---------------------------------------------------------------------------- Debian Stable Updates Announcement SUA 156-1 https://www.debian.org/ firstname.lastname@example.org Adam D. Barratt February 12th, 2019 ---------------------------------------------------------------------------- Upcoming Debian 9 Update (9.8) An update to Debian 9 is scheduled for Saturday, February 16th, 2019. As of now it will include the following bug fixes. They can be found in "stretch-proposed-updates", which is carried by all official mirrors. Please note that packages published through security.debian.org are not listed, but will be included if possible. Some of the updates below are also already available through "stretch-updates". Testing and feedback would be appreciated. Bugs should be filed in the Debian Bug Tracking System, but please make the Release Team aware of them by copying "email@example.com" on your mails. The point release will also include a rebuild of debian-installer. Miscellaneous Bugfixes ---------------------- This stable update adds a few important corrections to the following packages: Package Reason ------- ------ arc Fix directory traversal bugs [CVE-2015-9275], arcdie crash when called with more then 1 variable argument and version 1 arc header reading astroml-addons Fix Python 3 dependencies base-files Update for the point release c3p0 Fix XML External Entity vulnerability [CVE-2018-20433] ca-certificates-java Fix temporary jvm-*.cfg generation on armhf chkrootkit Fix regular expression for filtering out dhcpd and dhclient as false positives from the packet sniffer test compactheader Update to work with newer Thunderbird versions courier Fix @piddir@ substitution cups Security fixes [CVE-2017-18248 CVE-2018-4700] debian-edu-config Fix configuration of personal web pages; re- enable offline installation of a combi server including diskless workstation support; enable Chromium homepage setting at installation time and via LDAP debian-installer Rebuild for the point release debian-security-support Update support status of various packages dnspython Fix error when parsing nsec3 bitmap from text egg Skip emacsen-install for unsupported xemacs21 erlang Do not install Erlang mode for XEmacs espeakup debian/espeakup.service: Fix compatibility with older versions of systemd freerdp Fix security issues [CVE-2018-8786 CVE-2018-8787 CVE-2018-8788]; add CredSSP v3 and RDP proto v6 support ganeti-os-noop Fix size detection for non-block devices glibc Fix several security isses [CVE-2017-15670 CVE-2017-15671 CVE-2017-15804 CVE-2017-1000408 CVE-2017-1000409 CVE-2017-16997 CVE-2017-18269 CVE-2018-11236 CVE-2018-11237]; avoid segmentation faults on CPUs with AVX512-F; fix a use after free in pthread_create(); check for postgresql in NSS check; fix pthread_cond_wait() in the pshared case on non-x86. glx-alternatives Add diversion and alternative for libGLX_indirect.so.0; avoid confusing diagnostic message if no nvidia alternative is available gnulib vasnprintf: Fix heap memory overrun bug [CVE-2018-17942] gnupg2 Avoid crash when importing without a TTY graphite-api Fix RequiresMountsFor spelling in systemd service grokmirror Add missing dependency on python-pkg-resources gvrng Fix permissions problem that prevented starting gvrng; generate correct Python dependencies ibus Fix multi-arch installation by removing the gir package's Python dependency icedtea-web Stop building the browser plugin, no longer works with Firefox 60 icinga2 Fix timestamps being stored as local time in PostgreSQL intel-microcode Add accumulated fixes for Westmere EP (signature 0x206c2) [Intel SA-00161 CVE-2018-3615 CVE-2018-3620 CVE-2018-3646 Intel SA-00115 CVE-2018-3639 CVE-2018-3640 Intel SA-0088 CVE-2017-5753 CVE-2017-5754] isort Fix Python dependencies jdupes Fix potential crash on ARM kmodpy Remove incorrect Multi-Arch: same from python- kmodpy libapache2-mod-perl2 Don't allow <Perl> sections in user controlled configuration [CVE-2011-2767] libb2 Detect if the system can use AVX before actually using it libdatetime-timezone-perl Update included data libemail-address-list-perl Fix DoS vulnerability [CVE-2018-18898] libemail-address-perl Fix DoS vulnerabilities [CVE-2015-7686 CVE-2018-12558] libgpod python-gpod: Add missing dependency on python- gobject-2 libssh Fix broken server-side keyboard-interactive authentication linux New upstream release linux-igd Make the init script require $network lttng-modules Fix build on linux-rt 4.9 kernels and kernels >= 4.9.0-3 mistral Fix "std.ssh action may disclose presence of arbitrary files" [CVE-2018-16849] monkeysign Fix security issue [CVE-2018-12020]; actually send multiple emails instead of a single one mpqc Also install sc-libtool nvidia-graphics-drivers New upstream release nvidia-modprobe New upstream release nvidia-persistenced New upstream release nvidia-settings New upstream release nvidia-xconfig New upstream release openni2 Fix armhf baseline violation and armel FTBFS caused by NEON usage openvpn Fix NCP behaviour on TLS reconnect, causing "AEAD Decrypt error: cipher final failed" errors parsedatetime Add support for python3 pdns Fix security issues [CVE-2018-1046 CVE-2018-10851]; fix MySQL queries with stored procedures; fix ldap, lua, opendbx backend not finding domains pdns-recursor Fix security issues [CVE-2018-10851 CVE-2018-14626 CVE-2018-14644] photocollage Add missing dependency on gir1.2-gtk-3.0 postfix New upstream stable release; avoid postconf failures when postfix-instance-generator runs during boot; update watch file postgresql-9.6 New upstream release postgrey Create /var/run/postgrey if it does not exist; revert the 1.36-3+deb9u1 change due to regression pylint-django Fix Python 3 dependencies python-acme Backport newer version for tls-sni-01 deprecation python-arpy Correct substitution variable for Python 3 interpreter depends python-certbot Backport newer version for tls-sni-01 deprecation python-certbot-apache Update for deprecation of tls-sni-01 python-certbot-nginx Update for deprecation of tls-sni-01 python-hypothesis Fix dependencies of python3-hypothesis and python-hypothesis-doc python-josepy New certbot dependency pyzo Add missing dependency on python3-pkg-resources r-cran-readxl Fix crash bugs [CVE-2018-20450 CVE-2018-20452] rtkit Move dbus and polkit from Recommends to Depends ruby-rack Fix a possible XSS vulnerability [CVE-2018-16471] samba New upstream release; s3:ntlm_auth: fix memory leak in manage_gensec_request(); ignore nmbd start errors when there is no non-loopback interface or no local IPv4 non-loopback interface; fix CVE-2018-14629 regression on a non-CNAME record sl-modem Support Linux versions > 3 sogo-connector Update to work with newer Thunderbird versions sox Really apply fixes for CVE-2014-8145 ssh-agent-filter Fix two-byte out-of-bounds stack write supercollider Disable support for XEmacs and Emacs <= 23 sympa Remove /etc/sympa/sympa.conf-smime.in from conffiles; use full path for head command in Sympa configuration file twitter-bootstrap3 Fix multiple security vulnerabilities [CVE-2018-14040 CVE-2018-14041 CVE-2018-14042] tzdata New upstream release uglifyjs Fix manpage contents uriparser Fix multiple security vulnerabilties [CVE-2018-19198 CVE-2018-19199 CVE-2018-19200] vm Drop support for xemacs21 vulture Add missing dependency on python3-pkg-resources wayland Fix possible integer overflow [CVE-2017-16612] wicd Always depend on net-tools, rather than alternatives wvstreams Work around stack corruption xapian-core Fix leaks of freelist blocks in corner cases, which then get reported as "DatabaseCorruptError" by Database::check() xkeycaps Prevent segfault in commands.c when more than 8 keysyms per key are present yosys Fix "ModuleNotFoundError: No module named 'smtio'" z3 Remove incorrect Multi-Arch: same from python-z3 A complete list of all accepted and rejected packages together with rationale is on the preparation page for this revision: <https://release.debian.org/proposed-updates/stable.html> Removed packages ---------------- The following packages will be removed due to circumstances beyond our control: Package Reason ------- ------ adblock-plus Incompatible with newer firefox-esr versions calendar-exchange-provider Incompatible with newer Thunderbird versions cookie-monster Incompatible with newer firefox-esr versions corebird Broken by Twitter API changes debian-buttons Incompatible with newer firefox-esr versions debian-parl Depends on broken / removed Firefox plugins firefox-branding-iceweasel Incompatible with newer firefox-esr versions firefox-kwallet5 Incompatible with newer firefox-esr versions flashblock Incompatible with newer firefox-esr versions flickrbackup Incompatible with current Flickr API imap-acl-extension Incompatible with newer firefox-esr versions mozilla-dom-inspector Incompatible with newer firefox-esr versions mozilla-noscript Incompatible with newer firefox-esr versions mozilla-password-editor Incompatible with newer firefox-esr versions mozvoikko Incompatible with newer firefox-esr versions personaplus Incompatible with newer firefox-esr versions python-formalchemy Unusable, fails to import in Python refcontrol Incompatible with newer firefox-esr versions requestpolicy Incompatible with newer firefox-esr versions spice-xpi Incompatible with newer firefox-esr versions toggle-proxy Incompatible with newer firefox-esr versions y-u-no-validate Incompatible with newer firefox-esr versions If you encounter any issues, please don't hesitate to get in touch with the Debian Release Team at "firstname.lastname@example.org".
Description: This is a digitally signed message part