Just released, including security updates: 9.0.3-20170703 Updates in 3 source package(s), 6 binary package(s): Source libgcrypt20, binaries: libgcrypt20:amd64 libgcrypt20:arm64 libgcrypt20 (1.7.6-2+deb9u1) stretch-security; urgency=high * 31_CVE-2017-752*.patch from upstream 1.7.8 release: Mitigate a flush+reload side-channel attack on RSA secret keys dubbed "Sliding right into disaster". For details see <https://eprint.iacr.org/2017/627>. [CVE-2017-7526] Source linux, binaries: linux-image-4.9.0-3-amd64:amd64 linux-image-4.9.0-3-arm64:arm64 linux (4.9.30-2+deb9u2) stretch-security; urgency=high * Revert changes in version 4.9.30-2+deb9u1 (Closes: #865303) * mm: larger stack guard gap, between vmas (CVE-2017-1000364) * mm: fix new crash in unmapped_area_topdown() Source expat, binaries: libexpat1:amd64 libexpat1:arm64 expat (2.2.0-2+deb9u1) stretch-security; urgency=high * Replace the Mozilla CVE-2016-9063 fix with the more complete, upstream one. * Fix CVE-2017-9233: external entity infinite loop DoS. -- Steve McIntyre <93sam@debian.org> Mon, 03 Jul 2017 19:11:24 +0100 -- Steve McIntyre, Cambridge, UK. steve@einval.com Mature Sporty Personal More Innovation More Adult A Man in Dandism Powered Midship Specialty
Attachment:
signature.asc
Description: PGP signature