------------------------------------------------------------------------ The Debian Project https://www.debian.org/ Updated Debian 9: 9.10 released press@debian.org September 7th, 2019 https://www.debian.org/News/2019/2019090702 ------------------------------------------------------------------------ The Debian project is pleased to announce the tenth update of its oldstable distribution Debian 9 (codename "stretch"). This point release mainly adds corrections for security issues, along with a few adjustments for serious problems. Security advisories have already been published separately and are referenced where available. Please note that the point release does not constitute a new version of Debian 9 but only updates some of the packages included. There is no need to throw away old "stretch" media. After installation, packages can be upgraded to the current versions using an up-to-date Debian mirror. Those who frequently install updates from security.debian.org won't have to update many packages, and most such updates are included in the point release. New installation images will be available soon at the regular locations. Upgrading an existing installation to this revision can be achieved by pointing the package management system at one of Debian's many HTTP mirrors. A comprehensive list of mirrors is available at: https://www.debian.org/mirror/list Miscellaneous Bugfixes ---------------------- This oldstable update adds a few important corrections to the following packages: +-------------------------+-------------------------------------------+ | Package | Reason | +-------------------------+-------------------------------------------+ | base-files [1] | Update for the point release; add | | | VERSION_CODENAME to os-release | | | | | basez [2] | Properly decode base64url encoded strings | | | | | biomaj-watcher [3] | Fix upgrades from jessie to stretch | | | | | c-icap-modules [4] | Add support for clamav 0.101.1 | | | | | chaosreader [5] | Add missing dependency on libnet-dns-perl | | | | | clamav [6] | New upstream stable release: add scan | | | time limit to mitigate against zip-bombs | | | [CVE-2019-12625]; fix out-of-bounds write | | | within the NSIS bzip2 library [CVE-2019- | | | 12900] | | | | | corekeeper [7] | Do not use a world-writable /var/crash | | | with the dumper script; handle older | | | versions of the Linux kernel in a safer | | | way; do not truncate core names for | | | executables with spaces | | | | | cups [8] | Fix multiple security/disclosure issues - | | | SNMP buffer overflows [CVE-2019-8696 | | | CVE-2019-8675], IPP buffer overflow, | | | Denial of Service and memory disclosure | | | issues in the scheduler | | | | | dansguardian [9] | Add support for clamav 0.101 | | | | | dar [10] | Rebuild to update "built-using" | | | packages | | | | | debian-archive- | Add buster keys; remove wheezy keys | | keyring [11] | | | | | | fence-agents [12] | Fix denial of service issue [CVE-2019- | | | 10153] | | | | | fig2dev [13] | Do not segfault on circle/half circle | | | arrowheads with a magnification larger | | | than 42 [CVE-2019-14275] | | | | | fribidi [14] | Fix right-to-left output in debian- | | | installer text mode | | | | | fusiondirectory [15] | Stricter checks on LDAP lookups; add | | | missing dependency on php-xml | | | | | gettext [16] | Stop xgettext() from crashing when run | | | with --its=FILE option | | | | | glib2.0 [17] | Create directory and file with | | | restrictive permissions when using the | | | GKeyfileSettingsBackend [CVE-2019-13012]; | | | avoid buffer read overrun when formatting | | | error messages for invalid UTF-8 in | | | GMarkup [CVE-2018-16429]; avoid NULL | | | dereference when parsing invalid GMarkup | | | with a malformed closing tag not paired | | | with an opening tag [CVE-2018-16429] | | | | | gocode [18] | gocode-auto-complete-el: Make pre- | | | dependency on auto-complete-el versioned | | | to fix upgrades from jessie to stretch | | | | | groonga [19] | Mitigate privilege escalation by changing | | | the owner and group of logs with "su" | | | option | | | | | grub2 [20] | Fixes for Xen UEFI support | | | | | gsoap [21] | Fix denial of service issue if a server | | | application is built with the - | | | DWITH_COOKIES flag [CVE-2019-7659]; fix | | | issue with DIME protocol receiver and | | | malformed DIME headers | | | | | gthumb [22] | Fix double-free bug [CVE-2018-18718] | | | | | havp [23] | Add support for clamav 0.101.1 | | | | | icu [24] | Fix segfault in pkgdata command | | | | | koji [25] | Fix SQL injection issue [CVE-2018- | | | 1002161]; properly validate SCM paths | | | [CVE-2017-1002153] | | | | | lemonldap-ng [26] | Fix cross-domain authentication | | | regression; fix XML external entity | | | vulnerability | | | | | libcaca [27] | Fix integer overflow issues [CVE-2018- | | | 20545 CVE-2018-20546 CVE-2018-20547 | | | CVE-2018-20548 CVE-2018-20549] | | | | | libclamunrar [28] | New upstream stable release | | | | | libconvert-units- | No-change rebuild with fixed version | | perl [29] | number | | | | | libdatetime-timezone- | Update included data | | perl [30] | | | | | | libebml [31] | Apply upstream fixes for heap-based | | | buffer over-reads | | | | | libevent-rpc-perl [32] | Fix build failure due to expired test SSL | | | certificates | | | | | libgd2 [33] | Fix uninitialized read in | | | gdImageCreateFromXbm [CVE-2019-11038] | | | | | libgovirt [34] | Re-generate test certificates with | | | expiration date far in the future to | | | avoid test failures | | | | | librecad [35] | Fix denial of service via crafted file | | | [CVE-2018-19105] | | | | | libsdl2-image [36] | Fix multiple security issues | | | | | libthrift-java [37] | Fix bypass of SASL negotiation [CVE-2018- | | | 1320] | | | | | libtk-img [38] | Stop using internal copies of JPEG, Zlib | | | and PixarLog codecs, fixing crashes | | | | | libu2f-host [39] | Fix stack memory leak [CVE-2019-9578] | | | | | libxslt [40] | Fix security framework bypass [CVE-2019- | | | 11068]; fix uninitialized read of | | | xsl:number token [CVE-2019-13117]; fix | | | uninitialized read with UTF-8 grouping | | | chars [CVE-2019-13118] | | | | | linux [41] | New upstream version with ABI bump; | | | security fixes [CVE-2015-8553 CVE-2017- | | | 5967 CVE-2018-20509 CVE-2018-20510 | | | CVE-2018-20836 CVE-2018-5995 CVE-2019- | | | 11487 CVE-2019-3882] | | | | | linux-latest [42] | Update for 4.9.0-11 kernel ABI | | | | | liquidsoap [43] | Fix compilation with Ocaml 4.02 | | | | | llvm-toolchain-7 [44] | New package to support building new | | | Firefox versions | | | | | mariadb-10.1 [45] | New upstream stable release; security | | | fixes [CVE-2019-2737 CVE-2019-2739 | | | CVE-2019-2740 CVE-2019-2805 CVE-2019-2627 | | | CVE-2019-2614] | | | | | minissdpd [46] | Prevent a use-after-free vulnerability | | | that would allow a remote attacker to | | | crash the process [CVE-2019-12106] | | | | | miniupnpd [47] | Fix denial of service issues [CVE-2019- | | | 12108 CVE-2019-12109 CVE-2019-12110]; fix | | | information leak [CVE-2019-12107] | | | | | mitmproxy [48] | Blacklist tests that require Internet | | | access; prevent insertion of unwanted | | | upper-bound versioned dependencies | | | | | monkeysphere [49] | Fix build failure by updating the tests | | | to accommodate an updated GnuPG in | | | stretch now producing a different output | | | | | nasm-mozilla [50] | New package to support building new | | | Firefox versions | | | | | ncbi-tools6 [51] | Repackage without non-free data/UniVec.* | | | | | node-growl [52] | Sanitize input before passing it to exec | | | | | node-ws [53] | Restrict upload size [CVE-2016-10542] | | | | | open-vm-tools [54] | Fix possible security issue with the | | | permissions of the intermediate staging | | | directory and path | | | | | openldap [55] | Restrict rootDN proxyauthz to its own | | | databases [CVE-2019-13057]; enforce | | | sasl_ssf ACL statement on every | | | connection [CVE-2019-13565]; fix slapo- | | | rwm to not free original filter when | | | rewritten filter is invalid | | | | | openssh [56] | Fix deadlock in key matching | | | | | passwordsafe [57] | Don't install localization files under an | | | extra subdirectory | | | | | pound [58] | Fix request smuggling via crafted headers | | | [CVE-2016-10711] | | | | | prelink [59] | Rebuild to update "built-using" | | | packages | | | | | python-clamav [60] | Add support for clamav 0.101.1 | | | | | reportbug [61] | Update release names, following buster | | | release | | | | | resiprocate [62] | Resolve an installation issue with | | | libssl-dev and --install-recommends | | | | | sash [63] | Rebuild to update "built-using" | | | packages | | | | | sdl-image1.2 [64] | Fix buffer overflows [CVE-2018-3977 | | | CVE-2019-5058 CVE-2019-5052], out-of- | | | bounds access [CVE-2019-12216 CVE-2019- | | | 12217 CVE-2019-12218 CVE-2019-12219 | | | CVE-2019-12220 CVE-2019-12221 CVE-2019- | | | 12222 CVE-2019-5051] | | | | | signing-party [65] | Fix unsafe shell call enabling shell | | | injection via a User ID [CVE-2019-11627] | | | | | slurm-llnl [66] | Fix potential heap overflow on 32-bit | | | systems [CVE-2019-6438] | | | | | sox [67] | Fix several security issues [CVE-2019- | | | 8354 CVE-2019-8355 CVE-2019-8356 | | | CVE-2019-8357 927906 CVE-2019-1010004 | | | CVE-2017-18189 881121 CVE-2017-15642 | | | 882144 CVE-2017-15372 878808 CVE-2017- | | | 15371 878809 CVE-2017-15370 878810 | | | CVE-2017-11359 CVE-2017-11358 CVE-2017- | | | 11332 | | | | | systemd [68] | Do not stop ndisc client in case of | | | configuration error | | | | | t-digest [69] | No-change rebuild to avoid re-use of pre- | | | epoch version 3.0-1 | | | | | tenshi [70] | Fix PID file issue that allows local | | | users to kill arbitrary processes | | | [CVE-2017-11746] | | | | | tzdata [71] | New upstream release | | | | | unzip [72] | Fix incorrect parsing of 64-bit values in | | | fileio.c; fix zip-bomb issues [CVE-2019- | | | 13232] | | | | | usbutils [73] | Update USB ID list | | | | | xymon [74] | Fix several (server only) security issues | | | [CVE-2019-13273 CVE-2019-13274 CVE-2019- | | | 13451 CVE-2019-13452 CVE-2019-13455 | | | CVE-2019-13484 CVE-2019-13485 CVE-2019- | | | 13486] | | | | | yubico-piv-tool [75] | Fix security issues [CVE-2018-14779 | | | CVE-2018-14780] | | | | | z3 [76] | Do not set the SONAME of libz3java.so to | | | libz3.so.4 | | | | | zfs-auto-snapshot [77] | Make cron jobs exit silently after | | | package removal | | | | | zsh [78] | Rebuild to update "built-using" | | | packages | | | | +-------------------------+-------------------------------------------+ 1: https://packages.debian.org/src:base-files 2: https://packages.debian.org/src:basez 3: https://packages.debian.org/src:biomaj-watcher 4: https://packages.debian.org/src:c-icap-modules 5: https://packages.debian.org/src:chaosreader 6: https://packages.debian.org/src:clamav 7: https://packages.debian.org/src:corekeeper 8: https://packages.debian.org/src:cups 9: https://packages.debian.org/src:dansguardian 10: https://packages.debian.org/src:dar 11: https://packages.debian.org/src:debian-archive-keyring 12: https://packages.debian.org/src:fence-agents 13: https://packages.debian.org/src:fig2dev 14: https://packages.debian.org/src:fribidi 15: https://packages.debian.org/src:fusiondirectory 16: https://packages.debian.org/src:gettext 17: https://packages.debian.org/src:glib2.0 18: https://packages.debian.org/src:gocode 19: https://packages.debian.org/src:groonga 20: https://packages.debian.org/src:grub2 21: https://packages.debian.org/src:gsoap 22: https://packages.debian.org/src:gthumb 23: https://packages.debian.org/src:havp 24: https://packages.debian.org/src:icu 25: https://packages.debian.org/src:koji 26: https://packages.debian.org/src:lemonldap-ng 27: https://packages.debian.org/src:libcaca 28: https://packages.debian.org/src:libclamunrar 29: https://packages.debian.org/src:libconvert-units-perl 30: https://packages.debian.org/src:libdatetime-timezone-perl 31: https://packages.debian.org/src:libebml 32: https://packages.debian.org/src:libevent-rpc-perl 33: https://packages.debian.org/src:libgd2 34: https://packages.debian.org/src:libgovirt 35: https://packages.debian.org/src:librecad 36: https://packages.debian.org/src:libsdl2-image 37: https://packages.debian.org/src:libthrift-java 38: https://packages.debian.org/src:libtk-img 39: https://packages.debian.org/src:libu2f-host 40: https://packages.debian.org/src:libxslt 41: https://packages.debian.org/src:linux 42: https://packages.debian.org/src:linux-latest 43: https://packages.debian.org/src:liquidsoap 44: https://packages.debian.org/src:llvm-toolchain-7 45: https://packages.debian.org/src:mariadb-10.1 46: https://packages.debian.org/src:minissdpd 47: https://packages.debian.org/src:miniupnpd 48: https://packages.debian.org/src:mitmproxy 49: https://packages.debian.org/src:monkeysphere 50: https://packages.debian.org/src:nasm-mozilla 51: https://packages.debian.org/src:ncbi-tools6 52: https://packages.debian.org/src:node-growl 53: https://packages.debian.org/src:node-ws 54: https://packages.debian.org/src:open-vm-tools 55: https://packages.debian.org/src:openldap 56: https://packages.debian.org/src:openssh 57: https://packages.debian.org/src:passwordsafe 58: https://packages.debian.org/src:pound 59: https://packages.debian.org/src:prelink 60: https://packages.debian.org/src:python-clamav 61: https://packages.debian.org/src:reportbug 62: https://packages.debian.org/src:resiprocate 63: https://packages.debian.org/src:sash 64: https://packages.debian.org/src:sdl-image1.2 65: https://packages.debian.org/src:signing-party 66: https://packages.debian.org/src:slurm-llnl 67: https://packages.debian.org/src:sox 68: https://packages.debian.org/src:systemd 69: https://packages.debian.org/src:t-digest 70: https://packages.debian.org/src:tenshi 71: https://packages.debian.org/src:tzdata 72: https://packages.debian.org/src:unzip 73: https://packages.debian.org/src:usbutils 74: https://packages.debian.org/src:xymon 75: https://packages.debian.org/src:yubico-piv-tool 76: https://packages.debian.org/src:z3 77: https://packages.debian.org/src:zfs-auto-snapshot 78: https://packages.debian.org/src:zsh Security Updates ---------------- This revision adds the following security updates to the oldstable release. The Security Team has already released an advisory for each of these updates: +----------------+--------------------------+ | Advisory ID | Package | +----------------+--------------------------+ | DSA-4435 [79] | libpng1.6 [80] | | | | | DSA-4436 [81] | imagemagick [82] | | | | | DSA-4437 [83] | gst-plugins-base1.0 [84] | | | | | DSA-4438 [85] | atftp [86] | | | | | DSA-4439 [87] | postgresql-9.6 [88] | | | | | DSA-4440 [89] | bind9 [90] | | | | | DSA-4441 [91] | symfony [92] | | | | | DSA-4442 [93] | cups-filters [94] | | | | | DSA-4442 [95] | ghostscript [96] | | | | | DSA-4443 [97] | samba [98] | | | | | DSA-4444 [99] | linux [100] | | | | | DSA-4445 [101] | drupal7 [102] | | | | | DSA-4446 [103] | lemonldap-ng [104] | | | | | DSA-4447 [105] | intel-microcode [106] | | | | | DSA-4448 [107] | firefox-esr [108] | | | | | DSA-4449 [109] | ffmpeg [110] | | | | | DSA-4450 [111] | wpa [112] | | | | | DSA-4451 [113] | thunderbird [114] | | | | | DSA-4452 [115] | jackson-databind [116] | | | | | DSA-4453 [117] | openjdk-8 [118] | | | | | DSA-4454 [119] | qemu [120] | | | | | DSA-4455 [121] | heimdal [122] | | | | | DSA-4456 [123] | exim4 [124] | | | | | DSA-4457 [125] | evolution [126] | | | | | DSA-4458 [127] | cyrus-imapd [128] | | | | | DSA-4459 [129] | vlc [130] | | | | | DSA-4460 [131] | mediawiki [132] | | | | | DSA-4461 [133] | zookeeper [134] | | | | | DSA-4462 [135] | dbus [136] | | | | | DSA-4463 [137] | znc [138] | | | | | DSA-4464 [139] | thunderbird [140] | | | | | DSA-4465 [141] | linux [142] | | | | | DSA-4466 [143] | firefox-esr [144] | | | | | DSA-4467 [145] | vim [146] | | | | | DSA-4468 [147] | php-horde-form [148] | | | | | DSA-4469 [149] | libvirt [150] | | | | | DSA-4470 [151] | pdns [152] | | | | | DSA-4471 [153] | thunderbird [154] | | | | | DSA-4472 [155] | expat [156] | | | | | DSA-4473 [157] | rdesktop [158] | | | | | DSA-4475 [159] | openssl [160] | | | | | DSA-4475 [161] | openssl1.0 [162] | | | | | DSA-4476 [163] | python-django [164] | | | | | DSA-4477 [165] | zeromq3 [166] | | | | | DSA-4478 [167] | dosbox [168] | | | | | DSA-4480 [169] | redis [170] | | | | | DSA-4481 [171] | ruby-mini-magick [172] | | | | | DSA-4482 [173] | thunderbird [174] | | | | | DSA-4483 [175] | libreoffice [176] | | | | | DSA-4485 [177] | openjdk-8 [178] | | | | | DSA-4487 [179] | neovim [180] | | | | | DSA-4488 [181] | exim4 [182] | | | | | DSA-4489 [183] | patch [184] | | | | | DSA-4490 [185] | subversion [186] | | | | | DSA-4491 [187] | proftpd-dfsg [188] | | | | | DSA-4492 [189] | postgresql-9.6 [190] | | | | | DSA-4494 [191] | kconfig [192] | | | | | DSA-4498 [193] | python-django [194] | | | | | DSA-4499 [195] | ghostscript [196] | | | | | DSA-4501 [197] | libreoffice [198] | | | | | DSA-4504 [199] | vlc [200] | | | | | DSA-4505 [201] | nginx [202] | | | | | DSA-4506 [203] | qemu [204] | | | | | DSA-4509 [205] | apache2 [206] | | | | | DSA-4510 [207] | dovecot [208] | | | | +----------------+--------------------------+ 79: https://www.debian.org/security/2019/dsa-4435 80: https://packages.debian.org/src:libpng1.6 81: https://www.debian.org/security/2019/dsa-4436 82: https://packages.debian.org/src:imagemagick 83: https://www.debian.org/security/2019/dsa-4437 84: https://packages.debian.org/src:gst-plugins-base1.0 85: https://www.debian.org/security/2019/dsa-4438 86: https://packages.debian.org/src:atftp 87: https://www.debian.org/security/2019/dsa-4439 88: https://packages.debian.org/src:postgresql-9.6 89: https://www.debian.org/security/2019/dsa-4440 90: https://packages.debian.org/src:bind9 91: https://www.debian.org/security/2019/dsa-4441 92: https://packages.debian.org/src:symfony 93: https://www.debian.org/security/2019/dsa-4442 94: https://packages.debian.org/src:cups-filters 95: https://www.debian.org/security/2019/dsa-4442 96: https://packages.debian.org/src:ghostscript 97: https://www.debian.org/security/2019/dsa-4443 98: https://packages.debian.org/src:samba 99: https://www.debian.org/security/2019/dsa-4444 100: https://packages.debian.org/src:linux 101: https://www.debian.org/security/2019/dsa-4445 102: https://packages.debian.org/src:drupal7 103: https://www.debian.org/security/2019/dsa-4446 104: https://packages.debian.org/src:lemonldap-ng 105: https://www.debian.org/security/2019/dsa-4447 106: https://packages.debian.org/src:intel-microcode 107: https://www.debian.org/security/2019/dsa-4448 108: https://packages.debian.org/src:firefox-esr 109: https://www.debian.org/security/2019/dsa-4449 110: https://packages.debian.org/src:ffmpeg 111: https://www.debian.org/security/2019/dsa-4450 112: https://packages.debian.org/src:wpa 113: https://www.debian.org/security/2019/dsa-4451 114: https://packages.debian.org/src:thunderbird 115: https://www.debian.org/security/2019/dsa-4452 116: https://packages.debian.org/src:jackson-databind 117: https://www.debian.org/security/2019/dsa-4453 118: https://packages.debian.org/src:openjdk-8 119: https://www.debian.org/security/2019/dsa-4454 120: https://packages.debian.org/src:qemu 121: https://www.debian.org/security/2019/dsa-4455 122: https://packages.debian.org/src:heimdal 123: https://www.debian.org/security/2019/dsa-4456 124: https://packages.debian.org/src:exim4 125: https://www.debian.org/security/2019/dsa-4457 126: https://packages.debian.org/src:evolution 127: https://www.debian.org/security/2019/dsa-4458 128: https://packages.debian.org/src:cyrus-imapd 129: https://www.debian.org/security/2019/dsa-4459 130: https://packages.debian.org/src:vlc 131: https://www.debian.org/security/2019/dsa-4460 132: https://packages.debian.org/src:mediawiki 133: https://www.debian.org/security/2019/dsa-4461 134: https://packages.debian.org/src:zookeeper 135: https://www.debian.org/security/2019/dsa-4462 136: https://packages.debian.org/src:dbus 137: https://www.debian.org/security/2019/dsa-4463 138: https://packages.debian.org/src:znc 139: https://www.debian.org/security/2019/dsa-4464 140: https://packages.debian.org/src:thunderbird 141: https://www.debian.org/security/2019/dsa-4465 142: https://packages.debian.org/src:linux 143: https://www.debian.org/security/2019/dsa-4466 144: https://packages.debian.org/src:firefox-esr 145: https://www.debian.org/security/2019/dsa-4467 146: https://packages.debian.org/src:vim 147: https://www.debian.org/security/2019/dsa-4468 148: https://packages.debian.org/src:php-horde-form 149: https://www.debian.org/security/2019/dsa-4469 150: https://packages.debian.org/src:libvirt 151: https://www.debian.org/security/2019/dsa-4470 152: https://packages.debian.org/src:pdns 153: https://www.debian.org/security/2019/dsa-4471 154: https://packages.debian.org/src:thunderbird 155: https://www.debian.org/security/2019/dsa-4472 156: https://packages.debian.org/src:expat 157: https://www.debian.org/security/2019/dsa-4473 158: https://packages.debian.org/src:rdesktop 159: https://www.debian.org/security/2019/dsa-4475 160: https://packages.debian.org/src:openssl 161: https://www.debian.org/security/2019/dsa-4475 162: https://packages.debian.org/src:openssl1.0 163: https://www.debian.org/security/2019/dsa-4476 164: https://packages.debian.org/src:python-django 165: https://www.debian.org/security/2019/dsa-4477 166: https://packages.debian.org/src:zeromq3 167: https://www.debian.org/security/2019/dsa-4478 168: https://packages.debian.org/src:dosbox 169: https://www.debian.org/security/2019/dsa-4480 170: https://packages.debian.org/src:redis 171: https://www.debian.org/security/2019/dsa-4481 172: https://packages.debian.org/src:ruby-mini-magick 173: https://www.debian.org/security/2019/dsa-4482 174: https://packages.debian.org/src:thunderbird 175: https://www.debian.org/security/2019/dsa-4483 176: https://packages.debian.org/src:libreoffice 177: https://www.debian.org/security/2019/dsa-4485 178: https://packages.debian.org/src:openjdk-8 179: https://www.debian.org/security/2019/dsa-4487 180: https://packages.debian.org/src:neovim 181: https://www.debian.org/security/2019/dsa-4488 182: https://packages.debian.org/src:exim4 183: https://www.debian.org/security/2019/dsa-4489 184: https://packages.debian.org/src:patch 185: https://www.debian.org/security/2019/dsa-4490 186: https://packages.debian.org/src:subversion 187: https://www.debian.org/security/2019/dsa-4491 188: https://packages.debian.org/src:proftpd-dfsg 189: https://www.debian.org/security/2019/dsa-4492 190: https://packages.debian.org/src:postgresql-9.6 191: https://www.debian.org/security/2019/dsa-4494 192: https://packages.debian.org/src:kconfig 193: https://www.debian.org/security/2019/dsa-4498 194: https://packages.debian.org/src:python-django 195: https://www.debian.org/security/2019/dsa-4499 196: https://packages.debian.org/src:ghostscript 197: https://www.debian.org/security/2019/dsa-4501 198: https://packages.debian.org/src:libreoffice 199: https://www.debian.org/security/2019/dsa-4504 200: https://packages.debian.org/src:vlc 201: https://www.debian.org/security/2019/dsa-4505 202: https://packages.debian.org/src:nginx 203: https://www.debian.org/security/2019/dsa-4506 204: https://packages.debian.org/src:qemu 205: https://www.debian.org/security/2019/dsa-4509 206: https://packages.debian.org/src:apache2 207: https://www.debian.org/security/2019/dsa-4510 208: https://packages.debian.org/src:dovecot Removed packages ---------------- The following packages were removed due to circumstances beyond our control: +-----------------+----------------------------------------------------+ | Package | Reason | +-----------------+----------------------------------------------------+ | pump [209] | Unmaintained; security issues | | | | | teeworlds [210] | Security issues; incompatible with current servers | | | | +-----------------+----------------------------------------------------+ 209: https://packages.debian.org/src:pump 210: https://packages.debian.org/src:teeworlds Debian Installer ---------------- The installer has been updated to include the fixes incorporated into oldstable by the point release. URLs ---- The complete lists of packages that have changed with this revision: http://ftp.debian.org/debian/dists/stretch/ChangeLog The current oldstable distribution: http://ftp.debian.org/debian/dists/oldstable/ Proposed updates to the oldstable distribution: http://ftp.debian.org/debian/dists/oldstable-proposed-updates oldstable distribution information (release notes, errata etc.): https://www.debian.org/releases/oldstable/ Security announcements and information: https://www.debian.org/security/ About Debian ------------ The Debian Project is an association of Free Software developers who volunteer their time and effort in order to produce the completely free operating system Debian. Contact Information ------------------- For further information, please visit the Debian web pages at https://www.debian.org/, send mail to <press@debian.org>, or contact the stable release team at <debian-release@lists.debian.org>.
Attachment:
signature.asc
Description: OpenPGP digital signature