------------------------------------------------------------------------- Debian Stable Updates Announcement SUA 143-1 https://www.debian.org/ debian-release@lists.debian.org Adam D. Barratt June 19th, 2018 ------------------------------------------------------------------------- Upcoming Debian 8 Update (8.11) The final point release for Debian 8 is scheduled for Saturday, June 23rd, 2018. As of now it will include the following bug fixes. They can be found in "jessie-proposed-updates", which is carried by all official mirrors. Please note that packages published through security.debian.org are not listed, but will be included if possible. Some of the updates below are also already available through "jessie-updates". Testing and feedback would be appreciated. Bugs should be filed in the Debian Bug Tracking System, but please make the Release Team aware of them by copying "debian-release@lists.debian.org" on your mails. The point release will also include a rebuild of debian-installer. Miscellaneous Bugfixes ---------------------- This oldstable update adds a few important corrections to the following packages: Package Reason adminer Don't allow connections to privileged ports [CVE-2018-7667] base-files Update for the point release blktrace Fix buffer overflow in btt [CVE-2018-10689] bwm-ng Explicitly build without libstatgrab support clamav Security update [CVE-2017-6418 CVE-2017-6420 CVE-2017-12374 CVE-2017-12375 CVE-2017-12376 CVE-2017-12377 CVE-2017-12378 CVE-2017-12379 CVE-2017-12380]; fix temporary file cleanup issue debian-installer Rebuild for the point release debian-security-support Update package data dh-make-perl Support Contents file without header dns-root-data Update IANA DNSSEC files to 2017-02-02 versions faad2 Fix several DoS issues via crafted MP4 files [CVE-2017-9218 CVE-2017-9219 CVE-2017-9220 CVE-2017-9221 CVE-2017-9222 CVE-2017-9223 CVE-2017-9253 CVE-2017-9254 CVE-2017-9255 CVE-2017-9256 CVE-2017-9257] file Avoid reading past the end of a buffer [CVE-2018-10360] ghostscript Fix segfault with fuzzing file in gxht_thresh_image_init(); fix buffer overflow in fill_threshold_buffer [CVE-2016-10317]; pdfwrite - Guard against trying to output an infinite number [CVE-2018-10194] intel-microcode Update included microcode, including fixes for Spectre v2 [CVE-2017-5715] lame Fix security issues by switching to use I/O routines from sndfile [CVE-2017-15018 CVE-2017-15045 CVE-2017-15046 CVE-2017-9869 CVE-2017-9870 CVE-2017-9871 CVE-2017-9872] libdatetime-timezone-perl Update included data libextractor Various security fixes [CVE-2017-15266 CVE-2017-15267 CVE-2017-15600 CVE-2017-15601 CVE-2017-15602 CVE-2017-15922 CVE-2017-17440] libipc-run-perl Fix memory leak linux New upstream stable version mactelnet Security fix [CVE-2016-7115] ncurses Fix buffer overflow in the _nc_write_entry function [CVE-2017-16879] nvidia-graphics-drivers New upstream version nvidia-graphics-drivers- Update to latest driver legacy-304xx openafs Fix kernel module build against linux 3.16.51-3+deb8u1 kernels after security update-induced ABI changes openldap Fix upgrade failure when olcSuffix contains a backslash; fix memory corruption caused by calling sasl_client_init() multiple times patch Fix arbitrary command execution in ed-style patches [CVE-2018-1000156] postgresql-9.4 New upstream release psensor Fix directory traversal issue [CVE-2014-10073] python-mimeparse Fix python3-mimeparse's dependencies rar Strip statically linked rar and install the dynamically linked version instead reportbug Stop CCing secure-testing-team@lists.alioth.debian.org sam2p Fix multiple invalid frees and buffer-overflow vulnerabilities [CVE-2018-7487 CVE-2018-7551 CVE-2018-7552 CVE-2018-7553 CVE-2018-7554] slurm-llnl Fix upgrade issue from wheezy soundtouch Security fixes [CVE-2017-9258 CVE-2017-9259 CVE-2017-9260] subversion Fix crashes with Perl bindings, commonly seen when using git-svn tzdata Update included data user-mode-linux Rebuild against current jessie kernel virtualbox-guest-additions- Fix multiple security issues [CVE-2016-0592 CVE-2016-0495 CVE-2015-8104 CVE-2015-7183 CVE-2015-5307 CVE-2015-7183 CVE-2015-4813 CVE-2015-4896 CVE-2015-3456] iso xerces-c Fix Denial of Service via external DTD reference [CVE-2017-12627] zsh Rebuild against libraries currently in jessie A complete list of all accepted and rejected packages together with rationale is on the preparation page for this revision: <https://release.debian.org/proposed-updates/oldstable.html> Removed packages ---------------- The following packages will be removed due to circumstances beyond our control: Package Reason dolibarr Too much work to maintain it properly in Debian electrum No longer able to connect to the network jirc Broken with jessie's libpoe-filter-xml-perl nvidia-graphics-modules License problem; incompatible with current kernel ABI openstreetmap-client Broken redmine No longer security supported redmine-plugin-pretend Depends on redmine redmine-plugin-recaptcha Depends on redmine redmine-recaptcha Depends on redmine youtube-dl Incompatible YouTube API changes If you encounter any issues, please don't hesitate to get in touch with the Debian Release Team at "debian-release@lists.debian.org".
Attachment:
signature.asc
Description: This is a digitally signed message part