Debian 10225 Published by

The Debian project has released both Debian GNU/Linux 8.9 and 9.1:

Updated Debian 8: 8.9 released
Updated Debian 9: 9.1 released



Updated Debian 8: 8.9 released


------------------------------------------------------------------------
The Debian Project https://www.debian.org/
Updated Debian 8: 8.9 released press@debian.org
July 22nd, 2017 https://www.debian.org/News/2017/2017072202
------------------------------------------------------------------------


The Debian project is pleased to announce the ninth update of its
oldstable distribution Debian 8 (codename "jessie"). This point release
mainly adds corrections for security issues, along with a few
adjustments for serious problems. Security advisories have already been
published separately and are referenced where available.

Please note that the point release does not constitute a new version of
Debian 8 but only updates some of the packages included. There is no
need to throw away old "jessie" media. After installation, packages can
be upgraded to the current versions using an up-to-date Debian mirror.

Those who frequently install updates from security.debian.org won't have
to update many packages, and most such updates are included in the point
release.

New installation images will be available soon at the regular locations.

Upgrading an existing installation to this revision can be achieved by
pointing the package management system at one of Debian's many HTTP
mirrors. A comprehensive list of mirrors is available at:

https://www.debian.org/mirror/list



Miscellaneous Bugfixes
----------------------

This oldstable update adds a few important corrections to the following
packages:

+-----------------------------+---------------------------------------+
| Package | Reason |
+-----------------------------+---------------------------------------+
| 3dchess [1] | Reduce wasteful CPU consumption |
| | |
| apt-cacher [2] | Prevent HTTP response splitting with |
| | encoded newlines in request |
| | [CVE-2017-7443]; make sure /var/run/ |
| | apt-cacher exists |
| | |
| base-files [3] | Update for the 8.9 point release |
| | |
| boinc [4] | Improve adjusting OOM score; fix |
| | security issue with xhost |
| | |
| c-ares [5] | Security fix [CVE-2017-1000381] |
| | |
| cfitsio [6] | Fix crashes related to improper |
| | memory handling |
| | |
| chkrootkit [7] | Fix segmentation fault; fix missing |
| | dependency on openssh-client; add |
| | Built-Using field |
| | |
| cqrlog [8] | tools/cqrlog-apparmor-fix, debian/ |
| | postrm: Check for /etc/init.d/ |
| | apparmor before restarting apparmor |
| | |
| debconf [9] | Use File::Temp instead of the |
| | deprecated POSIX::tmpnam() in |
| | Debconf::TmpFile |
| | |
| debian-archive-keyring [10] | Add stretch keys, and move squeeze |
| | keys to removed keyring |
| | |
| debian-installer [11] | Rebuild against proposed-updates |
| | |
| debian-installer-netboot- | Rebuild against proposed-updates |
| images [12] | |
| | |
| debian-security- | Update support status of various |
| support [13] | packages; update translations |
| | |
| debootstrap [14] | Add support for Buster and Bullseye |
| | |
| eterm [15] | Fix integer overflow preventing the |
| | shell from starting/stopping properly |
| | |
| flightgear [16] | Prevent overriding arbitrary files |
| | from the "save-flightplan" |
| | FGCommand [CVE-2017-8921] |
| | |
| galternatives [17] | Fix blank properties page |
| | |
| gitolite3 [18] | Fix missing dependency on openssh- |
| | client |
| | |
| gnats [19] | gnats-user: do not fail to purge if / |
| | var/lib/gnats/gnats-db is not empty |
| | |
| gnutls28 [20] | Improve check for /dev/urandom |
| | uniqueness |
| | |
| gtk+2.0 [21] | Backport patch from GTK+3 to fix |
| | stuck grabs in some situations |
| | |
| init-select [22] | Check for /usr/lib/init-select/get- |
| | init before calling it |
| | |
| intel-microcode [23] | Update included microcode |
| | |
| libapache2-mod-perl2 [24] | Fix test suite for compatibility with |
| | latest Apache 2 updates |
| | |
| libcgi-application-plugin- | Fix missing dependency on one of |
| anytemplate-perl [25] | libclone-perl and libclone-pp-perl |
| | |
| libclamunrar [26] | Fix arbitrary memory write [CVE-2012- |
| | 6706] |
| | |
| libdata-faker-perl [27] | Run the test suite under a specific |
| | locale |
| | |
| libdvdnav [28] | Use proper error handling when |
| | position cannot be detected |
| | |
| libhtml-microformats- | Fix missing dependency on libmodule- |
| perl [29] | pluggable-perl |
| | |
| libhttp-proxy-perl [30] | Fix broken 'via' handling |
| | |
| libonig [31] | Fix multiple invalid pointer |
| | dereference, out-of-bounds write |
| | memory corruption and stack buffer |
| | overflow issues [CVE-2017-9224 |
| | CVE-2017-9226 CVE-2017-9227 CVE-2017- |
| | 9228 CVE-2017-9229] |
| | |
| libosinfo [32] | Add support for jessie and stretch |
| | |
| libsys-syscall-perl [33] | Add support for more architectures |
| | |
| libterralib [34] | Remove superfluous Conflicts/ |
| | Replaces: libterralib3 since that |
| | causes problems upgrading to stretch |
| | which has that package |
| | |
| libx11-protocol-other- | Disable buggy test |
| perl [35] | |
| | |
| lxterminal [36] | Security fix: improper use of /tmp |
| | for a socket file |
| | |
| netcfg [37] | IPv6 autoconfiguration: fix NTP |
| | server name handling; stop queueing |
| | rdnssd's installation with IPv6 |
| | setups |
| | |
| offlineimap [38] | Prevent the usage of maxage (broken |
| | and may result in data loss) |
| | |
| os-prober [39] | EFI: fix check on |
| | ID_PART_ENTRY_SCHEME, to look for |
| | "dos" instead of "msdos" ; make |
| | Windows Vista detection more robust; |
| | add support for Windows 10 |
| | |
| pam [40] | Rebuild to fix multi-arch differences |
| | |
| partman-ext3 [41] | Force ext3|ext4 filesystem creation |
| | with "-F" so that D-I doesn't |
| | "hang" when re-using an existing |
| | partition in some situations |
| | |
| perl [42] | Apply upstream base.pm no-dot-in-inc |
| | fix |
| | |
| polarssl [43] | Fix freeing of memory allocated on |
| | stack when validating a public key |
| | with a secp224k1 curve [CVE-2017- |
| | 2784] |
| | |
| proftpd-dfsg [44] | Fix "TLSDHParamFile directive |
| | appears ignored because unexpected DH |
| | is chosen" [CVE-2016-3125], |
| | "AllowChrootSymlinks off does not |
| | check entire DefaultRoot path for |
| | symlinks" [CVE-2017-7418] |
| | |
| python-colorlog [45] | Fix python3 dependencies |
| | |
| python-plumbum [46] | Fix python3 dependencies |
| | |
| rkhunter [47] | Disable remote updates [CVE-2017- |
| | 7480] |
| | |
| shutter [48] | Fix insecure use of perl exec() |
| | [CVE-2016-10081] and system() |
| | |
| tcpdf [49] | Security fix: disallow tcpdf calls in |
| | HTML [CVE-2017-6100] |
| | |
| unrar-nonfree [50] | Security fix: add bound checks for |
| | VMSF_DELTA, VMSF_RGB and VMSF_AUDIO |
| | paramters [CVE-2012-6706] |
| | |
| w3m [51] | Fix multiple buffer overflows, use |
| | after free issues and an infinite |
| | loop |
| | |
| xarchiver [52] | Fix possible data loss due to shell |
| | metacharacters |
| | |
| xfce4-weather-plugin [53] | Adapt to new weather website APIs |
| | |
+-----------------------------+---------------------------------------+

1: https://packages.debian.org/src:3dchess
2: https://packages.debian.org/src:apt-cacher
3: https://packages.debian.org/src:base-files
4: https://packages.debian.org/src:boinc
5: https://packages.debian.org/src:c-ares
6: https://packages.debian.org/src:cfitsio
7: https://packages.debian.org/src:chkrootkit
8: https://packages.debian.org/src:cqrlog
9: https://packages.debian.org/src:debconf
10: https://packages.debian.org/src:debian-archive-keyring
11: https://packages.debian.org/src:debian-installer
12: https://packages.debian.org/src:debian-installer-netboot-images
13: https://packages.debian.org/src:debian-security-support
14: https://packages.debian.org/src:debootstrap
15: https://packages.debian.org/src:eterm
16: https://packages.debian.org/src:flightgear
17: https://packages.debian.org/src:galternatives
18: https://packages.debian.org/src:gitolite3
19: https://packages.debian.org/src:gnats
20: https://packages.debian.org/src:gnutls28
21: https://packages.debian.org/src:gtk+2.0
22: https://packages.debian.org/src:init-select
23: https://packages.debian.org/src:intel-microcode
24: https://packages.debian.org/src:libapache2-mod-perl2
25: https://packages.debian.org/src:libcgi-application-plugin-anytemplate-perl
26: https://packages.debian.org/src:libclamunrar
27: https://packages.debian.org/src:libdata-faker-perl
28: https://packages.debian.org/src:libdvdnav
29: https://packages.debian.org/src:libhtml-microformats-perl
30: https://packages.debian.org/src:libhttp-proxy-perl
31: https://packages.debian.org/src:libonig
32: https://packages.debian.org/src:libosinfo
33: https://packages.debian.org/src:libsys-syscall-perl
34: https://packages.debian.org/src:libterralib
35: https://packages.debian.org/src:libx11-protocol-other-perl
36: https://packages.debian.org/src:lxterminal
37: https://packages.debian.org/src:netcfg
38: https://packages.debian.org/src:offlineimap
39: https://packages.debian.org/src:os-prober
40: https://packages.debian.org/src:pam
41: https://packages.debian.org/src:partman-ext3
42: https://packages.debian.org/src:perl
43: https://packages.debian.org/src:polarssl
44: https://packages.debian.org/src:proftpd-dfsg
45: https://packages.debian.org/src:python-colorlog
46: https://packages.debian.org/src:python-plumbum
47: https://packages.debian.org/src:rkhunter
48: https://packages.debian.org/src:shutter
49: https://packages.debian.org/src:tcpdf
50: https://packages.debian.org/src:unrar-nonfree
51: https://packages.debian.org/src:w3m
52: https://packages.debian.org/src:xarchiver
53: https://packages.debian.org/src:xfce4-weather-plugin

Security Updates
----------------

This revision adds the following security updates to the oldstable
release. The Security Team has already released an advisory for each of
these updates:

+----------------+------------------------------+
| Advisory ID | Package |
+----------------+------------------------------+
| DSA-3742 [54] | flightgear [55] |
| | |
| DSA-3793 [56] | shadow [57] |
| | |
| DSA-3840 [58] | mysql-connector-java [59] |
| | |
| DSA-3841 [60] | libxstream-java [61] |
| | |
| DSA-3842 [62] | tomcat7 [63] |
| | |
| DSA-3843 [64] | tomcat8 [65] |
| | |
| DSA-3844 [66] | tiff [67] |
| | |
| DSA-3845 [68] | libtirpc [69] |
| | |
| DSA-3845 [70] | rpcbind [71] |
| | |
| DSA-3846 [72] | libytnef [73] |
| | |
| DSA-3847 [74] | xen [75] |
| | |
| DSA-3848 [76] | git [77] |
| | |
| DSA-3849 [78] | kde4libs [79] |
| | |
| DSA-3850 [80] | rtmpdump [81] |
| | |
| DSA-3851 [82] | postgresql-9.4 [83] |
| | |
| DSA-3852 [84] | squirrelmail [85] |
| | |
| DSA-3853 [86] | bitlbee [87] |
| | |
| DSA-3854 [88] | bind9 [89] |
| | |
| DSA-3855 [90] | jbig2dec [91] |
| | |
| DSA-3856 [92] | deluge [93] |
| | |
| DSA-3857 [94] | mysql-connector-java [95] |
| | |
| DSA-3859 [96] | dropbear [97] |
| | |
| DSA-3860 [98] | samba [99] |
| | |
| DSA-3861 [100] | libtasn1-6 [101] |
| | |
| DSA-3862 [102] | puppet [103] |
| | |
| DSA-3863 [104] | imagemagick [105] |
| | |
| DSA-3864 [106] | fop [107] |
| | |
| DSA-3865 [108] | mosquitto [109] |
| | |
| DSA-3866 [110] | strongswan [111] |
| | |
| DSA-3867 [112] | sudo [113] |
| | |
| DSA-3868 [114] | openldap [115] |
| | |
| DSA-3869 [116] | tnef [117] |
| | |
| DSA-3870 [118] | wordpress [119] |
| | |
| DSA-3871 [120] | zookeeper [121] |
| | |
| DSA-3872 [122] | nss [123] |
| | |
| DSA-3873 [124] | perl [125] |
| | |
| DSA-3874 [126] | ettercap [127] |
| | |
| DSA-3875 [128] | libmwaw [129] |
| | |
| DSA-3876 [130] | otrs2 [131] |
| | |
| DSA-3877 [132] | tor [133] |
| | |
| DSA-3878 [134] | zziplib [135] |
| | |
| DSA-3879 [136] | libosip2 [137] |
| | |
| DSA-3880 [138] | libgcrypt20 [139] |
| | |
| DSA-3882 [140] | request-tracker4 [141] |
| | |
| DSA-3883 [142] | rt-authen-externalauth [143] |
| | |
| DSA-3884 [144] | gnutls28 [145] |
| | |
| DSA-3885 [146] | irssi [147] |
| | |
| DSA-3886 [148] | linux [149] |
| | |
| DSA-3887 [150] | glibc [151] |
| | |
| DSA-3888 [152] | exim4 [153] |
| | |
| DSA-3889 [154] | libffi [155] |
| | |
| DSA-3891 [156] | tomcat8 [157] |
| | |
| DSA-3892 [158] | tomcat7 [159] |
| | |
| DSA-3893 [160] | jython [161] |
| | |
| DSA-3894 [162] | graphite2 [163] |
| | |
| DSA-3896 [164] | apache2 [165] |
| | |
| DSA-3897 [166] | drupal7 [167] |
| | |
| DSA-3898 [168] | expat [169] |
| | |
| DSA-3899 [170] | vlc [171] |
| | |
| DSA-3900 [172] | openvpn [173] |
| | |
| DSA-3901 [174] | libgcrypt20 [175] |
| | |
| DSA-3903 [176] | tiff [177] |
| | |
| DSA-3904 [178] | bind9 [179] |
| | |
| DSA-3905 [180] | xorg-server [181] |
| | |
| DSA-3907 [182] | spice [183] |
| | |
| DSA-3910 [184] | knot [185] |
| | |
| DSA-3911 [186] | evince [187] |
| | |
| DSA-3912 [188] | heimdal [189] |
| | |
+----------------+------------------------------+

54: https://www.debian.org/security/2016/dsa-3742
55: https://packages.debian.org/src:flightgear
56: https://www.debian.org/security/2017/dsa-3793
57: https://packages.debian.org/src:shadow
58: https://www.debian.org/security/2017/dsa-3840
59: https://packages.debian.org/src:mysql-connector-java
60: https://www.debian.org/security/2017/dsa-3841
61: https://packages.debian.org/src:libxstream-java
62: https://www.debian.org/security/2017/dsa-3842
63: https://packages.debian.org/src:tomcat7
64: https://www.debian.org/security/2017/dsa-3843
65: https://packages.debian.org/src:tomcat8
66: https://www.debian.org/security/2017/dsa-3844
67: https://packages.debian.org/src:tiff
68: https://www.debian.org/security/2017/dsa-3845
69: https://packages.debian.org/src:libtirpc
70: https://www.debian.org/security/2017/dsa-3845
71: https://packages.debian.org/src:rpcbind
72: https://www.debian.org/security/2017/dsa-3846
73: https://packages.debian.org/src:libytnef
74: https://www.debian.org/security/2017/dsa-3847
75: https://packages.debian.org/src:xen
76: https://www.debian.org/security/2017/dsa-3848
77: https://packages.debian.org/src:git
78: https://www.debian.org/security/2017/dsa-3849
79: https://packages.debian.org/src:kde4libs
80: https://www.debian.org/security/2017/dsa-3850
81: https://packages.debian.org/src:rtmpdump
82: https://www.debian.org/security/2017/dsa-3851
83: https://packages.debian.org/src:postgresql-9.4
84: https://www.debian.org/security/2017/dsa-3852
85: https://packages.debian.org/src:squirrelmail
86: https://www.debian.org/security/2017/dsa-3853
87: https://packages.debian.org/src:bitlbee
88: https://www.debian.org/security/2017/dsa-3854
89: https://packages.debian.org/src:bind9
90: https://www.debian.org/security/2017/dsa-3855
91: https://packages.debian.org/src:jbig2dec
92: https://www.debian.org/security/2017/dsa-3856
93: https://packages.debian.org/src:deluge
94: https://www.debian.org/security/2017/dsa-3857
95: https://packages.debian.org/src:mysql-connector-java
96: https://www.debian.org/security/2017/dsa-3859
97: https://packages.debian.org/src:dropbear
98: https://www.debian.org/security/2017/dsa-3860
99: https://packages.debian.org/src:samba
100: https://www.debian.org/security/2017/dsa-3861
101: https://packages.debian.org/src:libtasn1-6
102: https://www.debian.org/security/2017/dsa-3862
103: https://packages.debian.org/src:puppet
104: https://www.debian.org/security/2017/dsa-3863
105: https://packages.debian.org/src:imagemagick
106: https://www.debian.org/security/2017/dsa-3864
107: https://packages.debian.org/src:fop
108: https://www.debian.org/security/2017/dsa-3865
109: https://packages.debian.org/src:mosquitto
110: https://www.debian.org/security/2017/dsa-3866
111: https://packages.debian.org/src:strongswan
112: https://www.debian.org/security/2017/dsa-3867
113: https://packages.debian.org/src:sudo
114: https://www.debian.org/security/2017/dsa-3868
115: https://packages.debian.org/src:openldap
116: https://www.debian.org/security/2017/dsa-3869
117: https://packages.debian.org/src:tnef
118: https://www.debian.org/security/2017/dsa-3870
119: https://packages.debian.org/src:wordpress
120: https://www.debian.org/security/2017/dsa-3871
121: https://packages.debian.org/src:zookeeper
122: https://www.debian.org/security/2017/dsa-3872
123: https://packages.debian.org/src:nss
124: https://www.debian.org/security/2017/dsa-3873
125: https://packages.debian.org/src:perl
126: https://www.debian.org/security/2017/dsa-3874
127: https://packages.debian.org/src:ettercap
128: https://www.debian.org/security/2017/dsa-3875
129: https://packages.debian.org/src:libmwaw
130: https://www.debian.org/security/2017/dsa-3876
131: https://packages.debian.org/src:otrs2
132: https://www.debian.org/security/2017/dsa-3877
133: https://packages.debian.org/src:tor
134: https://www.debian.org/security/2017/dsa-3878
135: https://packages.debian.org/src:zziplib
136: https://www.debian.org/security/2017/dsa-3879
137: https://packages.debian.org/src:libosip2
138: https://www.debian.org/security/2017/dsa-3880
139: https://packages.debian.org/src:libgcrypt20
140: https://www.debian.org/security/2017/dsa-3882
141: https://packages.debian.org/src:request-tracker4
142: https://www.debian.org/security/2017/dsa-3883
143: https://packages.debian.org/src:rt-authen-externalauth
144: https://www.debian.org/security/2017/dsa-3884
145: https://packages.debian.org/src:gnutls28
146: https://www.debian.org/security/2017/dsa-3885
147: https://packages.debian.org/src:irssi
148: https://www.debian.org/security/2017/dsa-3886
149: https://packages.debian.org/src:linux
150: https://www.debian.org/security/2017/dsa-3887
151: https://packages.debian.org/src:glibc
152: https://www.debian.org/security/2017/dsa-3888
153: https://packages.debian.org/src:exim4
154: https://www.debian.org/security/2017/dsa-3889
155: https://packages.debian.org/src:libffi
156: https://www.debian.org/security/2017/dsa-3891
157: https://packages.debian.org/src:tomcat8
158: https://www.debian.org/security/2017/dsa-3892
159: https://packages.debian.org/src:tomcat7
160: https://www.debian.org/security/2017/dsa-3893
161: https://packages.debian.org/src:jython
162: https://www.debian.org/security/2017/dsa-3894
163: https://packages.debian.org/src:graphite2
164: https://www.debian.org/security/2017/dsa-3896
165: https://packages.debian.org/src:apache2
166: https://www.debian.org/security/2017/dsa-3897
167: https://packages.debian.org/src:drupal7
168: https://www.debian.org/security/2017/dsa-3898
169: https://packages.debian.org/src:expat
170: https://www.debian.org/security/2017/dsa-3899
171: https://packages.debian.org/src:vlc
172: https://www.debian.org/security/2017/dsa-3900
173: https://packages.debian.org/src:openvpn
174: https://www.debian.org/security/2017/dsa-3901
175: https://packages.debian.org/src:libgcrypt20
176: https://www.debian.org/security/2017/dsa-3903
177: https://packages.debian.org/src:tiff
178: https://www.debian.org/security/2017/dsa-3904
179: https://packages.debian.org/src:bind9
180: https://www.debian.org/security/2017/dsa-3905
181: https://packages.debian.org/src:xorg-server
182: https://www.debian.org/security/2017/dsa-3907
183: https://packages.debian.org/src:spice
184: https://www.debian.org/security/2017/dsa-3910
185: https://packages.debian.org/src:knot
186: https://www.debian.org/security/2017/dsa-3911
187: https://packages.debian.org/src:evince
188: https://www.debian.org/security/2017/dsa-3912
189: https://packages.debian.org/src:heimdal

Removed packages
----------------

The following packages were removed due to circumstances beyond our
control:

+-------------------------------+--------------------------------------+
| Package | Reason |
+-------------------------------+--------------------------------------+
| ears [190] | Requires unavailable python- |
| | musicbrainz |
| | |
| gnuvd [191] | Broken by upstream site changes |
| | |
| hbro [192] | Segfaults on all usage |
| | |
| hbro-contrib [193] | Build-depends on to-be-removed hbro |
| | |
| lshell [194] | Security issues |
| | |
| pgsnap [195] | Incompatible with current PostgreSQL |
| | versions |
| | |
| python-django-authority [196] | Incompatible with Django 1.7 |
| | |
| rant [197] | Broken |
| | |
+-------------------------------+--------------------------------------+

190: https://packages.debian.org/src:ears
191: https://packages.debian.org/src:gnuvd
192: https://packages.debian.org/src:hbro
193: https://packages.debian.org/src:hbro-contrib
194: https://packages.debian.org/src:lshell
195: https://packages.debian.org/src:pgsnap
196: https://packages.debian.org/src:python-django-authority
197: https://packages.debian.org/src:rant

Debian Installer
----------------

The installer has been updated to include the fixes incorporated into
oldstable by the point release.


URLs
----

The complete lists of packages that have changed with this revision:

http://ftp.debian.org/debian/dists/jessie/ChangeLog


The current oldstable distribution:

http://ftp.debian.org/debian/dists/oldstable/


Proposed updates to the oldstable distribution:

http://ftp.debian.org/debian/dists/oldstable-proposed-updates


oldstable distribution information (release notes, errata etc.):

https://www.debian.org/releases/oldstable/


Security announcements and information:

https://security.debian.org/


About Debian
------------

The Debian Project is an association of Free Software developers who
volunteer their time and effort in order to produce the completely free
operating system Debian.

Updated Debian 9: 9.1 released


------------------------------------------------------------------------
The Debian Project https://www.debian.org/
Updated Debian 9: 9.1 released press@debian.org
July 22nd, 2017 https://www.debian.org/News/2017/20170722
------------------------------------------------------------------------


The Debian project is pleased to announce the first update of its stable
distribution Debian 9 (codename "stretch"). This point release mainly
adds corrections for security issues, along with a few adjustments for
serious problems. Security advisories have already been published
separately and are referenced where available.

Please note that the point release does not constitute a new version of
Debian 9 but only updates some of the packages included. There is no
need to throw away old "stretch" media. After installation, packages can
be upgraded to the current versions using an up-to-date Debian mirror.

Those who frequently install updates from security.debian.org won't have
to update many packages, and most such updates are included in the point
release.

New installation images will be available soon at the regular locations.

