------------------------------------------------------------------------ The Debian Project https://www.debian.org/ Updated Debian 8: 8.7 released press@debian.org January 14th, 2017 https://www.debian.org/News/2017/20170114 ------------------------------------------------------------------------ The Debian project is pleased to announce the seventh update of its stable distribution Debian 8 (codename "jessie"). This update mainly adds corrections for security problems to the stable release, along with a few adjustments for serious problems. Security advisories were already published separately and are referenced where available. Please note that this update does not constitute a new version of Debian 8 but only updates some of the packages included. There is no need to throw away old "jessie" CDs or DVDs but only to update via an up-to-date Debian mirror after an installation, to cause any out of date packages to be updated. Those who frequently install updates from security.debian.org won't have to update many packages and most updates from security.debian.org are included in this update. New installation media and CD and DVD images containing updated packages will be available soon at the regular locations. Upgrading to this revision online is usually done by pointing the aptitude (or apt) package tool (see the sources.list(5) manual page) to one of Debian's many FTP or HTTP mirrors. A comprehensive list of mirrors is available at: https://www.debian.org/mirror/list Miscellaneous Bugfixes ---------------------- This stable update adds a few important corrections to the following packages: +--------------------------+------------------------------------------+ | Package | Reason | +--------------------------+------------------------------------------+ | ark [1] | Stop crashing on exit when being used | | | solely as a KPart | | | | | asterisk [2] | Fix security issue due to non-printable | | | ASCII chars treated as whitespace | | | [CVE-2016-9938] | | | | | asused [3] | Use created fields instead of changed, | | | in line with changes to source data | | | | | base-files [4] | Change /etc/debian_version to 8.7 | | | | | bash [5] | Fix arbitrary code execution via | | | malicious hostname [CVE-2016-0634] and | | | specially crafted SHELLOPTS+PS4 | | | variables allows command substitution | | | [CVE-2016-7543] | | | | | ca-certificates [6] | Update Mozilla certificate authority | | | bundle to version 2.9; postinst: run | | | update-certificates without hooks to | | | initially populate /etc/ssl/certs | | | | | cairo [7] | Fix DoS via using SVG to generate | | | invalid pointers [CVE-2016-9082] | | | | | ccache [8] | [amd64] Rebuild in a clean environment | | | | | ceph [9] | Fix short CORS request issue [CVE-2016- | | | 9579], mon DoS [CVE-2016-5009], | | | anonymous read on ACL [CVE-2016-7031], | | | RGW DoS [CVE-2016-8626] | | | | | chirp [10] | Disable reporting of telemetry by | | | default | | | | | cyrus-imapd-2.4 [11] | Fix LIST GROUP support | | | | | darktable [12] | Fix integer overflow in ljpeg_start() | | | [CVE-2015-3885] | | | | | dbus [13] | Fix potential format string | | | vulnerability; dbus.prerm: ensure that | | | dbus.socket is stopped before removal | | | | | debian-edu-doc [14] | Update Debian Edu Jessie manual from the | | | wiki; fix (da|nl) Jessie manual PO files | | | to get the PDF manuals built; | | | translation updates | | | | | debian-edu-install [15] | Update version number to 8+edu1 | | | | | debian-installer [16] | Rebuild for the point release | | | | | debian-installer- | Rebuild for the point release | | netboot-images [17] | | | | | | duck [18] | Fix loading of code from untrusted | | | location [CVE-2016-1239] | | | | | e2fsprogs [19] | Rebuild against dietlibc | | | 0.33~cvs20120325-6+deb8u1, to pick up | | | included security fixes | | | | | ebook-speaker [20] | Fix hint about installing html2text to | | | read html files | | | | | elog [21] | Fix posting entry as arbitrary username | | | [CVE-2016-6342] | | | | | evolution-data- | Fix premature drop of connection with | | server [22] | reduced TCP window sizes and resulting | | | loss of data | | | | | exim4 [23] | Fix GnuTLS memory leak | | | | | file [24] | Fix memory leak in magic loader | | | | | ganeti-instance- | Fix losetup invocations by replacing -s | | debootstrap [25] | with --show | | | | | glibc [26] | Do not unconditionally use the fsqrt | | | instruction on 64-bit PowerPC CPUs; fix | | | a regression introduced by cvs-resolv- | | | ipv6-nameservers.diff in hesiod; disable | | | lock elision (aka Intel TSX) on x86 | | | architectures | | | | | glusterfs [27] | Quota: Fix could not start auxiliary | | | mount issue | | | | | gnutls28 [28] | Fix incorrect certificate validation | | | when using OCSP responses [GNUTLS- | | | SA-2016-3 / CVE-2016-7444]; ensure | | | compatibility with CVE-2016-6489-patched | | | nettle | | | | | hplip [29] | Use full gpg key fingerprint when | | | fetching key from keyservers [CVE-2015- | | | 0839] | | | | | ieee-data [30] | Disable monthly update cron job | | | | | intel-microcode [31] | Update microcode | | | | | irssi [32] | Fix information exposure issue via | | | buf.pl and /upgrade [CVE-2016-7553]; fix | | | NULL pointer dereference in the nickcmp | | | function [CVE-2017-5193], use-after-free | | | when receiving invalid nick message | | | [CVE-2017-5194] and out-of-bounds read | | | in certain incomplete control codes | | | [CVE-2017-5195] | | | | | isenkram [33] | Download firmware using curl; use HTTPS | | | when downloading modaliases; change | | | mirror from http.debian.net to | | | httpredir.debian.org | | | | | jq [34] | Fix heap buffer overflow [CVE-2015-8863] | | | and stack exhaustion [CVE-2016-4074] | | | | | libclamunrar [35] | Fix out-of-band access | | | | | libdatetime-timezone- | Update to 2016h; update included data to | | perl [36] | 2016i; update to 2016j; update to 2016g | | | | | libfcgi-perl [37] | Fix "numerous connections cause | | | segfault DoS" [CVE-2012-6687] | | | | | libio-socket-ssl- | Fix issue with incorrect "unreadable | | perl [38] | SSL_key_file" error when using | | | filesystem ACLs | | | | | libmateweather [39] | Switch from discontinued | | | weather.noaa.gov to aviationweather.gov | | | | | libphp-adodb [40] | Fix XSS vulnerability [CVE-2016-4855] | | | and SQL injection issue [CVE-2016-7405] | | | | | libpng [41] | Fix null pointer deference issue | | | [CVE-2016-10087] | | | | | libwmf [42] | Fix allocating huge block of memory | | | [CVE-2016-9011] | | | | | linkchecker [43] | Fix HTTPS checks | | | | | linux [44] | Update to stable 3.16.39; add chaoskey | | | driver, backported from 4.8, support for | | | n25q256a11 SPI flash device; | | | security,perf: Allow unprivileged use of | | | perf_event_open to be disabled; several | | | bug and security fixes | | | | | lxc [45] | Attach: do not send procfd to attached | | | process [CVE-2016-8649]; remount bind | | | mounts if read-only flag is provided; | | | fix Alpine Linux container creation | | | | | mapserver [46] | Fix FTBFS with php >= 5.6.25; fix | | | information leak via error messages | | | [CVE-2016-9839] | | | | | mdadm [47] | Allow '--grow --continue' to | | | successfully reshape an array when using | | | backup space on a 'spare' device | | | | | metar [48] | Update report URL | | | | | minissdpd [49] | Fix improper validation of array index | | | vulnerability [CVE-2016-3178 CVE-2016- | | | 3179] | | | | | monotone [50] | Change the sigpipe test case to write 1M | | | of test data to increase chances of | | | overflowing the pipe buffer | | | | | most [51] | Fix shell injection attack when opening | | | lzma-compressed files [CVE-2016-1253] | | | | | mpg123 [52] | Fix DoS with crafted ID3v2 tags | | | | | musl [53] | Fix integer overflow [CVE-2016-8859] | | | | | nbd [54] | Stop mixing global flags into the flags | | | field that gets sent to the kernel, so | | | that connecting to nbd-server >= 3.9 | | | does not cause every export to be | | | (incorrectly) marked as read-only | | | | | nettle [55] | Protect against potential side-channel | | | attacks against exponentiation | | | operations [CVE-2016-6489] | | | | | nss-pam-ldapd [56] | Have init script stop action only return | | | when nslcd has actually stopped | | | | | nvidia-graphics- | Update to new driver version, including | | drivers [57] | security fixes [CVE-2016-8826 CVE-2016- | | | 7382 CVE-2016-7389] | | | | | nvidia-graphics-drivers- | Update to new driver version, including | | legacy-304xx [58] | security fixes [CVE-2016-8826 CVE-2016- | | | 7382 CVE-2016-7389] | | | | | nvidia-graphics- | Rebuild against nvidia-kernel-source | | modules [59] | 340.101 | | | | | openbox [60] | Add libxcursor-dev build-dependency to | | | fix loading of startup notifications; | | | replace getgrent with getgroups so as | | | not to enumerate all groups at startup | | | | | opendkim [61] | Fix relaxed canonicalization of folded | | | headers, which broke signatures | | | | | pam [62] | Fix handling of loginuid in containers | | | | | pgpdump [63] | Fix endless loop parsing specially | | | crafted input in read_binary [CVE-2016- | | | 4021] and buffer overrun in read_radix64 | | | | | postgresql-9.4 [64] | New upstream release | | | | | postgresql-common [65] | Pg_upgradecluster: Properly upgrade | | | databases with non-login role owners; | | | pg_ctlcluster: Protect against symlink | | | in /var/log/postgresql/ allowing the | | | creation of arbitrary files elsewhere | | | [CVE-2016-1255] | | | | | potrace [66] | Security fixes [CVE-2016-8694 CVE-2016- | | | 8695 CVE-2016-8696 CVE-2016-8697 | | | CVE-2016-8698 CVE-2016-8699 CVE-2016- | | | 8700 CVE-2016-8701 CVE-2016-8702 | | | CVE-2016-8703] | | | | | python-crypto [67] | Raise a warning when IV is used with ECB | | | or CTR and ignore the IV [CVE-2013-7459] | | | | | python-werkzeug [68] | Fix XSS issue in debugger | | | | | qtbase-opensource- | Prevent bad-ptrs deref in | | src [69] | QNetworkConfigurationManagerPrivate; fix | | | X11 tray icons on some desktops | | | | | rawtherapee [70] | Fix buffer overflow in dcraw [CVE-2015- | | | 8366] | | | | | redmine [71] | Handle dependency check failure when | | | triggered, to avoid breaking in the | | | middle of dist-upgrades; avoid opening | | | database configuration that are not | | | readable | | | | | samba [72] | Fix "client side SMB2/3 required | | | signing can be downgraded" [CVE-2016- | | | 2119], various regressions introduced by | | | the 4.2.10 security fixes, segfault with | | | clustering | | | | | sed [73] | Ensure consistent permissions with | | | different umasks | | | | | shutter [74] | Fix insecure usage of system() | | | [CVE-2015-0854] | | | | | sniffit [75] | Security fix [CVE-2014-5439] | | | | | suckless-tools [76] | Fix SEGV in slock when user's account | | | has been disabled [CVE-2016-6866] | | | | | sympa [77] | Fix logrotate configuration so that | | | sympa is not left in a confused state | | | when systemd is used | | | | | systemd [78] | Don't return any error in | | | manager_dispatch_notify_fd() [CVE-2016- | | | 7796]; core: Rework logic to determine | | | when we decide to add automatic deps for | | | mounts; various ordering fixes for | | | ifupdown; systemctl: Fix argument | | | handling when invoked as shutdown; | | | localed: tolerate absence of /etc/ | | | default/keyboard; systemctl, loginctl, | | | etc.: Don't start polkit agent when | | | running as root | | | | | tevent [79] | New upstream version, required for samba | | | | | tre [80] | Fix regex integer overflow in buffer | | | size computations [CVE-2016-8859] | | | | | tzdata [81] | Update included data to 2016h; update to | | | 2016g; update to 2016j; update included | | | data to 2016i | | | | | unrtf [82] | Fix buffer overflow in various cmd_ | | | functions [CVE-2016-10091] | | | | | w3m [83] | Several security fixes [CVE-2016-9430 | | | CVE-2016-9434 CVE-2016-9438 CVE-2016- | | | 9440 CVE-2016-9441 CVE-2016-9423 | | | CVE-2016-9431 CVE-2016-9424 CVE-2016- | | | 9432 CVE-2016-9433 CVE-2016-9437 | | | CVE-2016-9422 CVE-2016-9435 CVE-2016- | | | 9436 CVE-2016-9426 CVE-2016-9425 | | | CVE-2016-9428 CVE-2016-9442 CVE-2016- | | | 9443 CVE-2016-9429 CVE-2016-9621 | | | CVE-2016-9439 CVE-2016-9622 CVE-2016- | | | 9623 CVE-2016-9624 CVE-2016-9625 | | | CVE-2016-9626 CVE-2016-9627 CVE-2016- | | | 9628 CVE-2016-9629 CVE-2016-9631 | | | CVE-2016-9630 CVE-2016-9632 CVE-2016- | | | 9633] | | | | | wireless-regdb [84] | Update included data | | | | | wot [85] | Remove plugin due to privacy issues | | | | | xwax [86] | Replace ffmpeg with avconv from libav- | | | tools | | | | | zookeeper [87] | Fix buffer overflow via the input | | | command when using the "cmd:" batch | | | mode syntax [CVE-2016-5017] | | | | +--------------------------+------------------------------------------+ 1: https://packages.debian.org/src:ark 2: https://packages.debian.org/src:asterisk 3: https://packages.debian.org/src:asused 4: https://packages.debian.org/src:base-files 5: https://packages.debian.org/src:bash 6: https://packages.debian.org/src:ca-certificates 7: https://packages.debian.org/src:cairo 8: https://packages.debian.org/src:ccache 9: https://packages.debian.org/src:ceph 10: https://packages.debian.org/src:chirp 11: https://packages.debian.org/src:cyrus-imapd-2.4 12: https://packages.debian.org/src:darktable 13: https://packages.debian.org/src:dbus 14: https://packages.debian.org/src:debian-edu-doc 15: https://packages.debian.org/src:debian-edu-install 16: https://packages.debian.org/src:debian-installer 17: https://packages.debian.org/src:debian-installer-netboot-images 18: https://packages.debian.org/src:duck 19: https://packages.debian.org/src:e2fsprogs 20: https://packages.debian.org/src:ebook-speaker 21: https://packages.debian.org/src:elog 22: https://packages.debian.org/src:evolution-data-server 23: https://packages.debian.org/src:exim4 24: https://packages.debian.org/src:file 25: https://packages.debian.org/src:ganeti-instance-debootstrap 26: https://packages.debian.org/src:glibc 27: https://packages.debian.org/src:glusterfs 28: https://packages.debian.org/src:gnutls28 29: https://packages.debian.org/src:hplip 30: https://packages.debian.org/src:ieee-data 31: https://packages.debian.org/src:intel-microcode 32: https://packages.debian.org/src:irssi 33: https://packages.debian.org/src:isenkram 34: https://packages.debian.org/src:jq 35: https://packages.debian.org/src:libclamunrar 36: https://packages.debian.org/src:libdatetime-timezone-perl 37: https://packages.debian.org/src:libfcgi-perl 38: https://packages.debian.org/src:libio-socket-ssl-perl 39: https://packages.debian.org/src:libmateweather 40: https://packages.debian.org/src:libphp-adodb 41: https://packages.debian.org/src:libpng 42: https://packages.debian.org/src:libwmf 43: https://packages.debian.org/src:linkchecker 44: https://packages.debian.org/src:linux 45: https://packages.debian.org/src:lxc 46: https://packages.debian.org/src:mapserver 47: https://packages.debian.org/src:mdadm 48: https://packages.debian.org/src:metar 49: https://packages.debian.org/src:minissdpd 50: https://packages.debian.org/src:monotone 51: https://packages.debian.org/src:most 52: https://packages.debian.org/src:mpg123 53: https://packages.debian.org/src:musl 54: https://packages.debian.org/src:nbd 55: https://packages.debian.org/src:nettle 56: https://packages.debian.org/src:nss-pam-ldapd 57: https://packages.debian.org/src:nvidia-graphics-drivers 58: https://packages.debian.org/src:nvidia-graphics-drivers-legacy-304xx 59: https://packages.debian.org/src:nvidia-graphics-modules 60: https://packages.debian.org/src:openbox 61: https://packages.debian.org/src:opendkim 62: https://packages.debian.org/src:pam 63: https://packages.debian.org/src:pgpdump 64: https://packages.debian.org/src:postgresql-9.4 65: https://packages.debian.org/src:postgresql-common 66: https://packages.debian.org/src:potrace 67: https://packages.debian.org/src:python-crypto 68: https://packages.debian.org/src:python-werkzeug 69: https://packages.debian.org/src:qtbase-opensource-src 70: https://packages.debian.org/src:rawtherapee 71: https://packages.debian.org/src:redmine 72: https://packages.debian.org/src:samba 73: https://packages.debian.org/src:sed 74: https://packages.debian.org/src:shutter 75: https://packages.debian.org/src:sniffit 76: https://packages.debian.org/src:suckless-tools 77: https://packages.debian.org/src:sympa 78: https://packages.debian.org/src:systemd 79: https://packages.debian.org/src:tevent 80: https://packages.debian.org/src:tre 81: https://packages.debian.org/src:tzdata 82: https://packages.debian.org/src:unrtf 83: https://packages.debian.org/src:w3m 84: https://packages.debian.org/src:wireless-regdb 85: https://packages.debian.org/src:wot 86: https://packages.debian.org/src:xwax 87: https://packages.debian.org/src:zookeeper Security Updates ---------------- This revision adds the following security updates to the stable release. The Security Team has already released an advisory for each of these updates: +----------------+----------------------------+ | Advisory ID | Package | +----------------+----------------------------+ | DSA-3636 [88] | collectd [89] | | | | | DSA-3665 [90] | openjpeg2 [91] | | | | | DSA-3666 [92] | mysql-5.5 [93] | | | | | DSA-3667 [94] | chromium-browser [95] | | | | | DSA-3668 [96] | mailman [97] | | | | | DSA-3669 [98] | tomcat7 [99] | | | | | DSA-3670 [100] | tomcat8 [101] | | | | | DSA-3671 [102] | wireshark [103] | | | | | DSA-3672 [104] | irssi [105] | | | | | DSA-3673 [106] | openssl [107] | | | | | DSA-3674 [108] | firefox-esr [109] | | | | | DSA-3675 [110] | imagemagick [111] | | | | | DSA-3676 [112] | unadf [113] | | | | | DSA-3677 [114] | libarchive [115] | | | | | DSA-3678 [116] | python-django [117] | | | | | DSA-3679 [118] | jackrabbit [119] | | | | | DSA-3680 [120] | bind9 [121] | | | | | DSA-3681 [122] | wordpress [123] | | | | | DSA-3682 [124] | c-ares [125] | | | | | DSA-3683 [126] | chromium-browser [127] | | | | | DSA-3684 [128] | libdbd-mysql-perl [129] | | | | | DSA-3685 [130] | libav [131] | | | | | DSA-3686 [132] | icedove [133] | | | | | DSA-3687 [134] | nspr [135] | | | | | DSA-3688 [136] | nss [137] | | | | | DSA-3689 [138] | php5 [139] | | | | | DSA-3691 [140] | ghostscript [141] | | | | | DSA-3692 [142] | freeimage [143] | | | | | DSA-3693 [144] | libgd2 [145] | | | | | DSA-3694 [146] | tor [147] | | | | | DSA-3695 [148] | quagga [149] | | | | | DSA-3696 [150] | linux [151] | | | | | DSA-3697 [152] | kdepimlibs [153] | | | | | DSA-3698 [154] | php5 [155] | | | | | DSA-3700 [156] | asterisk [157] | | | | | DSA-3701 [158] | nginx [159] | | | | | DSA-3702 [160] | tar [161] | | | | | DSA-3703 [162] | bind9 [163] | | | | | DSA-3704 [164] | memcached [165] | | | | | DSA-3705 [166] | curl [167] | | | | | DSA-3706 [168] | mysql-5.5 [169] | | | | | DSA-3709 [170] | libxslt [171] | | | | | DSA-3710 [172] | pillow [173] | | | | | DSA-3712 [174] | terminology [175] | | | | | DSA-3713 [176] | gst-plugins-bad0.10 [177] | | | | | DSA-3714 [178] | akonadi [179] | | | | | DSA-3715 [180] | moin [181] | | | | | DSA-3716 [182] | firefox-esr [183] | | | | | DSA-3717 [184] | gst-plugins-bad0.10 [185] | | | | | DSA-3717 [186] | gst-plugins-bad1.0 [187] | | | | | DSA-3718 [188] | drupal7 [189] | | | | | DSA-3719 [190] | wireshark [191] | | | | | DSA-3720 [192] | tomcat8 [193] | | | | | DSA-3721 [194] | tomcat7 [195] | | | | | DSA-3722 [196] | vim [197] | | | | | DSA-3723 [198] | gst-plugins-good1.0 [199] | | | | | DSA-3724 [200] | gst-plugins-good0.10 [201] | | | | | DSA-3725 [202] | icu [203] | | | | | DSA-3726 [204] | imagemagick [205] | | | | | DSA-3727 [206] | hdf5 [207] | | | | | DSA-3728 [208] | firefox-esr [209] | | | | | DSA-3729 [210] | xen [211] | | | | | DSA-3731 [212] | chromium-browser [213] | | | | | DSA-3732 [214] | php-ssh2 [215] | | | | | DSA-3732 [216] | php5 [217] | | | | | DSA-3733 [218] | apt [219] | | | | | DSA-3734 [220] | firefox-esr [221] | | | | | DSA-3735 [222] | game-music-emu [223] | | | | | DSA-3736 [224] | libupnp [225] | | | | | DSA-3737 [226] | php5 [227] | | | | | DSA-3738 [228] | tomcat7 [229] | | | | | DSA-3739 [230] | tomcat8 [231] | | | | | DSA-3740 [232] | samba [233] | | | | | DSA-3741 [234] | tor [235] | | | | | DSA-3743 [236] | python-bottle [237] | | | | | DSA-3744 [238] | libxml2 [239] | | | | | DSA-3745 [240] | squid3 [241] | | | | | DSA-3747 [242] | exim4 [243] | | | | | DSA-3748 [244] | libcrypto++ [245] | | | | | DSA-3749 [246] | dcmtk [247] | | | | | DSA-3750 [248] | libphp-phpmailer [249] | | | | | DSA-3751 [250] | libgd2 [251] | | | | | DSA-3752 [252] | pcsc-lite [253] | | | | | DSA-3753 [254] | libvncserver [255] | | | | | DSA-3754 [256] | tomcat7 [257] | | | | | DSA-3755 [258] | tomcat8 [259] | | | | +----------------+----------------------------+ 88: https://www.debian.org/security/2016/dsa-3636 89: https://packages.debian.org/src:collectd 90: https://www.debian.org/security/2016/dsa-3665 91: https://packages.debian.org/src:openjpeg2 92: https://www.debian.org/security/2016/dsa-3666 93: https://packages.debian.org/src:mysql-5.5 94: https://www.debian.org/security/2016/dsa-3667 95: https://packages.debian.org/src:chromium-browser 96: https://www.debian.org/security/2016/dsa-3668 97: https://packages.debian.org/src:mailman 98: https://www.debian.org/security/2016/dsa-3669 99: https://packages.debian.org/src:tomcat7 100: https://www.debian.org/security/2016/dsa-3670 101: https://packages.debian.org/src:tomcat8 102: https://www.debian.org/security/2016/dsa-3671 103: https://packages.debian.org/src:wireshark 104: https://www.debian.org/security/2016/dsa-3672 105: https://packages.debian.org/src:irssi 106: https://www.debian.org/security/2016/dsa-3673 107: https://packages.debian.org/src:openssl 108: https://www.debian.org/security/2016/dsa-3674 109: https://packages.debian.org/src:firefox-esr 110: https://www.debian.org/security/2016/dsa-3675 111: https://packages.debian.org/src:imagemagick 112: https://www.debian.org/security/2016/dsa-3676 113: https://packages.debian.org/src:unadf 114: https://www.debian.org/security/2016/dsa-3677 115: https://packages.debian.org/src:libarchive 116: https://www.debian.org/security/2016/dsa-3678 117: https://packages.debian.org/src:python-django 118: https://www.debian.org/security/2016/dsa-3679 119: https://packages.debian.org/src:jackrabbit 120: https://www.debian.org/security/2016/dsa-3680 121: https://packages.debian.org/src:bind9 122: https://www.debian.org/security/2016/dsa-3681 123: https://packages.debian.org/src:wordpress 124: https://www.debian.org/security/2016/dsa-3682 125: https://packages.debian.org/src:c-ares 126: https://www.debian.org/security/2016/dsa-3683 127: https://packages.debian.org/src:chromium-browser 128: https://www.debian.org/security/2016/dsa-3684 129: https://packages.debian.org/src:libdbd-mysql-perl 130: https://www.debian.org/security/2016/dsa-3685 131: https://packages.debian.org/src:libav 132: https://www.debian.org/security/2016/dsa-3686 133: https://packages.debian.org/src:icedove 134: https://www.debian.org/security/2016/dsa-3687 135: https://packages.debian.org/src:nspr 136: https://www.debian.org/security/2016/dsa-3688 137: https://packages.debian.org/src:nss 138: https://www.debian.org/security/2016/dsa-3689 139: https://packages.debian.org/src:php5 140: https://www.debian.org/security/2016/dsa-3691 141: https://packages.debian.org/src:ghostscript 142: https://www.debian.org/security/2016/dsa-3692 143: https://packages.debian.org/src:freeimage 144: https://www.debian.org/security/2016/dsa-3693 145: https://packages.debian.org/src:libgd2 146: https://www.debian.org/security/2016/dsa-3694 147: https://packages.debian.org/src:tor 148: https://www.debian.org/security/2016/dsa-3695 149: https://packages.debian.org/src:quagga 150: https://www.debian.org/security/2016/dsa-3696 151: https://packages.debian.org/src:linux 152: https://www.debian.org/security/2016/dsa-3697 153: https://packages.debian.org/src:kdepimlibs 154: https://www.debian.org/security/2016/dsa-3698 155: https://packages.debian.org/src:php5 156: https://www.debian.org/security/2016/dsa-3700 157: https://packages.debian.org/src:asterisk 158: https://www.debian.org/security/2016/dsa-3701 159: https://packages.debian.org/src:nginx 160: https://www.debian.org/security/2016/dsa-3702 161: https://packages.debian.org/src:tar 162: https://www.debian.org/security/2016/dsa-3703 163: https://packages.debian.org/src:bind9 164: https://www.debian.org/security/2016/dsa-3704 165: https://packages.debian.org/src:memcached 166: https://www.debian.org/security/2016/dsa-3705 167: https://packages.debian.org/src:curl 168: https://www.debian.org/security/2016/dsa-3706 169: https://packages.debian.org/src:mysql-5.5 170: https://www.debian.org/security/2016/dsa-3709 171: https://packages.debian.org/src:libxslt 172: https://www.debian.org/security/2016/dsa-3710 173: https://packages.debian.org/src:pillow 174: https://www.debian.org/security/2016/dsa-3712 175: https://packages.debian.org/src:terminology 176: https://www.debian.org/security/2016/dsa-3713 177: https://packages.debian.org/src:gst-plugins-bad0.10 178: https://www.debian.org/security/2016/dsa-3714 179: https://packages.debian.org/src:akonadi 180: https://www.debian.org/security/2016/dsa-3715 181: https://packages.debian.org/src:moin 182: https://www.debian.org/security/2016/dsa-3716 183: https://packages.debian.org/src:firefox-esr 184: https://www.debian.org/security/2016/dsa-3717 185: https://packages.debian.org/src:gst-plugins-bad0.10 186: https://www.debian.org/security/2016/dsa-3717 187: https://packages.debian.org/src:gst-plugins-bad1.0 188: https://www.debian.org/security/2016/dsa-3718 189: https://packages.debian.org/src:drupal7 190: https://www.debian.org/security/2016/dsa-3719 191: https://packages.debian.org/src:wireshark 192: https://www.debian.org/security/2016/dsa-3720 193: https://packages.debian.org/src:tomcat8 194: https://www.debian.org/security/2016/dsa-3721 195: https://packages.debian.org/src:tomcat7 196: https://www.debian.org/security/2016/dsa-3722 197: https://packages.debian.org/src:vim 198: https://www.debian.org/security/2016/dsa-3723 199: https://packages.debian.org/src:gst-plugins-good1.0 200: https://www.debian.org/security/2016/dsa-3724 201: https://packages.debian.org/src:gst-plugins-good0.10 202: https://www.debian.org/security/2016/dsa-3725 203: https://packages.debian.org/src:icu 204: https://www.debian.org/security/2016/dsa-3726 205: https://packages.debian.org/src:imagemagick 206: https://www.debian.org/security/2016/dsa-3727 207: https://packages.debian.org/src:hdf5 208: https://www.debian.org/security/2016/dsa-3728 209: https://packages.debian.org/src:firefox-esr 210: https://www.debian.org/security/2016/dsa-3729 211: https://packages.debian.org/src:xen 212: https://www.debian.org/security/2016/dsa-3731 213: https://packages.debian.org/src:chromium-browser 214: https://www.debian.org/security/2016/dsa-3732 215: https://packages.debian.org/src:php-ssh2 216: https://www.debian.org/security/2016/dsa-3732 217: https://packages.debian.org/src:php5 218: https://www.debian.org/security/2016/dsa-3733 219: https://packages.debian.org/src:apt 220: https://www.debian.org/security/2016/dsa-3734 221: https://packages.debian.org/src:firefox-esr 222: https://www.debian.org/security/2016/dsa-3735 223: https://packages.debian.org/src:game-music-emu 224: https://www.debian.org/security/2016/dsa-3736 225: https://packages.debian.org/src:libupnp 226: https://www.debian.org/security/2016/dsa-3737 227: https://packages.debian.org/src:php5 228: https://www.debian.org/security/2016/dsa-3738 229: https://packages.debian.org/src:tomcat7 230: https://www.debian.org/security/2016/dsa-3739 231: https://packages.debian.org/src:tomcat8 232: https://www.debian.org/security/2016/dsa-3740 233: https://packages.debian.org/src:samba 234: https://www.debian.org/security/2016/dsa-3741 235: https://packages.debian.org/src:tor 236: https://www.debian.org/security/2016/dsa-3743 237: https://packages.debian.org/src:python-bottle 238: https://www.debian.org/security/2016/dsa-3744 239: https://packages.debian.org/src:libxml2 240: https://www.debian.org/security/2016/dsa-3745 241: https://packages.debian.org/src:squid3 242: https://www.debian.org/security/2016/dsa-3747 243: https://packages.debian.org/src:exim4 244: https://www.debian.org/security/2016/dsa-3748 245: https://packages.debian.org/src:libcrypto++ 246: https://www.debian.org/security/2016/dsa-3749 247: https://packages.debian.org/src:dcmtk 248: https://www.debian.org/security/2017/dsa-3750 249: https://packages.debian.org/src:libphp-phpmailer 250: https://www.debian.org/security/2017/dsa-3751 251: https://packages.debian.org/src:libgd2 252: https://www.debian.org/security/2017/dsa-3752 253: https://packages.debian.org/src:pcsc-lite 254: https://www.debian.org/security/2017/dsa-3753 255: https://packages.debian.org/src:libvncserver 256: https://www.debian.org/security/2017/dsa-3754 257: https://packages.debian.org/src:tomcat7 258: https://www.debian.org/security/2017/dsa-3755 259: https://packages.debian.org/src:tomcat8 Removed packages ---------------- The following packages were removed due to circumstances beyond our control: +----------------+-----------------+ | Package | Reason | +----------------+-----------------+ | dotclear [260] | Security issues | | | | | sogo [261] | Security issues | | | | +----------------+-----------------+ 260: https://packages.debian.org/src:dotclear 261: https://packages.debian.org/src:sogo Debian Installer ---------------- The installer has been updated to include the fixes incorporated into stable by the point release. URLs ---- The complete lists of packages that have changed with this revision: http://ftp.debian.org/debian/dists/jessie/ChangeLog The current stable distribution: http://ftp.debian.org/debian/dists/stable/ Proposed updates to the stable distribution: http://ftp.debian.org/debian/dists/proposed-updates stable distribution information (release notes, errata etc.): https://www.debian.org/releases/stable/ Security announcements and information: https://security.debian.org/ [262] 262: https://www.debian.org/security/ About Debian ------------ The Debian Project is an association of Free Software developers who volunteer their time and effort in order to produce the completely free operating system Debian. Contact Information ------------------- For further information, please visit the Debian web pages at https://www.debian.org/, send mail to <press@debian.org>, or contact the stable release team at <debian-release@lists.debian.org>.
Attachment:
signature.asc
Description: PGP signature