------------------------------------------------------------------------ The Debian Project https://www.debian.org/ Updated Debian 9: 9.12 released press@debian.org February 8th, 2020 https://www.debian.org/News/2020/2020020802 ------------------------------------------------------------------------ The Debian project is pleased to announce the twelth update of its oldstable distribution Debian 9 (codename "stretch"). This point release mainly adds corrections for security issues, along with a few adjustments for serious problems. Security advisories have already been published separately and are referenced where available. Please note that the point release does not constitute a new version of Debian 9 but only updates some of the packages included. There is no need to throw away old "stretch" media. After installation, packages can be upgraded to the current versions using an up-to-date Debian mirror. Those who frequently install updates from security.debian.org won't have to update many packages, and most such updates are included in the point release. New installation images will be available soon at the regular locations. Upgrading an existing installation to this revision can be achieved by pointing the package management system at one of Debian's many HTTP mirrors. A comprehensive list of mirrors is available at: https://www.debian.org/mirror/list Miscellaneous Bugfixes ---------------------- This oldstable update adds a few important corrections to the following packages: +----------------------------+----------------------------------------+ | Package | Reason | +----------------------------+----------------------------------------+ | base-files�[1] | Update for the point release | | | | | cargo�[2] | New upstream version, to support | | | Firefox ESR backports; fix bootstrap | | | for armhf | | | | | clamav�[3] | New upstream release; fix denial of | | | service issue [CVE-2019-15961]; remove | | | ScanOnAccess option, replacing with | | | clamonacc | | | | | cups�[4] | Fix validation of default language in | | | ippSetValuetag [CVE-2019-2228] | | | | | debian-installer�[5] | Rebuild against oldstable-proposed- | | | updates; set gfxpayload=keep in | | | submenus too, to fix unreadable fonts | | | on hidpi displays in netboot images | | | booted with EFI; update USE_UDEBS_FROM | | | default from unstable to stretch, to | | | help users performing local builds | | | | | debian-installer-netboot- | Rebuild against stretch-proposed- | | images�[6] | updates | | | | | debian-security- | Update security support status of | | support�[7] | several packages | | | | | dehydrated�[8] | New upstream release; use ACMEv2 API | | | by default | | | | | dispmua�[9] | New upstream release compatible with | | | Thunderbird 68 | | | | | dpdk�[10] | New upstream stable release; fix vhost | | | regression introduced by the fix for | | | CVE-2019-14818 | | | | | fence-agents�[11] | Fix incomplete removal of fence_amt_ws | | | | | fig2dev�[12] | Allow Fig v2 text strings ending with | | | multiple ^A [CVE-2019-19555] | | | | | flightcrew�[13] | Security fixes [CVE-2019-13032 | | | CVE-2019-13241] | | | | | freetype�[14] | Correctly handle deltas in TrueType GX | | | fonts, fixing rendering of variable | | | hinted fonts in Chromium and Firefox | | | | | glib2.0�[15] | Ensure libdbus clients can | | | authenticate with a GDBusServer like | | | the one in ibus | | | | | gnustep-base�[16] | Fix UDP amplification vulnerability | | | | | italc�[17] | Security fixes [CVE-2018-15126 | | | CVE-2018-15127 CVE-2018-20019 | | | CVE-2018-20020 CVE-2018-20021 | | | CVE-2018-20022 CVE-2018-20023 | | | CVE-2018-20024 CVE-2018-20748 | | | CVE-2018-20749 CVE-2018-20750 | | | CVE-2018-6307 CVE-2018-7225 CVE-2019- | | | 15681] | | | | | libdate-holidays-de- | Mark International Childrens Day (Sep | | perl�[18] | 20th) as a holiday in Thuringia from | | | 2019 onwards | | | | | libdatetime-timezone- | Update included data | | perl�[19] | | | | | | libidn�[20] | Fix denial of service vulnerability in | | | Punycode handling [CVE-2017-14062] | | | | | libjaxen-java�[21] | Fix build failure by allowing test | | | failures | | | | | libofx�[22] | Fix NULL pointer dereference issue | | | [CVE-2019-9656] | | | | | libole-storage-lite- | Fix interpretation of years from 2020 | | perl�[23] | onwards | | | | | libparse-win32registry- | Fix interpretation of years from 2020 | | perl�[24] | onwards | | | | | libperl4-corelibs- | Fix interpretation of years from 2020 | | perl�[25] | onwards | | | | | libpst�[26] | Fix detection of get_current_dir_name | | | and return truncation | | | | | libsixel�[27] | Fix several security issues [CVE-2018- | | | 19756 CVE-2018-19757 CVE-2018-19759 | | | CVE-2018-19761 CVE-2018-19762 | | | CVE-2018-19763 CVE-2019-3573 CVE-2019- | | | 3574] | | | | | libsolv�[28] | Fix heap buffer overflow [CVE-2019- | | | 20387] | | | | | libtest-mocktime-perl�[29] | Fix interpretation of years from 2020 | | | onwards | | | | | libtimedate-perl�[30] | Fix interpretation of years from 2020 | | | onwards | | | | | libvncserver�[31] | RFBserver: don't leak stack memory to | | | the remote [CVE-2019-15681]; resolve a | | | freeze during connection closure and a | | | segmentation fault on multi-threaded | | | VNC servers; fix issue connecting to | | | VMWare servers; fix crashing of x11vnc | | | when vncviewer connects | | | | | libxslt�[32] | Fix dangling pointer in xsltCopyText | | | [CVE-2019-18197] | | | | | limnoria�[33] | Fix remote information disclosure and | | | possibly remote code execution in the | | | Math plugin [CVE-2019-19010] | | | | | linux�[34] | New upstream stable release | | | | | linux-latest�[35] | Update for Linux kernel ABI 4.9.0-12 | | | | | llvm-toolchain-7�[36] | Disable the gold linker from s390x; | | | bootstrap with -fno-addrsig, stretch's | | | binutils doesn't work with it on | | | mips64el | | | | | mariadb-10.1�[37] | New upstream stable release [CVE-2019- | | | 2974 CVE-2020-2574] | | | | | monit�[38] | Implement position independent CSRF | | | cookie value | | | | | node-fstream�[39] | Clobber a Link if it's in the way of a | | | File [CVE-2019-13173] | | | | | node-mixin-deep�[40] | Fix prototype polution [CVE-2018-3719 | | | CVE-2019-10746] | | | | | nodejs-mozilla�[41] | New package to support Firefox ESR | | | backports | | | | | nvidia-graphics-drivers- | New upstream stable release | | legacy-340xx�[42] | | | | | | nyancat�[43] | Rebuild in a clean environment to add | | | the systemd unit for nyancat-server | | | | | openjpeg2�[44] | Fix heap overflow [CVE-2018-21010], | | | integer overflow [CVE-2018-20847] and | | | division by zero [CVE-2016-9112] | | | | | perl�[45] | Fix interpretation of years from 2020 | | | onwards | | | | | php-horde�[46] | Fix stored cross-site scripting issue | | | in Horde Cloud Block [CVE-2019-12095] | | | | | postfix�[47] | New upstream stable release; work | | | around poor TCP loopback performance | | | | | postgresql-9.6�[48] | New upstream release | | | | | proftpd-dfsg�[49] | Fix NULL pointer dereference in CRL | | | checks [CVE-2019-19269] | | | | | pykaraoke�[50] | Fix path to fonts | | | | | python-acme�[51] | Switch to POST-as-GET protocol | | | | | python-cryptography�[52] | Fix test suite failures when built | | | against newer OpenSSL versions | | | | | python-flask-rdf�[53] | Fix missing dependencies in python3- | | | flask-rdf | | | | | python-pgmagick�[54] | Handle version detection of | | | graphicsmagick security updates that | | | identify themselves as version 1.4 | | | | | python-werkzeug�[55] | Ensure Docker containers have unique | | | debugger PINs [CVE-2019-14806] | | | | | ros-ros-comm�[56] | Fix buffer overflow issue [CVE-2019- | | | 13566]; fix integer overflow | | | [CVE-2019-13445] | | | | | ruby-encryptor�[57] | Ignore test failures, fixing build | | | failures | | | | | rust-cbindgen�[58] | New package to support Firefox ESR | | | backports | | | | | rustc�[59] | New upstream version, to support | | | Firefox ESR backports | | | | | safe-rm�[60] | Prevent installation in (and thereby | | | breaking of) merged /usr environments | | | | | sorl-thumbnail�[61] | Workaround a pgmagick exception | | | | | sssd�[62] | sysdb: sanitize search filter input | | | [CVE-2017-12173] | | | | | tigervnc�[63] | Security updates [CVE-2019-15691 | | | CVE-2019-15692 CVE-2019-15693 | | | CVE-2019-15694 CVE-2019-15695] | | | | | tightvnc�[64] | Security fixes [CVE-2014-6053 2019- | | | 8287 CVE-2018-20021 CVE-2018-20022 | | | CVE-2018-20748 CVE-2018-7225 CVE-2019- | | | 15678 CVE-2019-15679 CVE-2019-15680 | | | CVE-2019-15681 CVE-2019-8287] | | | | | tmpreaper�[65] | Add "--protect '/tmp/systemd- | | | private*/*'" to cron job to prevent | | | breaking systemd services that have | | | PrivateTmp=true | | | | | tzdata�[66] | New upstream release | | | | | ublock-origin�[67] | New upstream version, compatible with | | | Firefox ESR68 | | | | | unhide�[68] | Fix stack exhaustion | | | | | x2goclient�[69] | Strip ~/, ~user{,/}, ${HOME}{,/} and | | | $HOME{,/} from destination paths in | | | scp mode; fixes regression with newer | | | libssh versions with fixes for | | | CVE-2019-14889 applied | | | | | xml-security-c�[70] | Fix "DSA verification crashes OpenSSL | | | on invalid combinations of key | | | content" | | | | +----------------------------+----------------------------------------+ 1: https://packages.debian.org/src:base-files 2: https://packages.debian.org/src:cargo 3: https://packages.debian.org/src:clamav 4: https://packages.debian.org/src:cups 5: https://packages.debian.org/src:debian-installer 6: https://packages.debian.org/src:debian-installer-netboot-images 7: https://packages.debian.org/src:debian-security-support 8: https://packages.debian.org/src:dehydrated 9: https://packages.debian.org/src:dispmua 10: https://packages.debian.org/src:dpdk 11: https://packages.debian.org/src:fence-agents 12: https://packages.debian.org/src:fig2dev 13: https://packages.debian.org/src:flightcrew 14: https://packages.debian.org/src:freetype 15: https://packages.debian.org/src:glib2.0 16: https://packages.debian.org/src:gnustep-base 17: https://packages.debian.org/src:italc 18: https://packages.debian.org/src:libdate-holidays-de-perl 19: https://packages.debian.org/src:libdatetime-timezone-perl 20: https://packages.debian.org/src:libidn 21: https://packages.debian.org/src:libjaxen-java 22: https://packages.debian.org/src:libofx 23: https://packages.debian.org/src:libole-storage-lite-perl 24: https://packages.debian.org/src:libparse-win32registry-perl 25: https://packages.debian.org/src:libperl4-corelibs-perl 26: https://packages.debian.org/src:libpst 27: https://packages.debian.org/src:libsixel 28: https://packages.debian.org/src:libsolv 29: https://packages.debian.org/src:libtest-mocktime-perl 30: https://packages.debian.org/src:libtimedate-perl 31: https://packages.debian.org/src:libvncserver 32: https://packages.debian.org/src:libxslt 33: https://packages.debian.org/src:limnoria 34: https://packages.debian.org/src:linux 35: https://packages.debian.org/src:linux-latest 36: https://packages.debian.org/src:llvm-toolchain-7 37: https://packages.debian.org/src:mariadb-10.1 38: https://packages.debian.org/src:monit 39: https://packages.debian.org/src:node-fstream 40: https://packages.debian.org/src:node-mixin-deep 41: https://packages.debian.org/src:nodejs-mozilla 42: https://packages.debian.org/src:nvidia-graphics-drivers-legacy-340xx 43: https://packages.debian.org/src:nyancat 44: https://packages.debian.org/src:openjpeg2 45: https://packages.debian.org/src:perl 46: https://packages.debian.org/src:php-horde 47: https://packages.debian.org/src:postfix 48: https://packages.debian.org/src:postgresql-9.6 49: https://packages.debian.org/src:proftpd-dfsg 50: https://packages.debian.org/src:pykaraoke 51: https://packages.debian.org/src:python-acme 52: https://packages.debian.org/src:python-cryptography 53: https://packages.debian.org/src:python-flask-rdf 54: https://packages.debian.org/src:python-pgmagick 55: https://packages.debian.org/src:python-werkzeug 56: https://packages.debian.org/src:ros-ros-comm 57: https://packages.debian.org/src:ruby-encryptor 58: https://packages.debian.org/src:rust-cbindgen 59: https://packages.debian.org/src:rustc 60: https://packages.debian.org/src:safe-rm 61: https://packages.debian.org/src:sorl-thumbnail 62: https://packages.debian.org/src:sssd 63: https://packages.debian.org/src:tigervnc 64: https://packages.debian.org/src:tightvnc 65: https://packages.debian.org/src:tmpreaper 66: https://packages.debian.org/src:tzdata 67: https://packages.debian.org/src:ublock-origin 68: https://packages.debian.org/src:unhide 69: https://packages.debian.org/src:x2goclient 70: https://packages.debian.org/src:xml-security-c Security Updates ---------------- This revision adds the following security updates to the oldstable release. The Security Team has already released an advisory for each of these updates: +----------------+-------------------------+ | Advisory ID | Package | +----------------+-------------------------+ | DSA-4474�[71] | firefox-esr�[72] | | | | | DSA-4479�[73] | firefox-esr�[74] | | | | | DSA-4509�[75] | apache2�[76] | | | | | DSA-4509�[77] | subversion�[78] | | | | | DSA-4511�[79] | nghttp2�[80] | | | | | DSA-4516�[81] | firefox-esr�[82] | | | | | DSA-4517�[83] | exim4�[84] | | | | | DSA-4518�[85] | ghostscript�[86] | | | | | DSA-4519�[87] | libreoffice�[88] | | | | | DSA-4522�[89] | faad2�[90] | | | | | DSA-4523�[91] | thunderbird�[92] | | | | | DSA-4525�[93] | ibus�[94] | | | | | DSA-4526�[95] | opendmarc�[96] | | | | | DSA-4528�[97] | bird�[98] | | | | | DSA-4529�[99] | php7.0�[100] | | | | | DSA-4530�[101] | expat�[102] | | | | | DSA-4531�[103] | linux�[104] | | | | | DSA-4532�[105] | spip�[106] | | | | | DSA-4535�[107] | e2fsprogs�[108] | | | | | DSA-4537�[109] | file-roller�[110] | | | | | DSA-4539�[111] | openssl�[112] | | | | | DSA-4540�[113] | openssl1.0�[114] | | | | | DSA-4541�[115] | libapreq2�[116] | | | | | DSA-4542�[117] | jackson-databind�[118] | | | | | DSA-4543�[119] | sudo�[120] | | | | | DSA-4545�[121] | mediawiki�[122] | | | | | DSA-4547�[123] | tcpdump�[124] | | | | | DSA-4548�[125] | openjdk-8�[126] | | | | | DSA-4549�[127] | firefox-esr�[128] | | | | | DSA-4550�[129] | file�[130] | | | | | DSA-4552�[131] | php7.0�[132] | | | | | DSA-4554�[133] | ruby-loofah�[134] | | | | | DSA-4555�[135] | pam-python�[136] | | | | | DSA-4557�[137] | libarchive�[138] | | | | | DSA-4559�[139] | proftpd-dfsg�[140] | | | | | DSA-4560�[141] | simplesamlphp�[142] | | | | | DSA-4564�[143] | linux�[144] | | | | | DSA-4565�[145] | intel-microcode�[146] | | | | | DSA-4567�[147] | dpdk�[148] | | | | | DSA-4568�[149] | postgresql-common�[150] | | | | | DSA-4569�[151] | ghostscript�[152] | | | | | DSA-4571�[153] | thunderbird�[154] | | | | | DSA-4573�[155] | symfony�[156] | | | | | DSA-4574�[157] | redmine�[158] | | | | | DSA-4576�[159] | php-imagick�[160] | | | | | DSA-4578�[161] | libvpx�[162] | | | | | DSA-4580�[163] | firefox-esr�[164] | | | | | DSA-4581�[165] | git�[166] | | | | | DSA-4582�[167] | davical�[168] | | | | | DSA-4584�[169] | spamassassin�[170] | | | | | DSA-4585�[171] | thunderbird�[172] | | | | | DSA-4587�[173] | ruby2.3�[174] | | | | | DSA-4588�[175] | python-ecdsa�[176] | | | | | DSA-4589�[177] | debian-edu-config�[178] | | | | | DSA-4590�[179] | cyrus-imapd�[180] | | | | | DSA-4591�[181] | cyrus-sasl2�[182] | | | | | DSA-4592�[183] | mediawiki�[184] | | | | | DSA-4593�[185] | freeimage�[186] | | | | | DSA-4594�[187] | openssl1.0�[188] | | | | | DSA-4595�[189] | debian-lan-config�[190] | | | | | DSA-4596�[191] | tomcat8�[192] | | | | | DSA-4596�[193] | tomcat-native�[194] | | | | | DSA-4597�[195] | netty�[196] | | | | | DSA-4598�[197] | python-django�[198] | | | | | DSA-4600�[199] | firefox-esr�[200] | | | | | DSA-4601�[201] | ldm�[202] | | | | | DSA-4602�[203] | xen�[204] | | | | | DSA-4603�[205] | thunderbird�[206] | | | | | DSA-4604�[207] | cacti�[208] | | | | | DSA-4607�[209] | openconnect�[210] | | | | | DSA-4609�[211] | python-apt�[212] | | | | | DSA-4611�[213] | opensmtpd�[214] | | | | | DSA-4612�[215] | prosody-modules�[216] | | | | | DSA-4614�[217] | sudo�[218] | | | | | DSA-4615�[219] | spamassassin�[220] | | | | +----------------+-------------------------+ 71: https://www.debian.org/security/2019/dsa-4474 72: https://packages.debian.org/src:firefox-esr 73: https://www.debian.org/security/2019/dsa-4479 74: https://packages.debian.org/src:firefox-esr 75: https://www.debian.org/security/2019/dsa-4509 76: https://packages.debian.org/src:apache2 77: https://www.debian.org/security/2019/dsa-4509 78: https://packages.debian.org/src:subversion 79: https://www.debian.org/security/2019/dsa-4511 80: https://packages.debian.org/src:nghttp2 81: https://www.debian.org/security/2019/dsa-4516 82: https://packages.debian.org/src:firefox-esr 83: https://www.debian.org/security/2019/dsa-4517 84: https://packages.debian.org/src:exim4 85: https://www.debian.org/security/2019/dsa-4518 86: https://packages.debian.org/src:ghostscript 87: https://www.debian.org/security/2019/dsa-4519 88: https://packages.debian.org/src:libreoffice 89: https://www.debian.org/security/2019/dsa-4522 90: https://packages.debian.org/src:faad2 91: https://www.debian.org/security/2019/dsa-4523 92: https://packages.debian.org/src:thunderbird 93: https://www.debian.org/security/2019/dsa-4525 94: https://packages.debian.org/src:ibus 95: https://www.debian.org/security/2019/dsa-4526 96: https://packages.debian.org/src:opendmarc 97: https://www.debian.org/security/2019/dsa-4528 98: https://packages.debian.org/src:bird 99: https://www.debian.org/security/2019/dsa-4529 100: https://packages.debian.org/src:php7.0 101: https://www.debian.org/security/2019/dsa-4530 102: https://packages.debian.org/src:expat 103: https://www.debian.org/security/2019/dsa-4531 104: https://packages.debian.org/src:linux 105: https://www.debian.org/security/2019/dsa-4532 106: https://packages.debian.org/src:spip 107: https://www.debian.org/security/2019/dsa-4535 108: https://packages.debian.org/src:e2fsprogs 109: https://www.debian.org/security/2019/dsa-4537 110: https://packages.debian.org/src:file-roller 111: https://www.debian.org/security/XXXX/dsa-4539 112: https://packages.debian.org/src:openssl 113: https://www.debian.org/security/2019/dsa-4540 114: https://packages.debian.org/src:openssl1.0 115: https://www.debian.org/security/2019/dsa-4541 116: https://packages.debian.org/src:libapreq2 117: https://www.debian.org/security/2019/dsa-4542 118: https://packages.debian.org/src:jackson-databind 119: https://www.debian.org/security/2019/dsa-4543 120: https://packages.debian.org/src:sudo 121: https://www.debian.org/security/2019/dsa-4545 122: https://packages.debian.org/src:mediawiki 123: https://www.debian.org/security/2019/dsa-4547 124: https://packages.debian.org/src:tcpdump 125: https://www.debian.org/security/2019/dsa-4548 126: https://packages.debian.org/src:openjdk-8 127: https://www.debian.org/security/XXXX/dsa-4549 128: https://packages.debian.org/src:firefox-esr 129: https://www.debian.org/security/2019/dsa-4550 130: https://packages.debian.org/src:file 131: https://www.debian.org/security/2019/dsa-4552 132: https://packages.debian.org/src:php7.0 133: https://www.debian.org/security/2019/dsa-4554 134: https://packages.debian.org/src:ruby-loofah 135: https://www.debian.org/security/2019/dsa-4555 136: https://packages.debian.org/src:pam-python 137: https://www.debian.org/security/2019/dsa-4557 138: https://packages.debian.org/src:libarchive 139: https://www.debian.org/security/2019/dsa-4559 140: https://packages.debian.org/src:proftpd-dfsg 141: https://www.debian.org/security/2019/dsa-4560 142: https://packages.debian.org/src:simplesamlphp 143: https://www.debian.org/security/2019/dsa-4564 144: https://packages.debian.org/src:linux 145: https://www.debian.org/security/2019/dsa-4565 146: https://packages.debian.org/src:intel-microcode 147: https://www.debian.org/security/2019/dsa-4567 148: https://packages.debian.org/src:dpdk 149: https://www.debian.org/security/2019/dsa-4568 150: https://packages.debian.org/src:postgresql-common 151: https://www.debian.org/security/2019/dsa-4569 152: https://packages.debian.org/src:ghostscript 153: https://www.debian.org/security/2019/dsa-4571 154: https://packages.debian.org/src:thunderbird 155: https://www.debian.org/security/2019/dsa-4573 156: https://packages.debian.org/src:symfony 157: https://www.debian.org/security/2019/dsa-4574 158: https://packages.debian.org/src:redmine 159: https://www.debian.org/security/2019/dsa-4576 160: https://packages.debian.org/src:php-imagick 161: https://www.debian.org/security/2019/dsa-4578 162: https://packages.debian.org/src:libvpx 163: https://www.debian.org/security/2019/dsa-4580 164: https://packages.debian.org/src:firefox-esr 165: https://www.debian.org/security/2019/dsa-4581 166: https://packages.debian.org/src:git 167: https://www.debian.org/security/2019/dsa-4582 168: https://packages.debian.org/src:davical 169: https://www.debian.org/security/2019/dsa-4584 170: https://packages.debian.org/src:spamassassin 171: https://www.debian.org/security/2019/dsa-4585 172: https://packages.debian.org/src:thunderbird 173: https://www.debian.org/security/2019/dsa-4587 174: https://packages.debian.org/src:ruby2.3 175: https://www.debian.org/security/2019/dsa-4588 176: https://packages.debian.org/src:python-ecdsa 177: https://www.debian.org/security/2019/dsa-4589 178: https://packages.debian.org/src:debian-edu-config 179: https://www.debian.org/security/2019/dsa-4590 180: https://packages.debian.org/src:cyrus-imapd 181: https://www.debian.org/security/2019/dsa-4591 182: https://packages.debian.org/src:cyrus-sasl2 183: https://www.debian.org/security/2019/dsa-4592 184: https://packages.debian.org/src:mediawiki 185: https://www.debian.org/security/2019/dsa-4593 186: https://packages.debian.org/src:freeimage 187: https://www.debian.org/security/2019/dsa-4594 188: https://packages.debian.org/src:openssl1.0 189: https://www.debian.org/security/2019/dsa-4595 190: https://packages.debian.org/src:debian-lan-config 191: https://www.debian.org/security/2019/dsa-4596 192: https://packages.debian.org/src:tomcat8 193: https://www.debian.org/security/XXXX/dsa-4596 194: https://packages.debian.org/src:tomcat-native 195: https://www.debian.org/security/2020/dsa-4597 196: https://packages.debian.org/src:netty 197: https://www.debian.org/security/2020/dsa-4598 198: https://packages.debian.org/src:python-django 199: https://www.debian.org/security/2020/dsa-4600 200: https://packages.debian.org/src:firefox-esr 201: https://www.debian.org/security/2020/dsa-4601 202: https://packages.debian.org/src:ldm 203: https://www.debian.org/security/2020/dsa-4602 204: https://packages.debian.org/src:xen 205: https://www.debian.org/security/2020/dsa-4603 206: https://packages.debian.org/src:thunderbird 207: https://www.debian.org/security/2020/dsa-4604 208: https://packages.debian.org/src:cacti 209: https://www.debian.org/security/2020/dsa-4607 210: https://packages.debian.org/src:openconnect 211: https://www.debian.org/security/2020/dsa-4609 212: https://packages.debian.org/src:python-apt 213: https://www.debian.org/security/XXXX/dsa-4611 214: https://packages.debian.org/src:opensmtpd 215: https://www.debian.org/security/2020/dsa-4612 216: https://packages.debian.org/src:prosody-modules 217: https://www.debian.org/security/2020/dsa-4614 218: https://packages.debian.org/src:sudo 219: https://www.debian.org/security/2020/dsa-4615 220: https://packages.debian.org/src:spamassassin Removed packages ---------------- The following packages were removed due to circumstances beyond our control: +------------------------+---------------------------------------------+ | Package | Reason | +------------------------+---------------------------------------------+ | firetray�[221] | Incompatible with current Thunderbird | | | versions | | | | | koji�[222] | Security issues | | | | | python-lamson�[223] | Broken by changes in python-daemon | | | | | radare2�[224] | Security issues; upstream do not offer | | | stable support | | | | | ruby-simple-form�[225] | Unused; security issues | | | | | trafficserver�[226] | Unsupportable | | | | +------------------------+---------------------------------------------+ 221: https://packages.debian.org/src:firetray 222: https://packages.debian.org/src:koji 223: https://packages.debian.org/src:python-lamson 224: https://packages.debian.org/src:radare2 225: https://packages.debian.org/src:ruby-simple-form 226: https://packages.debian.org/src:trafficserver Debian Installer ---------------- The installer has been updated to include the fixes incorporated into oldstable by the point release. URLs ---- The complete lists of packages that have changed with this revision: http://ftp.debian.org/debian/dists/stretch/ChangeLog The current oldstable distribution: http://ftp.debian.org/debian/dists/oldstable/ Proposed updates to the oldstable distribution: http://ftp.debian.org/debian/dists/oldstable-proposed-updates oldstable distribution information (release notes, errata etc.): https://www.debian.org/releases/oldstable/ Security announcements and information: https://www.debian.org/security/ About Debian ------------ The Debian Project is an association of Free Software developers who volunteer their time and effort in order to produce the completely free operating system Debian. Contact Information ------------------- For further information, please visit the Debian web pages at https://www.debian.org/, send mail to <press@debian.org>, or contact the stable release team at <debian-release@lists.debian.org>.
Attachment:
signature.asc
Description: PGP signature