This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --C7Hg9RldHnNtqdb2tHmYapUWcRCjdO6u1
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: quoted-printable


------------------------------------------------------------------------
The Debian Project https://www.debian.org/ Updated Debian 9: 9.5 released press@debian.org
July 14th, 2018 https://www.debian.org/News/2018/20180714 ------------------------------------------------------------------------


The Debian project is pleased to announce the fifth update of its stable distribution Debian 9 (codename "stretch"). This point release mainly
adds corrections for security issues, along with a few adjustments for
serious problems. Security advisories have already been published
separately and are referenced where available.

Please note that the point release does not constitute a new version of
Debian 9 but only updates some of the packages included. There is no
need to throw away old "stretch" media. After installation, packages can
be upgraded to the current versions using an up-to-date Debian mirror.

Those who frequently install updates from security.debian.org won't have
to update many packages, and most such updates are included in the point release.

New installation images will be available soon at the regular locations.

Upgrading an existing installation to this revision can be achieved by
pointing the package management system at one of Debian's many HTTP
mirrors. A comprehensive list of mirrors is available at:

https://www.debian.org/mirror/list



Miscellaneous Bugfixes
----------------------

This stable update adds a few important corrections to the following
packages:

+--------------------------+------------------------------------------+
| Package | Reason | +--------------------------+------------------------------------------+
| 2ping [1] | Add missing dependency on python-pkg- |
| | resources |
| | |
| abiword [2] | Resolve binary file conflict between |
| | abiword-dbgsym and abiword-plugin- |
| | grammar-dbgsym |
| | |
| adminer [3] | Don't allow connections to privileged |
| | ports [CVE-2018-7667] |
| | |
| animals [4] | Fix incorrect file permissions that made |
| | the game unusable |
| | |
| apache2 [5] | Upgrade mod_http and mod_proxy_http2 to |
| | the versions from 2.4.33, fixing |
| | segfaults, high memory usage and |
| | potential crash [CVE-2018-1302]; make |
| | the apache-htcacheclean init script |
| | actually use /etc/default/apache- |
| | htcacheclean for its config |
| | |
| auto-complete-el [6] | Add upstream fix for emacs25; adjust the |
| | emacs dependencies to the emacs versions |
| | in stretch; set auto-complete- |
| | el.emacsen-compat to silence |
| | installation warning |
| | |
| awffull [7] | Do not use removed options in /etc/ |
| | cron.daily/awffull |
| | |
| ax25-tools [8] | Avoid segmentation fault at runtime |
| | |
| base-files [9] | Update for the point release |
| | |
| blktrace [10] | Fix buffer overflow in btt [CVE-2018- |
| | 10689] |
| | |
| ca-certificates [11] | Update Mozilla CA bundle to version |
| | 2.22; bug fixes |
| | |
| camo [12] | Add missing dependency on openssl |
| | |
| cffi [13] | Add missing files for cffi-libffi and |
| | cffi-toolchain; add several missing |
| | dependencies |
| | |
| check-postgres [14] | Update testsuite to handle |
| | pg_get_indexdef() now always including |
| | the schema name |
| | |
| clamav [15] | New upstream version; don't fail on |
| | recently removed config options |
| | |
| clustershell [16] | Add missing dependency on python-pkg- |
| | resources |
| | |
| debian-installer [17] | Update for -7 kernel ABI |
| | |
| debian-installer- | Rebuild for the point release |
| netboot-images [18] | |
| | |
| debian-security- | Update included data |
| support [19] | |
| | |
| dehydrated [20] | Fix failure to create fullchain.pem |
| | |
| devscripts [21] | uscan: fix the new package version regex |
| | for filenamemangle; debsign: fix bash |
| | completion; bts: support the new |
| | "ftbfs" tag; uscan: support HTTPS in |
| | the sf.net redirector; debcheckout: |
| | support salsa.debian.org; debdiff: sort |
| | shlibs files before comparing, reducing |
| | diff noise; uscan: actually support -- |
| | copy |
| | |
| disc-cover [22] | Fix perl error when running disc-cover |
| | |
| discover [23] | Use correct type for the length |
| | parameter of the getline() call |
| | |
| django-xmlrpc [24] | Fix python3 dependencies |
| | |
| dosbox [25] | Fix crashes with core=dynamic |
| | |
| dpdk [26] | New upstream stable update |
| | |
| dpkg [27] | Fix integer overflow in deb(5) format |
| | version parser; fix directory traversal |
| | with dpkg-deb --raw-extract; add support |
| | for riscv64 CPU; do not normalize args |
| | past a passthrough stop word in |
| | Dpkg::Getopt; parse start-stop-daemon |
| | usernames and groupnames starting with |
| | digits correctly; always use the binary |
| | version for the .buildinfo filename |
| | |
| dput-ng [28] | Add jessie-backports-sloppy and stretch- |
| | backports targets; include 'testing' in |
| | the rm-managed suites and 'oldstable' in |
| | "protected distributions" ; add ports- |
| | master profile; FTP: parse and use |
| | optional [:port] part for fqdn |
| | |
| elastix [29] | Rebuild with ITK that has been built |
| | with gcc 6 |
| | |
| email2trac [30] | Fix detection of Trac 1.2 |
| | |
| faad2 [31] | Fix several DoS issues via crafted MP4 |
| | files [CVE-2017-9218 CVE-2017-9219 |
| | CVE-2017-9220 CVE-2017-9221 CVE-2017- |
| | 9222 CVE-2017-9223 CVE-2017-9253 |
| | CVE-2017-9254 CVE-2017-9255 CVE-2017- |
| | 9256 CVE-2017-9257] |
| | |
| faker [32] | Add missing dependency on python- |
| | ipaddress |
| | |
| fastkml [33] | Add missing dependency on pkg-resources |
| | |
| file [34] | Avoid reading past the end of buffer |
| | [CVE-2018-10360] |
| | |
| freedink-dfarc [35] | Fix directory traversal in D-Mod |
