Debian 10228 Published by

Both Debian GNU/Linux 8.10 and 9.3 has been released:

Updated Debian 8: 8.10 released
Updated Debian 9: 9.3 released



Updated Debian 8: 8.10 released

------------------------------------------------------------------------
The Debian Project https://www.debian.org/
Updated Debian 8: 8.10 released press@debian.org
December 9th, 2017 https://www.debian.org/News/2017/20171209
------------------------------------------------------------------------


The Debian project is pleased to announce the tenth update of its
oldstable distribution Debian 8 (codename "jessie"). This point release
mainly adds corrections for security issues, along with a few
adjustments for serious problems. Security advisories have already been
published separately and are referenced where available.

Please note that the point release does not constitute a new version of
Debian 8 but only updates some of the packages included. There is no
need to throw away old "jessie" media. After installation, packages can
be upgraded to the current versions using an up-to-date Debian mirror.

Those who frequently install updates from security.debian.org won't have
to update many packages, and most such updates are included in the point
release.

New installation images will be available soon at the regular locations.

Upgrading an existing installation to this revision can be achieved by
pointing the package management system at one of Debian's many HTTP
mirrors. A comprehensive list of mirrors is available at:

https://www.debian.org/mirror/list



Miscellaneous Bugfixes
----------------------

This oldstable update adds a few important corrections to the following
packages:

+---------------------------+-----------------------------------------+
| Package | Reason |
+---------------------------+-----------------------------------------+
| bareos [1] | Fix permissions of bareos-dir logrotate |
| | config; fix file corruption when using |
| | SHA1 signature |
| | |
| base-files [2] | Update for the point release |
| | |
| bind9 [3] | Import upcoming DNSSEC KSK-2017 |
| | |
| cups [4] | Disable SSLv3 and RC4 by default to |
| | address POODLE vulnerability |
| | |
| db [5] | Do not access DB_CONFIG when db_home is |
| | not set [CVE-2017-10140] |
| | |
| db5.3 [6] | Do not access DB_CONFIG when db_home is |
| | not set [CVE-2017-10140] |
| | |
| debian-installer [7] | Rebuild for the point release |
| | |
| debian-installer-netboot- | Rebuild for the point release |
| images [8] | |
| | |
| debmirror [9] | Tolerate unknown lines in *.diff/Index; |
| | mirror DEP-11 metadata files; prefer xz |
| | over gz, and cope with either being |
| | missing; mirror and validate InRelease |
| | files |
| | |
| dns-root-data [10] | Update root.hints to 2017072601 |
| | version; add KSK-2017 to root.key file |
| | |
| dput [11] | dput.cf: replace security- |
| | master.debian.org with |
| | ftp.upload.security.debian.org |
| | |
| dwww [12] | Fix "Last-Modified" header name |
| | |
| elog [13] | Update patch 0005_elogd_CVE-2016- |
| | 6342_fix to grant access as normal user |
| | |
| flightgear [14] | Fix arbitrary file overwrite |
| | vulnerability [CVE-2017-13709] |
| | |
| gsoap [15] | Fix integer overflow via large XML |
| | document [CVE-2017-9765] |
| | |
| hexchat [16] | Fix segmentation fault following / |
| | server command |
| | |
| icu [17] | Fix double free in |
| | createMetazoneMappings() [CVE-2017- |
| | 14952] |
| | |
| kdepim [18] | Fix "send Later with Delay bypasses |
| | OpenPGP" [CVE-2017-9604] |
| | |
| kedpm [19] | Fix information leak via command |
| | history file [CVE-2017-8296] |
| | |
| keyringer [20] | Handle subkeys without expiration date |
| | and public keys listed multiple times |
| | |
| krb5 [21] | Security fixes - remote authenticated |
| | attackers can crash the KDC [CVE-2017- |
| | 11368]; kdc crash on |
| | restrict_anon_to_tgt [CVE-2016-3120]; |
| | remote DOS with ldap for authenticated |
| | attackers [CVE-2016-3119]; prevent |
| | requires_preauth bypass [CVE-2015-2694] |
| | |
| libdatetime-timezone- | Update included data |
| perl [22] | |
| | |
| libdbi [23] | Re-enable error handler call in |
| | dbi_result_next_row() |
| | |
| libembperl-perl [24] | Change hard dependency on mod_perl in |
| | zembperl.load to Recommends, fixing an |
| | installation failure when libapache2- |
| | mod-perl2 is not installed |
| | |
| libio-socket-ssl- | Fix segfault using malformed client |
| perl [25] | certificates |
| | |
| liblouis [26] | Fix multiple stack-based buffer |
| | overflows [CVE-2014-8184] |
| | |
| libofx [27] | Security fixes [CVE-2017-2816 CVE-2017- |
| | 14731] |
| | |
| libwnckmm [28] | Tighten dependencies between packages; |
| | use jquery.js from libjs-jquery |
| | |
| libwpd [29] | Security fix [CVE-2017-14226] |
| | |
| libx11 [30] | Fix "insufficient validation of data |
| | from the X server can cause out of |
| | boundary memory read (XGetImage()) or |
| | write (XListFonts())" [CVE-2016-7942 |
| | CVE-2016-7943] |
| | |
| libxfixes [31] | Fix integer overflow on illegal server |
| | response [CVE-2016-7944] |
| | |
| libxi [32] | Fix "insufficient validation of data |
| | from the X server can cause out of |
| | boundary memory access or endless |
| | loops" [CVE-2016-7945 CVE-2016-7946] |
| | |
| libxrandr [33] | Avoid out of boundary accesses on |
| | illegal responses [CVE-2016-7947 |
| | CVE-2016-7948] |
| | |
| libxtst [34] | Fix "insufficient validation of data |
| | from the X server can cause out of |
| | boundary memory access or endless |
| | loops" [CVE-2016-7951 CVE-2016-7952] |
| | |
| libxv [35] | Fix protocol handling issues in libXv |
| | [CVE-2016-5407] |
| | |
| libxvmc [36] | Avoid buffer underflow on empty strings |
| | [CVE-2016-7953] |
| | |
| linux [37] | New stable kernel version 3.16.51 |
| | |
| ncurses [38] | Fix various crash bugs in the tic |
| | library and the tic binary [CVE-2017- |
| | 10684 CVE-2017-10685 CVE-2017-11112 |
| | CVE-2017-11113 CVE-2017-13728 CVE-2017- |
| | 13729 CVE-2017-13730 CVE-2017-13731 |
| | CVE-2017-13732 CVE-2017-13734 CVE-2017- |
| | 13733] |
| | |
| openssh [39] | Test configuration before starting or |
| | reloading sshd under systemd; make |
| | "--" before the hostname terminate |
| | argument processing after the hostname |
| | too |
| | |
| pdns [40] | Add missing check on API operations |
| | [CVE-2017-15091] |
| | |
| pdns-recursor [41] | Fix configuration file injection in the |
| | API [CVE-2017-15093] |
| | |
| postgresql-9.4 [42] | New upstream bugfix release |
| | |
| python-tablib [43] | Securely load YAML [CVE-2017-2810] |
| | |
| request-tracker4 [44] | Fix regression in previous security |
| | release where incorrect SHA256 |
| | passwords could trigger an error |
| | |
| ruby-ox [45] | Avoid crash with invalid XML passed to |
| | Oj.parse_obj() [CVE-2017-15928] |
| | |
| sam2p [46] | Fix several integer overflow or heap- |
| | based buffer overflow issues [CVE-2017- |
| | 14628 CVE-2017-14629 CVE-2017-14630 |
| | CVE-2017-14631 CVE-2017-14636 CVE-2017- |
| | 14637 CVE-2017-16663] |
| | |
| slurm-llnl [47] | Fix security issue caused by insecure |
| | file path handling triggered by the |
| | failure of a Prolog script [CVE-2016- |
| | 10030] |
| | |
| sudo [48] | Fix arbitrary terminal access |
| | [CVE-2017-1000368] |
| | |
| syslinux [49] | Fix boot problem for old BIOS firmware |
| | by correcting C/H/S order |
| | |
| tor [50] | Add "Bastet" directory authority; |
| | update geoip and geoip6 to the October |
| | 4 2017 Maxmind GeoLite2 country |
| | database; fix a memset() off the end of |
| | an array when packing cells |
| | |
| transfig [51] | Add input sanitisation on FIG files |
| | [CVE-2017-16899]; sanitize input of |
| | fill patterns |
| | |
| tzdata [52] | New upstream release |
| | |
| unbound [53] | Fix install of trust anchor when two |
| | anchors are present; include root trust |
| | anchor id 20326 |
| | |
| weechat [54] | "logger: call strftime before replacing |
| | buffer local variables" [CVE-2017- |
| | 14727] |
| | |
+---------------------------+-----------------------------------------+

1: https://packages.debian.org/src:bareos
2: https://packages.debian.org/src:base-files
3: https://packages.debian.org/src:bind9
4: https://packages.debian.org/src:cups
5: https://packages.debian.org/src:db
6: https://packages.debian.org/src:db5.3
7: https://packages.debian.org/src:debian-installer
8: https://packages.debian.org/src:debian-installer-netboot-images
9: https://packages.debian.org/src:debmirror
10: https://packages.debian.org/src:dns-root-data
11: https://packages.debian.org/src:dput
12: https://packages.debian.org/src:dwww
13: https://packages.debian.org/src:elog
14: https://packages.debian.org/src:flightgear
15: https://packages.debian.org/src:gsoap
16: https://packages.debian.org/src:hexchat
17: https://packages.debian.org/src:icu
18: https://packages.debian.org/src:kdepim
19: https://packages.debian.org/src:kedpm
20: https://packages.debian.org/src:keyringer
21: https://packages.debian.org/src:krb5
22: https://packages.debian.org/src:libdatetime-timezone-perl
23: https://packages.debian.org/src:libdbi
24: https://packages.debian.org/src:libembperl-perl
25: https://packages.debian.org/src:libio-socket-ssl-perl
26: https://packages.debian.org/src:liblouis
27: https://packages.debian.org/src:libofx
28: https://packages.debian.org/src:libwnckmm
29: https://packages.debian.org/src:libwpd
30: https://packages.debian.org/src:libx11
31: https://packages.debian.org/src:libxfixes
32: https://packages.debian.org/src:libxi
33: https://packages.debian.org/src:libxrandr
34: https://packages.debian.org/src:libxtst
35: https://packages.debian.org/src:libxv
36: https://packages.debian.org/src:libxvmc
37: https://packages.debian.org/src:linux
38: https://packages.debian.org/src:ncurses
39: https://packages.debian.org/src:openssh
40: https://packages.debian.org/src:pdns
41: https://packages.debian.org/src:pdns-recursor
42: https://packages.debian.org/src:postgresql-9.4
43: https://packages.debian.org/src:python-tablib
44: https://packages.debian.org/src:request-tracker4
45: https://packages.debian.org/src:ruby-ox
46: https://packages.debian.org/src:sam2p
47: https://packages.debian.org/src:slurm-llnl
48: https://packages.debian.org/src:sudo
49: https://packages.debian.org/src:syslinux
50: https://packages.debian.org/src:tor
51: https://packages.debian.org/src:transfig
52: https://packages.debian.org/src:tzdata
53: https://packages.debian.org/src:unbound
54: https://packages.debian.org/src:weechat

Security Updates
----------------

This revision adds the following security updates to the oldstable
release. The Security Team has already released an advisory for each of
these updates:

+----------------+----------------------------+
| Advisory ID | Package |
+----------------+----------------------------+
| DSA-3904 [55] | bind9 [56] |
| | |
| DSA-3908 [57] | nginx [58] |
| | |
| DSA-3909 [59] | samba [60] |
| | |
| DSA-3913 [61] | apache2 [62] |
| | |
| DSA-3914 [63] | imagemagick [64] |
| | |
| DSA-3916 [65] | atril [66] |
| | |
| DSA-3917 [67] | catdoc [68] |
| | |
| DSA-3921 [69] | enigmail [70] |
| | |
| DSA-3922 [71] | mysql-5.5 [72] |
| | |
| DSA-3924 [73] | varnish [74] |
| | |
| DSA-3928 [75] | firefox-esr [76] |
| | |
| DSA-3929 [77] | libsoup2.4 [78] |
| | |
| DSA-3930 [79] | freeradius [80] |
| | |
| DSA-3932 [81] | subversion [82] |
| | |
| DSA-3933 [83] | pjproject [84] |
| | |
| DSA-3934 [85] | git [86] |
| | |
| DSA-3935 [87] | postgresql-9.4 [88] |
| | |
| DSA-3937 [89] | zabbix [90] |
| | |
| DSA-3938 [91] | libgd2 [92] |
| | |
| DSA-3939 [93] | botan1.10 [94] |
| | |
| DSA-3940 [95] | cvs [96] |
| | |
| DSA-3942 [97] | supervisor [98] |
| | |
| DSA-3943 [99] | gajim [100] |
| | |
| DSA-3945 [101] | linux [102] |
| | |
| DSA-3946 [103] | libmspack [104] |
| | |
| DSA-3947 [105] | newsbeuter [106] |
| | |
| DSA-3948 [107] | ioquake3 [108] |
| | |
| DSA-3949 [109] | augeas [110] |
| | |
| DSA-3950 [111] | libraw [112] |
| | |
| DSA-3951 [113] | smb4k [114] |
| | |
| DSA-3952 [115] | libxml2 [116] |
| | |
| DSA-3956 [117] | connman [118] |
| | |
| DSA-3958 [119] | fontforge [120] |
| | |
| DSA-3960 [121] | gnupg [122] |
| | |
| DSA-3961 [123] | libgd2 [124] |
| | |
| DSA-3962 [125] | strongswan [126] |
| | |
| DSA-3963 [127] | mercurial [128] |
| | |
| DSA-3964 [129] | asterisk [130] |
| | |
| DSA-3969 [131] | xen [132] |
| | |
| DSA-3970 [133] | emacs24 [134] |
| | |
| DSA-3971 [135] | tcpdump [136] |
| | |
| DSA-3972 [137] | bluez [138] |
| | |
| DSA-3973 [139] | wordpress-shibboleth [140] |
| | |
| DSA-3974 [141] | tomcat8 [142] |
| | |
| DSA-3976 [143] | freexl [144] |
| | |
| DSA-3977 [145] | newsbeuter [146] |
| | |
| DSA-3978 [147] | gdk-pixbuf [148] |
| | |
| DSA-3979 [149] | pyjwt [150] |
| | |
| DSA-3980 [151] | apache2 [152] |
| | |
| DSA-3981 [153] | linux [154] |
| | |
| DSA-3982 [155] | perl [156] |
| | |
| DSA-3983 [157] | samba [158] |
| | |
| DSA-3984 [159] | git [160] |
| | |
| DSA-3986 [161] | ghostscript [162] |
| | |
| DSA-3987 [163] | firefox-esr [164] |
| | |
| DSA-3988 [165] | libidn2-0 [166] |
| | |
| DSA-3989 [167] | dnsmasq [168] |
| | |
| DSA-3990 [169] | asterisk [170] |
| | |
| DSA-3992 [171] | curl [172] |
| | |
| DSA-3995 [173] | libxfont [174] |
| | |
| DSA-3997 [175] | wordpress [176] |
| | |
| DSA-3998 [177] | nss [178] |
| | |
| DSA-3999 [179] | wpa [180] |
| | |
| DSA-4000 [181] | xorg-server [182] |
| | |
| DSA-4002 [183] | mysql-5.5 [184] |
| | |
| DSA-4004 [185] | jackson-databind [186] |
| | |
| DSA-4006 [187] | mupdf [188] |
| | |
| DSA-4007 [189] | curl [190] |
| | |
| DSA-4008 [191] | wget [192] |
| | |
| DSA-4011 [193] | quagga [194] |
| | |
| DSA-4012 [195] | libav [196] |
| | |
| DSA-4013 [197] | openjpeg2 [198] |
| | |
| DSA-4016 [199] | irssi [200] |
| | |
| DSA-4018 [201] | openssl [202] |
| | |
| DSA-4021 [203] | otrs2 [204] |
| | |
| DSA-4022 [205] | libreoffice [206] |
| | |
| DSA-4025 [207] | libpam4j [208] |
| | |
| DSA-4026 [209] | bchunk [210] |
| | |
| DSA-4027 [211] | postgresql-9.4 [212] |
| | |
| DSA-4029 [213] | postgresql-common [214] |
| | |
| DSA-4033 [215] | konversation [216] |
| | |
| DSA-4035 [217] | firefox-esr [218] |
| | |
| DSA-4037 [219] | jackson-databind [220] |
| | |
| DSA-4038 [221] | shibboleth-sp2 [222] |
| | |
| DSA-4039 [223] | opensaml2 [224] |
| | |
| DSA-4040 [225] | imagemagick [226] |
| | |
| DSA-4041 [227] | procmail [228] |
| | |
| DSA-4042 [229] | libxml-libxml-perl [230] |
| | |
| DSA-4043 [231] | samba [232] |
| | |
| DSA-4045 [233] | vlc [234] |
| | |
| DSA-4046 [235] | libspring-ldap-java [236] |
| | |
| DSA-4047 [237] | otrs2 [238] |
| | |
| DSA-4051 [239] | curl [240] |
| | |
| DSA-4052 [241] | bzr [242] |
| | |
+----------------+----------------------------+

55: https://www.debian.org/security/2017/dsa-3904
56: https://packages.debian.org/src:bind9
57: https://www.debian.org/security/2017/dsa-3908
58: https://packages.debian.org/src:nginx
59: https://www.debian.org/security/2017/dsa-3909
60: https://packages.debian.org/src:samba
61: https://www.debian.org/security/2017/dsa-3913
62: https://packages.debian.org/src:apache2
63: https://www.debian.org/security/2017/dsa-3914
64: https://packages.debian.org/src:imagemagick
65: https://www.debian.org/security/2017/dsa-3916
66: https://packages.debian.org/src:atril
67: https://www.debian.org/security/2017/dsa-3917
68: https://packages.debian.org/src:catdoc
69: https://www.debian.org/security/2017/dsa-3921
70: https://packages.debian.org/src:enigmail
71: https://www.debian.org/security/2017/dsa-3922
72: https://packages.debian.org/src:mysql-5.5
73: https://www.debian.org/security/2017/dsa-3924
74: https://packages.debian.org/src:varnish
75: https://www.debian.org/security/2017/dsa-3928
76: https://packages.debian.org/src:firefox-esr
77: https://www.debian.org/security/2017/dsa-3929
78: https://packages.debian.org/src:libsoup2.4
79: https://www.debian.org/security/2017/dsa-3930
80: https://packages.debian.org/src:freeradius
81: https://www.debian.org/security/2017/dsa-3932
82: https://packages.debian.org/src:subversion
83: https://www.debian.org/security/2017/dsa-3933
84: https://packages.debian.org/src:pjproject
85: https://www.debian.org/security/2017/dsa-3934
86: https://packages.debian.org/src:git
87: https://www.debian.org/security/2017/dsa-3935
88: https://packages.debian.org/src:postgresql-9.4
89: https://www.debian.org/security/2017/dsa-3937
90: https://packages.debian.org/src:zabbix
91: https://www.debian.org/security/2017/dsa-3938
92: https://packages.debian.org/src:libgd2
93: https://www.debian.org/security/2017/dsa-3939
94: https://packages.debian.org/src:botan1.10
95: https://www.debian.org/security/2017/dsa-3940
96: https://packages.debian.org/src:cvs
97: https://www.debian.org/security/2017/dsa-3942
98: https://packages.debian.org/src:supervisor
99: https://www.debian.org/security/2017/dsa-3943
100: https://packages.debian.org/src:gajim
101: https://www.debian.org/security/2017/dsa-3945
102: https://packages.debian.org/src:linux
103: https://www.debian.org/security/2017/dsa-3946
104: https://packages.debian.org/src:libmspack
105: https://www.debian.org/security/2017/dsa-3947
106: https://packages.debian.org/src:newsbeuter
107: https://www.debian.org/security/2017/dsa-3948
108: https://packages.debian.org/src:ioquake3
109: https://www.debian.org/security/2017/dsa-3949
110: https://packages.debian.org/src:augeas
111: https://www.debian.org/security/2017/dsa-3950
112: https://packages.debian.org/src:libraw
113: https://www.debian.org/security/2017/dsa-3951
114: https://packages.debian.org/src:smb4k
115: https://www.debian.org/security/2017/dsa-3952
116: https://packages.debian.org/src:libxml2
117: https://www.debian.org/security/2017/dsa-3956
118: https://packages.debian.org/src:connman
119: https://www.debian.org/security/2017/dsa-3958
120: https://packages.debian.org/src:fontforge
121: https://www.debian.org/security/2017/dsa-3960
122: https://packages.debian.org/src:gnupg
123: https://www.debian.org/security/2017/dsa-3961
124: https://packages.debian.org/src:libgd2
125: https://www.debian.org/security/2017/dsa-3962
126: https://packages.debian.org/src:strongswan
127: https://www.debian.org/security/2017/dsa-3963
128: https://packages.debian.org/src:mercurial
129: https://www.debian.org/security/2017/dsa-3964
130: https://packages.debian.org/src:asterisk
131: https://www.debian.org/security/2017/dsa-3969
132: https://packages.debian.org/src:xen
133: https://www.debian.org/security/2017/dsa-3970
134: https://packages.debian.org/src:emacs24
135: https://www.debian.org/security/2017/dsa-3971
136: https://packages.debian.org/src:tcpdump
137: https://www.debian.org/security/2017/dsa-3972
138: https://packages.debian.org/src:bluez
139: https://www.debian.org/security/2017/dsa-3973
140: https://packages.debian.org/src:wordpress-shibboleth
141: https://www.debian.org/security/2017/dsa-3974
142: https://packages.debian.org/src:tomcat8
143: https://www.debian.org/security/2017/dsa-3976
144: https://packages.debian.org/src:freexl
145: https://www.debian.org/security/2017/dsa-3977
146: https://packages.debian.org/src:newsbeuter
147: https://www.debian.org/security/2017/dsa-3978
148: https://packages.debian.org/src:gdk-pixbuf
149: https://www.debian.org/security/2017/dsa-3979
150: https://packages.debian.org/src:pyjwt
151: https://www.debian.org/security/2017/dsa-3980
152: https://packages.debian.org/src:apache2
153: https://www.debian.org/security/2017/dsa-3981
154: https://packages.debian.org/src:linux
155: https://www.debian.org/security/2017/dsa-3982
156: https://packages.debian.org/src:perl
157: https://www.debian.org/security/2017/dsa-3983
158: https://packages.debian.org/src:samba
159: https://www.debian.org/security/2017/dsa-3984
160: https://packages.debian.org/src:git
161: https://www.debian.org/security/2017/dsa-3986
162: https://packages.debian.org/src:ghostscript
163: https://www.debian.org/security/2017/dsa-3987
164: https://packages.debian.org/src:firefox-esr
165: https://www.debian.org/security/2017/dsa-3988
166: https://packages.debian.org/src:libidn2-0
167: https://www.debian.org/security/2017/dsa-3989
168: https://packages.debian.org/src:dnsmasq
169: https://www.debian.org/security/2017/dsa-3990
170: https://packages.debian.org/src:asterisk
171: https://www.debian.org/security/2017/dsa-3992
172: https://packages.debian.org/src:curl
173: https://www.debian.org/security/2017/dsa-3995
174: https://packages.debian.org/src:libxfont
175: https://www.debian.org/security/2017/dsa-3997
176: https://packages.debian.org/src:wordpress
177: https://www.debian.org/security/2017/dsa-3998
178: https://packages.debian.org/src:nss
179: https://www.debian.org/security/2017/dsa-3999
180: https://packages.debian.org/src:wpa
181: https://www.debian.org/security/2017/dsa-4000
182: https://packages.debian.org/src:xorg-server
183: https://www.debian.org/security/2017/dsa-4002
184: https://packages.debian.org/src:mysql-5.5
185: https://www.debian.org/security/2017/dsa-4004
186: https://packages.debian.org/src:jackson-databind
187: https://www.debian.org/security/2017/dsa-4006
188: https://packages.debian.org/src:mupdf
189: https://www.debian.org/security/2017/dsa-4007
190: https://packages.debian.org/src:curl
191: https://www.debian.org/security/2017/dsa-4008
192: https://packages.debian.org/src:wget
193: https://www.debian.org/security/2017/dsa-4011
194: https://packages.debian.org/src:quagga
195: https://www.debian.org/security/2017/dsa-4012
196: https://packages.debian.org/src:libav
197: https://www.debian.org/security/2017/dsa-4013
198: https://packages.debian.org/src:openjpeg2
199: https://www.debian.org/security/2017/dsa-4016
200: https://packages.debian.org/src:irssi
201: https://www.debian.org/security/2017/dsa-4018
202: https://packages.debian.org/src:openssl
203: https://www.debian.org/security/2017/dsa-4021
204: https://packages.debian.org/src:otrs2
205: https://www.debian.org/security/2017/dsa-4022
206: https://packages.debian.org/src:libreoffice
207: https://www.debian.org/security/2017/dsa-4025
208: https://packages.debian.org/src:libpam4j
209: https://www.debian.org/security/2017/dsa-4026
210: https://packages.debian.org/src:bchunk
211: https://www.debian.org/security/2017/dsa-4027
212: https://packages.debian.org/src:postgresql-9.4
213: https://www.debian.org/security/2017/dsa-4029
214: https://packages.debian.org/src:postgresql-common
215: https://www.debian.org/security/2017/dsa-4033
216: https://packages.debian.org/src:konversation
217: https://www.debian.org/security/2017/dsa-4035
218: https://packages.debian.org/src:firefox-esr
219: https://www.debian.org/security/2017/dsa-4037
220: https://packages.debian.org/src:jackson-databind
221: https://www.debian.org/security/2017/dsa-4038
222: https://packages.debian.org/src:shibboleth-sp2
223: https://www.debian.org/security/2017/dsa-4039
224: https://packages.debian.org/src:opensaml2
225: https://www.debian.org/security/2017/dsa-4040
226: https://packages.debian.org/src:imagemagick
227: https://www.debian.org/security/2017/dsa-4041
228: https://packages.debian.org/src:procmail
229: https://www.debian.org/security/2017/dsa-4042
230: https://packages.debian.org/src:libxml-libxml-perl
231: https://www.debian.org/security/2017/dsa-4043
232: https://packages.debian.org/src:samba
233: https://www.debian.org/security/2017/dsa-4045
234: https://packages.debian.org/src:vlc
235: https://www.debian.org/security/2017/dsa-4046
236: https://packages.debian.org/src:libspring-ldap-java
237: https://www.debian.org/security/2017/dsa-4047
238: https://packages.debian.org/src:otrs2
239: https://www.debian.org/security/2017/dsa-4051
240: https://packages.debian.org/src:curl
241: https://www.debian.org/security/2017/dsa-4052
242: https://packages.debian.org/src:bzr

Removed packages
----------------

The following packages were removed due to circumstances beyond our
control:

+---------------------------------+---------------------------------+
| Package | Reason |
+---------------------------------+---------------------------------+
| libnet-ping-external-perl [243] | Unmaintained, security issues |
| | |
| aiccu [244] | Useless since shutdown of SixXS |
| | |
+---------------------------------+---------------------------------+

243: https://packages.debian.org/src:libnet-ping-external-perl
244: https://packages.debian.org/src:aiccu

Debian Installer
----------------

The installer has been updated to include the fixes incorporated into
stable by the point release.


URLs
----

The complete lists of packages that have changed with this revision:

http://ftp.debian.org/debian/dists/jessie/ChangeLog


The current oldstable distribution:

http://ftp.debian.org/debian/dists/oldstable/


Proposed updates to the oldstable distribution:

http://ftp.debian.org/debian/dists/oldstable-proposed-updates


oldstable distribution information (release notes, errata etc.):

https://www.debian.org/releases/oldstable/


Security announcements and information:

https://security.debian.org/ [245]

245: https://www.debian.org/security/


About Debian
------------

The Debian Project is an association of Free Software developers who
volunteer their time and effort in order to produce the completely free
operating system Debian.


Contact Information
-------------------

For further information, please visit the Debian web pages at
https://www.debian.org/, send mail to , or contact the
stable release team at .





Updated Debian 9: 9.3 released


------------------------------------------------------------------------
The Debian Project https://www.debian.org/
Updated Debian 9: 9.3 released press@debian.org
December 9th, 2017 https://www.debian.org/News/2017/2017120902
------------------------------------------------------------------------


The Debian project is pleased to announce the third update of its stable
distribution Debian 9 (codename "stretch"). This point release mainly
adds corrections for security issues, along with a few adjustments for
serious problems. Security advisories have already been published
separately and are referenced where available.

Please note that the point release does not constitute a new version of
Debian 9 but only updates some of the packages included. There is no
need to throw away old "stretch" media. After installation, packages can
be upgraded to the current versions using an up-to-date Debian mirror.

Those who frequently install updates from security.debian.org won't have
to update many packages, and most such updates are included in the point
release.

New installation images will be available soon at the regular locations.

Upgrading an existing installation to this revision can be achieved by
pointing the package management system at one of Debian's many HTTP
mirrors. A comprehensive list of mirrors is available at:

https://www.debian.org/mirror/list



Miscellaneous Bugfixes
----------------------

This stable update adds a few important corrections to the following
packages:

+--------------------------+------------------------------------------+
| Package | Reason |
+--------------------------+------------------------------------------+
| abiword [1] | Fix flickering |
| | |
| base-files [2] | Update for the point release |
| | |
| berusky [3] | Fix startup crash with certain video |
| | card configurations |
| | |
| charmtimetracker [4] | Fix missing binary dependency on |
| | libqt5sql5-sqlite |
| | |
| corebird [5] | Increase maximum length of tweet to 280 |
| | characters |
| | |
| dbus [6] | When parsing dbus-daemon configuration, |
| | don't delay startup if high-quality |
| | entropy is not yet available; when using |
| | the Monitoring interface, match message |
| | filters that specify a destination |
| | correctly; increase listen() backlog of |
| | AF_UNIX sockets to the maximum possible, |
| | minimizing failed connections under |
| | heavy load |
| | |
| debian-edu-doc [7] | Merge stretch related documentation and |
| | translation updates from unstable and |
| | the wiki; documentation/common/ |
| | edu.css.xml: improve HTML manual |
| | readability |
| | |
| debian-installer [8] | Rebuild for the point release |
| | |
| dehydrated [9] | Update subscriber license agreement URL |
| | |
| doit [10] | Add Breaks: nikola ( |
| | libxsettings-dev dependency |
| | |
| linux [35] | xen/time: do not decrease steal time |
| | after live migration on xen; new stable |
| | kernel version 4.9.65 |
| | |
| live-config [36] | Configure autologin for KDE / Plasma |
| | live images |
| | |
| lxc [37] | Don't hardcode list of valid Debian |
| | releases, allowing the creation of |
| | containers for stable, buster, testing |
| | and unstable; don't insert C.* locales |
| | into /etc/locale.gen |
| | |
| mongodb [38] | Fix segfault/FTBFS on ARM64 with 48-bit |
| | virtual addresses, spidermonkey GC |
| | segfault when built with GCC 6; |
| | mongodb.service: start after |
| | network.target |
| | |
| openssh [39] | Test configuration before starting or |
| | reloading sshd under systemd; adjust |
| | compatibility patterns for WinSCP to |
| | correctly identify versions that |
| | implement only the legacy DH group |
| | exchange scheme; make "--" before the |
| | hostname terminate argument processing |
| | after the hostname too |
| | |
| pdns [40] | Fix incorrect qname casing in NSEC3 |
| | generation; add missing check on API |
| | operations [CVE-2017-15091] |
| | |
| pdns-recursor [41] | Security fixes: insufficient validation |
| | of DNSSEC signatures [CVE-2017-15090]; |
| | Cross-Site Scripting in the web |
| | interface [CVE-2017-15092]; |
| | configuration file injection in the API |
| | [CVE-2017-15093]; memory leak in DNSSEC |
| | parsing [CVE-2017-15094] |
| | |
| postgresql-9.6 [42] | Upstream bugfix release |
| | |
| publicsuffix [43] | Update included data |
| | |
| pyosmium [44] | Upstream bugfix release: handler |
| | functions not called when using |
| | replication service or when using Reader |
| | instead of file |
| | |
| python-diff-match- | Add missing python3 dependency on Python |
| patch [45] | 3 package |
| | |
| python-inflect [46] | Fix Python 3 dependencies |
| | |
| python-tablib [47] | Safely load YAML [CVE-2017-2810] |
| | |
| python2.7 [48] | Fix integer overflow in |
| | PyString_DecodeEscape [CVE-2017- |
| | 1000158]; support all groups in TLS |
| | communication |
| | |
| qtcurve [49] | Fix crashes by using strncmp() instead |
| | of memcmp() |
| | |
| ruby-httparty [50] | Relax dependency version in gem |
| | dependency on json |
| | |
| ruby-ox [51] | Avoid crash with invalid XML passed to |
| | Oj.parse_obj() [CVE-2017-15928] |
| | |
| ruby-pygments.rb [52] | Avoid closing too many files when mentos |
| | starts, which can cause build failures |
| | in other packages on slower systems |
| | |
| schroot [53] | Fix bash completion file; add systemd |
| | service file with Type=oneshot to avoid |
| | timeout issues with too many open |
| | sessions |
| | |
| simutrans [54] | Enable sound for simutrans again. Switch |
| | from SDL to mixer_sdl backend |
| | |
| sitesummary [55] | Adjust nagios kernel version checking |
| | module to work with 4.x kernels |
| | |
| slic3r [56] | Fix missing dependency on perlapi-* |
| | |
| spamassassin [57] | Disable bb.barracudacentral.org; update |
| | the systemd unit file to use the same |
| | pid file as was used in the sysvinit |
| | script; update systemd unit dependencies |
| | to include network and syslog; fix |
| | inappropriate invocation of invoke-rc.d |
| | in cron script |
| | |
| sqldeveloper- | Fix build failure |
| package [58] | |
| | |
| sqlite3 [59] | Fix heap-based buffer over-read via |
| | undersized RTree blobs [CVE-2017-10989] |
| | |
| syslinux [60] | Fix btrfs logical to physical block |
| | address mapping; fix boot problem for |
| | old BIOS firmware by correct C/H/S |
| | order; support ext4 64bit feature |
| | |
| tdbcodbc [61] | Fix bug in ODBC library search |
| | |
| tor [62] | Add "Bastet" directory authority; fix |
| | a timing-based assertion failure; update |
| | geoip and geoip6 to the October 4 2017 |
| | Maxmind GeoLite2 country database |
| | |
| tzdata [63] | New upstream release |
| | |
| udftools [64] | Fix path to pktsetup in udftools init |
| | script |
| | |
| weechat [65] | "logger: call strftime before replacing |
| | buffer local variables" [CVE-2017- |
| | 14727] |
| | |
| xml2 [66] | Fix corruption when dealing with UTF-8 |
| | files, usage string for 2csv tool |
| | |
| xrdp [67] | Fix high CPU load on SSL shutdown |
| | |
| zsh [68] | Rebuild to pull in updated libraries for |
| | zsh-static |
| | |
+--------------------------+------------------------------------------+

1: https://packages.debian.org/src:abiword
2: https://packages.debian.org/src:base-files
3: https://packages.debian.org/src:berusky
4: https://packages.debian.org/src:charmtimetracker
5: https://packages.debian.org/src:corebird
6: https://packages.debian.org/src:dbus
7: https://packages.debian.org/src:debian-edu-doc
8: https://packages.debian.org/src:debian-installer
9: https://packages.debian.org/src:dehydrated
10: https://packages.debian.org/src:doit
11: https://packages.debian.org/src:eclipse-titan
12: https://packages.debian.org/src:fig2dev
13: https://packages.debian.org/src:flickcurl
14: https://packages.debian.org/src:flightgear
15: https://packages.debian.org/src:ganeti
16: https://packages.debian.org/src:gdm3
17: https://packages.debian.org/src:getmail4
18: https://packages.debian.org/src:grok
19: https://packages.debian.org/src:gunicorn
20: https://packages.debian.org/src:icu
21: https://packages.debian.org/src:inn2
22: https://packages.debian.org/src:iproute2
23: https://packages.debian.org/src:jdcal
24: https://packages.debian.org/src:kde-gtk-config
25: https://packages.debian.org/src:lasi
26: https://packages.debian.org/src:libdatetime-timezone-perl
27: https://packages.debian.org/src:libdbd-firebird-perl
28: https://packages.debian.org/src:libdbi
29: https://packages.debian.org/src:liblog-log4perl-perl
30: https://packages.debian.org/src:liblouis
31: https://packages.debian.org/src:libmpd
32: https://packages.debian.org/src:libofx
33: https://packages.debian.org/src:libxkbcommon
34: https://packages.debian.org/src:libxsettings-client
35: https://packages.debian.org/src:linux
36: https://packages.debian.org/src:live-config
37: https://packages.debian.org/src:lxc
38: https://packages.debian.org/src:mongodb
39: https://packages.debian.org/src:openssh
40: https://packages.debian.org/src:pdns
41: https://packages.debian.org/src:pdns-recursor
42: https://packages.debian.org/src:postgresql-9.6
43: https://packages.debian.org/src:publicsuffix
44: https://packages.debian.org/src:pyosmium
45: https://packages.debian.org/src:python-diff-match-patch
46: https://packages.debian.org/src:python-inflect
47: https://packages.debian.org/src:python-tablib
48: https://packages.debian.org/src:python2.7
49: https://packages.debian.org/src:qtcurve
50: https://packages.debian.org/src:ruby-httparty
51: https://packages.debian.org/src:ruby-ox
52: https://packages.debian.org/src:ruby-pygments.rb
53: https://packages.debian.org/src:schroot
54: https://packages.debian.org/src:simutrans
55: https://packages.debian.org/src:sitesummary
56: https://packages.debian.org/src:slic3r
57: https://packages.debian.org/src:spamassassin
58: https://packages.debian.org/src:sqldeveloper-package
59: https://packages.debian.org/src:sqlite3
60: https://packages.debian.org/src:syslinux
61: https://packages.debian.org/src:tdbcodbc
62: https://packages.debian.org/src:tor
63: https://packages.debian.org/src:tzdata
64: https://packages.debian.org/src:udftools
65: https://packages.debian.org/src:weechat
66: https://packages.debian.org/src:xml2
67: https://packages.debian.org/src:xrdp
68: https://packages.debian.org/src:zsh

Security Updates
----------------

This revision adds the following security updates to the stable release.
The Security Team has already released an advisory for each of these
updates:

+----------------+--------------------------+
| Advisory ID | Package |
+----------------+--------------------------+
| DSA-3989 [69] | dnsmasq [70] |
| | |
| DSA-3990 [71] | asterisk [72] |
| | |
| DSA-3991 [73] | qemu [74] |
| | |
| DSA-3992 [75] | curl [76] |
| | |
| DSA-3993 [77] | tor [78] |
| | |
| DSA-3994 [79] | nautilus [80] |
| | |
| DSA-3995 [81] | libxfont [82] |
| | |
| DSA-3996 [83] | ffmpeg [84] |
| | |
| DSA-3997 [85] | wordpress [86] |
| | |
| DSA-3998 [87] | nss [88] |
| | |
| DSA-3999 [89] | wpa [90] |
| | |
| DSA-4000 [91] | xorg-server [92] |
| | |
| DSA-4001 [93] | yadifa [94] |
| | |
| DSA-4003 [95] | libvirt [96] |
| | |
| DSA-4004 [97] | jackson-databind [98] |
| | |
| DSA-4006 [99] | mupdf [100] |
| | |
| DSA-4007 [101] | curl [102] |
| | |
| DSA-4008 [103] | wget [104] |
| | |
| DSA-4009 [105] | shadowsocks-libev [106] |
| | |
| DSA-4011 [107] | quagga [108] |
| | |
| DSA-4013 [109] | openjpeg2 [110] |
| | |
| DSA-4014 [111] | thunderbird [112] |
| | |
| DSA-4015 [113] | openjdk-8 [114] |
| | |
| DSA-4016 [115] | irssi [116] |
| | |
| DSA-4017 [117] | openssl1.0 [118] |
| | |
| DSA-4018 [119] | openssl [120] |
| | |
| DSA-4019 [121] | imagemagick [122] |
| | |
| DSA-4020 [123] | chromium-browser [124] |
| | |
| DSA-4021 [125] | otrs2 [126] |
| | |
| DSA-4023 [127] | slurm-llnl [128] |
| | |
| DSA-4024 [129] | chromium-browser [130] |
| | |
| DSA-4025 [131] | libpam4j [132] |
| | |
| DSA-4026 [133] | bchunk [134] |
| | |
| DSA-4028 [135] | postgresql-9.6 [136] |
| | |
| DSA-4029 [137] | postgresql-common [138] |
| | |
| DSA-4030 [139] | roundcube [140] |
| | |
| DSA-4031 [141] | ruby2.3 [142] |
| | |
| DSA-4032 [143] | imagemagick [144] |
| | |
| DSA-4033 [145] | konversation [146] |
| | |
| DSA-4034 [147] | varnish [148] |
| | |
| DSA-4035 [149] | firefox-esr [150] |
| | |
| DSA-4036 [151] | mediawiki [152] |
| | |
| DSA-4037 [153] | jackson-databind [154] |
| | |
| DSA-4038 [155] | shibboleth-sp2 [156] |
| | |
| DSA-4039 [157] | opensaml2 [158] |
| | |
| DSA-4041 [159] | procmail [160] |
| | |
| DSA-4042 [161] | libxml-libxml-perl [162] |
| | |
| DSA-4043 [163] | samba [164] |
| | |
| DSA-4044 [165] | swauth [166] |
| | |
| DSA-4045 [167] | vlc [168] |
| | |
| DSA-4047 [169] | otrs2 [170] |
| | |
| DSA-4049 [171] | ffmpeg [172] |
| | |
| DSA-4050 [173] | xen [174] |
| | |
| DSA-4051 [175] | curl [176] |
| | |
| DSA-4052 [177] | bzr [178] |
| | |
| DSA-4053 [179] | exim4 [180] |
| | |
+----------------+--------------------------+

69: https://www.debian.org/security/2017/dsa-3989
70: https://packages.debian.org/src:dnsmasq
71: https://www.debian.org/security/2017/dsa-3990
72: https://packages.debian.org/src:asterisk
73: https://www.debian.org/security/2017/dsa-3991
74: https://packages.debian.org/src:qemu
75: https://www.debian.org/security/2017/dsa-3992
76: https://packages.debian.org/src:curl
77: https://www.debian.org/security/2017/dsa-3993
78: https://packages.debian.org/src:tor
79: https://www.debian.org/security/2017/dsa-3994
80: https://packages.debian.org/src:nautilus
81: https://www.debian.org/security/2017/dsa-3995
82: https://packages.debian.org/src:libxfont
83: https://www.debian.org/security/2017/dsa-3996
84: https://packages.debian.org/src:ffmpeg
85: https://www.debian.org/security/2017/dsa-3997
86: https://packages.debian.org/src:wordpress
87: https://www.debian.org/security/2017/dsa-3998
88: https://packages.debian.org/src:nss
89: https://www.debian.org/security/2017/dsa-3999
90: https://packages.debian.org/src:wpa
91: https://www.debian.org/security/2017/dsa-4000
92: https://packages.debian.org/src:xorg-server
93: https://www.debian.org/security/2017/dsa-4001
94: https://packages.debian.org/src:yadifa
95: https://www.debian.org/security/2017/dsa-4003
96: https://packages.debian.org/src:libvirt
97: https://www.debian.org/security/2017/dsa-4004
98: https://packages.debian.org/src:jackson-databind
99: https://www.debian.org/security/2017/dsa-4006
100: https://packages.debian.org/src:mupdf
101: https://www.debian.org/security/2017/dsa-4007
102: https://packages.debian.org/src:curl
103: https://www.debian.org/security/2017/dsa-4008
104: https://packages.debian.org/src:wget
105: https://www.debian.org/security/2017/dsa-4009
106: https://packages.debian.org/src:shadowsocks-libev
107: https://www.debian.org/security/2017/dsa-4011
108: https://packages.debian.org/src:quagga
109: https://www.debian.org/security/2017/dsa-4013
110: https://packages.debian.org/src:openjpeg2
111: https://www.debian.org/security/2017/dsa-4014
112: https://packages.debian.org/src:thunderbird
113: https://www.debian.org/security/2017/dsa-4015
114: https://packages.debian.org/src:openjdk-8
115: https://www.debian.org/security/2017/dsa-4016
116: https://packages.debian.org/src:irssi
117: https://www.debian.org/security/2017/dsa-4017
118: https://packages.debian.org/src:openssl1.0
119: https://www.debian.org/security/2017/dsa-4018
120: https://packages.debian.org/src:openssl
121: https://www.debian.org/security/2017/dsa-4019
122: https://packages.debian.org/src:imagemagick
123: https://www.debian.org/security/2017/dsa-4020
124: https://packages.debian.org/src:chromium-browser
125: https://www.debian.org/security/2017/dsa-4021
126: https://packages.debian.org/src:otrs2
127: https://www.debian.org/security/2017/dsa-4023
128: https://packages.debian.org/src:slurm-llnl
129: https://www.debian.org/security/2017/dsa-4024
130: https://packages.debian.org/src:chromium-browser
131: https://www.debian.org/security/2017/dsa-4025
132: https://packages.debian.org/src:libpam4j
133: https://www.debian.org/security/2017/dsa-4026
134: https://packages.debian.org/src:bchunk
135: https://www.debian.org/security/2017/dsa-4028
136: https://packages.debian.org/src:postgresql-9.6
137: https://www.debian.org/security/2017/dsa-4029
138: https://packages.debian.org/src:postgresql-common
139: https://www.debian.org/security/2017/dsa-4030
140: https://packages.debian.org/src:roundcube
141: https://www.debian.org/security/2017/dsa-4031
142: https://packages.debian.org/src:ruby2.3
143: https://www.debian.org/security/2017/dsa-4032
144: https://packages.debian.org/src:imagemagick
145: https://www.debian.org/security/2017/dsa-4033
146: https://packages.debian.org/src:konversation
147: https://www.debian.org/security/2017/dsa-4034
148: https://packages.debian.org/src:varnish
149: https://www.debian.org/security/2017/dsa-4035
150: https://packages.debian.org/src:firefox-esr
151: https://www.debian.org/security/2017/dsa-4036
152: https://packages.debian.org/src:mediawiki
153: https://www.debian.org/security/2017/dsa-4037
154: https://packages.debian.org/src:jackson-databind
155: https://www.debian.org/security/2017/dsa-4038
156: https://packages.debian.org/src:shibboleth-sp2
157: https://www.debian.org/security/2017/dsa-4039
158: https://packages.debian.org/src:opensaml2
159: https://www.debian.org/security/2017/dsa-4041
160: https://packages.debian.org/src:procmail
161: https://www.debian.org/security/2017/dsa-4042
162: https://packages.debian.org/src:libxml-libxml-perl
163: https://www.debian.org/security/2017/dsa-4043
164: https://packages.debian.org/src:samba
165: https://www.debian.org/security/2017/dsa-4044
166: https://packages.debian.org/src:swauth
167: https://www.debian.org/security/2017/dsa-4045
168: https://packages.debian.org/src:vlc
169: https://www.debian.org/security/2017/dsa-4047
170: https://packages.debian.org/src:otrs2
171: https://www.debian.org/security/2017/dsa-4049
172: https://packages.debian.org/src:ffmpeg
173: https://www.debian.org/security/2017/dsa-4050
174: https://packages.debian.org/src:xen
175: https://www.debian.org/security/2017/dsa-4051
176: https://packages.debian.org/src:curl
177: https://www.debian.org/security/2017/dsa-4052
178: https://packages.debian.org/src:bzr
179: https://www.debian.org/security/2017/dsa-4053
180: https://packages.debian.org/src:exim4

Removed packages
----------------

The following packages were removed due to circumstances beyond our
control:

+---------------------------------+-------------------------------+
| Package | Reason |
+---------------------------------+-------------------------------+
| libnet-ping-external-perl [181] | Unmaintained, security issues |
| | |
+---------------------------------+-------------------------------+

181: https://packages.debian.org/src:libnet-ping-external-perl

Debian Installer
----------------

The installer has been updated to include the fixes incorporated into
stable by the point release.


URLs
----

The complete lists of packages that have changed with this revision:

http://ftp.debian.org/debian/dists/stretch/ChangeLog


The current stable distribution:

http://ftp.debian.org/debian/dists/stable/


Proposed updates to the stable distribution:

http://ftp.debian.org/debian/dists/proposed-updates


stable distribution information (release notes, errata etc.):

https://www.debian.org/releases/stable/


Security announcements and information:

https://security.debian.org/ [182]

182: https://www.debian.org/security/


About Debian
------------

The Debian Project is an association of Free Software developers who
volunteer their time and effort in order to produce the completely free
operating system Debian.


Contact Information
-------------------

For further information, please visit the Debian web pages at
https://www.debian.org/, send mail to , or contact the
stable release team at .