[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SUA 156-1] Upcoming Debian 9 Update (9.8)

Debian Stable Updates Announcement SUA 156-1         https://www.debian.org/
debian-release@lists.debian.org                              Adam D. Barratt
February 12th, 2019

Upcoming Debian 9 Update (9.8)

An update to Debian 9 is scheduled for Saturday, February 16th, 2019. As 
of now it will include the following bug fixes. They can be found in 
"stretch-proposed-updates", which is carried by all official mirrors.

Please note that packages published through security.debian.org are not
listed, but will be included if possible. Some of the updates below are also
already available through "stretch-updates".

Testing and feedback would be appreciated. Bugs should be filed in the
Debian Bug Tracking System, but please make the Release Team aware of them
by copying "debian-release@lists.debian.org" on your mails.

The point release will also include a rebuild of debian-installer.

Miscellaneous Bugfixes

This stable update adds a few important corrections to the following

  Package                    Reason
  -------                    ------

  arc                        Fix directory traversal bugs [CVE-2015-9275],
                             arcdie crash when called with more then 1
                             variable argument and version 1 arc header

  astroml-addons             Fix Python 3 dependencies

  base-files                 Update for the point release

  c3p0                       Fix XML External Entity vulnerability

  ca-certificates-java       Fix temporary jvm-*.cfg generation on armhf

  chkrootkit                 Fix regular expression for filtering out dhcpd
                             and dhclient as false positives from the packet
                             sniffer test

  compactheader              Update to work with newer Thunderbird versions

  courier                    Fix @piddir@ substitution

  cups                       Security fixes [CVE-2017-18248 CVE-2018-4700]

  debian-edu-config          Fix configuration of personal web pages; re-
                             enable offline installation of a combi server
                             including diskless workstation support; enable
                             Chromium homepage setting at installation time
                             and via LDAP

  debian-installer           Rebuild for the point release

  debian-security-support    Update support status of various packages

  dnspython                  Fix error when parsing nsec3 bitmap from text

  egg                        Skip emacsen-install for unsupported xemacs21

  erlang                     Do not install Erlang mode for XEmacs

  espeakup                   debian/espeakup.service: Fix compatibility with
                             older versions of systemd

  freerdp                    Fix security issues [CVE-2018-8786
                             CVE-2018-8787 CVE-2018-8788]; add CredSSP v3
                             and RDP proto v6 support

  ganeti-os-noop             Fix size detection for non-block devices

  glibc                      Fix several security isses [CVE-2017-15670
                             CVE-2017-15671 CVE-2017-15804 CVE-2017-1000408
                             CVE-2017-1000409 CVE-2017-16997 CVE-2017-18269
                             CVE-2018-11236 CVE-2018-11237]; avoid
                             segmentation faults on CPUs with AVX512-F; fix
                             a use after free in pthread_create(); check for
                             postgresql in NSS check; fix
                             pthread_cond_wait() in the pshared case on

  glx-alternatives           Add diversion and alternative for
                             libGLX_indirect.so.0; avoid confusing
                             diagnostic message if no nvidia alternative is

  gnulib                     vasnprintf: Fix heap memory overrun bug

  gnupg2                     Avoid crash when importing without a TTY

  graphite-api               Fix RequiresMountsFor spelling in systemd

  grokmirror                 Add missing dependency on python-pkg-resources

  gvrng                      Fix permissions problem that prevented starting
                             gvrng; generate correct Python dependencies

  ibus                       Fix multi-arch installation by removing the gir
                             package's Python dependency

  icedtea-web                Stop building the browser plugin, no longer
                             works with Firefox 60

  icinga2                    Fix timestamps being stored as local time in

  intel-microcode            Add accumulated fixes for Westmere EP
                             (signature 0x206c2) [Intel SA-00161
                             CVE-2018-3615 CVE-2018-3620 CVE-2018-3646 Intel
                             SA-00115 CVE-2018-3639 CVE-2018-3640 Intel
                             SA-0088 CVE-2017-5753 CVE-2017-5754]

  isort                      Fix Python dependencies

  jdupes                     Fix potential crash on ARM

  kmodpy                     Remove incorrect Multi-Arch: same from python-

  libapache2-mod-perl2       Don't allow <Perl> sections in user controlled
                             configuration [CVE-2011-2767]

  libb2                      Detect if the system can use AVX before
                             actually using it

  libdatetime-timezone-perl  Update included data

  libemail-address-list-perl Fix DoS vulnerability [CVE-2018-18898]

  libemail-address-perl      Fix DoS vulnerabilities [CVE-2015-7686

  libgpod                    python-gpod: Add missing dependency on python-

  libssh                     Fix broken server-side keyboard-interactive

  linux                      New upstream release

  linux-igd                  Make the init script require $network

  lttng-modules              Fix build on linux-rt 4.9 kernels and kernels
                             >= 4.9.0-3

  mistral                    Fix "std.ssh action may disclose presence of
                             arbitrary files" [CVE-2018-16849]

  monkeysign                 Fix security issue [CVE-2018-12020]; actually
                             send multiple emails instead of a single one

  mpqc                       Also install sc-libtool

  nvidia-graphics-drivers    New upstream release

  nvidia-modprobe            New upstream release

  nvidia-persistenced        New upstream release

  nvidia-settings            New upstream release

  nvidia-xconfig             New upstream release

  openni2                    Fix armhf baseline violation and armel FTBFS
                             caused by NEON usage

  openvpn                    Fix NCP behaviour on TLS reconnect, causing
                             "AEAD Decrypt error: cipher final failed"

  parsedatetime              Add support for python3

  pdns                       Fix security issues [CVE-2018-1046
                             CVE-2018-10851]; fix MySQL queries with stored
                             procedures; fix ldap, lua, opendbx backend not
                             finding domains

  pdns-recursor              Fix security issues [CVE-2018-10851
                             CVE-2018-14626 CVE-2018-14644]

  photocollage               Add missing dependency on gir1.2-gtk-3.0

  postfix                    New upstream stable release; avoid postconf
                             failures when postfix-instance-generator runs
                             during boot; update watch file

  postgresql-9.6             New upstream release

  postgrey                   Create /var/run/postgrey if it does not exist;
                             revert the 1.36-3+deb9u1 change due to

  pylint-django              Fix Python 3 dependencies

  python-acme                Backport newer version for tls-sni-01

  python-arpy                Correct substitution variable for Python 3
                             interpreter depends

  python-certbot             Backport newer version for tls-sni-01

  python-certbot-apache      Update for deprecation of tls-sni-01

  python-certbot-nginx       Update for deprecation of tls-sni-01

  python-hypothesis          Fix dependencies of python3-hypothesis
                             and python-hypothesis-doc

  python-josepy              New certbot dependency

  pyzo                       Add missing dependency on python3-pkg-resources

  r-cran-readxl              Fix crash bugs [CVE-2018-20450 CVE-2018-20452]

  rtkit                      Move dbus and polkit from Recommends to Depends

  ruby-rack                  Fix a possible XSS vulnerability

  samba                      New upstream release; s3:ntlm_auth: fix memory
                             leak in manage_gensec_request(); ignore nmbd
                             start errors when there is no non-loopback
                             interface or no local IPv4 non-loopback
                             interface; fix CVE-2018-14629 regression on a
                             non-CNAME record

  sl-modem                   Support Linux versions > 3

  sogo-connector             Update to work with newer Thunderbird versions

  sox                        Really apply fixes for CVE-2014-8145

  ssh-agent-filter           Fix two-byte out-of-bounds stack write

  supercollider              Disable support for XEmacs and Emacs <= 23

  sympa                      Remove /etc/sympa/sympa.conf-smime.in from
                             conffiles; use full path for head command in
                             Sympa configuration file

  twitter-bootstrap3         Fix multiple security vulnerabilities
                             [CVE-2018-14040 CVE-2018-14041 CVE-2018-14042]

  tzdata                     New upstream release

  uglifyjs                   Fix manpage contents

  uriparser                  Fix multiple security vulnerabilties
                             [CVE-2018-19198 CVE-2018-19199 CVE-2018-19200]

  vm                         Drop support for xemacs21

  vulture                    Add missing dependency on python3-pkg-resources

  wayland                    Fix possible integer overflow [CVE-2017-16612]

  wicd                       Always depend on net-tools, rather than

  wvstreams                  Work around stack corruption

  xapian-core                Fix leaks of freelist blocks in corner cases,
                             which then get reported as
                             "DatabaseCorruptError" by Database::check()

  xkeycaps                   Prevent segfault in commands.c when more than 8
                             keysyms per key are present

  yosys                      Fix "ModuleNotFoundError: No module named

  z3                         Remove incorrect Multi-Arch: same from

A complete list of all accepted and rejected packages together with
rationale is on the preparation page for this revision:


Removed packages

The following packages will be removed due to circumstances beyond our

  Package                    Reason
  -------                    ------

  adblock-plus               Incompatible with newer firefox-esr versions

  calendar-exchange-provider Incompatible with newer Thunderbird versions

  cookie-monster             Incompatible with newer firefox-esr versions

  corebird                   Broken by Twitter API changes

  debian-buttons             Incompatible with newer firefox-esr versions

  debian-parl                Depends on broken / removed Firefox plugins

  firefox-branding-iceweasel Incompatible with newer firefox-esr versions

  firefox-kwallet5           Incompatible with newer firefox-esr versions

  flashblock                 Incompatible with newer firefox-esr versions

  flickrbackup               Incompatible with current Flickr API

  imap-acl-extension         Incompatible with newer firefox-esr versions

  mozilla-dom-inspector      Incompatible with newer firefox-esr versions

  mozilla-noscript           Incompatible with newer firefox-esr versions

  mozilla-password-editor    Incompatible with newer firefox-esr versions

  mozvoikko                  Incompatible with newer firefox-esr versions

  personaplus                Incompatible with newer firefox-esr versions

  python-formalchemy         Unusable, fails to import in Python

  refcontrol                 Incompatible with newer firefox-esr versions

  requestpolicy              Incompatible with newer firefox-esr versions

  spice-xpi                  Incompatible with newer firefox-esr versions

  toggle-proxy               Incompatible with newer firefox-esr versions

  y-u-no-validate            Incompatible with newer firefox-esr versions

If you encounter any issues, please don't hesitate to get in touch with the
Debian Release Team at "debian-release@lists.debian.org".

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: