[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Updated Debian 8: 8.3 released



------------------------------------------------------------------------
The Debian Project                               https://www.debian.org/
Updated Debian 8: 8.3 released                          press@debian.org
January 23rd, 2016             https://www.debian.org/News/2016/20160123
------------------------------------------------------------------------


The Debian project is pleased to announce the third update of its stable
distribution Debian 8 (codename "jessie"). This update mainly adds
corrections for security problems to the stable release, along with a
few adjustments for serious problems. Security advisories were published
separately and are referenced where applicable.

Please note that this update does not constitute a new version of Debian
8 but only updates some of the packages included. There is no need to
throw away old "jessie" CDs or DVDs but only to update via an up-to-date
Debian mirror after an installation, to cause any out of date packages
to be updated.

Those who frequently install updates from security.debian.org won't have
to update many packages and most updates from security.debian.org are
included in this update.

New installation media and CD and DVD images containing updated packages
will be available soon at the regular locations.

Upgrading to this revision online is usually done by pointing the
aptitude (or apt) package tool (see the sources.list(5) manual page) to
one of Debian's many FTP or HTTP mirrors. A comprehensive list of
mirrors is available at:

https://www.debian.org/mirror/list



Miscellaneous Bugfixes
----------------------

This stable update adds important corrections to the following packages:

