[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Updated Debian 9: 9.2 released



------------------------------------------------------------------------
The Debian Project                               https://www.debian.org/
Updated Debian 9: 9.2 released                          press@debian.org
October 7th, 2017              https://www.debian.org/News/2017/20171007
------------------------------------------------------------------------


The Debian project is pleased to announce the second update of its
stable distribution Debian 9 (codename "stretch"). This point release
mainly adds corrections for security issues, along with a few
adjustments for serious problems. Security advisories have already been
published separately and are referenced where available.

Please note that the point release does not constitute a new version of
Debian 9 but only updates some of the packages included. There is no
need to throw away old "stretch" media. After installation, packages can
be upgraded to the current versions using an up-to-date Debian mirror.

Those who frequently install updates from security.debian.org won't have
to update many packages, and most such updates are included in the point
release.

New installation images will be available soon at the regular locations.

Upgrading an existing installation to this revision can be achieved by
pointing the package management system at one of Debian's many HTTP
mirrors. A comprehensive list of mirrors is available at:

https://www.debian.org/mirror/list


As a special case for this point release, those using the "apt-get" tool
to perform the upgrade will need to ensure that the "dist-upgrade"
command is used, in order to update to the latest kernel packages. Users
of other tools such as "apt" and "aptitude" should use the "upgrade"
command.


Miscellaneous Bugfixes
----------------------

Due to an oversight while preparing the point release, the usual
update to the "base-files" package to reflect the new version was
unfortunately not included. An updated package will be made available
via "stretch-updates" in the near future.

This stable update adds a few important corrections to the following
packages:

+--------------------------+------------------------------------------+
| Package                  | Reason                                   |
+--------------------------+------------------------------------------+
| apt [1]                  | Fix issues in apt-daily-upgrade; fix a   |
|                          | possible crash in the mirror method      |
|                          |                                          |
| at-spi2-core [2]         | Fix crash on switching windows           |
|                          |                                          |
| bareos [3]               | Fix permissions of bareos-dir logrotate  |
|                          | config on upgrade; fix file corruption   |
|                          | when using SHA1 signature                |
|                          |                                          |
| bind9 [4]                | Import support for DNSSEC KSK-2017       |
|                          |                                          |
| bridge-utils [5]         | Fix a problem with some vlan interfaces  |
|                          | not being created                        |
|                          |                                          |
| caja [6]                 | Fix excessive CPU use while loading      |
|                          | background image                         |
|                          |                                          |
| chrony [7]               | Do not pass 'burst' command to chronyc   |
|                          |                                          |
| cross-gcc [8]            | Fix outdated support for gcc 6.3.0-18    |
|                          |                                          |
| cvxopt [9]               | Remove the unneccessary and non-working  |
|                          | compatibility layer for lpx_main()       |
|                          |                                          |
| db5.3 [10]               | Do not access DB_CONFIG when db_home is  |
|                          | not set [CVE-2017-10140]                 |
|                          |                                          |
| dbus [11]                | New upstream stable release              |
|                          |                                          |
| debian-edu-doc [12]      | Merge stretch related documentation and  |
|                          | translation updates; update Debian Edu   |
|                          | Stretch manual from the wiki; replace    |
|                          | existing boot menu screenshots with      |
|                          | recent ones from the wiki                |
|                          |                                          |
| debian-installer [13]    | Update Linux kernel ABI to 4             |
|                          |                                          |
| debian-installer-        | Rebuild against proposed-updates         |
| netboot-images [14]      |                                          |
|                          |                                          |
| desktop-base [15]        | Fix XML syntax errors in gnome wallpaper |
|                          | description files making Joy wallpapers  |
|                          | unavailable by default; ensure postinst  |
|                          | doesn’t fail on upgrade even when an     |
|                          | incomplete theme pack is active          |
|                          |                                          |
| dns-root-data [16]       | Update root.hints to 2017072601 version; |
|                          | change the state of KSK-2017 to VALID    |
|                          |                                          |
| dnsdist [17]             | Security fixes [CVE-2016-7069 CVE-2017-  |
|                          | 7557]                                    |
|                          |                                          |
| dnsviz [18]              | Cherry-pick upstream fixes related to    |
|                          | root.hints and root.keys changes         |
|                          |                                          |
| dose3 [19]               | Fix versioned provides support -         |
|                          | packages that provide the same virtual   |
|                          | package in different versions, or that   |
|                          | provide the same versioned virtual       |
|                          | package as a real package, are co-       |
|                          | installable                              |
|                          |                                          |
| ecl [20]                 | Add missing dependency on libffi-dev     |
|                          |                                          |
| erlang-p1-tls [21]       | Fix ECDH curves                          |
|                          |                                          |
| evolution [22]           | Fix hang on right click in composer      |
|                          | window                                   |
|                          |                                          |
| expect [23]              | Properly check for EOF, to avoid losing  |
|                          | input                                    |
|                          |                                          |
| fife [24]                | Fix memory leak                          |
|                          |                                          |
| flatpak [25]             | New upstream stable release; prevent     |
|                          | deploying files with inappropriate       |
|                          | permissions; restore compatibility with  |
|                          | libostree 2017.7                         |
|                          |                                          |
| freerdp [26]             | Enable TLS >= 1.1 support                |
|                          |                                          |
| gnome-exe-               | Switch to msitools' msiinfo for          |
| thumbnailer [27]         | ProductVersion fetching, replacing the   |
|                          | insecure VBScript-based parsing          |
|                          | [CVE-2017-11421]; fix unreadable white-  |
|                          | on-white text on version labels          |
|                          |                                          |
| gnupg2 [28]              | Fix dirmngr issues with broken reverse   |
|                          | DNS, assertion when using  "tofu-        |
|                          | default-policy ask" , multiple issues    |
|                          | with scdaemon, avoid spurious warnings   |
|                          | when sharing a keybox with gpg >= 2.1.20 |
|                          |                                          |
| gnutls28 [29]            | Fix OCSP verification errors, especially |
|                          | with ECDSA signatures                    |
|                          |                                          |
| gosa-plugin-             | Fix parent constructor calls, for        |
| mailaddress [30]         | compatibility with PHP7                  |
|                          |                                          |
| gsoap [31]               | Fix integer overflow via large XML       |
|                          | document [CVE-2017-9765]                 |
|                          |                                          |
| haveged [32]             | Start haveged.service after systemd-     |
|                          | tmpfiles-setup.service has been run      |
|                          |                                          |
| ipsec-tools [33]         | Security fix [CVE-2016-10396]            |
|                          |                                          |
| irssi [34]               | Fix null pointer dereference [CVE-2017-  |
|                          | 10965], use-after-free condition for     |
|                          | nicklist [CVE-2017-10966]                |
|                          |                                          |
| kanatest [35]            | Remove DISABLE_DEPRECATED flags, they    |
|                          | cause implicit pointer conversion and    |
|                          | thus a segmentation fault on startup     |
|                          |                                          |
| kdepim [36]              | Fix  "send Later with Delay bypasses     |
|                          | OpenPGP"  [CVE-2017-9604]                |
|                          |                                          |
| kf5-messagelib [37]      | Fix  "send Later with Delay bypasses     |
|                          | OpenPGP"  [CVE-2017-9604]                |
|                          |                                          |
| krb5 [38]                | Fix security issue where remote          |
|                          | authenticated attackers can crash the    |
|                          | KDC [CVE-2017-11368]; fix startup if     |
|                          | getaddrinfo() returns a wildcard v6      |
|                          | address and handling of explicitly       |
|                          | specified v4 wildcard address; fix SRV   |
|                          | lookups to respect udp_preference_limit  |
|                          |                                          |
| lava-tool [39]           | Add missing dependency on python-        |
|                          | simplejson                               |
|                          |                                          |
| librsb [40]              | Fix a few severe bugs leading to         |
|                          | numerically wrong results                |
|                          |                                          |
| libselinux [41]          | Rebuild with new sbuild to fix changelog |
|                          | date                                     |
|                          |                                          |
| libsolv [42]             | Fix dependencies on Python 3 modules     |
|                          |                                          |
| libwpd [43]              | Fix denial of service issue              |
|                          | [CVE-2017-14226]                         |
|                          |                                          |
| linux [44]               | New upstream stable version              |
|                          |                                          |
| linux-latest [45]        | Update to 4.9.0-4                        |
|                          |                                          |
| lzma [46]                | Rebuild with new sbuild to fix changelog |
|                          | date                                     |
|                          |                                          |
| mailman [47]             | Fix broken dependencies in               |
|                          | contrib/SpamAssassin.py                  |
|                          |                                          |
| mate-power-manager [48]  | Don't abort on unknown DBus signal name  |
|                          |                                          |
| mate-themes [49]         | Fix font colour of URL bar in Google     |
|                          | Chrome                                   |
|                          |                                          |
| mate-tweak [50]          | Add missing dependency on python3-gi     |
|                          |                                          |
| ncurses [51]             | Fix various crash bugs in the tic        |
|                          | library and the tic binary               |
|                          | [CVE-2017-10684 CVE-2017-10685           |
|                          |  CVE-2017-11112 CVE-2017-11113           |
|                          |  CVE-2017-13728 CVE-2017-13729           |
|                          |  CVE-2017-13730 CVE-2017-13731           |
|                          |  CVE-2017-13732 CVE-2017-13734           |
|                          |  CVE-2017-13733]                         |
|                          |                                          |
| nettle [52]              | Rebuild with new sbuild to fix changelog |
|                          | date                                     |
|                          |                                          |
| node-brace-              | Fix regular expression denial of service |
| expansion [53]           | issue                                    |
|                          |                                          |
| node-dateformat [54]     | Set TZ=UTC for tests to fix build        |
|                          | failure                                  |
|                          |                                          |
| ntp [55]                 | Build and install /usr/bin/sntp          |
|                          |                                          |
| nvidia-graphics-         | New upstream long lived branch release   |
| drivers [56]             | 375.82 - security fixes [CVE-2017-6257   |
|                          | CVE-2017-6259], add support for the      |
|                          | following GPUs: GeForce GTX 1080 with    |
|                          | Max-Q Design, GeForce GTX 1070 with Max- |
|                          | Q Design, GeForce GTX 1060 with Max-Q    |
|                          | Design; nvidia-kernel-dkms: Honor        |
|                          | parallel setting from dkms               |
|                          |                                          |
| open-vm-tools [57]       | Randomly generate temporary directory    |
|                          | name [CVE-2015-5191]                     |
|                          |                                          |
| opendkim [58]            | Start as root and drop privileges in     |
|                          | opendkim for proper key file ownership   |
|                          |                                          |
| openldap [59]            | Relax the dependency of libldap-2.4-2 on |
|                          | libldap-common to also permit later      |
|                          | versions; fix upgrade failure when       |
|                          | olcSuffix contains a backslash; avoid    |
|                          | reading the value of the                 |
|                          | LDAP_OPT_X_TLS_REQUIRE_CERT option from  |
|                          | previously freed memory; fix potential   |
|                          | endless replication loop in a multi-     |
|                          | master delta-syncrepl scenario with 3 or |
|                          | more nodes; fix memory corruption caused |
|                          | by calling sasl_client_init() multiple   |
|                          | times and possibly concurrently          |
|                          |                                          |
| openvpn [60]             | Fix broken reconnects due to wrong push  |
|                          | digest calculation                       |
|                          |                                          |
| osinfo-db [61]           | Update distribution information          |
|                          |                                          |
| pcb-rnd [62]             | Fix execution of code via a maliciously  |
|                          | formed design file                       |
|                          |                                          |
| postfix [63]             | New upstream stable version - send       |
|                          | single character variable names to       |
|                          | milters without {}; prevent MIME         |
|                          | downgrade of Postfix-generated message/  |
|                          | delivery status; work around Berkeley DB |
|                          | attempting to read settings from         |
|                          | "DB_CONFIG"  file                        |
|                          |                                          |
| python-pampy [64]        | Fix dependencies on Python 3 modules     |
|                          |                                          |
| request-tracker4 [65]    | Fix regression in previous security      |
|                          | release where incorrect SHA256 passwords |
|                          | could trigger an error                   |
|                          |                                          |
| ruby-gnome2 [66]         | ruby-                                    |
|                          | {gdk3,gtksourceview2,pango,poppler}: Add |
|                          | missing dependencies                     |
|                          |                                          |
| samba [67]               | Ensure SMB signing enforced [CVE-2017-   |
|                          | 12150]; keep required encryption across  |
|                          | SMB3 DFS redirects [CVE-2017-12151]; fix |
|                          | server memory information leak over SMB1 |
|                          | [CVE-2017-12163]; new upstream release;  |
|                          | fix libpam-winbind.prerm to be           |
|                          | multiarch-safe; add missing logrotate    |
|                          | for /var/log/samba/log.samba; fix        |
|                          | outdated DNS Root servers; fix  "Non-    |
|                          | kerberos logins fails on winbind 4.X     |
|                          | when krb5_auth is configured in PAM"     |
|                          |                                          |
| smplayer [68]            | Fix connections to YouTube               |
|                          |                                          |
| speech-dispatcher [69]   | Make spd-conf work again                 |
|                          |                                          |
| suricata [70]            | Limit the number of recursive calls in   |
|                          | the DER/ASN.1 decoder to avoid stack     |
|                          | overflows                                |
|                          |                                          |
| swift [71]               | New upstream stable release              |
|                          |                                          |
| tbdialout [72]           | Include leading plus symbol when using   |
|                          | tel: URI scheme                          |
|                          |                                          |
| tiny-initramfs [73]      | Add missing dependency on cpio           |
|                          |                                          |
| topal [74]               | Fix misuse of sed character class syntax |
|                          |                                          |
| torsocks [75]            | Fix check_addr() to return either 0 or 1 |
|                          |                                          |
| trace-cmd [76]           | Fix segfault while processing certain    |
|                          | trace files                              |
|                          |                                          |
| unbound [77]             | Fix install of trust anchor when two     |
|                          | anchors are present; depend on dns-root- |
|                          | data (>= 2017072601~) for KSK-2017       |
|                          |                                          |
| unknown-horizons [78]    | Fix memory leak                          |
|                          |                                          |
| up-imapproxy [79]        | Correct systemd service file             |
|                          |                                          |
| vim [80]                 | Fix several crashes / illegal memory     |
|                          | accesses [CVE-2017-11109]                |
|                          |                                          |
| waagent [81]             | New upstream release, with support for   |
|                          | Azure Stack                              |
|                          |                                          |
| webkit2gtk [82]          | Upstream security and bugfix release     |
|                          | [CVE-2017-2538 CVE-2017-7052 CVE-2017-   |
|                          | 7018 CVE-2017-7030 CVE-2017-7034         |
|                          | CVE-2017-7037 CVE-2017-7039 CVE-2017-    |
|                          | 7046 CVE-2017-7048 CVE-2017-7055         |
|                          | CVE-2017-7056 CVE-2017-7061 CVE-2017-    |
|                          | 7064]                                    |
|                          |                                          |
| whois [83]               | Fix whois referrals                      |
|                          | for .com, .net, .jobs, .bz, .cc and .tv; |
|                          | add several new Indian TLD servers;      |
|                          | update the list of gTLDs                 |
|                          |                                          |
| wrk [84]                 | Fix build failures                       |
|                          |                                          |
| xfonts-ayu [85]          | Fix generation of bold and italic fonts  |
|                          |                                          |
| xkeyboard-config [86]    | Move Indic layouts back to the main      |
|                          | layout list, enabling their use again    |
|                          |                                          |
| yadm [87]                | Fix race condition which could allow     |
|                          | access to private PGP and SSH keys       |
|                          | [CVE-2017-11353]                         |
|                          |                                          |
+--------------------------+------------------------------------------+

    1: https://packages.debian.org/src:apt
    2: https://packages.debian.org/src:at-spi2-core
    3: https://packages.debian.org/src:bareos
    4: https://packages.debian.org/src:bind9
    5: https://packages.debian.org/src:bridge-utils
    6: https://packages.debian.org/src:caja
    7: https://packages.debian.org/src:chrony
    8: https://packages.debian.org/src:cross-gcc
    9: https://packages.debian.org/src:cvxopt
   10: https://packages.debian.org/src:db5.3
   11: https://packages.debian.org/src:dbus
   12: https://packages.debian.org/src:debian-edu-doc
   13: https://packages.debian.org/src:debian-installer
   14: https://packages.debian.org/src:debian-installer-netboot-images
   15: https://packages.debian.org/src:desktop-base
   16: https://packages.debian.org/src:dns-root-data
   17: https://packages.debian.org/src:dnsdist
   18: https://packages.debian.org/src:dnsviz
   19: https://packages.debian.org/src:dose3
   20: https://packages.debian.org/src:ecl
   21: https://packages.debian.org/src:erlang-p1-tls
   22: https://packages.debian.org/src:evolution
   23: https://packages.debian.org/src:expect
   24: https://packages.debian.org/src:fife
   25: https://packages.debian.org/src:flatpak
   26: https://packages.debian.org/src:freerdp
   27: https://packages.debian.org/src:gnome-exe-thumbnailer
   28: https://packages.debian.org/src:gnupg2
   29: https://packages.debian.org/src:gnutls28
   30: https://packages.debian.org/src:gosa-plugin-mailaddress
   31: https://packages.debian.org/src:gsoap
   32: https://packages.debian.org/src:haveged
   33: https://packages.debian.org/src:ipsec-tools
   34: https://packages.debian.org/src:irssi
   35: https://packages.debian.org/src:kanatest
   36: https://packages.debian.org/src:kdepim
   37: https://packages.debian.org/src:kf5-messagelib
   38: https://packages.debian.org/src:krb5
   39: https://packages.debian.org/src:lava-tool
   40: https://packages.debian.org/src:librsb
   41: https://packages.debian.org/src:libselinux
   42: https://packages.debian.org/src:libsolv
   43: https://packages.debian.org/src:libwpd
   44: https://packages.debian.org/src:linux
   45: https://packages.debian.org/src:linux-latest
   46: https://packages.debian.org/src:lzma
   47: https://packages.debian.org/src:mailman
   48: https://packages.debian.org/src:mate-power-manager
   49: https://packages.debian.org/src:mate-themes
   50: https://packages.debian.org/src:mate-tweak
   51: https://packages.debian.org/src:ncurses
   52: https://packages.debian.org/src:nettle
   53: https://packages.debian.org/src:node-brace-expansion
   54: https://packages.debian.org/src:node-dateformat
   55: https://packages.debian.org/src:ntp
   56: https://packages.debian.org/src:nvidia-graphics-drivers
   57: https://packages.debian.org/src:open-vm-tools
   58: https://packages.debian.org/src:opendkim
   59: https://packages.debian.org/src:openldap
   60: https://packages.debian.org/src:openvpn
   61: https://packages.debian.org/src:osinfo-db
   62: https://packages.debian.org/src:pcb-rnd
   63: https://packages.debian.org/src:postfix
   64: https://packages.debian.org/src:python-pampy
   65: https://packages.debian.org/src:request-tracker4
   66: https://packages.debian.org/src:ruby-gnome2
   67: https://packages.debian.org/src:samba
   68: https://packages.debian.org/src:smplayer
   69: https://packages.debian.org/src:speech-dispatcher
   70: https://packages.debian.org/src:suricata
   71: https://packages.debian.org/src:swift
   72: https://packages.debian.org/src:tbdialout
   73: https://packages.debian.org/src:tiny-initramfs
   74: https://packages.debian.org/src:topal
   75: https://packages.debian.org/src:torsocks
   76: https://packages.debian.org/src:trace-cmd
   77: https://packages.debian.org/src:unbound
   78: https://packages.debian.org/src:unknown-horizons
   79: https://packages.debian.org/src:up-imapproxy
   80: https://packages.debian.org/src:vim
   81: https://packages.debian.org/src:waagent
   82: https://packages.debian.org/src:webkit2gtk
   83: https://packages.debian.org/src:whois
   84: https://packages.debian.org/src:wrk
   85: https://packages.debian.org/src:xfonts-ayu
   86: https://packages.debian.org/src:xkeyboard-config
   87: https://packages.debian.org/src:yadm

Security Updates
----------------

This revision adds the following security updates to the stable release.
The Security Team has already released an advisory for each of these
updates:

+-----------------+-----------------------------+
| Advisory ID     | Package                     |
+-----------------+-----------------------------+
| DSA-3881 [88]   | firefox-esr [89]            |
|                 |                             |
| DSA-3898 [90]   | expat [91]                  |
|                 |                             |
| DSA-3904 [92]   | bind9 [93]                  |
|                 |                             |
| DSA-3909 [94]   | samba [95]                  |
|                 |                             |
| DSA-3913 [96]   | apache2 [97]                |
|                 |                             |
| DSA-3914 [98]   | imagemagick [99]            |
|                 |                             |
| DSA-3915 [100]  | ruby-mixlib-archive [101]   |
|                 |                             |
| DSA-3916 [102]  | atril [103]                 |
|                 |                             |
| DSA-3917 [104]  | catdoc [105]                |
|                 |                             |
| DSA-3919 [106]  | openjdk-8 [107]             |
|                 |                             |
| DSA-3920 [108]  | qemu [109]                  |
|                 |                             |
| DSA-3921 [110]  | enigmail [111]              |
|                 |                             |
| DSA-3923 [112]  | freerdp [113]               |
|                 |                             |
| DSA-3924 [114]  | varnish [115]               |
|                 |                             |
| DSA-3925 [116]  | qemu [117]                  |
|                 |                             |
| DSA-3926 [118]  | chromium-browser [119]      |
|                 |                             |
| DSA-3927 [120]  | linux [121]                 |
|                 |                             |
| DSA-3928 [122]  | firefox-esr [123]           |
|                 |                             |
| DSA-3929 [124]  | libsoup2.4 [125]            |
|                 |                             |
| DSA-3930 [126]  | freeradius [127]            |
|                 |                             |
| DSA-3931 [128]  | ruby-rack-cors [129]        |
|                 |                             |
| DSA-3932 [130]  | subversion [131]            |
|                 |                             |
| DSA-3934 [132]  | git [133]                   |
|                 |                             |
| DSA-3936 [134]  | postgresql-9.6 [135]        |
|                 |                             |
| DSA-3938 [136]  | libgd2 [137]                |
|                 |                             |
| DSA-3940 [138]  | cvs [139]                   |
|                 |                             |
| DSA-3941 [140]  | iortcw [141]                |
|                 |                             |
| DSA-3942 [142]  | supervisor [143]            |
|                 |                             |
| DSA-3946 [144]  | libmspack [145]             |
|                 |                             |
| DSA-3947 [146]  | newsbeuter [147]            |
|                 |                             |
| DSA-3948 [148]  | ioquake3 [149]              |
|                 |                             |
| DSA-3949 [150]  | augeas [151]                |
|                 |                             |
| DSA-3950 [152]  | libraw [153]                |
|                 |                             |
| DSA-3952 [154]  | libxml2 [155]               |
|                 |                             |
| DSA-3953 [156]  | aodh [157]                  |
|                 |                             |
| DSA-3955 [158]  | mariadb-10.1 [159]          |
|                 |                             |
| DSA-3956 [160]  | connman [161]               |
|                 |                             |
| DSA-3957 [162]  | ffmpeg [163]                |
|                 |                             |
| DSA-3958 [164]  | fontforge [165]             |
|                 |                             |
| DSA-3959 [166]  | libgcrypt20 [167]           |
|                 |                             |
| DSA-3961 [168]  | libgd2 [169]                |
|                 |                             |
| DSA-3962 [170]  | strongswan [171]            |
|                 |                             |
| DSA-3963 [172]  | mercurial [173]             |
|                 |                             |
| DSA-3964 [174]  | asterisk [175]              |
|                 |                             |
| DSA-3965 [176]  | file [177]                  |
|                 |                             |
| DSA-3966 [178]  | ruby2.3 [179]               |
|                 |                             |
| DSA-3967 [180]  | mbedtls [181]               |
|                 |                             |
| DSA-3968 [182]  | icedove [183]               |
|                 |                             |
| DSA-3969 [184]  | xen [185]                   |
|                 |                             |
| DSA-3970 [186]  | emacs24 [187]               |
|                 |                             |
| DSA-3971 [188]  | tcpdump [189]               |
|                 |                             |
| DSA-3972 [190]  | bluez [191]                 |
|                 |                             |
| DSA-3973 [192]  | wordpress-shibboleth [193]  |
|                 |                             |
| DSA-3974 [194]  | tomcat8 [195]               |
|                 |                             |
| DSA-3975 [196]  | emacs25 [197]               |
|                 |                             |
| DSA-3976 [198]  | freexl [199]                |
|                 |                             |
| DSA-3977 [200]  | newsbeuter [201]            |
|                 |                             |
| DSA-3978 [202]  | gdk-pixbuf [203]            |
|                 |                             |
| DSA-3979 [204]  | pyjwt [205]                 |
|                 |                             |
| DSA-3980 [206]  | apache2 [207]               |
|                 |                             |
| DSA-3982 [208]  | perl [209]                  |
|                 |                             |
| DSA-3984 [210]  | git [211]                   |
|                 |                             |
| DSA-3985 [212]  | chromium-browser [213]      |
|                 |                             |
| DSA-3986 [214]  | ghostscript [215]           |
|                 |                             |
| DSA-3987 [216]  | firefox-esr [217]           |
|                 |                             |
| DSA-3988 [218]  | libidn2-0 [219]             |
|                 |                             |
+-----------------+-----------------------------+

   88: https://www.debian.org/security/2017/dsa-3881
   89: https://packages.debian.org/src:firefox-esr
   90: https://www.debian.org/security/2017/dsa-3898
   91: https://packages.debian.org/src:expat
   92: https://www.debian.org/security/2017/dsa-3904
   93: https://packages.debian.org/src:bind9
   94: https://www.debian.org/security/2017/dsa-3909
   95: https://packages.debian.org/src:samba
   96: https://www.debian.org/security/2017/dsa-3913
   97: https://packages.debian.org/src:apache2
   98: https://www.debian.org/security/2017/dsa-3914
   99: https://packages.debian.org/src:imagemagick
  100: https://www.debian.org/security/2017/dsa-3915
  101: https://packages.debian.org/src:ruby-mixlib-archive
  102: https://www.debian.org/security/2017/dsa-3916
  103: https://packages.debian.org/src:atril
  104: https://www.debian.org/security/2017/dsa-3917
  105: https://packages.debian.org/src:catdoc
  106: https://www.debian.org/security/2017/dsa-3919
  107: https://packages.debian.org/src:openjdk-8
  108: https://www.debian.org/security/2017/dsa-3920
  109: https://packages.debian.org/src:qemu
  110: https://www.debian.org/security/2017/dsa-3921
  111: https://packages.debian.org/src:enigmail
  112: https://www.debian.org/security/2017/dsa-3923
  113: https://packages.debian.org/src:freerdp
  114: https://www.debian.org/security/2017/dsa-3924
  115: https://packages.debian.org/src:varnish
  116: https://www.debian.org/security/2017/dsa-3925
  117: https://packages.debian.org/src:qemu
  118: https://www.debian.org/security/2017/dsa-3926
  119: https://packages.debian.org/src:chromium-browser
  120: https://www.debian.org/security/2017/dsa-3927
  121: https://packages.debian.org/src:linux
  122: https://www.debian.org/security/2017/dsa-3928
  123: https://packages.debian.org/src:firefox-esr
  124: https://www.debian.org/security/2017/dsa-3929
  125: https://packages.debian.org/src:libsoup2.4
  126: https://www.debian.org/security/2017/dsa-3930
  127: https://packages.debian.org/src:freeradius
  128: https://www.debian.org/security/2017/dsa-3931
  129: https://packages.debian.org/src:ruby-rack-cors
  130: https://www.debian.org/security/2017/dsa-3932
  131: https://packages.debian.org/src:subversion
  132: https://www.debian.org/security/2017/dsa-3934
  133: https://packages.debian.org/src:git
  134: https://www.debian.org/security/2017/dsa-3936
  135: https://packages.debian.org/src:postgresql-9.6
  136: https://www.debian.org/security/2017/dsa-3938
  137: https://packages.debian.org/src:libgd2
  138: https://www.debian.org/security/2017/dsa-3940
  139: https://packages.debian.org/src:cvs
  140: https://www.debian.org/security/2017/dsa-3941
  141: https://packages.debian.org/src:iortcw
  142: https://www.debian.org/security/2017/dsa-3942
  143: https://packages.debian.org/src:supervisor
  144: https://www.debian.org/security/2017/dsa-3946
  145: https://packages.debian.org/src:libmspack
  146: https://www.debian.org/security/2017/dsa-3947
  147: https://packages.debian.org/src:newsbeuter
  148: https://www.debian.org/security/2017/dsa-3948
  149: https://packages.debian.org/src:ioquake3
  150: https://www.debian.org/security/2017/dsa-3949
  151: https://packages.debian.org/src:augeas
  152: https://www.debian.org/security/2017/dsa-3950
  153: https://packages.debian.org/src:libraw
  154: https://www.debian.org/security/2017/dsa-3952
  155: https://packages.debian.org/src:libxml2
  156: https://www.debian.org/security/2017/dsa-3953
  157: https://packages.debian.org/src:aodh
  158: https://www.debian.org/security/2017/dsa-3955
  159: https://packages.debian.org/src:mariadb-10.1
  160: https://www.debian.org/security/2017/dsa-3956
  161: https://packages.debian.org/src:connman
  162: https://www.debian.org/security/2017/dsa-3957
  163: https://packages.debian.org/src:ffmpeg
  164: https://www.debian.org/security/2017/dsa-3958
  165: https://packages.debian.org/src:fontforge
  166: https://www.debian.org/security/2017/dsa-3959
  167: https://packages.debian.org/src:libgcrypt20
  168: https://www.debian.org/security/2017/dsa-3961
  169: https://packages.debian.org/src:libgd2
  170: https://www.debian.org/security/2017/dsa-3962
  171: https://packages.debian.org/src:strongswan
  172: https://www.debian.org/security/2017/dsa-3963
  173: https://packages.debian.org/src:mercurial
  174: https://www.debian.org/security/2017/dsa-3964
  175: https://packages.debian.org/src:asterisk
  176: https://www.debian.org/security/2017/dsa-3965
  177: https://packages.debian.org/src:file
  178: https://www.debian.org/security/2017/dsa-3966
  179: https://packages.debian.org/src:ruby2.3
  180: https://www.debian.org/security/2017/dsa-3967
  181: https://packages.debian.org/src:mbedtls
  182: https://www.debian.org/security/2017/dsa-3968
  183: https://packages.debian.org/src:icedove
  184: https://www.debian.org/security/2017/dsa-3969
  185: https://packages.debian.org/src:xen
  186: https://www.debian.org/security/2017/dsa-3970
  187: https://packages.debian.org/src:emacs24
  188: https://www.debian.org/security/2017/dsa-3971
  189: https://packages.debian.org/src:tcpdump
  190: https://www.debian.org/security/2017/dsa-3972
  191: https://packages.debian.org/src:bluez
  192: https://www.debian.org/security/2017/dsa-3973
  193: https://packages.debian.org/src:wordpress-shibboleth
  194: https://www.debian.org/security/2017/dsa-3974
  195: https://packages.debian.org/src:tomcat8
  196: https://www.debian.org/security/2017/dsa-3975
  197: https://packages.debian.org/src:emacs25
  198: https://www.debian.org/security/2017/dsa-3976
  199: https://packages.debian.org/src:freexl
  200: https://www.debian.org/security/2017/dsa-3977
  201: https://packages.debian.org/src:newsbeuter
  202: https://www.debian.org/security/2017/dsa-3978
  203: https://packages.debian.org/src:gdk-pixbuf
  204: https://www.debian.org/security/2017/dsa-3979
  205: https://packages.debian.org/src:pyjwt
  206: https://www.debian.org/security/2017/dsa-3980
  207: https://packages.debian.org/src:apache2
  208: https://www.debian.org/security/2017/dsa-3982
  209: https://packages.debian.org/src:perl
  210: https://www.debian.org/security/2017/dsa-3984
  211: https://packages.debian.org/src:git
  212: https://www.debian.org/security/2017/dsa-3985
  213: https://packages.debian.org/src:chromium-browser
  214: https://www.debian.org/security/2017/dsa-3986
  215: https://packages.debian.org/src:ghostscript
  216: https://www.debian.org/security/2017/dsa-3987
  217: https://packages.debian.org/src:firefox-esr
  218: https://www.debian.org/security/2017/dsa-3988
  219: https://packages.debian.org/src:libidn2-0

Removed packages
----------------

The following packages were removed due to circumstances beyond our
control:

+----------------+------------------------------------------+
| Package        | Reason                                   |
+----------------+------------------------------------------+
| clapack [220]  | Outdated and unmaintained fork of lapack |
|                |                                          |
+----------------+------------------------------------------+

  220: https://packages.debian.org/src:clapack

Debian Installer
----------------

The installer has been updated to include the fixes incorporated into
stable by the point release.


URLs
----

The complete lists of packages that have changed with this revision:

http://ftp.debian.org/debian/dists/stretch/ChangeLog


The current stable distribution:

http://ftp.debian.org/debian/dists/stable/


Proposed updates to the stable distribution:

http://ftp.debian.org/debian/dists/proposed-updates


stable distribution information (release notes, errata etc.):

https://www.debian.org/releases/stable/


Security announcements and information:

https://security.debian.org/ [221]

  221: https://www.debian.org/security/


About Debian
------------

The Debian Project is an association of Free Software developers who
volunteer their time and effort in order to produce the completely free
operating system Debian.


Contact Information
-------------------

For further information, please visit the Debian web pages at
https://www.debian.org/, send mail to <press@debian.org>, or contact the
stable release team at <debian-release@lists.debian.org>.



Attachment: signature.asc
Description: PGP signature


Reply to: