[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SUA 121-1] Upcoming Debian 9 Update (9.1)

Debian Stable Updates Announcement SUA 121-1      https://www.debian.org/
debian-release@lists.debian.org                           Adam D. Barratt
July 17th, 2017

Upcoming Debian 9 Update (9.1)

An update to Debian 9 is scheduled for Saturday, July 22nd, 2017. As of
now it will include the following bug fixes. They can be found in
"stretch-proposed-updates", which is carried by all official mirrors.

Please note that packages published through security.debian.org are not
listed, but will be included if possible.

Testing and feedback would be appreciated. Bugs should be filed in the
Debian Bug Tracking System, but please make the Release Team aware of
them by copying "debian-release@lists.debian.org" on your mails.

The point release will also include a rebuild of debian-installer.

Miscellaneous Bugfixes

This stable update adds a few important corrections to the following

    Package                       Reason

    3dchess                       Reduce wasteful CPU consumption
    adwaita-icon-theme            Fix malformed send-to-symbolic icon
    anope                         Fix incorrect mail-transport-agent relationship
    apt                           Reset failure reason when connection was successful, so later errors are reported as such and not as "connection failure" warnings; http: A response with Content-Length: 0 has no content, so don't try to read it; use port from SRV record instead of initial port
    avogadro                      Update eigen3 patches
    base-files                    Update for the 9.1 point release
    c-ares                        Security fix [CVE-2017-1000381]
    debian-edu-doc                Update Debian Edu Stretch manual from the wiki; update translations
    debsecan                      Add support for stretch and buster; Python needs https_proxy for proxy configuration with https:// URLs
    debian-installer              Rebuild against proposed-updates
    debian-installer-netboot-     Rebuild against proposed-updates
    devscripts                    debchange: target stretch-backports with --bpo; support $codename{,-{proposed-updates,security}}; bts: add support for the new "a11y" tag
    dgit                          Multiple bugfixes
    dovecot                       Fix syntax errors when sending Solr queries
    dwarfutils                    Security fixes [CVE-2017-9052 CVE-2017-9053 CVE-2017-9054 CVE-2017-9055 CVE-2017-9998]
    fpc                           Fix conversion from local time to UTC
    galternatives                 Fix blank window when displaying properties
    geolinks                      Fix python3 dependencies
    gnats                         gnats-user: do not fail to purge if /var/lib/gnats/gnats-db is not empty
    gnome-settings-daemon         Do not add the "US" keyboard layout by default for new users, for some reason, this layout was preferred over the system configured one on the first login; preserve NumLock state between sessions by default
    gnuplot                       Fix memory corruption vulnerability
    gnutls28                      Fix breakage with AES-GCM in-place encryption and decryption on aarch64
    grub-installer                Fix support for systems with a large number of disks
    intel-microcode               Update included microcode
    libclamunrar                  Fix arbitrary memory write [CVE-2012-6706]
    libopenmpt                    Security fixes: out-of-bounds read while loading a malfomed PLM file; arbitrary code execution by a crafted PSM file [CVE-2017-11311]; various security fixes
    libquicktime                  Security fixes [CVE-2017-9122 CVE-2017-9123 CVE-2017-9124 CVE-2017-9125 CVE-2017-9126 CVE-2017-9127 CVE-2017-9128]
    linux-latest                  Revert changes to debug symbol meta-packages
    nagios-nrpe                   Restore previous SSL defaults
    nvidia-graphics-drivers       Bump Pre-Depends: nvidia-installer-cleanup to (>= 20151021) for smoother upgrades from jessie
    octave-ocs                    Fix loading package functions
    open-iscsi                    Speed up Debian Installer when iSCSI is not used
    openssh                       Fix incoming compression statistics
    openstack-debian-images       Also add security updates for non wheezy/jessie
    os-prober                     EFI - look for "dos" instead of "msdos"
    osinfo-db                     Improve support for Stretch and Jessie
    partman-base                  Protect the firmware area on all mmcblk devices (and not only on mmcblk0) from being clobbered during guided partitioning
    pdns-recursor                 Add 2017 DNSSEC root key
    perl                          Backport various Getopt-Long fixes from upstream 2.49..2.51; backport upstream patch fixing regexp "Malformed UTF-8 character"; apply upstream base.pm no-dot-in-inc fix
    phpunit                       Security fix: arbitrary PHP code execution via HTTP POST
    protozero                     Fix data_view equality operator
    pulseaudio                    Fix copyright file
    pykde4                        Drop bindings for plasma webview bindings; they're obsolete and non-functional
    python-colorlog               Fix python3 dependencies
    python-imaplib2               Fix python3 dependencies
    python-plumbum                Fix python3 dependencies
    qgis                          Fix missing Breaks/Replaces against python-qgis-common
    request-tracker4              Handle configuration permissions correctly following RT_SiteConfig.d changes
    retext                        Backport upstream fix for crash in XSettings code; fix syntax in appdata XML file
    rkhunter                      Disable remote updates [CVE-2017-7480]
    socat                         Fix signals leading to possible 100% CPU usage
    squashfs-tools                Fix corruption of large files; fix rare race condition
    systemd                       Fix out-of-bounds write in systemd-resolved [CVE-2017-9445]; be truly quiet in systemctl -q is-enabled; improve RLIMIT_NOFILE handling; debian/extra/rules: Use updated U2F ruleset
    thermald                      Add Broadwell-GT3E and Kabylake support
    unrar-nonfree                 Add bound checks for VMSF_DELTA, VMSF_RGB and VMSF_AUDIO paramters [CVE-2012-6706]
    win32-loader                  Replace all mirror urls with deb.debian.org; drop bz2 compression for source

A complete list of all accepted and rejected packages together with
rationale is on the preparation page for this revision:


If you encounter any issues, please don't hesitate to get in touch with
the Debian Release Team at "debian-release@lists.debian.org".

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: