Debian 10225 Published by

Debian GNU/Linux 9.12 has been released. This is the twelfth update of the oldstable release which mainly adds security updates.



------------------------------------------------------------------------
The Debian Project https://www.debian.org/
Updated Debian 9: 9.12 released press@debian.org
February 8th, 2020 https://www.debian.org/News/2020/2020020802
------------------------------------------------------------------------

The Debian project is pleased to announce the twelth update of its
oldstable distribution Debian 9 (codename "stretch"). This point release
mainly adds corrections for security issues, along with a few
adjustments for serious problems. Security advisories have already been
published separately and are referenced where available.

Please note that the point release does not constitute a new version of
Debian 9 but only updates some of the packages included. There is no
need to throw away old "stretch" media. After installation, packages can
be upgraded to the current versions using an up-to-date Debian mirror.

Those who frequently install updates from security.debian.org won't have
to update many packages, and most such updates are included in the point
release.

New installation images will be available soon at the regular locations.

Upgrading an existing installation to this revision can be achieved by
pointing the package management system at one of Debian's many HTTP
mirrors. A comprehensive list of mirrors is available at:

https://www.debian.org/mirror/list


Miscellaneous Bugfixes
----------------------

This oldstable update adds a few important corrections to the following
packages:

+----------------------------+----------------------------------------+
| Package | Reason |
+----------------------------+----------------------------------------+
| base-files?[1] | Update for the point release |
| | |
| cargo?[2] | New upstream version, to support |
| | Firefox ESR backports; fix bootstrap |
| | for armhf |
| | |
| clamav?[3] | New upstream release; fix denial of |
| | service issue [CVE-2019-15961]; remove |
| | ScanOnAccess option, replacing with |
| | clamonacc |
| | |
| cups?[4] | Fix validation of default language in |
| | ippSetValuetag [CVE-2019-2228] |
| | |
| debian-installer?[5] | Rebuild against oldstable-proposed- |
| | updates; set gfxpayload=keep in |
| | submenus too, to fix unreadable fonts |
| | on hidpi displays in netboot images |
| | booted with EFI; update USE_UDEBS_FROM |
| | default from unstable to stretch, to |
| | help users performing local builds |
| | |
| debian-installer-netboot- | Rebuild against stretch-proposed- |
| images?[6] | updates |
| | |
| debian-security- | Update security support status of |
| support?[7] | several packages |
| | |
| dehydrated?[8] | New upstream release; use ACMEv2 API |
| | by default |
| | |
| dispmua?[9] | New upstream release compatible with |
| | Thunderbird 68 |
| | |
| dpdk?[10] | New upstream stable release; fix vhost |
| | regression introduced by the fix for |
| | CVE-2019-14818 |
| | |
| fence-agents?[11] | Fix incomplete removal of fence_amt_ws |
| | |
| fig2dev?[12] | Allow Fig v2 text strings ending with |
| | multiple ^A [CVE-2019-19555] |
| | |
| flightcrew?[13] | Security fixes [CVE-2019-13032 |
| | CVE-2019-13241] |
| | |
| freetype?[14] | Correctly handle deltas in TrueType GX |
| | fonts, fixing rendering of variable |
| | hinted fonts in Chromium and Firefox |
| | |
| glib2.0?[15] | Ensure libdbus clients can |
| | authenticate with a GDBusServer like |
| | the one in ibus |
| | |
| gnustep-base?[16] | Fix UDP amplification vulnerability |
| | |
| italc?[17] | Security fixes [CVE-2018-15126 |
| | CVE-2018-15127 CVE-2018-20019 |
| | CVE-2018-20020 CVE-2018-20021 |
| | CVE-2018-20022 CVE-2018-20023 |
| | CVE-2018-20024 CVE-2018-20748 |
| | CVE-2018-20749 CVE-2018-20750 |
| | CVE-2018-6307 CVE-2018-7225 CVE-2019- |
| | 15681] |
| | |
| libdate-holidays-de- | Mark International Childrens Day (Sep |
| perl?[18] | 20th) as a holiday in Thuringia from |
| | 2019 onwards |
| | |
| libdatetime-timezone- | Update included data |
| perl?[19] | |
| | |
| libidn?[20] | Fix denial of service vulnerability in |
| | Punycode handling [CVE-2017-14062] |
| | |
| libjaxen-java?[21] | Fix build failure by allowing test |
| | failures |
| | |
| libofx?[22] | Fix NULL pointer dereference issue |
| | [CVE-2019-9656] |
| | |
| libole-storage-lite- | Fix interpretation of years from 2020 |
| perl?[23] | onwards |
| | |
| libparse-win32registry- | Fix interpretation of years from 2020 |
| perl?[24] | onwards |
| | |
| libperl4-corelibs- | Fix interpretation of years from 2020 |
| perl?[25] | onwards |
| | |
| libpst?[26] | Fix detection of get_current_dir_name |
| | and return truncation |
| | |
| libsixel?[27] | Fix several security issues [CVE-2018- |
| | 19756 CVE-2018-19757 CVE-2018-19759 |
| | CVE-2018-19761 CVE-2018-19762 |
| | CVE-2018-19763 CVE-2019-3573 CVE-2019- |
| | 3574] |
| | |
| libsolv?[28] | Fix heap buffer overflow [CVE-2019- |
| | 20387] |
| | |
| libtest-mocktime-perl?[29] | Fix interpretation of years from 2020 |
| | onwards |
| | |
| libtimedate-perl?[30] | Fix interpretation of years from 2020 |
| | onwards |
| | |
| libvncserver?[31] | RFBserver: don't leak stack memory to |
| | the remote [CVE-2019-15681]; resolve a |
| | freeze during connection closure and a |
| | segmentation fault on multi-threaded |
| | VNC servers; fix issue connecting to |
| | VMWare servers; fix crashing of x11vnc |
| | when vncviewer connects |
| | |
| libxslt?[32] | Fix dangling pointer in xsltCopyText |
| | [CVE-2019-18197] |
| | |
| limnoria?[33] | Fix remote information disclosure and |
| | possibly remote code execution in the |
| | Math plugin [CVE-2019-19010] |
| | |
| linux?[34] | New upstream stable release |
| | |
| linux-latest?[35] | Update for Linux kernel ABI 4.9.0-12 |
| | |
| llvm-toolchain-7?[36] | Disable the gold linker from s390x; |
| | bootstrap with -fno-addrsig, stretch's |
| | binutils doesn't work with it on |
| | mips64el |
| | |
| mariadb-10.1?[37] | New upstream stable release [CVE-2019- |
| | 2974 CVE-2020-2574] |
| | |
| monit?[38] | Implement position independent CSRF |
| | cookie value |
| | |
| node-fstream?[39] | Clobber a Link if it's in the way of a |
| | File [CVE-2019-13173] |
| | |
| node-mixin-deep?[40] | Fix prototype polution [CVE-2018-3719 |
| | CVE-2019-10746] |
| | |
| nodejs-mozilla?[41] | New package to support Firefox ESR |
| | backports |
| | |
| nvidia-graphics-drivers- | New upstream stable release |
| legacy-340xx?[42] | |
| | |
| nyancat?[43] | Rebuild in a clean environment to add |
| | the systemd unit for nyancat-server |
| | |
| openjpeg2?[44] | Fix heap overflow [CVE-2018-21010], |
| | integer overflow [CVE-2018-20847] and |
| | division by zero [CVE-2016-9112] |
| | |
| perl?[45] | Fix interpretation of years from 2020 |
| | onwards |
| | |
| php-horde?[46] | Fix stored cross-site scripting issue |
| | in Horde Cloud Block [CVE-2019-12095] |
| | |
| postfix?[47] | New upstream stable release; work |
| | around poor TCP loopback performance |
| | |
| postgresql-9.6?[48] | New upstream release |
| | |
| proftpd-dfsg?[49] | Fix NULL pointer dereference in CRL |
| | checks [CVE-2019-19269] |
| | |
| pykaraoke?[50] | Fix path to fonts |
| | |
| python-acme?[51] | Switch to POST-as-GET protocol |
| | |
| python-cryptography?[52] | Fix test suite failures when built |
| | against newer OpenSSL versions |
| | |
| python-flask-rdf?[53] | Fix missing dependencies in python3- |
| | flask-rdf |
| | |
| python-pgmagick?[54] | Handle version detection of |
| | graphicsmagick security updates that |
| | identify themselves as version 1.4 |
| | |
| python-werkzeug?[55] | Ensure Docker containers have unique |
| | debugger PINs [CVE-2019-14806] |
| | |
| ros-ros-comm?[56] | Fix buffer overflow issue [CVE-2019- |
| | 13566]; fix integer overflow |
| | [CVE-2019-13445] |
| | |
| ruby-encryptor?[57] | Ignore test failures, fixing build |
| | failures |
| | |
| rust-cbindgen?[58] | New package to support Firefox ESR |
| | backports |
| | |
| rustc?[59] | New upstream version, to support |
| | Firefox ESR backports |
| | |
| safe-rm?[60] | Prevent installation in (and thereby |
| | breaking of) merged /usr environments |
| | |
| sorl-thumbnail?[61] | Workaround a pgmagick exception |
| | |
| sssd?[62] | sysdb: sanitize search filter input |
| | [CVE-2017-12173] |
| | |
| tigervnc?[63] | Security updates [CVE-2019-15691 |
| | CVE-2019-15692 CVE-2019-15693 |
| | CVE-2019-15694 CVE-2019-15695] |
| | |
| tightvnc?[64] | Security fixes [CVE-2014-6053 2019- |
| | 8287 CVE-2018-20021 CVE-2018-20022 |
| | CVE-2018-20748 CVE-2018-7225 CVE-2019- |
| | 15678 CVE-2019-15679 CVE-2019-15680 |
| | CVE-2019-15681 CVE-2019-8287] |
| | |
| tmpreaper?[65] | Add "--protect '/tmp/systemd- |
| | private*/*'" to cron job to prevent |
| | breaking systemd services that have |
| | PrivateTmp=true |
| | |
| tzdata?[66] | New upstream release |
| | |
| ublock-origin?[67] | New upstream version, compatible with |
| | Firefox ESR68 |
| | |
| unhide?[68] | Fix stack exhaustion |
| | |
| x2goclient?[69] | Strip ~/, ~user{,/}, ${HOME}{,/} and |
| | $HOME{,/} from destination paths in |
| | scp mode; fixes regression with newer |
| | libssh versions with fixes for |
| | CVE-2019-14889 applied |
| | |
| xml-security-c?[70] | Fix "DSA verification crashes OpenSSL |
| | on invalid combinations of key |
| | content" |
| | |
+----------------------------+----------------------------------------+

1: https://packages.debian.org/src:base-files
2: https://packages.debian.org/src:cargo
3: https://packages.debian.org/src:clamav
4: https://packages.debian.org/src:cups
5: https://packages.debian.org/src:debian-installer
6: https://packages.debian.org/src:debian-installer-netboot-images
7: https://packages.debian.org/src:debian-security-support
8: https://packages.debian.org/src:dehydrated
9: https://packages.debian.org/src:dispmua
10: https://packages.debian.org/src:dpdk
11: https://packages.debian.org/src:fence-agents
12: https://packages.debian.org/src:fig2dev
13: https://packages.debian.org/src:flightcrew
14: https://packages.debian.org/src:freetype
15: https://packages.debian.org/src:glib2.0
16: https://packages.debian.org/src:gnustep-base
17: https://packages.debian.org/src:italc
18: https://packages.debian.org/src:libdate-holidays-de-perl
19: https://packages.debian.org/src:libdatetime-timezone-perl
20: https://packages.debian.org/src:libidn
21: https://packages.debian.org/src:libjaxen-java
22: https://packages.debian.org/src:libofx
23: https://packages.debian.org/src:libole-storage-lite-perl
24: https://packages.debian.org/src:libparse-win32registry-perl
25: https://packages.debian.org/src:libperl4-corelibs-perl
26: https://packages.debian.org/src:libpst
27: https://packages.debian.org/src:libsixel
28: https://packages.debian.org/src:libsolv
29: https://packages.debian.org/src:libtest-mocktime-perl
30: https://packages.debian.org/src:libtimedate-perl
31: https://packages.debian.org/src:libvncserver
32: https://packages.debian.org/src:libxslt
33: https://packages.debian.org/src:limnoria
34: https://packages.debian.org/src:linux
35: https://packages.debian.org/src:linux-latest
36: https://packages.debian.org/src:llvm-toolchain-7
37: https://packages.debian.org/src:mariadb-10.1
38: https://packages.debian.org/src:monit
39: https://packages.debian.org/src:node-fstream
40: https://packages.debian.org/src:node-mixin-deep
41: https://packages.debian.org/src:nodejs-mozilla
42: https://packages.debian.org/src:nvidia-graphics-drivers-legacy-340xx
43: https://packages.debian.org/src:nyancat
44: https://packages.debian.org/src:openjpeg2
45: https://packages.debian.org/src:perl
46: https://packages.debian.org/src:php-horde
47: https://packages.debian.org/src:postfix
48: https://packages.debian.org/src:postgresql-9.6
49: https://packages.debian.org/src:proftpd-dfsg
50: https://packages.debian.org/src:pykaraoke
51: https://packages.debian.org/src:python-acme
52: https://packages.debian.org/src:python-cryptography
53: https://packages.debian.org/src:python-flask-rdf
54: https://packages.debian.org/src:python-pgmagick
55: https://packages.debian.org/src:python-werkzeug
56: https://packages.debian.org/src:ros-ros-comm
57: https://packages.debian.org/src:ruby-encryptor
58: https://packages.debian.org/src:rust-cbindgen
59: https://packages.debian.org/src:rustc
60: https://packages.debian.org/src:safe-rm
61: https://packages.debian.org/src:sorl-thumbnail
62: https://packages.debian.org/src:sssd
63: https://packages.debian.org/src:tigervnc
64: https://packages.debian.org/src:tightvnc
65: https://packages.debian.org/src:tmpreaper
66: https://packages.debian.org/src:tzdata
67: https://packages.debian.org/src:ublock-origin
68: https://packages.debian.org/src:unhide
69: https://packages.debian.org/src:x2goclient
70: https://packages.debian.org/src:xml-security-c

Security Updates
----------------

This revision adds the following security updates to the oldstable
release. The Security Team has already released an advisory for each of
these updates:

+----------------+-------------------------+
| Advisory ID | Package |
+----------------+-------------------------+
| DSA-4474?[71] | firefox-esr?[72] |
| | |
| DSA-4479?[73] | firefox-esr?[74] |
| | |
| DSA-4509?[75] | apache2?[76] |
| | |
| DSA-4509?[77] | subversion?[78] |
| | |
| DSA-4511?[79] | nghttp2?[80] |
| | |
| DSA-4516?[81] | firefox-esr?[82] |
| | |
| DSA-4517?[83] | exim4?[84] |
| | |
| DSA-4518?[85] | ghostscript?[86] |
| | |
| DSA-4519?[87] | libreoffice?[88] |
| | |
| DSA-4522?[89] | faad2?[90] |
| | |
| DSA-4523?[91] | thunderbird?[92] |
| | |
| DSA-4525?[93] | ibus?[94] |
| | |
| DSA-4526?[95] | opendmarc?[96] |
| | |
| DSA-4528?[97] | bird?[98] |
| | |
| DSA-4529?[99] | php7.0?[100] |
| | |
| DSA-4530?[101] | expat?[102] |
| | |
| DSA-4531?[103] | linux?[104] |
| | |
| DSA-4532?[105] | spip?[106] |
| | |
| DSA-4535?[107] | e2fsprogs?[108] |
| | |
| DSA-4537?[109] | file-roller?[110] |
| | |
| DSA-4539?[111] | openssl?[112] |
| | |
| DSA-4540?[113] | openssl1.0?[114] |
| | |
| DSA-4541?[115] | libapreq2?[116] |
| | |
| DSA-4542?[117] | jackson-databind?[118] |
| | |
| DSA-4543?[119] | sudo?[120] |
| | |
| DSA-4545?[121] | mediawiki?[122] |
| | |
| DSA-4547?[123] | tcpdump?[124] |
| | |
| DSA-4548?[125] | openjdk-8?[126] |
| | |
| DSA-4549?[127] | firefox-esr?[128] |
| | |
| DSA-4550?[129] | file?[130] |
| | |
| DSA-4552?[131] | php7.0?[132] |
| | |
| DSA-4554?[133] | ruby-loofah?[134] |
| | |
| DSA-4555?[135] | pam-python?[136] |
| | |
| DSA-4557?[137] | libarchive?[138] |
| | |
| DSA-4559?[139] | proftpd-dfsg?[140] |
| | |
| DSA-4560?[141] | simplesamlphp?[142] |
| | |
| DSA-4564?[143] | linux?[144] |
| | |
| DSA-4565?[145] | intel-microcode?[146] |
| | |
| DSA-4567?[147] | dpdk?[148] |
| | |
| DSA-4568?[149] | postgresql-common?[150] |
| | |
| DSA-4569?[151] | ghostscript?[152] |
| | |
| DSA-4571?[153] | thunderbird?[154] |
| | |
| DSA-4573?[155] | symfony?[156] |
| | |
| DSA-4574?[157] | redmine?[158] |
| | |
| DSA-4576?[159] | php-imagick?[160] |
| | |
| DSA-4578?[161] | libvpx?[162] |
| | |
| DSA-4580?[163] | firefox-esr?[164] |
| | |
| DSA-4581?[165] | git?[166] |
| | |
| DSA-4582?[167] | davical?[168] |
| | |
| DSA-4584?[169] | spamassassin?[170] |
| | |
| DSA-4585?[171] | thunderbird?[172] |
| | |
| DSA-4587?[173] | ruby2.3?[174] |
| | |
| DSA-4588?[175] | python-ecdsa?[176] |
| | |
| DSA-4589?[177] | debian-edu-config?[178] |
| | |
| DSA-4590?[179] | cyrus-imapd?[180] |
| | |
| DSA-4591?[181] | cyrus-sasl2?[182] |
| | |
| DSA-4592?[183] | mediawiki?[184] |
| | |
| DSA-4593?[185] | freeimage?[186] |
| | |
| DSA-4594?[187] | openssl1.0?[188] |
| | |
| DSA-4595?[189] | debian-lan-config?[190] |
| | |
| DSA-4596?[191] | tomcat8?[192] |
| | |
| DSA-4596?[193] | tomcat-native?[194] |
| | |
| DSA-4597?[195] | netty?[196] |
| | |
| DSA-4598?[197] | python-django?[198] |
| | |
| DSA-4600?[199] | firefox-esr?[200] |
| | |
| DSA-4601?[201] | ldm?[202] |
| | |
| DSA-4602?[203] | xen?[204] |
| | |
| DSA-4603?[205] | thunderbird?[206] |
| | |
| DSA-4604?[207] | cacti?[208] |
| | |
| DSA-4607?[209] | openconnect?[210] |
| | |
| DSA-4609?[211] | python-apt?[212] |
| | |
| DSA-4611?[213] | opensmtpd?[214] |
| | |
| DSA-4612?[215] | prosody-modules?[216] |
| | |
| DSA-4614?[217] | sudo?[218] |
| | |
| DSA-4615?[219] | spamassassin?[220] |
| | |
+----------------+-------------------------+

71: https://www.debian.org/security/2019/dsa-4474
72: https://packages.debian.org/src:firefox-esr
73: https://www.debian.org/security/2019/dsa-4479
74: https://packages.debian.org/src:firefox-esr
75: https://www.debian.org/security/2019/dsa-4509
76: https://packages.debian.org/src:apache2
77: https://www.debian.org/security/2019/dsa-4509
78: https://packages.debian.org/src:subversion
79: https://www.debian.org/security/2019/dsa-4511
80: https://packages.debian.org/src:nghttp2
81: https://www.debian.org/security/2019/dsa-4516
82: https://packages.debian.org/src:firefox-esr
83: https://www.debian.org/security/2019/dsa-4517
84: https://packages.debian.org/src:exim4
85: https://www.debian.org/security/2019/dsa-4518
86: https://packages.debian.org/src:ghostscript
87: https://www.debian.org/security/2019/dsa-4519
88: https://packages.debian.org/src:libreoffice
89: https://www.debian.org/security/2019/dsa-4522
90: https://packages.debian.org/src:faad2
91: https://www.debian.org/security/2019/dsa-4523
92: https://packages.debian.org/src:thunderbird
93: https://www.debian.org/security/2019/dsa-4525
94: https://packages.debian.org/src:ibus
95: https://www.debian.org/security/2019/dsa-4526
96: https://packages.debian.org/src:opendmarc
97: https://www.debian.org/security/2019/dsa-4528
98: https://packages.debian.org/src:bird
99: https://www.debian.org/security/2019/dsa-4529
100: https://packages.debian.org/src:php7.0
101: https://www.debian.org/security/2019/dsa-4530
102: https://packages.debian.org/src:expat
103: https://www.debian.org/security/2019/dsa-4531
104: https://packages.debian.org/src:linux
105: https://www.debian.org/security/2019/dsa-4532
106: https://packages.debian.org/src:spip
107: https://www.debian.org/security/2019/dsa-4535
108: https://packages.debian.org/src:e2fsprogs
109: https://www.debian.org/security/2019/dsa-4537
110: https://packages.debian.org/src:file-roller
111: https://www.debian.org/security/XXXX/dsa-4539
112: https://packages.debian.org/src:openssl
113: https://www.debian.org/security/2019/dsa-4540
114: https://packages.debian.org/src:openssl1.0
115: https://www.debian.org/security/2019/dsa-4541
116: https://packages.debian.org/src:libapreq2
117: https://www.debian.org/security/2019/dsa-4542
118: https://packages.debian.org/src:jackson-databind
119: https://www.debian.org/security/2019/dsa-4543
120: https://packages.debian.org/src:sudo
121: https://www.debian.org/security/2019/dsa-4545
122: https://packages.debian.org/src:mediawiki
123: https://www.debian.org/security/2019/dsa-4547
124: https://packages.debian.org/src:tcpdump
125: https://www.debian.org/security/2019/dsa-4548
126: https://packages.debian.org/src:openjdk-8
127: https://www.debian.org/security/XXXX/dsa-4549
128: https://packages.debian.org/src:firefox-esr
129: https://www.debian.org/security/2019/dsa-4550
130: https://packages.debian.org/src:file
131: https://www.debian.org/security/2019/dsa-4552
132: https://packages.debian.org/src:php7.0
133: https://www.debian.org/security/2019/dsa-4554
134: https://packages.debian.org/src:ruby-loofah
135: https://www.debian.org/security/2019/dsa-4555
136: https://packages.debian.org/src:pam-python
137: https://www.debian.org/security/2019/dsa-4557
138: https://packages.debian.org/src:libarchive
139: https://www.debian.org/security/2019/dsa-4559
140: https://packages.debian.org/src:proftpd-dfsg
141: https://www.debian.org/security/2019/dsa-4560
142: https://packages.debian.org/src:simplesamlphp
143: https://www.debian.org/security/2019/dsa-4564
144: https://packages.debian.org/src:linux
145: https://www.debian.org/security/2019/dsa-4565
146: https://packages.debian.org/src:intel-microcode
147: https://www.debian.org/security/2019/dsa-4567
148: https://packages.debian.org/src:dpdk
149: https://www.debian.org/security/2019/dsa-4568
150: https://packages.debian.org/src:postgresql-common
151: https://www.debian.org/security/2019/dsa-4569
152: https://packages.debian.org/src:ghostscript
153: https://www.debian.org/security/2019/dsa-4571
154: https://packages.debian.org/src:thunderbird
155: https://www.debian.org/security/2019/dsa-4573
156: https://packages.debian.org/src:symfony
157: https://www.debian.org/security/2019/dsa-4574
158: https://packages.debian.org/src:redmine
159: https://www.debian.org/security/2019/dsa-4576
160: https://packages.debian.org/src:php-imagick
161: https://www.debian.org/security/2019/dsa-4578
162: https://packages.debian.org/src:libvpx
163: https://www.debian.org/security/2019/dsa-4580
164: https://packages.debian.org/src:firefox-esr
165: https://www.debian.org/security/2019/dsa-4581
166: https://packages.debian.org/src:git
167: https://www.debian.org/security/2019/dsa-4582
168: https://packages.debian.org/src:davical
169: https://www.debian.org/security/2019/dsa-4584
170: https://packages.debian.org/src:spamassassin
171: https://www.debian.org/security/2019/dsa-4585
172: https://packages.debian.org/src:thunderbird
173: https://www.debian.org/security/2019/dsa-4587
174: https://packages.debian.org/src:ruby2.3
175: https://www.debian.org/security/2019/dsa-4588
176: https://packages.debian.org/src:python-ecdsa
177: https://www.debian.org/security/2019/dsa-4589
178: https://packages.debian.org/src:debian-edu-config
179: https://www.debian.org/security/2019/dsa-4590
180: https://packages.debian.org/src:cyrus-imapd
181: https://www.debian.org/security/2019/dsa-4591
182: https://packages.debian.org/src:cyrus-sasl2
183: https://www.debian.org/security/2019/dsa-4592
184: https://packages.debian.org/src:mediawiki
185: https://www.debian.org/security/2019/dsa-4593
186: https://packages.debian.org/src:freeimage
187: https://www.debian.org/security/2019/dsa-4594
188: https://packages.debian.org/src:openssl1.0
189: https://www.debian.org/security/2019/dsa-4595
190: https://packages.debian.org/src:debian-lan-config
191: https://www.debian.org/security/2019/dsa-4596
192: https://packages.debian.org/src:tomcat8
193: https://www.debian.org/security/XXXX/dsa-4596
194: https://packages.debian.org/src:tomcat-native
195: https://www.debian.org/security/2020/dsa-4597
196: https://packages.debian.org/src:netty
197: https://www.debian.org/security/2020/dsa-4598
198: https://packages.debian.org/src:python-django
199: https://www.debian.org/security/2020/dsa-4600
200: https://packages.debian.org/src:firefox-esr
201: https://www.debian.org/security/2020/dsa-4601
202: https://packages.debian.org/src:ldm
203: https://www.debian.org/security/2020/dsa-4602
204: https://packages.debian.org/src:xen
205: https://www.debian.org/security/2020/dsa-4603
206: https://packages.debian.org/src:thunderbird
207: https://www.debian.org/security/2020/dsa-4604
208: https://packages.debian.org/src:cacti
209: https://www.debian.org/security/2020/dsa-4607
210: https://packages.debian.org/src:openconnect
211: https://www.debian.org/security/2020/dsa-4609
212: https://packages.debian.org/src:python-apt
213: https://www.debian.org/security/XXXX/dsa-4611
214: https://packages.debian.org/src:opensmtpd
215: https://www.debian.org/security/2020/dsa-4612
216: https://packages.debian.org/src:prosody-modules
217: https://www.debian.org/security/2020/dsa-4614
218: https://packages.debian.org/src:sudo
219: https://www.debian.org/security/2020/dsa-4615
220: https://packages.debian.org/src:spamassassin