+-------------------------+-------------------------------------------+
| Package                 | Reason                                    |
+-------------------------+-------------------------------------------+
| android-platform-       | [i386] rebuild to fix dependency on       |
| frameworks-base [1]     | android-libhost                           |
|                         |                                           |
| apache2 [2]             | Fix split-logfile to work with current    |
|                         | perl, secondary-init-script to not source |
|                         | the main init script with 'set -e', tests |
|                         | on deferred MPM switch; add versioned     |
|                         | Replaces / Breaks for libapache2-mod-     |
|                         | macro                                     |
|                         |                                           |
| apt [3]                 | Hide first pdiff merge failure debug      |
|                         | message; fix marking of deps of pkgs in   |
|                         | APT::Never-MarkAuto-Sections as manual;   |
|                         | do not parse Status fields from remote    |
|                         | sources                                   |
|                         |                                           |
| apt-dater-host [4]      | Fix kernel version detection              |
|                         |                                           |
| apt-offline [5]         | Add missing dependency on python-apt      |
|                         |                                           |
| arb [6]                 | Skip compiler version check               |
|                         |                                           |
| augeas [7]              | HTTPD lense: include /etc/apache2/conf-   |
|                         | available directory, allow EOL comments   |
|                         | after section tags                        |
|                         |                                           |
| base-files [8]          | Update for the 8.3 point release; os-     |
|                         | release: drop trailing slash in           |
|                         | SUPPORT_URL variable                      |
|                         |                                           |
| bcfg2 [9]               | Support Django 1.7                        |
|                         |                                           |
| ben [10]                | Fix buildd.debian.org compact links;      |
|                         | ignore potential errors when deleting     |
|                         | lock file; call dose-debcheck with --deb- |
|                         | native-arch                               |
|                         |                                           |
| ca-certificates [11]    | Update Mozilla certificate authority      |
|                         | bundle to version 2.6                     |
|                         |                                           |
| ceph [12]               | URL-encode bucket name [CVE-2015-5245]    |
|                         |                                           |
| charybdis [13]          | Security fix [CVE-2015-5290]; initialise  |
|                         | gnutls properly                           |
|                         |                                           |
| chrony [14]             | Build depend on libcap-dev, to allow      |
|                         | dropping of privileges                    |
|                         |                                           |
| commons-httpclient [15] | Ensure HTTPS calls use                    |
|                         | http.socket.timeout during SSL Handshake  |
|                         | [CVE-2015-5262]                           |
|                         |                                           |
| cpuset [16]             | Update filesystem namespace prefix patch  |
|                         |                                           |
| curlftpfs [17]          | Avoid unsafe cast for getpass() on 64-bit |
|                         | architectures                             |
|                         |                                           |
| dbconfig-common [18]    | Fix permissions of PostgreSQL backup      |
|                         | files                                     |
|                         |                                           |
| debian-handbook [19]    | Update for Jessie                         |
|                         |                                           |
| debian-installer [20]   | Re-introduce installer images for QNAP    |
|                         | TS-x09; provide u-boot images for plug    |
|                         | computers; add the part_gpt module into   |
|                         | the core grub image; add beep to UEFI x86 |
|                         | boot menu; add 's' shortcut for speech to |
|                         | UEFI x86 boot menu; exclude usb-serial-   |
|                         | modules from the armel network-console    |
|                         | image and usb-modules explicitly on       |
|                         | armel/orion5x network-console; drop the   |
|                         | file extension from the initrd for QNAP   |
|                         | devices; adjust p-u support to handle     |
|                         | file:// instead of (f|ht)tp:// only       |
|                         |                                           |
| debian-installer-       | Rebuild for the point release             |
| netboot-images [21]     |                                           |
|                         |                                           |
| docbook2x [22]          | Do not install info/dir.gz files          |
|                         |                                           |
| doctrine [23]           | Fix directory permissions issue           |
|                         | [CVE-2015-5723]                           |
|                         |                                           |
| drbd-utils [24]         | Fix drbdadm adjust with IPv6 peer         |
|                         | addresses                                 |
|                         |                                           |
| ejabberd [25]           | Fix broken LDAP queries                   |
|                         |                                           |
| exfat-utils [26]        | Fix buffer overflow and infinite loop     |
|                         |                                           |
| exim4 [27]              | Fix some MIME ACL related crashes; fix a  |
|                         | bug causing duplicate deliveries,         |
|                         | especially on TLS connections             |
|                         |                                           |
| fglrx-driver [28]       | New upstream release; fix security issue  |
|                         | [CVE-2015-7724]                           |
|                         |                                           |
| file [29]               | Fix --parameter handling                  |
|                         |                                           |
| flash-kernel [30]       | Avoid waiting for Ctrl-C if any debconf   |
|                         | frontend is in use                        |
|                         |                                           |
| fuse-exfat [31]         | Fix buffer overflow and infinite loop     |
|                         |                                           |
| ganglia-modules-        | Only restart the ganglia service after    |
| linux [32]              | installation if it was previously running |
|                         |                                           |
| getmail4 [33]           | Set poplib._MAXLINE=1MB                   |
|                         |                                           |
| glance [34]             | Prevent image status being directly       |
|                         | modified via v1 API [CVE-2015-5251]       |
|                         |                                           |
| glibc [35]              | Fix getaddrinfo sometimes returning       |
|                         | uninitialized data with nscd; fix data    |
|                         | corruption while reading the NSS files    |
|                         | database [CVE-2015-5277]; fix buffer      |
|                         | overflow (read past end of buffer) in     |
|                         | internal_fnmatch; fix _IO_wstr_overflow   |
|                         | integer overflow; fix unexpected closing  |
|                         | of nss_files databases after lookups,     |
|                         | causing denial of service [CVE-2014-      |
|                         | 8121]; fix NSCD netgroup cache;           |
|                         | unconditionally disable LD_POINTER_GUARD; |
|                         | mangle function pointers in               |
|                         | tls_dtor_list; fix memory allocations     |
|                         | issues that can lead to buffer overflows  |
|                         | on the stack; update TSX blacklist to     |
|                         | also include some Broadwell CPUs          |
|                         |                                           |
| gnome-orca [36]         | Ensure correct focus on password entry,   |
|                         | so characters are not echoed              |
