------------------------------------------------------------------------
The Debian Project https://www.debian.org/
Updated Debian 9: 9.5 released press@debian.org
July 14th, 2018 https://www.debian.org/News/2018/20180714
------------------------------------------------------------------------
The Debian project is pleased to announce the fifth update of its stable
distribution Debian 9 (codename "stretch"). This point release mainly
adds corrections for security issues, along with a few adjustments for
serious problems. Security advisories have already been published
separately and are referenced where available.
Please note that the point release does not constitute a new version of
Debian 9 but only updates some of the packages included. There is no
need to throw away old "stretch" media. After installation, packages can
be upgraded to the current versions using an up-to-date Debian mirror.
Those who frequently install updates from security.debian.org won't have
to update many packages, and most such updates are included in the point
release.
New installation images will be available soon at the regular locations.
Upgrading an existing installation to this revision can be achieved by
pointing the package management system at one of Debian's many HTTP
mirrors. A comprehensive list of mirrors is available at:
https://www.debian.org/mirror/list
Miscellaneous Bugfixes
----------------------
This stable update adds a few important corrections to the following
packages:
+--------------------------+------------------------------------------+
| Package | Reason |
+--------------------------+------------------------------------------+
| 2ping [1] | Add missing dependency on python-pkg- |
| | resources |
| | |
| abiword [2] | Resolve binary file conflict between |
| | abiword-dbgsym and abiword-plugin- |
| | grammar-dbgsym |
| | |
| adminer [3] | Don't allow connections to privileged |
| | ports [CVE-2018-7667] |
| | |
| animals [4] | Fix incorrect file permissions that made |
| | the game unusable |
| | |
| apache2 [5] | Upgrade mod_http and mod_proxy_http2 to |
| | the versions from 2.4.33, fixing |
| | segfaults, high memory usage and |
| | potential crash [CVE-2018-1302]; make |
| | the apache-htcacheclean init script |
| | actually use /etc/default/apache- |
| | htcacheclean for its config |
| | |
| auto-complete-el [6] | Add upstream fix for emacs25; adjust the |
| | emacs dependencies to the emacs versions |
| | in stretch; set auto-complete- |
| | el.emacsen-compat to silence |
| | installation warning |
| | |
| awffull [7] | Do not use removed options in /etc/ |
| | cron.daily/awffull |
| | |
| ax25-tools [8] | Avoid segmentation fault at runtime |
| | |
| base-files [9] | Update for the point release |
| | |
| blktrace [10] | Fix buffer overflow in btt [CVE-2018- |
| | 10689] |
| | |
| ca-certificates [11] | Update Mozilla CA bundle to version |
| | 2.22; bug fixes |
| | |
| camo [12] | Add missing dependency on openssl |
| | |
| cffi [13] | Add missing files for cffi-libffi and |
| | cffi-toolchain; add several missing |
| | dependencies |
| | |
| check-postgres [14] | Update testsuite to handle |
| | pg_get_indexdef() now always including |
| | the schema name |
| | |
| clamav [15] | New upstream version; don't fail on |
| | recently removed config options |
| | |
| clustershell [16] | Add missing dependency on python-pkg- |
| | resources |
| | |
| debian-installer [17] | Update for -7 kernel ABI |
| | |
| debian-installer- | Rebuild for the point release |
| netboot-images [18] | |
| | |
| debian-security- | Update included data |
| support [19] | |
| | |
| dehydrated [20] | Fix failure to create fullchain.pem |
| | |
| devscripts [21] | uscan: fix the new package version regex |
| | for filenamemangle; debsign: fix bash |
| | completion; bts: support the new |
| | "ftbfs" tag; uscan: support HTTPS in |
| | the sf.net redirector; debcheckout: |
| | support salsa.debian.org; debdiff: sort |
| | shlibs files before comparing, reducing |
| | diff noise; uscan: actually support -- |
| | copy |
| | |
| disc-cover [22] | Fix perl error when running disc-cover |
| | |
| discover [23] | Use correct type for the length |
| | parameter of the getline() call |
| | |
| django-xmlrpc [24] | Fix python3 dependencies |
| | |
| dosbox [25] | Fix crashes with core=dynamic |
| | |
| dpdk [26] | New upstream stable update |
| | |
| dpkg [27] | Fix integer overflow in deb(5) format |
| | version parser; fix directory traversal |
| | with dpkg-deb --raw-extract; add support |
| | for riscv64 CPU; do not normalize args |
| | past a passthrough stop word in |
| | Dpkg::Getopt; parse start-stop-daemon |
| | usernames and groupnames starting with |
| | digits correctly; always use the binary |
| | version for the .buildinfo filename |
| | |
| dput-ng [28] | Add jessie-backports-sloppy and stretch- |
| | backports targets; include 'testing' in |
| | the rm-managed suites and 'oldstable' in |
| | "protected distributions" ; add ports- |
| | master profile; FTP: parse and use |
| | optional [:port] part for fqdn |
| | |
| elastix [29] | Rebuild with ITK that has been built |
| | with gcc 6 |
| | |
| email2trac [30] | Fix detection of Trac 1.2 |
| | |
| faad2 [31] | Fix several DoS issues via crafted MP4 |
| | files [CVE-2017-9218 CVE-2017-9219 |
| | CVE-2017-9220 CVE-2017-9221 CVE-2017- |
| | 9222 CVE-2017-9223 CVE-2017-9253 |
| | CVE-2017-9254 CVE-2017-9255 CVE-2017- |
| | 9256 CVE-2017-9257] |
| | |
| faker [32] | Add missing dependency on python- |
| | ipaddress |
| | |
| fastkml [33] | Add missing dependency on pkg-resources |
| | |
| file [34] | Avoid reading past the end of buffer |
| | [CVE-2018-10360] |
| | |
| freedink-dfarc [35] | Fix directory traversal in D-Mod |
| | extractor [CVE-2018-0496] |
| | |
| ganeti [36] | Properly verify SSL certificates during |
| | VM export |
| | |
| ghostscript [37] | Fix segfault with fuzzing file in |
| | gxht_thresh_image_init(); fix buffer |
| | overflow in fill_threshold_buffer |
| | [CVE-2016-10317]; pdfwrite - Guard |
| | against trying to output an infinite |
| | number [CVE-2018-10194] |
| | |
| git-annex [38] | Security fixes [CVE-2018-10857 CVE-2018- |
| | 10859] |
| | |
| glx-alternatives [39] | New upstream version |
| | |
| gridengine [40] | Use correct paths to qmon pixmaps; fix |
| | FTBFS on armhf |
| | |
| intel-microcode [41] | Update included microcode, including |
| | fixes for Spectre v2 [CVE-2017-5715] |
| | |
| jdresolve [42] | Fix incompatibility with libnet-dns-perl |
| | in Debian 8 and later |
| | |
| libb64 [43] | Rebuild with PIE |
| | |
| libdate-holidays-de- | Mark Reformation Day as a holiday in |
| perl [44] | Niedersachsen and Bremen |
| | |
| libdatetime-timezone- | Update included data |
| perl [45] | |
| | |
| libextractor [46] | Various security fixes [CVE-2017-15266 |
| | CVE-2017-15267 CVE-2017-15600 CVE-2017- |
| | 15601 CVE-2017-15602 CVE-2017-15922 |
| | CVE-2017-17440] |
| | |
| libipc-run-perl [47] | Fix memory leak |
| | |
| liblouis [48] | Fix buffer overflow [CVE-2018-11410]; |
| | fix several buffer overflows [CVE-2018- |
| | 11440 CVE-2018-11577 CVE-2018-11683 |
| | CVE-2018-11684 CVE-2018-11685 2018- |
| | 12085] |
| | |
| libosmium [49] | Output coordinate with value of -2^31 |
| | correctly; fix buffers larger than 2^32 |
| | bytes |
| | |
| linux [50] | New upstream stable release 4.9.110 |
| | |
| linux-latest [51] | Update to -7 kernel ABI |
| | |
| llvm-toolchain-4.0 [52] | New package for rust backports; fix |
| | build on s390x |
| | |
| local-apt- | Stop breaking apt when the package is |
| repository [53] | removed but not purged |
| | |
| loook [54] | Fix handling of password protected files |
| | |
| miniupnpd [55] | Fix DoS [CVE-2017-1000494] |
| | |
| nss-pam-ldapd [56] | Increase size of hostname buffer |
| | |
| nvidia-graphics- | New upstream version |
| drivers [57] | |
| | |
| obfsproxy [58] | Don't install the broken AppArmor |
| | profile |
| | |
| openldap [59] | Fix an out-of-sync issue with delta- |
| | syncrepl replication in multi-master |
| | environments; really fix upgrades when |
| | the config contains backslash-escaped |
| | special characters |
| | |
| openstack-debian- | Set CloudStack after OpenStack in the |
| images [60] | datasource_list, to avoid a 120s delay |
| | in cloud-init when booting a machine in |
| | an OpenStack cloud |
| | |
| patch [61] | Fix arbitrary command execution in ed- |
| | style patches [CVE-2018-1000156] |
| | |
| piglit [62] | Fix missing dependency on python-mako |
| | |
| postgresql-9.6 [63] | New upstream release |
| | |
| postgresql-common [64] | Prevent upgrading/removing server |
| | packages from stopping other major |
| | version clusters when running systemd |
| | |
| psad [65] | Add missing dependencies on net-tools |
| | and iproute2 |
| | |
| pysurfer [66] | Add missing dependency on python- |
| | matplotlib |
| | |
| python-cluster [67] | Add missing dependency on pkg-resources |
| | |
| python-pyorick [68] | Fix import failure by adding missing |
| | dependency on python3-numpy |
| | |
| python-scruffy [69] | Add missing dependencies on pkg- |
| | resources |
| | |
| r-cran-mi [70] | Add missing dependency on r-cran-arm |
| | |
| redis [71] | Correct RunTimeDirectory -> |
| | RuntimeDirectory typo in |
| | systemd .service files |
| | |
| reportbug [72] | Notify the security team or LTS team |
| | about a possible regression if reporting |
| | a bug against a package containing a |
| | security fix |
| | |
| rustc [73] | New upstream release to support Firefox |
| | ESR |
| | |
| salt [74] | Fix "salt-ssh minion copied over |
| | configuration from the Salt Master |
| | without adjusting |
| | permissions" [CVE-2017-8109] |
| | |
| shared-mime-info [75] | Switch dpkg trigger to noawait, fixing |
| | upgrade issues from jessie |
| | |
| showq [76] | Fix prefix, so application actually |
| | works |
| | |
| source-highlight [77] | Fix dependency on libboost-regex-dev |
| | |
| starplot [78] | Fix startup crash |
| | |
| subversion [79] | Reject commits which would introduce |
| | hash collisions with existing data, thus |
| | addressing the SHA1/shattered issue |
| | |
| sus [80] | Update to new version, technically |
| | identical to SUSv4 + TC1 + TC2 |
| | |
| systemd [81] | networkd-ndisc: Handle missing MTU |
| | gracefully; allow RemoveIPC= to be set |
| | in the unit file not only via D-Bus; |
| | nspawn: Add missing -E to getopt_long'; |
| | login: Respect --no-wall when cancelling |
| | a shutdown request |
| | |
| tclreadline [82] | Fix shared library build on ppc64el |
| | |
| thefuck [83] | Add missing dependency on pkg-resources |
| | |
| tinyproxy [84] | Do not stop listening after SIGHUP; fix |
| | configuration file path; add missing |
| | dependency on adduser |
| | |
| tlslite-ng [85] | Verify MAC even if the padding is 1 byte |
| | long |
| | |
| tzdata [86] | New upstream release |
| | |
| unison [87] | Rebuild with stretch's ocaml |
| | |
| variety [88] | Fix shell injection on deleting files to |
| | trash; fix shell injection in filter and |
| | clock with specially crafted filenames; |
| | harden ImageMagick calls against |
| | potential shell injection |
| | |
| xapian-core [89] | Fix MSet::snippet() to escape HTML in |
| | all cases [CVE-2018-499] |
| | |
| xerces-c [90] | Fix Denial of Service via external DTD |
| | reference [CVE-2017-12627]; fix a |
| | regression that forced gcc to use SSE2, |
| | even on platforms that do not support it |
| | |
| xrdp [91] | Fix off-by-one error which could lead to |
| | crashes |
| | |
+--------------------------+------------------------------------------+
1: https://packages.debian.org/src:2ping
2: https://packages.debian.org/src:abiword
3: https://packages.debian.org/src:adminer
4: https://packages.debian.org/src:animals
5: https://packages.debian.org/src:apache2
6: https://packages.debian.org/src:auto-complete-el
7: https://packages.debian.org/src:awffull
8: https://packages.debian.org/src:ax25-tools
9: https://packages.debian.org/src:base-files
10: https://packages.debian.org/src:blktrace
11: https://packages.debian.org/src:ca-certificates
12: https://packages.debian.org/src:camo
13: https://packages.debian.org/src:cffi
14: https://packages.debian.org/src:check-postgres
15: https://packages.debian.org/src:clamav
16: https://packages.debian.org/src:clustershell
17: https://packages.debian.org/src:debian-installer
18: https://packages.debian.org/src:debian-installer-netboot-images
19: https://packages.debian.org/src:debian-security-support
20: https://packages.debian.org/src:dehydrated
21: https://packages.debian.org/src:devscripts
22: https://packages.debian.org/src:disc-cover
23: https://packages.debian.org/src:discover
24: https://packages.debian.org/src:django-xmlrpc
25: https://packages.debian.org/src:dosbox
26: https://packages.debian.org/src:dpdk
27: https://packages.debian.org/src:dpkg
28: https://packages.debian.org/src:dput-ng
29: https://packages.debian.org/src:elastix
30: https://packages.debian.org/src:email2trac
31: https://packages.debian.org/src:faad2
32: https://packages.debian.org/src:faker
33: https://packages.debian.org/src:fastkml
34: https://packages.debian.org/src:file
35: https://packages.debian.org/src:freedink-dfarc
36: https://packages.debian.org/src:ganeti
37: https://packages.debian.org/src:ghostscript
38: https://packages.debian.org/src:git-annex
39: https://packages.debian.org/src:glx-alternatives
40: https://packages.debian.org/src:gridengine
41: https://packages.debian.org/src:intel-microcode
42: https://packages.debian.org/src:jdresolve
43: https://packages.debian.org/src:libb64
44: https://packages.debian.org/src:libdate-holidays-de-perl
45: https://packages.debian.org/src:libdatetime-timezone-perl
46: https://packages.debian.org/src:libextractor
47: https://packages.debian.org/src:libipc-run-perl
48: https://packages.debian.org/src:liblouis
49: https://packages.debian.org/src:libosmium
50: https://packages.debian.org/src:linux
51: https://packages.debian.org/src:linux-latest
52: https://packages.debian.org/src:llvm-toolchain-4.0
53: https://packages.debian.org/src:local-apt-repository
54: https://packages.debian.org/src:loook
55: https://packages.debian.org/src:miniupnpd
56: https://packages.debian.org/src:nss-pam-ldapd
57: https://packages.debian.org/src:nvidia-graphics-drivers
58: https://packages.debian.org/src:obfsproxy
59: https://packages.debian.org/src:openldap
60: https://packages.debian.org/src:openstack-debian-images
61: https://packages.debian.org/src:patch
62: https://packages.debian.org/src:piglit
63: https://packages.debian.org/src:postgresql-9.6
64: https://packages.debian.org/src:postgresql-common
65: https://packages.debian.org/src:psad
66: https://packages.debian.org/src:pysurfer
67: https://packages.debian.org/src:python-cluster
68: https://packages.debian.org/src:python-pyorick
69: https://packages.debian.org/src:python-scruffy
70: https://packages.debian.org/src:r-cran-mi
71: https://packages.debian.org/src:redis
72: https://packages.debian.org/src:reportbug
73: https://packages.debian.org/src:rustc
74: https://packages.debian.org/src:salt
75: https://packages.debian.org/src:shared-mime-info
76: https://packages.debian.org/src:showq
77: https://packages.debian.org/src:source-highlight
78: https://packages.debian.org/src:starplot
79: https://packages.debian.org/src:subversion
80: https://packages.debian.org/src:sus
81: https://packages.debian.org/src:systemd
82: https://packages.debian.org/src:tclreadline
83: https://packages.debian.org/src:thefuck
84: https://packages.debian.org/src:tinyproxy
85: https://packages.debian.org/src:tlslite-ng
86: https://packages.debian.org/src:tzdata
87: https://packages.debian.org/src:unison
88: https://packages.debian.org/src:variety
89: https://packages.debian.org/src:xapian-core
90: https://packages.debian.org/src:xerces-c
91: https://packages.debian.org/src:xrdp
Security Updates
----------------
This revision adds the following security updates to the stable release.
The Security Team has already released an advisory for each of these
updates:
+----------------+----------------------------+
| Advisory ID | Package |
+----------------+----------------------------+
| DSA-4010 [92] | git-annex [93] |
| | |
| DSA-4064 [94] | chromium-browser [95] |
| | |
| DSA-4113 [96] | libvorbis [97] |
| | |
| DSA-4133 [98] | isc-dhcp [99] |
| | |
| DSA-4134 [100] | util-linux [101] |
| | |
| DSA-4135 [102] | samba [103] |
| | |
| DSA-4136 [104] | curl [105] |
| | |
| DSA-4137 [106] | libvirt [107] |
| | |
| DSA-4138 [108] | mbedtls [109] |
| | |
| DSA-4139 [110] | firefox-esr [111] |
| | |
| DSA-4140 [112] | libvorbis [113] |
| | |
| DSA-4141 [114] | libvorbisidec [115] |
| | |
| DSA-4142 [116] | uwsgi [117] |
| | |
| DSA-4143 [118] | firefox-esr [119] |
| | |
| DSA-4144 [120] | openjdk-8 [121] |
| | |
| DSA-4145 [122] | gitlab [123] |
| | |
| DSA-4146 [124] | plexus-utils [125] |
| | |
| DSA-4148 [126] | kamailio [127] |
| | |
| DSA-4150 [128] | icu [129] |
| | |
| DSA-4151 [130] | librelp [131] |
| | |
| DSA-4152 [132] | mupdf [133] |
| | |
| DSA-4153 [134] | firefox-esr [135] |
| | |
| DSA-4155 [136] | thunderbird [137] |
| | |
| DSA-4156 [138] | drupal7 [139] |
| | |
| DSA-4157 [140] | openssl [141] |
| | |
| DSA-4158 [142] | openssl1.0 [143] |
| | |
| DSA-4159 [144] | remctl [145] |
| | |
| DSA-4160 [146] | libevt [147] |
| | |
| DSA-4161 [148] | python-django [149] |
| | |
| DSA-4162 [150] | irssi [151] |
| | |
| DSA-4163 [152] | beep [153] |
| | |
| DSA-4164 [154] | apache2 [155] |
| | |
| DSA-4165 [156] | ldap-account-manager [157] |
| | |
| DSA-4167 [158] | sharutils [159] |
| | |
| DSA-4169 [160] | pcs [161] |
| | |
| DSA-4170 [162] | pjproject [163] |
| | |
| DSA-4171 [164] | ruby-loofah [165] |
| | |
| DSA-4172 [166] | perl [167] |
| | |
| DSA-4173 [168] | r-cran-readxl [169] |
| | |
| DSA-4174 [170] | corosync [171] |
| | |
| DSA-4175 [172] | freeplane [173] |
| | |
| DSA-4177 [174] | libsdl2-image [175] |
| | |
| DSA-4178 [176] | libreoffice [177] |
| | |
| DSA-4180 [178] | drupal7 [179] |
| | |
| DSA-4181 [180] | roundcube [181] |
| | |
| DSA-4183 [182] | tor [183] |
| | |
| DSA-4184 [184] | sdl-image1.2 [185] |
| | |
| DSA-4185 [186] | openjdk-8 [187] |
| | |
| DSA-4188 [188] | linux [189] |
| | |
| DSA-4189 [190] | quassel [191] |
| | |
| DSA-4190 [192] | jackson-databind [193] |
| | |
| DSA-4191 [194] | redmine [195] |
| | |
| DSA-4192 [196] | libmad [197] |
| | |
| DSA-4193 [198] | wordpress [199] |
| | |
| DSA-4194 [200] | lucene-solr [201] |
| | |
| DSA-4195 [202] | wget [203] |
| | |
| DSA-4196 [204] | linux [205] |
| | |
| DSA-4197 [206] | wavpack [207] |
| | |
| DSA-4198 [208] | prosody [209] |
| | |
| DSA-4199 [210] | firefox-esr [211] |
| | |
| DSA-4200 [212] | kwallet-pam [213] |
| | |
| DSA-4201 [214] | xen [215] |
| | |
| DSA-4202 [216] | curl [217] |
| | |
| DSA-4203 [218] | vlc [219] |
| | |
| DSA-4203 [220] | phonon-backend-vlc [221] |
| | |
| DSA-4203 [222] | goldencheetah [223] |
| | |
| DSA-4206 [224] | gitlab [225] |
| | |
| DSA-4206 [226] | ruby-omniauth-auth0 [227] |
| | |
| DSA-4207 [228] | packagekit [229] |
| | |
| DSA-4208 [230] | procps [231] |
| | |
| DSA-4209 [232] | thunderbird [233] |
| | |
| DSA-4210 [234] | xen [235] |
| | |
| DSA-4211 [236] | xdg-utils [237] |
| | |
| DSA-4212 [238] | git [239] |
| | |
| DSA-4213 [240] | qemu [241] |
| | |
| DSA-4214 [242] | zookeeper [243] |
| | |
| DSA-4215 [244] | batik [245] |
| | |
| DSA-4216 [246] | prosody [247] |
| | |
| DSA-4217 [248] | wireshark [249] |
| | |
| DSA-4218 [250] | memcached [251] |
| | |
| DSA-4219 [252] | jruby [253] |
| | |
| DSA-4220 [254] | firefox-esr [255] |
| | |
| DSA-4221 [256] | libvncserver [257] |
| | |
| DSA-4222 [258] | gnupg2 [259] |
| | |
| DSA-4223 [260] | gnupg1 [261] |
| | |
| DSA-4226 [262] | perl [263] |
| | |
| DSA-4227 [264] | plexus-archiver [265] |
| | |
| DSA-4228 [266] | spip [267] |
| | |
| DSA-4229 [268] | strongswan [269] |
| | |
| DSA-4230 [270] | redis [271] |
| | |
| DSA-4231 [272] | libgcrypt20 [273] |
| | |
| DSA-4232 [274] | xen [275] |
| | |
| DSA-4233 [276] | bouncycastle [277] |
| | |
| DSA-4234 [278] | lava-server [279] |
| | |
| DSA-4235 [280] | firefox-esr [281] |
| | |
| DSA-4236 [282] | xen [283] |
| | |
| DSA-4238 [284] | exiv2 [285] |
| | |
| DSA-4239 [286] | gosa [287] |
| | |
| DSA-4240 [288] | php7.0 [289] |
| | |
| DSA-4241 [290] | libsoup2.4 [291] |
| | |
+----------------+----------------------------+
92: https://www.debian.org/security/2017/dsa-4010
93: https://packages.debian.org/src:git-annex
94: https://www.debian.org/security/2017/dsa-4064
95: https://packages.debian.org/src:chromium-browser
96: https://www.debian.org/security/2018/dsa-4113
97: https://packages.debian.org/src:libvorbis
98: https://www.debian.org/security/2018/dsa-4133
99: https://packages.debian.org/src:isc-dhcp
100: https://www.debian.org/security/2018/dsa-4134
101: https://packages.debian.org/src:util-linux
102: https://www.debian.org/security/2018/dsa-4135
103: https://packages.debian.org/src:samba
104: https://www.debian.org/security/2018/dsa-4136
105: https://packages.debian.org/src:curl
106: https://www.debian.org/security/2018/dsa-4137
107: https://packages.debian.org/src:libvirt
108: https://www.debian.org/security/2018/dsa-4138
109: https://packages.debian.org/src:mbedtls
110: https://www.debian.org/security/2018/dsa-4139
111: https://packages.debian.org/src:firefox-esr
112: https://www.debian.org/security/2018/dsa-4140
113: https://packages.debian.org/src:libvorbis
114: https://www.debian.org/security/2018/dsa-4141
115: https://packages.debian.org/src:libvorbisidec
116: https://www.debian.org/security/2018/dsa-4142
117: https://packages.debian.org/src:uwsgi
118: https://www.debian.org/security/2018/dsa-4143
119: https://packages.debian.org/src:firefox-esr
120: https://www.debian.org/security/2018/dsa-4144
121: https://packages.debian.org/src:openjdk-8
122: https://www.debian.org/security/2018/dsa-4145
123: https://packages.debian.org/src:gitlab
124: https://www.debian.org/security/2018/dsa-4146
125: https://packages.debian.org/src:plexus-utils
126: https://www.debian.org/security/2018/dsa-4148
127: https://packages.debian.org/src:kamailio
128: https://www.debian.org/security/2018/dsa-4150
129: https://packages.debian.org/src:icu
130: https://www.debian.org/security/2018/dsa-4151
131: https://packages.debian.org/src:librelp
132: https://www.debian.org/security/2018/dsa-4152
133: https://packages.debian.org/src:mupdf
134: https://www.debian.org/security/2018/dsa-4153
135: https://packages.debian.org/src:firefox-esr
136: https://www.debian.org/security/2018/dsa-4155
137: https://packages.debian.org/src:thunderbird
138: https://www.debian.org/security/2018/dsa-4156
139: https://packages.debian.org/src:drupal7
140: https://www.debian.org/security/2018/dsa-4157
141: https://packages.debian.org/src:openssl
142: https://www.debian.org/security/2018/dsa-4158
143: https://packages.debian.org/src:openssl1.0
144: https://www.debian.org/security/2018/dsa-4159
145: https://packages.debian.org/src:remctl
146: https://www.debian.org/security/2018/dsa-4160
147: https://packages.debian.org/src:libevt
148: https://www.debian.org/security/2018/dsa-4161
149: https://packages.debian.org/src:python-django
150: https://www.debian.org/security/2018/dsa-4162
151: https://packages.debian.org/src:irssi
152: https://www.debian.org/security/2018/dsa-4163
153: https://packages.debian.org/src:beep
154: https://www.debian.org/security/2018/dsa-4164
155: https://packages.debian.org/src:apache2
156: https://www.debian.org/security/2018/dsa-4165
157: https://packages.debian.org/src:ldap-account-manager
158: https://www.debian.org/security/2018/dsa-4167
159: https://packages.debian.org/src:sharutils
160: https://www.debian.org/security/2018/dsa-4169
161: https://packages.debian.org/src:pcs
162: https://www.debian.org/security/2018/dsa-4170
163: https://packages.debian.org/src:pjproject
164: https://www.debian.org/security/2018/dsa-4171
165: https://packages.debian.org/src:ruby-loofah
166: https://www.debian.org/security/2018/dsa-4172
167: https://packages.debian.org/src:perl
168: https://www.debian.org/security/2018/dsa-4173