Removed packages
----------------

The following packages were removed due to circumstances beyond our
control:

+------------------------+---------------------------------------------+
| Package | Reason |
+------------------------+---------------------------------------------+
| firetray?[221] | Incompatible with current Thunderbird |
| | versions |
| | |
| koji?[222] | Security issues |
| | |
| python-lamson?[223] | Broken by changes in python-daemon |
| | |
| radare2?[224] | Security issues; upstream do not offer |
| | stable support |
| | |
| ruby-simple-form?[225] | Unused; security issues |
| | |
| trafficserver?[226] | Unsupportable |
| | |
+------------------------+---------------------------------------------+

221: https://packages.debian.org/src:firetray
222: https://packages.debian.org/src:koji
223: https://packages.debian.org/src:python-lamson
224: https://packages.debian.org/src:radare2
225: https://packages.debian.org/src:ruby-simple-form
226: https://packages.debian.org/src:trafficserver

Debian Installer
----------------

The installer has been updated to include the fixes incorporated into
oldstable by the point release.

URLs
----

The complete lists of packages that have changed with this revision:

http://ftp.debian.org/debian/dists/stretch/ChangeLog

The current oldstable distribution:

http://ftp.debian.org/debian/dists/oldstable/

Proposed updates to the oldstable distribution:

http://ftp.debian.org/debian/dists/oldstable-proposed-updates

oldstable distribution information (release notes, errata etc.):

https://www.debian.org/releases/oldstable/

Security announcements and information:

https://www.debian.org/security/


About Debian
------------

The Debian Project is an association of Free Software developers who
volunteer their time and effort in order to produce the completely free
operating system Debian.

Contact Information
-------------------

For further information, please visit the Debian web pages at
https://www.debian.org/, send mail to , or contact the
stable release team at .