------------------------------------------------------------------------ The Debian Project https://www.debian.org/ Updated Debian 9: 9.5 released press@debian.org July 14th, 2018 https://www.debian.org/News/2018/20180714 ------------------------------------------------------------------------ The Debian project is pleased to announce the fifth update of its stable distribution Debian 9 (codename "stretch"). This point release mainly adds corrections for security issues, along with a few adjustments for serious problems. Security advisories have already been published separately and are referenced where available. Please note that the point release does not constitute a new version of Debian 9 but only updates some of the packages included. There is no need to throw away old "stretch" media. After installation, packages can be upgraded to the current versions using an up-to-date Debian mirror. Those who frequently install updates from security.debian.org won't have to update many packages, and most such updates are included in the point release. New installation images will be available soon at the regular locations. Upgrading an existing installation to this revision can be achieved by pointing the package management system at one of Debian's many HTTP mirrors. A comprehensive list of mirrors is available at: https://www.debian.org/mirror/list Miscellaneous Bugfixes ---------------------- This stable update adds a few important corrections to the following packages: +--------------------------+------------------------------------------+ | Package | Reason | +--------------------------+------------------------------------------+ | 2ping [1] | Add missing dependency on python-pkg- | | | resources | | | | | abiword [2] | Resolve binary file conflict between | | | abiword-dbgsym and abiword-plugin- | | | grammar-dbgsym | | | | | adminer [3] | Don't allow connections to privileged | | | ports [CVE-2018-7667] | | | | | animals [4] | Fix incorrect file permissions that made | | | the game unusable | | | | | apache2 [5] | Upgrade mod_http and mod_proxy_http2 to | | | the versions from 2.4.33, fixing | | | segfaults, high memory usage and | | | potential crash [CVE-2018-1302]; make | | | the apache-htcacheclean init script | | | actually use /etc/default/apache- | | | htcacheclean for its config | | | | | auto-complete-el [6] | Add upstream fix for emacs25; adjust the | | | emacs dependencies to the emacs versions | | | in stretch; set auto-complete- | | | el.emacsen-compat to silence | | | installation warning | | | | | awffull [7] | Do not use removed options in /etc/ | | | cron.daily/awffull | | | | | ax25-tools [8] | Avoid segmentation fault at runtime | | | | | base-files [9] | Update for the point release | | | | | blktrace [10] | Fix buffer overflow in btt [CVE-2018- | | | 10689] | | | | | ca-certificates [11] | Update Mozilla CA bundle to version | | | 2.22; bug fixes | | | | | camo [12] | Add missing dependency on openssl | | | | | cffi [13] | Add missing files for cffi-libffi and | | | cffi-toolchain; add several missing | | | dependencies | | | | | check-postgres [14] | Update testsuite to handle | | | pg_get_indexdef() now always including | | | the schema name | | | | | clamav [15] | New upstream version; don't fail on | | | recently removed config options | | | | | clustershell [16] | Add missing dependency on python-pkg- | | | resources | | | | | debian-installer [17] | Update for -7 kernel ABI | | | | | debian-installer- | Rebuild for the point release | | netboot-images [18] | | | | | | debian-security- | Update included data | | support [19] | | | | | | dehydrated [20] | Fix failure to create fullchain.pem | | | | | devscripts [21] | uscan: fix the new package version regex | | | for filenamemangle; debsign: fix bash | | | completion; bts: support the new | | | "ftbfs" tag; uscan: support HTTPS in | | | the sf.net redirector; debcheckout: | | | support salsa.debian.org; debdiff: sort | | | shlibs files before comparing, reducing | | | diff noise; uscan: actually support -- | | | copy | | | | | disc-cover [22] | Fix perl error when running disc-cover | | | | | discover [23] | Use correct type for the length | | | parameter of the getline() call | | | | | django-xmlrpc [24] | Fix python3 dependencies | | | | | dosbox [25] | Fix crashes with core=dynamic | | | | | dpdk [26] | New upstream stable update | | | | | dpkg [27] | Fix integer overflow in deb(5) format | | | version parser; fix directory traversal | | | with dpkg-deb --raw-extract; add support | | | for riscv64 CPU; do not normalize args | | | past a passthrough stop word in | | | Dpkg::Getopt; parse start-stop-daemon | | | usernames and groupnames starting with | | | digits correctly; always use the binary | | | version for the .buildinfo filename | | | | | dput-ng [28] | Add jessie-backports-sloppy and stretch- | | | backports targets; include 'testing' in | | | the rm-managed suites and 'oldstable' in | | | "protected distributions" ; add ports- | | | master profile; FTP: parse and use | | | optional [:port] part for fqdn | | | | | elastix [29] | Rebuild with ITK that has been built | | | with gcc 6 | | | | | email2trac [30] | Fix detection of Trac 1.2 | | | | | faad2 [31] | Fix several DoS issues via crafted MP4 | | | files [CVE-2017-9218 CVE-2017-9219 | | | CVE-2017-9220 CVE-2017-9221 CVE-2017- | | | 9222 CVE-2017-9223 CVE-2017-9253 | | | CVE-2017-9254 CVE-2017-9255 CVE-2017- | | | 9256 CVE-2017-9257] | | | | | faker [32] | Add missing dependency on python- | | | ipaddress | | | | | fastkml [33] | Add missing dependency on pkg-resources | | | | | file [34] | Avoid reading past the end of buffer | | | [CVE-2018-10360] | | | | | freedink-dfarc [35] | Fix directory traversal in D-Mod | | | extractor [CVE-2018-0496] | | | | | ganeti [36] | Properly verify SSL certificates during | | | VM export | | | | | ghostscript [37] | Fix segfault with fuzzing file in | | | gxht_thresh_image_init(); fix buffer | | | overflow in fill_threshold_buffer | | | [CVE-2016-10317]; pdfwrite - Guard | | | against trying to output an infinite | | | number [CVE-2018-10194] | | | | | git-annex [38] | Security fixes [CVE-2018-10857 CVE-2018- | | | 10859] | | | | | glx-alternatives [39] | New upstream version | | | | | gridengine [40] | Use correct paths to qmon pixmaps; fix | | | FTBFS on armhf | | | | | intel-microcode [41] | Update included microcode, including | | | fixes for Spectre v2 [CVE-2017-5715] | | | | | jdresolve [42] | Fix incompatibility with libnet-dns-perl | | | in Debian 8 and later | | | | | libb64 [43] | Rebuild with PIE | | | | | libdate-holidays-de- | Mark Reformation Day as a holiday in | | perl [44] | Niedersachsen and Bremen | | | | | libdatetime-timezone- | Update included data | | perl [45] | | | | | | libextractor [46] | Various security fixes [CVE-2017-15266 | | | CVE-2017-15267 CVE-2017-15600 CVE-2017- | | | 15601 CVE-2017-15602 CVE-2017-15922 | | | CVE-2017-17440] | | | | | libipc-run-perl [47] | Fix memory leak | | | | | liblouis [48] | Fix buffer overflow [CVE-2018-11410]; | | | fix several buffer overflows [CVE-2018- | | | 11440 CVE-2018-11577 CVE-2018-11683 | | | CVE-2018-11684 CVE-2018-11685 2018- | | | 12085] | | | | | libosmium [49] | Output coordinate with value of -2^31 | | | correctly; fix buffers larger than 2^32 | | | bytes | | | | | linux [50] | New upstream stable release 4.9.110 | | | | | linux-latest [51] | Update to -7 kernel ABI | | | | | llvm-toolchain-4.0 [52] | New package for rust backports; fix | | | build on s390x | | | | | local-apt- | Stop breaking apt when the package is | | repository [53] | removed but not purged | | | | | loook [54] | Fix handling of password protected files | | | | | miniupnpd [55] | Fix DoS [CVE-2017-1000494] | | | | | nss-pam-ldapd [56] | Increase size of hostname buffer | | | | | nvidia-graphics- | New upstream version | | drivers [57] | | | | | | obfsproxy [58] | Don't install the broken AppArmor | | | profile | | | | | openldap [59] | Fix an out-of-sync issue with delta- | | | syncrepl replication in multi-master | | | environments; really fix upgrades when | | | the config contains backslash-escaped | | | special characters | | | | | openstack-debian- | Set CloudStack after OpenStack in the | | images [60] | datasource_list, to avoid a 120s delay | | | in cloud-init when booting a machine in | | | an OpenStack cloud | | | | | patch [61] | Fix arbitrary command execution in ed- | | | style patches [CVE-2018-1000156] | | | | | piglit [62] | Fix missing dependency on python-mako | | | | | postgresql-9.6 [63] | New upstream release | | | | | postgresql-common [64] | Prevent upgrading/removing server | | | packages from stopping other major | | | version clusters when running systemd | | | | | psad [65] | Add missing dependencies on net-tools | | | and iproute2 | | | | | pysurfer [66] | Add missing dependency on python- | | | matplotlib | | | | | python-cluster [67] | Add missing dependency on pkg-resources | | | | | python-pyorick [68] | Fix import failure by adding missing | | | dependency on python3-numpy | | | | | python-scruffy [69] | Add missing dependencies on pkg- | | | resources | | | | | r-cran-mi [70] | Add missing dependency on r-cran-arm | | | | | redis [71] | Correct RunTimeDirectory -> | | | RuntimeDirectory typo in | | | systemd .service files | | | | | reportbug [72] | Notify the security team or LTS team | | | about a possible regression if reporting | | | a bug against a package containing a | | | security fix | | | | | rustc [73] | New upstream release to support Firefox | | | ESR | | | | | salt [74] | Fix "salt-ssh minion copied over | | | configuration from the Salt Master | | | without adjusting | | | permissions" [CVE-2017-8109] | | | | | shared-mime-info [75] | Switch dpkg trigger to noawait, fixing | | | upgrade issues from jessie | | | | | showq [76] | Fix prefix, so application actually | | | works | | | | | source-highlight [77] | Fix dependency on libboost-regex-dev | | | | | starplot [78] | Fix startup crash | | | | | subversion [79] | Reject commits which would introduce | | | hash collisions with existing data, thus | | | addressing the SHA1/shattered issue | | | | | sus [80] | Update to new version, technically | | | identical to SUSv4 + TC1 + TC2 | | | | | systemd [81] | networkd-ndisc: Handle missing MTU | | | gracefully; allow RemoveIPC= to be set | | | in the unit file not only via D-Bus; | | | nspawn: Add missing -E to getopt_long'; | | | login: Respect --no-wall when cancelling | | | a shutdown request | | | | | tclreadline [82] | Fix shared library build on ppc64el | | | | | thefuck [83] | Add missing dependency on pkg-resources | | | | | tinyproxy [84] | Do not stop listening after SIGHUP; fix | | | configuration file path; add missing | | | dependency on adduser | | | | | tlslite-ng [85] | Verify MAC even if the padding is 1 byte | | | long | | | | | tzdata [86] | New upstream release | | | | | unison [87] | Rebuild with stretch's ocaml | | | | | variety [88] | Fix shell injection on deleting files to | | | trash; fix shell injection in filter and | | | clock with specially crafted filenames; | | | harden ImageMagick calls against | | | potential shell injection | | | | | xapian-core [89] | Fix MSet::snippet() to escape HTML in | | | all cases [CVE-2018-499] | | | | | xerces-c [90] | Fix Denial of Service via external DTD | | | reference [CVE-2017-12627]; fix a | | | regression that forced gcc to use SSE2, | | | even on platforms that do not support it | | | | | xrdp [91] | Fix off-by-one error which could lead to | | | crashes | | | | +--------------------------+------------------------------------------+ 1: https://packages.debian.org/src:2ping 2: https://packages.debian.org/src:abiword 3: https://packages.debian.org/src:adminer 4: https://packages.debian.org/src:animals 5: https://packages.debian.org/src:apache2 6: https://packages.debian.org/src:auto-complete-el 7: https://packages.debian.org/src:awffull 8: https://packages.debian.org/src:ax25-tools 9: https://packages.debian.org/src:base-files 10: https://packages.debian.org/src:blktrace 11: https://packages.debian.org/src:ca-certificates 12: https://packages.debian.org/src:camo 13: https://packages.debian.org/src:cffi 14: https://packages.debian.org/src:check-postgres 15: https://packages.debian.org/src:clamav 16: https://packages.debian.org/src:clustershell 17: https://packages.debian.org/src:debian-installer 18: https://packages.debian.org/src:debian-installer-netboot-images 19: https://packages.debian.org/src:debian-security-support 20: https://packages.debian.org/src:dehydrated 21: https://packages.debian.org/src:devscripts 22: https://packages.debian.org/src:disc-cover 23: https://packages.debian.org/src:discover 24: https://packages.debian.org/src:django-xmlrpc 25: https://packages.debian.org/src:dosbox 26: https://packages.debian.org/src:dpdk 27: https://packages.debian.org/src:dpkg 28: https://packages.debian.org/src:dput-ng 29: https://packages.debian.org/src:elastix 30: https://packages.debian.org/src:email2trac 31: https://packages.debian.org/src:faad2 32: https://packages.debian.org/src:faker 33: https://packages.debian.org/src:fastkml 34: https://packages.debian.org/src:file 35: https://packages.debian.org/src:freedink-dfarc 36: https://packages.debian.org/src:ganeti 37: https://packages.debian.org/src:ghostscript 38: https://packages.debian.org/src:git-annex 39: https://packages.debian.org/src:glx-alternatives 40: https://packages.debian.org/src:gridengine 41: https://packages.debian.org/src:intel-microcode 42: https://packages.debian.org/src:jdresolve 43: https://packages.debian.org/src:libb64 44: https://packages.debian.org/src:libdate-holidays-de-perl 45: https://packages.debian.org/src:libdatetime-timezone-perl 46: https://packages.debian.org/src:libextractor 47: https://packages.debian.org/src:libipc-run-perl 48: https://packages.debian.org/src:liblouis 49: https://packages.debian.org/src:libosmium 50: https://packages.debian.org/src:linux 51: https://packages.debian.org/src:linux-latest 52: https://packages.debian.org/src:llvm-toolchain-4.0 53: https://packages.debian.org/src:local-apt-repository 54: https://packages.debian.org/src:loook 55: https://packages.debian.org/src:miniupnpd 56: https://packages.debian.org/src:nss-pam-ldapd 57: https://packages.debian.org/src:nvidia-graphics-drivers 58: https://packages.debian.org/src:obfsproxy 59: https://packages.debian.org/src:openldap 60: https://packages.debian.org/src:openstack-debian-images 61: https://packages.debian.org/src:patch 62: https://packages.debian.org/src:piglit 63: https://packages.debian.org/src:postgresql-9.6 64: https://packages.debian.org/src:postgresql-common 65: https://packages.debian.org/src:psad 66: https://packages.debian.org/src:pysurfer 67: https://packages.debian.org/src:python-cluster 68: https://packages.debian.org/src:python-pyorick 69: https://packages.debian.org/src:python-scruffy 70: https://packages.debian.org/src:r-cran-mi 71: https://packages.debian.org/src:redis 72: https://packages.debian.org/src:reportbug 73: https://packages.debian.org/src:rustc 74: https://packages.debian.org/src:salt 75: https://packages.debian.org/src:shared-mime-info 76: https://packages.debian.org/src:showq 77: https://packages.debian.org/src:source-highlight 78: https://packages.debian.org/src:starplot 79: https://packages.debian.org/src:subversion 80: https://packages.debian.org/src:sus 81: https://packages.debian.org/src:systemd 82: https://packages.debian.org/src:tclreadline 83: https://packages.debian.org/src:thefuck 84: https://packages.debian.org/src:tinyproxy 85: https://packages.debian.org/src:tlslite-ng 86: https://packages.debian.org/src:tzdata 87: https://packages.debian.org/src:unison 88: https://packages.debian.org/src:variety 89: https://packages.debian.org/src:xapian-core 90: https://packages.debian.org/src:xerces-c 91: https://packages.debian.org/src:xrdp Security Updates ---------------- This revision adds the following security updates to the stable release. The Security Team has already released an advisory for each of these updates: +----------------+----------------------------+ | Advisory ID | Package | +----------------+----------------------------+ | DSA-4010 [92] | git-annex [93] | | | | | DSA-4064 [94] | chromium-browser [95] | | | | | DSA-4113 [96] | libvorbis [97] | | | | | DSA-4133 [98] | isc-dhcp [99] | | | | | DSA-4134 [100] | util-linux [101] | | | | | DSA-4135 [102] | samba [103] | | | | | DSA-4136 [104] | curl [105] | | | | | DSA-4137 [106] | libvirt [107] | | | | | DSA-4138 [108] | mbedtls [109] | | | | | DSA-4139 [110] | firefox-esr [111] | | | | | DSA-4140 [112] | libvorbis [113] | | | | | DSA-4141 [114] | libvorbisidec [115] | | | | | DSA-4142 [116] | uwsgi [117] | | | | | DSA-4143 [118] | firefox-esr [119] | | | | | DSA-4144 [120] | openjdk-8 [121] | | | | | DSA-4145 [122] | gitlab [123] | | | | | DSA-4146 [124] | plexus-utils [125] | | | | | DSA-4148 [126] | kamailio [127] | | | | | DSA-4150 [128] | icu [129] | | | | | DSA-4151 [130] | librelp [131] | | | | | DSA-4152 [132] | mupdf [133] | | | | | DSA-4153 [134] | firefox-esr [135] | | | | | DSA-4155 [136] | thunderbird [137] | | | | | DSA-4156 [138] | drupal7 [139] | | | | | DSA-4157 [140] | openssl [141] | | | | | DSA-4158 [142] | openssl1.0 [143] | | | | | DSA-4159 [144] | remctl [145] | | | | | DSA-4160 [146] | libevt [147] | | | | | DSA-4161 [148] | python-django [149] | | | | | DSA-4162 [150] | irssi [151] | | | | | DSA-4163 [152] | beep [153] | | | | | DSA-4164 [154] | apache2 [155] | | | | | DSA-4165 [156] | ldap-account-manager [157] | | | | | DSA-4167 [158] | sharutils [159] | | | | | DSA-4169 [160] | pcs [161] | | | | | DSA-4170 [162] | pjproject [163] | | | | | DSA-4171 [164] | ruby-loofah [165] | | | | | DSA-4172 [166] | perl [167] | | | | | DSA-4173 [168] | r-cran-readxl [169] | | | | | DSA-4174 [170] | corosync [171] | | | | | DSA-4175 [172] | freeplane [173] | | | | | DSA-4177 [174] | libsdl2-image [175] | | | | | DSA-4178 [176] | libreoffice [177] | | | | | DSA-4180 [178] | drupal7 [179] | | | | | DSA-4181 [180] | roundcube [181] | | | | | DSA-4183 [182] | tor [183] | | | | | DSA-4184 [184] | sdl-image1.2 [185] | | | | | DSA-4185 [186] | openjdk-8 [187] | | | | | DSA-4188 [188] | linux [189] | | | | | DSA-4189 [190] | quassel [191] | | | | | DSA-4190 [192] | jackson-databind [193] | | | | | DSA-4191 [194] | redmine [195] | | | | | DSA-4192 [196] | libmad [197] | | | | | DSA-4193 [198] | wordpress [199] | | | | | DSA-4194 [200] | lucene-solr [201] | | | | | DSA-4195 [202] | wget [203] | | | | | DSA-4196 [204] | linux [205] | | | | | DSA-4197 [206] | wavpack [207] | | | | | DSA-4198 [208] | prosody [209] | | | | | DSA-4199 [210] | firefox-esr [211] | | | | | DSA-4200 [212] | kwallet-pam [213] | | | | | DSA-4201 [214] | xen [215] | | | | | DSA-4202 [216] | curl [217] | | | | | DSA-4203 [218] | vlc [219] | | | | | DSA-4203 [220] | phonon-backend-vlc [221] | | | | | DSA-4203 [222] | goldencheetah [223] | | | | | DSA-4206 [224] | gitlab [225] | | | | | DSA-4206 [226] | ruby-omniauth-auth0 [227] | | | | | DSA-4207 [228] | packagekit [229] | | | | | DSA-4208 [230] | procps [231] | | | | | DSA-4209 [232] | thunderbird [233] | | | | | DSA-4210 [234] | xen [235] | | | | | DSA-4211 [236] | xdg-utils [237] | | | | | DSA-4212 [238] | git [239] | | | | | DSA-4213 [240] | qemu [241] | | | | | DSA-4214 [242] | zookeeper [243] | | | | | DSA-4215 [244] | batik [245] | | | | | DSA-4216 [246] | prosody [247] | | | | | DSA-4217 [248] | wireshark [249] | | | | | DSA-4218 [250] | memcached [251] | | | | | DSA-4219 [252] | jruby [253] | | | | | DSA-4220 [254] | firefox-esr [255] | | | | | DSA-4221 [256] | libvncserver [257] | | | | | DSA-4222 [258] | gnupg2 [259] | | | | | DSA-4223 [260] | gnupg1 [261] | | | | | DSA-4226 [262] | perl [263] | | | | | DSA-4227 [264] | plexus-archiver [265] | | | | | DSA-4228 [266] | spip [267] | | | | | DSA-4229 [268] | strongswan [269] | | | | | DSA-4230 [270] | redis [271] | | | | | DSA-4231 [272] | libgcrypt20 [273] | | | | | DSA-4232 [274] | xen [275] | | | | | DSA-4233 [276] | bouncycastle [277] | | | | | DSA-4234 [278] | lava-server [279] | | | | | DSA-4235 [280] | firefox-esr [281] | | | | | DSA-4236 [282] | xen [283] | | | | | DSA-4238 [284] | exiv2 [285] | | | | | DSA-4239 [286] | gosa [287] | | | | | DSA-4240 [288] | php7.0 [289] | | | | | DSA-4241 [290] | libsoup2.4 [291] | | | | +----------------+----------------------------+ 92: https://www.debian.org/security/2017/dsa-4010 93: https://packages.debian.org/src:git-annex 94: https://www.debian.org/security/2017/dsa-4064 95: https://packages.debian.org/src:chromium-browser 96: https://www.debian.org/security/2018/dsa-4113 97: https://packages.debian.org/src:libvorbis 98: https://www.debian.org/security/2018/dsa-4133 99: https://packages.debian.org/src:isc-dhcp 100: https://www.debian.org/security/2018/dsa-4134 101: https://packages.debian.org/src:util-linux 102: https://www.debian.org/security/2018/dsa-4135 103: https://packages.debian.org/src:samba 104: https://www.debian.org/security/2018/dsa-4136 105: https://packages.debian.org/src:curl 106: https://www.debian.org/security/2018/dsa-4137 107: https://packages.debian.org/src:libvirt 108: https://www.debian.org/security/2018/dsa-4138 109: https://packages.debian.org/src:mbedtls 110: https://www.debian.org/security/2018/dsa-4139 111: https://packages.debian.org/src:firefox-esr 112: https://www.debian.org/security/2018/dsa-4140 113: https://packages.debian.org/src:libvorbis 114: https://www.debian.org/security/2018/dsa-4141 115: https://packages.debian.org/src:libvorbisidec 116: https://www.debian.org/security/2018/dsa-4142 117: https://packages.debian.org/src:uwsgi 118: https://www.debian.org/security/2018/dsa-4143 119: https://packages.debian.org/src:firefox-esr 120: https://www.debian.org/security/2018/dsa-4144 121: https://packages.debian.org/src:openjdk-8 122: https://www.debian.org/security/2018/dsa-4145 123: https://packages.debian.org/src:gitlab 124: https://www.debian.org/security/2018/dsa-4146 125: https://packages.debian.org/src:plexus-utils 126: https://www.debian.org/security/2018/dsa-4148 127: https://packages.debian.org/src:kamailio 128: https://www.debian.org/security/2018/dsa-4150 129: https://packages.debian.org/src:icu 130: https://www.debian.org/security/2018/dsa-4151 131: https://packages.debian.org/src:librelp 132: https://www.debian.org/security/2018/dsa-4152 133: https://packages.debian.org/src:mupdf 134: https://www.debian.org/security/2018/dsa-4153 135: https://packages.debian.org/src:firefox-esr 136: https://www.debian.org/security/2018/dsa-4155 137: https://packages.debian.org/src:thunderbird 138: https://www.debian.org/security/2018/dsa-4156 139: https://packages.debian.org/src:drupal7 140: https://www.debian.org/security/2018/dsa-4157 141: https://packages.debian.org/src:openssl 142: https://www.debian.org/security/2018/dsa-4158 143: https://packages.debian.org/src:openssl1.0 144: https://www.debian.org/security/2018/dsa-4159 145: https://packages.debian.org/src:remctl 146: https://www.debian.org/security/2018/dsa-4160 147: https://packages.debian.org/src:libevt 148: https://www.debian.org/security/2018/dsa-4161 149: https://packages.debian.org/src:python-django 150: https://www.debian.org/security/2018/dsa-4162 151: https://packages.debian.org/src:irssi 152: https://www.debian.org/security/2018/dsa-4163 153: https://packages.debian.org/src:beep 154: https://www.debian.org/security/2018/dsa-4164 155: https://packages.debian.org/src:apache2 156: https://www.debian.org/security/2018/dsa-4165 157: https://packages.debian.org/src:ldap-account-manager 158: https://www.debian.org/security/2018/dsa-4167 159: https://packages.debian.org/src:sharutils 160: https://www.debian.org/security/2018/dsa-4169 161: https://packages.debian.org/src:pcs 162: https://www.debian.org/security/2018/dsa-4170 163: https://packages.debian.org/src:pjproject 164: https://www.debian.org/security/2018/dsa-4171 165: https://packages.debian.org/src:ruby-loofah 166: https://www.debian.org/security/2018/dsa-4172 167: https://packages.debian.org/src:perl 168: https://www.debian.org/security/2018/dsa-4173 169: https://packages.debian.org/src:r-cran-readxl 170: https://www.debian.org/security/2018/dsa-4174 171: https://packages.debian.org/src:corosync 172: https://www.debian.org/security/2018/dsa-4175 173: https://packages.debian.org/src:freeplane 174: https://www.debian.org/security/2018/dsa-4177 175: https://packages.debian.org/src:libsdl2-image 176: https://www.debian.org/security/2018/dsa-4178 177: https://packages.debian.org/src:libreoffice 178: https://www.debian.org/security/2018/dsa-4180 179: https://packages.debian.org/src:drupal7 180: https://www.debian.org/security/2018/dsa-4181 181: https://packages.debian.org/src:roundcube 182: https://www.debian.org/security/2018/dsa-4183 183: https://packages.debian.org/src:tor 184: https://www.debian.org/security/2018/dsa-4184 185: https://packages.debian.org/src:sdl-image1.2 186: https://www.debian.org/security/2018/dsa-4185 187: https://packages.debian.org/src:openjdk-8 188: https://www.debian.org/security/2018/dsa-4188 189: https://packages.debian.org/src:linux 190: https://www.debian.org/security/2018/dsa-4189 191: https://packages.debian.org/src:quassel 192: https://www.debian.org/security/2018/dsa-4190 193: https://packages.debian.org/src:jackson-databind 194: https://www.debian.org/security/2018/dsa-4191 195: https://packages.debian.org/src:redmine 196: https://www.debian.org/security/2018/dsa-4192 197: https://packages.debian.org/src:libmad 198: https://www.debian.org/security/2018/dsa-4193 199: https://packages.debian.org/src:wordpress 200: https://www.debian.org/security/2018/dsa-4194 201: https://packages.debian.org/src:lucene-solr 202: https://www.debian.org/security/2018/dsa-4195 203: https://packages.debian.org/src:wget 204: https://www.debian.org/security/2018/dsa-4196 205: https://packages.debian.org/src:linux 206: https://www.debian.org/security/2018/dsa-4197 207: https://packages.debian.org/src:wavpack 208: https://www.debian.org/security/2018/dsa-4198 209: https://packages.debian.org/src:prosody 210: https://www.debian.org/security/2018/dsa-4199 211: https://packages.debian.org/src:firefox-esr 212: https://www.debian.org/security/2018/dsa-4200 213: https://packages.debian.org/src:kwallet-pam 214: https://www.debian.org/security/2018/dsa-4201 215: https://packages.debian.org/src:xen 216: https://www.debian.org/security/2018/dsa-4202 217: https://packages.debian.org/src:curl 218: https://www.debian.org/security/2018/dsa-4203 219: https://packages.debian.org/src:vlc 220: https://www.debian.org/security/2018/dsa-4203 221: https://packages.debian.org/src:phonon-backend-vlc 222: https://www.debian.org/security/2018/dsa-4203 223: https://packages.debian.org/src:goldencheetah 224: https://www.debian.org/security/2018/dsa-4206 225: https://packages.debian.org/src:gitlab 226: https://www.debian.org/security/2018/dsa-4206 227: https://packages.debian.org/src:ruby-omniauth-auth0 228: https://www.debian.org/security/2018/dsa-4207 229: https://packages.debian.org/src:packagekit 230: https://www.debian.org/security/2018/dsa-4208 231: https://packages.debian.org/src:procps 232: https://www.debian.org/security/2018/dsa-4209 233: https://packages.debian.org/src:thunderbird 234: https://www.debian.org/security/2018/dsa-4210 235: https://packages.debian.org/src:xen 236: https://www.debian.org/security/2018/dsa-4211 237: https://packages.debian.org/src:xdg-utils 238: https://www.debian.org/security/2018/dsa-4212 239: https://packages.debian.org/src:git 240: https://www.debian.org/security/2018/dsa-4213 241: https://packages.debian.org/src:qemu 242: https://www.debian.org/security/2018/dsa-4214 243: https://packages.debian.org/src:zookeeper 244: https://www.debian.org/security/2018/dsa-4215 245: https://packages.debian.org/src:batik 246: https://www.debian.org/security/2018/dsa-4216 247: https://packages.debian.org/src:prosody 248: https://www.debian.org/security/2018/dsa-4217 249: https://packages.debian.org/src:wireshark 250: https://www.debian.org/security/2018/dsa-4218 251: https://packages.debian.org/src:memcached 252: https://www.debian.org/security/2018/dsa-4219 253: https://packages.debian.org/src:jruby 254: https://www.debian.org/security/2018/dsa-4220 255: https://packages.debian.org/src:firefox-esr 256: https://www.debian.org/security/2018/dsa-4221 257: https://packages.debian.org/src:libvncserver 258: https://www.debian.org/security/2018/dsa-4222 259: https://packages.debian.org/src:gnupg2 260: https://www.debian.org/security/2018/dsa-4223 261: https://packages.debian.org/src:gnupg1 262: https://www.debian.org/security/2018/dsa-4226 263: https://packages.debian.org/src:perl 264: https://www.debian.org/security/2018/dsa-4227 265: https://packages.debian.org/src:plexus-archiver 266: https://www.debian.org/security/2018/dsa-4228 267: https://packages.debian.org/src:spip 268: https://www.debian.org/security/2018/dsa-4229 269: https://packages.debian.org/src:strongswan 270: https://www.debian.org/security/2018/dsa-4230 271: https://packages.debian.org/src:redis 272: https://www.debian.org/security/2018/dsa-4231 273: https://packages.debian.org/src:libgcrypt20 274: https://www.debian.org/security/2018/dsa-4232 275: https://packages.debian.org/src:xen 276: https://www.debian.org/security/2018/dsa-4233 277: https://packages.debian.org/src:bouncycastle 278: https://www.debian.org/security/2018/dsa-4234 279: https://packages.debian.org/src:lava-server 280: https://www.debian.org/security/2018/dsa-4235 281: https://packages.debian.org/src:firefox-esr 282: https://www.debian.org/security/2018/dsa-4236 283: https://packages.debian.org/src:xen 284: https://www.debian.org/security/2018/dsa-4238 285: https://packages.debian.org/src:exiv2 286: https://www.debian.org/security/2018/dsa-4239 287: https://packages.debian.org/src:gosa 288: https://www.debian.org/security/2018/dsa-4240 289: https://packages.debian.org/src:php7.0 290: https://www.debian.org/security/2018/dsa-4241 291: https://packages.debian.org/src:libsoup2.4 Removed packages ---------------- The following packages were removed due to circumstances beyond our control: +-----------------------------+----------------------------------------+ | Package | Reason | +-----------------------------+----------------------------------------+ | libnet-whois-perl [292] | Broken | | | | | mlbviewer [293] | No longer works due to content | | | provider changes | | | | | python-uniconvertor [294] | Unusable; requires unpackaged | | | dependency | | | | | singularity-container [295] | Not security supportable | | | | | undertow [296] | Unsupportable; several security | | | issues; alternatives exist | | | | | visionegg [297] | Unusable; requires no longer available | | | numpy.oldnumeric | | | | +-----------------------------+----------------------------------------+ 292: https://packages.debian.org/src:libnet-whois-perl 293: https://packages.debian.org/src:mlbviewer 294: https://packages.debian.org/src:python-uniconvertor 295: https://packages.debian.org/src:singularity-container 296: https://packages.debian.org/src:undertow 297: https://packages.debian.org/src:visionegg Debian Installer ---------------- The installer has been updated to include the fixes incorporated into stable by the point release. URLs ---- The complete lists of packages that have changed with this revision: http://ftp.debian.org/debian/dists/stretch/ChangeLog The current stable distribution: http://ftp.debian.org/debian/dists/stable/ Proposed updates to the stable distribution: http://ftp.debian.org/debian/dists/proposed-updates stable distribution information (release notes, errata etc.): https://www.debian.org/releases/stable/ Security announcements and information: https://security.debian.org/ [298] 298: https://www.debian.org/security/ About Debian ------------ The Debian Project is an association of Free Software developers who volunteer their time and effort in order to produce the completely free operating system Debian. Contact Information ------------------- For further information, please visit the Debian web pages at https://www.debian.org/, send mail to <press@debian.org>, or contact the stable release team at <debian-release@lists.debian.org>.
Attachment:
signature.asc
Description: OpenPGP digital signature