|                         |                                           |
| gnome-shell-extension-  | Display a warning if API key has not been |
| weather [37]            | supplied by the user, since querying      |
|                         | openweathermap.org no longer works        |
|                         | without such a key                        |
|                         |                                           |
| gummi [38]              | Avoid predictable naming of temporary     |
|                         | files [CVE 2015-7758]                     |
|                         |                                           |
| human-icon-theme [39]   | debian/clean-up.sh: do not run processes  |
|                         | in background                             |
|                         |                                           |
| ieee-data [40]          | Update included data files, adding        |
|                         | mam.txt and oui36.txt; stop downloading   |
|                         | via HTTPS, as neither wget nor curl       |
|                         | support TLS AIA, as now used by           |
|                         | standards.ieee.org                        |
|                         |                                           |
| intel-microcode [41]    | Update included microcode                 |
|                         |                                           |
| iptables-               | Stop rules files being world-readable;    |
| persistent [42]         | rewrite README                            |
|                         |                                           |
| isc-dhcp [43]           | Fix error when maximum lease time is used |
|                         | on 64-bit systems                         |
|                         |                                           |
| keepassx [44]           | Fix storage of passwords in clear text    |
|                         | [CVE-2015-8378]                           |
|                         |                                           |
| libapache-mod-          | Switch B-D from libtool to libtool-bin to |
| fastcgi [45]            | fix build failure                         |
|                         |                                           |
| libapache2-mod-         | Fix crashes in modperl_interp_unselect()  |
| perl2 [46]              |                                           |
|                         |                                           |
| libcgi-session-         | Untaint raw data coming from session      |
| perl [47]               | storage backends, fixing a regression     |
|                         | caused by CVE-2015-8607 fixes in perl     |
|                         |                                           |
| libdatetime-timezone-   | New upstream release                      |
| perl [48]               |                                           |
|                         |                                           |
| libencode-perl [49]     | Correctly handle a lack of BOM when       |
|                         | decoding                                  |
|                         |                                           |
| libhtml-scrubber-       | Fix cross-site scripting vulnerability in |
| perl [50]               | comments [CVE-2015-5667]                  |
|                         |                                           |
| libinfinity [51]        | Fix possible crashes when an entry is     |
|                         | removed from the document browser and     |
|                         | when access control lists are enabled     |
|                         |                                           |
| libiptables-parse-      | Fix use of predictable names for          |
| perl [52]               | temporary files [CVE-2015-8326]           |
|                         |                                           |
| libraw [53]             | Fix index overflow in smal_decode_segment |
|                         | [CVE-2015-8366]; fix memory objects are   |
|                         | not intialized properly [CVE-2015-8367]   |
|                         |                                           |
| libssh [54]             | Fix  "null pointer dereference due to a   |
|                         | logical error in the handling of a        |
|                         | SSH_MSG_NEWKEYS and KEXDH_REPLY           |
|                         | packets"  [CVE-2015-3146]                 |
|                         |                                           |
| linux [55]              | Update to upstream release 3.16.7-ctk20;  |
|                         | nbd: restore request timeout detection;   |
|                         | [x86] enable PINCTRL_BAYTRAIL; [mips*/    |
|                         | octeon] enable CAVIUM_CN63XXP1;           |
|                         | firmware_class: fix condition in          |
|                         | directory search loop; [x86] KVM: svm:    |
|                         | unconditionally intercept #DB [CVE-2015-  |
|                         | 8104]                                     |
|                         |                                           |
| linux-tools [56]        | Add new hyperv-daemons package            |
|                         |                                           |
| lldpd [57]              | Fix a segfault and an assertion error     |
|                         | when receiving incorrectly formed LLDP    |
|                         | management addresses                      |
|                         |                                           |
| madfuload [58]          | Use autoreconf -fi to fix build failure   |
|                         | with automake 1.14                        |
|                         |                                           |
| mdadm [59]              | Disable incremental assembly, as it can   |
|                         | cause issues booting a degraded RAID      |
|                         |                                           |
| mkvmlinuz [60]          | Direct run-parts output to stderr         |
|                         |                                           |
| monit [61]              | Fix umask-related regression from 5.8.1   |
|                         |                                           |
| mpm-itk [62]            | Fix an issue where closing of connections |
|                         | was attempted in the parent. This would   |
|                         | result in  "Connection: close"  not being |
|                         | honoured, and various odd effects with    |
|                         | SSL keepalive in certain browsers         |
|                         |                                           |
| multipath-tools [63]    | Fix discovery of devices with blank sysfs |
|                         | attribute; add documentation to cover     |
|                         | additional friendly names scenarios;      |
|                         | init: fix stop failure when no root       |
|                         | device is found; use 'SCSI_IDENT_.*' as   |
|                         | the default property whitelist            |
|                         |                                           |
| netcfg [64]             | Fix is_layer3_qeth on s390x to avoid      |
|                         | bailing out if the network driver is not  |
|                         | qeth                                      |
|                         |                                           |
| nvidia-graphics-        | New upstream release [CVE-2015-5950]; fix |
| drivers [65]            | Unsanitized User Mode Input issue         |
|                         | [CVE-2015-7869]                           |
|                         |                                           |
| nvidia-graphics-        | New upstream release; fix unsanitized     |
| drivers-                | User Mode Input issue [CVE-2015-7869]     |
| legacy-304xx [66]       |                                           |
|                         |                                           |
| nvidia-graphics-        | Rebuild against nvidia-kernel-source      |
| modules [67]            | 340.96                                    |
|                         |                                           |
| openldap [68]           | Fix a crash when adding a large attribute |
|                         | value with the auditlog overlay enabled   |
|                         |                                           |
| openvpn [69]            | Add --no-block to if-up.d script to avoid |
|                         | hanging boot on interfaces with openvpn   |
|                         | instances                                 |
|                         |                                           |
| owncloud [70]           | Fix local file inclusion on Microsoft     |
|                         | Windows Platform [CVE-2015-4716],         |
|                         | resource exhaustion when sanitizing       |
|                         | filenames [CVE-2015-4717], command        |
|                         | injection when using external SMB storage |
|                         | [CVE-2015-4718], calendar export:         |
|                         | Authorization Bypass Through User-        |
|                         | Controlled Key [CVE-2015-6670]; fix       |
|                         | reflected XSS in OCS provider discovery   |
|                         | [oc-sa-2016-001] [CVE-2016-1498],         |
|                         | disclosure of files that begin with \ ".v |
|                         | \"  due to unchecked return value [oc-    |
|                         | sa-2016-003] [CVE-2016-1500], information |
|                         | exposure via directory listing in the     |
|                         | file scanner [oc-sa-2016-002] [CVE-2016-  |
|                         | 1499], installation path disclosure       |
|                         | through error message [oc-sa-2016-004]    |
|                         | [CVE-2016-1501]                           |
|                         |                                           |
| pam [71]                | Fix DoS / user enumeration due to         |
|                         | blocking pipe in pam_unix [CVE-2015-3238] |
|                         |                                           |
| pcre3 [72]              | Fix security issues [CVE-2015-2325        |
|                         | CVE-2015-2326 CVE-2015-3210 CVE-2015-5073 |
|                         | CVE-2015-8384 CVE-2015-8388]              |
|                         |                                           |
| pdns [73]               | Fix upgrades with default configuration   |
|                         |                                           |
| perl [74]               | Correctly handle a lack of BOM when       |
|                         | decoding                                  |
|                         |                                           |
| php-auth-sasl [75]      | Rebuild with pkg-php-tools 1.28 to        |
|                         | correct PHP dependencies                  |
|                         |                                           |
| php-doctrine-           | Fix directory permissions issue           |
| annotations [76]        | [CVE-2015-5723]                           |
|                         |                                           |
| php-doctrine-cache [77] | Fix file / directory permissions issue    |
|                         | [CVE-2015-5723]                           |
|                         |                                           |
| php-doctrine-           | Fix file permissions issue [CVE-2015-     |
| common [78]             | 5723]                                     |
|                         |                                           |
| php-dropbox [79]        | Refuse to handle any files containing an  |
|                         | @ [CVE-2015-4715]                         |
|                         |                                           |
| php-mail-               | Rebuild with pkg-php-tools 1.28 to        |
| mimedecode [80]         | correct PHP dependencies                  |
|                         |                                           |
| php5 [81]               | New upstream release                      |
|                         |                                           |
| plowshare4 [82]         | Disable Javascript support                |
|                         |                                           |
| postgresql-9.1 [83]     | New upstream release                      |
|                         |                                           |
| pykerberos [84]         | Add KDC authenticity verification support |
|                         | [CVE-2015-3206]                           |
|                         |                                           |
| python-yaql [85]        | Remove broken python3-yaql package        |
|                         |                                           |
| qpsmtpd [86]            | Fix compatibility issue with newer        |
|                         | Net::DNS versions                         |
|                         |                                           |
| quassel [87]            | Fix remote DoS in quassel core, using /op |
|                         | * command [CVE-2015-8547]                 |
|                         |                                           |
| redis [88]              | Ensure that a valid runtime directory is  |
|                         | created when running under systemd        |
|                         |                                           |
| redmine [89]            | Fix upgrades when there are locally-      |
|                         | installed plugins; fix moving issues      |
|                         | across projects                           |
|                         |                                           |
| rsyslog [90]            | Fix crash in imfile module when using     |
|                         | inotify mode; prevent a segfault in       |
|                         | dynafile creation                         |
|                         |                                           |
| ruby-bson [91]          | Fix DoS and possible injection [CVE-2015- |
|                         | 4410]                                     |
|                         |                                           |
| s390-dasd [92]          | If no channel is found, exit cleanly.     |
|                         | This allows s390-dasd to step out of the  |
|                         | way on VMs with virtio disks              |
|                         |                                           |
| shadow [93]             | Fix error handling in busy user detection |
|                         |                                           |
| sparse [94]             | Fix build failure with llvm-3.5           |
|                         |                                           |
| spip [95]               | Fix cross-site scripting issue            |
|                         |                                           |
| stk [96]                | Install missing SKINI.{msg,tbl} include   |
|                         | files                                     |
|                         |                                           |
| sus [97]                | Update checksums for upstream tarball     |
|                         |                                           |
| swift [98]              | Fix unauthorized delete of versioned      |
|                         | Swift object [CVE-2015-1856]; fix         |
|                         | information leak via Swift tempurls       |
|                         | [CVE-2015-5223]; fix service name of      |
|                         | object-expirer in init script; add        |
|                         | container-sync init script;               |
|                         | "standardise"  user addition              |
|                         |                                           |
| systemd [99]            | Fix namespace breakage due to incorrect   |
|                         | path sorting; don't timeout after 90      |
|                         | seconds when no password was entered for  |
|                         | cryptsetup devices; only set the kernel's |
|                         | timezone when the RTC runs in local time, |
|                         | avoiding possible jumps backward in time; |
|                         | fix incorrect handling of comma separator |
|                         | in systemd-delta; make DHCP broadcast     |
|                         | behaviour configurable in systemd-        |
|                         | networkd                                  |
|                         |                                           |
| tangerine-icon-         | debian/clean-up.sh: do not run processes  |
| theme [100]             | in background                             |
|                         |                                           |
| torbrowser-             | Really apply patches from 0.1.9-1+deb8u1; |
| launcher [101]          | stop confining start-tor-browser script   |
|                         | with AppArmor; set usr.bin.torbrowser-    |
|                         | launcher AppArmor profiles to complain    |
|                         | mode                                      |
|                         |                                           |
| ttylog [102]            | Fix truncation of device name when        |
|                         | selecting device                          |
|                         |                                           |
| tzdata [103]            | New upstream release                      |
|                         |                                           |
| uqm [104]               | Add missing -lm flag, fixing build        |
|                         | failure                                   |
|                         |                                           |
| vlc [105]               | New upstream stable release               |
|                         |                                           |
| webkitgtk [106]         | New upstream stable release; fix  "late   |
|                         | TLS certificate verification"  [CVE-2015- |
|                         | 2330]                                     |
|                         |                                           |
| wxmaxima [107]          | Prevent crash on encountering parenthesis |
|                         | in dialogues                              |
|                         |                                           |
| zendframework [108]     | Fix entropy issue with captcha [ZF2015-   |
|                         | 09]                                       |
|                         |                                           |
+-------------------------+-------------------------------------------+

    1: https://packages.debian.org/src:android-platform-frameworks-base
    2: https://packages.debian.org/src:apache2
    3: https://packages.debian.org/src:apt
    4: https://packages.debian.org/src:apt-dater-host
    5: https://packages.debian.org/src:apt-offline
    6: https://packages.debian.org/src:arb
    7: https://packages.debian.org/src:augeas
    8: https://packages.debian.org/src:base-files
    9: https://packages.debian.org/src:bcfg2
   10: https://packages.debian.org/src:ben
   11: https://packages.debian.org/src:ca-certificates
   12: https://packages.debian.org/src:ceph
   13: https://packages.debian.org/src:charybdis
   14: https://packages.debian.org/src:chrony
   15: https://packages.debian.org/src:commons-httpclient
   16: https://packages.debian.org/src:cpuset
   17: https://packages.debian.org/src:curlftpfs
   18: https://packages.debian.org/src:dbconfig-common
   19: https://packages.debian.org/src:debian-handbook
   20: https://packages.debian.org/src:debian-installer
   21: https://packages.debian.org/src:debian-installer-netboot-images
   22: https://packages.debian.org/src:docbook2x
   23: https://packages.debian.org/src:doctrine
   24: https://packages.debian.org/src:drbd-utils
   25: https://packages.debian.org/src:ejabberd
   26: https://packages.debian.org/src:exfat-utils
   27: https://packages.debian.org/src:exim4
   28: https://packages.debian.org/src:fglrx-driver
   29: https://packages.debian.org/src:file
   30: https://packages.debian.org/src:flash-kernel
   31: https://packages.debian.org/src:fuse-exfat
   32: https://packages.debian.org/src:ganglia-modules-linux
   33: https://packages.debian.org/src:getmail4
   34: https://packages.debian.org/src:glance
   35: https://packages.debian.org/src:glibc
   36: https://packages.debian.org/src:gnome-orca
   37: https://packages.debian.org/src:gnome-shell-extension-weather
   38: https://packages.debian.org/src:gummi
   39: https://packages.debian.org/src:human-icon-theme
   40: https://packages.debian.org/src:ieee-data
   41: https://packages.debian.org/src:intel-microcode
   42: https://packages.debian.org/src:iptables-persistent
   43: https://packages.debian.org/src:isc-dhcp
   44: https://packages.debian.org/src:keepassx
   45: https://packages.debian.org/src:libapache-mod-fastcgi
   46: https://packages.debian.org/src:libapache2-mod-perl2
   47: https://packages.debian.org/src:libcgi-session-perl
   48: https://packages.debian.org/src:libdatetime-timezone-perl
   49: https://packages.debian.org/src:libencode-perl
   50: https://packages.debian.org/src:libhtml-scrubber-perl
   51: https://packages.debian.org/src:libinfinity
   52: https://packages.debian.org/src:libiptables-parse-perl
   53: https://packages.debian.org/src:libraw
   54: https://packages.debian.org/src:libssh
   55: https://packages.debian.org/src:linux
   56: https://packages.debian.org/src:linux-tools
   57: https://packages.debian.org/src:lldpd
   58: https://packages.debian.org/src:madfuload
   59: https://packages.debian.org/src:mdadm
   60: https://packages.debian.org/src:mkvmlinuz
   61: https://packages.debian.org/src:monit
   62: https://packages.debian.org/src:mpm-itk
   63: https://packages.debian.org/src:multipath-tools
   64: https://packages.debian.org/src:netcfg
   65: https://packages.debian.org/src:nvidia-graphics-drivers
   66: https://packages.debian.org/src:nvidia-graphics-drivers-legacy-304xx
   67: https://packages.debian.org/src:nvidia-graphics-modules
   68: https://packages.debian.org/src:openldap
   69: https://packages.debian.org/src:openvpn
   70: https://packages.debian.org/src:owncloud
   71: https://packages.debian.org/src:pam
   72: https://packages.debian.org/src:pcre3
   73: https://packages.debian.org/src:pdns
   74: https://packages.debian.org/src:perl
   75: https://packages.debian.org/src:php-auth-sasl
   76: https://packages.debian.org/src:php-doctrine-annotations
   77: https://packages.debian.org/src:php-doctrine-cache
   78: https://packages.debian.org/src:php-doctrine-common
   79: https://packages.debian.org/src:php-dropbox
   80: https://packages.debian.org/src:php-mail-mimedecode
   81: https://packages.debian.org/src:php5
   82: https://packages.debian.org/src:plowshare4
   83: https://packages.debian.org/src:postgresql-9.1
   84: https://packages.debian.org/src:pykerberos
   85: https://packages.debian.org/src:python-yaql
   86: https://packages.debian.org/src:qpsmtpd
   87: https://packages.debian.org/src:quassel
   88: https://packages.debian.org/src:redis
   89: https://packages.debian.org/src:redmine
   90: https://packages.debian.org/src:rsyslog
   91: https://packages.debian.org/src:ruby-bson
   92: https://packages.debian.org/src:s390-dasd
   93: https://packages.debian.org/src:shadow
   94: https://packages.debian.org/src:sparse
   95: https://packages.debian.org/src:spip
   96: https://packages.debian.org/src:stk
   97: https://packages.debian.org/src:sus
   98: https://packages.debian.org/src:swift
   99: https://packages.debian.org/src:systemd
  100: https://packages.debian.org/src:tangerine-icon-theme
  101: https://packages.debian.org/src:torbrowser-launcher
  102: https://packages.debian.org/src:ttylog
  103: https://packages.debian.org/src:tzdata
  104: https://packages.debian.org/src:uqm
  105: https://packages.debian.org/src:vlc
  106: https://packages.debian.org/src:webkitgtk
  107: https://packages.debian.org/src:wxmaxima
  108: https://packages.debian.org/src:zendframework

Security Updates
----------------

This revision adds the following security updates to the stable release.
The Security Team has already released an advisory for each of these
updates:

+----------------+------------------------------------+
| Advisory ID    | Package                            |
+----------------+------------------------------------+
| DSA-3208 [109] | freexl [110]                       |
|                |                                    |
| DSA-3235 [111] | openjdk-7 [112]                    |
|                |                                    |
| DSA-3280 [113] | php5 [114]                         |
|                |                                    |
| DSA-3311 [115] | mariadb-10.0 [116]                 |
|                |                                    |
| DSA-3316 [117] | openjdk-7 [118]                    |
|                |                                    |
| DSA-3324 [119] | icedove [120]                      |
|                |                                    |
| DSA-3327 [121] | squid3 [122]                       |
|                |                                    |
| DSA-3332 [123] | wordpress [124]                    |
|                |                                    |
| DSA-3337 [125] | gdk-pixbuf [126]                   |
|                |                                    |
| DSA-3344 [127] | php5 [128]                         |
|                |                                    |
| DSA-3346 [129] | drupal7 [130]                      |
|                |                                    |
| DSA-3347 [131] | pdns [132]                         |
|                |                                    |
| DSA-3348 [133] | qemu [134]                         |
|                |                                    |
| DSA-3350 [135] | bind9 [136]                        |
|                |                                    |
| DSA-3351 [137] | chromium-browser [138]             |
|                |                                    |
| DSA-3352 [139] | screen [140]                       |
|                |                                    |
| DSA-3353 [141] | openslp-dfsg [142]                 |
|                |                                    |
| DSA-3354 [143] | spice [144]                        |
|                |                                    |
| DSA-3355 [145] | libvdpau [146]                     |
|                |                                    |
| DSA-3356 [147] | openldap [148]                     |
|                |                                    |
| DSA-3357 [149] | vzctl [150]                        |
|                |                                    |
| DSA-3358 [151] | php5 [152]                         |
|                |                                    |
| DSA-3359 [153] | virtualbox [154]                   |
|                |                                    |
| DSA-3360 [155] | icu [156]                          |
|                |                                    |
| DSA-3361 [157] | qemu [158]                         |
|                |                                    |
| DSA-3363 [159] | owncloud-client [160]              |
|                |                                    |
| DSA-3364 [161] | linux [162]                        |
|                |                                    |
| DSA-3365 [163] | iceweasel [164]                    |
|                |                                    |
| DSA-3366 [165] | rpcbind [166]                      |
|                |                                    |
| DSA-3367 [167] | wireshark [168]                    |
|                |                                    |
| DSA-3368 [169] | cyrus-sasl2 [170]                  |
|                |                                    |
| DSA-3369 [171] | zendframework [172]                |
|                |                                    |
| DSA-3370 [173] | freetype [174]                     |
|                |                                    |
| DSA-3371 [175] | spice [176]                        |
|                |                                    |
| DSA-3373 [177] | owncloud [178]                     |
|                |                                    |
| DSA-3374 [179] | postgresql-9.4 [180]               |
|                |                                    |
| DSA-3375 [181] | wordpress [182]                    |
|                |                                    |
| DSA-3376 [183] | chromium-browser [184]             |
|                |                                    |
| DSA-3377 [185] | mysql-5.5 [186]                    |
|                |                                    |
| DSA-3378 [187] | gdk-pixbuf [188]                   |
|                |                                    |
| DSA-3379 [189] | miniupnpc [190]                    |
|                |                                    |
| DSA-3380 [191] | php5 [192]                         |
|                |                                    |
| DSA-3381 [193] | openjdk-7 [194]                    |
|                |                                    |
| DSA-3382 [195] | phpmyadmin [196]                   |
|                |                                    |
| DSA-3384 [197] | virtualbox [198]                   |
|                |                                    |
| DSA-3385 [199] | mariadb-10.0 [200]                 |
|                |                                    |
| DSA-3386 [201] | unzip [202]                        |
|                |                                    |
| DSA-3387 [203] | openafs [204]                      |
|                |                                    |
| DSA-3388 [205] | ntp [206]                          |
|                |                                    |
| DSA-3390 [207] | xen [208]                          |
|                |                                    |
| DSA-3391 [209] | php-horde [210]                    |
|                |                                    |
| DSA-3392 [211] | freeimage [212]                    |
|                |                                    |
| DSA-3393 [213] | iceweasel [214]                    |
|                |                                    |
| DSA-3394 [215] | libreoffice [216]                  |
|                |                                    |
| DSA-3395 [217] | krb5 [218]                         |
|                |                                    |
| DSA-3397 [219] | wpa [220]                          |
|                |                                    |
| DSA-3398 [221] | strongswan [222]                   |
|                |                                    |
| DSA-3399 [223] | libpng [224]                       |
|                |                                    |
| DSA-3400 [225] | lxc [226]                          |
|                |                                    |
| DSA-3401 [227] | openjdk-7 [228]                    |
|                |                                    |
| DSA-3402 [229] | symfony [230]                      |
|                |                                    |
| DSA-3403 [231] | libcommons-collections3-java [232] |
|                |                                    |
| DSA-3404 [233] | python-django [234]                |
|                |                                    |
| DSA-3405 [235] | smokeping [236]                    |
|                |                                    |
| DSA-3406 [237] | nspr [238]                         |
|                |                                    |
| DSA-3407 [239] | dpkg [240]                         |
|                |                                    |
| DSA-3409 [241] | putty [242]                        |
|                |                                    |
| DSA-3411 [243] | cups-filters [244]                 |
|                |                                    |
| DSA-3412 [245] | redis [246]                        |
|                |                                    |
| DSA-3413 [247] | openssl [248]                      |
|                |                                    |
| DSA-3414 [249] | xen [250]                          |
|                |                                    |
| DSA-3415 [251] | chromium-browser [252]             |
|                |                                    |
| DSA-3416 [253] | libphp-phpmailer [254]             |
|                |                                    |
| DSA-3417 [255] | bouncycastle [256]                 |
|                |                                    |
| DSA-3418 [257] | chromium-browser [258]             |
|                |                                    |
| DSA-3419 [259] | cups-filters [260]                 |
|                |                                    |
| DSA-3420 [261] | bind9 [262]                        |
|                |                                    |
| DSA-3421 [263] | grub2 [264]                        |
|                |                                    |
| DSA-3422 [265] | iceweasel [266]                    |
|                |                                    |
| DSA-3423 [267] | cacti [268]                        |
|                |                                    |
| DSA-3424 [269] | subversion [270]                   |
|                |                                    |
| DSA-3425 [271] | tryton-server [272]                |
|                |                                    |
| DSA-3426 [273] | linux [274]                        |
|                |                                    |
| DSA-3427 [275] | blueman [276]                      |
|                |                                    |
| DSA-3428 [277] | tomcat8 [278]                      |
|                |                                    |
| DSA-3429 [279] | foomatic-filters [280]             |
|                |                                    |
| DSA-3430 [281] | libxml2 [282]                      |
|                |                                    |
| DSA-3431 [283] | ganeti [284]                       |
|                |                                    |
| DSA-3433 [285] | ldb [286]                          |
|                |                                    |
| DSA-3433 [287] | samba [288]                        |
|                |                                    |
| DSA-3434 [289] | linux [290]                        |
|                |                                    |
| DSA-3435 [291] | git [292]                          |
|                |                                    |
| DSA-3438 [293] | xscreensaver [294]                 |
|                |                                    |
| DSA-3439 [295] | prosody [296]                      |
|                |                                    |
| DSA-3440 [297] | sudo [298]                         |
|                |                                    |
| DSA-3441 [299] | perl [300]                         |
|                |                                    |
| DSA-3442 [301] | isc-dhcp [302]                     |
|                |                                    |
| DSA-3443 [303] | libpng [304]                       |
|                |                                    |
| DSA-3444 [305] | wordpress [306]                    |
|                |                                    |
| DSA-3445 [307] | pygments [308]                     |
|                |                                    |
| DSA-3446 [309] | openssh [310]                      |
|                |                                    |
+----------------+------------------------------------+

  109: https://www.debian.org/security/2015/dsa-3208
  110: https://packages.debian.org/src:freexl
  111: https://www.debian.org/security/2015/dsa-3235
  112: https://packages.debian.org/src:openjdk-7
  113: https://www.debian.org/security/2015/dsa-3280
  114: https://packages.debian.org/src:php5
  115: https://www.debian.org/security/2015/dsa-3311
  116: https://packages.debian.org/src:mariadb-10.0
  117: https://www.debian.org/security/2015/dsa-3316
  118: https://packages.debian.org/src:openjdk-7
  119: https://www.debian.org/security/2015/dsa-3324
  120: https://packages.debian.org/src:icedove
  121: https://www.debian.org/security/2015/dsa-3327
  122: https://packages.debian.org/src:squid3
  123: https://www.debian.org/security/2015/dsa-3332
  124: https://packages.debian.org/src:wordpress
  125: https://www.debian.org/security/2015/dsa-3337
  126: https://packages.debian.org/src:gdk-pixbuf
  127: https://www.debian.org/security/2015/dsa-3344
  128: https://packages.debian.org/src:php5
  129: https://www.debian.org/security/2015/dsa-3346
  130: https://packages.debian.org/src:drupal7
  131: https://www.debian.org/security/2015/dsa-3347
  132: https://packages.debian.org/src:pdns
  133: https://www.debian.org/security/2015/dsa-3348
  134: https://packages.debian.org/src:qemu
  135: https://www.debian.org/security/2015/dsa-3350
  136: https://packages.debian.org/src:bind9
  137: https://www.debian.org/security/2015/dsa-3351
  138: https://packages.debian.org/src:chromium-browser
  139: https://www.debian.org/security/2015/dsa-3352
  140: https://packages.debian.org/src:screen
  141: https://www.debian.org/security/2015/dsa-3353
  142: https://packages.debian.org/src:openslp-dfsg
  143: https://www.debian.org/security/2015/dsa-3354
  144: https://packages.debian.org/src:spice
  145: https://www.debian.org/security/2015/dsa-3355
  146: https://packages.debian.org/src:libvdpau
  147: https://www.debian.org/security/2015/dsa-3356
  148: https://packages.debian.org/src:openldap
  149: https://www.debian.org/security/2015/dsa-3357
  150: https://packages.debian.org/src:vzctl
  151: https://www.debian.org/security/2015/dsa-3358
  152: https://packages.debian.org/src:php5
  153: https://www.debian.org/security/2015/dsa-3359
  154: https://packages.debian.org/src:virtualbox
  155: https://www.debian.org/security/2015/dsa-3360
  156: https://packages.debian.org/src:icu
  157: https://www.debian.org/security/2015/dsa-3361
  158: https://packages.debian.org/src:qemu
  159: https://www.debian.org/security/2015/dsa-3363
  160: https://packages.debian.org/src:owncloud-client
  161: https://www.debian.org/security/2015/dsa-3364
  162: https://packages.debian.org/src:linux
  163: https://www.debian.org/security/2015/dsa-3365
  164: https://packages.debian.org/src:iceweasel
  165: https://www.debian.org/security/2015/dsa-3366
  166: https://packages.debian.org/src:rpcbind
  167: https://www.debian.org/security/2015/dsa-3367
  168: https://packages.debian.org/src:wireshark
  169: https://www.debian.org/security/2015/dsa-3368
  170: https://packages.debian.org/src:cyrus-sasl2
  171: https://www.debian.org/security/2015/dsa-3369
  172: https://packages.debian.org/src:zendframework
  173: https://www.debian.org/security/2015/dsa-3370
  174: https://packages.debian.org/src:freetype
  175: https://www.debian.org/security/2015/dsa-3371
  176: https://packages.debian.org/src:spice
  177: https://www.debian.org/security/2015/dsa-3373
  178: https://packages.debian.org/src:owncloud
  179: https://www.debian.org/security/2015/dsa-3374
  180: https://packages.debian.org/src:postgresql-9.4
  181: https://www.debian.org/security/2015/dsa-3375
  182: https://packages.debian.org/src:wordpress
  183: https://www.debian.org/security/2015/dsa-3376
  184: https://packages.debian.org/src:chromium-browser
  185: https://www.debian.org/security/2015/dsa-3377
  186: https://packages.debian.org/src:mysql-5.5
  187: https://www.debian.org/security/2015/dsa-3378
  188: https://packages.debian.org/src:gdk-pixbuf
  189: https://www.debian.org/security/2015/dsa-3379
  190: https://packages.debian.org/src:miniupnpc
  191: https://www.debian.org/security/2015/dsa-3380
  192: https://packages.debian.org/src:php5
  193: https://www.debian.org/security/2015/dsa-3381
  194: https://packages.debian.org/src:openjdk-7
  195: https://www.debian.org/security/2015/dsa-3382
  196: https://packages.debian.org/src:phpmyadmin
  197: https://www.debian.org/security/2015/dsa-3384
  198: https://packages.debian.org/src:virtualbox
  199: https://www.debian.org/security/2015/dsa-3385
  200: https://packages.debian.org/src:mariadb-10.0
  201: https://www.debian.org/security/2015/dsa-3386
  202: https://packages.debian.org/src:unzip
  203: https://www.debian.org/security/2015/dsa-3387
  204: https://packages.debian.org/src:openafs
  205: https://www.debian.org/security/2015/dsa-3388
  206: https://packages.debian.org/src:ntp
  207: https://www.debian.org/security/2015/dsa-3390
  208: https://packages.debian.org/src:xen
  209: https://www.debian.org/security/2015/dsa-3391
  210: https://packages.debian.org/src:php-horde
  211: https://www.debian.org/security/2015/dsa-3392
  212: https://packages.debian.org/src:freeimage
  213: https://www.debian.org/security/2015/dsa-3393
  214: https://packages.debian.org/src:iceweasel
  215: https://www.debian.org/security/2015/dsa-3394
  216: https://packages.debian.org/src:libreoffice
  217: https://www.debian.org/security/2015/dsa-3395
  218: https://packages.debian.org/src:krb5
  219: https://www.debian.org/security/2015/dsa-3397
  220: https://packages.debian.org/src:wpa
  221: https://www.debian.org/security/2015/dsa-3398
  222: https://packages.debian.org/src:strongswan
  223: https://www.debian.org/security/2015/dsa-3399
  224: https://packages.debian.org/src:libpng
  225: https://www.debian.org/security/2015/dsa-3400
  226: https://packages.debian.org/src:lxc
  227: https://www.debian.org/security/2015/dsa-3401
  228: https://packages.debian.org/src:openjdk-7
  229: https://www.debian.org/security/2015/dsa-3402
  230: https://packages.debian.org/src:symfony
  231: https://www.debian.org/security/2015/dsa-3403
  232: https://packages.debian.org/src:libcommons-collections3-java
  233: https://www.debian.org/security/2015/dsa-3404
  234: https://packages.debian.org/src:python-django
  235: https://www.debian.org/security/2015/dsa-3405
  236: https://packages.debian.org/src:smokeping
  237: https://www.debian.org/security/2015/dsa-3406
  238: https://packages.debian.org/src:nspr
  239: https://www.debian.org/security/2015/dsa-3407
  240: https://packages.debian.org/src:dpkg
  241: https://www.debian.org/security/2015/dsa-3409
  242: https://packages.debian.org/src:putty
  243: https://www.debian.org/security/2015/dsa-3411
  244: https://packages.debian.org/src:cups-filters
  245: https://www.debian.org/security/2015/dsa-3412
  246: https://packages.debian.org/src:redis
  247: https://www.debian.org/security/2015/dsa-3413
  248: https://packages.debian.org/src:openssl
  249: https://www.debian.org/security/2015/dsa-3414
  250: https://packages.debian.org/src:xen
  251: https://www.debian.org/security/2015/dsa-3415
  252: https://packages.debian.org/src:chromium-browser
  253: https://www.debian.org/security/2015/dsa-3416
  254: https://packages.debian.org/src:libphp-phpmailer
  255: https://www.debian.org/security/2015/dsa-3417
  256: https://packages.debian.org/src:bouncycastle
  257: https://www.debian.org/security/2015/dsa-3418
  258: https://packages.debian.org/src:chromium-browser
  259: https://www.debian.org/security/2015/dsa-3419
  260: https://packages.debian.org/src:cups-filters
  261: https://www.debian.org/security/2015/dsa-3420
  262: https://packages.debian.org/src:bind9
  263: https://www.debian.org/security/2015/dsa-3421
  264: https://packages.debian.org/src:grub2
  265: https://www.debian.org/security/2015/dsa-3422
  266: https://packages.debian.org/src:iceweasel
  267: https://www.debian.org/security/2015/dsa-3423
  268: https://packages.debian.org/src:cacti
  269: https://www.debian.org/security/2015/dsa-3424
  270: https://packages.debian.org/src:subversion
  271: https://www.debian.org/security/2015/dsa-3425
  272: https://packages.debian.org/src:tryton-server
  273: https://www.debian.org/security/2015/dsa-3426
  274: https://packages.debian.org/src:linux
  275: https://www.debian.org/security/2015/dsa-3427
  276: https://packages.debian.org/src:blueman
  277: https://www.debian.org/security/2015/dsa-3428
  278: https://packages.debian.org/src:tomcat8
  279: https://www.debian.org/security/2015/dsa-3429
  280: https://packages.debian.org/src:foomatic-filters
  281: https://www.debian.org/security/2015/dsa-3430
  282: https://packages.debian.org/src:libxml2
  283: https://www.debian.org/security/2016/dsa-3431
  284: https://packages.debian.org/src:ganeti
  285: https://www.debian.org/security/2016/dsa-3433
  286: https://packages.debian.org/src:ldb
  287: https://www.debian.org/security/2016/dsa-3433
  288: https://packages.debian.org/src:samba
  289: https://www.debian.org/security/2016/dsa-3434
  290: https://packages.debian.org/src:linux
  291: https://www.debian.org/security/2016/dsa-3435
  292: https://packages.debian.org/src:git
  293: https://www.debian.org/security/2016/dsa-3438
  294: https://packages.debian.org/src:xscreensaver
  295: https://www.debian.org/security/2016/dsa-3439
  296: https://packages.debian.org/src:prosody
  297: https://www.debian.org/security/2016/dsa-3440
  298: https://packages.debian.org/src:sudo
  299: https://www.debian.org/security/2016/dsa-3441
  300: https://packages.debian.org/src:perl
  301: https://www.debian.org/security/2016/dsa-3442
  302: https://packages.debian.org/src:isc-dhcp
  303: https://www.debian.org/security/2016/dsa-3443
  304: https://packages.debian.org/src:libpng
  305: https://www.debian.org/security/2016/dsa-3444
  306: https://packages.debian.org/src:wordpress
  307: https://www.debian.org/security/2016/dsa-3445
  308: https://packages.debian.org/src:pygments
  309: https://www.debian.org/security/2016/dsa-3446
  310: https://packages.debian.org/src:openssh

Removed packages
----------------

The following packages were removed due to circumstances beyond our
control:

+---------------------+--------------------------------------------+
| Package             | Reason                                     |
+---------------------+--------------------------------------------+
| core-network [311]  | Security issues                            |
|                     |                                            |
| elasticsearch [312] | No longer supported                        |
|                     |                                            |
| googlecl [313]      | Broken due to relying on obsolete APIs     |
|                     |                                            |
| libnsbmp [314]      | Security issues, unmaintained              |
|                     |                                            |
| libnsgif [315]      | Security issues, unmaintained              |
|                     |                                            |
| vimperator [316]    | Incompatible with newer iceweasel versions |
|                     |                                            |
+---------------------+--------------------------------------------+

  311: https://packages.debian.org/src:core-network
  312: https://packages.debian.org/src:elasticsearch
  313: https://packages.debian.org/src:googlecl
  314: https://packages.debian.org/src:libnsbmp
  315: https://packages.debian.org/src:libnsgif
  316: https://packages.debian.org/src:vimperator

Debian Installer
----------------

URLs
----

The complete lists of packages that have changed with this revision:

http://ftp.debian.org/debian/dists/jessie/ChangeLog


The current stable distribution:

http://ftp.debian.org/debian/dists/stable/


Proposed updates to the stable distribution:

http://ftp.debian.org/debian/dists/proposed-updates


stable distribution information (release notes, errata etc.):

https://www.debian.org/releases/stable/


Security announcements and information:

https://security.debian.org/ [317]

  317: https://www.debian.org/security/


About Debian
------------

The Debian Project is an association of Free Software developers who
volunteer their time and effort in order to produce the completely free
operating system Debian.


Contact Information
-------------------

For further information, please visit the Debian web pages at
https://www.debian.org/, send mail to <press@debian.org>, or contact the
stable release team at <debian-release@lists.debian.org>.



Attachment: signature.asc
Description: Digital signature


Reply to: