----------------------------------------------------------------------- Debian Stable Updates Announcement SUA 155-1 https://www.debian.org debian-release@lists.debian.org Harlan Lieberman-Berg January 26, 2019 ----------------------------------------------------------------------- Package : python-certbot Version : 0.28.0-1~deb9u1 Importance : high Package : parsedatetime Version : 2.1-3+deb9u1 Package : python-josepy Version : 1.1.0-2~deb9u1 Package : python-acme Version : 0.28.0-1~deb9u1 Package : python-certbot-apache Version : 0.28.0-1~deb9u1 Package : python-certbot-nginx Version : 0.28.0-1~deb9u1 certbot is an implementation of the ACME protocol as used by the Let's Encrypt certification authority to issue TLS certificates. The version of certbot included in Debian 9 used a challenge mechanism (TLS-SNI-01) that has been found to be vulnerable. As a result, Let's Encrypt will be disabling that mechanism in the near future, as announced at https://community.letsencrypt.org/t/february-13-2019-end-of-life-for-all-tls-sni-01-validation-support/74209 This update brings a new version of certbot and supporting plugins for the Apache and Nginx web servers with support for alternative challenge mechanisms. Upgrade Instructions -------------------- You can get the updated packages by adding the stable-updates archive for your distribution to your /etc/apt/sources.list: deb http://deb.debian.org/debian stretch-updates main deb-src http://deb.debian.org/debian stretch-updates main You can also use any of the Debian archive mirrors. See https://www.debian.org/mirrors/list for the full list of mirrors. For further information about stable-updates, please refer to https://lists.debian.org/debian-devel-announce/2011/03/msg00010.html If you encounter any issues, please don't hesitate to get in touch with the Debian Release Team at debian-release@lists.debian.org
Attachment:
signature.asc
Description: PGP signature