------------------------------------------------------------------------ The Debian Project https://www.debian.org/ Updated Debian 8: 8.6 released press@debian.org September 17th, 2016 https://www.debian.org/News/2016/20160917 ------------------------------------------------------------------------ The Debian project is pleased to announce the sixth update of its stable distribution Debian 8 (codename "jessie"). This update mainly adds corrections for security problems to the stable release, along with a few adjustments for serious problems. Security advisories were already published separately and are referenced where available. Please note that this update does not constitute a new version of Debian 8 but only updates some of the packages included. There is no need to throw away old "jessie" CDs or DVDs but only to update via an up-to-date Debian mirror after an installation, to cause any out of date packages to be updated. Those who frequently install updates from security.debian.org won't have to update many packages and most updates from security.debian.org are included in this update. New installation media and CD and DVD images containing updated packages will be available soon at the regular locations. Upgrading to this revision online is usually done by pointing the aptitude (or apt) package tool (see the sources.list(5) manual page) to one of Debian's many FTP or HTTP mirrors. A comprehensive list of mirrors is available at: https://www.debian.org/mirror/list Miscellaneous Bug Fixes ----------------------- This stable update adds a few important corrections to the following packages: +-------------------------+-------------------------------------------+ | Package | Reason | +-------------------------+-------------------------------------------+ | adblock-plus [1] | New upstream release, compatible with | | | firefox-esr | | | | | apache2 [2] | Fix race condition and logical error in | | | init script; remove links to | | | manpages.debian.org in default | | | index.html; mod_socache_memcache: | | | Increase idle timeout to 15s to allow | | | keep-alive connections; mod_proxy_fcgi: | | | Fix wrong behaviour with 304 responses; | | | correct systemd-sysv-generator behaviour; | | | mod_proxy_html: Add missing config file | | | mods-available/proxy_html.conf | | | | | audiofile [3] | Fix buffer overflow when changing both | | | sample format and number of channels | | | [CVE-2015-7747] | | | | | automake-1.14 [4] | Avoid insecure use of /tmp/ in install-sh | | | | | backintime [5] | Add missing dependency on python-dbus | | | | | backuppc [6] | Fix regressions from samba update to 4.2 | | | | | base-files [7] | Update for the point release | | | | | biber [8] | Fix breakage triggered by point release | | | update of perl | | | | | cacti [9] | Fix sql injection in tree.php [CVE-2016- | | | 3172] and graph_view.php [CVE-2016-3659]; | | | fix authentication bypass [CVE-2016-2313] | | | | | ccache [10] | Upstream bug-fix release | | | | | clamav [11] | Don't fail if AllowSupplementaryGroups is | | | still set in the configuration file | | | | | cmake [12] | Fix FindOpenSSL module to detect OpenSSL | | | 1.0.1t | | | | | conkeror [13] | Support Firefox 44 and later | | | | | debian-edu-config [14] | Move from Iceweasel to Firefox ESR; | | | adjust ldap-tools/ldap-debian-edu-install | | | to be compliant with systemd now that | | | unit samba.service is masked; dhclient- | | | exit-hooks.d/hostname: adjust for the | | | case of a dedicated LTSP server; adjust | | | cf.krb5client to ensure that cfengine | | | runs are idempotent; move code to | | | cleanup /usr/share/pam-configs/krb5 | | | diversion from postinst to preinst to | | | ease upgrades from old wheezy | | | installations; don't purge libnss-mdns as | | | cups now needs mdns for automatic printer | | | detection | | | | | debian-edu-doc [15] | Update Debian Edu jessie and wheezy | | | manuals from the wiki | | | | | debian-installer [16] | Rebuild against proposed-updates | | | | | debian-installer- | Rebuild for the point release | | netboot-images [17] | | | | | | debian-security- | Update included support data; add support | | support [18] | for marking packages as losing support at | | | a future date | | | | | dietlibc [19] | Fix insecure default PATH | | | | | dwarfutils [20] | Security fixes [CVE-2015-8538 CVE-2015- | | | 8750 CVE-2016-2050 CVE-2016-2091 | | | CVE-2016-5034 CVE-2016-5036 CVE-2016-5038 | | | CVE-2016-5039 CVE-2016-5042] | | | | | e2fsprogs [21] | Disable prompts for time skew which is | | | fudged in e2fsck; fix potential | | | corruption of Hurd file systems by | | | e2fsck, pointer bugs that could cause | | | crashes in e2fsck and resize2fs | | | | | exim4 [22] | Fix cutthrough bug with body lines having | | | a single dot; fix crash on "exim -be '$ | | | {if crypteq{xxx}{\$aaa}{yes}{no}}'" ; | | | improve NEWS file; backport missing | | | upstream patch to actually make | | | $initial_cwd expansion work | | | | | file [23] | Fix buffer over-write in finfo_open with | | | malformed magic file [CVE-2015-8865] | | | | | firegestures [24] | New upstream release, compatible with | | | firefox-esr | | | | | flashplugin- | Update-flashplugin-nonfree: Delete old | | nonfree [25] | get-upstream-version.pl from cache | | | | | fusionforge [26] | Remove dependency on Mediawiki plugin | | | from fusionforge-full metapackage | | | | | gdcm [27] | Fix integer overflow [CVE-2015-8396] and | | | denial of service [CVE-2015-8397] | | | | | glibc [28] | Fix assertion failure with unconnectable | | | name server addresses (regression | | | introduced by CVE-2015-7547 fix); fix | | | *context functions on s390x; fix a buffer | | | overflow in the glob function [CVE-2016- | | | 1234], a stack overflow in | | | nss_dns_getnetbyname_r [CVE-2016-3075], a | | | stack overflow in getaddrinfo function | | | [CVE-2016-3706], a stack overflow in Sun | | | RPC clntudp_call() [CVE-2016-4429]; | | | update from upstream stable branch; fix | | | open and openat functions with O_TMPFILE; | | | fix backtrace hang on armel/armhf, | | | possibly causing a minor denial of | | | service vulnerability [CVE-2016-6323]; | | | fix mtr on systems using only IPv6 | | | nameservers | | | | | gnome-maps [29] | New upstream release; use the Mapbox tile | | | server, instead of the no longer | | | supported MapQuest server | | | | | gnome-sudoku [30] | Don't generate the same puzzle sequence | | | every time | | | | | gnupg [31] | gpgv: Tweak default options for extra | | | security; g10: Fix checking key for | | | signature validation | | | | | gnupg2 [32] | gpgv: Tweak default options for extra | | | security; g10: Fix checking key for | | | signature validation | | | | | greasemonkey [33] | New upstream release, compatible with | | | firefox-esr | | | | | intel-microcode [34] | New upstream release | | | | | jakarta-jmeter [35] | Really install the templates; fix an | | | error with libxstream-java >= 1.4.9 when | | | loading the templates | | | | | javatools [36] | Return correct architecture string for | | | ppc64el in java-arch.sh | | | | | kamailio [37] | Fix libssl version check | | | | | libbusiness-creditcard- | Adjust to changes in credit card ranges | | perl [38] | and processing of various companies | | | | | libcss-dom-perl [39] | Work around Encode changes included in | | | perl and libencode-perl stable updates | | | | | libdatetime-timezone- | Update included data to 2016e; new | | perl [40] | upstream release | | | | | libdevel-declare- | Fix breakage caused by change in perl | | perl [41] | stable update | | | | | libnet-ssleay-perl [42] | Fix build failure with openssl | | | 1.0.1t-1+deb8u1 | | | | | libquota-perl [43] | Adapt platform detection to work with | | | Linux 4.x | | | | | libtool [44] | Fix multi-arch co-installability [amd64 | | | i386] | | | | | libxml2 [45] | Fix a problem unparsing URIs without a | | | host part like qemu:///system; this | | | unbreaks libvirt, libsys-virt-perl and | | | others | | | | | linux [46] | New upstream stable release | | | | | lxc [47] | Make sure stretch/sid containers have an | | | init system, after init 1.34 dropped the | | | 'Essential: yes' header | | | | | mariadb-10.0 [48] | New upstream release, including security | | | fix [CVE-2016-6662] | | | | | mozilla-noscript [49] | New upstream release, compatible with | | | firefox-esr | | | | | nullmailer [50] | Do not keep relayhost data in debconf | | | database longer than strictly needed | | | | | open-iscsi [51] | Init script: wait a bit after iSCSI | | | devices have appeared, working around a | | | race condition in which dependent devices | | | can appear only after the initial udev | | | settle has returned; open-iscsi-udeb: | | | update initramfs after copying | | | configuration to target system | | | | | openssl [52] | Fix length check for CRLs; enable asm | | | optimisation for s390x | | | | | ovirt-guest-agent [53] | Install ovirt-guest-agent.py executable; | | | change owner of log directory to | | | ovirtagent in postinst | | | | | piuparts [54] | Fix build failure (don't test the current | | | Debian release status, tracking that is | | | distro-info-data's problem) | | | | | policykit-1 [55] | Several bug-fixes: fix heap corruption | | | [CVE-2015-3255], local authenticated | | | denial of service [CVE-2015-4625] and | | | issue with invalid object paths in | | | RegisterAuthenticationAgent [CVE-2015- | | | 3218] | | | | | publicsuffix [56] | New upstream release | | | | | pypdf2 [57] | Fix infinite loop in readObject() | | | function | | | | | python-django [58] | Bug-fix update to 1.7.11 | | | | | python2.7 [59] | Address StartTLS stripping attack in | | | smtplib [CVE-2016-0772], integer overflow | | | in zipimporter [CVE-2016-5636], HTTP | | | header injection [CVE-2016-5699] | | | | | quassel [60] | Fix remote DoS in quassel core with | | | invalid handshake data [CVE-2016-4414] | | | | | ruby-eventmachine [61] | Fix remotely triggerable crash due to FD | | | handling | | | | | ruby2.1 [62] | dl::dlopen should not open a library with | | | tainted library name in safe mode | | | [CVE-2009-5147]; Fiddle handles should | | | not call functions with tainted function | | | names [CVE-2015-7551] | | | | | sendmail [63] | Do not abort with an assertion if the | | | connection to an LDAP server is lost; | | | ensure sendmail {client_port} is set | | | correctly on little endian machines | | | | | sqlite3 [64] | Fix tempdir selection vulnerability | | | [CVE-2016-6153], segfault following heavy | | | SAVEPOINT usage | | | | | systemd [65] | Use the right timeout for stop processes | | | we fork; don't reset log level to NOTICE | | | if we get quiet on the kernel cmdline; | | | fix prepare priority queue comparison | | | function in sd-event; update links to | | | kernel.org cgroup documentation; don't | | | start console-getty.service when /dev/ | | | console is missing; order systemd-user- | | | sessions.service after nss-user- | | | lookup.target and network.target | | | | | tabmixplus [66] | New upstream release, compatible with | | | firefox-esr | | | | | tcpreplay [67] | Handle frames of 65535 octets size, add a | | | size check [CVE-2016-6160] | | | | | tor [68] | Update the set of authority directory | | | servers | | | | | tzdata [69] | New upstream release; update to 2016e | | | | | unbound [70] | Init script fixes: add "pidfile" magic | | | comment; call start-stop-daemon with -- | | | retry for 'stop' action | | | | | util-vserver [71] | Rebuild against dietlibc | | | 0.33~cvs20120325-6+deb8u1, fixing | | | insecure default PATH | | | | | vorbis-tools [72] | Fix large alloca on bad AIFF input to | | | oggenc [CVE-2015-6749], Validate count of | | | channels in the header [CVE-2014-9638 | | | CVE-2014-9639], fix segmentation fault in | | | vcut | | | | | vtk [73] | Rebuild to fix Java paths [ppc64el] | | | | | wget [74] | By default, on server redirects to a FTP | | | resource, use the original URL to get the | | | local file name [CVE-2016-4971] | | | | | wpa [75] | Security updates relating to invalid | | | characters [CVE-2016-4476, CVE-2016-4477] | | | | | yaws [76] | Fix HTTP_PROXY cgi env injection | | | [CVE-2016-1000108] | | | | | zabbix [77] | Fix mysql.size shell command injection in | | | zabbix-agent [CVE-2016-4338] | | | | +-------------------------+-------------------------------------------+ 1: https://packages.debian.org/src:adblock-plus 2: https://packages.debian.org/src:apache2 3: https://packages.debian.org/src:audiofile 4: https://packages.debian.org/src:automake-1.14 5: https://packages.debian.org/src:backintime 6: https://packages.debian.org/src:backuppc 7: https://packages.debian.org/src:base-files 8: https://packages.debian.org/src:biber 9: https://packages.debian.org/src:cacti 10: https://packages.debian.org/src:ccache 11: https://packages.debian.org/src:clamav 12: https://packages.debian.org/src:cmake 13: https://packages.debian.org/src:conkeror 14: https://packages.debian.org/src:debian-edu-config 15: https://packages.debian.org/src:debian-edu-doc 16: https://packages.debian.org/src:debian-installer 17: https://packages.debian.org/src:debian-installer-netboot-images 18: https://packages.debian.org/src:debian-security-support 19: https://packages.debian.org/src:dietlibc 20: https://packages.debian.org/src:dwarfutils 21: https://packages.debian.org/src:e2fsprogs 22: https://packages.debian.org/src:exim4 23: https://packages.debian.org/src:file 24: https://packages.debian.org/src:firegestures 25: https://packages.debian.org/src:flashplugin-nonfree 26: https://packages.debian.org/src:fusionforge 27: https://packages.debian.org/src:gdcm 28: https://packages.debian.org/src:glibc 29: https://packages.debian.org/src:gnome-maps 30: https://packages.debian.org/src:gnome-sudoku 31: https://packages.debian.org/src:gnupg 32: https://packages.debian.org/src:gnupg2 33: https://packages.debian.org/src:greasemonkey 34: https://packages.debian.org/src:intel-microcode 35: https://packages.debian.org/src:jakarta-jmeter 36: https://packages.debian.org/src:javatools 37: https://packages.debian.org/src:kamailio 38: https://packages.debian.org/src:libbusiness-creditcard-perl 39: https://packages.debian.org/src:libcss-dom-perl 40: https://packages.debian.org/src:libdatetime-timezone-perl 41: https://packages.debian.org/src:libdevel-declare-perl 42: https://packages.debian.org/src:libnet-ssleay-perl 43: https://packages.debian.org/src:libquota-perl 44: https://packages.debian.org/src:libtool 45: https://packages.debian.org/src:libxml2 46: https://packages.debian.org/src:linux 47: https://packages.debian.org/src:lxc 48: https://packages.debian.org/src:mariadb-10.0 49: https://packages.debian.org/src:mozilla-noscript 50: https://packages.debian.org/src:nullmailer 51: https://packages.debian.org/src:open-iscsi 52: https://packages.debian.org/src:openssl 53: https://packages.debian.org/src:ovirt-guest-agent 54: https://packages.debian.org/src:piuparts 55: https://packages.debian.org/src:policykit-1 56: https://packages.debian.org/src:publicsuffix 57: https://packages.debian.org/src:pypdf2 58: https://packages.debian.org/src:python-django 59: https://packages.debian.org/src:python2.7 60: https://packages.debian.org/src:quassel 61: https://packages.debian.org/src:ruby-eventmachine 62: https://packages.debian.org/src:ruby2.1 63: https://packages.debian.org/src:sendmail 64: https://packages.debian.org/src:sqlite3 65: https://packages.debian.org/src:systemd 66: https://packages.debian.org/src:tabmixplus 67: https://packages.debian.org/src:tcpreplay 68: https://packages.debian.org/src:tor 69: https://packages.debian.org/src:tzdata 70: https://packages.debian.org/src:unbound 71: https://packages.debian.org/src:util-vserver 72: https://packages.debian.org/src:vorbis-tools 73: https://packages.debian.org/src:vtk 74: https://packages.debian.org/src:wget 75: https://packages.debian.org/src:wpa 76: https://packages.debian.org/src:yaws 77: https://packages.debian.org/src:zabbix The "mariadb-10.0" package failed to build on the powerpc architecture, but has been included in the point release to allow quicker release of the fix for CVE-2016-6662, which had not been disclosed at the time of the upload. If a fix for the build failure becomes available before the next mariadb-10.0 DSA, an updated package may be released via "jessie- updates". Security Updates ---------------- This revision adds the following security updates to the stable release. The Security Team has already released an advisory for each of these updates: +----------------+----------------------------------+ | Advisory ID | Package | +----------------+----------------------------------+ | DSA-3548 [78] | samba [79] | | | | | DSA-3548 [80] | talloc [81] | | | | | DSA-3548 [82] | tdb [83] | | | | | DSA-3548 [84] | tevent [85] | | | | | DSA-3548 [86] | ldb [87] | | | | | DSA-3565 [88] | monotone [89] | | | | | DSA-3588 [90] | symfony [91] | | | | | DSA-3589 [92] | gdk-pixbuf [93] | | | | | DSA-3590 [94] | chromium-browser [95] | | | | | DSA-3591 [96] | imagemagick [97] | | | | | DSA-3592 [98] | nginx [99] | | | | | DSA-3593 [100] | libxml2 [101] | | | | | DSA-3594 [102] | chromium-browser [103] | | | | | DSA-3595 [104] | mariadb-10.0 [105] | | | | | DSA-3596 [106] | spice [107] | | | | | DSA-3597 [108] | expat [109] | | | | | DSA-3598 [110] | vlc [111] | | | | | DSA-3599 [112] | p7zip [113] | | | | | DSA-3600 [114] | firefox-esr [115] | | | | | DSA-3602 [116] | php5 [117] | | | | | DSA-3603 [118] | libav [119] | | | | | DSA-3604 [120] | drupal7 [121] | | | | | DSA-3605 [122] | libxslt [123] | | | | | DSA-3606 [124] | libpdfbox-java [125] | | | | | DSA-3607 [126] | linux [127] | | | | | DSA-3608 [128] | libreoffice [129] | | | | | DSA-3609 [130] | tomcat8 [131] | | | | | DSA-3610 [132] | xerces-c [133] | | | | | DSA-3611 [134] | libcommons-fileupload-java [135] | | | | | DSA-3612 [136] | gimp [137] | | | | | DSA-3613 [138] | libvirt [139] | | | | | DSA-3614 [140] | tomcat7 [141] | | | | | DSA-3615 [142] | wireshark [143] | | | | | DSA-3616 [144] | linux [145] | | | | | DSA-3617 [146] | horizon [147] | | | | | DSA-3618 [148] | php5 [149] | | | | | DSA-3619 [150] | libgd2 [151] | | | | | DSA-3620 [152] | pidgin [153] | | | | | DSA-3621 [154] | mysql-connector-java [155] | | | | | DSA-3622 [156] | python-django [157] | | | | | DSA-3623 [158] | apache2 [159] | | | | | DSA-3624 [160] | mysql-5.5 [161] | | | | | DSA-3625 [162] | squid3 [163] | | | | | DSA-3626 [164] | openssh [165] | | | | | DSA-3627 [166] | phpmyadmin [167] | | | | | DSA-3628 [168] | libunicode-linebreak-perl [169] | | | | | DSA-3628 [170] | debhelper [171] | | | | | DSA-3628 [172] | libmime-encwords-perl [173] | | | | | DSA-3628 [174] | perl [175] | | | | | DSA-3628 [176] | libsys-syslog-perl [177] | | | | | DSA-3628 [178] | libmodule-build-perl [179] | | | | | DSA-3628 [180] | libnet-dns-perl [181] | | | | | DSA-3628 [182] | libintl-perl [183] | | | | | DSA-3628 [184] | cdbs [185] | | | | | DSA-3628 [186] | libmime-charset-perl [187] | | | | | DSA-3628 [188] | devscripts [189] | | | | | DSA-3628 [190] | exim4 [191] | | | | | DSA-3629 [192] | ntp [193] | | | | | DSA-3630 [194] | libgd2 [195] | | | | | DSA-3631 [196] | php5 [197] | | | | | DSA-3632 [198] | mariadb-10.0 [199] | | | | | DSA-3633 [200] | xen [201] | | | | | DSA-3634 [202] | redis [203] | | | | | DSA-3635 [204] | libdbd-mysql-perl [205] | | | | | DSA-3637 [206] | chromium-browser [207] | | | | | DSA-3638 [208] | curl [209] | | | | | DSA-3639 [210] | wordpress [211] | | | | | DSA-3640 [212] | firefox-esr [213] | | | | | DSA-3641 [214] | openjdk-7 [215] | | | | | DSA-3642 [216] | lighttpd [217] | | | | | DSA-3643 [218] | kde4libs [219] | | | | | DSA-3644 [220] | fontconfig [221] | | | | | DSA-3645 [222] | chromium-browser [223] | | | | | DSA-3646 [224] | postgresql-9.4 [225] | | | | | DSA-3647 [226] | icedove [227] | | | | | DSA-3648 [228] | wireshark [229] | | | | | DSA-3649 [230] | gnupg [231] | | | | | DSA-3650 [232] | libgcrypt20 [233] | | | | | DSA-3651 [234] | rails [235] | | | | | DSA-3652 [236] | imagemagick [237] | | | | | DSA-3653 [238] | flex [239] | | | | | DSA-3653 [240] | bogofilter [241] | | | | | DSA-3654 [242] | quagga [243] | | | | | DSA-3655 [244] | mupdf [245] | | | | | DSA-3656 [246] | tryton-server [247] | | | | | DSA-3657 [248] | libarchive [249] | | | | | DSA-3658 [250] | libidn [251] | | | | | DSA-3659 [252] | linux [253] | | | | | DSA-3660 [254] | chromium-browser [255] | | | | | DSA-3661 [256] | charybdis [257] | | | | | DSA-3662 [258] | inspircd [259] | | | | | DSA-3663 [260] | xen [261] | | | | | DSA-3664 [262] | pdns [263] | | | | +----------------+----------------------------------+ 78: https://www.debian.org/security/2016/dsa-3548 79: https://packages.debian.org/src:samba 80: https://www.debian.org/security/2016/dsa-3548 81: https://packages.debian.org/src:talloc 82: https://www.debian.org/security/2016/dsa-3548 83: https://packages.debian.org/src:tdb 84: https://www.debian.org/security/2016/dsa-3548 85: https://packages.debian.org/src:tevent 86: https://www.debian.org/security/2016/dsa-3548 87: https://packages.debian.org/src:ldb 88: https://www.debian.org/security/2016/dsa-3565 89: https://packages.debian.org/src:monotone 90: https://www.debian.org/security/2016/dsa-3588 91: https://packages.debian.org/src:symfony 92: https://www.debian.org/security/2016/dsa-3589 93: https://packages.debian.org/src:gdk-pixbuf 94: https://www.debian.org/security/2016/dsa-3590 95: https://packages.debian.org/src:chromium-browser 96: https://www.debian.org/security/2016/dsa-3591 97: https://packages.debian.org/src:imagemagick 98: https://www.debian.org/security/2016/dsa-3592 99: https://packages.debian.org/src:nginx 100: https://www.debian.org/security/2016/dsa-3593 101: https://packages.debian.org/src:libxml2 102: https://www.debian.org/security/2016/dsa-3594 103: https://packages.debian.org/src:chromium-browser 104: https://www.debian.org/security/2016/dsa-3595 105: https://packages.debian.org/src:mariadb-10.0 106: https://www.debian.org/security/2016/dsa-3596 107: https://packages.debian.org/src:spice 108: https://www.debian.org/security/2016/dsa-3597 109: https://packages.debian.org/src:expat 110: https://www.debian.org/security/2016/dsa-3598 111: https://packages.debian.org/src:vlc 112: https://www.debian.org/security/2016/dsa-3599 113: https://packages.debian.org/src:p7zip 114: https://www.debian.org/security/2016/dsa-3600 115: https://packages.debian.org/src:firefox-esr 116: https://www.debian.org/security/2016/dsa-3602 117: https://packages.debian.org/src:php5 118: https://www.debian.org/security/2016/dsa-3603 119: https://packages.debian.org/src:libav 120: https://www.debian.org/security/2016/dsa-3604 121: https://packages.debian.org/src:drupal7 122: https://www.debian.org/security/2016/dsa-3605 123: https://packages.debian.org/src:libxslt 124: https://www.debian.org/security/2016/dsa-3606 125: https://packages.debian.org/src:libpdfbox-java 126: https://www.debian.org/security/2016/dsa-3607 127: https://packages.debian.org/src:linux 128: https://www.debian.org/security/2016/dsa-3608 129: https://packages.debian.org/src:libreoffice 130: https://www.debian.org/security/2016/dsa-3609 131: https://packages.debian.org/src:tomcat8 132: https://www.debian.org/security/2016/dsa-3610 133: https://packages.debian.org/src:xerces-c 134: https://www.debian.org/security/2016/dsa-3611 135: https://packages.debian.org/src:libcommons-fileupload-java 136: https://www.debian.org/security/2016/dsa-3612 137: https://packages.debian.org/src:gimp 138: https://www.debian.org/security/2016/dsa-3613 139: https://packages.debian.org/src:libvirt 140: https://www.debian.org/security/2016/dsa-3614 141: https://packages.debian.org/src:tomcat7 142: https://www.debian.org/security/2016/dsa-3615 143: https://packages.debian.org/src:wireshark 144: https://www.debian.org/security/2016/dsa-3616 145: https://packages.debian.org/src:linux 146: https://www.debian.org/security/2016/dsa-3617 147: https://packages.debian.org/src:horizon 148: https://www.debian.org/security/2016/dsa-3618 149: https://packages.debian.org/src:php5 150: https://www.debian.org/security/2016/dsa-3619 151: https://packages.debian.org/src:libgd2 152: https://www.debian.org/security/2016/dsa-3620 153: https://packages.debian.org/src:pidgin 154: https://www.debian.org/security/2016/dsa-3621 155: https://packages.debian.org/src:mysql-connector-java 156: https://www.debian.org/security/2016/dsa-3622 157: https://packages.debian.org/src:python-django 158: https://www.debian.org/security/2016/dsa-3623 159: https://packages.debian.org/src:apache2 160: https://www.debian.org/security/2016/dsa-3624 161: https://packages.debian.org/src:mysql-5.5 162: https://www.debian.org/security/2016/dsa-3625 163: https://packages.debian.org/src:squid3 164: https://www.debian.org/security/2016/dsa-3626 165: https://packages.debian.org/src:openssh 166: https://www.debian.org/security/2016/dsa-3627 167: https://packages.debian.org/src:phpmyadmin 168: https://www.debian.org/security/2016/dsa-3628 169: https://packages.debian.org/src:libunicode-linebreak-perl 170: https://www.debian.org/security/2016/dsa-3628 171: https://packages.debian.org/src:debhelper 172: https://www.debian.org/security/2016/dsa-3628 173: https://packages.debian.org/src:libmime-encwords-perl 174: https://www.debian.org/security/2016/dsa-3628 175: https://packages.debian.org/src:perl 176: https://www.debian.org/security/2016/dsa-3628 177: https://packages.debian.org/src:libsys-syslog-perl 178: https://www.debian.org/security/2016/dsa-3628 179: https://packages.debian.org/src:libmodule-build-perl 180: https://www.debian.org/security/2016/dsa-3628 181: https://packages.debian.org/src:libnet-dns-perl 182: https://www.debian.org/security/2016/dsa-3628 183: https://packages.debian.org/src:libintl-perl 184: https://www.debian.org/security/2016/dsa-3628 185: https://packages.debian.org/src:cdbs 186: https://www.debian.org/security/2016/dsa-3628 187: https://packages.debian.org/src:libmime-charset-perl 188: https://www.debian.org/security/2016/dsa-3628 189: https://packages.debian.org/src:devscripts 190: https://www.debian.org/security/2016/dsa-3628 191: https://packages.debian.org/src:exim4 192: https://www.debian.org/security/2016/dsa-3629 193: https://packages.debian.org/src:ntp 194: https://www.debian.org/security/2016/dsa-3630 195: https://packages.debian.org/src:libgd2 196: https://www.debian.org/security/2016/dsa-3631 197: https://packages.debian.org/src:php5 198: https://www.debian.org/security/2016/dsa-3632 199: https://packages.debian.org/src:mariadb-10.0 200: https://www.debian.org/security/2016/dsa-3633 201: https://packages.debian.org/src:xen 202: https://www.debian.org/security/2016/dsa-3634 203: https://packages.debian.org/src:redis 204: https://www.debian.org/security/2016/dsa-3635 205: https://packages.debian.org/src:libdbd-mysql-perl 206: https://www.debian.org/security/2016/dsa-3637 207: https://packages.debian.org/src:chromium-browser 208: https://www.debian.org/security/2016/dsa-3638 209: https://packages.debian.org/src:curl 210: https://www.debian.org/security/2016/dsa-3639 211: https://packages.debian.org/src:wordpress 212: https://www.debian.org/security/2016/dsa-3640 213: https://packages.debian.org/src:firefox-esr 214: https://www.debian.org/security/2016/dsa-3641 215: https://packages.debian.org/src:openjdk-7 216: https://www.debian.org/security/2016/dsa-3642 217: https://packages.debian.org/src:lighttpd 218: https://www.debian.org/security/2016/dsa-3643 219: https://packages.debian.org/src:kde4libs 220: https://www.debian.org/security/2016/dsa-3644 221: https://packages.debian.org/src:fontconfig 222: https://www.debian.org/security/2016/dsa-3645 223: https://packages.debian.org/src:chromium-browser 224: https://www.debian.org/security/2016/dsa-3646 225: https://packages.debian.org/src:postgresql-9.4 226: https://www.debian.org/security/2016/dsa-3647 227: https://packages.debian.org/src:icedove 228: https://www.debian.org/security/2016/dsa-3648 229: https://packages.debian.org/src:wireshark 230: https://www.debian.org/security/2016/dsa-3649 231: https://packages.debian.org/src:gnupg 232: https://www.debian.org/security/2016/dsa-3650 233: https://packages.debian.org/src:libgcrypt20 234: https://www.debian.org/security/2016/dsa-3651 235: https://packages.debian.org/src:rails 236: https://www.debian.org/security/2016/dsa-3652 237: https://packages.debian.org/src:imagemagick 238: https://www.debian.org/security/2016/dsa-3653 239: https://packages.debian.org/src:flex 240: https://www.debian.org/security/2016/dsa-3653 241: https://packages.debian.org/src:bogofilter 242: https://www.debian.org/security/2016/dsa-3654 243: https://packages.debian.org/src:quagga 244: https://www.debian.org/security/2016/dsa-3655 245: https://packages.debian.org/src:mupdf 246: https://www.debian.org/security/2016/dsa-3656 247: https://packages.debian.org/src:tryton-server 248: https://www.debian.org/security/2016/dsa-3657 249: https://packages.debian.org/src:libarchive 250: https://www.debian.org/security/2016/dsa-3658 251: https://packages.debian.org/src:libidn 252: https://www.debian.org/security/2016/dsa-3659 253: https://packages.debian.org/src:linux 254: https://www.debian.org/security/2016/dsa-3660 255: https://packages.debian.org/src:chromium-browser 256: https://www.debian.org/security/2016/dsa-3661 257: https://packages.debian.org/src:charybdis 258: https://www.debian.org/security/2016/dsa-3662 259: https://packages.debian.org/src:inspircd 260: https://www.debian.org/security/2016/dsa-3663 261: https://packages.debian.org/src:xen 262: https://www.debian.org/security/2016/dsa-3664 263: https://packages.debian.org/src:pdns Removed packages ---------------- The following packages were removed due to circumstances beyond our control: +-------------+-----------------------------------+ | Package | Reason | +-------------+-----------------------------------+ | minit [264] | Unmaintained and outdated | | | | | trn [265] | Security issues; replaced by trn4 | | | | +-------------+-----------------------------------+ 264: https://packages.debian.org/src:minit 265: https://packages.debian.org/src:trn Debian Installer ---------------- The installer has been updated to include the fixes incorporated into stable by the point release. URLs ---- The complete lists of packages that have changed with this revision: http://ftp.debian.org/debian/dists/jessie/ChangeLog The current stable distribution: http://ftp.debian.org/debian/dists/stable/ Proposed updates to the stable distribution: http://ftp.debian.org/debian/dists/proposed-updates stable distribution information (release notes, errata etc.): https://www.debian.org/releases/stable/ Security announcements and information: https://security.debian.org/ [266] 266: https://www.debian.org/security/ About Debian ------------ The Debian Project is an association of Free Software developers who volunteer their time and effort in order to produce the completely free operating system Debian. Contact Information ------------------- For further information, please visit the Debian web pages at https://www.debian.org/, send mail to <press@debian.org>, or contact the stable release team at <debian-release@lists.debian.org>.
Attachment:
pgpLvoYIG35tp.pgp
Description: Firma digital OpenPGP