apticron report [Fri, 04 Oct 2019 13:49:13 +0200] ======================================================================== apticron has detected that some packages need upgrading on: nonagon.federez.net [ 185.230.78.42 2a0c:700:0:23:67:e5ff:fee9:3 ] The following packages are currently pending an upgrade: e2fslibs 1.43.4-2+deb9u1 e2fsprogs 1.43.4-2+deb9u1 libapache2-mod-php7.3 7.3.9-1~deb10u1 libcom-err2 1.44.5-1+deb10u2 libcomerr2 1.44.5-1+deb10u2 libexpat1 2.2.0-2+deb9u3 libexpat1-dev 2.2.0-2+deb9u3 libss2 1.43.4-2+deb9u1 libssl1.0.2 1.0.2t-1~deb9u1 libssl1.1 1.1.1d-0+deb10u1 libssl-dev 1.1.1d-0+deb10u1 linux-libc-dev 4.9.189-3+deb9u1 openssl 1.1.0l-1~deb9u1 php7.3 7.3.9-1~deb10u1 php7.3-cli 7.3.9-1~deb10u1 php7.3-common 7.3.9-1~deb10u1 php7.3-curl 7.3.9-1~deb10u1 php7.3-gd 7.3.9-1~deb10u1 php7.3-json 7.3.9-1~deb10u1 php7.3-ldap 7.3.9-1~deb10u1 php7.3-mbstring 7.3.9-1~deb10u1 php7.3-mysql 7.3.9-1~deb10u1 php7.3-opcache 7.3.9-1~deb10u1 php7.3-readline 7.3.9-1~deb10u1 tzdata 2019c-0+deb9u1 ======================================================================== Package Details: apt-listchanges : Lecture des fichiers de modifications (« changelog »)... apt-listchanges : journaux des modifications (« changelogs ») ------------------------------------------------------------- --- Modifications pour e2fsprogs (e2fslibs e2fsprogs libcom-err2 libcomerr2 libss2) --- e2fsprogs (1.44.5-1+deb10u2) buster-security; urgency=high * Fix CVE-2019-5094: potential buffer overrun in e2fsck (Closes: #941139) -- Theodore Y. Ts'o &lt;tytso(a)mit.edu&gt; Wed, 25 Sep 2019 13:37:44 -0400 --- Modifications pour expat (libexpat1 libexpat1-dev) --- expat (2.2.0-2+deb9u3) stretch-security; urgency=high * Non-maintainer upload by the Security Team. * xmlparse.c: Deny internal entities closing the doctype (CVE-2019-15903) (Closes: #939394) -- Salvatore Bonaccorso &lt;carnil(a)debian.org&gt; Thu, 19 Sep 2019 23:43:05 +0200 --- Modifications pour linux (linux-libc-dev) --- linux (4.9.189-3+deb9u1) stretch-security; urgency=high * vhost: make sure log_num < in_num (CVE-2019-14835) * ALSA: usb-audio: Fix an OOB bug in parse_audio_mixer_unit (CVE-2019-15117) * ALSA: usb-audio: Fix a stack buffer overflow bug in check_input_term (CVE-2019-15118) * [x86] ptrace: fix up botched merge of spectrev1 fix (CVE-2019-15902) * KVM: coalesced_mmio: add bounds checking (CVE-2019-14821) -- Salvatore Bonaccorso &lt;carnil(a)debian.org&gt; Fri, 20 Sep 2019 13:03:45 +0200 --- Modifications pour php7.3 (libapache2-mod-php7.3 php7.3 php7.3-cli php7.3-common php7.3-curl php7.3-gd php7.3-json php7.3-ldap php7.3-mbstring php7.3-mysql php7.3-opcache php7.3-readline) --- php7.3 (7.3.9-1~deb10u1) buster-security; urgency=high * New upstream version 7.3.9 * php7.3-curl: Add Breaks against php7.0-curl for smoother upgrades from stretch. (Closes: #929689) -- Ondřej Surý &lt;ondrej(a)sury.org&gt; Wed, 18 Sep 2019 12:33:23 +0200 --- Modifications pour openssl (libssl1.1 libssl-dev openssl) --- openssl (1.1.1d-0+deb10u1) buster-security; urgency=medium * New upstream version - CVE-2019-1549 (Fixed a fork protection issue). - CVE-2019-1547 (Compute ECC cofactors if not provided during EC_GROUP construction). - CVE-2019-1563 (Fixed a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey). * Update symbol list -- Sebastian Andrzej Siewior &lt;sebastian(a)breakpoint.cc&gt; Fri, 27 Sep 2019 21:29:13 +0200 --- Modifications pour openssl1.0 (libssl1.0.2) --- openssl1.0 (1.0.2t-1~deb9u1) stretch-security; urgency=medium * Import 1.0.2t - CVE-2019-1547 (Compute ECC cofactors if not provided during EC_GROUP construction). - CVE-2019-1563 (Fixed a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey). -- Sebastian Andrzej Siewior &lt;sebastian(a)breakpoint.cc&gt; Fri, 27 Sep 2019 21:49:56 +0200 --- Modifications pour tzdata --- tzdata (2019c-0+deb9u1) stretch; urgency=medium * New upstream version, affecting the following future timestamps: - Fiji's next DST transitions will be 2019-11-10 and 2020-01-12 instead of 2019-11-03 and 2020-01-19. - Norfolk Island will observe Australian-style DST starting in spring 2019. The first transition is on 2019-10-06. -- Aurelien Jarno &lt;aurel32(a)debian.org&gt; Wed, 18 Sep 2019 00:40:44 +0200 ======================================================================== You can perform the upgrade by issuing the command: apt-get dist-upgrade as root on nonagon.federez.net -- apticron