Debian 10225 Published by

Both Debian GNU/Linux 7.11 and 8.5 are now available:

Updated Debian 7: 7.11 released
Updated Debian 8: 8.5 released



Updated Debian 7: 7.11 released

------------------------------------------------------------------------
The Debian Project https://www.debian.org/
Updated Debian 7: 7.11 released press@debian.org
June 4th, 2016 https://www.debian.org/News/2016/2016060402
------------------------------------------------------------------------


The Debian project is pleased to announce the eleventh (and final)
update of its oldstable distribution Debian 7 (codename "wheezy"). This
update mainly adds corrections for security problems to the oldstable
release, along with a few adjustments for serious problems. Security
advisories were already published separately and are referenced where
available.

The packages from DSA 3548 are not included in this point release for
technical reasons, as are some architectures for DSA 3547, DSA 3219, DSA
3482 and DSA 3246. All other security updates released during the
lifetime of "wheezy" that have not previously been part of a point
release are included in this update.

Please note that this update does not constitute a new version of Debian
7 but only updates some of the packages included. There is no need to
throw away old "wheezy" CDs or DVDs but only to update via an up-to-date
Debian mirror after an installation, to cause any out of date packages
to be updated.

Those who frequently install updates from security.debian.org won't have
to update many packages and most updates from security.debian.org are
included in this update.

New installation media and CD and DVD images containing updated packages
will be available soon at the regular locations.

Upgrading to this revision online is usually done by pointing the
aptitude (or apt) package tool (see the sources.list(5) manual page) to
one of Debian's many FTP or HTTP mirrors. A comprehensive list of
mirrors is available at:

https://www.debian.org/mirror/list



Miscellaneous Bugfixes
----------------------

This oldstable update adds a few important corrections to the following
packages:

+--------------------------+------------------------------------------+
| Package | Reason |
+--------------------------+------------------------------------------+
| base-files [1] | Update for the point release |
| | |
| debian-installer [2] | Rebuild for the point release |
| | |
| debian-installer- | Rebuild for the point release; swap the |
| netboot-images [3] | d-i Built-Using with the installer |
| | fetching, to fail on version mismatches |
| | earlier |
| | |
| dpkg [4] | Remove trailing space before handling |
| | blank line dot-separator in |
| | Dpkg::Control::HashCore. Regression |
| | introduced in dpkg 1.16.16; only use the |
| | SHELL environment variable for |
| | interactive shells; move tar option -- |
| | no-recursion before -T in dpkg-deb; |
| | initialize Config-Version also for |
| | packages previously in triggers-pending |
| | state; fix memory leak in dpkg infodb |
| | format upgrade logic; fix physical file |
| | offset comparison in dpkg |
| | |
| groovy [5] | Fix remote execution of untrusted code |
| | and possible DoS vulnerability |
| | [CVE-2015-3253] |
| | |
| gtk+3.0 [6] | Fix integer overflow when allocating a |
| | large block of memory in |
| | gdk_cairo_set_source_pixbuf [CVE-2013- |
| | 7447] |
| | |
| highlight [7] | Avoid segfault with undefined syntax |
| | |
| icecast2 [8] | Security fix [CVE-2014-9018] |
| | |
| libcrypto++ [9] | Fix Rijndael timing attack counter |
| | measure [CVE-2016-3995] |
| | |
| libdatetime-timezone- | Update to tzdata 2016d |
| perl [10] | |
| | |
| openldap [11] | Disable the back-mdb test suite on |
| | powerpc to work around back-mdb tests |
| | failing on buildds running the jessie |
| | ppc64 kernel, which uses 64KB pages |
| | |
| optipng [12] | Fix use-after-free vulnerability |
| | [CVE-2015-7801] |
| | |
| postgresql-9.1 [13] | New upstream release |
| | |
| tzdata [14] | New upstream version |
| | |
| xapian-core [15] | Fix possible database corruption, |
| | especially with recoll |
| | |
| zendframework [16] | Fix regression from ZF2015-08: binary |
| | data corruption; fix ZF2016-01: |
| | Potential Insufficient Entropy |
| | Vulnerability in ZF1 |
| | |
+--------------------------+------------------------------------------+

1: https://packages.debian.org/src:base-files
2: https://packages.debian.org/src:debian-installer
3: https://packages.debian.org/src:debian-installer-netboot-images
4: https://packages.debian.org/src:dpkg
5: https://packages.debian.org/src:groovy
6: https://packages.debian.org/src:gtk+3.0
7: https://packages.debian.org/src:highlight
8: https://packages.debian.org/src:icecast2
9: https://packages.debian.org/src:libcrypto++
10: https://packages.debian.org/src:libdatetime-timezone-perl
11: https://packages.debian.org/src:openldap
12: https://packages.debian.org/src:optipng
13: https://packages.debian.org/src:postgresql-9.1
14: https://packages.debian.org/src:tzdata
15: https://packages.debian.org/src:xapian-core
16: https://packages.debian.org/src:zendframework

Security Updates
----------------

This revision adds the following security updates to the oldstable
release. The Security Team has already released an advisory for each of
these updates:

+----------------+---------------------------+
| Advisory ID | Package |
+----------------+---------------------------+
| DSA-2722 [17] | icedtea-web [18] |
| | |
| DSA-2727 [19] | openjdk-6 [20] |
| | |
| DSA-2768 [21] | icedtea-web [22] |
| | |
| DSA-2893 [23] | openswan [24] |
| | |
| DSA-2912 [25] | openjdk-6 [26] |
| | |
| DSA-2980 [27] | openjdk-6 [28] |
| | |
| DSA-3070 [29] | kfreebsd-9 [30] |
| | |
| DSA-3077 [31] | openjdk-6 [32] |
| | |
| DSA-3147 [33] | openjdk-6 [34] |
| | |
| DSA-3157 [35] | ruby1.9.1 [36] |
| | |
| DSA-3163 [37] | libreoffice [38] |
| | |
| DSA-3175 [39] | kfreebsd-9 [40] |
| | |
| DSA-3219 [41] | libdbd-firebird-perl [42] |
| | |
| DSA-3234 [43] | openjdk-6 [44] |
| | |
| DSA-3236 [45] | libreoffice [46] |
| | |
| DSA-3246 [47] | ruby1.9.1 [48] |
| | |
| DSA-3339 [49] | openjdk-6 [50] |
| | |
| DSA-3356 [51] | openldap [52] |
| | |
| DSA-3394 [53] | libreoffice [54] |
| | |
| DSA-3410 [55] | icedove-l10n [56] |
| | |
| DSA-3410 [57] | icedove [58] |
| | |
| DSA-3410 [59] | enigmail [60] |
| | |
| DSA-3432 [61] | icedove [62] |
| | |
| DSA-3442 [63] | isc-dhcp [64] |
| | |
| DSA-3458 [65] | openjdk-7 [66] |
| | |
| DSA-3465 [67] | openjdk-6 [68] |
| | |
| DSA-3467 [69] | tiff [70] |
| | |
| DSA-3475 [71] | postgresql-9.1 [72] |
| | |
| DSA-3480 [73] | eglibc [74] |
| | |
| DSA-3482 [75] | libreoffice [76] |
| | |
| DSA-3485 [77] | didiwiki [78] |
| | |
| DSA-3491 [79] | icedove [80] |
| | |
| DSA-3515 [81] | graphite2 [82] |
| | |
| DSA-3520 [83] | icedove [84] |
| | |
| DSA-3523 [85] | iceweasel [86] |
| | |
| DSA-3530 [87] | tomcat6 [88] |
| | |
| DSA-3534 [89] | dhcpcd [90] |
| | |
| DSA-3536 [91] | libstruts1.2-java [92] |
| | |
| DSA-3537 [93] | imlib2 [94] |
| | |
| DSA-3538 [95] | libebml [96] |
| | |
| DSA-3539 [97] | srtp [98] |
| | |
| DSA-3540 [99] | lhasa [100] |
| | |
| DSA-3541 [101] | roundcube [102] |
| | |
| DSA-3542 [103] | mercurial [104] |
| | |
| DSA-3543 [105] | oar [106] |
| | |
| DSA-3544 [107] | python-django [108] |
| | |
| DSA-3546 [109] | optipng [110] |
| | |
| DSA-3547 [111] | imagemagick [112] |
| | |
| DSA-3550 [113] | openssh [114] |
| | |
| DSA-3551 [115] | fuseiso [116] |
| | |
| DSA-3552 [117] | tomcat7 [118] |
| | |
| DSA-3553 [119] | varnish [120] |
| | |
| DSA-3555 [121] | imlib2 [122] |
| | |
| DSA-3556 [123] | libgd2 [124] |
| | |
| DSA-3559 [125] | iceweasel [126] |
| | |
+----------------+---------------------------+

17: https://www.debian.org/security/2013/dsa-2722
18: https://packages.debian.org/src:icedtea-web
19: https://www.debian.org/security/2013/dsa-2727
20: https://packages.debian.org/src:openjdk-6
21: https://www.debian.org/security/2013/dsa-2768
22: https://packages.debian.org/src:icedtea-web
23: https://www.debian.org/security/2014/dsa-2893
24: https://packages.debian.org/src:openswan
25: https://www.debian.org/security/2014/dsa-2912
26: https://packages.debian.org/src:openjdk-6
27: https://www.debian.org/security/2014/dsa-2980
28: https://packages.debian.org/src:openjdk-6
29: https://www.debian.org/security/2014/dsa-3070
30: https://packages.debian.org/src:kfreebsd-9
31: https://www.debian.org/security/2014/dsa-3077
32: https://packages.debian.org/src:openjdk-6
33: https://www.debian.org/security/2015/dsa-3147
34: https://packages.debian.org/src:openjdk-6
35: https://www.debian.org/security/2015/dsa-3157
36: https://packages.debian.org/src:ruby1.9.1
37: https://www.debian.org/security/2015/dsa-3163
38: https://packages.debian.org/src:libreoffice
39: https://www.debian.org/security/2015/dsa-3175
40: https://packages.debian.org/src:kfreebsd-9
41: https://www.debian.org/security/2015/dsa-3219
42: https://packages.debian.org/src:libdbd-firebird-perl
43: https://www.debian.org/security/2015/dsa-3234
44: https://packages.debian.org/src:openjdk-6
45: https://www.debian.org/security/2015/dsa-3236
46: https://packages.debian.org/src:libreoffice
47: https://www.debian.org/security/2015/dsa-3246
48: https://packages.debian.org/src:ruby1.9.1
49: https://www.debian.org/security/2015/dsa-3339
50: https://packages.debian.org/src:openjdk-6
51: https://www.debian.org/security/2015/dsa-3356
52: https://packages.debian.org/src:openldap
53: https://www.debian.org/security/2015/dsa-3394
54: https://packages.debian.org/src:libreoffice
55: https://www.debian.org/security/2015/dsa-3410
56: https://packages.debian.org/src:icedove-l10n
57: https://www.debian.org/security/2015/dsa-3410
58: https://packages.debian.org/src:icedove
59: https://www.debian.org/security/2015/dsa-3410
60: https://packages.debian.org/src:enigmail
61: https://www.debian.org/security/2016/dsa-3432
62: https://packages.debian.org/src:icedove
63: https://www.debian.org/security/2016/dsa-3442
64: https://packages.debian.org/src:isc-dhcp
65: https://www.debian.org/security/2016/dsa-3458
66: https://packages.debian.org/src:openjdk-7
67: https://www.debian.org/security/2016/dsa-3465
68: https://packages.debian.org/src:openjdk-6
69: https://www.debian.org/security/2016/dsa-3467
70: https://packages.debian.org/src:tiff
71: https://www.debian.org/security/2016/dsa-3475
72: https://packages.debian.org/src:postgresql-9.1
73: https://www.debian.org/security/2016/dsa-3480
74: https://packages.debian.org/src:eglibc
75: https://www.debian.org/security/2016/dsa-3482
76: https://packages.debian.org/src:libreoffice
77: https://www.debian.org/security/2016/dsa-3485
78: https://packages.debian.org/src:didiwiki
79: https://www.debian.org/security/2016/dsa-3491
80: https://packages.debian.org/src:icedove
81: https://www.debian.org/security/2016/dsa-3515
82: https://packages.debian.org/src:graphite2
83: https://www.debian.org/security/2016/dsa-3520
84: https://packages.debian.org/src:icedove
85: https://www.debian.org/security/2016/dsa-3523
86: https://packages.debian.org/src:iceweasel
87: https://www.debian.org/security/2016/dsa-3530
88: https://packages.debian.org/src:tomcat6
89: https://www.debian.org/security/2016/dsa-3534
90: https://packages.debian.org/src:dhcpcd
91: https://www.debian.org/security/2016/dsa-3536
92: https://packages.debian.org/src:libstruts1.2-java
93: https://www.debian.org/security/2016/dsa-3537
94: https://packages.debian.org/src:imlib2
95: https://www.debian.org/security/2016/dsa-3538
96: https://packages.debian.org/src:libebml
97: https://www.debian.org/security/2016/dsa-3539
98: https://packages.debian.org/src:srtp
99: https://www.debian.org/security/2016/dsa-3540
100: https://packages.debian.org/src:lhasa
101: https://www.debian.org/security/2016/dsa-3541
102: https://packages.debian.org/src:roundcube
103: https://www.debian.org/security/2016/dsa-3542
104: https://packages.debian.org/src:mercurial
105: https://www.debian.org/security/2016/dsa-3543
106: https://packages.debian.org/src:oar
107: https://www.debian.org/security/2016/dsa-3544
108: https://packages.debian.org/src:python-django
109: https://www.debian.org/security/2016/dsa-3546
110: https://packages.debian.org/src:optipng
111: https://www.debian.org/security/2016/dsa-3547
112: https://packages.debian.org/src:imagemagick
113: https://www.debian.org/security/2016/dsa-3550
114: https://packages.debian.org/src:openssh
115: https://www.debian.org/security/2016/dsa-3551
116: https://packages.debian.org/src:fuseiso
117: https://www.debian.org/security/2016/dsa-3552
118: https://packages.debian.org/src:tomcat7
119: https://www.debian.org/security/2016/dsa-3553
120: https://packages.debian.org/src:varnish
121: https://www.debian.org/security/2016/dsa-3555
122: https://packages.debian.org/src:imlib2
123: https://www.debian.org/security/2016/dsa-3556
124: https://packages.debian.org/src:libgd2
125: https://www.debian.org/security/2016/dsa-3559
126: https://packages.debian.org/src:iceweasel

Debian Installer
----------------

URLs
----

The complete lists of packages that have changed with this revision:

http://ftp.debian.org/debian/dists/wheezy/ChangeLog


The current oldstable distribution:

http://ftp.debian.org/debian/dists/oldstable/


Proposed updates to the oldstable distribution:

http://ftp.debian.org/debian/dists/oldstable-proposed-updates


oldstable distribution information (release notes, errata etc.):

https://www.debian.org/releases/oldstable/


Security announcements and information:

https://security.debian.org/ [127]

127: https://www.debian.org/security/

Updated Debian 8: 8.5 released

------------------------------------------------------------------------
The Debian Project https://www.debian.org/
Updated Debian 8: 8.5 released press@debian.org
June 4th, 2016 https://www.debian.org/News/2016/20160604
------------------------------------------------------------------------


The Debian project is pleased to announce the fifth update of its stable
distribution Debian 8 (codename "jessie"). This update mainly adds
corrections for security problems to the stable release, along with a
few adjustments for serious problems. Security advisories were already
published separately and are referenced where available.

Please note that this update does not constitute a new version of Debian
8 but only updates some of the packages included. There is no need to
throw away old "jessie" CDs or DVDs but only to update via an up-to-date
Debian mirror after an installation, to cause any out of date packages
to be updated.

Those who frequently install updates from security.debian.org won't have
to update many packages and most updates from security.debian.org are
included in this update.

New installation media and CD and DVD images containing updated packages
will be available soon at the regular locations.

Upgrading to this revision online is usually done by pointing the
aptitude (or apt) package tool (see the sources.list(5) manual page) to
one of Debian's many FTP or HTTP mirrors. A comprehensive list of
mirrors is available at:

https://www.debian.org/mirror/list



Miscellaneous Bugfixes
----------------------

This stable update adds a few important corrections to the following
packages:

+-------------------------+-------------------------------------------+
| Package | Reason |
+-------------------------+-------------------------------------------+
| autofs [1] | Remove stray debugging output in log |
| | files |
| | |
| bareos [2] | Fix GnuTLS backend initialization, TLS |
| | negotiation for passive filedaemons |
| | |
| base-files [3] | Update for the point release |
| | |
| chrony [4] | Fix CVE-2016-1567: Restrict |
| | authentication of server/peer to |
| | specified key; remove /var/lib/chrony on |
| | purge only; rework postrotate log |
| | rotation script |
| | |
| clamav [5] | New upstream release |
| | |
| cyrus-imapd-2.4 [6] | Drop broken caldav support |
| | |
| debian-edu [7] | Add libdns-mdns to tasks/desktop-other |
| | and tasks/main-server to make CUPS |
| | browsing really functional; add avahi- |
| | discover, mdns-scan, avahi-autoipd and |
| | kdnssd to tasks/main-server as suggested |
| | packages |
| | |
| debian-edu-config [8] | Backport various bug fixes |
| | |
| debian-edu-doc [9] | Update wheezy and jessie documentation |
| | |
| debian-edu-install [10] | Update version number to 8+edu0 |
| | |
| debian-installer [11] | Rebuild against proposed-updates; add |
| | sata-modules for arm64 - some machines do |
| | have SATA CD |
| | |
| debian-installer- | Rebuild against new debian-installer; |
| netboot-images [12] | swap the d-i Built-Using with the |
| | installer fetching, to fail on version |
| | mismatches earlier |
| | |
| dpkg [13] | Add more Conflicts for removed packages |
| | expecting dpkg to ship install-info; |
| | remove trailing space before handling |
| | blank line dot-separator in |
| | Dpkg::Control::HashCore. Regression |
| | introduced in dpkg 1.17.25; only use the |
| | SHELL environment variable for |
| | interactive shells; move tar option --no- |
| | recursion before -T in dpkg-deb; |
| | initialize Config-Version also for |
| | packages previously in triggers-pending |
| | state; fix memory leak in dpkg infodb |
| | format upgrade logic; fix physical file |
| | offset comparison in dpkg; add kfreebsd- |
| | armhf support to ostable and |
| | triplettable; add NIOS2 support to |
| | cputable |
| | |
| evince [14] | Fix crashes when document has pages |
| | removed and is reloaded, and when a |
| | recent document fails to load |
| | |
| ext4magic [15] | Fix an issue which makes impossible to |
| | recover or examine Ext4 filesystems |
| | |
| fusionforge [16] | Disable mediawiki plugin, as mediawiki is |
| | being removed |
| | |
| gitolite3 [17] | Enable repository paths without '~/' in |
| | git-annex-shell |
| | |
| glusterfs [18] | Add missing glusterd hook script to |
| | glusterfs-server package |
| | |
| gosa [19] | Several bugfixes |
| | |
| gpa [20] | Fix check of dialog return values |
| | |
| groovy [21] | Fix remote execution of untrusted code |
| | and possible DoS vulnerability [CVE-2015- |
| | 3253] |
| | |
| hexchat [22] | Verify hostnames when ssl is in use |
| | |
| hivex [23] | Fix ruby-hivex installation |
| | |
| icedove [24] | Fix build failure on mips; fix build on |
| | arm{el,hf} |
| | |
| icedtea-web [25] | New upstream release, fixes CVE-2015-5235 |
| | and CVE-2015-5234 |
| | |
| initramfs-tools [26] | Include drivers/nvme in block driver |
| | modules; create ORDER files even if there |
| | are no valid scripts |
| | |
| libcrypto++ [27] | Fix Rijndael timing attack counter |
| | measure [CVE-2016-3995] |
| | |
| libdatetime-timezone- | Update to tzdata 2016d |
| perl [28] | |
| | |
| libksba [29] | Do not abort on decoder stack overflow |
| | [CVE-2016-4353]; fix integer overflow in |
| | the BER decoder (CVE-2016-4354 CVE-2016- |
| | 4355), encoding of invalid utf-8 strings |
| | in dn.c [CVE-2016-4356], OOB read access |
| | in _ksba_dn_to_str, possible read access |
| | beyond the buffer [CVE-2016-4579] |
| | |
| libreoffice [30] | Fix build failure on ppc64el due to |
| | changes in OpenJDK; fix logic to not |
| | install sound files |
| | |
| linux [31] | Revert some changes in 3.16.7-ckt25-1 |
| | which caused issues on some systems with |
| | Radeon graphics cards and when inserting |
| | a USB device |
| | |
| lvm2 [32] | Set default pid directory to /run |
| | |
| mathematica-fonts [33] | Update for new upstream file version |
| | (10); only TrueType fonts are now |
| | available; add missing dependency on wget |
| | |
| nam [34] | Build-Depend on tcl / tk >= 8.6 |
| | |
| ngspice [35] | Run lyx with a temporary -userdir to not |
| | rely on $HOME |
| | |
| nlpsolver [36] | Add missing Depends: on libreoffice-java- |
| | common |
| | |
| nmap [37] | Fix versioned breaks/replaces; deal with |
| | unuseable socks proxy; ignore |
| | unenumerable interfaces; move ndiff.py |
| | from zenmap to ndiff |
| | |
| opam [38] | Fix insecure certificate handling |
| | |
| openjdk-7 [39] | Fix build failure on arm{el,hf} |
| | |
| openssl [40] | Update expired certificates used by test |
| | suite; update to 1.0.1t stable release; |
| | use alternate trust chains; use correct |
| | digest when exporting keying material; |
| | security fixes [CVE-2015-3197 CVE-2015- |
| | 1793] |
| | |
| pepperflashplugin- | Update Google public key; remove 32 bit |
| nonfree [41] | support |
| | |
| perl [42] | Apply selected bug-fix patches taken from |
| | 5.20.3; fix debugperl crashes with XS |
| | modules; CVE-2015-8853 fix regexp engine |
| | hang on illegal UTF8 input; fix UTF8- |
| | related regexp engine crash |
| | |
| postgresql-9.1 [43] | New upstream release |
| | |
| postgresql-9.4 [44] | New upstream release |
| | |
| quota [45] | Change invocation of quota services, so |
| | systemd takes over most of the work |
| | |
| redmine [46] | Load all database drivers for all Redmine |
| | instances |
| | |
| tklib [47] | Fixed typo in Plotchart version which |
| | prevented its loading |
| | |
| tzdata [48] | New upstream release |
| | |
| wmforecast [49] | Update for new Yahoo! weather API |
| | |
| xapian-core [50] | Fix possible database corruption, |
| | especially with recoll |
| | |
| xarchiver [51] | Fix crash when attempting to cancel |
| | "extract here" in Thunar plugin |
| | |
| xscreensaver [52] | Remove warning about "outdated" version |
| | |
| zendframework [53] | Fix regression from ZF2015-08: binary |
| | data corruption; fix ZF2016-01: Potential |
| | Insufficient Entropy Vulnerability in ZF1 |
| | |
+-------------------------+-------------------------------------------+

1: https://packages.debian.org/src:autofs
2: https://packages.debian.org/src:bareos
3: https://packages.debian.org/src:base-files
4: https://packages.debian.org/src:chrony
5: https://packages.debian.org/src:clamav
6: https://packages.debian.org/src:cyrus-imapd-2.4
7: https://packages.debian.org/src:debian-edu
8: https://packages.debian.org/src:debian-edu-config
9: https://packages.debian.org/src:debian-edu-doc
10: https://packages.debian.org/src:debian-edu-install
11: https://packages.debian.org/src:debian-installer
12: https://packages.debian.org/src:debian-installer-netboot-images
13: https://packages.debian.org/src:dpkg
14: https://packages.debian.org/src:evince
15: https://packages.debian.org/src:ext4magic
16: https://packages.debian.org/src:fusionforge
17: https://packages.debian.org/src:gitolite3
18: https://packages.debian.org/src:glusterfs
19: https://packages.debian.org/src:gosa
20: https://packages.debian.org/src:gpa
21: https://packages.debian.org/src:groovy
22: https://packages.debian.org/src:hexchat
23: https://packages.debian.org/src:hivex
24: https://packages.debian.org/src:icedove
25: https://packages.debian.org/src:icedtea-web
26: https://packages.debian.org/src:initramfs-tools
27: https://packages.debian.org/src:libcrypto++
28: https://packages.debian.org/src:libdatetime-timezone-perl
29: https://packages.debian.org/src:libksba
30: https://packages.debian.org/src:libreoffice
31: https://packages.debian.org/src:linux
32: https://packages.debian.org/src:lvm2
33: https://packages.debian.org/src:mathematica-fonts
34: https://packages.debian.org/src:nam
35: https://packages.debian.org/src:ngspice
36: https://packages.debian.org/src:nlpsolver
37: https://packages.debian.org/src:nmap
38: https://packages.debian.org/src:opam
39: https://packages.debian.org/src:openjdk-7
40: https://packages.debian.org/src:openssl
41: https://packages.debian.org/src:pepperflashplugin-nonfree
42: https://packages.debian.org/src:perl
43: https://packages.debian.org/src:postgresql-9.1
44: https://packages.debian.org/src:postgresql-9.4
45: https://packages.debian.org/src:quota
46: https://packages.debian.org/src:redmine
47: https://packages.debian.org/src:tklib
48: https://packages.debian.org/src:tzdata
49: https://packages.debian.org/src:wmforecast
50: https://packages.debian.org/src:xapian-core
51: https://packages.debian.org/src:xarchiver
52: https://packages.debian.org/src:xscreensaver
53: https://packages.debian.org/src:zendframework

Security Updates
----------------

This revision adds the following security updates to the stable release.
The Security Team has already released an advisory for each of these
updates:

+----------------+------------------------+
| Advisory ID | Package |
+----------------+------------------------+
| DSA-3410 [54] | icedove-l10n [55] |
| | |
| DSA-3410 [56] | iceowl-l10n [57] |
| | |
| DSA-3410 [58] | enigmail [59] |
| | |
| DSA-3410 [60] | icedove [61] |
| | |
| DSA-3432 [62] | icedove [63] |
| | |
| DSA-3473 [64] | nginx [65] |
| | |
| DSA-3476 [66] | postgresql-9.4 [67] |
| | |
| DSA-3482 [68] | libreoffice [69] |
| | |
| DSA-3485 [70] | didiwiki [71] |
| | |
| DSA-3491 [72] | icedove [73] |
| | |
| DSA-3495 [74] | xymon [75] |
| | |
| DSA-3520 [76] | icedove [77] |
| | |
| DSA-3530 [78] | tomcat6 [79] |
| | |
| DSA-3533 [80] | openvswitch [81] |
| | |
| DSA-3535 [82] | kamailio [83] |
| | |
| DSA-3537 [84] | imlib2 [85] |
| | |
| DSA-3538 [86] | libebml [87] |
| | |
| DSA-3539 [88] | srtp [89] |
| | |
| DSA-3540 [90] | lhasa [91] |
| | |
| DSA-3542 [92] | mercurial [93] |
| | |
| DSA-3543 [94] | oar [95] |
| | |
| DSA-3544 [96] | python-django [97] |
| | |
| DSA-3545 [98] | cgit [99] |
| | |
| DSA-3546 [100] | optipng [101] |
| | |
| DSA-3549 [102] | chromium-browser [103] |
| | |
| DSA-3550 [104] | openssh [105] |
| | |
| DSA-3552 [106] | tomcat7 [107] |
| | |
| DSA-3554 [108] | xen [109] |
| | |
| DSA-3555 [110] | imlib2 [111] |
| | |
| DSA-3556 [112] | libgd2 [113] |
| | |
| DSA-3557 [114] | mysql-5.5 [115] |
| | |
| DSA-3558 [116] | openjdk-7 [117] |
| | |
| DSA-3559 [118] | iceweasel [119] |
| | |
| DSA-3560 [120] | php5 [121] |
| | |
| DSA-3561 [122] | subversion [123] |
| | |
| DSA-3562 [124] | tardiff [125] |
| | |
| DSA-3563 [126] | poppler [127] |
| | |
| DSA-3564 [128] | chromium-browser [129] |
| | |
| DSA-3565 [130] | pdns [131] |
| | |
| DSA-3565 [132] | ovito [133] |
| | |
| DSA-3565 [134] | botan1.10 [135] |
| | |
| DSA-3565 [136] | softhsm [137] |
| | |
| DSA-3565 [138] | qtcreator [139] |
| | |
| DSA-3566 [140] | openssl [141] |
| | |
| DSA-3567 [142] | libpam-sshauth [143] |
| | |
| DSA-3568 [144] | libtasn1-6 [145] |
| | |
| DSA-3569 [146] | openafs [147] |
| | |
| DSA-3570 [148] | mercurial [149] |
| | |
| DSA-3571 [150] | ikiwiki [151] |
| | |
| DSA-3572 [152] | websvn [153] |
| | |
| DSA-3573 [154] | qemu [155] |
| | |
| DSA-3574 [156] | libarchive [157] |
| | |
| DSA-3575 [158] | libxstream-java [159] |
| | |
| DSA-3576 [160] | icedove [161] |
| | |
| DSA-3577 [162] | jansson [163] |
| | |
| DSA-3578 [164] | libidn [165] |
| | |
| DSA-3579 [166] | xerces-c [167] |
| | |
| DSA-3580 [168] | imagemagick [169] |
| | |
| DSA-3581 [170] | libndp [171] |
| | |
| DSA-3582 [172] | expat [173] |
| | |
| DSA-3583 [174] | swift-plugin-s3 [175] |
| | |
| DSA-3584 [176] | librsvg [177] |
| | |
| DSA-3585 [178] | wireshark [179] |
| | |
| DSA-3586 [180] | atheme-services [181] |
| | |
| DSA-3587 [182] | libgd2 [183] |
| | |
+----------------+------------------------+