Upgrading an existing installation to this revision can be achieved by
pointing the package management system at one of Debian's many HTTP
mirrors. A comprehensive list of mirrors is available at:

https://www.debian.org/mirror/list



Miscellaneous Bugfixes
----------------------

This stable update adds a few important corrections to the following
packages:

+--------------------------+------------------------------------------+
| Package | Reason |
+--------------------------+------------------------------------------+
| 3dchess [1] | Reduce wasteful CPU consumption |
| | |
| adwaita-icon-theme [2] | Fix malformed send-to-symbolic icon |
| | |
| anope [3] | Fix incorrect mail-transport-agent |
| | relationship |
| | |
| apt [4] | Reset failure reason when connection was |
| | successful, so later errors are reported |
| | as such and not as "connection failure" |
| | warnings; http: A response with Content- |
| | Length: 0 has no content, so don't try |
| | to read it; use port from SRV record |
| | instead of initial port |
| | |
| avogadro [5] | Update eigen3 patches |
| | |
| base-files [6] | Update for the 9.1 point release |
| | |
| c-ares [7] | Security fix [CVE-2017-1000381] |
| | |
| debian-edu-doc [8] | Update Debian Edu Stretch manual from |
| | the wiki; update translations |
| | |
| debsecan [9] | Add support for stretch and buster; |
| | Python needs https_proxy for proxy |
| | configuration with https:// URLs |
| | |
| devscripts [10] | debchange: target stretch-backports with |
| | --bpo; support $codename{,-{proposed- |
| | updates,security}}; bts: add support for |
| | the new "a11y" tag |
| | |
| dgit [11] | Multiple bugfixes |
| | |
| dovecot [12] | Fix syntax errors when sending Solr |
| | queries |
| | |
| dwarfutils [13] | Security fixes [CVE-2017-9052 CVE-2017- |
| | 9053 CVE-2017-9054 CVE-2017-9055 |
| | CVE-2017-9998] |
| | |
| fpc [14] | Fix conversion from local time to UTC |
| | |
| galternatives [15] | Fix blank window when displaying |
| | properties |
| | |
| geolinks [16] | Fix python3 dependencies |
| | |
| gnats [17] | gnats-user: do not fail to purge if / |
| | var/lib/gnats/gnats-db is not empty |
| | |
| gnome-settings- | Do not add the "US" keyboard layout by |
| daemon [18] | default for new users, for some reason, |
| | this layout was preferred over the |
| | system configured one on the first |
| | login; preserve NumLock state between |
| | sessions by default |
| | |
| gnuplot [19] | Fix memory corruption vulnerability |
| | |
| gnutls28 [20] | Fix breakage with AES-GCM in-place |
| | encryption and decryption on aarch64 |
| | |
| grub-installer [21] | Fix support for systems with a large |
| | number of disks |
| | |
| intel-microcode [22] | Update included microcode |
| | |
| libclamunrar [23] | Fix arbitrary memory write [CVE-2012- |
| | 6706] |
| | |
| libopenmpt [24] | Security fixes: out-of-bounds read while |
| | loading a malfomed PLM file; arbitrary |
| | code execution by a crafted PSM file |
| | [CVE-2017-11311]; various security fixes |
| | |
| libquicktime [25] | Security fixes [CVE-2017-9122 CVE-2017- |
| | 9123 CVE-2017-9124 CVE-2017-9125 |
| | CVE-2017-9126 CVE-2017-9127 CVE-2017- |
| | 9128] |
| | |
| linux-latest [26] | Revert changes to debug symbol meta- |
| | packages |
| | |
| nagios-nrpe [27] | Restore previous SSL defaults |
| | |
| nvidia-graphics- | Bump Pre-Depends: nvidia-installer- |
| drivers [28] | cleanup to (>= 20151021) for smoother |
| | upgrades from jessie |
| | |
| octave-ocs [29] | Fix loading package functions |
| | |
| open-iscsi [30] | Speed up Debian Installer when iSCSI is |
| | not used |
| | |
| openssh [31] | Fix incoming compression statistics |
| | |
| openstack-debian- | Also add security updates for non |
| images [32] | wheezy/jessie |
| | |
| os-prober [33] | EFI - look for "dos" instead of |
| | "msdos" |
| | |
| osinfo-db [34] | Improve support for Stretch and Jessie |
| | |
| partman-base [35] | Protect the firmware area on all mmcblk |
| | devices (and not only on mmcblk0) from |
| | being clobbered during guided |
| | partitioning |
| | |
| pdns-recursor [36] | Add 2017 DNSSEC root key |
| | |
| perl [37] | Backport various Getopt-Long fixes from |
| | upstream 2.49..2.51; backport upstream |
| | patch fixing regexp "Malformed UTF-8 |
| | character" ; apply upstream base.pm no- |
| | dot-in-inc fix |
| | |
| phpunit [38] | Security fix: arbitrary PHP code |
| | execution via HTTP POST |
| | |
| protozero [39] | Fix data_view equality operator |
| | |
| pulseaudio [40] | Fix copyright file |
| | |
| pykde4 [41] | Drop bindings for plasma webview |
| | bindings; they're obsolete and non- |
| | functional |
| | |
| python-colorlog [42] | Fix python3 dependencies |
| | |
| python-imaplib2 [43] | Fix python3 dependencies |
| | |
| python-plumbum [44] | Fix python3 dependencies |
| | |
| qgis [45] | Fix missing Breaks/Replaces against |
| | python-qgis-common |
| | |
| request-tracker4 [46] | Handle configuration permissions |
| | correctly following RT_SiteConfig.d |
| | changes |
| | |
| retext [47] | Backport upstream fix for crash in |
| | XSettings code; fix syntax in appdata |
| | XML file |
| | |
| rkhunter [48] | Disable remote updates [CVE-2017-7480] |
| | |
| socat [49] | Fix signals leading to possible 100% CPU |
| | usage |
| | |
| squashfs-tools [50] | Fix corruption of large files; fix rare |
| | race condition |
| | |
| systemd [51] | Fix out-of-bounds write in systemd- |
| | resolved [CVE-2017-9445]; be truly quiet |
| | in systemctl -q is-enabled; improve |
| | RLIMIT_NOFILE handling; debian/extra/ |
| | rules: Use updated U2F ruleset |
| | |
| thermald [52] | Add Broadwell-GT3E and Kabylake support |
| | |
| unrar-nonfree [53] | Add bound checks for VMSF_DELTA, |
| | VMSF_RGB and VMSF_AUDIO paramters |
| | [CVE-2012-6706] |
| | |
| win32-loader [54] | Replace all mirror urls with |
| | deb.debian.org; drop bz2 compression for |
| | source |
| | |
+--------------------------+------------------------------------------+

