Debian -- News -- Updated Debian 13: 13.

Debian -- News -- Updated Debian 13: 13.4 released
Skip Quicknav
Blog
Micronews
Planet
Wiki
Latest News
News from 2026
News -- Updated Debian 13: 13.4 released
Updated Debian 13: 13.4 released
March 14th, 2026
The Debian project is pleased to announce the fourth update of its
stable distribution Debian 13 (codename
trixie
).
This point release mainly adds corrections for security issues,
along with a few adjustments for serious problems. Security advisories
have already been published separately and are referenced where available.
Please note that the point release does not constitute a new version of Debian
13 but only updates some of the packages included. There is
no need to throw away old
trixie
media. After installation,
packages can be upgraded to the current versions using an up-to-date Debian
mirror.
Those who frequently install updates from security.debian.org won't have
to update many packages, and most such updates are
included in the point release.
New installation images will be available soon at the regular locations.
Upgrading an existing installation to this revision can be achieved by
pointing the package management system at one of Debian's many HTTP mirrors.
A comprehensive list of mirrors is available at:
Miscellaneous Bugfixes
This stable update adds a few important corrections to the following packages:
Package
Reason
akonadi
Show all folders in kmail
apache2
Fix HTTP/2 regression
arduino-core-avr
New upstream stable release; fix buffer overflow issue [CVE-2025-69209]
asahi-scripts
Fix SD card reader autosuspend
augeas
Fix null pointer dereference issue [CVE-2025-2588]
base-files
Update for the point release
bash
Rebuild with updated glibc
bglibs
Rebuild with updated glibc
bird2
Use Restart=on-abnormal instead of on-abort; RAdv: Fix flags for deprecated prefixes; BMP: Fix crash when exporting a route with non-bgp attributes; ASPA check fix for AS_SET
brltty
Fix taking the VT number from the chosen session
busybox
Rebuild with updated glibc
capstone
New upstream stable release; fix buffer overflow issue [CVE-2025-67873]; fix buffer underflow and overflow issue [CVE-2025-68114]
catatonit
Rebuild with updated glibc
cdebootstrap
Rebuild with updated glibc
chkrootkit
Rebuild with updated glibc
chrony
Open refclock writeable to maintain compatibility with newer kernels
civetweb
Fix denial of service issue [CVE-2025-9648]; fix buffer overflow issue [CVE-2025-55763]
ckb-next
Fix init script installation and initialisation; ensure cryptographic verification of firmware updates
clatd
Fix systemd unit installation; correct NetworkManager dispatcher install path; provide example configuration; ensure obsolete dispatcher script is removed on upgrade
condor
Rebuild with updated glibc
dar
Rebuild with updated glibc and openssl
debian-installer
Increase Linux kernel ABI to 6.12.73+deb13; rebuild against proposed updates
debian-installer-netboot-images
Rebuild against proposed-updates
debian-ports-archive-keyring
Add
Debian Ports Archive Automatic Signing Key (2027)
; move 2025 signing key to the removed keys keyring
debsig-verify
Rebuild with updated dpkg
debvm
Only use the console in nographics mode; use correct variable name; autologin: prefer credentials to monkey patching unit; customize-resolved.sh: explicitly install systemd-resolved
deets
Rebuild with updated dpkg
direwolf
Fix stack buffer overflow [CVE-2025-34457]
distribution-gpg-keys
Update included keys
distrobuilder
Rebuild with updated incus
docker.io
Rebuild with updated glibc
dovecot
Fix possible crash in ldap userdb; fix crash in trash plugin; fix segfault when group ACLs are present but the user has no groups
dpkg
dpkg-query: Fix segfault with empty -S argument; Dpkg::OpenPGP: Do not run verify with no keyrings; Dpkg::Shlibs::Objdump::Object: Add support for
Version References
symbols; Dpkg::OpenPGP::Backend::GnuPG: Add missing Dpkg::Gettext import; fix denial of service issue [CVE-2026-2219]
e2fsprogs
Rebuild with updated glibc
ejabberd
Remove old apparmor profile file
ejabberd-contrib
Rebuild with updated ejabberd
erlang
Fix excessive resource use issues [CVE-2025-48038 CVE-2025-48039 CVE-2025-48040 CVE-2025-48041]; fix traffic redirection issue [CVE-2016-1000107]
ffmpegfs
Fix incomplete listing of files in output directory
flatpak
New upstream stable release
fluidsynth
Fix null pointer dereference issue [CVE-2025-56225]
fonttools
Fix arbitrary file write issue [CVE-2025-66034]
glibc
Update from upstream stable branch; fix heap corruption issue [CVE-2026-0861]; fix stack contents leak issue [CVE-2026-0915]; fix uninitialized memory use issue [CVE-2025-15281]; switch currency symbol for the bg_BG locale to euro; fix a null pointer dereference in symbol lookup when the symbol version hash is zero; fix various optimized functions
gnome-shell
Revert inadvertently backported change that can cause the Shell UI to not appear on some systems
gnu-efi
Fix build of UEFI binaries for armhf
gnuais
Fix displaying the map in gnuaisgui
gnupg2
Rebuild with updated glibc
gpsd
Fix out-of-bounds write issue [CVE-2025-67268]; fix denial of service issue [CVE-2025-67269]
grub-efi-amd64-signed
Fix ZFS root identification
grub-efi-arm64-signed
Fix ZFS root identification
grub-efi-ia32-signed
Fix ZFS root identification
grub2
Fix ZFS root identification
ifupdown
Fix IPv6 DAD handling in ifup; correct dhclient invocation ordering for IPv6; restore correct executable path detection in ifup scripts
integrit
Rebuild with updated glibc
jaraco.context
Prevent path traversal [CVE-2026-23949]
libcap2
Rebuild with updated glibc
libguestfs
Add dependency on isc-dhcp-client
libpng1.6
Fix heap buffer overflow issues [CVE-2026-22801 CVE-2026-22695]
libsndfile
Fix memory leak issue [CVE-2025-56226]
linux-base
Use compatible hook dir names for headers packages
lxc
Fix data corruption during heavy IO on PTS; update lxc-default-with-nesting apparmor profile; rebuild with updated glibc
mariadb
New upstream stable release; fix arbitrary code execution issue [CVE-2025-13699]; fix denial of service issue [CVE-CVE-2026-21968]; use tmpfiles.d to generate runtime directory; fix upgrades from version 10.4 when encryption is enabled; fix innodb_linux_aio support
mpg123
Do not modify raw ID3v2 data while parsing
node-proxy-agents
Fix path traversal issue [CVE-2026-27699]
open-iscsi
Fix discovery of
static
nodes
openssh
Fix mistracking of MaxStartups process exits in some situations; fix possible code execution issues [CVE-2025-61984 CVE-2025-61985]
openssl
New upstream stable release
passt
Increase AppArmor ABI version to 4.0 to enable user namespace creation
pcsx2
Fix code execution issue [CVE-2025-49589]
pdudaemon
Add missing dependency on setuputils
phpunit
Fix unsafe deserialization issue [CVE-2026-24765]
plastimatch
Repack to exclude non-free source files
policyd-rate-limit
Fix operation with Python >= 3.12
postgresql-17
New upstream stable release; fix buffer overrun issue [CVE-2026-2006]
python-cryptography
Fix missing validation in EC public key creation [CVE-2026-26007]
python-filelock
Fix TOCTOU symlink handling vulnerability in lock file creation [CVE-2025-68146]
python-multipart
Fix arbitrary file write issue [CVE-2026-24486]
python-os-ken
Accept empty
OXM
fields
python-pyspnego
Fix deprecation warnings
qemu
New upstream stable release; fix denial of service issues [CVE-2025-14876 CVE-2026-0665]
qtbase-opensource-src
Fix data races; X11: set fallback logical DPI to 96, fixing incorrect calculation
reprepro
Fix incorrect tracking data when copying packages
requests
Fix credential leak issue [CVE-2024-47081]
riseup-vpn
Support additional polkit providers
runit-services
Slim: start in foreground with -n; dbus-dep.fixer: correctly test for existing services definitions, only start dbus services, even with the sysv override
rust-ntp-proto
Fix excessive load issue [CVE-2026-26076]
rust-ntpd
Rebuild with rust-ntp-proto 1.4.0-4+deb13u1 to fix CVE-2026-26076
rust-tealdeer
Update archive URL
samba
New upstream stable release
sash
Rebuild with updated glibc
scilab
Fix build failure
snapd
Rebuild with updated glibc
sqlite3
Prevent integer overflow in FTSS extension [CVE-2025-7709]; add missing build dependency on pkgconf
starlette
Fix denial of service issue [CVE-2025-62727]
sudo
Only enable Intel CET on amd64; fix regression with sudoers.d filenames containing colons
suricata
Fix denial of service issues [CVE-2026-22258 CVE-2026-22259 CVE-2026-22261]; fix stack overflow issue [CVE-2026-22262]; fix heap overflow issue [CVE-2026-22264]
tayga
Fix EAM mapping for host addresses
tini
Rebuild with updated glibc
torsocks
Use correct environment variable; explicitly trigger ldconfig trigger
tripwire
Rebuild with updated glibc
tsocks
Rebuild with updated glibc
tzdata
New upstream release; Moldova has used EU transition times since 2022
uglifyjs
Fix test failure
units
Update URLs to packetizer.com
user-mode-linux
Rebuild with updated linux
wget2
Fix file overwrite issue with metalink [CVE-2025-69194]; fix remote buffer overflow [CVE-2025-69195]
wireless-regdb
New upstream stable release; update regulatory information for several countries
wireshark
New upstream stable release; fix USB HID dissector memory exhaustion [CVE-2026-3201]; fix RF4CE Profile dissector crash [CVE-2026-3203]
xen
New upstream stable release; fix buffer overrun issue [CVE-2025-58150]; fix incomplete vCPU isolation issue [CVE-2026-23553]
zabbix
New upstream stable release; fix data leakage issues [CVE-2025-27231 CVE-2025-27233 CVE-2025-27236 CVE-2025-27238 CVE-2025-49641]; fix denial of service issue [CVE-2025-49643]
zookeeper
Fix build failure by skipping some flaky tests
zsh
Rebuild with updated glibc
Security Updates
This revision adds the following security updates to the stable release.
The Security Team has already released an advisory for each of these
updates:
Advisory ID
Package
DSA-6054
firefox-esr
DSA-6078
firefox-esr
DSA-6093
gimp
DSA-6094
libsodium
DSA-6095
foomuuri
DSA-6096
vlc
DSA-6097
chromium
DSA-6098
net-snmp
DSA-6099
python-parsl
DSA-6100
chromium
DSA-6101
firefox-esr
DSA-6102
python-urllib3
DSA-6103
thunderbird
DSA-6104
python-keystonemiddleware
DSA-6105
modsecurity-crs
DSA-6106
inetutils
DSA-6107
bind9
DSA-6108
chromium
DSA-6109
incus
DSA-6111
imagemagick
DSA-6112
openjdk-21
DSA-6113
openssl
DSA-6114
pyasn1
DSA-6115
gimp
DSA-6116
chromium
DSA-6117
python-django
DSA-6118
thunderbird
DSA-6119
jtreg8
DSA-6119
openjdk-25
DSA-6120
tomcat10
DSA-6121
tomcat11
DSA-6122
chromium
DSA-6123
xrdp
DSA-6124
wireshark
DSA-6125
usbmuxd
DSA-6126
linux-signed-amd64
DSA-6126
linux-signed-arm64
DSA-6126
linux
DSA-6128
shaarli
DSA-6129
munge
DSA-6130
haproxy
DSA-6131
nginx
DSA-6133
postgresql-17
DSA-6134
pdns-recursor
DSA-6135
chromium
DSA-6137
roundcube
DSA-6138
libpng1.6
DSA-6139
gimp
DSA-6140
gnutls28
DSA-6141
linux-signed-amd64
DSA-6141
linux-signed-arm64
DSA-6141
linux
DSA-6142
gegl
DSA-6143
libvpx
DSA-6144
inetutils
DSA-6145
nova
DSA-6146
chromium
DSA-6147
pillow
DSA-6148
firefox-esr
DSA-6149
nss
DSA-6150
python-django
DSA-6151
chromium
DSA-6152
thunderbird
DSA-6153
lxd
DSA-6155
spip
DSA-6156
gimp
DSA-6157
chromium
Debian Installer
The installer has been updated to include the fixes incorporated
into stable by the point release.
URLs
The complete lists of packages that have changed with this revision:
The current stable distribution:
Proposed updates to the stable distribution:
stable distribution information (release notes, errata etc.):
Security announcements and information:
About Debian
The Debian Project is an association of Free Software developers who
volunteer their time and effort in order to produce the completely
free operating system Debian.
Contact Information
For further information, please visit the Debian web pages at
, send mail to
, or contact the stable release team at
.
Back to: other
Debian news
||
Debian Project homepage
This page is also available in the following languages:
How to set
the default document language
About
Social Contract
Code of Conduct
Free Software
Legal Info
Help Debian
Getting Debian
Network install
CD/USB ISO images
Pure Blends
Debian Packages
Developers' Corner
News
Project News
Events
Documentation
Release Info
Debian Wiki
Support
Debian International
Security Information
Bug reports
Mailing Lists
The Debian Blog
Debian Micronews
Debian Planet
See our
contact page
to get in touch. Web site source code is
available
Last Modified: Mon, Mar 16 19:52:40 UTC 2026