| | extractor [CVE-2018-0496] |
| | |
| ganeti [36] | Properly verify SSL certificates during |
| | VM export |
| | |
| ghostscript [37] | Fix segfault with fuzzing file in |
| | gxht_thresh_image_init(); fix buffer |
| | overflow in fill_threshold_buffer |
| | [CVE-2016-10317]; pdfwrite - Guard |
| | against trying to output an infinite |
| | number [CVE-2018-10194] |
| | |
| git-annex [38] | Security fixes [CVE-2018-10857 CVE-2018- |
| | 10859] |
| | |
| glx-alternatives [39] | New upstream version |
| | |
| gridengine [40] | Use correct paths to qmon pixmaps; fix |
| | FTBFS on armhf |
| | |
| intel-microcode [41] | Update included microcode, including |
| | fixes for Spectre v2 [CVE-2017-5715] |
| | |
| jdresolve [42] | Fix incompatibility with libnet-dns-perl |
| | in Debian 8 and later |
| | |
| libb64 [43] | Rebuild with PIE |
| | |
| libdate-holidays-de- | Mark Reformation Day as a holiday in |
| perl [44] | Niedersachsen and Bremen |
| | |
| libdatetime-timezone- | Update included data |
| perl [45] | |
| | |
| libextractor [46] | Various security fixes [CVE-2017-15266 |
| | CVE-2017-15267 CVE-2017-15600 CVE-2017- |
| | 15601 CVE-2017-15602 CVE-2017-15922 |
| | CVE-2017-17440] |
| | |
| libipc-run-perl [47] | Fix memory leak |
| | |
| liblouis [48] | Fix buffer overflow [CVE-2018-11410]; |
| | fix several buffer overflows [CVE-2018- |
| | 11440 CVE-2018-11577 CVE-2018-11683 |
| | CVE-2018-11684 CVE-2018-11685 2018- |
| | 12085] |
| | |
| libosmium [49] | Output coordinate with value of -2^31 |
| | correctly; fix buffers larger than 2^32 |
| | bytes |
| | |
| linux [50] | New upstream stable release 4.9.110 |
| | |
| linux-latest [51] | Update to -7 kernel ABI |
| | |
| llvm-toolchain-4.0 [52] | New package for rust backports; fix |
| | build on s390x |
| | |
| local-apt- | Stop breaking apt when the package is |
| repository [53] | removed but not purged |
| | |
| loook [54] | Fix handling of password protected files |
| | |
| miniupnpd [55] | Fix DoS [CVE-2017-1000494] |
| | |
| nss-pam-ldapd [56] | Increase size of hostname buffer |
| | |
| nvidia-graphics- | New upstream version |
| drivers [57] | |
| | |
| obfsproxy [58] | Don't install the broken AppArmor |
| | profile |
| | |
| openldap [59] | Fix an out-of-sync issue with delta- |
| | syncrepl replication in multi-master |
| | environments; really fix upgrades when |
| | the config contains backslash-escaped |
| | special characters |
| | |
| openstack-debian- | Set CloudStack after OpenStack in the |
| images [60] | datasource_list, to avoid a 120s delay |
| | in cloud-init when booting a machine in |
| | an OpenStack cloud |
| | |
| patch [61] | Fix arbitrary command execution in ed- |
| | style patches [CVE-2018-1000156] |
| | |
| piglit [62] | Fix missing dependency on python-mako |
| | |
| postgresql-9.6 [63] | New upstream release |
| | |
| postgresql-common [64] | Prevent upgrading/removing server |
| | packages from stopping other major |
| | version clusters when running systemd |
| | |
| psad [65] | Add missing dependencies on net-tools |
| | and iproute2 |
| | |
| pysurfer [66] | Add missing dependency on python- |
| | matplotlib |
| | |
| python-cluster [67] | Add missing dependency on pkg-resources |
| | |
| python-pyorick [68] | Fix import failure by adding missing |
| | dependency on python3-numpy |
| | |
| python-scruffy [69] | Add missing dependencies on pkg- |
| | resources |
| | |
| r-cran-mi [70] | Add missing dependency on r-cran-arm |
| | |
| redis [71] | Correct RunTimeDirectory -> |
| | RuntimeDirectory typo in |
| | systemd .service files |
| | |
| reportbug [72] | Notify the security team or LTS team |
| | about a possible regression if reporting |
| | a bug against a package containing a |
| | security fix |
| | |
| rustc [73] | New upstream release to support Firefox |
| | ESR |
| | |
| salt [74] | Fix "salt-ssh minion copied over |
| | configuration from the Salt Master |
| | without adjusting |
| | permissions" [CVE-2017-8109] |
| | |
| shared-mime-info [75] | Switch dpkg trigger to noawait, fixing |
| | upgrade issues from jessie |
| | |
| showq [76] | Fix prefix, so application actually |
| | works |
| | |
| source-highlight [77] | Fix dependency on libboost-regex-dev |
| | |
| starplot [78] | Fix startup crash |
| | |
| subversion [79] | Reject commits which would introduce |
| | hash collisions with existing data, thus |
| | addressing the SHA1/shattered issue |
| | |
| sus [80] | Update to new version, technically |
| | identical to SUSv4 + TC1 + TC2 |
| | |
| systemd [81] | networkd-ndisc: Handle missing MTU |
| | gracefully; allow RemoveIPC= to be set |
| | in the unit file not only via D-Bus; |
| | nspawn: Add missing -E to getopt_long'; |
| | login: Respect --no-wall when cancelling |
| | a shutdown request |
| | |
| tclreadline [82] | Fix shared library build on ppc64el |
| | |
| thefuck [83] | Add missing dependency on pkg-resources |
| | |
| tinyproxy [84] | Do not stop listening after SIGHUP; fix |
| | configuration file path; add missing |
| | dependency on adduser |
| | |
| tlslite-ng [85] | Verify MAC even if the padding is 1 byte |
| | long |
| | |
| tzdata [86] | New upstream release |
| | |
| unison [87] | Rebuild with stretch's ocaml |
| | |
| variety [88] | Fix shell injection on deleting files to |
| | trash; fix shell injection in filter and |
| | clock with specially crafted filenames; |
| | harden ImageMagick calls against |
| | potential shell injection |
| | |
| xapian-core [89] | Fix MSet::snippet() to escape HTML in |
| | all cases [CVE-2018-499] |
| | |
| xerces-c [90] | Fix Denial of Service via external DTD |
| | reference [CVE-2017-12627]; fix a |
| | regression that forced gcc to use SSE2, |
| | even on platforms that do not support it |
| | |
| xrdp [91] | Fix off-by-one error which could lead to |
| | crashes |
| | | +--------------------------+------------------------------------------+

1: https://packages.debian.org/src:2ping
2: https://packages.debian.org/src:abiword
3: https://packages.debian.org/src:adminer
4: https://packages.debian.org/src:animals
5: https://packages.debian.org/src:apache2
6: https://packages.debian.org/src:auto-complete-el
7: https://packages.debian.org/src:awffull
8: https://packages.debian.org/src:ax25-tools
9: https://packages.debian.org/src:base-files
10: https://packages.debian.org/src:blktrace
11: https://packages.debian.org/src:ca-certificates
12: https://packages.debian.org/src:camo
13: https://packages.debian.org/src:cffi
14: https://packages.debian.org/src:check-postgres
15: https://packages.debian.org/src:clamav
16: https://packages.debian.org/src:clustershell
17: https://packages.debian.org/src:debian-installer
18: https://packages.debian.org/src:debian-installer-netboot-images
19: https://packages.debian.org/src:debian-security-support
20: https://packages.debian.org/src:dehydrated
21: https://packages.debian.org/src:devscripts
22: https://packages.debian.org/src:disc-cover
23: https://packages.debian.org/src:discover
24: https://packages.debian.org/src:django-xmlrpc
25: https://packages.debian.org/src:dosbox
26: https://packages.debian.org/src:dpdk
27: https://packages.debian.org/src:dpkg
28: https://packages.debian.org/src:dput-ng
29: https://packages.debian.org/src:elastix
30: https://packages.debian.org/src:email2trac
31: https://packages.debian.org/src:faad2
32: https://packages.debian.org/src:faker
33: https://packages.debian.org/src:fastkml
34: https://packages.debian.org/src:file
35: https://packages.debian.org/src:freedink-dfarc
36: https://packages.debian.org/src:ganeti
37: https://packages.debian.org/src:ghostscript
38: https://packages.debian.org/src:git-annex
39: https://packages.debian.org/src:glx-alternatives
40: https://packages.debian.org/src:gridengine
41: https://packages.debian.org/src:intel-microcode
42: https://packages.debian.org/src:jdresolve
43: https://packages.debian.org/src:libb64
44: https://packages.debian.org/src:libdate-holidays-de-perl
45: https://packages.debian.org/src:libdatetime-timezone-perl
46: https://packages.debian.org/src:libextractor
47: https://packages.debian.org/src:libipc-run-perl
48: https://packages.debian.org/src:liblouis
49: https://packages.debian.org/src:libosmium
50: https://packages.debian.org/src:linux
51: https://packages.debian.org/src:linux-latest
52: https://packages.debian.org/src:llvm-toolchain-4.0
53: https://packages.debian.org/src:local-apt-repository
54: https://packages.debian.org/src:loook
55: https://packages.debian.org/src:miniupnpd
56: https://packages.debian.org/src:nss-pam-ldapd
57: https://packages.debian.org/src:nvidia-graphics-drivers
58: https://packages.debian.org/src:obfsproxy
59: https://packages.debian.org/src:openldap
60: https://packages.debian.org/src:openstack-debian-images
61: https://packages.debian.org/src:patch
62: https://packages.debian.org/src:piglit
63: https://packages.debian.org/src:postgresql-9.6
64: https://packages.debian.org/src:postgresql-common
65: https://packages.debian.org/src:psad
66: https://packages.debian.org/src:pysurfer
67: https://packages.debian.org/src:python-cluster
68: https://packages.debian.org/src:python-pyorick
69: https://packages.debian.org/src:python-scruffy
70: https://packages.debian.org/src:r-cran-mi
71: https://packages.debian.org/src:redis
72: https://packages.debian.org/src:reportbug
73: https://packages.debian.org/src:rustc
74: https://packages.debian.org/src:salt
75: https://packages.debian.org/src:shared-mime-info
76: https://packages.debian.org/src:showq
77: https://packages.debian.org/src:source-highlight
78: https://packages.debian.org/src:starplot
79: https://packages.debian.org/src:subversion
80: https://packages.debian.org/src:sus
81: https://packages.debian.org/src:systemd
82: https://packages.debian.org/src:tclreadline
83: https://packages.debian.org/src:thefuck
84: https://packages.debian.org/src:tinyproxy
85: https://packages.debian.org/src:tlslite-ng
86: https://packages.debian.org/src:tzdata
87: https://packages.debian.org/src:unison
88: https://packages.debian.org/src:variety
89: https://packages.debian.org/src:xapian-core
90: https://packages.debian.org/src:xerces-c
91: https://packages.debian.org/src:xrdp

Security Updates
----------------

This revision adds the following security updates to the stable release.
The Security Team has already released an advisory for each of these
updates:

+----------------+----------------------------+
| Advisory ID | Package | +----------------+----------------------------+
| DSA-4010 [92] | git-annex [93] |
| | |
| DSA-4064 [94] | chromium-browser [95] |
| | |
| DSA-4113 [96] | libvorbis [97] |
| | |
| DSA-4133 [98] | isc-dhcp [99] |
| | |
| DSA-4134 [100] | util-linux [101] |
| | |
| DSA-4135 [102] | samba [103] |
| | |
| DSA-4136 [104] | curl [105] |
| | |
| DSA-4137 [106] | libvirt [107] |
| | |
| DSA-4138 [108] | mbedtls [109] |
| | |
| DSA-4139 [110] | firefox-esr [111] |
| | |
| DSA-4140 [112] | libvorbis [113] |
| | |
| DSA-4141 [114] | libvorbisidec [115] |
| | |
| DSA-4142 [116] | uwsgi [117] |
| | |
| DSA-4143 [118] | firefox-esr [119] |
| | |
| DSA-4144 [120] | openjdk-8 [121] |
| | |
| DSA-4145 [122] | gitlab [123] |
| | |
| DSA-4146 [124] | plexus-utils [125] |
| | |
| DSA-4148 [126] | kamailio [127] |
| | |
| DSA-4150 [128] | icu [129] |
| | |
| DSA-4151 [130] | librelp [131] |
| | |
| DSA-4152 [132] | mupdf [133] |
| | |
| DSA-4153 [134] | firefox-esr [135] |
| | |
| DSA-4155 [136] | thunderbird [137] |
| | |
| DSA-4156 [138] | drupal7 [139] |
| | |
| DSA-4157 [140] | openssl [141] |
| | |
| DSA-4158 [142] | openssl1.0 [143] |
| | |
| DSA-4159 [144] | remctl [145] |
| | |

[continued in next message]

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)