169: https://packages.debian.org/src:r-cran-readxl
170: https://www.debian.org/security/2018/dsa-4174
171: https://packages.debian.org/src:corosync
172: https://www.debian.org/security/2018/dsa-4175
173: https://packages.debian.org/src:freeplane
174: https://www.debian.org/security/2018/dsa-4177
175: https://packages.debian.org/src:libsdl2-image
176: https://www.debian.org/security/2018/dsa-4178
177: https://packages.debian.org/src:libreoffice
178: https://www.debian.org/security/2018/dsa-4180
179: https://packages.debian.org/src:drupal7
180: https://www.debian.org/security/2018/dsa-4181
181: https://packages.debian.org/src:roundcube
182: https://www.debian.org/security/2018/dsa-4183
183: https://packages.debian.org/src:tor
184: https://www.debian.org/security/2018/dsa-4184
185: https://packages.debian.org/src:sdl-image1.2
186: https://www.debian.org/security/2018/dsa-4185
187: https://packages.debian.org/src:openjdk-8
188: https://www.debian.org/security/2018/dsa-4188
189: https://packages.debian.org/src:linux
190: https://www.debian.org/security/2018/dsa-4189
191: https://packages.debian.org/src:quassel
192: https://www.debian.org/security/2018/dsa-4190
193: https://packages.debian.org/src:jackson-databind
194: https://www.debian.org/security/2018/dsa-4191
195: https://packages.debian.org/src:redmine
196: https://www.debian.org/security/2018/dsa-4192
197: https://packages.debian.org/src:libmad
198: https://www.debian.org/security/2018/dsa-4193
199: https://packages.debian.org/src:wordpress
200: https://www.debian.org/security/2018/dsa-4194
201: https://packages.debian.org/src:lucene-solr
202: https://www.debian.org/security/2018/dsa-4195
203: https://packages.debian.org/src:wget
204: https://www.debian.org/security/2018/dsa-4196
205: https://packages.debian.org/src:linux
206: https://www.debian.org/security/2018/dsa-4197
207: https://packages.debian.org/src:wavpack
208: https://www.debian.org/security/2018/dsa-4198
209: https://packages.debian.org/src:prosody
210: https://www.debian.org/security/2018/dsa-4199
211: https://packages.debian.org/src:firefox-esr
212: https://www.debian.org/security/2018/dsa-4200
213: https://packages.debian.org/src:kwallet-pam
214: https://www.debian.org/security/2018/dsa-4201
215: https://packages.debian.org/src:xen
216: https://www.debian.org/security/2018/dsa-4202
217: https://packages.debian.org/src:curl
218: https://www.debian.org/security/2018/dsa-4203
219: https://packages.debian.org/src:vlc
220: https://www.debian.org/security/2018/dsa-4203
221: https://packages.debian.org/src:phonon-backend-vlc
222: https://www.debian.org/security/2018/dsa-4203
223: https://packages.debian.org/src:goldencheetah
224: https://www.debian.org/security/2018/dsa-4206
225: https://packages.debian.org/src:gitlab
226: https://www.debian.org/security/2018/dsa-4206
227: https://packages.debian.org/src:ruby-omniauth-auth0
228: https://www.debian.org/security/2018/dsa-4207
229: https://packages.debian.org/src:packagekit
230: https://www.debian.org/security/2018/dsa-4208
231: https://packages.debian.org/src:procps
232: https://www.debian.org/security/2018/dsa-4209
233: https://packages.debian.org/src:thunderbird
234: https://www.debian.org/security/2018/dsa-4210
235: https://packages.debian.org/src:xen
236: https://www.debian.org/security/2018/dsa-4211
237: https://packages.debian.org/src:xdg-utils
238: https://www.debian.org/security/2018/dsa-4212
239: https://packages.debian.org/src:git
240: https://www.debian.org/security/2018/dsa-4213
241: https://packages.debian.org/src:qemu
242: https://www.debian.org/security/2018/dsa-4214
243: https://packages.debian.org/src:zookeeper
244: https://www.debian.org/security/2018/dsa-4215
245: https://packages.debian.org/src:batik
246: https://www.debian.org/security/2018/dsa-4216
247: https://packages.debian.org/src:prosody
248: https://www.debian.org/security/2018/dsa-4217
249: https://packages.debian.org/src:wireshark
250: https://www.debian.org/security/2018/dsa-4218
251: https://packages.debian.org/src:memcached
252: https://www.debian.org/security/2018/dsa-4219
253: https://packages.debian.org/src:jruby
254: https://www.debian.org/security/2018/dsa-4220
255: https://packages.debian.org/src:firefox-esr
256: https://www.debian.org/security/2018/dsa-4221
257: https://packages.debian.org/src:libvncserver
258: https://www.debian.org/security/2018/dsa-4222
259: https://packages.debian.org/src:gnupg2
260: https://www.debian.org/security/2018/dsa-4223
261: https://packages.debian.org/src:gnupg1
262: https://www.debian.org/security/2018/dsa-4226
263: https://packages.debian.org/src:perl
264: https://www.debian.org/security/2018/dsa-4227
265: https://packages.debian.org/src:plexus-archiver
266: https://www.debian.org/security/2018/dsa-4228
267: https://packages.debian.org/src:spip
268: https://www.debian.org/security/2018/dsa-4229
269: https://packages.debian.org/src:strongswan
270: https://www.debian.org/security/2018/dsa-4230
271: https://packages.debian.org/src:redis
272: https://www.debian.org/security/2018/dsa-4231
273: https://packages.debian.org/src:libgcrypt20
274: https://www.debian.org/security/2018/dsa-4232
275: https://packages.debian.org/src:xen
276: https://www.debian.org/security/2018/dsa-4233
277: https://packages.debian.org/src:bouncycastle
278: https://www.debian.org/security/2018/dsa-4234
279: https://packages.debian.org/src:lava-server
280: https://www.debian.org/security/2018/dsa-4235
281: https://packages.debian.org/src:firefox-esr
282: https://www.debian.org/security/2018/dsa-4236
283: https://packages.debian.org/src:xen
284: https://www.debian.org/security/2018/dsa-4238
285: https://packages.debian.org/src:exiv2
286: https://www.debian.org/security/2018/dsa-4239
287: https://packages.debian.org/src:gosa
288: https://www.debian.org/security/2018/dsa-4240
289: https://packages.debian.org/src:php7.0
290: https://www.debian.org/security/2018/dsa-4241
291: https://packages.debian.org/src:libsoup2.4
Removed packages
----------------
The following packages were removed due to circumstances beyond our
control:
+-----------------------------+----------------------------------------+
| Package | Reason |
+-----------------------------+----------------------------------------+
| libnet-whois-perl [292] | Broken |
| | |
| mlbviewer [293] | No longer works due to content |
| | provider changes |
| | |
| python-uniconvertor [294] | Unusable; requires unpackaged |
| | dependency |
| | |
| singularity-container [295] | Not security supportable |
| | |
| undertow [296] | Unsupportable; several security |
| | issues; alternatives exist |
| | |
| visionegg [297] | Unusable; requires no longer available |
| | numpy.oldnumeric |
| | |
+-----------------------------+----------------------------------------+
292: https://packages.debian.org/src:libnet-whois-perl
293: https://packages.debian.org/src:mlbviewer
294: https://packages.debian.org/src:python-uniconvertor
295: https://packages.debian.org/src:singularity-container
296: https://packages.debian.org/src:undertow
297: https://packages.debian.org/src:visionegg
Debian Installer
----------------
The installer has been updated to include the fixes incorporated into
stable by the point release.
URLs
----
The complete lists of packages that have changed with this revision:
http://ftp.debian.org/debian/dists/stretch/ChangeLog
The current stable distribution:
http://ftp.debian.org/debian/dists/stable/
Proposed updates to the stable distribution:
http://ftp.debian.org/debian/dists/proposed-updates
stable distribution information (release notes, errata etc.):
https://www.debian.org/releases/stable/
Security announcements and information:
https://security.debian.org/ [298]
298: https://www.debian.org/security/
About Debian
------------
The Debian Project is an association of Free Software developers who
volunteer their time and effort in order to produce the completely free
operating system Debian.
Contact Information
-------------------
For further information, please visit the Debian web pages at
https://www.debian.org/, send mail to <press@debian.org>, or contact the
stable release team at <debian-release@lists.debian.org>.
Attachment:
signature.asc
Description: OpenPGP digital signature