[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SUA 143-1] Upcoming Debian 8 Update (8.11)

Debian Stable Updates Announcement SUA 143-1      https://www.debian.org/
debian-release@lists.debian.org                           Adam D. Barratt
June 19th, 2018

Upcoming Debian 8 Update (8.11)

The final point release for Debian 8 is scheduled for Saturday, June 23rd,
2018. As of now it will include the following bug fixes. They can be found
in "jessie-proposed-updates", which is carried by all official mirrors.

Please note that packages published through security.debian.org are not
listed, but will be included if possible. Some of the updates below are
also already available through "jessie-updates".

Testing and feedback would be appreciated. Bugs should be filed in the
Debian Bug Tracking System, but please make the Release Team aware of
them by copying "debian-release@lists.debian.org" on your mails.

The point release will also include a rebuild of debian-installer.

Miscellaneous Bugfixes

This oldstable update adds a few important corrections to the following

    Package                       Reason

    adminer                       Don't allow connections to privileged ports [CVE-2018-7667]
    base-files                    Update for the point release
    blktrace                      Fix buffer overflow in btt [CVE-2018-10689]
    bwm-ng                        Explicitly build without libstatgrab support
    clamav                        Security update [CVE-2017-6418 CVE-2017-6420 CVE-2017-12374 CVE-2017-12375 CVE-2017-12376 CVE-2017-12377 CVE-2017-12378 CVE-2017-12379 CVE-2017-12380]; fix temporary file cleanup issue
    debian-installer              Rebuild for the point release
    debian-security-support       Update package data
    dh-make-perl                  Support Contents file without header
    dns-root-data                 Update IANA DNSSEC files to 2017-02-02 versions
    faad2                         Fix several DoS issues via crafted MP4 files [CVE-2017-9218 CVE-2017-9219 CVE-2017-9220 CVE-2017-9221 CVE-2017-9222 CVE-2017-9223 CVE-2017-9253 CVE-2017-9254 CVE-2017-9255 CVE-2017-9256 CVE-2017-9257]
    file                          Avoid reading past the end of a buffer [CVE-2018-10360]
    ghostscript                   Fix segfault with fuzzing file in gxht_thresh_image_init(); fix buffer overflow in fill_threshold_buffer [CVE-2016-10317]; pdfwrite - Guard against trying to output an infinite number [CVE-2018-10194]
    intel-microcode               Update included microcode, including fixes for Spectre v2 [CVE-2017-5715]
    lame                          Fix security issues by switching to use I/O routines from sndfile [CVE-2017-15018 CVE-2017-15045 CVE-2017-15046 CVE-2017-9869 CVE-2017-9870 CVE-2017-9871 CVE-2017-9872]
    libdatetime-timezone-perl     Update included data
    libextractor                  Various security fixes [CVE-2017-15266 CVE-2017-15267 CVE-2017-15600 CVE-2017-15601 CVE-2017-15602 CVE-2017-15922 CVE-2017-17440]
    libipc-run-perl               Fix memory leak
    linux                         New upstream stable version
    mactelnet                     Security fix [CVE-2016-7115]
    ncurses                       Fix buffer overflow in the _nc_write_entry function [CVE-2017-16879]
    nvidia-graphics-drivers       New upstream version
    nvidia-graphics-drivers-      Update to latest driver
    openafs                       Fix kernel module build against linux 3.16.51-3+deb8u1 kernels after security update-induced ABI changes
    openldap                      Fix upgrade failure when olcSuffix contains a backslash; fix memory corruption caused by calling sasl_client_init() multiple times
    patch                         Fix arbitrary command execution in ed-style patches [CVE-2018-1000156]
    postgresql-9.4                New upstream release
    psensor                       Fix directory traversal issue [CVE-2014-10073]
    python-mimeparse              Fix python3-mimeparse's dependencies
    rar                           Strip statically linked rar and install the dynamically linked version instead
    reportbug                     Stop CCing secure-testing-team@lists.alioth.debian.org
    sam2p                         Fix multiple invalid frees and buffer-overflow vulnerabilities [CVE-2018-7487 CVE-2018-7551 CVE-2018-7552 CVE-2018-7553 CVE-2018-7554]
    slurm-llnl                    Fix upgrade issue from wheezy
    soundtouch                    Security fixes [CVE-2017-9258 CVE-2017-9259 CVE-2017-9260]
    subversion                    Fix crashes with Perl bindings, commonly seen when using git-svn
    tzdata                        Update included data
    user-mode-linux               Rebuild against current jessie kernel
    virtualbox-guest-additions-   Fix multiple security issues [CVE-2016-0592 CVE-2016-0495 CVE-2015-8104 CVE-2015-7183 CVE-2015-5307 CVE-2015-7183 CVE-2015-4813 CVE-2015-4896 CVE-2015-3456]
    xerces-c                      Fix Denial of Service via external DTD reference [CVE-2017-12627]
    zsh                           Rebuild against libraries currently in jessie

A complete list of all accepted and rejected packages together with
rationale is on the preparation page for this revision:


Removed packages

The following packages will be removed due to circumstances beyond our

    Package                    Reason

    dolibarr                   Too much work to maintain it properly in Debian
    electrum                   No longer able to connect to the network
    jirc                       Broken with jessie's libpoe-filter-xml-perl
    nvidia-graphics-modules    License problem; incompatible with current kernel ABI
    openstreetmap-client       Broken
    redmine                    No longer security supported
    redmine-plugin-pretend     Depends on redmine
    redmine-plugin-recaptcha   Depends on redmine
    redmine-recaptcha          Depends on redmine
    youtube-dl                 Incompatible YouTube API changes

If you encounter any issues, please don't hesitate to get in touch with
the Debian Release Team at "debian-release@lists.debian.org".

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: