info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Updated Debian 8: 8.10 released
1 view
Skip to first unread message
Cédric Boutillier
Dec 9, 2017, 9:20:03 AM12/9/17
to
------------------------------------------------------------------------
The Debian Project https://www.debian.org/
Updated Debian 8: 8.10 released pr...@debian.org
December 9th, 2017 https://www.debian.org/News/2017/20171209
------------------------------------------------------------------------
The Debian project is pleased to announce the tenth update of its
oldstable distribution Debian 8 (codename "jessie"). This point release
mainly adds corrections for security issues, along with a few
adjustments for serious problems. Security advisories have already been
published separately and are referenced where available.
Please note that the point release does not constitute a new version of
Debian 8 but only updates some of the packages included. There is no
need to throw away old "jessie" media. After installation, packages can
be upgraded to the current versions using an up-to-date Debian mirror.
Those who frequently install updates from security.debian.org won't have
to update many packages, and most such updates are included in the point
release.
New installation images will be available soon at the regular locations.
Upgrading an existing installation to this revision can be achieved by
pointing the package management system at one of Debian's many HTTP
mirrors. A comprehensive list of mirrors is available at:
https://www.debian.org/mirror/list
Miscellaneous Bugfixes
----------------------
This oldstable update adds a few important corrections to the following
packages:
+---------------------------+-----------------------------------------+
| Package | Reason |
+---------------------------+-----------------------------------------+
| bareos [1] | Fix permissions of bareos-dir logrotate |
| | config; fix file corruption when using |
| | SHA1 signature |
| | |
| base-files [2] | Update for the point release |
| | |
| bind9 [3] | Import upcoming DNSSEC KSK-2017 |
| | |
| cups [4] | Disable SSLv3 and RC4 by default to |
| | address POODLE vulnerability |
| | |
| db [5] | Do not access DB_CONFIG when db_home is |
| | not set [CVE-2017-10140] |
| | |
| db5.3 [6] | Do not access DB_CONFIG when db_home is |
| | not set [CVE-2017-10140] |
| | |
| debian-installer [7] | Rebuild for the point release |
| | |
| debian-installer-netboot- | Rebuild for the point release |
| images [8] | |
| | |
| debmirror [9] | Tolerate unknown lines in *.diff/Index; |
| | mirror DEP-11 metadata files; prefer xz |
| | over gz, and cope with either being |
| | missing; mirror and validate InRelease |
| | files |
| | |
| dns-root-data [10] | Update root.hints to 2017072601 |
| | version; add KSK-2017 to root.key file |
| | |
| dput [11] | dput.cf: replace security- |
| | master.debian.org with |
| | ftp.upload.security.debian.org |
| | |
| dwww [12] | Fix "Last-Modified" header name |
| | |
| elog [13] | Update patch 0005_elogd_CVE-2016- |
| | 6342_fix to grant access as normal user |
| | |
| flightgear [14] | Fix arbitrary file overwrite |
| | vulnerability [CVE-2017-13709] |
| | |
| gsoap [15] | Fix integer overflow via large XML |
| | document [CVE-2017-9765] |
| | |
| hexchat [16] | Fix segmentation fault following / |
| | server command |
| | |
| icu [17] | Fix double free in |
| | createMetazoneMappings() [CVE-2017- |
| | 14952] |
| | |
| kdepim [18] | Fix "send Later with Delay bypasses |
| | OpenPGP" [CVE-2017-9604] |
| | |
| kedpm [19] | Fix information leak via command |
| | history file [CVE-2017-8296] |
| | |
| keyringer [20] | Handle subkeys without expiration date |
| | and public keys listed multiple times |
| | |
| krb5 [21] | Security fixes - remote authenticated |
| | attackers can crash the KDC [CVE-2017- |
| | 11368]; kdc crash on |
| | restrict_anon_to_tgt [CVE-2016-3120]; |
| | remote DOS with ldap for authenticated |
| | attackers [CVE-2016-3119]; prevent |
| | requires_preauth bypass [CVE-2015-2694] |
| | |
| libdatetime-timezone- | Update included data |
| perl [22] | |
| | |
| libdbi [23] | Re-enable error handler call in |
| | dbi_result_next_row() |
| | |
| libembperl-perl [24] | Change hard dependency on mod_perl in |
| | zembperl.load to Recommends, fixing an |
| | installation failure when libapache2- |
| | mod-perl2 is not installed |
| | |
| libio-socket-ssl- | Fix segfault using malformed client |
| perl [25] | certificates |
| | |
| liblouis [26] | Fix multiple stack-based buffer |
| | overflows [CVE-2014-8184] |
| | |
| libofx [27] | Security fixes [CVE-2017-2816 CVE-2017- |
| | 14731] |
| | |
| libwnckmm [28] | Tighten dependencies between packages; |
| | use jquery.js from libjs-jquery |
| | |
| libwpd [29] | Security fix [CVE-2017-14226] |
| | |
| libx11 [30] | Fix "insufficient validation of data |
| | from the X server can cause out of |
| | boundary memory read (XGetImage()) or |
| | write (XListFonts())" [CVE-2016-7942 |
| | CVE-2016-7943] |
| | |
| libxfixes [31] | Fix integer overflow on illegal server |
| | response [CVE-2016-7944] |
| | |
| libxi [32] | Fix "insufficient validation of data |
| | from the X server can cause out of |
| | boundary memory access or endless |
| | loops" [CVE-2016-7945 CVE-2016-7946] |
| | |
| libxrandr [33] | Avoid out of boundary accesses on |
| | illegal responses [CVE-2016-7947 |
| | CVE-2016-7948] |
| | |
| libxtst [34] | Fix "insufficient validation of data |
| | from the X server can cause out of |
| | boundary memory access or endless |
| | loops" [CVE-2016-7951 CVE-2016-7952] |
| | |
| libxv [35] | Fix protocol handling issues in libXv |
| | [CVE-2016-5407] |
| | |
| libxvmc [36] | Avoid buffer underflow on empty strings |
| | [CVE-2016-7953] |
| | |
| linux [37] | New stable kernel version 3.16.51 |
| | |
| ncurses [38] | Fix various crash bugs in the tic |
| | library and the tic binary [CVE-2017- |
| | 10684 CVE-2017-10685 CVE-2017-11112 |
| | CVE-2017-11113 CVE-2017-13728 CVE-2017- |
| | 13729 CVE-2017-13730 CVE-2017-13731 |
| | CVE-2017-13732 CVE-2017-13734 CVE-2017- |
| | 13733] |
| | |
| openssh [39] | Test configuration before starting or |
| | reloading sshd under systemd; make |
| | "--" before the hostname terminate |
| | argument processing after the hostname |
| | too |
| | |
| pdns [40] | Add missing check on API operations |
| | [CVE-2017-15091] |
| | |
| pdns-recursor [41] | Fix configuration file injection in the |
| | API [CVE-2017-15093] |
| | |
| postgresql-9.4 [42] | New upstream bugfix release |
| | |
| python-tablib [43] | Securely load YAML [CVE-2017-2810] |
| | |
| request-tracker4 [44] | Fix regression in previous security |
| | release where incorrect SHA256 |
| | passwords could trigger an error |
| | |
| ruby-ox [45] | Avoid crash with invalid XML passed to |
| | Oj.parse_obj() [CVE-2017-15928] |
| | |
| sam2p [46] | Fix several integer overflow or heap- |
| | based buffer overflow issues [CVE-2017- |
| | 14628 CVE-2017-14629 CVE-2017-14630 |
| | CVE-2017-14631 CVE-2017-14636 CVE-2017- |
| | 14637 CVE-2017-16663] |
| | |
| slurm-llnl [47] | Fix security issue caused by insecure |
| | file path handling triggered by the |
| | failure of a Prolog script [CVE-2016- |
| | 10030] |
| | |
| sudo [48] | Fix arbitrary terminal access |
| | [CVE-2017-1000368] |
| | |
| syslinux [49] | Fix boot problem for old BIOS firmware |
| | by correcting C/H/S order |
| | |
| tor [50] | Add "Bastet" directory authority; |
| | update geoip and geoip6 to the October |
| | 4 2017 Maxmind GeoLite2 country |
| | database; fix a memset() off the end of |
| | an array when packing cells |
| | |
| transfig [51] | Add input sanitisation on FIG files |
| | [CVE-2017-16899]; sanitize input of |
| | fill patterns |
| | |
| tzdata [52] | New upstream release |
| | |
| unbound [53] | Fix install of trust anchor when two |
| | anchors are present; include root trust |
| | anchor id 20326 |
| | |
| weechat [54] | "logger: call strftime before replacing |
| | buffer local variables" [CVE-2017- |
| | 14727] |
| | |
+---------------------------+-----------------------------------------+
1: https://packages.debian.org/src:bareos
2: https://packages.debian.org/src:base-files
3: https://packages.debian.org/src:bind9
4: https://packages.debian.org/src:cups
5: https://packages.debian.org/src:db
6: https://packages.debian.org/src:db5.3
7: https://packages.debian.org/src:debian-installer
8: https://packages.debian.org/src:debian-installer-netboot-images
9: https://packages.debian.org/src:debmirror
10: https://packages.debian.org/src:dns-root-data
11: https://packages.debian.org/src:dput
12: https://packages.debian.org/src:dwww
13: https://packages.debian.org/src:elog
14: https://packages.debian.org/src:flightgear
15: https://packages.debian.org/src:gsoap
16: https://packages.debian.org/src:hexchat
17: https://packages.debian.org/src:icu
18: https://packages.debian.org/src:kdepim
19: https://packages.debian.org/src:kedpm
20: https://packages.debian.org/src:keyringer
21: https://packages.debian.org/src:krb5
22: https://packages.debian.org/src:libdatetime-timezone-perl
23: https://packages.debian.org/src:libdbi
24: https://packages.debian.org/src:libembperl-perl
25: https://packages.debian.org/src:libio-socket-ssl-perl
26: https://packages.debian.org/src:liblouis
27: https://packages.debian.org/src:libofx
28: https://packages.debian.org/src:libwnckmm
29: https://packages.debian.org/src:libwpd
30: https://packages.debian.org/src:libx11
31: https://packages.debian.org/src:libxfixes
32: https://packages.debian.org/src:libxi
33: https://packages.debian.org/src:libxrandr
34: https://packages.debian.org/src:libxtst
35: https://packages.debian.org/src:libxv
36: https://packages.debian.org/src:libxvmc
37: https://packages.debian.org/src:linux
38: https://packages.debian.org/src:ncurses
39: https://packages.debian.org/src:openssh
40: https://packages.debian.org/src:pdns
41: https://packages.debian.org/src:pdns-recursor
42: https://packages.debian.org/src:postgresql-9.4
43: https://packages.debian.org/src:python-tablib
44: https://packages.debian.org/src:request-tracker4
45: https://packages.debian.org/src:ruby-ox
46: https://packages.debian.org/src:sam2p
47: https://packages.debian.org/src:slurm-llnl
48: https://packages.debian.org/src:sudo
49: https://packages.debian.org/src:syslinux
50: https://packages.debian.org/src:tor
51: https://packages.debian.org/src:transfig
52: https://packages.debian.org/src:tzdata
53: https://packages.debian.org/src:unbound
54: https://packages.debian.org/src:weechat
Security Updates
----------------
This revision adds the following security updates to the oldstable
release. The Security Team has already released an advisory for each of
these updates:
+----------------+----------------------------+
| Advisory ID | Package |
+----------------+----------------------------+
| DSA-3904 [55] | bind9 [56] |
| | |
| DSA-3908 [57] | nginx [58] |
| | |
| DSA-3909 [59] | samba [60] |
| | |
| DSA-3913 [61] | apache2 [62] |
| | |
| DSA-3914 [63] | imagemagick [64] |
| | |
| DSA-3916 [65] | atril [66] |
| | |
| DSA-3917 [67] | catdoc [68] |
| | |
| DSA-3921 [69] | enigmail [70] |
| | |
| DSA-3922 [71] | mysql-5.5 [72] |
| | |
| DSA-3924 [73] | varnish [74] |
| | |
| DSA-3928 [75] | firefox-esr [76] |
| | |
| DSA-3929 [77] | libsoup2.4 [78] |
| | |
| DSA-3930 [79] | freeradius [80] |
| | |
| DSA-3932 [81] | subversion [82] |
| | |
| DSA-3933 [83] | pjproject [84] |
| | |
| DSA-3934 [85] | git [86] |
| | |
| DSA-3935 [87] | postgresql-9.4 [88] |
| | |
| DSA-3937 [89] | zabbix [90] |
| | |
| DSA-3938 [91] | libgd2 [92] |
| | |
| DSA-3939 [93] | botan1.10 [94] |
| | |
| DSA-3940 [95] | cvs [96] |
| | |
| DSA-3942 [97] | supervisor [98] |
| | |
| DSA-3943 [99] | gajim [100] |
| | |
| DSA-3945 [101] | linux [102] |
| | |
| DSA-3946 [103] | libmspack [104] |
| | |
| DSA-3947 [105] | newsbeuter [106] |
| | |
| DSA-3948 [107] | ioquake3 [108] |
| | |
| DSA-3949 [109] | augeas [110] |
| | |
| DSA-3950 [111] | libraw [112] |
| | |
| DSA-3951 [113] | smb4k [114] |
| | |
| DSA-3952 [115] | libxml2 [116] |
| | |
| DSA-3956 [117] | connman [118] |
| | |
| DSA-3958 [119] | fontforge [120] |
| | |
| DSA-3960 [121] | gnupg [122] |
| | |
| DSA-3961 [123] | libgd2 [124] |
| | |
| DSA-3962 [125] | strongswan [126] |
| | |
| DSA-3963 [127] | mercurial [128] |
| | |
| DSA-3964 [129] | asterisk [130] |
| | |
| DSA-3969 [131] | xen [132] |
| | |
| DSA-3970 [133] | emacs24 [134] |
| | |
| DSA-3971 [135] | tcpdump [136] |
| | |
| DSA-3972 [137] | bluez [138] |
| | |
| DSA-3973 [139] | wordpress-shibboleth [140] |
| | |
| DSA-3974 [141] | tomcat8 [142] |
| | |
| DSA-3976 [143] | freexl [144] |
| | |
| DSA-3977 [145] | newsbeuter [146] |
| | |
| DSA-3978 [147] | gdk-pixbuf [148] |
| | |
| DSA-3979 [149] | pyjwt [150] |
| | |
| DSA-3980 [151] | apache2 [152] |
| | |
| DSA-3981 [153] | linux [154] |
| | |
| DSA-3982 [155] | perl [156] |
| | |
| DSA-3983 [157] | samba [158] |
| | |
| DSA-3984 [159] | git [160] |
| | |
| DSA-3986 [161] | ghostscript [162] |
| | |
| DSA-3987 [163] | firefox-esr [164] |
| | |
| DSA-3988 [165] | libidn2-0 [166] |
| | |
| DSA-3989 [167] | dnsmasq [168] |
| | |
| DSA-3990 [169] | asterisk [170] |
| | |
| DSA-3992 [171] | curl [172] |
| | |
| DSA-3995 [173] | libxfont [174] |
| | |
| DSA-3997 [175] | wordpress [176] |
| | |
| DSA-3998 [177] | nss [178] |
| | |
| DSA-3999 [179] | wpa [180] |
| | |
| DSA-4000 [181] | xorg-server [182] |
| | |
| DSA-4002 [183] | mysql-5.5 [184] |
| | |
| DSA-4004 [185] | jackson-databind [186] |
| | |
| DSA-4006 [187] | mupdf [188] |
| | |
| DSA-4007 [189] | curl [190] |
| | |
| DSA-4008 [191] | wget [192] |
| | |
| DSA-4011 [193] | quagga [194] |
| | |
| DSA-4012 [195] | libav [196] |
| | |
| DSA-4013 [197] | openjpeg2 [198] |
| | |
| DSA-4016 [199] | irssi [200] |
| | |
| DSA-4018 [201] | openssl [202] |
| | |
| DSA-4021 [203] | otrs2 [204] |
| | |
| DSA-4022 [205] | libreoffice [206] |
| | |
| DSA-4025 [207] | libpam4j [208] |
| | |
| DSA-4026 [209] | bchunk [210] |
| | |
| DSA-4027 [211] | postgresql-9.4 [212] |
| | |
| DSA-4029 [213] | postgresql-common [214] |
| | |
| DSA-4033 [215] | konversation [216] |
| | |
| DSA-4035 [217] | firefox-esr [218] |
| | |
| DSA-4037 [219] | jackson-databind [220] |
| | |
| DSA-4038 [221] | shibboleth-sp2 [222] |
| | |
| DSA-4039 [223] | opensaml2 [224] |
| | |
| DSA-4040 [225] | imagemagick [226] |
| | |
| DSA-4041 [227] | procmail [228] |
| | |
| DSA-4042 [229] | libxml-libxml-perl [230] |
| | |
| DSA-4043 [231] | samba [232] |
| | |
| DSA-4045 [233] | vlc [234] |
| | |
| DSA-4046 [235] | libspring-ldap-java [236] |
| | |
| DSA-4047 [237] | otrs2 [238] |
| | |
| DSA-4051 [239] | curl [240] |
| | |
| DSA-4052 [241] | bzr [242] |
| | |
+----------------+----------------------------+
55: https://www.debian.org/security/2017/dsa-3904
56: https://packages.debian.org/src:bind9
57: https://www.debian.org/security/2017/dsa-3908
58: https://packages.debian.org/src:nginx
59: https://www.debian.org/security/2017/dsa-3909
60: https://packages.debian.org/src:samba
61: https://www.debian.org/security/2017/dsa-3913
62: https://packages.debian.org/src:apache2
63: https://www.debian.org/security/2017/dsa-3914
64: https://packages.debian.org/src:imagemagick
65: https://www.debian.org/security/2017/dsa-3916
66: https://packages.debian.org/src:atril
67: https://www.debian.org/security/2017/dsa-3917
68: https://packages.debian.org/src:catdoc
69: https://www.debian.org/security/2017/dsa-3921
70: https://packages.debian.org/src:enigmail
71: https://www.debian.org/security/2017/dsa-3922
72: https://packages.debian.org/src:mysql-5.5
73: https://www.debian.org/security/2017/dsa-3924
74: https://packages.debian.org/src:varnish
75: https://www.debian.org/security/2017/dsa-3928
76: https://packages.debian.org/src:firefox-esr
77: https://www.debian.org/security/2017/dsa-3929
78: https://packages.debian.org/src:libsoup2.4
79: https://www.debian.org/security/2017/dsa-3930
80: https://packages.debian.org/src:freeradius
81: https://www.debian.org/security/2017/dsa-3932
82: https://packages.debian.org/src:subversion
83: https://www.debian.org/security/2017/dsa-3933
84: https://packages.debian.org/src:pjproject
85: https://www.debian.org/security/2017/dsa-3934
86: https://packages.debian.org/src:git
87: https://www.debian.org/security/2017/dsa-3935
88: https://packages.debian.org/src:postgresql-9.4
89: https://www.debian.org/security/2017/dsa-3937
90: https://packages.debian.org/src:zabbix
91: https://www.debian.org/security/2017/dsa-3938
92: https://packages.debian.org/src:libgd2
93: https://www.debian.org/security/2017/dsa-3939
94: https://packages.debian.org/src:botan1.10
95: https://www.debian.org/security/2017/dsa-3940
96: https://packages.debian.org/src:cvs
97: https://www.debian.org/security/2017/dsa-3942
98: https://packages.debian.org/src:supervisor
99: https://www.debian.org/security/2017/dsa-3943
100: https://packages.debian.org/src:gajim
101: https://www.debian.org/security/2017/dsa-3945
102: https://packages.debian.org/src:linux
103: https://www.debian.org/security/2017/dsa-3946
104: https://packages.debian.org/src:libmspack
105: https://www.debian.org/security/2017/dsa-3947
106: https://packages.debian.org/src:newsbeuter
107: https://www.debian.org/security/2017/dsa-3948
108: https://packages.debian.org/src:ioquake3
109: https://www.debian.org/security/2017/dsa-3949
110: https://packages.debian.org/src:augeas
111: https://www.debian.org/security/2017/dsa-3950
112: https://packages.debian.org/src:libraw
113: https://www.debian.org/security/2017/dsa-3951
114: https://packages.debian.org/src:smb4k
115: https://www.debian.org/security/2017/dsa-3952
116: https://packages.debian.org/src:libxml2
117: https://www.debian.org/security/2017/dsa-3956
118: https://packages.debian.org/src:connman
119: https://www.debian.org/security/2017/dsa-3958
120: https://packages.debian.org/src:fontforge
121: https://www.debian.org/security/2017/dsa-3960
122: https://packages.debian.org/src:gnupg
123: https://www.debian.org/security/2017/dsa-3961
124: https://packages.debian.org/src:libgd2
125: https://www.debian.org/security/2017/dsa-3962
126: https://packages.debian.org/src:strongswan
127: https://www.debian.org/security/2017/dsa-3963
128: https://packages.debian.org/src:mercurial
129: https://www.debian.org/security/2017/dsa-3964
130: https://packages.debian.org/src:asterisk
131: https://www.debian.org/security/2017/dsa-3969
132: https://packages.debian.org/src:xen
133: https://www.debian.org/security/2017/dsa-3970
134: https://packages.debian.org/src:emacs24
135: https://www.debian.org/security/2017/dsa-3971
136: https://packages.debian.org/src:tcpdump
137: https://www.debian.org/security/2017/dsa-3972
138: https://packages.debian.org/src:bluez
139: https://www.debian.org/security/2017/dsa-3973
140: https://packages.debian.org/src:wordpress-shibboleth
141: https://www.debian.org/security/2017/dsa-3974
142: https://packages.debian.org/src:tomcat8
143: https://www.debian.org/security/2017/dsa-3976
144: https://packages.debian.org/src:freexl
145: https://www.debian.org/security/2017/dsa-3977
146: https://packages.debian.org/src:newsbeuter
147: https://www.debian.org/security/2017/dsa-3978
148: https://packages.debian.org/src:gdk-pixbuf
149: https://www.debian.org/security/2017/dsa-3979
150: https://packages.debian.org/src:pyjwt
151: https://www.debian.org/security/2017/dsa-3980
152: https://packages.debian.org/src:apache2
153: https://www.debian.org/security/2017/dsa-3981
154: https://packages.debian.org/src:linux
155: https://www.debian.org/security/2017/dsa-3982
156: https://packages.debian.org/src:perl
157: https://www.debian.org/security/2017/dsa-3983
158: https://packages.debian.org/src:samba
159: https://www.debian.org/security/2017/dsa-3984
160: https://packages.debian.org/src:git
161: https://www.debian.org/security/2017/dsa-3986
162: https://packages.debian.org/src:ghostscript
163: https://www.debian.org/security/2017/dsa-3987
164: https://packages.debian.org/src:firefox-esr
165: https://www.debian.org/security/2017/dsa-3988
166: https://packages.debian.org/src:libidn2-0
167: https://www.debian.org/security/2017/dsa-3989
168: https://packages.debian.org/src:dnsmasq
169: https://www.debian.org/security/2017/dsa-3990
170: https://packages.debian.org/src:asterisk
171: https://www.debian.org/security/2017/dsa-3992
172: https://packages.debian.org/src:curl
173: https://www.debian.org/security/2017/dsa-3995
174: https://packages.debian.org/src:libxfont
175: https://www.debian.org/security/2017/dsa-3997
176: https://packages.debian.org/src:wordpress
177: https://www.debian.org/security/2017/dsa-3998
178: https://packages.debian.org/src:nss
179: https://www.debian.org/security/2017/dsa-3999
180: https://packages.debian.org/src:wpa
181: https://www.debian.org/security/2017/dsa-4000
182: https://packages.debian.org/src:xorg-server
183: https://www.debian.org/security/2017/dsa-4002
184: https://packages.debian.org/src:mysql-5.5
185: https://www.debian.org/security/2017/dsa-4004
186: https://packages.debian.org/src:jackson-databind
187: https://www.debian.org/security/2017/dsa-4006
188: https://packages.debian.org/src:mupdf
189: https://www.debian.org/security/2017/dsa-4007
190: https://packages.debian.org/src:curl
191: https://www.debian.org/security/2017/dsa-4008
192: https://packages.debian.org/src:wget
193: https://www.debian.org/security/2017/dsa-4011
194: https://packages.debian.org/src:quagga
195: https://www.debian.org/security/2017/dsa-4012
196: https://packages.debian.org/src:libav
197: https://www.debian.org/security/2017/dsa-4013
198: https://packages.debian.org/src:openjpeg2
199: https://www.debian.org/security/2017/dsa-4016
200: https://packages.debian.org/src:irssi
201: https://www.debian.org/security/2017/dsa-4018
202: https://packages.debian.org/src:openssl
203: https://www.debian.org/security/2017/dsa-4021
204: https://packages.debian.org/src:otrs2
205: https://www.debian.org/security/2017/dsa-4022
206: https://packages.debian.org/src:libreoffice
207: https://www.debian.org/security/2017/dsa-4025
208: https://packages.debian.org/src:libpam4j
209: https://www.debian.org/security/2017/dsa-4026
210: https://packages.debian.org/src:bchunk
211: https://www.debian.org/security/2017/dsa-4027
212: https://packages.debian.org/src:postgresql-9.4
213: https://www.debian.org/security/2017/dsa-4029
214: https://packages.debian.org/src:postgresql-common
215: https://www.debian.org/security/2017/dsa-4033
216: https://packages.debian.org/src:konversation
217: https://www.debian.org/security/2017/dsa-4035
218: https://packages.debian.org/src:firefox-esr
219: https://www.debian.org/security/2017/dsa-4037
220: https://packages.debian.org/src:jackson-databind
221: https://www.debian.org/security/2017/dsa-4038
222: https://packages.debian.org/src:shibboleth-sp2
223: https://www.debian.org/security/2017/dsa-4039
224: https://packages.debian.org/src:opensaml2
225: https://www.debian.org/security/2017/dsa-4040
226: https://packages.debian.org/src:imagemagick
227: https://www.debian.org/security/2017/dsa-4041
228: https://packages.debian.org/src:procmail
229: https://www.debian.org/security/2017/dsa-4042
230: https://packages.debian.org/src:libxml-libxml-perl
231: https://www.debian.org/security/2017/dsa-4043
232: https://packages.debian.org/src:samba
233: https://www.debian.org/security/2017/dsa-4045
234: https://packages.debian.org/src:vlc
235: https://www.debian.org/security/2017/dsa-4046
236: https://packages.debian.org/src:libspring-ldap-java
237: https://www.debian.org/security/2017/dsa-4047
238: https://packages.debian.org/src:otrs2
239: https://www.debian.org/security/2017/dsa-4051
240: https://packages.debian.org/src:curl
241: https://www.debian.org/security/2017/dsa-4052
242: https://packages.debian.org/src:bzr
Removed packages
----------------
The following packages were removed due to circumstances beyond our
control:
+---------------------------------+---------------------------------+
| Package | Reason |
+---------------------------------+---------------------------------+
| libnet-ping-external-perl [243] | Unmaintained, security issues |
| | |
| aiccu [244] | Useless since shutdown of SixXS |
| | |
+---------------------------------+---------------------------------+
243: https://packages.debian.org/src:libnet-ping-external-perl
244: https://packages.debian.org/src:aiccu
Debian Installer
----------------
The installer has been updated to include the fixes incorporated into
stable by the point release.
URLs
----
The complete lists of packages that have changed with this revision:
http://ftp.debian.org/debian/dists/jessie/ChangeLog
The current oldstable distribution:
http://ftp.debian.org/debian/dists/oldstable/
Proposed updates to the oldstable distribution:
http://ftp.debian.org/debian/dists/oldstable-proposed-updates
oldstable distribution information (release notes, errata etc.):
https://www.debian.org/releases/oldstable/
Security announcements and information:
https://security.debian.org/ [245]
245: https://www.debian.org/security/
About Debian
------------
The Debian Project is an association of Free Software developers who
volunteer their time and effort in order to produce the completely free
operating system Debian.
Contact Information
-------------------
For further information, please visit the Debian web pages at
https://www.debian.org/, send mail to <pr...@debian.org>, or contact the
stable release team at <debian-...@lists.debian.org>.
The Debian Project https://www.debian.org/
Updated Debian 8: 8.10 released pr...@debian.org
December 9th, 2017 https://www.debian.org/News/2017/20171209
------------------------------------------------------------------------
The Debian project is pleased to announce the tenth update of its
oldstable distribution Debian 8 (codename "jessie"). This point release
mainly adds corrections for security issues, along with a few
adjustments for serious problems. Security advisories have already been
published separately and are referenced where available.
Please note that the point release does not constitute a new version of
Debian 8 but only updates some of the packages included. There is no
need to throw away old "jessie" media. After installation, packages can
be upgraded to the current versions using an up-to-date Debian mirror.
Those who frequently install updates from security.debian.org won't have
to update many packages, and most such updates are included in the point
release.
New installation images will be available soon at the regular locations.
Upgrading an existing installation to this revision can be achieved by
pointing the package management system at one of Debian's many HTTP
mirrors. A comprehensive list of mirrors is available at:
https://www.debian.org/mirror/list
Miscellaneous Bugfixes
----------------------
This oldstable update adds a few important corrections to the following
packages:
+---------------------------+-----------------------------------------+
| Package | Reason |
+---------------------------+-----------------------------------------+
| bareos [1] | Fix permissions of bareos-dir logrotate |
| | config; fix file corruption when using |
| | SHA1 signature |
| | |
| base-files [2] | Update for the point release |
| | |
| bind9 [3] | Import upcoming DNSSEC KSK-2017 |
| | |
| cups [4] | Disable SSLv3 and RC4 by default to |
| | address POODLE vulnerability |
| | |
| db [5] | Do not access DB_CONFIG when db_home is |
| | not set [CVE-2017-10140] |
| | |
| db5.3 [6] | Do not access DB_CONFIG when db_home is |
| | not set [CVE-2017-10140] |
| | |
| debian-installer [7] | Rebuild for the point release |
| | |
| debian-installer-netboot- | Rebuild for the point release |
| images [8] | |
| | |
| debmirror [9] | Tolerate unknown lines in *.diff/Index; |
| | mirror DEP-11 metadata files; prefer xz |
| | over gz, and cope with either being |
| | missing; mirror and validate InRelease |
| | files |
| | |
| dns-root-data [10] | Update root.hints to 2017072601 |
| | version; add KSK-2017 to root.key file |
| | |
| dput [11] | dput.cf: replace security- |
| | master.debian.org with |
| | ftp.upload.security.debian.org |
| | |
| dwww [12] | Fix "Last-Modified" header name |
| | |
| elog [13] | Update patch 0005_elogd_CVE-2016- |
| | 6342_fix to grant access as normal user |
| | |
| flightgear [14] | Fix arbitrary file overwrite |
| | vulnerability [CVE-2017-13709] |
| | |
| gsoap [15] | Fix integer overflow via large XML |
| | document [CVE-2017-9765] |
| | |
| hexchat [16] | Fix segmentation fault following / |
| | server command |
| | |
| icu [17] | Fix double free in |
| | createMetazoneMappings() [CVE-2017- |
| | 14952] |
| | |
| kdepim [18] | Fix "send Later with Delay bypasses |
| | OpenPGP" [CVE-2017-9604] |
| | |
| kedpm [19] | Fix information leak via command |
| | history file [CVE-2017-8296] |
| | |
| keyringer [20] | Handle subkeys without expiration date |
| | and public keys listed multiple times |
| | |
| krb5 [21] | Security fixes - remote authenticated |
| | attackers can crash the KDC [CVE-2017- |
| | 11368]; kdc crash on |
| | restrict_anon_to_tgt [CVE-2016-3120]; |
| | remote DOS with ldap for authenticated |
| | attackers [CVE-2016-3119]; prevent |
| | requires_preauth bypass [CVE-2015-2694] |
| | |
| libdatetime-timezone- | Update included data |
| perl [22] | |
| | |
| libdbi [23] | Re-enable error handler call in |
| | dbi_result_next_row() |
| | |
| libembperl-perl [24] | Change hard dependency on mod_perl in |
| | zembperl.load to Recommends, fixing an |
| | installation failure when libapache2- |
| | mod-perl2 is not installed |
| | |
| libio-socket-ssl- | Fix segfault using malformed client |
| perl [25] | certificates |
| | |
| liblouis [26] | Fix multiple stack-based buffer |
| | overflows [CVE-2014-8184] |
| | |
| libofx [27] | Security fixes [CVE-2017-2816 CVE-2017- |
| | 14731] |
| | |
| libwnckmm [28] | Tighten dependencies between packages; |
| | use jquery.js from libjs-jquery |
| | |
| libwpd [29] | Security fix [CVE-2017-14226] |
| | |
| libx11 [30] | Fix "insufficient validation of data |
| | from the X server can cause out of |
| | boundary memory read (XGetImage()) or |
| | write (XListFonts())" [CVE-2016-7942 |
| | CVE-2016-7943] |
| | |
| libxfixes [31] | Fix integer overflow on illegal server |
| | response [CVE-2016-7944] |
| | |
| libxi [32] | Fix "insufficient validation of data |
| | from the X server can cause out of |
| | boundary memory access or endless |
| | loops" [CVE-2016-7945 CVE-2016-7946] |
| | |
| libxrandr [33] | Avoid out of boundary accesses on |
| | illegal responses [CVE-2016-7947 |
| | CVE-2016-7948] |
| | |
| libxtst [34] | Fix "insufficient validation of data |
| | from the X server can cause out of |
| | boundary memory access or endless |
| | loops" [CVE-2016-7951 CVE-2016-7952] |
| | |
| libxv [35] | Fix protocol handling issues in libXv |
| | [CVE-2016-5407] |
| | |
| libxvmc [36] | Avoid buffer underflow on empty strings |
| | [CVE-2016-7953] |
| | |
| linux [37] | New stable kernel version 3.16.51 |
| | |
| ncurses [38] | Fix various crash bugs in the tic |
| | library and the tic binary [CVE-2017- |
| | 10684 CVE-2017-10685 CVE-2017-11112 |
| | CVE-2017-11113 CVE-2017-13728 CVE-2017- |
| | 13729 CVE-2017-13730 CVE-2017-13731 |
| | CVE-2017-13732 CVE-2017-13734 CVE-2017- |
| | 13733] |
| | |
| openssh [39] | Test configuration before starting or |
| | reloading sshd under systemd; make |
| | "--" before the hostname terminate |
| | argument processing after the hostname |
| | too |
| | |
| pdns [40] | Add missing check on API operations |
| | [CVE-2017-15091] |
| | |
| pdns-recursor [41] | Fix configuration file injection in the |
| | API [CVE-2017-15093] |
| | |
| postgresql-9.4 [42] | New upstream bugfix release |
| | |
