Debian 10225 Published by

The third update of Debian GNU/Linux 8 is now available



Here the official announcement:

------------------------------------------------------------------------
The Debian Project https://www.debian.org/
Updated Debian 8: 8.3 released press@debian.org
January 23rd, 2016 https://www.debian.org/News/2016/20160123
------------------------------------------------------------------------


The Debian project is pleased to announce the third update of its stable
distribution Debian 8 (codename "jessie"). This update mainly adds
corrections for security problems to the stable release, along with a
few adjustments for serious problems. Security advisories were published
separately and are referenced where applicable.

Please note that this update does not constitute a new version of Debian
8 but only updates some of the packages included. There is no need to
throw away old "jessie" CDs or DVDs but only to update via an up-to-date
Debian mirror after an installation, to cause any out of date packages
to be updated.

Those who frequently install updates from security.debian.org won't have
to update many packages and most updates from security.debian.org are
included in this update.

New installation media and CD and DVD images containing updated packages
will be available soon at the regular locations.

Upgrading to this revision online is usually done by pointing the
aptitude (or apt) package tool (see the sources.list(5) manual page) to
one of Debian's many FTP or HTTP mirrors. A comprehensive list of
mirrors is available at:

https://www.debian.org/mirror/list

Miscellaneous Bugfixes
----------------------

This stable update adds important corrections to the following packages:

+-------------------------+-------------------------------------------+
| Package | Reason |
+-------------------------+-------------------------------------------+
| android-platform- | [i386] rebuild to fix dependency on |
| frameworks-base [1] | android-libhost |
| | |
| apache2 [2] | Fix split-logfile to work with current |
| | perl, secondary-init-script to not source |
| | the main init script with 'set -e', tests |
| | on deferred MPM switch; add versioned |
| | Replaces / Breaks for libapache2-mod- |
| | macro |
| | |
| apt [3] | Hide first pdiff merge failure debug |
| | message; fix marking of deps of pkgs in |
| | APT::Never-MarkAuto-Sections as manual; |
| | do not parse Status fields from remote |
| | sources |
| | |
| apt-dater-host [4] | Fix kernel version detection |
| | |
| apt-offline [5] | Add missing dependency on python-apt |
| | |
| arb [6] | Skip compiler version check |
| | |
| augeas [7] | HTTPD lense: include /etc/apache2/conf- |
| | available directory, allow EOL comments |
| | after section tags |
| | |
| base-files [8] | Update for the 8.3 point release; os- |
| | release: drop trailing slash in |
| | SUPPORT_URL variable |
| | |
| bcfg2 [9] | Support Django 1.7 |
| | |
| ben [10] | Fix buildd.debian.org compact links; |
| | ignore potential errors when deleting |
| | lock file; call dose-debcheck with --deb- |
| | native-arch |
| | |
| ca-certificates [11] | Update Mozilla certificate authority |
| | bundle to version 2.6 |
| | |
| ceph [12] | URL-encode bucket name [CVE-2015-5245] |
| | |
| charybdis [13] | Security fix [CVE-2015-5290]; initialise |
| | gnutls properly |
| | |
| chrony [14] | Build depend on libcap-dev, to allow |
| | dropping of privileges |
| | |
| commons-httpclient [15] | Ensure HTTPS calls use |
| | http.socket.timeout during SSL Handshake |
| | [CVE-2015-5262] |
| | |
| cpuset [16] | Update filesystem namespace prefix patch |
| | |
| curlftpfs [17] | Avoid unsafe cast for getpass() on 64-bit |
| | architectures |
| | |
| dbconfig-common [18] | Fix permissions of PostgreSQL backup |
| | files |
| | |
| debian-handbook [19] | Update for Jessie |
| | |
| debian-installer [20] | Re-introduce installer images for QNAP |
| | TS-x09; provide u-boot images for plug |
| | computers; add the part_gpt module into |
| | the core grub image; add beep to UEFI x86 |
| | boot menu; add 's' shortcut for speech to |
| | UEFI x86 boot menu; exclude usb-serial- |
| | modules from the armel network-console |
| | image and usb-modules explicitly on |
| | armel/orion5x network-console; drop the |
| | file extension from the initrd for QNAP |
| | devices; adjust p-u support to handle |
| | file:// instead of (f|ht)tp:// only |
| | |
| debian-installer- | Rebuild for the point release |
| netboot-images [21] | |
| | |
| docbook2x [22] | Do not install info/dir.gz files |
| | |
| doctrine [23] | Fix directory permissions issue |
| | [CVE-2015-5723] |
| | |
| drbd-utils [24] | Fix drbdadm adjust with IPv6 peer |
| | addresses |
| | |
| ejabberd [25] | Fix broken LDAP queries |
| | |
| exfat-utils [26] | Fix buffer overflow and infinite loop |
| | |
| exim4 [27] | Fix some MIME ACL related crashes; fix a |
| | bug causing duplicate deliveries, |
| | especially on TLS connections |
| | |
| fglrx-driver [28] | New upstream release; fix security issue |
| | [CVE-2015-7724] |
| | |
| file [29] | Fix --parameter handling |
| | |
| flash-kernel [30] | Avoid waiting for Ctrl-C if any debconf |
| | frontend is in use |
| | |
| fuse-exfat [31] | Fix buffer overflow and infinite loop |
| | |
| ganglia-modules- | Only restart the ganglia service after |
| linux [32] | installation if it was previously running |
| | |
| getmail4 [33] | Set poplib._MAXLINE=1MB |
| | |
| glance [34] | Prevent image status being directly |
| | modified via v1 API [CVE-2015-5251] |
| | |
| glibc [35] | Fix getaddrinfo sometimes returning |
| | uninitialized data with nscd; fix data |
| | corruption while reading the NSS files |
| | database [CVE-2015-5277]; fix buffer |
| | overflow (read past end of buffer) in |
| | internal_fnmatch; fix _IO_wstr_overflow |
| | integer overflow; fix unexpected closing |
| | of nss_files databases after lookups, |
| | causing denial of service [CVE-2014- |
| | 8121]; fix NSCD netgroup cache; |
| | unconditionally disable LD_POINTER_GUARD; |
| | mangle function pointers in |
| | tls_dtor_list; fix memory allocations |
| | issues that can lead to buffer overflows |
| | on the stack; update TSX blacklist to |
| | also include some Broadwell CPUs |
| | |
| gnome-orca [36] | Ensure correct focus on password entry, |
| | so characters are not echoed |
| | |
| gnome-shell-extension- | Display a warning if API key has not been |
| weather [37] | supplied by the user, since querying |
| | openweathermap.org no longer works |
| | without such a key |
| | |
| gummi [38] | Avoid predictable naming of temporary |
| | files [CVE 2015-7758] |
| | |
| human-icon-theme [39] | debian/clean-up.sh: do not run processes |
| | in background |
| | |
| ieee-data [40] | Update included data files, adding |
| | mam.txt and oui36.txt; stop downloading |
| | via HTTPS, as neither wget nor curl |
| | support TLS AIA, as now used by |
| | standards.ieee.org |
| | |
| intel-microcode [41] | Update included microcode |
| | |
| iptables- | Stop rules files being world-readable; |
| persistent [42] | rewrite README |
| | |
| isc-dhcp [43] | Fix error when maximum lease time is used |
| | on 64-bit systems |
| | |
| keepassx [44] | Fix storage of passwords in clear text |
| | [CVE-2015-8378] |
| | |
| libapache-mod- | Switch B-D from libtool to libtool-bin to |
| fastcgi [45] | fix build failure |
| | |
| libapache2-mod- | Fix crashes in modperl_interp_unselect() |
| perl2 [46] | |
| | |
| libcgi-session- | Untaint raw data coming from session |
| perl [47] | storage backends, fixing a regression |
| | caused by CVE-2015-8607 fixes in perl |
| | |
| libdatetime-timezone- | New upstream release |
| perl [48] | |
| | |
| libencode-perl [49] | Correctly handle a lack of BOM when |
| | decoding |
| | |
| libhtml-scrubber- | Fix cross-site scripting vulnerability in |
| perl [50] | comments [CVE-2015-5667] |
| | |
| libinfinity [51] | Fix possible crashes when an entry is |
| | removed from the document browser and |
| | when access control lists are enabled |
| | |
| libiptables-parse- | Fix use of predictable names for |
| perl [52] | temporary files [CVE-2015-8326] |
| | |
| libraw [53] | Fix index overflow in smal_decode_segment |
| | [CVE-2015-8366]; fix memory objects are |
| | not intialized properly [CVE-2015-8367] |
| | |
| libssh [54] | Fix "null pointer dereference due to a |
| | logical error in the handling of a |
| | SSH_MSG_NEWKEYS and KEXDH_REPLY |
| | packets" [CVE-2015-3146] |
| | |
| linux [55] | Update to upstream release 3.16.7-ctk20; |
| | nbd: restore request timeout detection; |
| | [x86] enable PINCTRL_BAYTRAIL; [mips*/ |
| | octeon] enable CAVIUM_CN63XXP1; |
| | firmware_class: fix condition in |
| | directory search loop; [x86] KVM: svm: |
| | unconditionally intercept #DB [CVE-2015- |
| | 8104] |
| | |
| linux-tools [56] | Add new hyperv-daemons package |
| | |
| lldpd [57] | Fix a segfault and an assertion error |
| | when receiving incorrectly formed LLDP |
| | management addresses |
| | |
| madfuload [58] | Use autoreconf -fi to fix build failure |
| | with automake 1.14 |
| | |
| mdadm [59] | Disable incremental assembly, as it can |
| | cause issues booting a degraded RAID |
| | |
| mkvmlinuz [60] | Direct run-parts output to stderr |
| | |
| monit [61] | Fix umask-related regression from 5.8.1 |
| | |
| mpm-itk [62] | Fix an issue where closing of connections |
| | was attempted in the parent. This would |
| | result in "Connection: close" not being |
| | honoured, and various odd effects with |
| | SSL keepalive in certain browsers |
| | |
| multipath-tools [63] | Fix discovery of devices with blank sysfs |
| | attribute; add documentation to cover |
| | additional friendly names scenarios; |
| | init: fix stop failure when no root |
| | device is found; use 'SCSI_IDENT_.*' as |
| | the default property whitelist |
| | |
| netcfg [64] | Fix is_layer3_qeth on s390x to avoid |
| | bailing out if the network driver is not |
| | qeth |
| | |
| nvidia-graphics- | New upstream release [CVE-2015-5950]; fix |
| drivers [65] | Unsanitized User Mode Input issue |
| | [CVE-2015-7869] |
| | |
| nvidia-graphics- | New upstream release; fix unsanitized |
| drivers- | User Mode Input issue [CVE-2015-7869] |
| legacy-304xx [66] | |
| | |
| nvidia-graphics- | Rebuild against nvidia-kernel-source |
| modules [67] | 340.96 |
| | |
| openldap [68] | Fix a crash when adding a large attribute |
| | value with the auditlog overlay enabled |
| | |
| openvpn [69] | Add --no-block to if-up.d script to avoid |
| | hanging boot on interfaces with openvpn |
| | instances |
| | |
| owncloud [70] | Fix local file inclusion on Microsoft |
| | Windows Platform [CVE-2015-4716], |
| | resource exhaustion when sanitizing |
| | filenames [CVE-2015-4717], command |
| | injection when using external SMB storage |
| | [CVE-2015-4718], calendar export: |
| | Authorization Bypass Through User- |
| | Controlled Key [CVE-2015-6670]; fix |
| | reflected XSS in OCS provider discovery |
| | [oc-sa-2016-001] [CVE-2016-1498], |
| | disclosure of files that begin with \ ".v |
| | \" due to unchecked return value [oc- |
| | sa-2016-003] [CVE-2016-1500], information |
| | exposure via directory listing in the |
| | file scanner [oc-sa-2016-002] [CVE-2016- |
| | 1499], installation path disclosure |
| | through error message [oc-sa-2016-004] |
| | [CVE-2016-1501] |
| | |
| pam [71] | Fix DoS / user enumeration due to |
| | blocking pipe in pam_unix [CVE-2015-3238] |
| | |
| pcre3 [72] | Fix security issues [CVE-2015-2325 |
| | CVE-2015-2326 CVE-2015-3210 CVE-2015-5073 |
| | CVE-2015-8384 CVE-2015-8388] |
| | |
| pdns [73] | Fix upgrades with default configuration |
| | |
| perl [74] | Correctly handle a lack of BOM when |
| | decoding |
| | |
| php-auth-sasl [75] | Rebuild with pkg-php-tools 1.28 to |
| | correct PHP dependencies |
| | |
| php-doctrine- | Fix directory permissions issue |
| annotations [76] | [CVE-2015-5723] |
| | |
| php-doctrine-cache [77] | Fix file / directory permissions issue |
| | [CVE-2015-5723] |
| | |
| php-doctrine- | Fix file permissions issue [CVE-2015- |
| common [78] | 5723] |
| | |
| php-dropbox [79] | Refuse to handle any files containing an |
| | @ [CVE-2015-4715] |
| | |
| php-mail- | Rebuild with pkg-php-tools 1.28 to |
| mimedecode [80] | correct PHP dependencies |
| | |
| php5 [81] | New upstream release |
| | |
| plowshare4 [82] | Disable Javascript support |
| | |
| postgresql-9.1 [83] | New upstream release |
| | |
| pykerberos [84] | Add KDC authenticity verification support |
| | [CVE-2015-3206] |
| | |
| python-yaql [85] | Remove broken python3-yaql package |
| | |
| qpsmtpd [86] | Fix compatibility issue with newer |
| | Net::DNS versions |
| | |
| quassel [87] | Fix remote DoS in quassel core, using /op |
| | * command [CVE-2015-8547] |
| | |
| redis [88] | Ensure that a valid runtime directory is |
| | created when running under systemd |
| | |
| redmine [89] | Fix upgrades when there are locally- |
| | installed plugins; fix moving issues |
| | across projects |
| | |
| rsyslog [90] | Fix crash in imfile module when using |
| | inotify mode; prevent a segfault in |
| | dynafile creation |
| | |
| ruby-bson [91] | Fix DoS and possible injection [CVE-2015- |
| | 4410] |
| | |
| s390-dasd [92] | If no channel is found, exit cleanly. |
| | This allows s390-dasd to step out of the |
| | way on VMs with virtio disks |
| | |
| shadow [93] | Fix error handling in busy user detection |
| | |
| sparse [94] | Fix build failure with llvm-3.5 |
| | |
| spip [95] | Fix cross-site scripting issue |
| | |
| stk [96] | Install missing SKINI.{msg,tbl} include |
| | files |
| | |
| sus [97] | Update checksums for upstream tarball |
| | |
| swift [98] | Fix unauthorized delete of versioned |
| | Swift object [CVE-2015-1856]; fix |
| | information leak via Swift tempurls |
| | [CVE-2015-5223]; fix service name of |
| | object-expirer in init script; add |
| | container-sync init script; |
| | "standardise" user addition |
| | |
| systemd [99] | Fix namespace breakage due to incorrect |
| | path sorting; don't timeout after 90 |
| | seconds when no password was entered for |
| | cryptsetup devices; only set the kernel's |
| | timezone when the RTC runs in local time, |
| | avoiding possible jumps backward in time; |
| | fix incorrect handling of comma separator |
| | in systemd-delta; make DHCP broadcast |
| | behaviour configurable in systemd- |
| | networkd |
| | |
| tangerine-icon- | debian/clean-up.sh: do not run processes |
| theme [100] | in background |
| | |
| torbrowser- | Really apply patches from 0.1.9-1+deb8u1; |
| launcher [101] | stop confining start-tor-browser script |
| | with AppArmor; set usr.bin.torbrowser- |
| | launcher AppArmor profiles to complain |
| | mode |
| | |
| ttylog [102] | Fix truncation of device name when |
| | selecting device |
| | |
| tzdata [103] | New upstream release |
| | |
| uqm [104] | Add missing -lm flag, fixing build |
| | failure |
| | |
| vlc [105] | New upstream stable release |
| | |
| webkitgtk [106] | New upstream stable release; fix "late |
| | TLS certificate verification" [CVE-2015- |
| | 2330] |
| | |
| wxmaxima [107] | Prevent crash on encountering parenthesis |
| | in dialogues |
| | |
| zendframework [108] | Fix entropy issue with captcha [ZF2015- |
| | 09] |
| | |
+-------------------------+-------------------------------------------+

1: https://packages.debian.org/src:android-platform-frameworks-base
2: https://packages.debian.org/src:apache2
3: https://packages.debian.org/src:apt
4: https://packages.debian.org/src:apt-dater-host
5: https://packages.debian.org/src:apt-offline
6: https://packages.debian.org/src:arb
7: https://packages.debian.org/src:augeas
8: https://packages.debian.org/src:base-files
9: https://packages.debian.org/src:bcfg2
10: https://packages.debian.org/src:ben
11: https://packages.debian.org/src:ca-certificates
12: https://packages.debian.org/src:ceph
13: https://packages.debian.org/src:charybdis
14: https://packages.debian.org/src:chrony
15: https://packages.debian.org/src:commons-httpclient
16: https://packages.debian.org/src:cpuset
17: https://packages.debian.org/src:curlftpfs
18: https://packages.debian.org/src:dbconfig-common
19: https://packages.debian.org/src:debian-handbook
20: https://packages.debian.org/src:debian-installer
21: https://packages.debian.org/src:debian-installer-netboot-images
22: https://packages.debian.org/src:docbook2x
23: https://packages.debian.org/src:doctrine
24: https://packages.debian.org/src:drbd-utils
25: https://packages.debian.org/src:ejabberd
26: https://packages.debian.org/src:exfat-utils
27: https://packages.debian.org/src:exim4
28: https://packages.debian.org/src:fglrx-driver
29: https://packages.debian.org/src:file
30: https://packages.debian.org/src:flash-kernel
31: https://packages.debian.org/src:fuse-exfat
32: https://packages.debian.org/src:ganglia-modules-linux
33: https://packages.debian.org/src:getmail4
34: https://packages.debian.org/src:glance
35: https://packages.debian.org/src:glibc
36: https://packages.debian.org/src:gnome-orca
37: https://packages.debian.org/src:gnome-shell-extension-weather
38: https://packages.debian.org/src:gummi
39: https://packages.debian.org/src:human-icon-theme
40: https://packages.debian.org/src:ieee-data
41: https://packages.debian.org/src:intel-microcode
42: https://packages.debian.org/src:iptables-persistent
43: https://packages.debian.org/src:isc-dhcp
44: https://packages.debian.org/src:keepassx
45: https://packages.debian.org/src:libapache-mod-fastcgi
46: https://packages.debian.org/src:libapache2-mod-perl2
47: https://packages.debian.org/src:libcgi-session-perl
48: https://packages.debian.org/src:libdatetime-timezone-perl
49: https://packages.debian.org/src:libencode-perl
50: https://packages.debian.org/src:libhtml-scrubber-perl
51: https://packages.debian.org/src:libinfinity
52: https://packages.debian.org/src:libiptables-parse-perl
53: https://packages.debian.org/src:libraw
54: https://packages.debian.org/src:libssh
55: https://packages.debian.org/src:linux
56: https://packages.debian.org/src:linux-tools
57: https://packages.debian.org/src:lldpd
58: https://packages.debian.org/src:madfuload
59: https://packages.debian.org/src:mdadm
60: https://packages.debian.org/src:mkvmlinuz
61: https://packages.debian.org/src:monit
62: https://packages.debian.org/src:mpm-itk
63: https://packages.debian.org/src:multipath-tools
64: https://packages.debian.org/src:netcfg
65: https://packages.debian.org/src:nvidia-graphics-drivers
66: https://packages.debian.org/src:nvidia-graphics-drivers-legacy-304xx
67: https://packages.debian.org/src:nvidia-graphics-modules
68: https://packages.debian.org/src:openldap
69: https://packages.debian.org/src:openvpn
70: https://packages.debian.org/src:owncloud
71: https://packages.debian.org/src:pam
72: https://packages.debian.org/src:pcre3
73: https://packages.debian.org/src:pdns
74: https://packages.debian.org/src:perl
75: https://packages.debian.org/src:php-auth-sasl
76: https://packages.debian.org/src:php-doctrine-annotations
77: https://packages.debian.org/src:php-doctrine-cache
78: https://packages.debian.org/src:php-doctrine-common
79: https://packages.debian.org/src:php-dropbox
80: https://packages.debian.org/src:php-mail-mimedecode
81: https://packages.debian.org/src:php5
82: https://packages.debian.org/src:plowshare4
83: https://packages.debian.org/src:postgresql-9.1
84: https://packages.debian.org/src:pykerberos
85: https://packages.debian.org/src:python-yaql
86: https://packages.debian.org/src:qpsmtpd
87: https://packages.debian.org/src:quassel
88: https://packages.debian.org/src:redis
89: https://packages.debian.org/src:redmine
90: https://packages.debian.org/src:rsyslog
91: https://packages.debian.org/src:ruby-bson
92: https://packages.debian.org/src:s390-dasd
93: https://packages.debian.org/src:shadow
94: https://packages.debian.org/src:sparse
95: https://packages.debian.org/src:spip
96: https://packages.debian.org/src:stk
97: https://packages.debian.org/src:sus
98: https://packages.debian.org/src:swift
99: https://packages.debian.org/src:systemd
100: https://packages.debian.org/src:tangerine-icon-theme
101: https://packages.debian.org/src:torbrowser-launcher
102: https://packages.debian.org/src:ttylog
103: https://packages.debian.org/src:tzdata
104: https://packages.debian.org/src:uqm
105: https://packages.debian.org/src:vlc
106: https://packages.debian.org/src:webkitgtk
107: https://packages.debian.org/src:wxmaxima
108: https://packages.debian.org/src:zendframework

