[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SUA 122-1] Upcoming Debian 8 Update (8.9)

Debian Stable Updates Announcement SUA 122-1      https://www.debian.org/
debian-release@lists.debian.org                           Adam D. Barratt
July 17th, 2017

Upcoming Debian 8 Update (8.9)

An update to Debian 8 is scheduled for Saturday, July 22nd, 2017. As of
now it will include the following bug fixes. They can be found in
"jessie-proposed-updates", which is carried by all official mirrors.

Please note that packages published through security.debian.org are not
listed, but will be included if possible. Some of the updates below are
also already available through "jessie-updates".

Testing and feedback would be appreciated. Bugs should be filed in the
Debian Bug Tracking System, but please make the Release Team aware of
them by copying "debian-release@lists.debian.org" on your mails.

The point release will also include a rebuild of debian-installer.

Miscellaneous Bugfixes

This oldstable update adds a few important corrections to the following

    Package                       Reason

    3dchess                       Reduce wasteful CPU consumption
    apt-cacher                    Prevent HTTP response splitting with encoded newlines in request [CVE-2017-7443]; make sure /var/run/apt-cacher exists
    base-files                    Update for the 8.9 point release
    boinc                         Improve adjusting OOM score; fix security issue with xhost
    c-ares                        Security fix [CVE-2017-1000381]
    cfitsio                       Fix crashes related to improper memory handling
    chkrootkit                    Fix segmentation fault; fix missing dependency on openssh-client; add Built-Using field
    cqrlog                        Tools/cqrlog-apparmor-fix, debian/postrm: Check for /etc/init.d/apparmor before restarting apparmor
    debconf                       Use File::Temp instead of the deprecated POSIX::tmpnam() in Debconf::TmpFile
    debian-archive-keyring        Add stretch keys, and move squeeze keys to removed keyring
    debian-installer              Rebuild against proposed-updates
    debian-installer-netboot-     Rebuild against proposed-updates
    debian-security-support       Update support status of various packages; update translations
    debootstrap                   Add support for Buster and Bullseye
    eterm                         Fix integer overflow preventing the shell from starting/stopping properly
    flightgear                    Prevent overriding arbitrary files from the "save-flightplan" FGCommand [CVE-2017-8921]
    galternatives                 Fix blank properties page
    gitolite3                     Fix missing dependency on openssh-client
    gnats                         Gnats-user: do not fail to purge if /var/lib/gnats/gnats-db is not empty
    gnutls28                      Improve check for /dev/urandom uniqueness
    gtk+2.0                       Backport patch from GTK+3 to fix stuck grabs in some situations
    init-select                   Check for /usr/lib/init-select/get-init before calling it
    intel-microcode               Update included microcode
    libapache2-mod-perl2          Fix test suite for compatibility with latest apache2 updates
    libcgi-application-plugin-    Fix missing dependency on libclone-perl | libclone-pp-perl
    libclamunrar                  Fix arbitrary memory write [CVE-2012-6706]
    libdata-faker-perl            Run the test suite under a specific locale
    libdvdnav                     Use proper error handling when position cannot be detected
    libhtml-microformats-perl     Fix missing dependency on libmodule-pluggable-perl
    libhttp-proxy-perl            Fix broken 'via' handling
    libonig                       Fix multiple invalid pointer dereference, out-of-bounds write memory corruption and stack buffer overflow issues [CVE-2017-9224 CVE-2017-9226 CVE-2017-9227 CVE-2017-9228 CVE-2017-9229]
    libosinfo                     Add support for jessie and stretch
    libsys-syscall-perl           Add support for more architectures
    libterralib                   Remove superfluous Conflicts/Replaces: libterralib3 since that causes problems upgrading to stretch which has that package
    libx11-protocol-other-perl    Disable buggy test
    lxterminal                    Security fix: improper use of /tmp for a socket file
    netcfg                        IPv6 autoconfiguration: fix NTP server name handling; stop queueing rdnssd's installation with IPv6 setups
    offlineimap                   Prevent the usage of maxage (broken and may result in data loss)
    os-prober                     EFI: fix check on ID_PART_ENTRY_SCHEME, to look for "dos" instead of "msdos"; make Windows Vista detection more robust; add support for Windows 10
    pam                           Rebuild to fix multi-arch differences
    partman-ext3                  Force ext3|ext4 filesystem creation with "-F" so that D-I doesn't "hang" when re-using an existing partition in some situations
    perl                          Apply upstream base.pm no-dot-in-inc fix
    polarssl                      Fix freeing of memory allocated on stack when validating a public key with a secp224k1 curve [CVE-2017-2784]
    proftpd-dfsg                  Fix "TLSDHParamFile directive appears ignored because unexpected DH is chosen" [CVE-2016-3125], "AllowChrootSymlinks off does not check entire DefaultRoot path for symlinks" [CVE-2017-7418]
    python-colorlog               Fix python3 dependencies
    python-plumbum                Fix python3 dependencies
    rkhunter                      Disable remote updates [CVE-2017-7480]
    shutter                       Fix insecure use of perl exec() [CVE-2016-10081] and system()
    tcpdf                         Security fix: disallow tcpdf calls in HTML [CVE-2017-6100]
    unrar-nonfree                 Security fix: add bound checks for VMSF_DELTA, VMSF_RGB and VMSF_AUDIO paramters [CVE-2012-6706]
    w3m                           Fix multiple buffer overflows, use after free issues and an infinite loop
    xarchiver                     Fix possible data loss due to shell metacharacters
    xfce4-weather-plugin          Adapt to new weather website APIs

A complete list of all accepted and rejected packages together with
rationale is on the preparation page for this revision:


Removed packages

The following packages will be removed due to circumstances beyond our

    Package                   Reason

    ears                      Non-functional
    gnuvd                     Broken due to service changes
    hbro                      Broken; segfaults on all operations
    lshell                    Security issues
    pgsnap                    Broken with current PostgreSQL
    python-django-authority   Incompatible with Django 1.7
    rant                      Broken

If you encounter any issues, please don't hesitate to get in touch with
the Debian Release Team at "debian-release@lists.debian.org".

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: