Just released, including security updates:
9.0.3-20170703
Updates in 3 source package(s), 6 binary package(s):
Source libgcrypt20, binaries: libgcrypt20:amd64 libgcrypt20:arm64
libgcrypt20 (1.7.6-2+deb9u1) stretch-security; urgency=high
* 31_CVE-2017-752*.patch from upstream 1.7.8 release: Mitigate a
flush+reload side-channel attack on RSA secret keys dubbed "Sliding right
into disaster". For details see <https://eprint.iacr.org/2017/627>.
[CVE-2017-7526]
Source linux, binaries: linux-image-4.9.0-3-amd64:amd64 linux-image-4.9.0-3-arm64:arm64
linux (4.9.30-2+deb9u2) stretch-security; urgency=high
* Revert changes in version 4.9.30-2+deb9u1 (Closes: #865303)
* mm: larger stack guard gap, between vmas (CVE-2017-1000364)
* mm: fix new crash in unmapped_area_topdown()
Source expat, binaries: libexpat1:amd64 libexpat1:arm64
expat (2.2.0-2+deb9u1) stretch-security; urgency=high
* Replace the Mozilla CVE-2016-9063 fix with the more complete, upstream
one.
* Fix CVE-2017-9233: external entity infinite loop DoS.
-- Steve McIntyre <93sam@debian.org> Mon, 03 Jul 2017 19:11:24 +0100
--
Steve McIntyre, Cambridge, UK. steve@einval.com
Mature Sporty Personal
More Innovation More Adult
A Man in Dandism
Powered Midship Specialty
Attachment:
signature.asc
Description: PGP signature