Debian 10230 Published by

Debian GNU/Linux 9.2 has been released. Here the release announcement:



------------------------------------------------------------------------
The Debian Project https://www.debian.org/
Updated Debian 9: 9.2 released press@debian.org
October 7th, 2017 https://www.debian.org/News/2017/20171007
------------------------------------------------------------------------


The Debian project is pleased to announce the second update of its
stable distribution Debian 9 (codename "stretch"). This point release
mainly adds corrections for security issues, along with a few
adjustments for serious problems. Security advisories have already been
published separately and are referenced where available.

Please note that the point release does not constitute a new version of
Debian 9 but only updates some of the packages included. There is no
need to throw away old "stretch" media. After installation, packages can
be upgraded to the current versions using an up-to-date Debian mirror.

Those who frequently install updates from security.debian.org won't have
to update many packages, and most such updates are included in the point
release.

New installation images will be available soon at the regular locations.

Upgrading an existing installation to this revision can be achieved by
pointing the package management system at one of Debian's many HTTP
mirrors. A comprehensive list of mirrors is available at:

https://www.debian.org/mirror/list


As a special case for this point release, those using the "apt-get" tool
to perform the upgrade will need to ensure that the "dist-upgrade"
command is used, in order to update to the latest kernel packages. Users
of other tools such as "apt" and "aptitude" should use the "upgrade"
command.


Miscellaneous Bugfixes
----------------------

Due to an oversight while preparing the point release, the usual
update to the "base-files" package to reflect the new version was
unfortunately not included. An updated package will be made available
via "stretch-updates" in the near future.

This stable update adds a few important corrections to the following
packages:

+--------------------------+------------------------------------------+
| Package | Reason |
+--------------------------+------------------------------------------+
| apt [1] | Fix issues in apt-daily-upgrade; fix a |
| | possible crash in the mirror method |
| | |
| at-spi2-core [2] | Fix crash on switching windows |
| | |
| bareos [3] | Fix permissions of bareos-dir logrotate |
| | config on upgrade; fix file corruption |
| | when using SHA1 signature |
| | |
| bind9 [4] | Import support for DNSSEC KSK-2017 |
| | |
| bridge-utils [5] | Fix a problem with some vlan interfaces |
| | not being created |
| | |
| caja [6] | Fix excessive CPU use while loading |
| | background image |
| | |
| chrony [7] | Do not pass 'burst' command to chronyc |
| | |
| cross-gcc [8] | Fix outdated support for gcc 6.3.0-18 |
| | |
| cvxopt [9] | Remove the unneccessary and non-working |
| | compatibility layer for lpx_main() |
| | |
| db5.3 [10] | Do not access DB_CONFIG when db_home is |
| | not set [CVE-2017-10140] |
| | |
| dbus [11] | New upstream stable release |
| | |
| debian-edu-doc [12] | Merge stretch related documentation and |
| | translation updates; update Debian Edu |
| | Stretch manual from the wiki; replace |
| | existing boot menu screenshots with |
| | recent ones from the wiki |
| | |
| debian-installer [13] | Update Linux kernel ABI to 4 |
| | |
| debian-installer- | Rebuild against proposed-updates |
| netboot-images [14] | |
| | |
| desktop-base [15] | Fix XML syntax errors in gnome wallpaper |
| | description files making Joy wallpapers |
| | unavailable by default; ensure postinst |
| | doesn’t fail on upgrade even when an |
| | incomplete theme pack is active |
| | |
| dns-root-data [16] | Update root.hints to 2017072601 version; |
| | change the state of KSK-2017 to VALID |
| | |
| dnsdist [17] | Security fixes [CVE-2016-7069 CVE-2017- |
| | 7557] |
| | |
| dnsviz [18] | Cherry-pick upstream fixes related to |
| | root.hints and root.keys changes |
| | |
| dose3 [19] | Fix versioned provides support - |
| | packages that provide the same virtual |
| | package in different versions, or that |
| | provide the same versioned virtual |
| | package as a real package, are co- |
| | installable |
| | |
| ecl [20] | Add missing dependency on libffi-dev |
| | |
| erlang-p1-tls [21] | Fix ECDH curves |
| | |
| evolution [22] | Fix hang on right click in composer |
| | window |
| | |
| expect [23] | Properly check for EOF, to avoid losing |
| | input |
| | |
| fife [24] | Fix memory leak |
| | |
| flatpak [25] | New upstream stable release; prevent |
| | deploying files with inappropriate |
| | permissions; restore compatibility with |
| | libostree 2017.7 |
| | |
| freerdp [26] | Enable TLS >= 1.1 support |
| | |
| gnome-exe- | Switch to msitools' msiinfo for |
| thumbnailer [27] | ProductVersion fetching, replacing the |
| | insecure VBScript-based parsing |
| | [CVE-2017-11421]; fix unreadable white- |
| | on-white text on version labels |
| | |
| gnupg2 [28] | Fix dirmngr issues with broken reverse |
| | DNS, assertion when using "tofu- |
| | default-policy ask" , multiple issues |
| | with scdaemon, avoid spurious warnings |
| | when sharing a keybox with gpg >= 2.1.20 |
| | |
| gnutls28 [29] | Fix OCSP verification errors, especially |
| | with ECDSA signatures |
| | |
| gosa-plugin- | Fix parent constructor calls, for |
| mailaddress [30] | compatibility with PHP7 |
| | |
| gsoap [31] | Fix integer overflow via large XML |
| | document [CVE-2017-9765] |
| | |
| haveged [32] | Start haveged.service after systemd- |
| | tmpfiles-setup.service has been run |
| | |
| ipsec-tools [33] | Security fix [CVE-2016-10396] |
| | |
| irssi [34] | Fix null pointer dereference [CVE-2017- |
| | 10965], use-after-free condition for |
| | nicklist [CVE-2017-10966] |
| | |
| kanatest [35] | Remove DISABLE_DEPRECATED flags, they |
| | cause implicit pointer conversion and |
| | thus a segmentation fault on startup |
| | |
| kdepim [36] | Fix "send Later with Delay bypasses |
| | OpenPGP" [CVE-2017-9604] |
| | |
| kf5-messagelib [37] | Fix "send Later with Delay bypasses |
| | OpenPGP" [CVE-2017-9604] |
| | |
| krb5 [38] | Fix security issue where remote |
| | authenticated attackers can crash the |
| | KDC [CVE-2017-11368]; fix startup if |
| | getaddrinfo() returns a wildcard v6 |
| | address and handling of explicitly |
| | specified v4 wildcard address; fix SRV |
| | lookups to respect udp_preference_limit |
| | |
| lava-tool [39] | Add missing dependency on python- |
| | simplejson |
| | |
| librsb [40] | Fix a few severe bugs leading to |
| | numerically wrong results |
| | |
| libselinux [41] | Rebuild with new sbuild to fix changelog |
| | date |
| | |
| libsolv [42] | Fix dependencies on Python 3 modules |
| | |
| libwpd [43] | Fix denial of service issue |
| | [CVE-2017-14226] |
| | |
| linux [44] | New upstream stable version |
| | |
| linux-latest [45] | Update to 4.9.0-4 |
| | |
| lzma [46] | Rebuild with new sbuild to fix changelog |
| | date |
| | |
| mailman [47] | Fix broken dependencies in |
| | contrib/SpamAssassin.py |
| | |
| mate-power-manager [48] | Don't abort on unknown DBus signal name |
| | |
| mate-themes [49] | Fix font colour of URL bar in Google |
| | Chrome |
| | |
| mate-tweak [50] | Add missing dependency on python3-gi |
| | |
| ncurses [51] | Fix various crash bugs in the tic |
| | library and the tic binary |
| | [CVE-2017-10684 CVE-2017-10685 |
| | CVE-2017-11112 CVE-2017-11113 |
| | CVE-2017-13728 CVE-2017-13729 |
| | CVE-2017-13730 CVE-2017-13731 |
| | CVE-2017-13732 CVE-2017-13734 |
| | CVE-2017-13733] |
| | |
| nettle [52] | Rebuild with new sbuild to fix changelog |
| | date |
| | |
| node-brace- | Fix regular expression denial of service |
| expansion [53] | issue |
| | |
| node-dateformat [54] | Set TZ=UTC for tests to fix build |
| | failure |
| | |
| ntp [55] | Build and install /usr/bin/sntp |
| | |
| nvidia-graphics- | New upstream long lived branch release |
| drivers [56] | 375.82 - security fixes [CVE-2017-6257 |
| | CVE-2017-6259], add support for the |
| | following GPUs: GeForce GTX 1080 with |
| | Max-Q Design, GeForce GTX 1070 with Max- |
| | Q Design, GeForce GTX 1060 with Max-Q |
| | Design; nvidia-kernel-dkms: Honor |
| | parallel setting from dkms |
| | |
| open-vm-tools [57] | Randomly generate temporary directory |
| | name [CVE-2015-5191] |
| | |
| opendkim [58] | Start as root and drop privileges in |
| | opendkim for proper key file ownership |
| | |
| openldap [59] | Relax the dependency of libldap-2.4-2 on |
| | libldap-common to also permit later |
| | versions; fix upgrade failure when |
| | olcSuffix contains a backslash; avoid |
| | reading the value of the |
| | LDAP_OPT_X_TLS_REQUIRE_CERT option from |
| | previously freed memory; fix potential |
| | endless replication loop in a multi- |
| | master delta-syncrepl scenario with 3 or |
| | more nodes; fix memory corruption caused |
| | by calling sasl_client_init() multiple |
| | times and possibly concurrently |
| | |
| openvpn [60] | Fix broken reconnects due to wrong push |
| | digest calculation |
| | |
| osinfo-db [61] | Update distribution information |
| | |
| pcb-rnd [62] | Fix execution of code via a maliciously |
| | formed design file |
| | |
| postfix [63] | New upstream stable version - send |
| | single character variable names to |
| | milters without {}; prevent MIME |
| | downgrade of Postfix-generated message/ |
| | delivery status; work around Berkeley DB |
| | attempting to read settings from |
| | "DB_CONFIG" file |
| | |
| python-pampy [64] | Fix dependencies on Python 3 modules |
| | |
| request-tracker4 [65] | Fix regression in previous security |
| | release where incorrect SHA256 passwords |
| | could trigger an error |
| | |
| ruby-gnome2 [66] | ruby- |
| | {gdk3,gtksourceview2,pango,poppler}: Add |
| | missing dependencies |
| | |
| samba [67] | Ensure SMB signing enforced [CVE-2017- |
| | 12150]; keep required encryption across |
| | SMB3 DFS redirects [CVE-2017-12151]; fix |
| | server memory information leak over SMB1 |
| | [CVE-2017-12163]; new upstream release; |
| | fix libpam-winbind.prerm to be |
| | multiarch-safe; add missing logrotate |
| | for /var/log/samba/log.samba; fix |
| | outdated DNS Root servers; fix "Non- |
| | kerberos logins fails on winbind 4.X |
| | when krb5_auth is configured in PAM" |
| | |
| smplayer [68] | Fix connections to YouTube |
| | |
| speech-dispatcher [69] | Make spd-conf work again |
| | |
| suricata [70] | Limit the number of recursive calls in |
| | the DER/ASN.1 decoder to avoid stack |
| | overflows |
| | |
| swift [71] | New upstream stable release |
| | |
| tbdialout [72] | Include leading plus symbol when using |
| | tel: URI scheme |
| | |
| tiny-initramfs [73] | Add missing dependency on cpio |
| | |
| topal [74] | Fix misuse of sed character class syntax |
| | |
| torsocks [75] | Fix check_addr() to return either 0 or 1 |
| | |
| trace-cmd [76] | Fix segfault while processing certain |
| | trace files |
| | |
| unbound [77] | Fix install of trust anchor when two |
| | anchors are present; depend on dns-root- |
| | data (>= 2017072601~) for KSK-2017 |
| | |
| unknown-horizons [78] | Fix memory leak |
| | |
| up-imapproxy [79] | Correct systemd service file |
| | |
| vim [80] | Fix several crashes / illegal memory |
| | accesses [CVE-2017-11109] |
| | |
| waagent [81] | New upstream release, with support for |
| | Azure Stack |
| | |
| webkit2gtk [82] | Upstream security and bugfix release |
| | [CVE-2017-2538 CVE-2017-7052 CVE-2017- |
| | 7018 CVE-2017-7030 CVE-2017-7034 |
| | CVE-2017-7037 CVE-2017-7039 CVE-2017- |
| | 7046 CVE-2017-7048 CVE-2017-7055 |
| | CVE-2017-7056 CVE-2017-7061 CVE-2017- |
| | 7064] |
| | |
| whois [83] | Fix whois referrals |
| | for .com, .net, .jobs, .bz, .cc and .tv; |
| | add several new Indian TLD servers; |
| | update the list of gTLDs |
| | |
| wrk [84] | Fix build failures |
| | |
| xfonts-ayu [85] | Fix generation of bold and italic fonts |
| | |
| xkeyboard-config [86] | Move Indic layouts back to the main |
| | layout list, enabling their use again |
| | |
| yadm [87] | Fix race condition which could allow |
| | access to private PGP and SSH keys |
| | [CVE-2017-11353] |
| | |
+--------------------------+------------------------------------------+

1: https://packages.debian.org/src:apt
2: https://packages.debian.org/src:at-spi2-core
3: https://packages.debian.org/src:bareos
4: https://packages.debian.org/src:bind9
5: https://packages.debian.org/src:bridge-utils
6: https://packages.debian.org/src:caja
7: https://packages.debian.org/src:chrony
8: https://packages.debian.org/src:cross-gcc
9: https://packages.debian.org/src:cvxopt
10: https://packages.debian.org/src:db5.3
11: https://packages.debian.org/src:dbus
12: https://packages.debian.org/src:debian-edu-doc
13: https://packages.debian.org/src:debian-installer
14: https://packages.debian.org/src:debian-installer-netboot-images
15: https://packages.debian.org/src:desktop-base
16: https://packages.debian.org/src:dns-root-data
17: https://packages.debian.org/src:dnsdist
18: https://packages.debian.org/src:dnsviz
19: https://packages.debian.org/src:dose3
20: https://packages.debian.org/src:ecl
21: https://packages.debian.org/src:erlang-p1-tls
22: https://packages.debian.org/src:evolution
23: https://packages.debian.org/src:expect
24: https://packages.debian.org/src:fife
25: https://packages.debian.org/src:flatpak
26: https://packages.debian.org/src:freerdp
27: https://packages.debian.org/src:gnome-exe-thumbnailer
28: https://packages.debian.org/src:gnupg2
29: https://packages.debian.org/src:gnutls28
30: https://packages.debian.org/src:gosa-plugin-mailaddress
31: https://packages.debian.org/src:gsoap
32: https://packages.debian.org/src:haveged
33: https://packages.debian.org/src:ipsec-tools
34: https://packages.debian.org/src:irssi
35: https://packages.debian.org/src:kanatest
36: https://packages.debian.org/src:kdepim
37: https://packages.debian.org/src:kf5-messagelib
38: https://packages.debian.org/src:krb5
39: https://packages.debian.org/src:lava-tool
40: https://packages.debian.org/src:librsb
41: https://packages.debian.org/src:libselinux
42: https://packages.debian.org/src:libsolv
43: https://packages.debian.org/src:libwpd
44: https://packages.debian.org/src:linux
45: https://packages.debian.org/src:linux-latest
46: https://packages.debian.org/src:lzma
47: https://packages.debian.org/src:mailman
48: https://packages.debian.org/src:mate-power-manager
49: https://packages.debian.org/src:mate-themes
50: https://packages.debian.org/src:mate-tweak
51: https://packages.debian.org/src:ncurses
52: https://packages.debian.org/src:nettle
53: https://packages.debian.org/src:node-brace-expansion
54: https://packages.debian.org/src:node-dateformat
55: https://packages.debian.org/src:ntp
56: https://packages.debian.org/src:nvidia-graphics-drivers
57: https://packages.debian.org/src:open-vm-tools
58: https://packages.debian.org/src:opendkim
59: https://packages.debian.org/src:openldap
60: https://packages.debian.org/src:openvpn
61: https://packages.debian.org/src:osinfo-db
62: https://packages.debian.org/src:pcb-rnd
63: https://packages.debian.org/src:postfix
64: https://packages.debian.org/src:python-pampy
65: https://packages.debian.org/src:request-tracker4
66: https://packages.debian.org/src:ruby-gnome2
67: https://packages.debian.org/src:samba
68: https://packages.debian.org/src:smplayer
69: https://packages.debian.org/src:speech-dispatcher
70: https://packages.debian.org/src:suricata
71: https://packages.debian.org/src:swift
72: https://packages.debian.org/src:tbdialout
73: https://packages.debian.org/src:tiny-initramfs
74: https://packages.debian.org/src:topal
75: https://packages.debian.org/src:torsocks
76: https://packages.debian.org/src:trace-cmd
77: https://packages.debian.org/src:unbound
78: https://packages.debian.org/src:unknown-horizons
79: https://packages.debian.org/src:up-imapproxy
80: https://packages.debian.org/src:vim
81: https://packages.debian.org/src:waagent
82: https://packages.debian.org/src:webkit2gtk
83: https://packages.debian.org/src:whois
84: https://packages.debian.org/src:wrk
85: https://packages.debian.org/src:xfonts-ayu
86: https://packages.debian.org/src:xkeyboard-config
87: https://packages.debian.org/src:yadm

Security Updates
----------------

This revision adds the following security updates to the stable release.
The Security Team has already released an advisory for each of these
updates:

+-----------------+-----------------------------+
| Advisory ID | Package |
+-----------------+-----------------------------+
| DSA-3881 [88] | firefox-esr [89] |
| | |
| DSA-3898 [90] | expat [91] |
| | |
| DSA-3904 [92] | bind9 [93] |
| | |
| DSA-3909 [94] | samba [95] |
| | |
| DSA-3913 [96] | apache2 [97] |
| | |
| DSA-3914 [98] | imagemagick [99] |
| | |
| DSA-3915 [100] | ruby-mixlib-archive [101] |
| | |
| DSA-3916 [102] | atril [103] |
| | |
| DSA-3917 [104] | catdoc [105] |
| | |
| DSA-3919 [106] | openjdk-8 [107] |
| | |
| DSA-3920 [108] | qemu [109] |
| | |
| DSA-3921 [110] | enigmail [111] |
| | |
| DSA-3923 [112] | freerdp [113] |
| | |
| DSA-3924 [114] | varnish [115] |
| | |
| DSA-3925 [116] | qemu [117] |
| | |
| DSA-3926 [118] | chromium-browser [119] |
| | |
| DSA-3927 [120] | linux [121] |
| | |
| DSA-3928 [122] | firefox-esr [123] |
| | |
| DSA-3929 [124] | libsoup2.4 [125] |
| | |
| DSA-3930 [126] | freeradius [127] |
| | |
| DSA-3931 [128] | ruby-rack-cors [129] |
| | |
| DSA-3932 [130] | subversion [131] |
| | |
| DSA-3934 [132] | git [133] |
| | |
| DSA-3936 [134] | postgresql-9.6 [135] |
| | |
| DSA-3938 [136] | libgd2 [137] |
| | |
| DSA-3940 [138] | cvs [139] |
| | |
| DSA-3941 [140] | iortcw [141] |
| | |
| DSA-3942 [142] | supervisor [143] |
| | |
| DSA-3946 [144] | libmspack [145] |
| | |
| DSA-3947 [146] | newsbeuter [147] |
| | |
| DSA-3948 [148] | ioquake3 [149] |
| | |
| DSA-3949 [150] | augeas [151] |
| | |
| DSA-3950 [152] | libraw [153] |
| | |
| DSA-3952 [154] | libxml2 [155] |
| | |
| DSA-3953 [156] | aodh [157] |
| | |
| DSA-3955 [158] | mariadb-10.1 [159] |
| | |
| DSA-3956 [160] | connman [161] |
| | |
| DSA-3957 [162] | ffmpeg [163] |
| | |
| DSA-3958 [164] | fontforge [165] |
| | |
| DSA-3959 [166] | libgcrypt20 [167] |
| | |
| DSA-3961 [168] | libgd2 [169] |
| | |
| DSA-3962 [170] | strongswan [171] |
| | |
| DSA-3963 [172] | mercurial [173] |
| | |
| DSA-3964 [174] | asterisk [175] |
| | |
| DSA-3965 [176] | file [177] |
| | |
| DSA-3966 [178] | ruby2.3 [179] |
| | |
| DSA-3967 [180] | mbedtls [181] |
| | |
| DSA-3968 [182] | icedove [183] |
| | |
| DSA-3969 [184] | xen [185] |
| | |
| DSA-3970 [186] | emacs24 [187] |
| | |
| DSA-3971 [188] | tcpdump [189] |
| | |
| DSA-3972 [190] | bluez [191] |
| | |
| DSA-3973 [192] | wordpress-shibboleth [193] |
| | |
| DSA-3974 [194] | tomcat8 [195] |
| | |
| DSA-3975 [196] | emacs25 [197] |
| | |
| DSA-3976 [198] | freexl [199] |
| | |
| DSA-3977 [200] | newsbeuter [201] |
| | |
| DSA-3978 [202] | gdk-pixbuf [203] |
| | |
| DSA-3979 [204] | pyjwt [205] |
| | |
| DSA-3980 [206] | apache2 [207] |
| | |
| DSA-3982 [208] | perl [209] |
| | |
| DSA-3984 [210] | git [211] |
| | |
| DSA-3985 [212] | chromium-browser [213] |
| | |
| DSA-3986 [214] | ghostscript [215] |
| | |
| DSA-3987 [216] | firefox-esr [217] |
| | |
| DSA-3988 [218] | libidn2-0 [219] |
| | |
+-----------------+-----------------------------+

88: https://www.debian.org/security/2017/dsa-3881
89: https://packages.debian.org/src:firefox-esr
90: https://www.debian.org/security/2017/dsa-3898
91: https://packages.debian.org/src:expat
92: https://www.debian.org/security/2017/dsa-3904
93: https://packages.debian.org/src:bind9
94: https://www.debian.org/security/2017/dsa-3909
95: https://packages.debian.org/src:samba
96: https://www.debian.org/security/2017/dsa-3913
97: https://packages.debian.org/src:apache2
98: https://www.debian.org/security/2017/dsa-3914
99: https://packages.debian.org/src:imagemagick
100: https://www.debian.org/security/2017/dsa-3915
101: https://packages.debian.org/src:ruby-mixlib-archive
102: https://www.debian.org/security/2017/dsa-3916
103: https://packages.debian.org/src:atril
104: https://www.debian.org/security/2017/dsa-3917
105: https://packages.debian.org/src:catdoc
106: https://www.debian.org/security/2017/dsa-3919
107: https://packages.debian.org/src:openjdk-8
108: https://www.debian.org/security/2017/dsa-3920
109: https://packages.debian.org/src:qemu
110: https://www.debian.org/security/2017/dsa-3921
111: https://packages.debian.org/src:enigmail
112: https://www.debian.org/security/2017/dsa-3923
113: https://packages.debian.org/src:freerdp
114: https://www.debian.org/security/2017/dsa-3924
115: https://packages.debian.org/src:varnish
116: https://www.debian.org/security/2017/dsa-3925
117: https://packages.debian.org/src:qemu
118: https://www.debian.org/security/2017/dsa-3926
119: https://packages.debian.org/src:chromium-browser
120: https://www.debian.org/security/2017/dsa-3927
121: https://packages.debian.org/src:linux
122: https://www.debian.org/security/2017/dsa-3928
123: https://packages.debian.org/src:firefox-esr
124: https://www.debian.org/security/2017/dsa-3929
125: https://packages.debian.org/src:libsoup2.4
126: https://www.debian.org/security/2017/dsa-3930
127: https://packages.debian.org/src:freeradius
128: https://www.debian.org/security/2017/dsa-3931
129: https://packages.debian.org/src:ruby-rack-cors
130: https://www.debian.org/security/2017/dsa-3932
131: https://packages.debian.org/src:subversion
132: https://www.debian.org/security/2017/dsa-3934
133: https://packages.debian.org/src:git
134: https://www.debian.org/security/2017/dsa-3936
135: https://packages.debian.org/src:postgresql-9.6
136: https://www.debian.org/security/2017/dsa-3938
137: https://packages.debian.org/src:libgd2
138: https://www.debian.org/security/2017/dsa-3940
139: https://packages.debian.org/src:cvs
140: https://www.debian.org/security/2017/dsa-3941
141: https://packages.debian.org/src:iortcw
142: https://www.debian.org/security/2017/dsa-3942
143: https://packages.debian.org/src:supervisor
144: https://www.debian.org/security/2017/dsa-3946
145: https://packages.debian.org/src:libmspack
146: https://www.debian.org/security/2017/dsa-3947
147: https://packages.debian.org/src:newsbeuter
148: https://www.debian.org/security/2017/dsa-3948
149: https://packages.debian.org/src:ioquake3
150: https://www.debian.org/security/2017/dsa-3949
151: https://packages.debian.org/src:augeas
152: https://www.debian.org/security/2017/dsa-3950
153: https://packages.debian.org/src:libraw
154: https://www.debian.org/security/2017/dsa-3952
155: https://packages.debian.org/src:libxml2
156: https://www.debian.org/security/2017/dsa-3953
157: https://packages.debian.org/src:aodh
158: https://www.debian.org/security/2017/dsa-3955
159: https://packages.debian.org/src:mariadb-10.1
160: https://www.debian.org/security/2017/dsa-3956
161: https://packages.debian.org/src:connman
162: https://www.debian.org/security/2017/dsa-3957
163: https://packages.debian.org/src:ffmpeg
164: https://www.debian.org/security/2017/dsa-3958
165: https://packages.debian.org/src:fontforge
166: https://www.debian.org/security/2017/dsa-3959
167: https://packages.debian.org/src:libgcrypt20
168: https://www.debian.org/security/2017/dsa-3961
169: https://packages.debian.org/src:libgd2
170: https://www.debian.org/security/2017/dsa-3962
171: https://packages.debian.org/src:strongswan
172: https://www.debian.org/security/2017/dsa-3963
173: https://packages.debian.org/src:mercurial
174: https://www.debian.org/security/2017/dsa-3964
175: https://packages.debian.org/src:asterisk
176: https://www.debian.org/security/2017/dsa-3965
177: https://packages.debian.org/src:file
178: https://www.debian.org/security/2017/dsa-3966
179: https://packages.debian.org/src:ruby2.3
180: https://www.debian.org/security/2017/dsa-3967
181: https://packages.debian.org/src:mbedtls
182: https://www.debian.org/security/2017/dsa-3968
183: https://packages.debian.org/src:icedove
184: https://www.debian.org/security/2017/dsa-3969
185: https://packages.debian.org/src:xen
186: https://www.debian.org/security/2017/dsa-3970
187: https://packages.debian.org/src:emacs24
188: https://www.debian.org/security/2017/dsa-3971
189: https://packages.debian.org/src:tcpdump
190: https://www.debian.org/security/2017/dsa-3972
191: https://packages.debian.org/src:bluez
192: https://www.debian.org/security/2017/dsa-3973
193: https://packages.debian.org/src:wordpress-shibboleth
194: https://www.debian.org/security/2017/dsa-3974
195: https://packages.debian.org/src:tomcat8
196: https://www.debian.org/security/2017/dsa-3975
197: https://packages.debian.org/src:emacs25
198: https://www.debian.org/security/2017/dsa-3976
199: https://packages.debian.org/src:freexl
200: https://www.debian.org/security/2017/dsa-3977
201: https://packages.debian.org/src:newsbeuter
202: https://www.debian.org/security/2017/dsa-3978
203: https://packages.debian.org/src:gdk-pixbuf
204: https://www.debian.org/security/2017/dsa-3979
205: https://packages.debian.org/src:pyjwt
206: https://www.debian.org/security/2017/dsa-3980
207: https://packages.debian.org/src:apache2
208: https://www.debian.org/security/2017/dsa-3982
209: https://packages.debian.org/src:perl
210: https://www.debian.org/security/2017/dsa-3984
211: https://packages.debian.org/src:git
212: https://www.debian.org/security/2017/dsa-3985
213: https://packages.debian.org/src:chromium-browser
214: https://www.debian.org/security/2017/dsa-3986
215: https://packages.debian.org/src:ghostscript
216: https://www.debian.org/security/2017/dsa-3987
217: https://packages.debian.org/src:firefox-esr
218: https://www.debian.org/security/2017/dsa-3988
219: https://packages.debian.org/src:libidn2-0

Removed packages
----------------

The following packages were removed due to circumstances beyond our
control:

+----------------+------------------------------------------+
| Package | Reason |
+----------------+------------------------------------------+
| clapack [220] | Outdated and unmaintained fork of lapack |
| | |
+----------------+------------------------------------------+

220: https://packages.debian.org/src:clapack

Debian Installer
----------------

The installer has been updated to include the fixes incorporated into
stable by the point release.


URLs
----

The complete lists of packages that have changed with this revision:

http://ftp.debian.org/debian/dists/stretch/ChangeLog


The current stable distribution:

http://ftp.debian.org/debian/dists/stable/


Proposed updates to the stable distribution:

http://ftp.debian.org/debian/dists/proposed-updates


stable distribution information (release notes, errata etc.):

https://www.debian.org/releases/stable/


Security announcements and information:

https://security.debian.org/ [221]

221: https://www.debian.org/security/


About Debian
------------

The Debian Project is an association of Free Software developers who
volunteer their time and effort in order to produce the completely free
operating system Debian.

  Debian GNU/Linux 9.2 released