6-1~deb11u1) over (11.0.27+6-1~deb11u1) ...
1462. Preparing to unpack .../60-openjdk-11-jre-headless_11.0.28+6-1~deb11u1_amd64.deb ...
1463. Unpacking openjdk-11-jre-headless:amd64 (11.0.28+6-1~deb11u1) over (11.0.27+6-1~deb11u1) ...
1464. Preparing to unpack .../61-openvpn_2.5.1-3+deb11u2_amd64.deb ...
1465. Unpacking openvpn (2.5.1-3+deb11u2) over (2.5.1-3+deb11u1) ...
1466. Preparing to unpack .../62-python3-libxml2_2.9.10+dfsg-6.7+deb11u8_amd64.deb ...
1467. Unpacking python3-libxml2:amd64 (2.9.10+dfsg-6.7+deb11u8) over (2.9.10+dfsg-6.7+deb11u7) ...
1468. Preparing to unpack .../63-qemu-system-gui_1%3a5.2+dfsg-11+deb11u5_amd64.deb ...
1469. Unpacking qemu-system-gui:amd64 (1:5.2+dfsg-11+deb11u5) over (1:5.2+dfsg-11+deb11u4) ...
1470. Preparing to unpack .../64-qemu-system-common_1%3a5.2+dfsg-11+deb11u5_amd64.deb ...
1471. Unpacking qemu-system-common (1:5.2+dfsg-11+deb11u5) over (1:5.2+dfsg-11+deb11u4) ...
1472. Preparing to unpack .../65-qemu-utils_1%3a5.2+dfsg-11+deb11u5_amd64.deb ...
1473. Unpacking qemu-utils (1:5.2+dfsg-11+deb11u5) over (1:5.2+dfsg-11+deb11u4) ...
1474. Preparing to unpack .../66-qemu-system-data_1%3a5.2+dfsg-11+deb11u5_all.deb ...
1475. Unpacking qemu-system-data (1:5.2+dfsg-11+deb11u5) over (1:5.2+dfsg-11+deb11u4) ...
1476. Preparing to unpack .../67-qemu-block-extra_1%3a5.2+dfsg-11+deb11u5_amd64.deb ...
1477. Unpacking qemu-block-extra (1:5.2+dfsg-11+deb11u5) over (1:5.2+dfsg-11+deb11u4) ...
1478. Preparing to unpack .../68-qemu-system-x86_1%3a5.2+dfsg-11+deb11u5_amd64.deb ...
1479. Unpacking qemu-system-x86 (1:5.2+dfsg-11+deb11u5) over (1:5.2+dfsg-11+deb11u4) ...
1480. Preparing to unpack .../69-signal-desktop_7.71.0_amd64.deb ...
1481. Unpacking signal-desktop (7.71.0) over (7.61.0) ...
1482. Preparing to unpack .../70-slack-desktop_4.46.96_amd64.deb ...
1483. Unpacking slack-desktop (4.46.96) over (4.43.52) ...
1484. Preparing to unpack .../71-thunderbird_1%3a128.14.0esr-1~deb11u1_amd64.deb ...
1485. Unpacking thunderbird (1:128.14.0esr-1~deb11u1) over (1:128.12.0esr-1~deb11u1) ...
1486. Preparing to unpack .../72-udisks2_2.9.2-2+deb11u3_amd64.deb ...
1487. Unpacking udisks2 (2.9.2-2+deb11u3) over (2.9.2-2+deb11u2) ...
1488. Preparing to unpack .../73-vault_1.20.3-1_amd64.deb ...
1489. Unpacking vault (1.20.3-1) over (1.20.0-1) ...
1490. Preparing to unpack .../74-wireless-regdb_2025.07.10-1~deb11u1_all.deb ...
1491. Unpacking wireless-regdb (2025.07.10-1~deb11u1) over (2025.02.20-1~deb11u1) ...
1492. Setting up systemd-sysv (247.3-7+deb11u7) ...
1493. Setting up imagemagick-6-common (8:6.9.11.60+dfsg-1.3+deb11u6) ...
1494. Setting up qemu-system-common (1:5.2+dfsg-11+deb11u5) ...
1495. Setting up openvpn (2.5.1-3+deb11u2) ...
1496. Setting up nextcloud-desktop-common (3.1.1-2+deb11u2) ...
1497. Setting up libcaca0:amd64 (0.99.beta19-2.2+deb11u1) ...
1498. Setting up cups-server-common (2.3.3op2-3+deb11u10) ...
1499. Setting up libjq1:amd64 (1.6-2.1+deb11u1) ...
1500. Setting up distro-info-data (0.51+deb11u9) ...
1501. Setting up libfastjson4:amd64 (0.99.9-1+deb11u1) ...
1502. Setting up cups-common (2.3.3op2-3+deb11u10) ...
1503. Setting up wireless-regdb (2025.07.10-1~deb11u1) ...
1504. Setting up qemu-guest-agent (1:5.2+dfsg-11+deb11u5) ...
1505. Setting up element-desktop (1.12.0) ...
1506. update-alternatives is /usr/bin/update-alternatives
1507. Skipping the installation of the AppArmor profile as this version of AppArmor does not seem to support the
1508. bundled profile
1509. Setting up libpq5:amd64 (13.22-0+deb11u1) ...
1510. Setting up libjavascriptcoregtk-4.0-18:amd64 (2.48.5-1~deb11u1) ...
1511. Setting up libexempi8:amd64 (2.5.2-1+deb11u1) ...
1512. Setting up libnss-systemd:amd64 (247.3-7+deb11u7) ...
1513. Setting up gir1.2-javascriptcoregtk-4.0:amd64 (2.48.5-1~deb11u1) ...
1514. Setting up brave-keyring (1.19) ...
1515. Setting up vault (1.20.3-1) ...
1516. Vault TLS key and certificate already exist. Exiting.
1517. Setting up libunbound8:amd64 (1.13.1-1+deb11u5) ...
1518. Setting up udev (247.3-7+deb11u7) ...
1519. Setting up libnss-myhostname:amd64 (247.3-7+deb11u7) ...
1520. Setting up qemu-system-data (1:5.2+dfsg-11+deb11u5) ...
1521. Setting up libcommons-lang3-java (3.11-1+deb11u1) ...
1522. Setting up signal-desktop (7.71.0) ...
1523. update-alternatives is /usr/bin/update-alternatives
1524. Skipping the installation of the AppArmor profile as this version of AppArmor does not seem to support the
1525. bundled profile
1526. Setting up libcups2:amd64 (2.3.3op2-3+deb11u10) ...
1527. Setting up systemd-container (247.3-7+deb11u7) ...
1528. Setting up brave-browser (1.82.166) ...
1529. Setting up jq (1.6-2.1+deb11u1) ...
1530. Setting up libpam-systemd:amd64 (247.3-7+deb11u7) ...
1531. Setting up libmbedcrypto3:amd64 (2.16.9-0.1+deb11u3) ...
1532. Setting up thunderbird (1:128.14.0esr-1~deb11u1) ...
1533. Skipping profile in /etc/apparmor.d/disable: usr.bin.thunderbird
1534. Setting up libsndfile1:amd64 (1.0.31-2+deb11u1) ...
1535. Setting up libdjvulibre-text (3.5.28-2.2~deb11u1) ...
1536. Setting up qemu-utils (1:5.2+dfsg-11+deb11u5) ...
1537. Setting up ca-certificates-java (20230710~deb12u1~deb11u1) ...
1538. Installing new version of config file /etc/ca-certificates/update.d/jks-keystore ...
1539.  
1540. Warning:
1541. <debian:legacy.pem> uses a 1024-bit RSA key which is considered a security risk. This key size will be dis
1542. abled in a future update.
1543. Removing debian:indra-corp-v2.pem
1544. Removing debian:indra-root-v2.pem
1545. Removing debian:ssl-cert-snakeoil.pem
1546. Replacing debian:2015-IT-Root-CA.pem
1547. Replacing debian:2015-RH-IT-Root-CA.pem.pem
1548. Replacing debian:2022-cross-signed-chain.pem
1549. Replacing debian:2022-IT-Root-CA.pem
1550. Replacing debian:2022-IT-Root-CA.pem.pem
1551. Replacing debian:2022-IT-Root-CA-signedby-2015.pem
1552. Replacing debian:2022-self-signed-chain.pem
1553. Replacing debian:2023-IT-IAM-Operational-CA.pem
1554. Replacing debian:ACCVRAIZ1.pem
1555. Replacing debian:AC_RAIZ_FNMT-RCM.pem
1556. Replacing debian:Actalis_Authentication_Root_CA.pem
1557. Replacing debian:AffirmTrust_Commercial.pem
1558. Replacing debian:AffirmTrust_Networking.pem
1559. Replacing debian:AffirmTrust_Premium_ECC.pem
1560. Replacing debian:AffirmTrust_Premium.pem
1561. Replacing debian:Amazon_Root_CA_1.pem
1562. Replacing debian:Amazon_Root_CA_2.pem
1563. Replacing debian:Amazon_Root_CA_3.pem
1564. Replacing debian:Amazon_Root_CA_4.pem
1565. Replacing debian:Atos_TrustedRoot_2011.pem
1566. Replacing debian:Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.pem
1567. Replacing debian:aws-minsait.pem
1568. Replacing debian:Baltimore_CyberTrust_Root.pem
1569. Replacing debian:Buypass_Class_2_Root_CA.pem
1570. Replacing debian:Buypass_Class_3_Root_CA.pem
1571. Replacing debian:ca-aws-indra.pem
1572. Replacing debian:CA_Disig_Root_R2.pem
1573. Replacing debian:certificate-aws-indra.pem
1574. Replacing debian:Certigna.pem
1575. Replacing debian:Certigna_Root_CA.pem
1576. Replacing debian:certSIGN_Root_CA_G2.pem
1577. Replacing debian:certSIGN_ROOT_CA.pem
1578. Replacing debian:Certum_Trusted_Network_CA_2.pem
1579. Replacing debian:Certum_Trusted_Network_CA.pem
1580. Replacing debian:CFCA_EV_ROOT.pem
1581. Replacing debian:Chambers_of_Commerce_Root_-_2008.pem
1582. Replacing debian:Comodo_AAA_Services_root.pem
1583. Replacing debian:COMODO_Certification_Authority.pem
1584. Replacing debian:COMODO_ECC_Certification_Authority.pem
1585. Replacing debian:COMODO_RSA_Certification_Authority.pem
1586. Replacing debian:Current-IT-Root-CAs.pem
1587. Replacing debian:Cybertrust_Global_Root.pem
1588. Replacing debian:DigiCert_Assured_ID_Root_CA.pem
1589. Replacing debian:DigiCert_Assured_ID_Root_G2.pem
1590. Replacing debian:DigiCert_Assured_ID_Root_G3.pem
1591. Replacing debian:DigiCert_Global_Root_CA.pem
1592. Replacing debian:DigiCert_Global_Root_G2.pem
1593. Replacing debian:DigiCert_Global_Root_G3.pem
1594. Replacing debian:DigiCert_High_Assurance_EV_Root_CA.pem
1595. Replacing debian:DigiCert_Trusted_Root_G4.pem
1596. Replacing debian:DST_Root_CA_X3.pem
1597. Replacing debian:D-TRUST_Root_Class_3_CA_2_2009.pem
1598. Replacing debian:D-TRUST_Root_Class_3_CA_2_EV_2009.pem
1599. Replacing debian:EC-ACC.pem
1600. Replacing debian:emSign_ECC_Root_CA_-_C3.pem
1601. Replacing debian:emSign_ECC_Root_CA_-_G3.pem
1602. Replacing debian:emSign_Root_CA_-_C1.pem
1603. Replacing debian:emSign_Root_CA_-_G1.pem
1604. Replacing debian:Eng-CA.pem
1605. Replacing debian:Entrust.net_Premium_2048_Secure_Server_CA.pem
1606. Replacing debian:Entrust_Root_Certification_Authority_-_EC1.pem
1607. Replacing debian:Entrust_Root_Certification_Authority_-_G2.pem
1608. Replacing debian:Entrust_Root_Certification_Authority_-_G4.pem
1609. Replacing debian:Entrust_Root_Certification_Authority.pem
1610. Replacing debian:ePKI_Root_Certification_Authority.pem
1611. Replacing debian:e-Szigno_Root_CA_2017.pem
1612. Replacing debian:E-Tugra_Certification_Authority.pem
1613. Replacing debian:GDCA_TrustAUTH_R5_ROOT.pem
1614. Replacing debian:GeoTrust_Primary_Certification_Authority_-_G2.pem
1615. Replacing debian:Global_Chambersign_Root_-_2008.pem
1616. Replacing debian:GlobalSign_ECC_Root_CA_-_R4.pem
1617. Replacing debian:GlobalSign_ECC_Root_CA_-_R5.pem
1618. Replacing debian:GlobalSign_Root_CA.pem
1619. Replacing debian:GlobalSign_Root_CA_-_R2.pem
1620. Replacing debian:GlobalSign_Root_CA_-_R3.pem
1621. Replacing debian:GlobalSign_Root_CA_-_R6.pem
1622. Replacing debian:Go_Daddy_Class_2_CA.pem
1623. Replacing debian:Go_Daddy_Root_Certificate_Authority_-_G2.pem
1624. Replacing debian:GTS_Root_R1.pem
1625. Replacing debian:GTS_Root_R2.pem
1626. Replacing debian:GTS_Root_R3.pem
1627. Replacing debian:GTS_Root_R4.pem
1628. Replacing debian:Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.pem
1629. Replacing debian:Hellenic_Academic_and_Research_Institutions_RootCA_2011.pem
1630. Replacing debian:Hellenic_Academic_and_Research_Institutions_RootCA_2015.pem
1631. Replacing debian:Hongkong_Post_Root_CA_1.pem
1632. Replacing debian:Hongkong_Post_Root_CA_3.pem
1633. Replacing debian:IdenTrust_Commercial_Root_CA_1.pem
1634. Replacing debian:IdenTrust_Public_Sector_Root_CA_1.pem
1635. Replacing debian:indra-corp-v2.plain.pem
1636. Replacing debian:indra-root-v2.plain.pem
1637. Replacing debian:ISRG_Root_X1.pem
1638. Replacing debian:Izenpe.com.pem
1639. Replacing debian:legacy.pem
1640. Replacing debian:Microsec_e-Szigno_Root_CA_2009.pem
1641. Replacing debian:Microsoft_ECC_Root_Certificate_Authority_2017.pem
1642. Replacing debian:Microsoft_RSA_Root_Certificate_Authority_2017.pem
1643. Replacing debian:mtls-ca-validators.pem
1644. Replacing debian:NAVER_Global_Root_Certification_Authority.pem
1645. Replacing debian:NetLock_Arany_=Class_Gold=_Főtanúsítvány.pem
1646. Replacing debian:Network_Solutions_Certificate_Authority.pem
1647. Replacing debian:OISTE_WISeKey_Global_Root_GB_CA.pem
1648. Replacing debian:OISTE_WISeKey_Global_Root_GC_CA.pem
1649. Replacing debian:QuoVadis_Root_CA_1_G3.pem
1650. Replacing debian:QuoVadis_Root_CA_2_G3.pem
1651. Replacing debian:QuoVadis_Root_CA_2.pem
1652. Replacing debian:QuoVadis_Root_CA_3_G3.pem
1653. Replacing debian:QuoVadis_Root_CA_3.pem
1654. Replacing debian:QuoVadis_Root_CA.pem
1655. Replacing debian:redhat-uep.pem
1656. Replacing debian:rhcs-ca-chain-2015.pem
1657. Replacing debian:RH-IT-Root-CA.pem
1658. Replacing debian:RH_ITW.pem
1659. Replacing debian:rootCABundle_EU-Lisa.pem
1660. Replacing debian:Secure_Global_CA.pem
1661. Replacing debian:SecureSign_RootCA11.pem
1662. Replacing debian:SecureTrust_CA.pem
1663. Replacing debian:Security_Communication_RootCA2.pem
1664. Replacing debian:Security_Communication_Root_CA.pem
1665. Replacing debian:Sonera_Class_2_Root_CA.pem
1666. Replacing debian:SSL.com_EV_Root_Certification_Authority_ECC.pem
1667. Replacing debian:SSL.com_EV_Root_Certification_Authority_RSA_R2.pem
1668. Replacing debian:SSL.com_Root_Certification_Authority_ECC.pem
1669. Replacing debian:SSL.com_Root_Certification_Authority_RSA.pem
1670. Replacing debian:Staat_der_Nederlanden_EV_Root_CA.pem
1671. Replacing debian:Staat_der_Nederlanden_Root_CA_-_G3.pem
1672. Replacing debian:Starfield_Class_2_CA.pem
1673. Replacing debian:Starfield_Root_Certificate_Authority_-_G2.pem
1674. Replacing debian:Starfield_Services_Root_Certificate_Authority_-_G2.pem
1675. Replacing debian:SwissSign_Gold_CA_-_G2.pem
1676. Replacing debian:SwissSign_Silver_CA_-_G2.pem
1677. Replacing debian:SZAFIR_ROOT_CA2.pem
1678. Replacing debian:TeliaSonera_Root_CA_v1.pem
1679. Replacing debian:TrustCor_ECA-1.pem
1680. Replacing debian:TrustCor_RootCert_CA-1.pem
1681. Replacing debian:TrustCor_RootCert_CA-2.pem
1682. Replacing debian:Trustis_FPS_Root_CA.pem
1683. Replacing debian:Trustwave_Global_Certification_Authority.pem
1684. Replacing debian:Trustwave_Global_ECC_P256_Certification_Authority.pem
1685. Replacing debian:Trustwave_Global_ECC_P384_Certification_Authority.pem
1686. Replacing debian:T-TeleSec_GlobalRoot_Class_2.pem
1687. Replacing debian:T-TeleSec_GlobalRoot_Class_3.pem
1688. Replacing debian:TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.pem
1689. Replacing debian:TWCA_Global_Root_CA.pem
1690. Replacing debian:TWCA_Root_Certification_Authority.pem
1691. Replacing debian:UCA_Extended_Validation_Root.pem
1692. Replacing debian:UCA_Global_G2_Root.pem
1693. Replacing debian:USERTrust_ECC_Certification_Authority.pem
1694. Replacing debian:USERTrust_RSA_Certification_Authority.pem
1695. Replacing debian:VeriSign_Universal_Root_Certification_Authority.pem
1696. Replacing debian:win-intermediate-ca.cer.pem
1697. Replacing debian:XRamp_Global_CA_Root.pem
1698. done.
1699. Setting up slack-desktop (4.46.96) ...
1700. Setting up nextcloud-desktop-l10n (3.1.1-2+deb11u2) ...
1701. Setting up libnss-resolve:amd64 (247.3-7+deb11u7) ...
1702. Setting up libxml2:amd64 (2.9.10+dfsg-6.7+deb11u8) ...
1703. Setting up firefox-esr (140.3.0esr-1~deb11u2) ...
1704. Setting up libnextcloudsync0:amd64 (3.1.1-2+deb11u2) ...
1705. Setting up nextcloud-desktop-doc (3.1.1-2+deb11u2) ...
1706. Setting up libudisks2-0:amd64 (2.9.2-2+deb11u3) ...
1707. Setting up cups-ipp-utils (2.3.3op2-3+deb11u10) ...
1708. Setting up udisks2 (2.9.2-2+deb11u3) ...
1709. Setting up cups-ppdc (2.3.3op2-3+deb11u10) ...
1710. Setting up libgnutls-dane0:amd64 (3.7.1-5+deb11u8) ...
1711. Setting up libmbedx509-0:amd64 (2.16.9-0.1+deb11u3) ...
1712. Setting up libmbedtls12:amd64 (2.16.9-0.1+deb11u3) ...
1713. Setting up libdjvulibre21:amd64 (3.5.28-2.2~deb11u1) ...
1714. Setting up qemu-system-x86 (1:5.2+dfsg-11+deb11u5) ...
1715. Setting up apache2-bin (2.4.65-1~deb11u1) ...
1716. Setting up cups-client (2.3.3op2-3+deb11u10) ...
1717. Setting up libcupsimage2:amd64 (2.3.3op2-3+deb11u10) ...
1718. Setting up python3-libxml2:amd64 (2.9.10+dfsg-6.7+deb11u8) ...
1719. Setting up libmagickcore-6.q16-6:amd64 (8:6.9.11.60+dfsg-1.3+deb11u6) ...
1720. Setting up libnss-mymachines:amd64 (247.3-7+deb11u7) ...
1721. Setting up cups-daemon (2.3.3op2-3+deb11u10) ...
1722. Setting up nextcloud-desktop (3.1.1-2+deb11u2) ...
1723. Setting up libwebkit2gtk-4.0-37:amd64 (2.48.5-1~deb11u1) ...
1724. Setting up nautilus-nextcloud (3.1.1-2+deb11u2) ...
1725. Setting up libmagickwand-6.q16-6:amd64 (8:6.9.11.60+dfsg-1.3+deb11u6) ...
1726. Setting up libxml2-utils (2.9.10+dfsg-6.7+deb11u8) ...
1727. Setting up libmagick++-6.q16-8:amd64 (8:6.9.11.60+dfsg-1.3+deb11u6) ...
1728. Setting up qemu-block-extra (1:5.2+dfsg-11+deb11u5) ...
1729. Setting up gnutls-bin (3.7.1-5+deb11u8) ...
1730. Setting up cups-core-drivers (2.3.3op2-3+deb11u10) ...
1731. Setting up gir1.2-webkit2-4.0:amd64 (2.48.5-1~deb11u1) ...
1732. Setting up cups (2.3.3op2-3+deb11u10) ...
1733. Updating PPD files for cups ...
1734. Setting up libmagickcore-6.q16-6-extra:amd64 (8:6.9.11.60+dfsg-1.3+deb11u6) ...
1735. Setting up libimage-magick-q16-perl (8:6.9.11.60+dfsg-1.3+deb11u6) ...
1736. Setting up cups-bsd (2.3.3op2-3+deb11u10) ...
1737. Setting up qemu-system-gui:amd64 (1:5.2+dfsg-11+deb11u5) ...
1738. Setting up webkit2gtk-driver (2.48.5-1~deb11u1) ...
1739. Setting up imagemagick-6.q16 (8:6.9.11.60+dfsg-1.3+deb11u6) ...
1740. Setting up libimage-magick-perl (8:6.9.11.60+dfsg-1.3+deb11u6) ...
1741. Setting up imagemagick (8:6.9.11.60+dfsg-1.3+deb11u6) ...
1742. Processing triggers for man-db (2.9.4-2) ...
1743. Processing triggers for ca-certificates (20210119) ...
1744. Updating certificates in /etc/ssl/certs...
1745. rehash: warning: skipping duplicate certificate in 2023-IT-IAM-Operational-CA.pem
1746. rehash: warning: skipping rhcs-ca-chain-2015.pem,it does not contain exactly one certificate or CRL
1747. rehash: warning: skipping Eng-CA.pem,it does not contain exactly one certificate or CRL
1748. rehash: warning: skipping duplicate certificate in 2015-RH-IT-Root-CA.pem.pem
1749. rehash: warning: skipping Current-IT-Root-CAs.pem,it does not contain exactly one certificate or CRL
1750. rehash: warning: skipping duplicate certificate in 2022-IT-Root-CA.pem.pem
1751. rehash: warning: skipping duplicate certificate in RH-IT-Root-CA.pem
1752. rehash: warning: skipping duplicate certificate in 2022-cross-signed-chain.pem
1753. rehash: warning: skipping mtls-ca-validators.pem,it does not contain exactly one certificate or CRL
1754. rehash: warning: skipping duplicate certificate in 2015-IT-Root-CA.pem
1755. 18 added, 0 removed; done.
1756. Running hooks in /etc/ca-certificates/update.d...
1757. done.
1758. Processing triggers for dbus (1.12.28-0+deb11u1) ...
1759. Processing triggers for mailcap (3.69) ...
1760. Processing triggers for desktop-file-utils (0.26-1) ...
1761. Processing triggers for initramfs-tools (0.140) ...
1762. update-initramfs: Generating /boot/initrd.img-5.10.0-35-amd64
1763. Processing triggers for hicolor-icon-theme (0.17-2) ...
1764. Processing triggers for gnome-menus (3.36.0-1) ...
1765. Processing triggers for libc-bin (2.31-13+deb11u13) ...
1766. Setting up openjdk-11-jre-headless:amd64 (11.0.28+6-1~deb11u1) ...
1767. Processing triggers for ca-certificates-java (20230710~deb12u1~deb11u1) ...
1768. Replacing debian:2015-IT-Root-CA.pem
1769. Replacing debian:2022-cross-signed-chain.pem
1770. Replacing debian:2022-IT-Root-CA.pem
1771. Replacing debian:2022-IT-Root-CA-signedby-2015.pem
1772. Replacing debian:2022-self-signed-chain.pem
1773. Replacing debian:RH-IT-Root-CA.pem
1774. Replacing debian:rhcs-ca-chain-2015.pem
1775. Replacing debian:Current-IT-Root-CAs.pem
1776. Replacing debian:Eng-CA.pem
1777. Replacing debian:2015-IT-Root-CA.pem
1778. Replacing debian:2022-cross-signed-chain.pem
1779. Replacing debian:2022-IT-Root-CA.pem
1780. Replacing debian:2022-IT-Root-CA-signedby-2015.pem
1781. Replacing debian:2022-self-signed-chain.pem
1782. Replacing debian:Current-IT-Root-CAs.pem
1783. Replacing debian:Eng-CA.pem
1784. Replacing debian:rhcs-ca-chain-2015.pem
1785. Replacing debian:RH-IT-Root-CA.pem
1786. done.
1787. Setting up openjdk-11-jdk-headless:amd64 (11.0.28+6-1~deb11u1) ...
1788. Setting up openjdk-11-jre:amd64 (11.0.28+6-1~deb11u1) ...
1789. Setting up openjdk-11-jdk:amd64 (11.0.28+6-1~deb11u1) ...
1790.  
1791.  
1792.  
1793.  
1794. Debian GNU/Linux 11 (bullseye)
1795.  
1796. Linux tassos 5.10.0-35-amd64 #1 SMP Debian 5.10.237-1 (2025-05-19) x86_64 GNU/Linux