------------------------------------------------------------------------
The Debian Project https://www.debian.org/ Updated Debian 8: 8.9 released press@debian.org
July 22nd, 2017 https://www.debian.org/News/2017/2017072202 ------------------------------------------------------------------------


The Debian project is pleased to announce the ninth update of its
oldstable distribution Debian 8 (codename "jessie"). This point release
mainly adds corrections for security issues, along with a few
adjustments for serious problems. Security advisories have already been published separately and are referenced where available.

Please note that the point release does not constitute a new version of
Debian 8 but only updates some of the packages included. There is no
need to throw away old "jessie" media. After installation, packages can
be upgraded to the current versions using an up-to-date Debian mirror.

Those who frequently install updates from security.debian.org won't have
to update many packages, and most such updates are included in the point release.

New installation images will be available soon at the regular locations.

Upgrading an existing installation to this revision can be achieved by
pointing the package management system at one of Debian's many HTTP
mirrors. A comprehensive list of mirrors is available at:

https://www.debian.org/mirror/list



Miscellaneous Bugfixes
----------------------

This oldstable update adds a few important corrections to the following packages:

+-----------------------------+---------------------------------------+
| Package | Reason | +-----------------------------+---------------------------------------+
| 3dchess [1] | Reduce wasteful CPU consumption |
| | |
| apt-cacher [2] | Prevent HTTP response splitting with |
| | encoded newlines in request |
| | [CVE-2017-7443]; make sure /var/run/ |
| | apt-cacher exists |
| | |
| base-files [3] | Update for the 8.9 point release |
| | |
| boinc [4] | Improve adjusting OOM score; fix |
| | security issue with xhost |
| | |
| c-ares [5] | Security fix [CVE-2017-1000381] |
| | |
| cfitsio [6] | Fix crashes related to improper |
| | memory handling |
| | |
| chkrootkit [7] | Fix segmentation fault; fix missing |
| | dependency on openssh-client; add |
| | Built-Using field |
| | |
| cqrlog [8] | tools/cqrlog-apparmor-fix, debian/ |
| | postrm: Check for /etc/init.d/ |
| | apparmor before restarting apparmor |
| | |
| debconf [9] | Use File::Temp instead of the |
| | deprecated POSIX::tmpnam() in |
| | Debconf::TmpFile |
| | |
| debian-archive-keyring [10] | Add stretch keys, and move squeeze |
| | keys to removed keyring |
| | |
| debian-installer [11] | Rebuild against proposed-updates |
| | |
| debian-installer-netboot- | Rebuild against proposed-updates |
| images [12] | |
| | |
| debian-security- | Update support status of various |
| support [13] | packages; update translations |
| | |
| debootstrap [14] | Add support for Buster and Bullseye |
| | |
| eterm [15] | Fix integer overflow preventing the |
| | shell from starting/stopping properly |
| | |
| flightgear [16] | Prevent overriding arbitrary files |
| | from the "save-flightplan" |
| | FGCommand [CVE-2017-8921] |
| | |
| galternatives [17] | Fix blank properties page |
| | |
| gitolite3 [18] | Fix missing dependency on openssh- |
| | client |
| | |
| gnats [19] | gnats-user: do not fail to purge if / |
| | var/lib/gnats/gnats-db is not empty |
| | |
| gnutls28 [20] | Improve check for /dev/urandom |
| | uniqueness |
| | |
| gtk+2.0 [21] | Backport patch from GTK+3 to fix |
| | stuck grabs in some situations |
| | |
| init-select [22] | Check for /usr/lib/init-select/get- |
| | init before calling it |
| | |
| intel-microcode [23] | Update included microcode |
| | |
| libapache2-mod-perl2 [24] | Fix test suite for compatibility with |
| | latest Apache 2 updates |
| | |
| libcgi-application-plugin- | Fix missing dependency on one of |
| anytemplate-perl [25] | libclone-perl and libclone-pp-perl |
| | |
| libclamunrar [26] | Fix arbitrary memory write [CVE-2012- |
| | 6706] |
| | |
| libdata-faker-perl [27] | Run the test suite under a specific |
| | locale |
| | |
| libdvdnav [28] | Use proper error handling when |
| | position cannot be detected |
| | |
| libhtml-microformats- | Fix missing dependency on libmodule- |
| perl [29] | pluggable-perl |
| | |
| libhttp-proxy-perl [30] | Fix broken 'via' handling |
| | |
| libonig [31] | Fix multiple invalid pointer |
| | dereference, out-of-bounds write |
| | memory corruption and stack buffer |
| | overflow issues [CVE-2017-9224 |
| | CVE-2017-9226 CVE-2017-9227 CVE-2017- |
| | 9228 CVE-2017-9229] |
| | |
| libosinfo [32] | Add support for jessie and stretch |
| | |
| libsys-syscall-perl [33] | Add support for more architectures |
| | |
| libterralib [34] | Remove superfluous Conflicts/ |
| | Replaces: libterralib3 since that |
| | causes problems upgrading to stretch |
| | which has that package |
| | |
| libx11-protocol-other- | Disable buggy test |
| perl [35] | |
| | |
| lxterminal [36] | Security fix: improper use of /tmp |
| | for a socket file |
| | |
| netcfg [37] | IPv6 autoconfiguration: fix NTP |
| | server name handling; stop queueing |
| | rdnssd's installation with IPv6 |
| | setups |
| | |
| offlineimap [38] | Prevent the usage of maxage (broken |
| | and may result in data loss) |
| | |
| os-prober [39] | EFI: fix check on |
| | ID_PART_ENTRY_SCHEME, to look for |
| | "dos" instead of "msdos" ; make |
| | Windows Vista detection more robust; |
| | add support for Windows 10 |
| | |
| pam [40] | Rebuild to fix multi-arch differences |
| | |
| partman-ext3 [41] | Force ext3|ext4 filesystem creation |
| | with "-F" so that D-I doesn't |
| | "hang" when re-using an existing |
| | partition in some situations |
| | |
| perl [42] | Apply upstream base.pm no-dot-in-inc |
| | fix |
| | |
| polarssl [43] | Fix freeing of memory allocated on |
| | stack when validating a public key |
| | with a secp224k1 curve [CVE-2017- |
| | 2784] |
| | |
| proftpd-dfsg [44] | Fix "TLSDHParamFile directive |
| | appears ignored because unexpected DH |
| | is chosen" [CVE-2016-3125], |
| | "AllowChrootSymlinks off does not |
| | check entire DefaultRoot path for |
| | symlinks" [CVE-2017-7418] |
| | |
| python-colorlog [45] | Fix python3 dependencies |
| | |
| python-plumbum [46] | Fix python3 dependencies |
| | |
| rkhunter [47] | Disable remote updates [CVE-2017- |
| | 7480] |
| | |
| shutter [48] | Fix insecure use of perl exec() |
| | [CVE-2016-10081] and system() |
| | |
| tcpdf [49] | Security fix: disallow tcpdf calls in |
| | HTML [CVE-2017-6100] |
| | |
| unrar-nonfree [50] | Security fix: add bound checks for |
| | VMSF_DELTA, VMSF_RGB and VMSF_AUDIO |
| | paramters [CVE-2012-6706] |
| | |
| w3m [51] | Fix multiple buffer overflows, use |
| | after free issues and an infinite |
| | loop |
| | |
| xarchiver [52] | Fix possible data loss due to shell |
| | metacharacters |
| | |
| xfce4-weather-plugin [53] | Adapt to new weather website APIs |
| | | +-----------------------------+---------------------------------------+

1: https://packages.debian.org/src:3dchess
2: https://packages.debian.org/src:apt-cacher
3: https://packages.debian.org/src:base-files
4: https://packages.debian.org/src:boinc
5: https://packages.debian.org/src:c-ares
6: https://packages.debian.org/src:cfitsio
7: https://packages.debian.org/src:chkrootkit
8: https://packages.debian.org/src:cqrlog
9: https://packages.debian.org/src:debconf
10: https://packages.debian.org/src:debian-archive-keyring
11: https://packages.debian.org/src:debian-installer
12: https://packages.debian.org/src:debian-installer-netboot-images
13: https://packages.debian.org/src:debian-security-support
14: https://packages.debian.org/src:debootstrap
15: https://packages.debian.org/src:eterm
16: https://packages.debian.org/src:flightgear
17: https://packages.debian.org/src:galternatives
18: https://packages.debian.org/src:gitolite3
19: https://packages.debian.org/src:gnats
20: https://packages.debian.org/src:gnutls28
21: https://packages.debian.org/src:gtk+2.0
22: https://packages.debian.org/src:init-select
23: https://packages.debian.org/src:intel-microcode
24: https://packages.debian.org/src:libapache2-mod-perl2
25: https://packages.debian.org/src:libcgi-application-plugin-anytemplate-perl
26: https://packages.debian.org/src:libclamunrar
27: https://packages.debian.org/src:libdata-faker-perl
28: https://packages.debian.org/src:libdvdnav
29: https://packages.debian.org/src:libhtml-microformats-perl
30: https://packages.debian.org/src:libhttp-proxy-perl
31: https://packages.debian.org/src:libonig
32: https://packages.debian.org/src:libosinfo
33: https://packages.debian.org/src:libsys-syscall-perl
34: https://packages.debian.org/src:libterralib
35: https://packages.debian.org/src:libx11-protocol-other-perl
36: https://packages.debian.org/src:lxterminal
37: https://packages.debian.org/src:netcfg
38: https://packages.debian.org/src:offlineimap
39: https://packages.debian.org/src:os-prober
40: https://packages.debian.org/src:pam
41: https://packages.debian.org/src:partman-ext3
42: https://packages.debian.org/src:perl
43: https://packages.debian.org/src:polarssl
44: https://packages.debian.org/src:proftpd-dfsg
45: https://packages.debian.org/src:python-colorlog
46: https://packages.debian.org/src:python-plumbum
47: https://packages.debian.org/src:rkhunter
48: https://packages.debian.org/src:shutter
49: https://packages.debian.org/src:tcpdf
50: https://packages.debian.org/src:unrar-nonfree
51: https://packages.debian.org/src:w3m
52: https://packages.debian.org/src:xarchiver
53: https://packages.debian.org/src:xfce4-weather-plugin

Security Updates
----------------

This revision adds the following security updates to the oldstable
release. The Security Team has already released an advisory for each of
these updates:

+----------------+------------------------------+
| Advisory ID | Package | +----------------+------------------------------+
| DSA-3742 [54] | flightgear [55] |
| | |
| DSA-3793 [56] | shadow [57] |
| | |
| DSA-3840 [58] | mysql-connector-java [59] |
| | |
| DSA-3841 [60] | libxstream-java [61] |
| | |
| DSA-3842 [62] | tomcat7 [63] |
| | |
| DSA-3843 [64] | tomcat8 [65] |
| | |
| DSA-3844 [66] | tiff [67] |
| | |
| DSA-3845 [68] | libtirpc [69] |
| | |
| DSA-3845 [70] | rpcbind [71] |
| | |
| DSA-3846 [72] | libytnef [73] |
| | |
| DSA-3847 [74] | xen [75] |
| | |
| DSA-3848 [76] | git [77] |
| | |
| DSA-3849 [78] | kde4libs [79] |
| | |
| DSA-3850 [80] | rtmpdump [81] |
| | |
| DSA-3851 [82] | postgresql-9.4 [83] |
| | |
| DSA-3852 [84] | squirrelmail [85] |
| | |
| DSA-3853 [86] | bitlbee [87] |
| | |
| DSA-3854 [88] | bind9 [89] |
| | |
| DSA-3855 [90] | jbig2dec [91] |
| | |
| DSA-3856 [92] | deluge [93] |
| | |
| DSA-3857 [94] | mysql-connector-java [95] |
| | |
| DSA-3859 [96] | dropbear [97] |
| | |
| DSA-3860 [98] | samba [99] |
| | |
| DSA-3861 [100] | libtasn1-6 [101] |
| | |
| DSA-3862 [102] | puppet [103] |
| | |
| DSA-3863 [104] | imagemagick [105] |
| | |
| DSA-3864 [106] | fop [107] |
| | |
| DSA-3865 [108] | mosquitto [109] |
| | |
| DSA-3866 [110] | strongswan [111] |
| | |
| DSA-3867 [112] | sudo [113] |
| | |
| DSA-3868 [114] | openldap [115] |
| | |
| DSA-3869 [116] | tnef [117] |
| | |
| DSA-3870 [118] | wordpress [119] |
| | |
| DSA-3871 [120] | zookeeper [121] |
| | |
| DSA-3872 [122] | nss [123] |
| | |
| DSA-3873 [124] | perl [125] |
| | |
| DSA-3874 [126] | ettercap [127] |
| | |
| DSA-3875 [128] | libmwaw [129] |
| | |
| DSA-3876 [130] | otrs2 [131] |
| | |
| DSA-3877 [132] | tor [133] |
| | |
| DSA-3878 [134] | zziplib [135] |
| | |
| DSA-3879 [136] | libosip2 [137] |
| | |
| DSA-3880 [138] | libgcrypt20 [139] |
| | |
| DSA-3882 [140] | request-tracker4 [141] |
| | |
| DSA-3883 [142] | rt-authen-externalauth [143] |
| | |
| DSA-3884 [144] | gnutls28 [145] |
| | |
| DSA-3885 [146] | irssi [147] |
| | |
| DSA-3886 [148] | linux [149] |
| | |
| DSA-3887 [150] | glibc [151] |
| | |
| DSA-3888 [152] | exim4 [153] |
| | |
| DSA-3889 [154] | libffi [155] |
| | |
| DSA-3891 [156] | tomcat8 [157] |
| | |
| DSA-3892 [158] | tomcat7 [159] |
| | |
| DSA-3893 [160] | jython [161] |
| | |
| DSA-3894 [162] | graphite2 [163] |
| | |
| DSA-3896 [164] | apache2 [165] |
| | |
| DSA-3897 [166] | drupal7 [167] |
| | |
| DSA-3898 [168] | expat [169] |
| | |
| DSA-3899 [170] | vlc [171] |
| | |
| DSA-3900 [172] | openvpn [173] |
| | |
| DSA-3901 [174] | libgcrypt20 [175] |
| | |
| DSA-3903 [176] | tiff [177] |
| | |
| DSA-3904 [178] | bind9 [179] |
| | |
| DSA-3905 [180] | xorg-server [181] |
| | |
| DSA-3907 [182] | spice [183] |
| | |
| DSA-3910 [184] | knot [185] |
| | |
| DSA-3911 [186] | evince [187] |
| | |
| DSA-3912 [188] | heimdal [189] |
| | | +----------------+------------------------------+

54: https://www.debian.org/security/2016/dsa-3742
55: https://packages.debian.org/src:flightgear
56: https://www.debian.org/security/2017/dsa-3793
57: https://packages.debian.org/src:shadow
58: https://www.debian.org/security/2017/dsa-3840
59: https://packages.debian.org/src:mysql-connector-java
60: https://www.debian.org/security/2017/dsa-3841
61: https://packages.debian.org/src:libxstream-java
62: https://www.debian.org/security/2017/dsa-3842
63: https://packages.debian.org/src:tomcat7
64: https://www.debian.org/security/2017/dsa-3843
65: https://packages.debian.org/src:tomcat8
66: https://www.debian.org/security/2017/dsa-3844
67: https://packages.debian.org/src:tiff
68: https://www.debian.org/security/2017/dsa-3845
69: https://packages.debian.org/src:libtirpc
70: https://www.debian.org/security/2017/dsa-3845
71: https://packages.debian.org/src:rpcbind
72: https://www.debian.org/security/2017/dsa-3846
73: https://packages.debian.org/src:libytnef
74: https://www.debian.org/security/2017/dsa-3847
75: https://packages.debian.org/src:xen
76: https://www.debian.org/security/2017/dsa-3848
77: https://packages.debian.org/src:git
78: https://www.debian.org/security/2017/dsa-3849
79: https://packages.debian.org/src:kde4libs
80: https://www.debian.org/security/2017/dsa-3850
81: https://packages.debian.org/src:rtmpdump
82: https://www.debian.org/security/2017/dsa-3851
83: https://packages.debian.org/src:postgresql-9.4
84: https://www.debian.org/security/2017/dsa-3852
85: https://packages.debian.org/src:squirrelmail
86: https://www.debian.org/security/2017/dsa-3853
87: https://packages.debian.org/src:bitlbee
88: https://www.debian.org/security/2017/dsa-3854
89: https://packages.debian.org/src:bind9
90: https://www.debian.org/security/2017/dsa-3855
91: https://packages.debian.org/src:jbig2dec
92: https://www.debian.org/security/2017/dsa-3856
93: https://packages.debian.org/src:deluge
94: https://www.debian.org/security/2017/dsa-3857
95: https://packages.debian.org/src:mysql-connector-java
96: https://www.debian.org/security/2017/dsa-3859
97: https://packages.debian.org/src:dropbear
98: https://www.debian.org/security/2017/dsa-3860
99: https://packages.debian.org/src:samba
100: https://www.debian.org/security/2017/dsa-3861
101: https://packages.debian.org/src:libtasn1-6
102: https://www.debian.org/security/2017/dsa-3862
103: https://packages.debian.org/src:puppet
104: https://www.debian.org/security/2017/dsa-3863
105: https://packages.debian.org/src:imagemagick
106: https://www.debian.org/security/2017/dsa-3864
107: https://packages.debian.org/src:fop
108: https://www.debian.org/security/2017/dsa-3865
109: https://packages.debian.org/src:mosquitto
110: https://www.debian.org/security/2017/dsa-3866
111: https://packages.debian.org/src:strongswan
112: https://www.debian.org/security/2017/dsa-3867
113: https://packages.debian.org/src:sudo
114: https://www.debian.org/security/2017/dsa-3868
115: https://packages.debian.org/src:openldap
116: https://www.debian.org/security/2017/dsa-3869
117: https://packages.debian.org/src:tnef
118: https://www.debian.org/security/2017/dsa-3870
119: https://packages.debian.org/src:wordpress
120: https://www.debian.org/security/2017/dsa-3871
121: https://packages.debian.org/src:zookeeper
122: https://www.debian.org/security/2017/dsa-3872
123: https://packages.debian.org/src:nss
124: https://www.debian.org/security/2017/dsa-3873
125: https://packages.debian.org/src:perl
126: https://www.debian.org/security/2017/dsa-3874
127: https://packages.debian.org/src:ettercap
128: https://www.debian.org/security/2017/dsa-3875
129: https://packages.debian.org/src:libmwaw
130: https://www.debian.org/security/2017/dsa-3876
131: https://packages.debian.org/src:otrs2
132: https://www.debian.org/security/2017/dsa-3877
133: https://packages.debian.org/src:tor
134: https://www.debian.org/security/2017/dsa-3878
135: https://packages.debian.org/src:zziplib
136: https://www.debian.org/security/2017/dsa-3879
137: https://packages.debian.org/src:libosip2
138: https://www.debian.org/security/2017/dsa-3880
139: https://packages.debian.org/src:libgcrypt20
140: https://www.debian.org/security/2017/dsa-3882
141: https://packages.debian.org/src:request-tracker4
142: https://www.debian.org/security/2017/dsa-3883
143: https://packages.debian.org/src:rt-authen-externalauth
144: https://www.debian.org/security/2017/dsa-3884
145: https://packages.debian.org/src:gnutls28
146: https://www.debian.org/security/2017/dsa-3885
147: https://packages.debian.org/src:irssi
148: https://www.debian.org/security/2017/dsa-3886
149: https://packages.debian.org/src:linux
150: https://www.debian.org/security/2017/dsa-3887
151: https://packages.debian.org/src:glibc
152: https://www.debian.org/security/2017/dsa-3888
153: https://packages.debian.org/src:exim4
154: https://www.debian.org/security/2017/dsa-3889
155: https://packages.debian.org/src:libffi
156: https://www.debian.org/security/2017/dsa-3891
157: https://packages.debian.org/src:tomcat8
158: https://www.debian.org/security/2017/dsa-3892
159: https://packages.debian.org/src:tomcat7
160: https://www.debian.org/security/2017/dsa-3893
161: https://packages.debian.org/src:jython
162: https://www.debian.org/security/2017/dsa-3894
163: https://packages.debian.org/src:graphite2
164: https://www.debian.org/security/2017/dsa-3896
165: https://packages.debian.org/src:apache2
166: https://www.debian.org/security/2017/dsa-3897
167: https://packages.debian.org/src:drupal7
168: https://www.debian.org/security/2017/dsa-3898
169: https://packages.debian.org/src:expat
170: https://www.debian.org/security/2017/dsa-3899
171: https://packages.debian.org/src:vlc
172: https://www.debian.org/security/2017/dsa-3900
173: https://packages.debian.org/src:openvpn
174: https://www.debian.org/security/2017/dsa-3901
175: https://packages.debian.org/src:libgcrypt20
176: https://www.debian.org/security/2017/dsa-3903
177: https://packages.debian.org/src:tiff
178: https://www.debian.org/security/2017/dsa-3904
179: https://packages.debian.org/src:bind9
180: https://www.debian.org/security/2017/dsa-3905
181: https://packages.debian.org/src:xorg-server
182: https://www.debian.org/security/2017/dsa-3907
183: https://packages.debian.org/src:spice
184: https://www.debian.org/security/2017/dsa-3910
185: https://packages.debian.org/src:knot
186: https://www.debian.org/security/2017/dsa-3911
187: https://packages.debian.org/src:evince
188: https://www.debian.org/security/2017/dsa-3912
189: https://packages.debian.org/src:heimdal

Removed packages
----------------

The following packages were removed due to circumstances beyond our
control:

+-------------------------------+--------------------------------------+
| Package | Reason | +-------------------------------+--------------------------------------+
| ears [190] | Requires unavailable python- |
| | musicbrainz |
| | |
| gnuvd [191] | Broken by upstream site changes |
| | |

[continued in next message]

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)