54: https://www.debian.org/security/2015/dsa-3410
55: https://packages.debian.org/src:icedove-l10n
56: https://www.debian.org/security/2015/dsa-3410
57: https://packages.debian.org/src:iceowl-l10n
58: https://www.debian.org/security/2015/dsa-3410
59: https://packages.debian.org/src:enigmail
60: https://www.debian.org/security/2015/dsa-3410
61: https://packages.debian.org/src:icedove
62: https://www.debian.org/security/2016/dsa-3432
63: https://packages.debian.org/src:icedove
64: https://www.debian.org/security/2016/dsa-3473
65: https://packages.debian.org/src:nginx
66: https://www.debian.org/security/2016/dsa-3476
67: https://packages.debian.org/src:postgresql-9.4
68: https://www.debian.org/security/2016/dsa-3482
69: https://packages.debian.org/src:libreoffice
70: https://www.debian.org/security/2016/dsa-3485
71: https://packages.debian.org/src:didiwiki
72: https://www.debian.org/security/2016/dsa-3491
73: https://packages.debian.org/src:icedove
74: https://www.debian.org/security/2016/dsa-3495
75: https://packages.debian.org/src:xymon
76: https://www.debian.org/security/2016/dsa-3520
77: https://packages.debian.org/src:icedove
78: https://www.debian.org/security/2016/dsa-3530
79: https://packages.debian.org/src:tomcat6
80: https://www.debian.org/security/2016/dsa-3533
81: https://packages.debian.org/src:openvswitch
82: https://www.debian.org/security/2016/dsa-3535
83: https://packages.debian.org/src:kamailio
84: https://www.debian.org/security/2016/dsa-3537
85: https://packages.debian.org/src:imlib2
86: https://www.debian.org/security/2016/dsa-3538
87: https://packages.debian.org/src:libebml
88: https://www.debian.org/security/2016/dsa-3539
89: https://packages.debian.org/src:srtp
90: https://www.debian.org/security/2016/dsa-3540
91: https://packages.debian.org/src:lhasa
92: https://www.debian.org/security/2016/dsa-3542
93: https://packages.debian.org/src:mercurial
94: https://www.debian.org/security/2016/dsa-3543
95: https://packages.debian.org/src:oar
96: https://www.debian.org/security/2016/dsa-3544
97: https://packages.debian.org/src:python-django
98: https://www.debian.org/security/2016/dsa-3545
99: https://packages.debian.org/src:cgit
100: https://www.debian.org/security/2016/dsa-3546
101: https://packages.debian.org/src:optipng
102: https://www.debian.org/security/2016/dsa-3549
103: https://packages.debian.org/src:chromium-browser
104: https://www.debian.org/security/2016/dsa-3550
105: https://packages.debian.org/src:openssh
106: https://www.debian.org/security/2016/dsa-3552
107: https://packages.debian.org/src:tomcat7
108: https://www.debian.org/security/2016/dsa-3554
109: https://packages.debian.org/src:xen
110: https://www.debian.org/security/2016/dsa-3555
111: https://packages.debian.org/src:imlib2
112: https://www.debian.org/security/2016/dsa-3556
113: https://packages.debian.org/src:libgd2
114: https://www.debian.org/security/2016/dsa-3557
115: https://packages.debian.org/src:mysql-5.5
116: https://www.debian.org/security/2016/dsa-3558
117: https://packages.debian.org/src:openjdk-7
118: https://www.debian.org/security/2016/dsa-3559
119: https://packages.debian.org/src:iceweasel
120: https://www.debian.org/security/2016/dsa-3560
121: https://packages.debian.org/src:php5
122: https://www.debian.org/security/2016/dsa-3561
123: https://packages.debian.org/src:subversion
124: https://www.debian.org/security/2016/dsa-3562
125: https://packages.debian.org/src:tardiff
126: https://www.debian.org/security/2016/dsa-3563
127: https://packages.debian.org/src:poppler
128: https://www.debian.org/security/2016/dsa-3564
129: https://packages.debian.org/src:chromium-browser
130: https://www.debian.org/security/2016/dsa-3565
131: https://packages.debian.org/src:pdns
132: https://www.debian.org/security/2016/dsa-3565
133: https://packages.debian.org/src:ovito
134: https://www.debian.org/security/2016/dsa-3565
135: https://packages.debian.org/src:botan1.10
136: https://www.debian.org/security/2016/dsa-3565
137: https://packages.debian.org/src:softhsm
138: https://www.debian.org/security/2016/dsa-3565
139: https://packages.debian.org/src:qtcreator
140: https://www.debian.org/security/2016/dsa-3566
141: https://packages.debian.org/src:openssl
142: https://www.debian.org/security/2016/dsa-3567
143: https://packages.debian.org/src:libpam-sshauth
144: https://www.debian.org/security/2016/dsa-3568
145: https://packages.debian.org/src:libtasn1-6
146: https://www.debian.org/security/2016/dsa-3569
147: https://packages.debian.org/src:openafs
148: https://www.debian.org/security/2016/dsa-3570
149: https://packages.debian.org/src:mercurial
150: https://www.debian.org/security/2016/dsa-3571
151: https://packages.debian.org/src:ikiwiki
152: https://www.debian.org/security/2016/dsa-3572
153: https://packages.debian.org/src:websvn
154: https://www.debian.org/security/2016/dsa-3573
155: https://packages.debian.org/src:qemu
156: https://www.debian.org/security/2016/dsa-3574
157: https://packages.debian.org/src:libarchive
158: https://www.debian.org/security/2016/dsa-3575
159: https://packages.debian.org/src:libxstream-java
160: https://www.debian.org/security/2016/dsa-3576
161: https://packages.debian.org/src:icedove
162: https://www.debian.org/security/2016/dsa-3577
163: https://packages.debian.org/src:jansson
164: https://www.debian.org/security/2016/dsa-3578
165: https://packages.debian.org/src:libidn
166: https://www.debian.org/security/2016/dsa-3579
167: https://packages.debian.org/src:xerces-c
168: https://www.debian.org/security/2016/dsa-3580
169: https://packages.debian.org/src:imagemagick
170: https://www.debian.org/security/2016/dsa-3581
171: https://packages.debian.org/src:libndp
172: https://www.debian.org/security/2016/dsa-3582
173: https://packages.debian.org/src:expat
174: https://www.debian.org/security/2016/dsa-3583
175: https://packages.debian.org/src:swift-plugin-s3
176: https://www.debian.org/security/2016/dsa-3584
177: https://packages.debian.org/src:librsvg
178: https://www.debian.org/security/2016/dsa-3585
179: https://packages.debian.org/src:wireshark
180: https://www.debian.org/security/2016/dsa-3586
181: https://packages.debian.org/src:atheme-services
182: https://www.debian.org/security/2016/dsa-3587
183: https://packages.debian.org/src:libgd2

Removed packages
----------------

The following packages were removed due to circumstances beyond our
control:

+-------------------------------+--------------------------------------+
| Package | Reason |
+-------------------------------+--------------------------------------+
| lyz [184] | Depends on to-be-removed zotero- |
| | standalone-build |
| | |
| mediawiki [185] | No longer security supported |
| | |
| mediawiki-math [186] | Depends on to-be-removed mediawiki |
| | |
| zotero-standalone-build [187] | Unusable in jessie |
| | |
+-------------------------------+--------------------------------------+

184: https://packages.debian.org/src:lyz
185: https://packages.debian.org/src:mediawiki
186: https://packages.debian.org/src:mediawiki-math
187: https://packages.debian.org/src:zotero-standalone-build

Debian Installer
----------------

URLs
----

The complete lists of packages that have changed with this revision:

http://ftp.debian.org/debian/dists/jessie/ChangeLog


The current stable distribution:

http://ftp.debian.org/debian/dists/stable/


Proposed updates to the stable distribution:

http://ftp.debian.org/debian/dists/proposed-updates


stable distribution information (release notes, errata etc.):

https://www.debian.org/releases/stable/


Security announcements and information:

https://security.debian.org/ [188]

188: https://www.debian.org/security/