| python-tablib [43] | Securely load YAML [CVE-2017-2810] |
| | |
| request-tracker4 [44] | Fix regression in previous security |
| | release where incorrect SHA256 |
| | passwords could trigger an error |
| | |
| ruby-ox [45] | Avoid crash with invalid XML passed to |
| | Oj.parse_obj() [CVE-2017-15928] |
| | |
| sam2p [46] | Fix several integer overflow or heap- |
| | based buffer overflow issues [CVE-2017- |
| | 14628 CVE-2017-14629 CVE-2017-14630 |
| | CVE-2017-14631 CVE-2017-14636 CVE-2017- |
| | 14637 CVE-2017-16663] |
| | |
| slurm-llnl [47] | Fix security issue caused by insecure |
| | file path handling triggered by the |
| | failure of a Prolog script [CVE-2016- |
| | 10030] |
| | |
| sudo [48] | Fix arbitrary terminal access |
| | [CVE-2017-1000368] |
| | |
| syslinux [49] | Fix boot problem for old BIOS firmware |
| | by correcting C/H/S order |
| | |
| tor [50] | Add "Bastet" directory authority; |
| | update geoip and geoip6 to the October |
| | 4 2017 Maxmind GeoLite2 country |
| | database; fix a memset() off the end of |
| | an array when packing cells |
| | |
| transfig [51] | Add input sanitisation on FIG files |
| | [CVE-2017-16899]; sanitize input of |
| | fill patterns |
| | |
| tzdata [52] | New upstream release |
| | |
| unbound [53] | Fix install of trust anchor when two |
| | anchors are present; include root trust |
| | anchor id 20326 |
| | |
| weechat [54] | "logger: call strftime before replacing |
| | buffer local variables" [CVE-2017- |
| | 14727] |
| | |
+---------------------------+-----------------------------------------+
1: https://packages.debian.org/src:bareos
2: https://packages.debian.org/src:base-files
3: https://packages.debian.org/src:bind9
4: https://packages.debian.org/src:cups
5: https://packages.debian.org/src:db
6: https://packages.debian.org/src:db5.3
7: https://packages.debian.org/src:debian-installer
8: https://packages.debian.org/src:debian-installer-netboot-images
9: https://packages.debian.org/src:debmirror
10: https://packages.debian.org/src:dns-root-data
11: https://packages.debian.org/src:dput
12: https://packages.debian.org/src:dwww
13: https://packages.debian.org/src:elog
14: https://packages.debian.org/src:flightgear
15: https://packages.debian.org/src:gsoap
16: https://packages.debian.org/src:hexchat
17: https://packages.debian.org/src:icu
18: https://packages.debian.org/src:kdepim
19: https://packages.debian.org/src:kedpm
20: https://packages.debian.org/src:keyringer
21: https://packages.debian.org/src:krb5
22: https://packages.debian.org/src:libdatetime-timezone-perl
23: https://packages.debian.org/src:libdbi
24: https://packages.debian.org/src:libembperl-perl
25: https://packages.debian.org/src:libio-socket-ssl-perl
26: https://packages.debian.org/src:liblouis
27: https://packages.debian.org/src:libofx
28: https://packages.debian.org/src:libwnckmm
29: https://packages.debian.org/src:libwpd
30: https://packages.debian.org/src:libx11
31: https://packages.debian.org/src:libxfixes
32: https://packages.debian.org/src:libxi
33: https://packages.debian.org/src:libxrandr
34: https://packages.debian.org/src:libxtst
35: https://packages.debian.org/src:libxv
36: https://packages.debian.org/src:libxvmc
37: https://packages.debian.org/src:linux
38: https://packages.debian.org/src:ncurses
39: https://packages.debian.org/src:openssh
40: https://packages.debian.org/src:pdns
41: https://packages.debian.org/src:pdns-recursor
42: https://packages.debian.org/src:postgresql-9.4
43: https://packages.debian.org/src:python-tablib
44: https://packages.debian.org/src:request-tracker4
45: https://packages.debian.org/src:ruby-ox
46: https://packages.debian.org/src:sam2p
47: https://packages.debian.org/src:slurm-llnl
48: https://packages.debian.org/src:sudo
49: https://packages.debian.org/src:syslinux
50: https://packages.debian.org/src:tor
51: https://packages.debian.org/src:transfig
52: https://packages.debian.org/src:tzdata
53: https://packages.debian.org/src:unbound
54: https://packages.debian.org/src:weechat
Security Updates
----------------
This revision adds the following security updates to the oldstable
release. The Security Team has already released an advisory for each of
these updates:
+----------------+----------------------------+
| Advisory ID | Package |
+----------------+----------------------------+
| DSA-3904 [55] | bind9 [56] |
| | |
| DSA-3908 [57] | nginx [58] |
| | |
| DSA-3909 [59] | samba [60] |
| | |
| DSA-3913 [61] | apache2 [62] |
| | |
| DSA-3914 [63] | imagemagick [64] |
| | |
| DSA-3916 [65] | atril [66] |
| | |
| DSA-3917 [67] | catdoc [68] |
| | |
| DSA-3921 [69] | enigmail [70] |
| | |
| DSA-3922 [71] | mysql-5.5 [72] |
| | |
| DSA-3924 [73] | varnish [74] |
| | |
| DSA-3928 [75] | firefox-esr [76] |
| | |
| DSA-3929 [77] | libsoup2.4 [78] |
| | |
| DSA-3930 [79] | freeradius [80] |
| | |
| DSA-3932 [81] | subversion [82] |
| | |
| DSA-3933 [83] | pjproject [84] |
| | |
| DSA-3934 [85] | git [86] |
| | |
| DSA-3935 [87] | postgresql-9.4 [88] |
| | |
| DSA-3937 [89] | zabbix [90] |
| | |
| DSA-3938 [91] | libgd2 [92] |
| | |
| DSA-3939 [93] | botan1.10 [94] |
| | |
| DSA-3940 [95] | cvs [96] |
| | |
| DSA-3942 [97] | supervisor [98] |
| | |
| DSA-3943 [99] | gajim [100] |
| | |
| DSA-3945 [101] | linux [102] |
| | |
| DSA-3946 [103] | libmspack [104] |
| | |
| DSA-3947 [105] | newsbeuter [106] |
| | |
| DSA-3948 [107] | ioquake3 [108] |
| | |
| DSA-3949 [109] | augeas [110] |
| | |
| DSA-3950 [111] | libraw [112] |
| | |
| DSA-3951 [113] | smb4k [114] |
| | |
| DSA-3952 [115] | libxml2 [116] |
| | |
| DSA-3956 [117] | connman [118] |
| | |
| DSA-3958 [119] | fontforge [120] |
| | |
| DSA-3960 [121] | gnupg [122] |
| | |
| DSA-3961 [123] | libgd2 [124] |
| | |
| DSA-3962 [125] | strongswan [126] |
| | |
| DSA-3963 [127] | mercurial [128] |
| | |
| DSA-3964 [129] | asterisk [130] |
| | |
| DSA-3969 [131] | xen [132] |
| | |
| DSA-3970 [133] | emacs24 [134] |
| | |
| DSA-3971 [135] | tcpdump [136] |
| | |
| DSA-3972 [137] | bluez [138] |
| | |
| DSA-3973 [139] | wordpress-shibboleth [140] |
| | |
| DSA-3974 [141] | tomcat8 [142] |
| | |
| DSA-3976 [143] | freexl [144] |
| | |
| DSA-3977 [145] | newsbeuter [146] |
| | |
| DSA-3978 [147] | gdk-pixbuf [148] |
| | |
| DSA-3979 [149] | pyjwt [150] |
| | |
| DSA-3980 [151] | apache2 [152] |
| | |
| DSA-3981 [153] | linux [154] |
| | |
| DSA-3982 [155] | perl [156] |
| | |
| DSA-3983 [157] | samba [158] |
| | |
| DSA-3984 [159] | git [160] |
| | |
| DSA-3986 [161] | ghostscript [162] |
| | |
| DSA-3987 [163] | firefox-esr [164] |
| | |
| DSA-3988 [165] | libidn2-0 [166] |
| | |
| DSA-3989 [167] | dnsmasq [168] |
| | |
| DSA-3990 [169] | asterisk [170] |
| | |
| DSA-3992 [171] | curl [172] |
| | |
| DSA-3995 [173] | libxfont [174] |
| | |
| DSA-3997 [175] | wordpress [176] |
| | |
| DSA-3998 [177] | nss [178] |
| | |
| DSA-3999 [179] | wpa [180] |
| | |
| DSA-4000 [181] | xorg-server [182] |
| | |
| DSA-4002 [183] | mysql-5.5 [184] |
| | |
| DSA-4004 [185] | jackson-databind [186] |
| | |
| DSA-4006 [187] | mupdf [188] |
| | |
| DSA-4007 [189] | curl [190] |
| | |
| DSA-4008 [191] | wget [192] |
| | |
| DSA-4011 [193] | quagga [194] |
| | |
| DSA-4012 [195] | libav [196] |
| | |
| DSA-4013 [197] | openjpeg2 [198] |
| | |
| DSA-4016 [199] | irssi [200] |
| | |
| DSA-4018 [201] | openssl [202] |
| | |
| DSA-4021 [203] | otrs2 [204] |
| | |
| DSA-4022 [205] | libreoffice [206] |
| | |
| DSA-4025 [207] | libpam4j [208] |
| | |
| DSA-4026 [209] | bchunk [210] |
| | |
| DSA-4027 [211] | postgresql-9.4 [212] |
| | |
| DSA-4029 [213] | postgresql-common [214] |
| | |
| DSA-4033 [215] | konversation [216] |
| | |
| DSA-4035 [217] | firefox-esr [218] |
| | |
| DSA-4037 [219] | jackson-databind [220] |
| | |
| DSA-4038 [221] | shibboleth-sp2 [222] |
| | |
| DSA-4039 [223] | opensaml2 [224] |
| | |
| DSA-4040 [225] | imagemagick [226] |
| | |
| DSA-4041 [227] | procmail [228] |
| | |
| DSA-4042 [229] | libxml-libxml-perl [230] |
| | |
| DSA-4043 [231] | samba [232] |
| | |
| DSA-4045 [233] | vlc [234] |
| | |
| DSA-4046 [235] | libspring-ldap-java [236] |
| | |
| DSA-4047 [237] | otrs2 [238] |
| | |
| DSA-4051 [239] | curl [240] |
| | |
| DSA-4052 [241] | bzr [242] |
| | |
+----------------+----------------------------+
55: https://www.debian.org/security/2017/dsa-3904
56: https://packages.debian.org/src:bind9
57: https://www.debian.org/security/2017/dsa-3908
58: https://packages.debian.org/src:nginx
59: https://www.debian.org/security/2017/dsa-3909
60: https://packages.debian.org/src:samba
61: https://www.debian.org/security/2017/dsa-3913
62: https://packages.debian.org/src:apache2
63: https://www.debian.org/security/2017/dsa-3914
64: https://packages.debian.org/src:imagemagick
65: https://www.debian.org/security/2017/dsa-3916
66: https://packages.debian.org/src:atril
67: https://www.debian.org/security/2017/dsa-3917
68: https://packages.debian.org/src:catdoc
69: https://www.debian.org/security/2017/dsa-3921
70: https://packages.debian.org/src:enigmail
71: https://www.debian.org/security/2017/dsa-3922
72: https://packages.debian.org/src:mysql-5.5
73: https://www.debian.org/security/2017/dsa-3924
74: https://packages.debian.org/src:varnish
75: https://www.debian.org/security/2017/dsa-3928
76: https://packages.debian.org/src:firefox-esr
77: https://www.debian.org/security/2017/dsa-3929
78: https://packages.debian.org/src:libsoup2.4
79: https://www.debian.org/security/2017/dsa-3930
80: https://packages.debian.org/src:freeradius
81: https://www.debian.org/security/2017/dsa-3932
82: https://packages.debian.org/src:subversion
83: https://www.debian.org/security/2017/dsa-3933
84: https://packages.debian.org/src:pjproject
85: https://www.debian.org/security/2017/dsa-3934
86: https://packages.debian.org/src:git
87: https://www.debian.org/security/2017/dsa-3935
88: https://packages.debian.org/src:postgresql-9.4
89: https://www.debian.org/security/2017/dsa-3937
90: https://packages.debian.org/src:zabbix
91: https://www.debian.org/security/2017/dsa-3938
92: https://packages.debian.org/src:libgd2
93: https://www.debian.org/security/2017/dsa-3939
94: https://packages.debian.org/src:botan1.10
95: https://www.debian.org/security/2017/dsa-3940
96: https://packages.debian.org/src:cvs
97: https://www.debian.org/security/2017/dsa-3942
98: https://packages.debian.org/src:supervisor
99: https://www.debian.org/security/2017/dsa-3943
100: https://packages.debian.org/src:gajim
101: https://www.debian.org/security/2017/dsa-3945
102: https://packages.debian.org/src:linux
103: https://www.debian.org/security/2017/dsa-3946
104: https://packages.debian.org/src:libmspack
105: https://www.debian.org/security/2017/dsa-3947
106: https://packages.debian.org/src:newsbeuter
107: https://www.debian.org/security/2017/dsa-3948
108: https://packages.debian.org/src:ioquake3
109: https://www.debian.org/security/2017/dsa-3949
110: https://packages.debian.org/src:augeas
111: https://www.debian.org/security/2017/dsa-3950
112: https://packages.debian.org/src:libraw
113: https://www.debian.org/security/2017/dsa-3951
114: https://packages.debian.org/src:smb4k
115: https://www.debian.org/security/2017/dsa-3952
116: https://packages.debian.org/src:libxml2
117: https://www.debian.org/security/2017/dsa-3956
118: https://packages.debian.org/src:connman
119: https://www.debian.org/security/2017/dsa-3958
120: https://packages.debian.org/src:fontforge
121: https://www.debian.org/security/2017/dsa-3960
122: https://packages.debian.org/src:gnupg
123: https://www.debian.org/security/2017/dsa-3961
124: https://packages.debian.org/src:libgd2
125: https://www.debian.org/security/2017/dsa-3962
126: https://packages.debian.org/src:strongswan
127: https://www.debian.org/security/2017/dsa-3963
128: https://packages.debian.org/src:mercurial
129: https://www.debian.org/security/2017/dsa-3964
130: https://packages.debian.org/src:asterisk
131: https://www.debian.org/security/2017/dsa-3969
132: https://packages.debian.org/src:xen
133: https://www.debian.org/security/2017/dsa-3970
134: https://packages.debian.org/src:emacs24
135: https://www.debian.org/security/2017/dsa-3971
136: https://packages.debian.org/src:tcpdump
137: https://www.debian.org/security/2017/dsa-3972
138: https://packages.debian.org/src:bluez
139: https://www.debian.org/security/2017/dsa-3973
140: https://packages.debian.org/src:wordpress-shibboleth
141: https://www.debian.org/security/2017/dsa-3974
142: https://packages.debian.org/src:tomcat8
143: https://www.debian.org/security/2017/dsa-3976
144: https://packages.debian.org/src:freexl
145: https://www.debian.org/security/2017/dsa-3977
146: https://packages.debian.org/src:newsbeuter
147: https://www.debian.org/security/2017/dsa-3978
148: https://packages.debian.org/src:gdk-pixbuf
149: https://www.debian.org/security/2017/dsa-3979
150: https://packages.debian.org/src:pyjwt
151: https://www.debian.org/security/2017/dsa-3980
152: https://packages.debian.org/src:apache2
153: https://www.debian.org/security/2017/dsa-3981
154: https://packages.debian.org/src:linux
155: https://www.debian.org/security/2017/dsa-3982
156: https://packages.debian.org/src:perl
157: https://www.debian.org/security/2017/dsa-3983
158: https://packages.debian.org/src:samba
159: https://www.debian.org/security/2017/dsa-3984
160: https://packages.debian.org/src:git
161: https://www.debian.org/security/2017/dsa-3986
162: https://packages.debian.org/src:ghostscript
163: https://www.debian.org/security/2017/dsa-3987
164: https://packages.debian.org/src:firefox-esr
165: https://www.debian.org/security/2017/dsa-3988
166: https://packages.debian.org/src:libidn2-0
167: https://www.debian.org/security/2017/dsa-3989
168: https://packages.debian.org/src:dnsmasq
169: https://www.debian.org/security/2017/dsa-3990
170: https://packages.debian.org/src:asterisk
171: https://www.debian.org/security/2017/dsa-3992
172: https://packages.debian.org/src:curl
173: https://www.debian.org/security/2017/dsa-3995
174: https://packages.debian.org/src:libxfont
175: https://www.debian.org/security/2017/dsa-3997
176: https://packages.debian.org/src:wordpress
177: https://www.debian.org/security/2017/dsa-3998
178: https://packages.debian.org/src:nss
179: https://www.debian.org/security/2017/dsa-3999
180: https://packages.debian.org/src:wpa
181: https://www.debian.org/security/2017/dsa-4000
182: https://packages.debian.org/src:xorg-server
183: https://www.debian.org/security/2017/dsa-4002
184: https://packages.debian.org/src:mysql-5.5
185: https://www.debian.org/security/2017/dsa-4004
186: https://packages.debian.org/src:jackson-databind
187: https://www.debian.org/security/2017/dsa-4006
188: https://packages.debian.org/src:mupdf
189: https://www.debian.org/security/2017/dsa-4007
190: https://packages.debian.org/src:curl
191: https://www.debian.org/security/2017/dsa-4008
192: https://packages.debian.org/src:wget
193: https://www.debian.org/security/2017/dsa-4011
194: https://packages.debian.org/src:quagga
195: https://www.debian.org/security/2017/dsa-4012
196: https://packages.debian.org/src:libav
197: https://www.debian.org/security/2017/dsa-4013
198: https://packages.debian.org/src:openjpeg2
199: https://www.debian.org/security/2017/dsa-4016
200: https://packages.debian.org/src:irssi
201: https://www.debian.org/security/2017/dsa-4018
202: https://packages.debian.org/src:openssl
203: https://www.debian.org/security/2017/dsa-4021
204: https://packages.debian.org/src:otrs2
205: https://www.debian.org/security/2017/dsa-4022
206: https://packages.debian.org/src:libreoffice
207: https://www.debian.org/security/2017/dsa-4025
208: https://packages.debian.org/src:libpam4j
209: https://www.debian.org/security/2017/dsa-4026
210: https://packages.debian.org/src:bchunk
211: https://www.debian.org/security/2017/dsa-4027
212: https://packages.debian.org/src:postgresql-9.4
213: https://www.debian.org/security/2017/dsa-4029
214: https://packages.debian.org/src:postgresql-common
215: https://www.debian.org/security/2017/dsa-4033
216: https://packages.debian.org/src:konversation
217: https://www.debian.org/security/2017/dsa-4035
218: https://packages.debian.org/src:firefox-esr
219: https://www.debian.org/security/2017/dsa-4037
220: https://packages.debian.org/src:jackson-databind
221: https://www.debian.org/security/2017/dsa-4038
222: https://packages.debian.org/src:shibboleth-sp2
223: https://www.debian.org/security/2017/dsa-4039
224: https://packages.debian.org/src:opensaml2
225: https://www.debian.org/security/2017/dsa-4040
226: https://packages.debian.org/src:imagemagick
227: https://www.debian.org/security/2017/dsa-4041
228: https://packages.debian.org/src:procmail
229: https://www.debian.org/security/2017/dsa-4042
230: https://packages.debian.org/src:libxml-libxml-perl
231: https://www.debian.org/security/2017/dsa-4043
232: https://packages.debian.org/src:samba
233: https://www.debian.org/security/2017/dsa-4045
234: https://packages.debian.org/src:vlc
235: https://www.debian.org/security/2017/dsa-4046
236: https://packages.debian.org/src:libspring-ldap-java
237: https://www.debian.org/security/2017/dsa-4047
238: https://packages.debian.org/src:otrs2
239: https://www.debian.org/security/2017/dsa-4051
240: https://packages.debian.org/src:curl
241: https://www.debian.org/security/2017/dsa-4052
242: https://packages.debian.org/src:bzr
Removed packages
----------------
The following packages were removed due to circumstances beyond our
control:
+---------------------------------+---------------------------------+
| Package | Reason |
+---------------------------------+---------------------------------+
| libnet-ping-external-perl [243] | Unmaintained, security issues |
| | |
| aiccu [244] | Useless since shutdown of SixXS |
| | |
+---------------------------------+---------------------------------+
243: https://packages.debian.org/src:libnet-ping-external-perl
244: https://packages.debian.org/src:aiccu
Debian Installer
----------------
The installer has been updated to include the fixes incorporated into
stable by the point release.
URLs
----
The complete lists of packages that have changed with this revision:
http://ftp.debian.org/debian/dists/jessie/ChangeLog
The current oldstable distribution:
http://ftp.debian.org/debian/dists/oldstable/
Proposed updates to the oldstable distribution:
http://ftp.debian.org/debian/dists/oldstable-proposed-updates
oldstable distribution information (release notes, errata etc.):
https://www.debian.org/releases/oldstable/
Security announcements and information:
https://security.debian.org/ [245]
245: https://www.debian.org/security/
About Debian
------------
The Debian Project is an association of Free Software developers who
volunteer their time and effort in order to produce the completely free
operating system Debian.
Contact Information
-------------------
For further information, please visit the Debian web pages at
https://www.debian.org/, send mail to <pr...@debian.org>, or contact the
stable release team at <debian-...@lists.debian.org>.
0 new messages