Security Updates
----------------

This revision adds the following security updates to the stable release.
The Security Team has already released an advisory for each of these
updates:

+----------------+------------------------------------+
| Advisory ID | Package |
+----------------+------------------------------------+
| DSA-3208 [109] | freexl [110] |
| | |
| DSA-3235 [111] | openjdk-7 [112] |
| | |
| DSA-3280 [113] | php5 [114] |
| | |
| DSA-3311 [115] | mariadb-10.0 [116] |
| | |
| DSA-3316 [117] | openjdk-7 [118] |
| | |
| DSA-3324 [119] | icedove [120] |
| | |
| DSA-3327 [121] | squid3 [122] |
| | |
| DSA-3332 [123] | wordpress [124] |
| | |
| DSA-3337 [125] | gdk-pixbuf [126] |
| | |
| DSA-3344 [127] | php5 [128] |
| | |
| DSA-3346 [129] | drupal7 [130] |
| | |
| DSA-3347 [131] | pdns [132] |
| | |
| DSA-3348 [133] | qemu [134] |
| | |
| DSA-3350 [135] | bind9 [136] |
| | |
| DSA-3351 [137] | chromium-browser [138] |
| | |
| DSA-3352 [139] | screen [140] |
| | |
| DSA-3353 [141] | openslp-dfsg [142] |
| | |
| DSA-3354 [143] | spice [144] |
| | |
| DSA-3355 [145] | libvdpau [146] |
| | |
| DSA-3356 [147] | openldap [148] |
| | |
| DSA-3357 [149] | vzctl [150] |
| | |
| DSA-3358 [151] | php5 [152] |
| | |
| DSA-3359 [153] | virtualbox [154] |
| | |
| DSA-3360 [155] | icu [156] |
| | |
| DSA-3361 [157] | qemu [158] |
| | |
| DSA-3363 [159] | owncloud-client [160] |
| | |
| DSA-3364 [161] | linux [162] |
| | |
| DSA-3365 [163] | iceweasel [164] |
| | |
| DSA-3366 [165] | rpcbind [166] |
| | |
| DSA-3367 [167] | wireshark [168] |
| | |
| DSA-3368 [169] | cyrus-sasl2 [170] |
| | |
| DSA-3369 [171] | zendframework [172] |
| | |
| DSA-3370 [173] | freetype [174] |
| | |
| DSA-3371 [175] | spice [176] |
| | |
| DSA-3373 [177] | owncloud [178] |
| | |
| DSA-3374 [179] | postgresql-9.4 [180] |
| | |
| DSA-3375 [181] | wordpress [182] |
| | |
| DSA-3376 [183] | chromium-browser [184] |
| | |
| DSA-3377 [185] | mysql-5.5 [186] |
| | |
| DSA-3378 [187] | gdk-pixbuf [188] |
| | |
| DSA-3379 [189] | miniupnpc [190] |
| | |
| DSA-3380 [191] | php5 [192] |
| | |
| DSA-3381 [193] | openjdk-7 [194] |
| | |
| DSA-3382 [195] | phpmyadmin [196] |
| | |
| DSA-3384 [197] | virtualbox [198] |
| | |
| DSA-3385 [199] | mariadb-10.0 [200] |
| | |
| DSA-3386 [201] | unzip [202] |
| | |
| DSA-3387 [203] | openafs [204] |
| | |
| DSA-3388 [205] | ntp [206] |
| | |
| DSA-3390 [207] | xen [208] |
| | |
| DSA-3391 [209] | php-horde [210] |
| | |
| DSA-3392 [211] | freeimage [212] |
| | |
| DSA-3393 [213] | iceweasel [214] |
| | |
| DSA-3394 [215] | libreoffice [216] |
| | |
| DSA-3395 [217] | krb5 [218] |
| | |
| DSA-3397 [219] | wpa [220] |
| | |
| DSA-3398 [221] | strongswan [222] |
| | |
| DSA-3399 [223] | libpng [224] |
| | |
| DSA-3400 [225] | lxc [226] |
| | |
| DSA-3401 [227] | openjdk-7 [228] |
| | |
| DSA-3402 [229] | symfony [230] |
| | |
| DSA-3403 [231] | libcommons-collections3-java [232] |
| | |
| DSA-3404 [233] | python-django [234] |
| | |
| DSA-3405 [235] | smokeping [236] |
| | |
| DSA-3406 [237] | nspr [238] |
| | |
| DSA-3407 [239] | dpkg [240] |
| | |
| DSA-3409 [241] | putty [242] |
| | |
| DSA-3411 [243] | cups-filters [244] |
| | |
| DSA-3412 [245] | redis [246] |
| | |
| DSA-3413 [247] | openssl [248] |
| | |
| DSA-3414 [249] | xen [250] |
| | |
| DSA-3415 [251] | chromium-browser [252] |
| | |
| DSA-3416 [253] | libphp-phpmailer [254] |
| | |
| DSA-3417 [255] | bouncycastle [256] |
| | |
| DSA-3418 [257] | chromium-browser [258] |
| | |
| DSA-3419 [259] | cups-filters [260] |
| | |
| DSA-3420 [261] | bind9 [262] |
| | |
| DSA-3421 [263] | grub2 [264] |
| | |
| DSA-3422 [265] | iceweasel [266] |
| | |
| DSA-3423 [267] | cacti [268] |
| | |
| DSA-3424 [269] | subversion [270] |
| | |
| DSA-3425 [271] | tryton-server [272] |
| | |
| DSA-3426 [273] | linux [274] |
| | |
| DSA-3427 [275] | blueman [276] |
| | |
| DSA-3428 [277] | tomcat8 [278] |
| | |
| DSA-3429 [279] | foomatic-filters [280] |
| | |
| DSA-3430 [281] | libxml2 [282] |
| | |
| DSA-3431 [283] | ganeti [284] |
| | |
| DSA-3433 [285] | ldb [286] |
| | |
| DSA-3433 [287] | samba [288] |
| | |
| DSA-3434 [289] | linux [290] |
| | |
| DSA-3435 [291] | git [292] |
| | |
| DSA-3438 [293] | xscreensaver [294] |
| | |
| DSA-3439 [295] | prosody [296] |
| | |
| DSA-3440 [297] | sudo [298] |
| | |
| DSA-3441 [299] | perl [300] |
| | |
| DSA-3442 [301] | isc-dhcp [302] |
| | |
| DSA-3443 [303] | libpng [304] |
| | |
| DSA-3444 [305] | wordpress [306] |
| | |
| DSA-3445 [307] | pygments [308] |
| | |
| DSA-3446 [309] | openssh [310] |
| | |
+----------------+------------------------------------+

109: https://www.debian.org/security/2015/dsa-3208
110: https://packages.debian.org/src:freexl
111: https://www.debian.org/security/2015/dsa-3235
112: https://packages.debian.org/src:openjdk-7
113: https://www.debian.org/security/2015/dsa-3280
114: https://packages.debian.org/src:php5
115: https://www.debian.org/security/2015/dsa-3311
116: https://packages.debian.org/src:mariadb-10.0
117: https://www.debian.org/security/2015/dsa-3316
118: https://packages.debian.org/src:openjdk-7
119: https://www.debian.org/security/2015/dsa-3324
120: https://packages.debian.org/src:icedove
121: https://www.debian.org/security/2015/dsa-3327
122: https://packages.debian.org/src:squid3
123: https://www.debian.org/security/2015/dsa-3332
124: https://packages.debian.org/src:wordpress
125: https://www.debian.org/security/2015/dsa-3337
126: https://packages.debian.org/src:gdk-pixbuf
127: https://www.debian.org/security/2015/dsa-3344
128: https://packages.debian.org/src:php5
129: https://www.debian.org/security/2015/dsa-3346
130: https://packages.debian.org/src:drupal7
131: https://www.debian.org/security/2015/dsa-3347
132: https://packages.debian.org/src:pdns
133: https://www.debian.org/security/2015/dsa-3348
134: https://packages.debian.org/src:qemu
135: https://www.debian.org/security/2015/dsa-3350
136: https://packages.debian.org/src:bind9
137: https://www.debian.org/security/2015/dsa-3351
138: https://packages.debian.org/src:chromium-browser
139: https://www.debian.org/security/2015/dsa-3352
140: https://packages.debian.org/src:screen
141: https://www.debian.org/security/2015/dsa-3353
142: https://packages.debian.org/src:openslp-dfsg
143: https://www.debian.org/security/2015/dsa-3354
144: https://packages.debian.org/src:spice
145: https://www.debian.org/security/2015/dsa-3355
146: https://packages.debian.org/src:libvdpau
147: https://www.debian.org/security/2015/dsa-3356
148: https://packages.debian.org/src:openldap
149: https://www.debian.org/security/2015/dsa-3357
150: https://packages.debian.org/src:vzctl
151: https://www.debian.org/security/2015/dsa-3358
152: https://packages.debian.org/src:php5
153: https://www.debian.org/security/2015/dsa-3359
154: https://packages.debian.org/src:virtualbox
155: https://www.debian.org/security/2015/dsa-3360
156: https://packages.debian.org/src:icu
157: https://www.debian.org/security/2015/dsa-3361
158: https://packages.debian.org/src:qemu
159: https://www.debian.org/security/2015/dsa-3363
160: https://packages.debian.org/src:owncloud-client
161: https://www.debian.org/security/2015/dsa-3364
162: https://packages.debian.org/src:linux
163: https://www.debian.org/security/2015/dsa-3365
164: https://packages.debian.org/src:iceweasel
165: https://www.debian.org/security/2015/dsa-3366
166: https://packages.debian.org/src:rpcbind
167: https://www.debian.org/security/2015/dsa-3367
168: https://packages.debian.org/src:wireshark
169: https://www.debian.org/security/2015/dsa-3368
170: https://packages.debian.org/src:cyrus-sasl2
171: https://www.debian.org/security/2015/dsa-3369
172: https://packages.debian.org/src:zendframework
173: https://www.debian.org/security/2015/dsa-3370
174: https://packages.debian.org/src:freetype
175: https://www.debian.org/security/2015/dsa-3371
176: https://packages.debian.org/src:spice
177: https://www.debian.org/security/2015/dsa-3373
178: https://packages.debian.org/src:owncloud
179: https://www.debian.org/security/2015/dsa-3374
180: https://packages.debian.org/src:postgresql-9.4
181: https://www.debian.org/security/2015/dsa-3375
182: https://packages.debian.org/src:wordpress
183: https://www.debian.org/security/2015/dsa-3376
184: https://packages.debian.org/src:chromium-browser
185: https://www.debian.org/security/2015/dsa-3377
186: https://packages.debian.org/src:mysql-5.5
187: https://www.debian.org/security/2015/dsa-3378
188: https://packages.debian.org/src:gdk-pixbuf
189: https://www.debian.org/security/2015/dsa-3379
190: https://packages.debian.org/src:miniupnpc
191: https://www.debian.org/security/2015/dsa-3380
192: https://packages.debian.org/src:php5
193: https://www.debian.org/security/2015/dsa-3381
194: https://packages.debian.org/src:openjdk-7
195: https://www.debian.org/security/2015/dsa-3382
196: https://packages.debian.org/src:phpmyadmin
197: https://www.debian.org/security/2015/dsa-3384
198: https://packages.debian.org/src:virtualbox
199: https://www.debian.org/security/2015/dsa-3385
200: https://packages.debian.org/src:mariadb-10.0
201: https://www.debian.org/security/2015/dsa-3386
202: https://packages.debian.org/src:unzip
203: https://www.debian.org/security/2015/dsa-3387
204: https://packages.debian.org/src:openafs
205: https://www.debian.org/security/2015/dsa-3388
206: https://packages.debian.org/src:ntp
207: https://www.debian.org/security/2015/dsa-3390
208: https://packages.debian.org/src:xen
209: https://www.debian.org/security/2015/dsa-3391
210: https://packages.debian.org/src:php-horde
211: https://www.debian.org/security/2015/dsa-3392
212: https://packages.debian.org/src:freeimage
213: https://www.debian.org/security/2015/dsa-3393
214: https://packages.debian.org/src:iceweasel
215: https://www.debian.org/security/2015/dsa-3394
216: https://packages.debian.org/src:libreoffice
217: https://www.debian.org/security/2015/dsa-3395
218: https://packages.debian.org/src:krb5
219: https://www.debian.org/security/2015/dsa-3397
220: https://packages.debian.org/src:wpa
221: https://www.debian.org/security/2015/dsa-3398
222: https://packages.debian.org/src:strongswan
223: https://www.debian.org/security/2015/dsa-3399
224: https://packages.debian.org/src:libpng
225: https://www.debian.org/security/2015/dsa-3400
226: https://packages.debian.org/src:lxc
227: https://www.debian.org/security/2015/dsa-3401
228: https://packages.debian.org/src:openjdk-7
229: https://www.debian.org/security/2015/dsa-3402
230: https://packages.debian.org/src:symfony
231: https://www.debian.org/security/2015/dsa-3403
232: https://packages.debian.org/src:libcommons-collections3-java
233: https://www.debian.org/security/2015/dsa-3404
234: https://packages.debian.org/src:python-django
235: https://www.debian.org/security/2015/dsa-3405
236: https://packages.debian.org/src:smokeping
237: https://www.debian.org/security/2015/dsa-3406
238: https://packages.debian.org/src:nspr
239: https://www.debian.org/security/2015/dsa-3407
240: https://packages.debian.org/src:dpkg
241: https://www.debian.org/security/2015/dsa-3409
242: https://packages.debian.org/src:putty
243: https://www.debian.org/security/2015/dsa-3411
244: https://packages.debian.org/src:cups-filters
245: https://www.debian.org/security/2015/dsa-3412
246: https://packages.debian.org/src:redis
247: https://www.debian.org/security/2015/dsa-3413
248: https://packages.debian.org/src:openssl
249: https://www.debian.org/security/2015/dsa-3414
250: https://packages.debian.org/src:xen
251: https://www.debian.org/security/2015/dsa-3415
252: https://packages.debian.org/src:chromium-browser
253: https://www.debian.org/security/2015/dsa-3416
254: https://packages.debian.org/src:libphp-phpmailer
255: https://www.debian.org/security/2015/dsa-3417
256: https://packages.debian.org/src:bouncycastle
257: https://www.debian.org/security/2015/dsa-3418
258: https://packages.debian.org/src:chromium-browser
259: https://www.debian.org/security/2015/dsa-3419
260: https://packages.debian.org/src:cups-filters
261: https://www.debian.org/security/2015/dsa-3420
262: https://packages.debian.org/src:bind9
263: https://www.debian.org/security/2015/dsa-3421
264: https://packages.debian.org/src:grub2
265: https://www.debian.org/security/2015/dsa-3422
266: https://packages.debian.org/src:iceweasel
267: https://www.debian.org/security/2015/dsa-3423
268: https://packages.debian.org/src:cacti
269: https://www.debian.org/security/2015/dsa-3424
270: https://packages.debian.org/src:subversion
271: https://www.debian.org/security/2015/dsa-3425
272: https://packages.debian.org/src:tryton-server
273: https://www.debian.org/security/2015/dsa-3426
274: https://packages.debian.org/src:linux
275: https://www.debian.org/security/2015/dsa-3427
276: https://packages.debian.org/src:blueman
277: https://www.debian.org/security/2015/dsa-3428
278: https://packages.debian.org/src:tomcat8
279: https://www.debian.org/security/2015/dsa-3429
280: https://packages.debian.org/src:foomatic-filters
281: https://www.debian.org/security/2015/dsa-3430
282: https://packages.debian.org/src:libxml2
283: https://www.debian.org/security/2016/dsa-3431
284: https://packages.debian.org/src:ganeti
285: https://www.debian.org/security/2016/dsa-3433
286: https://packages.debian.org/src:ldb
287: https://www.debian.org/security/2016/dsa-3433
288: https://packages.debian.org/src:samba
289: https://www.debian.org/security/2016/dsa-3434
290: https://packages.debian.org/src:linux
291: https://www.debian.org/security/2016/dsa-3435
292: https://packages.debian.org/src:git
293: https://www.debian.org/security/2016/dsa-3438
294: https://packages.debian.org/src:xscreensaver
295: https://www.debian.org/security/2016/dsa-3439
296: https://packages.debian.org/src:prosody
297: https://www.debian.org/security/2016/dsa-3440
298: https://packages.debian.org/src:sudo
299: https://www.debian.org/security/2016/dsa-3441
300: https://packages.debian.org/src:perl
301: https://www.debian.org/security/2016/dsa-3442
302: https://packages.debian.org/src:isc-dhcp
303: https://www.debian.org/security/2016/dsa-3443
304: https://packages.debian.org/src:libpng
305: https://www.debian.org/security/2016/dsa-3444
306: https://packages.debian.org/src:wordpress
307: https://www.debian.org/security/2016/dsa-3445
308: https://packages.debian.org/src:pygments
309: https://www.debian.org/security/2016/dsa-3446
310: https://packages.debian.org/src:openssh

Removed packages
----------------

The following packages were removed due to circumstances beyond our
control:

+---------------------+--------------------------------------------+
| Package | Reason |
+---------------------+--------------------------------------------+
| core-network [311] | Security issues |
| | |
| elasticsearch [312] | No longer supported |
| | |
| googlecl [313] | Broken due to relying on obsolete APIs |
| | |
| libnsbmp [314] | Security issues, unmaintained |
| | |
| libnsgif [315] | Security issues, unmaintained |
| | |
| vimperator [316] | Incompatible with newer iceweasel versions |
| | |
+---------------------+--------------------------------------------+

311: https://packages.debian.org/src:core-network
312: https://packages.debian.org/src:elasticsearch
313: https://packages.debian.org/src:googlecl
314: https://packages.debian.org/src:libnsbmp
315: https://packages.debian.org/src:libnsgif
316: https://packages.debian.org/src:vimperator

Debian Installer
----------------

URLs
----

The complete lists of packages that have changed with this revision:

http://ftp.debian.org/debian/dists/jessie/ChangeLog


The current stable distribution:

http://ftp.debian.org/debian/dists/stable/


Proposed updates to the stable distribution:

http://ftp.debian.org/debian/dists/proposed-updates


stable distribution information (release notes, errata etc.):

https://www.debian.org/releases/stable/


Security announcements and information:

https://security.debian.org/ [317]

317: https://www.debian.org/security/


About Debian
------------

The Debian Project is an association of Free Software developers who
volunteer their time and effort in order to produce the completely free
operating system Debian.
  Debian 8.3 released