Debian buster Openstack images changelog

10.11.3-20220130

Updates in 1 source package(s), 2 binary package(s):

  Source lxml, binaries: python-lxml:amd64 python-lxml:arm64  
  lxml (4.3.2-1+deb10u4) buster-security; urgency=high
  
    * Non-maintainer upload by the Security Team.
    * Cleaner: Prevent "@import" from re-occurring in the CSS after
      replacements, e.g. "@@importimport" (CVE-2021-43818) (Closes: #1001885)
    * Cleaner: Remove SVG image data URLs since they can embed script content
      (CVE-2021-43818) (Closes: #1001885)

-- Steve McIntyre <93sam@debian.org>  Mon, 31 Jan 2022 02:32:54 +0000

10.11.2-20211129

Updates in 1 source package(s), 2 binary package(s):

  Source icu, binaries: libicu63:amd64 libicu63:arm64  
  icu (63.1-6+deb10u2) buster-security; urgency=high
  
    * Non-maintainer upload by the Security Team.
    * Use LocalMemory for cmd to prevent use after free (CVE-2020-21913)

-- Steve McIntyre <93sam@debian.org>  Tue, 30 Nov 2021 05:07:38 +0000

10.11.1-20211029

Updates in 2 source package(s), 6 binary package(s):

  Source bind9, binaries: libdns-export1104:amd64 libisc-export1100:amd64 libdns-export1104:arm64 libisc-export1100:arm64  
  bind9 (1:9.11.5.P4+dfsg-5.1+deb10u6) buster-security; urgency=high
  
    * CVE-2021-25219: The "lame-ttl" option is now forcibly set to 0. This
      effectively disables the lame server cache, as it could previously be
      abused by an attacker to significantly degrade resolver performance.

  Source tzdata, binaries: tzdata:amd64 tzdata:arm64  
  tzdata (2021a-0+deb10u3) buster; urgency=medium
  
    * Cherry-pick patches from tzdata-2021d and tzdata-2021e:
      - 04-fiji-dst.patch: Fiji suspends DST for the 2021/2022 season.
      - 05-palestine-dst.patch: Palestine will fall back 2021-10-29 (not
        2021-10-30) at 01:00.

-- Steve McIntyre <93sam@debian.org>  Fri, 29 Oct 2021 05:02:59 +0000

10.11.0

  First build for 10.11.0 release

-- Steve McIntyre <93sam@debian.org>  Sat, 09 Oct 2021 20:19:55 +0000