1: https://packages.debian.org/src:3dchess
2: https://packages.debian.org/src:adwaita-icon-theme
3: https://packages.debian.org/src:anope
4: https://packages.debian.org/src:apt
5: https://packages.debian.org/src:avogadro
6: https://packages.debian.org/src:base-files
7: https://packages.debian.org/src:c-ares
8: https://packages.debian.org/src:debian-edu-doc
9: https://packages.debian.org/src:debsecan
10: https://packages.debian.org/src:devscripts
11: https://packages.debian.org/src:dgit
12: https://packages.debian.org/src:dovecot
13: https://packages.debian.org/src:dwarfutils
14: https://packages.debian.org/src:fpc
15: https://packages.debian.org/src:galternatives
16: https://packages.debian.org/src:geolinks
17: https://packages.debian.org/src:gnats
18: https://packages.debian.org/src:gnome-settings-daemon
19: https://packages.debian.org/src:gnuplot
20: https://packages.debian.org/src:gnutls28
21: https://packages.debian.org/src:grub-installer
22: https://packages.debian.org/src:intel-microcode
23: https://packages.debian.org/src:libclamunrar
24: https://packages.debian.org/src:libopenmpt
25: https://packages.debian.org/src:libquicktime
26: https://packages.debian.org/src:linux-latest
27: https://packages.debian.org/src:nagios-nrpe
28: https://packages.debian.org/src:nvidia-graphics-drivers
29: https://packages.debian.org/src:octave-ocs
30: https://packages.debian.org/src:open-iscsi
31: https://packages.debian.org/src:openssh
32: https://packages.debian.org/src:openstack-debian-images
33: https://packages.debian.org/src:os-prober
34: https://packages.debian.org/src:osinfo-db
35: https://packages.debian.org/src:partman-base
36: https://packages.debian.org/src:pdns-recursor
37: https://packages.debian.org/src:perl
38: https://packages.debian.org/src:phpunit
39: https://packages.debian.org/src:protozero
40: https://packages.debian.org/src:pulseaudio
41: https://packages.debian.org/src:pykde4
42: https://packages.debian.org/src:python-colorlog
43: https://packages.debian.org/src:python-imaplib2
44: https://packages.debian.org/src:python-plumbum
45: https://packages.debian.org/src:qgis
46: https://packages.debian.org/src:request-tracker4
47: https://packages.debian.org/src:retext
48: https://packages.debian.org/src:rkhunter
49: https://packages.debian.org/src:socat
50: https://packages.debian.org/src:squashfs-tools
51: https://packages.debian.org/src:systemd
52: https://packages.debian.org/src:thermald
53: https://packages.debian.org/src:unrar-nonfree
54: https://packages.debian.org/src:win32-loader

Security Updates
----------------

This revision adds the following security updates to the stable release.
The Security Team has already released an advisory for each of these
updates:

+----------------+-----------------------+
| Advisory ID | Package |
+----------------+-----------------------+
| DSA-3876 [55] | otrs2 [56] |
| | |
| DSA-3877 [57] | tor [58] |
| | |
| DSA-3882 [59] | request-tracker4 [60] |
| | |
| DSA-3884 [61] | gnutls28 [62] |
| | |
| DSA-3885 [63] | irssi [64] |
| | |
| DSA-3886 [65] | linux [66] |
| | |
| DSA-3887 [67] | glibc [68] |
| | |
| DSA-3888 [69] | exim4 [70] |
| | |
| DSA-3890 [71] | spip [72] |
| | |
| DSA-3891 [73] | tomcat8 [74] |
| | |
| DSA-3893 [75] | jython [76] |
| | |
| DSA-3895 [77] | flatpak [78] |
| | |
| DSA-3896 [79] | apache2 [80] |
| | |
| DSA-3897 [81] | drupal7 [82] |
| | |
| DSA-3900 [83] | openvpn [84] |
| | |
| DSA-3901 [85] | libgcrypt20 [86] |
| | |
| DSA-3902 [87] | jabberd2 [88] |
| | |
| DSA-3903 [89] | tiff [90] |
| | |
| DSA-3904 [91] | bind9 [92] |
| | |
| DSA-3905 [93] | xorg-server [94] |
| | |
| DSA-3906 [95] | undertow [96] |
| | |
| DSA-3907 [97] | spice [98] |
| | |
| DSA-3908 [99] | nginx [100] |
| | |
| DSA-3910 [101] | knot [102] |
| | |
| DSA-3911 [103] | evince [104] |
| | |
| DSA-3912 [105] | heimdal [106] |
| | |
+----------------+-----------------------+

55: https://www.debian.org/security/2017/dsa-3876
56: https://packages.debian.org/src:otrs2
57: https://www.debian.org/security/2017/dsa-3877
58: https://packages.debian.org/src:tor
59: https://www.debian.org/security/2017/dsa-3882
60: https://packages.debian.org/src:request-tracker4
61: https://www.debian.org/security/2017/dsa-3884
62: https://packages.debian.org/src:gnutls28
63: https://www.debian.org/security/2017/dsa-3885
64: https://packages.debian.org/src:irssi
65: https://www.debian.org/security/2017/dsa-3886
66: https://packages.debian.org/src:linux
67: https://www.debian.org/security/2017/dsa-3887
68: https://packages.debian.org/src:glibc
69: https://www.debian.org/security/2017/dsa-3888
70: https://packages.debian.org/src:exim4
71: https://www.debian.org/security/2017/dsa-3890
72: https://packages.debian.org/src:spip
73: https://www.debian.org/security/2017/dsa-3891
74: https://packages.debian.org/src:tomcat8
75: https://www.debian.org/security/2017/dsa-3893
76: https://packages.debian.org/src:jython
77: https://www.debian.org/security/2017/dsa-3895
78: https://packages.debian.org/src:flatpak
79: https://www.debian.org/security/2017/dsa-3896
80: https://packages.debian.org/src:apache2
81: https://www.debian.org/security/2017/dsa-3897
82: https://packages.debian.org/src:drupal7
83: https://www.debian.org/security/2017/dsa-3900
84: https://packages.debian.org/src:openvpn
85: https://www.debian.org/security/2017/dsa-3901
86: https://packages.debian.org/src:libgcrypt20
87: https://www.debian.org/security/2017/dsa-3902
88: https://packages.debian.org/src:jabberd2
89: https://www.debian.org/security/2017/dsa-3903
90: https://packages.debian.org/src:tiff
91: https://www.debian.org/security/2017/dsa-3904
92: https://packages.debian.org/src:bind9
93: https://www.debian.org/security/2017/dsa-3905
94: https://packages.debian.org/src:xorg-server
95: https://www.debian.org/security/2017/dsa-3906
96: https://packages.debian.org/src:undertow
97: https://www.debian.org/security/2017/dsa-3907
98: https://packages.debian.org/src:spice
99: https://www.debian.org/security/2017/dsa-3908
100: https://packages.debian.org/src:nginx
101: https://www.debian.org/security/2017/dsa-3910
102: https://packages.debian.org/src:knot
103: https://www.debian.org/security/2017/dsa-3911
104: https://packages.debian.org/src:evince
105: https://www.debian.org/security/2017/dsa-3912
106: https://packages.debian.org/src:heimdal

Removed packages
----------------

The following packages were removed due to circumstances beyond our
control:

+-------------+---------------------------------+
| Package | Reason |
+-------------+---------------------------------+
| aiccu [107] | Useless since shutdown of SixXS |
| | |
+-------------+---------------------------------+

107: https://packages.debian.org/src:aiccu

Debian Installer
----------------

The installer has been updated to include the fixes incorporated into
stable by the point release.


URLs
----

The complete lists of packages that have changed with this revision:

http://ftp.debian.org/debian/dists/stretch/ChangeLog


The current stable distribution:

http://ftp.debian.org/debian/dists/stable/


Proposed updates to the stable distribution:

http://ftp.debian.org/debian/dists/proposed-updates


stable distribution information (release notes, errata etc.):

https://www.debian.org/releases/stable/


Security announcements and information:

https://security.debian.org/


About Debian
------------

The Debian Project is an association of Free Software developers who
volunteer their time and effort in order to produce the completely free
operating system Debian.