Re: Updated Debian 9: 9.13 released
"New installation images will be available soon at the regular locations"
Please, to make easy to find on releases annountements, put a link to
this page:
https://www.debian.org/releases/stretch/debian-installer/
+ Make there more explicit the IMAGES DOWNLOAD term when linking there
to the other index:
https://www.debian.org/releases/stretch/debian-installer/
Thank you.
Narcis Garcia
__________
I'm using this dedicated address because personal addresses aren't
masked enough at this mail public archive. Public archive administrator
should fix this against automated addresses collectors.
El 18/7/20 a les 21:41, Laura Arjona Reina ha escrit:
> ------------------------------------------------------------------------
> The Debian Project https://www.debian.org/
> Updated Debian 9: 9.13 released press@debian.org
> July 18th, 2020 https://www.debian.org/News/2020/20200718
> ------------------------------------------------------------------------
>
> The Debian project is pleased to announce the thirteenth (and final)
> update of its oldstable distribution Debian 9 (codename "stretch"). This
> point release mainly adds corrections for security issues, along with a
> few adjustments for serious problems. Security advisories have already
> been published separately and are referenced where available.
>
> After this point release, Debian's Security and Release Teams will no
> longer be producing updates for Debian 9. Users wishing to continue to
> receive security support should upgrade to Debian 10, or see
> https://wiki.debian.org/LTS for details about the subset of
> architectures and packages covered by the Long Term Support project.
>
> Please note that the point release does not constitute a new version of
> Debian 9 but only updates some of the packages included. There is no
> need to throw away old "stretch" media. After installation, packages can
> be upgraded to the current versions using an up-to-date Debian mirror.
>
> Those who frequently install updates from security.debian.org won't have
> to update many packages, and most such updates are included in the point
> release.
>
> New installation images will be available soon at the regular locations.
>
> Upgrading an existing installation to this revision can be achieved by
> pointing the package management system at one of Debian's many HTTP
> mirrors. A comprehensive list of mirrors is available at:
>
> https://www.debian.org/mirror/list
>
>
> Miscellaneous Bugfixes
> ----------------------
>
> This oldstable update adds a few important corrections to the following
> packages:
>
> +--------------------------+------------------------------------------+
> | Package | Reason |
> +--------------------------+------------------------------------------+
> | acmetool [1] | Rebuild against recent golang to pick up |
> | | security fixes |
> | | |
> | atril [2] | dvi: Mitigate command injection attacks |
> | | by quoting filename [CVE-2017-1000159]; |
> | | fix overflow checks in tiff backend |
> | | [CVE-2019-1010006]; tiff: Handle failure |
> | | from TIFFReadRGBAImageOriented |
> | | [CVE-2019-11459] |
> | | |
> | bacula [3] | Add transitional package bacula- |
> | | director-common, avoiding loss of /etc/ |
> | | bacula/bacula-dir.conf when purged; make |
> | | PID files owned by root |
> | | |
> | base-files [4] | Update /etc/debian_version for the point |
> | | release |
> | | |
> | batik [5] | Fix server-side request forgery via |
> | | xlink:href attributes [CVE-2019-17566] |
> | | |
> | c-icap-modules [6] | Support ClamAV 0.102 |
> | | |
> | ca-certificates [7] | Update Mozilla CA bundle to 2.40, |
> | | blacklist distrusted Symantec roots and |
> | | expired "AddTrust External Root" ; |
> | | remove e-mail only certificates |
> | | |
> | chasquid [8] | Rebuild against recent golang to pick up |
> | | security fixes |
> | | |
> | checkstyle [9] | Fix XML External Entity injection issue |
