Just released, including security updates: 9.1.8-20171004 Updates in 2 source package(s), 4 binary package(s): Source libidn2-0, binaries: libidn2-0:amd64 libidn2-0:arm64 libidn2-0 (0.16-1+deb9u1) stretch-security; urgency=high * CVE-2017-14062: Fix integer overflow in decode_digit (Closes: #873902) * Add myself to Uploaders: Source qemu, binaries: qemu-utils:amd64 qemu-utils:arm64 qemu (1:2.8+dfsg-6+deb9u3) stretch-security; urgency=high * xhci-dont-kick-in-xhci_submit-and-xhci_fire_ctl_transfer.patch This is a pre-required patch for the next patch to work right. Closes: #869945 * xhci-guard-xhci_kick_epctx-against-recursive-calls-CVE-2017-9375.patch After applying previous patch, this one can be applied again Closes: #864219, CVE-2017-9375 * ide-do-not-flush-empty-CDROM-drives-CVE-2017-12809.patch Closes: #873849, CVE-2017-12809 * vga-stop-passing-pointers-to-vga_draw_line-functions-CVE-2017-13672.patch Closes: #873851, CVE-2017-13672 * multiboot-validate-multiboot-header-address-values-CVE-2017-14167.patch Closes: #874606, CVE-2017-14167 * slirp-fix-clearing-ifq_so-from-pending-packets-CVE-2017-13711.patch Closes: #873875, CVE-2017-13711 * exec-add-lock-parameter-to-qemu_ram_ptr_length.patch upstream patch fixing memory leak after exec-use-qemu_ram_ptr_length-to-access-guest-ram-CVE-2017-11334.patch Closes: #871648, #871702, #872257 https://cloud.debian.org/images/openstack/current-9/ -- Steve McIntyre, Cambridge, UK. steve@einval.com Welcome my son, welcome to the machine.
Attachment:
signature.asc
Description: PGP signature