Just released, including security updates. 9.3.1-20171223 Updates in 2 source package(s), 4 binary package(s): Source sensible-utils, binaries: sensible-utils:amd64 sensible-utils:arm64 sensible-utils (0.0.9+deb9u1) stretch-security; urgency=high * Non-maintainer upload by the Security Team. * Argument injection in sensible-browser (CVE-2017-17512) Thanks to Gabriel Corona (Closes: #881767) Source openssl1.0, binaries: libssl1.0.2:amd64 libssl1.0.2:arm64 openssl1.0 (1.0.2l-2+deb9u2) stretch-security; urgency=high * CVE-2017-3737 (Read/write after SSL object in error state) * Add a testcase for CVE-2017-3737 * CVE-2017-3738 (rsaz_1024_mul_avx2 overflow bug on x86_64) https://cloud.debian.org/images/openstack/current-9/ -- Steve McIntyre, Cambridge, UK. steve@einval.com "The problem with defending the purity of the English language is that English is about as pure as a cribhouse whore. We don't just borrow words; on occasion, English has pursued other languages down alleyways to beat them unconscious and rifle their pockets for new vocabulary." -- James D. Nicoll
Attachment:
signature.asc
Description: PGP signature