Just released, including a few security updates:
8.8.3-20170703
Updates in 3 source package(s), 3 binary package(s):
Source expat, binaries: libexpat1:amd64
expat (2.1.0-6+deb8u4) jessie-security; urgency=high
* Use upstream fix for the following vulnerabilities:
- CVE-2017-9233, external entity infinite loop bug,
- CVE-2016-9063, undefined behavior from signed integer
overflow.
Source linux, binaries: linux-image-3.16.0-4-amd64:amd64
linux (3.16.43-2+deb8u2) jessie-security; urgency=high
* Revert previous fixes for CVE-2017-1000364 (Closes: #865303)
* mm: larger stack guard gap, between vmas (CVE-2017-1000364)
* mm: fix new crash in unmapped_area_topdown()
Source libgcrypt20, binaries: libgcrypt20:amd64
libgcrypt20 (1.6.3-2+deb8u4) jessie-security; urgency=high
* 22_CVE-2017-752*.patch from upstream 1.7.8 release: Mitigate a
flush+reload side-channel attack on RSA secret keys dubbed
"Sliding right
into disaster". For details see
<https://eprint.iacr.org/2017/627>.
[CVE-2017-7526]
-- Steve McIntyre <93sam@debian.org> Mon, 03 Jul 2017 14:53:41 +0100
--
Steve McIntyre, Cambridge, UK. steve@einval.com
"I suspect most samba developers are already technically insane... Of
course, since many of them are Australians, you can't tell." -- Linus Torvalds
Attachment:
signature.asc
Description: PGP signature