Hello! Could you please unsubscribe me from that list? 2017-10-03 0:43 GMT+04:00 Adam D. Barratt <a...@adam-barratt.org.uk>:
> ------------------------------------------------------------------------- > Debian Stable Updates Announcement SUA 127-1 https://www.debian.org/ > debian-release@lists.debian.org Adam D. Barratt > October 2nd, 2017 > ------------------------------------------------------------------------- > > Upcoming Debian 9 Update (9.2) > > An update to Debian 9 is scheduled for Saturday, October 7th, 2017. As of > now it will include the following bug fixes. They can be found in > "stretch-proposed-updates", which is carried by all official mirrors. > > Please note that packages published through security.debian.org are not > listed, but will be included if possible. Some of the updates below are > also already available through "stretch-updates". > > Testing and feedback would be appreciated. Bugs should be filed in the > Debian Bug Tracking System, but please make the Release Team aware of > them by copying "debian-release@lists.debian.org" on your mails. > > Miscellaneous Bugfixes > ---------------------- > > This stable update adds a few important corrections to the following > packages: > > Package Reason > > apt Fix issues in apt-daily-upgrade; fix a > possible crash in the mirror method > at-spi2-core Fix crash on switching windows > bareos Fix permissions of bareos-dir logrotate > config on upgrade; fix file corruption when using SHA1 signature > bind9 Import DNSSEC KSK-2017 > bridge-utils Fix a problem with some VLAN interfaces > not being created > caja Fix excessive CPU use while loading > background image > chrony Do not pass 'burst' command to chronyc > cross-gcc Fix outdated support for gcc 6.3.0-18 > cvxopt Remove the unneccessary and non-working > compatibility layer for lpx_main() > db5.3 Do not access DB_CONFIG when db_home is > not set [CVE-2017-10140] > dbus New upstream stable release > debian-edu-doc Merge stretch related documentation and > translation updates; update Debian Edu Stretch manual from the wiki; > replace existing boot menu screenshots with recent ones from the wiki > debian-installer Update Linux kernel ABI to 4 > debian-installer-netboot Rebuild for the point release > -images > desktop-base Fix XML syntax errors in gnome wallpaper > description files making Joy wallpapers unavailable by default; ensure > postinst doesn’t fail on upgrade even when an incomplete theme pack is > active > dns-root-data Update root.hints to 2017072601 version; > change the state of KSK-2017 to VALID > dnsdist Security fixes [CVE-2016-7069 > CVE-2017-7557] > dnsviz Cherry-pick upstream fixes related to > root.hints and root.keys changes > dose3 Fix versioned provides support - > packages that provide the same virtual package in different versions, or > that provide the same versioned virtual package as a real package, are > co-installable > ecl Add missing dependency on libffi-dev > erlang-p1-tls Fix ECDH curves > evolution Fix hangs on right click in composer > window > expect Properly check for EOF, to avoid losing > input > fife Fix memory leak > flatpak New upstream stable release; prevent > deploying files with inappropriate permissions; restore compatibility with > libostree 2017.7 > freerdp Enable TLS >= 1.1 support > gnome-exe-thumbnailer Switch to msitools' msiinfo for > ProductVersion fetching, replacing the insecure VBScript-based parsing > [CVE-2017-11421]; fix unreadable white-on-white text on version labels > gnupg2 Fix dirmngr issues with broken reverse > DNS, assertion when using "tofu-default-policy ask", multiple issues with > scdaemon, avoid spurious warnings when sharing a keybox with gpg >= 2.1.20 > gnutls28 Fix OCSP verification errors, especially > with ecdsa signatures > gosa-plugin-mailaddress Fix parent constructor calls, for > compatibility with PHP7 > gsoap Fix integer overflow via large XML > document [CVE-2017-9765] > haveged Start haveged.service after > systemd-tmpfiles-setup.service has been run > ipsec-tools Security fix [CVE-2016-10396] > irssi Fix null pointer dereference > [CVE-2017-10965], use-after-free condition for nicklist [CVE-2017-10966] > kanatest Remove DISABLE_DEPRECATED flags, they > cause implicit pointer conversion and thus a segmentation fault on startup > kdepim Fix "send Later with Delay bypasses > OpenPGP" [CVE-2017-9604] > kf5-messagelib Fix "send Later with Delay bypasses > OpenPGP" [CVE-2017-9604] > krb5 Fix security issue where remote > authenticated attackers can crash the KDC [CVE-2017-11368]; fix startup if > getaddrinfo() returns a wildcard v6 address and handling of explicitly > specified v4 wildcard address; fix SRV lookups to respect > udp_preference_limit > lava-tool Add missing dependency: python-simplejson > librsb Fix a few severe bugs leading to > numerically wrong results > libselinux Rebuild with new sbuild to fix changelog > date > libsolv Fix dependencies on Python 3 modules > libwpd Fix denial of service issue > [CVE-2017-14226] > linux New upstream stable version > linux-latest Update to 4.9.0-4 > lzma Rebuild with new sbuild to fix changelog > date > mailman Fix broken dependencies in > contrib/SpamAssassin.py > mate-power-manager Don't abort on unknown DBus signal name > mate-themes Fix font colour of URL bar in Google > Chrome > mate-tweak Add missing dependency on python3-gi > ncurses Fix various crash bugs in the tic > library and the tic binary [CVE-2017-10684 CVE-2017-10685 CVE-2017-11112 > CVE-2017-11113 CVE-2017-13728 CVE-2017-13729 CVE-2017-13730 CVE-2017-13731 > CVE-2017-13732 CVE-2017-13734 CVE-2017-13733] > nettle Rebuild with new sbuild to fix changelog > date > node-brace-expansion Fix regular expression denial of service > issue > node-dateformat Set TZ=UTC for tests to fix build failure > ntp Build and install /usr/bin/sntp > nvidia-graphics-drivers New upstream long lived branch release > 375.82 - security fixes [CVE-2017-6257 CVE-2017-6259], add support for the > following GPUs: GeForce GTX 1080 with Max-Q Design, GeForce GTX 1070 with > Max-Q Design, GeForce GTX 1060 with Max-Q Design; nvidia-kernel-dkms: Honor > parallel setting from dkms > open-vm-tools Randomly generate tmp directory name > [CVE-2015-5191] > opendkim Start as root and drop privileges in > opendkim for proper key file ownership > openldap Relax the dependency of libldap-2.4-2 on > libldap-common to also permit later versions; fix upgrade failure when > olcSuffix contains a backslash; avoid reading the value of the > LDAP_OPT_X_TLS_REQUIRE_CERT option from previously freed memory; fix > potential endless replication loop in a multi-master delta-syncrepl > scenario with 3 or more nodes; fix memory corruption caused by calling > sasl_client_init() multiple times and possibly concurrently > openvpn Fix broken reconnects due to wrong push > digest calculation > osinfo-db Update distribution information > pcb-rnd Fix execution of code from a maliciously > formed design file > postfix New upstream stable version - send > single character variable names to milters without {}; prevent MIME > downgrade of Postfix-generated message/delivery status; work around > Berkeley DB attempting to read settings from "DB_CONFIG" file > python-pampy Fix dependencies on Python 3 modules > request-tracker4 Fix regression in previous security > release where incorrect SHA256 passwords could trigger an error > ruby-gnome2 Ruby-{gdk3,gtksourceview2,pango,poppler}: > Add missing dependencies > samba Ensure SMB signing enforced > [CVE-2017-12150]; keep required encryption across SMB3 dfs redirects > [CVE-2017-12151]; fix server memory information leak over SMB1 > [CVE-2017-12163]; new upstream release; fix libpam-winbind.prerm to be > multiarch-safe; add missing logrotate for /var/log/samba/log.samba; fix > outdated DNS Root servers; fix "Non-kerberos logins fails on winbind 4.X > when krb5_auth is configured in PAM" > smplayer Fix connections to YouTube > speech-dispatcher Make spd-conf work again > suricata Limit the number of recursive calls in > the DER/ASN.1 decoder to avoid stack overflows > swift New upstream stable release > tbdialout Include leading plus symbol with tel: > URI scheme > tiny-initramfs Add missing dependency on cpio > topal Fix misuse of sed character class syntax > torsocks Fix check_addr() to return either 0 or 1 > trace-cmd Fix segfault while processing certain > trace files > unbound Fix install of trust anchor when two > anchors are present; depend on dns-root-data (>= 2017072601~) for KSK-2017 > unknown-horizons Fix memory leak > up-imapproxy Correct systemd service file > vim Fix several crashes / illegal memory > accesses [CVE-2017-11109] > waagent New upstream release, with support for > Azure Stack > webkit2gtk Upstream security and bugfix release > [CVE-2017-2538 CVE-2017-7052 CVE-2017-7018 CVE-2017-7030 CVE-2017-7034 > CVE-2017-7037 CVE-2017-7039 CVE-2017-7046 CVE-2017-7048 CVE-2017-7055 > CVE-2017-7056 CVE-2017-7061 CVE-2017-7064] > whois Fix whois referrals for .com, .net, > .jobs, .bz, .cc and .tv; add several new Indian TLD servers; update the > list of gTLDs > wrk Fix build failures > xfonts-ayu Fix generation of bold and italic fonts > xkeyboard-config Move Indic layouts back to the main > layout list, enabling their use again > yadm Fix race condition which could allow > access to private PGP and SSH keys [CVE-2017-11353] > > A complete list of all accepted and rejected packages together with > rationale is on the preparation page for this revision: > > <https://release.debian.org/proposed-updates/stable.html> > > > If you encounter any issues, please don't hesitate to get in touch with > the Debian Release Team at "debian-release@lists.debian.org".
