------------------------------------------------------------------------ The Debian Project https://www.debian.org/ Updated Debian 8: 8.3 released press@debian.org January 23rd, 2016 https://www.debian.org/News/2016/20160123 ------------------------------------------------------------------------ The Debian project is pleased to announce the third update of its stable distribution Debian 8 (codename "jessie"). This update mainly adds corrections for security problems to the stable release, along with a few adjustments for serious problems. Security advisories were published separately and are referenced where applicable. Please note that this update does not constitute a new version of Debian 8 but only updates some of the packages included. There is no need to throw away old "jessie" CDs or DVDs but only to update via an up-to-date Debian mirror after an installation, to cause any out of date packages to be updated. Those who frequently install updates from security.debian.org won't have to update many packages and most updates from security.debian.org are included in this update. New installation media and CD and DVD images containing updated packages will be available soon at the regular locations. Upgrading to this revision online is usually done by pointing the aptitude (or apt) package tool (see the sources.list(5) manual page) to one of Debian's many FTP or HTTP mirrors. A comprehensive list of mirrors is available at: https://www.debian.org/mirror/list Miscellaneous Bugfixes ---------------------- This stable update adds important corrections to the following packages: +-------------------------+-------------------------------------------+ | Package | Reason | +-------------------------+-------------------------------------------+ | android-platform- | [i386] rebuild to fix dependency on | | frameworks-base [1] | android-libhost | | | | | apache2 [2] | Fix split-logfile to work with current | | | perl, secondary-init-script to not source | | | the main init script with 'set -e', tests | | | on deferred MPM switch; add versioned | | | Replaces / Breaks for libapache2-mod- | | | macro | | | | | apt [3] | Hide first pdiff merge failure debug | | | message; fix marking of deps of pkgs in | | | APT::Never-MarkAuto-Sections as manual; | | | do not parse Status fields from remote | | | sources | | | | | apt-dater-host [4] | Fix kernel version detection | | | | | apt-offline [5] | Add missing dependency on python-apt | | | | | arb [6] | Skip compiler version check | | | | | augeas [7] | HTTPD lense: include /etc/apache2/conf- | | | available directory, allow EOL comments | | | after section tags | | | | | base-files [8] | Update for the 8.3 point release; os- | | | release: drop trailing slash in | | | SUPPORT_URL variable | | | | | bcfg2 [9] | Support Django 1.7 | | | | | ben [10] | Fix buildd.debian.org compact links; | | | ignore potential errors when deleting | | | lock file; call dose-debcheck with --deb- | | | native-arch | | | | | ca-certificates [11] | Update Mozilla certificate authority | | | bundle to version 2.6 | | | | | ceph [12] | URL-encode bucket name [CVE-2015-5245] | | | | | charybdis [13] | Security fix [CVE-2015-5290]; initialise | | | gnutls properly | | | | | chrony [14] | Build depend on libcap-dev, to allow | | | dropping of privileges | | | | | commons-httpclient [15] | Ensure HTTPS calls use | | | http.socket.timeout during SSL Handshake | | | [CVE-2015-5262] | | | | | cpuset [16] | Update filesystem namespace prefix patch | | | | | curlftpfs [17] | Avoid unsafe cast for getpass() on 64-bit | | | architectures | | | | | dbconfig-common [18] | Fix permissions of PostgreSQL backup | | | files | | | | | debian-handbook [19] | Update for Jessie | | | | | debian-installer [20] | Re-introduce installer images for QNAP | | | TS-x09; provide u-boot images for plug | | | computers; add the part_gpt module into | | | the core grub image; add beep to UEFI x86 | | | boot menu; add 's' shortcut for speech to | | | UEFI x86 boot menu; exclude usb-serial- | | | modules from the armel network-console | | | image and usb-modules explicitly on | | | armel/orion5x network-console; drop the | | | file extension from the initrd for QNAP | | | devices; adjust p-u support to handle | | | file:// instead of (f|ht)tp:// only | | | | | debian-installer- | Rebuild for the point release | | netboot-images [21] | | | | | | docbook2x [22] | Do not install info/dir.gz files | | | | | doctrine [23] | Fix directory permissions issue | | | [CVE-2015-5723] | | | | | drbd-utils [24] | Fix drbdadm adjust with IPv6 peer | | | addresses | | | | | ejabberd [25] | Fix broken LDAP queries | | | | | exfat-utils [26] | Fix buffer overflow and infinite loop | | | | | exim4 [27] | Fix some MIME ACL related crashes; fix a | | | bug causing duplicate deliveries, | | | especially on TLS connections | | | | | fglrx-driver [28] | New upstream release; fix security issue | | | [CVE-2015-7724] | | | | | file [29] | Fix --parameter handling | | | | | flash-kernel [30] | Avoid waiting for Ctrl-C if any debconf | | | frontend is in use | | | | | fuse-exfat [31] | Fix buffer overflow and infinite loop | | | | | ganglia-modules- | Only restart the ganglia service after | | linux [32] | installation if it was previously running | | | | | getmail4 [33] | Set poplib._MAXLINE=1MB | | | | | glance [34] | Prevent image status being directly | | | modified via v1 API [CVE-2015-5251] | | | | | glibc [35] | Fix getaddrinfo sometimes returning | | | uninitialized data with nscd; fix data | | | corruption while reading the NSS files | | | database [CVE-2015-5277]; fix buffer | | | overflow (read past end of buffer) in | | | internal_fnmatch; fix _IO_wstr_overflow | | | integer overflow; fix unexpected closing | | | of nss_files databases after lookups, | | | causing denial of service [CVE-2014- | | | 8121]; fix NSCD netgroup cache; | | | unconditionally disable LD_POINTER_GUARD; | | | mangle function pointers in | | | tls_dtor_list; fix memory allocations | | | issues that can lead to buffer overflows | | | on the stack; update TSX blacklist to | | | also include some Broadwell CPUs | | | | | gnome-orca [36] | Ensure correct focus on password entry, | | | so characters are not echoed | | | | | gnome-shell-extension- | Display a warning if API key has not been | | weather [37] | supplied by the user, since querying | | | openweathermap.org no longer works | | | without such a key | | | | | gummi [38] | Avoid predictable naming of temporary | | | files [CVE 2015-7758] | | | | | human-icon-theme [39] | debian/clean-up.sh: do not run processes | | | in background | | | | | ieee-data [40] | Update included data files, adding | | | mam.txt and oui36.txt; stop downloading | | | via HTTPS, as neither wget nor curl | | | support TLS AIA, as now used by | | | standards.ieee.org | | | | | intel-microcode [41] | Update included microcode | | | | | iptables- | Stop rules files being world-readable; | | persistent [42] | rewrite README | | | | | isc-dhcp [43] | Fix error when maximum lease time is used | | | on 64-bit systems | | | | | keepassx [44] | Fix storage of passwords in clear text | | | [CVE-2015-8378] | | | | | libapache-mod- | Switch B-D from libtool to libtool-bin to | | fastcgi [45] | fix build failure | | | | | libapache2-mod- | Fix crashes in modperl_interp_unselect() | | perl2 [46] | | | | | | libcgi-session- | Untaint raw data coming from session | | perl [47] | storage backends, fixing a regression | | | caused by CVE-2015-8607 fixes in perl | | | | | libdatetime-timezone- | New upstream release | | perl [48] | | | | | | libencode-perl [49] | Correctly handle a lack of BOM when | | | decoding | | | | | libhtml-scrubber- | Fix cross-site scripting vulnerability in | | perl [50] | comments [CVE-2015-5667] | | | | | libinfinity [51] | Fix possible crashes when an entry is | | | removed from the document browser and | | | when access control lists are enabled | | | | | libiptables-parse- | Fix use of predictable names for | | perl [52] | temporary files [CVE-2015-8326] | | | | | libraw [53] | Fix index overflow in smal_decode_segment | | | [CVE-2015-8366]; fix memory objects are | | | not intialized properly [CVE-2015-8367] | | | | | libssh [54] | Fix "null pointer dereference due to a | | | logical error in the handling of a | | | SSH_MSG_NEWKEYS and KEXDH_REPLY | | | packets" [CVE-2015-3146] | | | | | linux [55] | Update to upstream release 3.16.7-ctk20; | | | nbd: restore request timeout detection; | | | [x86] enable PINCTRL_BAYTRAIL; [mips*/ | | | octeon] enable CAVIUM_CN63XXP1; | | | firmware_class: fix condition in | | | directory search loop; [x86] KVM: svm: | | | unconditionally intercept #DB [CVE-2015- | | | 8104] | | | | | linux-tools [56] | Add new hyperv-daemons package | | | | | lldpd [57] | Fix a segfault and an assertion error | | | when receiving incorrectly formed LLDP | | | management addresses | | | | | madfuload [58] | Use autoreconf -fi to fix build failure | | | with automake 1.14 | | | | | mdadm [59] | Disable incremental assembly, as it can | | | cause issues booting a degraded RAID | | | | | mkvmlinuz [60] | Direct run-parts output to stderr | | | | | monit [61] | Fix umask-related regression from 5.8.1 | | | | | mpm-itk [62] | Fix an issue where closing of connections | | | was attempted in the parent. This would | | | result in "Connection: close" not being | | | honoured, and various odd effects with | | | SSL keepalive in certain browsers | | | | | multipath-tools [63] | Fix discovery of devices with blank sysfs | | | attribute; add documentation to cover | | | additional friendly names scenarios; | | | init: fix stop failure when no root | | | device is found; use 'SCSI_IDENT_.*' as | | | the default property whitelist | | | | | netcfg [64] | Fix is_layer3_qeth on s390x to avoid | | | bailing out if the network driver is not | | | qeth | | | | | nvidia-graphics- | New upstream release [CVE-2015-5950]; fix | | drivers [65] | Unsanitized User Mode Input issue | | | [CVE-2015-7869] | | | | | nvidia-graphics- | New upstream release; fix unsanitized | | drivers- | User Mode Input issue [CVE-2015-7869] | | legacy-304xx [66] | | | | | | nvidia-graphics- | Rebuild against nvidia-kernel-source | | modules [67] | 340.96 | | | | | openldap [68] | Fix a crash when adding a large attribute | | | value with the auditlog overlay enabled | | | | | openvpn [69] | Add --no-block to if-up.d script to avoid | | | hanging boot on interfaces with openvpn | | | instances | | | | | owncloud [70] | Fix local file inclusion on Microsoft | | | Windows Platform [CVE-2015-4716], | | | resource exhaustion when sanitizing | | | filenames [CVE-2015-4717], command | | | injection when using external SMB storage | | | [CVE-2015-4718], calendar export: | | | Authorization Bypass Through User- | | | Controlled Key [CVE-2015-6670]; fix | | | reflected XSS in OCS provider discovery | | | [oc-sa-2016-001] [CVE-2016-1498], | | | disclosure of files that begin with \ ".v | | | \" due to unchecked return value [oc- | | | sa-2016-003] [CVE-2016-1500], information | | | exposure via directory listing in the | | | file scanner [oc-sa-2016-002] [CVE-2016- | | | 1499], installation path disclosure | | | through error message [oc-sa-2016-004] | | | [CVE-2016-1501] | | | | | pam [71] | Fix DoS / user enumeration due to | | | blocking pipe in pam_unix [CVE-2015-3238] | | | | | pcre3 [72] | Fix security issues [CVE-2015-2325 | | | CVE-2015-2326 CVE-2015-3210 CVE-2015-5073 | | | CVE-2015-8384 CVE-2015-8388] | | | | | pdns [73] | Fix upgrades with default configuration | | | | | perl [74] | Correctly handle a lack of BOM when | | | decoding | | | | | php-auth-sasl [75] | Rebuild with pkg-php-tools 1.28 to | | | correct PHP dependencies | | | | | php-doctrine- | Fix directory permissions issue | | annotations [76] | [CVE-2015-5723] | | | | | php-doctrine-cache [77] | Fix file / directory permissions issue | | | [CVE-2015-5723] | | | | | php-doctrine- | Fix file permissions issue [CVE-2015- | | common [78] | 5723] | | | | | php-dropbox [79] | Refuse to handle any files containing an | | | @ [CVE-2015-4715] | | | | | php-mail- | Rebuild with pkg-php-tools 1.28 to | | mimedecode [80] | correct PHP dependencies | | | | | php5 [81] | New upstream release | | | | | plowshare4 [82] | Disable Javascript support | | | | | postgresql-9.1 [83] | New upstream release | | | | | pykerberos [84] | Add KDC authenticity verification support | | | [CVE-2015-3206] | | | | | python-yaql [85] | Remove broken python3-yaql package | | | | | qpsmtpd [86] | Fix compatibility issue with newer | | | Net::DNS versions | | | | | quassel [87] | Fix remote DoS in quassel core, using /op | | | * command [CVE-2015-8547] | | | | | redis [88] | Ensure that a valid runtime directory is | | | created when running under systemd | | | | | redmine [89] | Fix upgrades when there are locally- | | | installed plugins; fix moving issues | | | across projects | | | | | rsyslog [90] | Fix crash in imfile module when using | | | inotify mode; prevent a segfault in | | | dynafile creation | | | | | ruby-bson [91] | Fix DoS and possible injection [CVE-2015- | | | 4410] | | | | | s390-dasd [92] | If no channel is found, exit cleanly. | | | This allows s390-dasd to step out of the | | | way on VMs with virtio disks | | | | | shadow [93] | Fix error handling in busy user detection | | | | | sparse [94] | Fix build failure with llvm-3.5 | | | | | spip [95] | Fix cross-site scripting issue | | | | | stk [96] | Install missing SKINI.{msg,tbl} include | | | files | | | | | sus [97] | Update checksums for upstream tarball | | | | | swift [98] | Fix unauthorized delete of versioned | | | Swift object [CVE-2015-1856]; fix | | | information leak via Swift tempurls | | | [CVE-2015-5223]; fix service name of | | | object-expirer in init script; add | | | container-sync init script; | | | "standardise" user addition | | | | | systemd [99] | Fix namespace breakage due to incorrect | | | path sorting; don't timeout after 90 | | | seconds when no password was entered for | | | cryptsetup devices; only set the kernel's | | | timezone when the RTC runs in local time, | | | avoiding possible jumps backward in time; | | | fix incorrect handling of comma separator | | | in systemd-delta; make DHCP broadcast | | | behaviour configurable in systemd- | | | networkd | | | | | tangerine-icon- | debian/clean-up.sh: do not run processes | | theme [100] | in background | | | | | torbrowser- | Really apply patches from 0.1.9-1+deb8u1; | | launcher [101] | stop confining start-tor-browser script | | | with AppArmor; set usr.bin.torbrowser- | | | launcher AppArmor profiles to complain | | | mode | | | | | ttylog [102] | Fix truncation of device name when | | | selecting device | | | | | tzdata [103] | New upstream release | | | | | uqm [104] | Add missing -lm flag, fixing build | | | failure | | | | | vlc [105] | New upstream stable release | | | | | webkitgtk [106] | New upstream stable release; fix "late | | | TLS certificate verification" [CVE-2015- | | | 2330] | | | | | wxmaxima [107] | Prevent crash on encountering parenthesis | | | in dialogues | | | | | zendframework [108] | Fix entropy issue with captcha [ZF2015- | | | 09] | | | | +-------------------------+-------------------------------------------+ 1: https://packages.debian.org/src:android-platform-frameworks-base 2: https://packages.debian.org/src:apache2 3: https://packages.debian.org/src:apt 4: https://packages.debian.org/src:apt-dater-host 5: https://packages.debian.org/src:apt-offline 6: https://packages.debian.org/src:arb 7: https://packages.debian.org/src:augeas 8: https://packages.debian.org/src:base-files 9: https://packages.debian.org/src:bcfg2 10: https://packages.debian.org/src:ben 11: https://packages.debian.org/src:ca-certificates 12: https://packages.debian.org/src:ceph 13: https://packages.debian.org/src:charybdis 14: https://packages.debian.org/src:chrony 15: https://packages.debian.org/src:commons-httpclient 16: https://packages.debian.org/src:cpuset 17: https://packages.debian.org/src:curlftpfs 18: https://packages.debian.org/src:dbconfig-common 19: https://packages.debian.org/src:debian-handbook 20: https://packages.debian.org/src:debian-installer 21: https://packages.debian.org/src:debian-installer-netboot-images 22: https://packages.debian.org/src:docbook2x 23: https://packages.debian.org/src:doctrine 24: https://packages.debian.org/src:drbd-utils 25: https://packages.debian.org/src:ejabberd 26: https://packages.debian.org/src:exfat-utils 27: https://packages.debian.org/src:exim4 28: https://packages.debian.org/src:fglrx-driver 29: https://packages.debian.org/src:file 30: https://packages.debian.org/src:flash-kernel 31: https://packages.debian.org/src:fuse-exfat 32: https://packages.debian.org/src:ganglia-modules-linux 33: https://packages.debian.org/src:getmail4 34: https://packages.debian.org/src:glance 35: https://packages.debian.org/src:glibc 36: https://packages.debian.org/src:gnome-orca 37: https://packages.debian.org/src:gnome-shell-extension-weather 38: https://packages.debian.org/src:gummi 39: https://packages.debian.org/src:human-icon-theme 40: https://packages.debian.org/src:ieee-data 41: https://packages.debian.org/src:intel-microcode 42: https://packages.debian.org/src:iptables-persistent 43: https://packages.debian.org/src:isc-dhcp 44: https://packages.debian.org/src:keepassx 45: https://packages.debian.org/src:libapache-mod-fastcgi 46: https://packages.debian.org/src:libapache2-mod-perl2 47: https://packages.debian.org/src:libcgi-session-perl 48: https://packages.debian.org/src:libdatetime-timezone-perl 49: https://packages.debian.org/src:libencode-perl 50: https://packages.debian.org/src:libhtml-scrubber-perl 51: https://packages.debian.org/src:libinfinity 52: https://packages.debian.org/src:libiptables-parse-perl 53: https://packages.debian.org/src:libraw 54: https://packages.debian.org/src:libssh 55: https://packages.debian.org/src:linux 56: https://packages.debian.org/src:linux-tools 57: https://packages.debian.org/src:lldpd 58: https://packages.debian.org/src:madfuload 59: https://packages.debian.org/src:mdadm 60: https://packages.debian.org/src:mkvmlinuz 61: https://packages.debian.org/src:monit 62: https://packages.debian.org/src:mpm-itk 63: https://packages.debian.org/src:multipath-tools 64: https://packages.debian.org/src:netcfg 65: https://packages.debian.org/src:nvidia-graphics-drivers 66: https://packages.debian.org/src:nvidia-graphics-drivers-legacy-304xx 67: https://packages.debian.org/src:nvidia-graphics-modules 68: https://packages.debian.org/src:openldap 69: https://packages.debian.org/src:openvpn 70: https://packages.debian.org/src:owncloud 71: https://packages.debian.org/src:pam 72: https://packages.debian.org/src:pcre3 73: https://packages.debian.org/src:pdns 74: https://packages.debian.org/src:perl 75: https://packages.debian.org/src:php-auth-sasl 76: https://packages.debian.org/src:php-doctrine-annotations 77: https://packages.debian.org/src:php-doctrine-cache 78: https://packages.debian.org/src:php-doctrine-common 79: https://packages.debian.org/src:php-dropbox 80: https://packages.debian.org/src:php-mail-mimedecode 81: https://packages.debian.org/src:php5 82: https://packages.debian.org/src:plowshare4 83: https://packages.debian.org/src:postgresql-9.1 84: https://packages.debian.org/src:pykerberos 85: https://packages.debian.org/src:python-yaql 86: https://packages.debian.org/src:qpsmtpd 87: https://packages.debian.org/src:quassel 88: https://packages.debian.org/src:redis 89: https://packages.debian.org/src:redmine 90: https://packages.debian.org/src:rsyslog 91: https://packages.debian.org/src:ruby-bson 92: https://packages.debian.org/src:s390-dasd 93: https://packages.debian.org/src:shadow 94: https://packages.debian.org/src:sparse 95: https://packages.debian.org/src:spip 96: https://packages.debian.org/src:stk 97: https://packages.debian.org/src:sus 98: https://packages.debian.org/src:swift 99: https://packages.debian.org/src:systemd 100: https://packages.debian.org/src:tangerine-icon-theme 101: https://packages.debian.org/src:torbrowser-launcher 102: https://packages.debian.org/src:ttylog 103: https://packages.debian.org/src:tzdata 104: https://packages.debian.org/src:uqm 105: https://packages.debian.org/src:vlc 106: https://packages.debian.org/src:webkitgtk 107: https://packages.debian.org/src:wxmaxima 108: https://packages.debian.org/src:zendframework Security Updates ---------------- This revision adds the following security updates to the stable release. The Security Team has already released an advisory for each of these updates: +----------------+------------------------------------+ | Advisory ID | Package | +----------------+------------------------------------+ | DSA-3208 [109] | freexl [110] | | | | | DSA-3235 [111] | openjdk-7 [112] | | | | | DSA-3280 [113] | php5 [114] | | | | | DSA-3311 [115] | mariadb-10.0 [116] | | | | | DSA-3316 [117] | openjdk-7 [118] | | | | | DSA-3324 [119] | icedove [120] | | | | | DSA-3327 [121] | squid3 [122] | | | | | DSA-3332 [123] | wordpress [124] | | | | | DSA-3337 [125] | gdk-pixbuf [126] | | | | | DSA-3344 [127] | php5 [128] | | | | | DSA-3346 [129] | drupal7 [130] | | | | | DSA-3347 [131] | pdns [132] | | | | | DSA-3348 [133] | qemu [134] | | | | | DSA-3350 [135] | bind9 [136] | | | | | DSA-3351 [137] | chromium-browser [138] | | | | | DSA-3352 [139] | screen [140] | | | | | DSA-3353 [141] | openslp-dfsg [142] | | | | | DSA-3354 [143] | spice [144] | | | | | DSA-3355 [145] | libvdpau [146] | | | | | DSA-3356 [147] | openldap [148] | | | | | DSA-3357 [149] | vzctl [150] | | | | | DSA-3358 [151] | php5 [152] | | | | | DSA-3359 [153] | virtualbox [154] | | | | | DSA-3360 [155] | icu [156] | | | | | DSA-3361 [157] | qemu [158] | | | | | DSA-3363 [159] | owncloud-client [160] | | | | | DSA-3364 [161] | linux [162] | | | | | DSA-3365 [163] | iceweasel [164] | | | | | DSA-3366 [165] | rpcbind [166] | | | | | DSA-3367 [167] | wireshark [168] | | | | | DSA-3368 [169] | cyrus-sasl2 [170] | | | | | DSA-3369 [171] | zendframework [172] | | | | | DSA-3370 [173] | freetype [174] | | | | | DSA-3371 [175] | spice [176] | | | | | DSA-3373 [177] | owncloud [178] | | | | | DSA-3374 [179] | postgresql-9.4 [180] | | | | | DSA-3375 [181] | wordpress [182] | | | | | DSA-3376 [183] | chromium-browser [184] | | | | | DSA-3377 [185] | mysql-5.5 [186] | | | | | DSA-3378 [187] | gdk-pixbuf [188] | | | | | DSA-3379 [189] | miniupnpc [190] | | | | | DSA-3380 [191] | php5 [192] | | | | | DSA-3381 [193] | openjdk-7 [194] | | | | | DSA-3382 [195] | phpmyadmin [196] | | | | | DSA-3384 [197] | virtualbox [198] | | | | | DSA-3385 [199] | mariadb-10.0 [200] | | | | | DSA-3386 [201] | unzip [202] | | | | | DSA-3387 [203] | openafs [204] | | | | | DSA-3388 [205] | ntp [206] | | | | | DSA-3390 [207] | xen [208] | | | | | DSA-3391 [209] | php-horde [210] | | | | | DSA-3392 [211] | freeimage [212] | | | | | DSA-3393 [213] | iceweasel [214] | | | | | DSA-3394 [215] | libreoffice [216] | | | | | DSA-3395 [217] | krb5 [218] | | | | | DSA-3397 [219] | wpa [220] | | | | | DSA-3398 [221] | strongswan [222] | | | | | DSA-3399 [223] | libpng [224] | | | | | DSA-3400 [225] | lxc [226] | | | | | DSA-3401 [227] | openjdk-7 [228] | | | | | DSA-3402 [229] | symfony [230] | | | | | DSA-3403 [231] | libcommons-collections3-java [232] | | | | | DSA-3404 [233] | python-django [234] | | | | | DSA-3405 [235] | smokeping [236] | | | | | DSA-3406 [237] | nspr [238] | | | | | DSA-3407 [239] | dpkg [240] | | | | | DSA-3409 [241] | putty [242] | | | | | DSA-3411 [243] | cups-filters [244] | | | | | DSA-3412 [245] | redis [246] | | | | | DSA-3413 [247] | openssl [248] | | | | | DSA-3414 [249] | xen [250] | | | | | DSA-3415 [251] | chromium-browser [252] | | | | | DSA-3416 [253] | libphp-phpmailer [254] | | | | | DSA-3417 [255] | bouncycastle [256] | | | | | DSA-3418 [257] | chromium-browser [258] | | | | | DSA-3419 [259] | cups-filters [260] | | | | | DSA-3420 [261] | bind9 [262] | | | | | DSA-3421 [263] | grub2 [264] | | | | | DSA-3422 [265] | iceweasel [266] | | | | | DSA-3423 [267] | cacti [268] | | | | | DSA-3424 [269] | subversion [270] | | | | | DSA-3425 [271] | tryton-server [272] | | | | | DSA-3426 [273] | linux [274] | | | | | DSA-3427 [275] | blueman [276] | | | | | DSA-3428 [277] | tomcat8 [278] | | | | | DSA-3429 [279] | foomatic-filters [280] | | | | | DSA-3430 [281] | libxml2 [282] | | | | | DSA-3431 [283] | ganeti [284] | | | | | DSA-3433 [285] | ldb [286] | | | | | DSA-3433 [287] | samba [288] | | | | | DSA-3434 [289] | linux [290] | | | | | DSA-3435 [291] | git [292] | | | | | DSA-3438 [293] | xscreensaver [294] | | | | | DSA-3439 [295] | prosody [296] | | | | | DSA-3440 [297] | sudo [298] | | | | | DSA-3441 [299] | perl [300] | | | | | DSA-3442 [301] | isc-dhcp [302] | | | | | DSA-3443 [303] | libpng [304] | | | | | DSA-3444 [305] | wordpress [306] | | | | | DSA-3445 [307] | pygments [308] | | | | | DSA-3446 [309] | openssh [310] | | | | +----------------+------------------------------------+ 109: https://www.debian.org/security/2015/dsa-3208 110: https://packages.debian.org/src:freexl 111: https://www.debian.org/security/2015/dsa-3235 112: https://packages.debian.org/src:openjdk-7 113: https://www.debian.org/security/2015/dsa-3280 114: https://packages.debian.org/src:php5 115: https://www.debian.org/security/2015/dsa-3311 116: https://packages.debian.org/src:mariadb-10.0 117: https://www.debian.org/security/2015/dsa-3316 118: https://packages.debian.org/src:openjdk-7 119: https://www.debian.org/security/2015/dsa-3324 120: https://packages.debian.org/src:icedove 121: https://www.debian.org/security/2015/dsa-3327 122: https://packages.debian.org/src:squid3 123: https://www.debian.org/security/2015/dsa-3332 124: https://packages.debian.org/src:wordpress 125: https://www.debian.org/security/2015/dsa-3337 126: https://packages.debian.org/src:gdk-pixbuf 127: https://www.debian.org/security/2015/dsa-3344 128: https://packages.debian.org/src:php5 129: https://www.debian.org/security/2015/dsa-3346 130: https://packages.debian.org/src:drupal7 131: https://www.debian.org/security/2015/dsa-3347 132: https://packages.debian.org/src:pdns 133: https://www.debian.org/security/2015/dsa-3348 134: https://packages.debian.org/src:qemu 135: https://www.debian.org/security/2015/dsa-3350 136: https://packages.debian.org/src:bind9 137: https://www.debian.org/security/2015/dsa-3351 138: https://packages.debian.org/src:chromium-browser 139: https://www.debian.org/security/2015/dsa-3352 140: https://packages.debian.org/src:screen 141: https://www.debian.org/security/2015/dsa-3353 142: https://packages.debian.org/src:openslp-dfsg 143: https://www.debian.org/security/2015/dsa-3354 144: https://packages.debian.org/src:spice 145: https://www.debian.org/security/2015/dsa-3355 146: https://packages.debian.org/src:libvdpau 147: https://www.debian.org/security/2015/dsa-3356 148: https://packages.debian.org/src:openldap 149: https://www.debian.org/security/2015/dsa-3357 150: https://packages.debian.org/src:vzctl 151: https://www.debian.org/security/2015/dsa-3358 152: https://packages.debian.org/src:php5 153: https://www.debian.org/security/2015/dsa-3359 154: https://packages.debian.org/src:virtualbox 155: https://www.debian.org/security/2015/dsa-3360 156: https://packages.debian.org/src:icu 157: https://www.debian.org/security/2015/dsa-3361 158: https://packages.debian.org/src:qemu 159: https://www.debian.org/security/2015/dsa-3363 160: https://packages.debian.org/src:owncloud-client 161: https://www.debian.org/security/2015/dsa-3364 162: https://packages.debian.org/src:linux 163: https://www.debian.org/security/2015/dsa-3365 164: https://packages.debian.org/src:iceweasel 165: https://www.debian.org/security/2015/dsa-3366 166: https://packages.debian.org/src:rpcbind 167: https://www.debian.org/security/2015/dsa-3367 168: https://packages.debian.org/src:wireshark 169: https://www.debian.org/security/2015/dsa-3368 170: https://packages.debian.org/src:cyrus-sasl2 171: https://www.debian.org/security/2015/dsa-3369 172: https://packages.debian.org/src:zendframework 173: https://www.debian.org/security/2015/dsa-3370 174: https://packages.debian.org/src:freetype 175: https://www.debian.org/security/2015/dsa-3371 176: https://packages.debian.org/src:spice 177: https://www.debian.org/security/2015/dsa-3373 178: https://packages.debian.org/src:owncloud 179: https://www.debian.org/security/2015/dsa-3374 180: https://packages.debian.org/src:postgresql-9.4 181: https://www.debian.org/security/2015/dsa-3375 182: https://packages.debian.org/src:wordpress 183: https://www.debian.org/security/2015/dsa-3376 184: https://packages.debian.org/src:chromium-browser 185: https://www.debian.org/security/2015/dsa-3377 186: https://packages.debian.org/src:mysql-5.5 187: https://www.debian.org/security/2015/dsa-3378 188: https://packages.debian.org/src:gdk-pixbuf 189: https://www.debian.org/security/2015/dsa-3379 190: https://packages.debian.org/src:miniupnpc 191: https://www.debian.org/security/2015/dsa-3380 192: https://packages.debian.org/src:php5 193: https://www.debian.org/security/2015/dsa-3381 194: https://packages.debian.org/src:openjdk-7 195: https://www.debian.org/security/2015/dsa-3382 196: https://packages.debian.org/src:phpmyadmin 197: https://www.debian.org/security/2015/dsa-3384 198: https://packages.debian.org/src:virtualbox 199: https://www.debian.org/security/2015/dsa-3385 200: https://packages.debian.org/src:mariadb-10.0 201: https://www.debian.org/security/2015/dsa-3386 202: https://packages.debian.org/src:unzip 203: https://www.debian.org/security/2015/dsa-3387 204: https://packages.debian.org/src:openafs 205: https://www.debian.org/security/2015/dsa-3388 206: https://packages.debian.org/src:ntp 207: https://www.debian.org/security/2015/dsa-3390 208: https://packages.debian.org/src:xen 209: https://www.debian.org/security/2015/dsa-3391 210: https://packages.debian.org/src:php-horde 211: https://www.debian.org/security/2015/dsa-3392 212: https://packages.debian.org/src:freeimage 213: https://www.debian.org/security/2015/dsa-3393 214: https://packages.debian.org/src:iceweasel 215: https://www.debian.org/security/2015/dsa-3394 216: https://packages.debian.org/src:libreoffice 217: https://www.debian.org/security/2015/dsa-3395 218: https://packages.debian.org/src:krb5 219: https://www.debian.org/security/2015/dsa-3397 220: https://packages.debian.org/src:wpa 221: https://www.debian.org/security/2015/dsa-3398 222: https://packages.debian.org/src:strongswan 223: https://www.debian.org/security/2015/dsa-3399 224: https://packages.debian.org/src:libpng 225: https://www.debian.org/security/2015/dsa-3400 226: https://packages.debian.org/src:lxc 227: https://www.debian.org/security/2015/dsa-3401 228: https://packages.debian.org/src:openjdk-7 229: https://www.debian.org/security/2015/dsa-3402 230: https://packages.debian.org/src:symfony 231: https://www.debian.org/security/2015/dsa-3403 232: https://packages.debian.org/src:libcommons-collections3-java 233: https://www.debian.org/security/2015/dsa-3404 234: https://packages.debian.org/src:python-django 235: https://www.debian.org/security/2015/dsa-3405 236: https://packages.debian.org/src:smokeping 237: https://www.debian.org/security/2015/dsa-3406 238: https://packages.debian.org/src:nspr 239: https://www.debian.org/security/2015/dsa-3407 240: https://packages.debian.org/src:dpkg 241: https://www.debian.org/security/2015/dsa-3409 242: https://packages.debian.org/src:putty 243: https://www.debian.org/security/2015/dsa-3411 244: https://packages.debian.org/src:cups-filters 245: https://www.debian.org/security/2015/dsa-3412 246: https://packages.debian.org/src:redis 247: https://www.debian.org/security/2015/dsa-3413 248: https://packages.debian.org/src:openssl 249: https://www.debian.org/security/2015/dsa-3414 250: https://packages.debian.org/src:xen 251: https://www.debian.org/security/2015/dsa-3415 252: https://packages.debian.org/src:chromium-browser 253: https://www.debian.org/security/2015/dsa-3416 254: https://packages.debian.org/src:libphp-phpmailer 255: https://www.debian.org/security/2015/dsa-3417 256: https://packages.debian.org/src:bouncycastle 257: https://www.debian.org/security/2015/dsa-3418 258: https://packages.debian.org/src:chromium-browser 259: https://www.debian.org/security/2015/dsa-3419 260: https://packages.debian.org/src:cups-filters 261: https://www.debian.org/security/2015/dsa-3420 262: https://packages.debian.org/src:bind9 263: https://www.debian.org/security/2015/dsa-3421 264: https://packages.debian.org/src:grub2 265: https://www.debian.org/security/2015/dsa-3422 266: https://packages.debian.org/src:iceweasel 267: https://www.debian.org/security/2015/dsa-3423 268: https://packages.debian.org/src:cacti 269: https://www.debian.org/security/2015/dsa-3424 270: https://packages.debian.org/src:subversion 271: https://www.debian.org/security/2015/dsa-3425 272: https://packages.debian.org/src:tryton-server 273: https://www.debian.org/security/2015/dsa-3426 274: https://packages.debian.org/src:linux 275: https://www.debian.org/security/2015/dsa-3427 276: https://packages.debian.org/src:blueman 277: https://www.debian.org/security/2015/dsa-3428 278: https://packages.debian.org/src:tomcat8 279: https://www.debian.org/security/2015/dsa-3429 280: https://packages.debian.org/src:foomatic-filters 281: https://www.debian.org/security/2015/dsa-3430 282: https://packages.debian.org/src:libxml2 283: https://www.debian.org/security/2016/dsa-3431 284: https://packages.debian.org/src:ganeti 285: https://www.debian.org/security/2016/dsa-3433 286: https://packages.debian.org/src:ldb 287: https://www.debian.org/security/2016/dsa-3433 288: https://packages.debian.org/src:samba 289: https://www.debian.org/security/2016/dsa-3434 290: https://packages.debian.org/src:linux 291: https://www.debian.org/security/2016/dsa-3435 292: https://packages.debian.org/src:git 293: https://www.debian.org/security/2016/dsa-3438 294: https://packages.debian.org/src:xscreensaver 295: https://www.debian.org/security/2016/dsa-3439 296: https://packages.debian.org/src:prosody 297: https://www.debian.org/security/2016/dsa-3440 298: https://packages.debian.org/src:sudo 299: https://www.debian.org/security/2016/dsa-3441 300: https://packages.debian.org/src:perl 301: https://www.debian.org/security/2016/dsa-3442 302: https://packages.debian.org/src:isc-dhcp 303: https://www.debian.org/security/2016/dsa-3443 304: https://packages.debian.org/src:libpng 305: https://www.debian.org/security/2016/dsa-3444 306: https://packages.debian.org/src:wordpress 307: https://www.debian.org/security/2016/dsa-3445 308: https://packages.debian.org/src:pygments 309: https://www.debian.org/security/2016/dsa-3446 310: https://packages.debian.org/src:openssh Removed packages ---------------- The following packages were removed due to circumstances beyond our control: +---------------------+--------------------------------------------+ | Package | Reason | +---------------------+--------------------------------------------+ | core-network [311] | Security issues | | | | | elasticsearch [312] | No longer supported | | | | | googlecl [313] | Broken due to relying on obsolete APIs | | | | | libnsbmp [314] | Security issues, unmaintained | | | | | libnsgif [315] | Security issues, unmaintained | | | | | vimperator [316] | Incompatible with newer iceweasel versions | | | | +---------------------+--------------------------------------------+ 311: https://packages.debian.org/src:core-network 312: https://packages.debian.org/src:elasticsearch 313: https://packages.debian.org/src:googlecl 314: https://packages.debian.org/src:libnsbmp 315: https://packages.debian.org/src:libnsgif 316: https://packages.debian.org/src:vimperator Debian Installer ---------------- URLs ---- The complete lists of packages that have changed with this revision: http://ftp.debian.org/debian/dists/jessie/ChangeLog The current stable distribution: http://ftp.debian.org/debian/dists/stable/ Proposed updates to the stable distribution: http://ftp.debian.org/debian/dists/proposed-updates stable distribution information (release notes, errata etc.): https://www.debian.org/releases/stable/ Security announcements and information: https://security.debian.org/ [317] 317: https://www.debian.org/security/ About Debian ------------ The Debian Project is an association of Free Software developers who volunteer their time and effort in order to produce the completely free operating system Debian. Contact Information ------------------- For further information, please visit the Debian web pages at https://www.debian.org/, send mail to <press@debian.org>, or contact the stable release team at <debian-release@lists.debian.org>.
Attachment:
signature.asc
Description: Digital signature