> | | [CVE-2019-9658 CVE-2019-10782] |
> | | |
> | clamav [10] | New upstream release [CVE-2020-3123]; |
> | | security fixes [CVE-2020-3327 CVE-2020- |
> | | 3341] |
> | | |
> | compactheader [11] | New upstream version, compatible with |
> | | newer Thunderbird versions |
> | | |
> | cram [12] | Ignore test failures to fix build issues |
> | | |
> | csync2 [13] | Fail HELLO command when SSL is required |
> | | |
> | cups [14] | Fix heap buffer overflow [CVE-2020-3898] |
> | | and "the `ippReadIO` function may |
> | | under-read an extension |
> | | field" [CVE-2019-8842] |
> | | |
> | dbus [15] | New upstream stable release; prevent a |
> | | denial of service issue [CVE-2020- |
> | | 12049]; prevent use-after-free if two |
> | | usernames share a uid |
> | | |
> | debian-installer [16] | Update for the 4.9.0-13 Linux kernel ABI |
> | | |
> | debian-installer- | Rebuild against stretch-proposed-updates |
> | netboot-images [17] | |
> | | |
> | debian-security- | Update support status of several |
> | support [18] | packages |
> | | |
> | erlang [19] | Fix use of weak TLS ciphers [CVE-2020- |
> | | 12872] |
> | | |
> | exiv2 [20] | Fix denial of service issue [CVE-2018- |
> | | 16336]; fix over-restrictive fix for |
> | | CVE-2018-10958 and CVE-2018-10999 |
> | | |
> | fex [21] | Security update |
> | | |
> | file-roller [22] | Security fix [CVE-2020-11736] |
> | | |
> | fwupd [23] | New upstream release; use a CNAME to |
> | | redirect to the correct CDN for |
> | | metadata; do not abort startup if the |
> | | XML metadata file is invalid; add the |
> | | Linux Foundation public GPG keys for |
> | | firmware and metadata; raise the |
> | | metadata limit to 10MB |
> | | |
> | glib-networking [24] | Return bad identity error if identity is |
> | | unset [CVE-2020-13645] |
> | | |
> | gnutls28 [25] | Fix memory corruption issue [CVE-2019- |
> | | 3829]; fix memory leak; add support for |
> | | zero length session tickets, fix |
> | | connection errors on TLS1.2 sessions to |
> | | some hosting providers |
> | | |
> | gosa [26] | Tighten check on LDAP success/failure |
> | | [CVE-2019-11187]; fix compatibility with |
> | | newer PHP versions; backport several |
> | | other patches; replace (un)serialize |
> | | with json_encode/json_decode to mitigate |
> | | PHP object injection [CVE-2019-14466] |
> | | |
> | heartbleeder [27] | Rebuild against recent golang to pick up |
> | | security fixes |
> | | |
> | intel-microcode [28] | Downgrade some microcodes to previously |
> | | released revisions, working around hangs |
> | | on boot on Skylake-U/Y and Skylake Xeon |
> | | E3 |
> | | |
> | iptables-persistent [29] | Don't fail if modprobe does |
> | | |
> | jackson-databind [30] | Fix multiple security issues affecting |
> | | BeanDeserializerFactory [CVE-2020-9548 |
> | | CVE-2020-9547 CVE-2020-9546 CVE-2020- |
> | | 8840 CVE-2020-14195 CVE-2020-14062 |
> | | CVE-2020-14061 CVE-2020-14060 CVE-2020- |
> | | 11620 CVE-2020-11619 CVE-2020-11113 |
> | | CVE-2020-11112 CVE-2020-11111 CVE-2020- |
> | | 10969 CVE-2020-10968 CVE-2020-10673 |
> | | CVE-2020-10672 CVE-2019-20330 CVE-2019- |
> | | 17531 and CVE-2019-17267] |
> | | |
> | libbusiness-hours- | Use explicit 4 digit years, fixing build |
> | perl [31] | and usage issues |
> | | |
> | libclamunrar [32] | New upstream stable release; add an |
> | | unversioned meta-package |
> | | |
> | libdbi [33] | Comment out _error_handler() call again, |
> | | fixing issues with consumers |
> | | |
> | libembperl-perl [34] | Handle error pages from Apache >= 2.4.40 |
> | | |
> | libexif [35] | Security fixes [CVE-2016-6328 CVE-2017- |
> | | 7544 CVE-2018-20030 CVE-2020-12767 |
> | | CVE-2020-0093]; security fixes |
> | | [CVE-2020-13112 CVE-2020-13113 CVE-2020- |
> | | 13114]; fix a buffer read overflow |
> | | [CVE-2020-0182] and an unsigned integer |
> | | overflow [CVE-2020-0198] |
> | | |
> | libvncserver [36] | Fix heap overflow [CVE-2019-15690] |
> | | |
> | linux [37] | New upstream stable release; update ABI |
> | | to 4.9.0-13 |
> | | |
> | linux-latest [38] | Update for 4.9.0-13 kernel ABI |
> | | |
> | mariadb-10.1 [39] | New upstream stable release; security |
> | | fixes [CVE-2020-2752 CVE-2020-2812 |
> | | CVE-2020-2814] |
> | | |
> | megatools [40] | Add support for the new format of |
> | | mega.nz links |
> | | |
> | mod-gnutls [41] | Avoid deprecated ciphersuites in test |
> | | suite; fix test failures when combined |
> | | with Apache's fix for CVE-2019-10092 |
> | | |
> | mongo-tools [42] | Rebuild against recent golang to pick up |
> | | security fixes |
> | | |
> | neon27 [43] | Treat OpenSSL-related test failures as |
> | | non-fatal |
> | | |
> | nfs-utils [44] | Fix potential file overwrite |
> | | vulnerability [CVE-2019-3689]; don't |
> | | make all of /var/lib/nfs owned by the |
> | | statd user |
> | | |
> | nginx [45] | Fix error page request smuggling |
> | | vulnerability [CVE-2019-20372] |
> | | |
> | node-url-parse [46] | Sanitize paths and hosts before parsing |
> | | [CVE-2018-3774] |
> | | |
> | nvidia-graphics- | New upstream stable release; new |
> | drivers [47] | upstream stable release; security fixes |
> | | [CVE-2020-5963 CVE-2020-5967] |
> | | |
> | pcl [48] | Fix missing dependency on libvtk6-qt-dev |
> | | |
> | perl [49] | Fix multiple regular expression related |
> | | security issues [CVE-2020-10543 |
> | | CVE-2020-10878 CVE-2020-12723] |
> | | |
> | php-horde [50] | Fix cross-site scripting vulnerability |
> | | [CVE-2020-8035] |
> | | |
> | php-horde-data [51] | Fix authenticated remote code execution |
> | | vulnerability [CVE-2020-8518] |
> | | |
> | php-horde-form [52] | Fix authenticated remote code execution |
> | | vulnerability [CVE-2020-8866] |
> | | |
> | php-horde-gollem [53] | Fix cross-site scripting vulnerability |
> | | in breadcrumb output [CVE-2020-8034] |
> | | |
> | php-horde-trean [54] | Fix authenticated remote code execution |
> | | vulnerability [CVE-2020-8865] |
> | | |
> | phpmyadmin [55] | Several security fixes [CVE-2018-19968 |
> | | CVE-2018-19970 CVE-2018-7260 CVE-2019- |
> | | 11768 CVE-2019-12616 CVE-2019-6798 |
> | | CVE-2019-6799 CVE-2020-10802 CVE-2020- |
> | | 10803 CVE-2020-10804 CVE-2020-5504] |
> | | |
> | postfix [56] | New upstream stable release |
> | | |
> | proftpd-dfsg [57] | Fix handling SSH_MSG_IGNORE packets |
> | | |
> | python-icalendar [58] | Fix Python3 dependencies |
> | | |
> | rails [59] | Fix possible cross-site scripting via |
> | | Javascript escape helper [CVE-2020-5267] |
> | | |
> | rake [60] | Fix command injection vulnerability |
> | | [CVE-2020-8130] |
> | | |
> | roundcube [61] | Fix cross-site scripting issue via HTML |
> | | messages with malicious svg/namespace |
> | | [CVE-2020-15562] |
> | | |
> | ruby-json [62] | Fix unsafe object creation vulnerability |
> | | [CVE-2020-10663] |
> | | |
> | ruby2.3 [63] | Fix unsafe object creation vulnerability |
> | | [CVE-2020-10663] |
> | | |
> | sendmail [64] | Fix finding the queue runner control |
> | | process in "split daemon" mode, |
> | | "NOQUEUE: connect from (null)" , removal |
> | | failure when using BTRFS |
> | | |
> | sogo-connector [65] | New upstream version, compatible with |
> | | newer Thunderbird versions |
> | | |
> | ssvnc [66] | Fix out-of-bounds write [CVE-2018- |
> | | 20020], infinite loop [CVE-2018-20021], |
> | | improper initialisation [CVE-2018- |
> | | 20022], potential denial-of-service |
> | | [CVE-2018-20024] |
> | | |
> | storebackup [67] | Fix possible privilege escalation |
> | | vulnerability [CVE-2020-7040] |
> | | |
> | swt-gtk [68] | Fix missing dependency on |
> | | libwebkitgtk-1.0-0 |
> | | |
> | tinyproxy [69] | Create PID file before dropping |
> | | privileges to non-root account |
> | | [CVE-2017-11747] |
> | | |
> | tzdata [70] | New upstream stable release |
> | | |
> | websockify [71] | Fix missing dependency on python{3,}- |
> | | pkg-resources |
> | | |
> | wpa [72] | Fix AP mode PMF disconnection protection |
> | | bypass [CVE-2019-16275]; fix MAC |
> | | randomisation issues with some cards |
> | | |
> | xdg-utils [73] | Sanitise window name before sending it |
> | | over D-Bus; correctly handle directories |
> | | with names containing spaces; create the |
> | | "applications" directory if needed |
> | | |
> | xml-security-c [74] | Fix length calculation in the concat |
> | | method |
> | | |
> | xtrlock [75] | Fix blocking of (some) multitouch |
> | | devices while locked [CVE-2016-10894] |
> | | |
> +--------------------------+------------------------------------------+
>
> 1: https://packages.debian.org/src:acmetool
> 2: https://packages.debian.org/src:atril
> 3: https://packages.debian.org/src:bacula
> 4: https://packages.debian.org/src:base-files
> 5: https://packages.debian.org/src:batik
> 6: https://packages.debian.org/src:c-icap-modules
> 7: https://packages.debian.org/src:ca-certificates
> 8: https://packages.debian.org/src:chasquid
> 9: https://packages.debian.org/src:checkstyle
> 10: https://packages.debian.org/src:clamav
> 11: https://packages.debian.org/src:compactheader
> 12: https://packages.debian.org/src:cram
> 13: https://packages.debian.org/src:csync2
> 14: https://packages.debian.org/src:cups
> 15: https://packages.debian.org/src:dbus
> 16: https://packages.debian.org/src:debian-installer
> 17: https://packages.debian.org/src:debian-installer-netboot-images
> 18: https://packages.debian.org/src:debian-security-support
> 19: https://packages.debian.org/src:erlang
> 20: https://packages.debian.org/src:exiv2
> 21: https://packages.debian.org/src:fex
> 22: https://packages.debian.org/src:file-roller
> 23: https://packages.debian.org/src:fwupd
> 24: https://packages.debian.org/src:glib-networking
> 25: https://packages.debian.org/src:gnutls28
> 26: https://packages.debian.org/src:gosa
> 27: https://packages.debian.org/src:heartbleeder
> 28: https://packages.debian.org/src:intel-microcode
> 29: https://packages.debian.org/src:iptables-persistent
> 30: https://packages.debian.org/src:jackson-databind
> 31: https://packages.debian.org/src:libbusiness-hours-perl
> 32: https://packages.debian.org/src:libclamunrar
> 33: https://packages.debian.org/src:libdbi
> 34: https://packages.debian.org/src:libembperl-perl
> 35: https://packages.debian.org/src:libexif
> 36: https://packages.debian.org/src:libvncserver
> 37: https://packages.debian.org/src:linux
> 38: https://packages.debian.org/src:linux-latest
> 39: https://packages.debian.org/src:mariadb-10.1
> 40: https://packages.debian.org/src:megatools
> 41: https://packages.debian.org/src:mod-gnutls
> 42: https://packages.debian.org/src:mongo-tools
> 43: https://packages.debian.org/src:neon27
> 44: https://packages.debian.org/src:nfs-utils
> 45: https://packages.debian.org/src:nginx
> 46: https://packages.debian.org/src:node-url-parse
> 47: https://packages.debian.org/src:nvidia-graphics-drivers
> 48: https://packages.debian.org/src:pcl
> 49: https://packages.debian.org/src:perl
> 50: https://packages.debian.org/src:php-horde
> 51: https://packages.debian.org/src:php-horde-data
> 52: https://packages.debian.org/src:php-horde-form
> 53: https://packages.debian.org/src:php-horde-gollem
> 54: https://packages.debian.org/src:php-horde-trean
> 55: https://packages.debian.org/src:phpmyadmin
> 56: https://packages.debian.org/src:postfix
> 57: https://packages.debian.org/src:proftpd-dfsg
> 58: https://packages.debian.org/src:python-icalendar
> 59: https://packages.debian.org/src:rails
> 60: https://packages.debian.org/src:rake
> 61: https://packages.debian.org/src:roundcube
> 62: https://packages.debian.org/src:ruby-json
> 63: https://packages.debian.org/src:ruby2.3
> 64: https://packages.debian.org/src:sendmail
> 65: https://packages.debian.org/src:sogo-connector
> 66: https://packages.debian.org/src:ssvnc
> 67: https://packages.debian.org/src:storebackup
> 68: https://packages.debian.org/src:swt-gtk
> 69: https://packages.debian.org/src:tinyproxy
> 70: https://packages.debian.org/src:tzdata
> 71: https://packages.debian.org/src:websockify
> 72: https://packages.debian.org/src:wpa
> 73: https://packages.debian.org/src:xdg-utils
> 74: https://packages.debian.org/src:xml-security-c
> 75: https://packages.debian.org/src:xtrlock
>
> Security Updates
> ----------------
>
> This revision adds the following security updates to the oldstable
> release. The Security Team has already released an advisory for each of
> these updates:
>
> +----------------+----------------------------+
> | Advisory ID | Package |
> +----------------+----------------------------+
> | DSA-4005 [76] | openjfx [77] |
> | | |
> | DSA-4255 [78] | ant [79] |
> | | |
> | DSA-4352 [80] | chromium-browser [81] |
> | | |
> | DSA-4379 [82] | golang-1.7 [83] |
> | | |
> | DSA-4380 [84] | golang-1.8 [85] |
> | | |
> | DSA-4395 [86] | chromium [87] |
> | | |
> | DSA-4421 [88] | chromium [89] |
> | | |
> | DSA-4616 [90] | qemu [91] |
> | | |
> | DSA-4617 [92] | qtbase-opensource-src [93] |
> | | |
> | DSA-4618 [94] | libexif [95] |
> | | |
> | DSA-4619 [96] | libxmlrpc3-java [97] |
> | | |
> | DSA-4620 [98] | firefox-esr [99] |
> | | |
> | DSA-4621 [100] | openjdk-8 [101] |
> | | |
> | DSA-4622 [102] | postgresql-9.6 [103] |
> | | |
> | DSA-4624 [104] | evince [105] |
> | | |
> | DSA-4625 [106] | thunderbird [107] |
> | | |
> | DSA-4628 [108] | php7.0 [109] |
> | | |
> | DSA-4629 [110] | python-django [111] |
> | | |
> | DSA-4630 [112] | python-pysaml2 [113] |
> | | |
> | DSA-4631 [114] | pillow [115] |
> | | |
> | DSA-4632 [116] | ppp [117] |
> | | |
> | DSA-4633 [118] | curl [119] |
> | | |
> | DSA-4634 [120] | opensmtpd [121] |
> | | |
> | DSA-4635 [122] | proftpd-dfsg [123] |
> | | |
> | DSA-4637 [124] | network-manager-ssh [125] |
> | | |
> | DSA-4639 [126] | firefox-esr [127] |
> | | |
> | DSA-4640 [128] | graphicsmagick [129] |
> | | |
> | DSA-4642 [130] | thunderbird [131] |
> | | |
> | DSA-4646 [132] | icu [133] |
> | | |
> | DSA-4647 [134] | bluez [135] |
> | | |
> | DSA-4648 [136] | libpam-krb5 [137] |
> | | |
> | DSA-4650 [138] | qbittorrent [139] |
> | | |
> | DSA-4653 [140] | firefox-esr [141] |
> | | |
> | DSA-4655 [142] | firefox-esr [143] |
> | | |
> | DSA-4656 [144] | thunderbird [145] |
> | | |
> | DSA-4657 [146] | git [147] |
> | | |
> | DSA-4659 [148] | git [149] |
> | | |
> | DSA-4660 [150] | awl [151] |
> | | |
> | DSA-4663 [152] | python-reportlab [153] |
> | | |
> | DSA-4664 [154] | mailman [155] |
> | | |
> | DSA-4666 [156] | openldap [157] |
> | | |
> | DSA-4668 [158] | openjdk-8 [159] |
> | | |
> | DSA-4670 [160] | tiff [161] |
> | | |
> | DSA-4671 [162] | vlc [163] |
> | | |
> | DSA-4673 [164] | tomcat8 [165] |
> | | |
> | DSA-4674 [166] | roundcube [167] |
> | | |
> | DSA-4675 [168] | graphicsmagick [169] |
> | | |
> | DSA-4676 [170] | salt [171] |
> | | |
> | DSA-4677 [172] | wordpress [173] |
> | | |
> | DSA-4678 [174] | firefox-esr [175] |
> | | |
> | DSA-4683 [176] | thunderbird [177] |
> | | |
> | DSA-4685 [178] | apt [179] |
> | | |
> | DSA-4686 [180] | apache-log4j1.2 [181] |
> | | |
> | DSA-4687 [182] | exim4 [183] |
> | | |
> | DSA-4688 [184] | dpdk [185] |
> | | |
> | DSA-4689 [186] | bind9 [187] |
> | | |
> | DSA-4692 [188] | netqmail [189] |
> | | |
> | DSA-4693 [190] | drupal7 [191] |
> | | |
> | DSA-4695 [192] | firefox-esr [193] |
> | | |
> | DSA-4698 [194] | linux [195] |
> | | |
> | DSA-4700 [196] | roundcube [197] |
> | | |
> | DSA-4701 [198] | intel-microcode [199] |
> | | |
> | DSA-4702 [200] | thunderbird [201] |
> | | |
> | DSA-4703 [202] | mysql-connector-java [203] |
> | | |
> | DSA-4704 [204] | vlc [205] |
> | | |
> | DSA-4705 [206] | python-django [207] |
> | | |
> | DSA-4706 [208] | drupal7 [209] |
> | | |
> | DSA-4707 [210] | mutt [211] |
> | | |
> | DSA-4711 [212] | coturn [213] |
> | | |
> | DSA-4713 [214] | firefox-esr [215] |
> | | |
> | DSA-4715 [216] | imagemagick [217] |
> | | |
> | DSA-4717 [218] | php7.0 [219] |
> | | |
> | DSA-4718 [220] | thunderbird [221] |
> | | |
> +----------------+----------------------------+
>
> 76: https://www.debian.org/security/2017/dsa-4005
> 77: https://packages.debian.org/src:openjfx
> 78: https://www.debian.org/security/2018/dsa-4255
> 79: https://packages.debian.org/src:ant
> 80: https://www.debian.org/security/2018/dsa-4352
> 81: https://packages.debian.org/src:chromium-browser
> 82: https://www.debian.org/security/2019/dsa-4379
> 83: https://packages.debian.org/src:golang-1.7
> 84: https://www.debian.org/security/2019/dsa-4380
> 85: https://packages.debian.org/src:golang-1.8
> 86: https://www.debian.org/security/2019/dsa-4395
> 87: https://packages.debian.org/src:chromium
> 88: https://www.debian.org/security/2019/dsa-4421
> 89: https://packages.debian.org/src:chromium
> 90: https://www.debian.org/security/2020/dsa-4616
> 91: https://packages.debian.org/src:qemu
> 92: https://www.debian.org/security/2020/dsa-4617
> 93: https://packages.debian.org/src:qtbase-opensource-src
> 94: https://www.debian.org/security/2020/dsa-4618
> 95: https://packages.debian.org/src:libexif
> 96: https://www.debian.org/security/2020/dsa-4619
> 97: https://packages.debian.org/src:libxmlrpc3-java
> 98: https://www.debian.org/security/2020/dsa-4620
> 99: https://packages.debian.org/src:firefox-esr
> 100: https://www.debian.org/security/2020/dsa-4621
> 101: https://packages.debian.org/src:openjdk-8
> 102: https://www.debian.org/security/2020/dsa-4622
> 103: https://packages.debian.org/src:postgresql-9.6
> 104: https://www.debian.org/security/2020/dsa-4624
> 105: https://packages.debian.org/src:evince
> 106: https://www.debian.org/security/2020/dsa-4625
> 107: https://packages.debian.org/src:thunderbird
> 108: https://www.debian.org/security/2020/dsa-4628
> 109: https://packages.debian.org/src:php7.0
> 110: https://www.debian.org/security/2020/dsa-4629
> 111: https://packages.debian.org/src:python-django
> 112: https://www.debian.org/security/2020/dsa-4630
> 113: https://packages.debian.org/src:python-pysaml2
> 114: https://www.debian.org/security/2020/dsa-4631
> 115: https://packages.debian.org/src:pillow
> 116: https://www.debian.org/security/2020/dsa-4632
> 117: https://packages.debian.org/src:ppp
> 118: https://www.debian.org/security/2020/dsa-4633
> 119: https://packages.debian.org/src:curl
> 120: https://www.debian.org/security/2020/dsa-4634
> 121: https://packages.debian.org/src:opensmtpd
> 122: https://www.debian.org/security/2020/dsa-4635
> 123: https://packages.debian.org/src:proftpd-dfsg
> 124: https://www.debian.org/security/2020/dsa-4637
> 125: https://packages.debian.org/src:network-manager-ssh
> 126: https://www.debian.org/security/2020/dsa-4639
> 127: https://packages.debian.org/src:firefox-esr
> 128: https://www.debian.org/security/2020/dsa-4640
> 129: https://packages.debian.org/src:graphicsmagick
> 130: https://www.debian.org/security/2020/dsa-4642
> 131: https://packages.debian.org/src:thunderbird
> 132: https://www.debian.org/security/2020/dsa-4646
> 133: https://packages.debian.org/src:icu
> 134: https://www.debian.org/security/2020/dsa-4647
> 135: https://packages.debian.org/src:bluez
> 136: https://www.debian.org/security/2020/dsa-4648
> 137: https://packages.debian.org/src:libpam-krb5
> 138: https://www.debian.org/security/2020/dsa-4650
> 139: https://packages.debian.org/src:qbittorrent
> 140: https://www.debian.org/security/2020/dsa-4653
> 141: https://packages.debian.org/src:firefox-esr
> 142: https://www.debian.org/security/2020/dsa-4655
> 143: https://packages.debian.org/src:firefox-esr
> 144: https://www.debian.org/security/2020/dsa-4656
> 145: https://packages.debian.org/src:thunderbird
> 146: https://www.debian.org/security/2020/dsa-4657
> 147: https://packages.debian.org/src:git
> 148: https://www.debian.org/security/2020/dsa-4659
> 149: https://packages.debian.org/src:git
> 150: https://www.debian.org/security/2020/dsa-4660
> 151: https://packages.debian.org/src:awl
> 152: https://www.debian.org/security/2020/dsa-4663
> 153: https://packages.debian.org/src:python-reportlab
> 154: https://www.debian.org/security/2020/dsa-4664
> 155: https://packages.debian.org/src:mailman
> 156: https://www.debian.org/security/2020/dsa-4666
> 157: https://packages.debian.org/src:openldap
> 158: https://www.debian.org/security/2020/dsa-4668
> 159: https://packages.debian.org/src:openjdk-8
> 160: https://www.debian.org/security/2020/dsa-4670
> 161: https://packages.debian.org/src:tiff
> 162: https://www.debian.org/security/2020/dsa-4671
> 163: https://packages.debian.org/src:vlc
> 164: https://www.debian.org/security/2020/dsa-4673
> 165: https://packages.debian.org/src:tomcat8
> 166: https://www.debian.org/security/2020/dsa-4674
> 167: https://packages.debian.org/src:roundcube
> 168: https://www.debian.org/security/2020/dsa-4675
> 169: https://packages.debian.org/src:graphicsmagick
> 170: https://www.debian.org/security/2020/dsa-4676
> 171: https://packages.debian.org/src:salt
> 172: https://www.debian.org/security/2020/dsa-4677
> 173: https://packages.debian.org/src:wordpress
> 174: https://www.debian.org/security/2020/dsa-4678
> 175: https://packages.debian.org/src:firefox-esr
> 176: https://www.debian.org/security/2020/dsa-4683
> 177: https://packages.debian.org/src:thunderbird
> 178: https://www.debian.org/security/2020/dsa-4685
> 179: https://packages.debian.org/src:apt
> 180: https://www.debian.org/security/2020/dsa-4686
> 181: https://packages.debian.org/src:apache-log4j1.2
> 182: https://www.debian.org/security/2020/dsa-4687
> 183: https://packages.debian.org/src:exim4
> 184: https://www.debian.org/security/2020/dsa-4688
> 185: https://packages.debian.org/src:dpdk
> 186: https://www.debian.org/security/2020/dsa-4689
> 187: https://packages.debian.org/src:bind9
> 188: https://www.debian.org/security/2020/dsa-4692
> 189: https://packages.debian.org/src:netqmail
> 190: https://www.debian.org/security/2020/dsa-4693
> 191: https://packages.debian.org/src:drupal7
> 192: https://www.debian.org/security/2020/dsa-4695
> 193: https://packages.debian.org/src:firefox-esr
> 194: https://www.debian.org/security/2020/dsa-4698
> 195: https://packages.debian.org/src:linux
> 196: https://www.debian.org/security/2020/dsa-4700
> 197: https://packages.debian.org/src:roundcube
> 198: https://www.debian.org/security/2020/dsa-4701
> 199: https://packages.debian.org/src:intel-microcode
> 200: https://www.debian.org/security/2020/dsa-4702
> 201: https://packages.debian.org/src:thunderbird
> 202: https://www.debian.org/security/2020/dsa-4703
> 203: https://packages.debian.org/src:mysql-connector-java
> 204: https://www.debian.org/security/2020/dsa-4704
> 205: https://packages.debian.org/src:vlc
> 206: https://www.debian.org/security/2020/dsa-4705
> 207: https://packages.debian.org/src:python-django
> 208: https://www.debian.org/security/2020/dsa-4706
> 209: https://packages.debian.org/src:drupal7
> 210: https://www.debian.org/security/2020/dsa-4707
> 211: https://packages.debian.org/src:mutt
> 212: https://www.debian.org/security/2020/dsa-4711
> 213: https://packages.debian.org/src:coturn
> 214: https://www.debian.org/security/2020/dsa-4713
> 215: https://packages.debian.org/src:firefox-esr
> 216: https://www.debian.org/security/2020/dsa-4715
> 217: https://packages.debian.org/src:imagemagick
> 218: https://www.debian.org/security/2020/dsa-4717
> 219: https://packages.debian.org/src:php7.0
> 220: https://www.debian.org/security/2020/dsa-4718
> 221: https://packages.debian.org/src:thunderbird
>
> Removed packages
> ----------------
>
> The following packages were removed due to circumstances beyond our
> control:
>
> +------------------------------+---------------------------------------+
> | Package | Reason |
> +------------------------------+---------------------------------------+
> | certificatepatrol [222] | Incompatible with newer Firefox ESR |
> | | versions |
> | | |
> | colorediffs-extension [223] | Incompatible with newer Thunderbird |
> | | versions |
> | | |
> | dynalogin [224] | Depends on to-be-removed simpleid |
> | | |
> | enigmail [225] | Incompatible with newer Thunderbird |
> | | versions |
> | | |
> | firefox-esr [226] | [armel] No longer supported (requires |
> | | nodejs) |
> | | |
> | firefox-esr [226] | [mips mipsel mips64el] No longer |
> | | supported (needs newer rustc) |
> | | |
> | getlive [227] | Broken due to Hotmail changes |
> | | |
> | gplaycli [228] | Broken by Google API changes |
> | | |
> | kerneloops [229] | Upstream service no longer available |
> | | |
> | libmicrodns [230] | Security issues |
> | | |
> | libperlspeak-perl [231] | Security issues; unmaintained |
> | | |
> | mathematica-fonts [232] | Relies on unavailable download |
> | | location |
> | | |
> | pdns-recursor [233] | Security issues; unsupported |
> | | |
> | predictprotein [234] | Depends on to-be-removed profphd |
> | | |
> | profphd [235] | Unusable |
> | | |
> | quotecolors [236] | Incompatible with newer Thunderbird |
> | | versions |
> | | |
> | selenium-firefoxdriver [237] | Incompatible with newer Firefox ESR |
> | | versions |
> | | |
> | simpleid [238] | Does not work with PHP7 |
> | | |
> | simpleid-ldap [239] | Depends on to-be-removed simpleid |
> | | |
> | torbirdy [240] | Incompatible with newer Thunderbird |
> | | versions |
> | | |
> | weboob [241] | Unmaintained; already removed from |
> | | later releases |
> | | |
> | yahoo2mbox [242] | Broken for several years |
> | | |
> +------------------------------+---------------------------------------+
>
> 222: https://packages.debian.org/src:certificatepatrol
> 223: https://packages.debian.org/src:colorediffs-extension
> 224: https://packages.debian.org/src:dynalogin
> 225: https://packages.debian.org/src:enigmail
> 226: https://packages.debian.org/src:firefox-esr
> 227: https://packages.debian.org/src:getlive
> 228: https://packages.debian.org/src:gplaycli
> 229: https://packages.debian.org/src:kerneloops
> 230: https://packages.debian.org/src:libmicrodns
> 231: https://packages.debian.org/src:libperlspeak-perl
> 232: https://packages.debian.org/src:mathematica-fonts
> 233: https://packages.debian.org/src:pdns-recursor
> 234: https://packages.debian.org/src:predictprotein
> 235: https://packages.debian.org/src:profphd
> 236: https://packages.debian.org/src:quotecolors
> 237: https://packages.debian.org/src:selenium-firefoxdriver
> 238: https://packages.debian.org/src:simpleid
> 239: https://packages.debian.org/src:simpleid-ldap
> 240: https://packages.debian.org/src:torbirdy
> 241: https://packages.debian.org/src:weboob
> 242: https://packages.debian.org/src:yahoo2mbox
>
> Debian Installer
> ----------------
>
> The installer has been updated to include the fixes incorporated into
> oldstable by the point release.
>
>
> URLs
> ----
>
> The complete lists of packages that have changed with this revision:
>
> http://ftp.debian.org/debian/dists/stretch/ChangeLog
>
>
> The current oldstable distribution:
>
> http://ftp.debian.org/debian/dists/oldstable/
>
>
> Proposed updates to the oldstable distribution:
>
> http://ftp.debian.org/debian/dists/oldstable-proposed-updates
>
>
> oldstable distribution information (release notes, errata etc.):
>
> https://www.debian.org/releases/oldstable/
>
>
> Security announcements and information:
>
> https://www.debian.org/security/
>
>
> About Debian
> ------------
>
> The Debian Project is an association of Free Software developers who
> volunteer their time and effort in order to produce the completely free
> operating system Debian.
>
>
> Contact Information
> -------------------
>
> For further information, please visit the Debian web pages at
> https://www.debian.org/, send mail to <press@debian.org>, or contact the
> stable release team at <debian-release@lists.debian.org>.
>
Reply to: