------------------------------------------------------------------------ The Debian Project https://www.debian.org/ Updated Debian 9: 9.13 released pr...@debian.org July 18th, 2020 https://www.debian.org/News/2020/20200718 ------------------------------------------------------------------------
The Debian project is pleased to announce the thirteenth (and final) update of its oldstable distribution Debian 9 (codename "stretch"). This point release mainly adds corrections for security issues, along with a few adjustments for serious problems. Security advisories have already been published separately and are referenced where available. After this point release, Debian's Security and Release Teams will no longer be producing updates for Debian 9. Users wishing to continue to receive security support should upgrade to Debian 10, or see https://wiki.debian.org/LTS for details about the subset of architectures and packages covered by the Long Term Support project. Please note that the point release does not constitute a new version of Debian 9 but only updates some of the packages included. There is no need to throw away old "stretch" media. After installation, packages can be upgraded to the current versions using an up-to-date Debian mirror. Those who frequently install updates from security.debian.org won't have to update many packages, and most such updates are included in the point release. New installation images will be available soon at the regular locations. Upgrading an existing installation to this revision can be achieved by pointing the package management system at one of Debian's many HTTP mirrors. A comprehensive list of mirrors is available at: https://www.debian.org/mirror/list Miscellaneous Bugfixes ---------------------- This oldstable update adds a few important corrections to the following packages: +--------------------------+------------------------------------------+ | Package | Reason | +--------------------------+------------------------------------------+ | acmetool [1] | Rebuild against recent golang to pick up | | | security fixes | | | | | atril [2] | dvi: Mitigate command injection attacks | | | by quoting filename [CVE-2017-1000159]; | | | fix overflow checks in tiff backend | | | [CVE-2019-1010006]; tiff: Handle failure | | | from TIFFReadRGBAImageOriented | | | [CVE-2019-11459] | | | | | bacula [3] | Add transitional package bacula- | | | director-common, avoiding loss of /etc/ | | | bacula/bacula-dir.conf when purged; make | | | PID files owned by root | | | | | base-files [4] | Update /etc/debian_version for the point | | | release | | | | | batik [5] | Fix server-side request forgery via | | | xlink:href attributes [CVE-2019-17566] | | | | | c-icap-modules [6] | Support ClamAV 0.102 | | | | | ca-certificates [7] | Update Mozilla CA bundle to 2.40, | | | blacklist distrusted Symantec roots and | | | expired "AddTrust External Root" ; | | | remove e-mail only certificates | | | | | chasquid [8] | Rebuild against recent golang to pick up | | | security fixes | | | | | checkstyle [9] | Fix XML External Entity injection issue | | | [CVE-2019-9658 CVE-2019-10782] | | | | | clamav [10] | New upstream release [CVE-2020-3123]; | | | security fixes [CVE-2020-3327 CVE-2020- | | | 3341] | | | | | compactheader [11] | New upstream version, compatible with | | | newer Thunderbird versions | | | | | cram [12] | Ignore test failures to fix build issues | | | | | csync2 [13] | Fail HELLO command when SSL is required | | | | | cups [14] | Fix heap buffer overflow [CVE-2020-3898] | | | and "the `ippReadIO` function may | | | under-read an extension | | | field" [CVE-2019-8842] | | | | | dbus [15] | New upstream stable release; prevent a | | | denial of service issue [CVE-2020- | | | 12049]; prevent use-after-free if two | | | usernames share a uid | | | | | debian-installer [16] | Update for the 4.9.0-13 Linux kernel ABI | | | | | debian-installer- | Rebuild against stretch-proposed-updates | | netboot-images [17] | | | | | | debian-security- | Update support status of several | | support [18] | packages | | | | | erlang [19] | Fix use of weak TLS ciphers [CVE-2020- | | | 12872] | | | | | exiv2 [20] | Fix denial of service issue [CVE-2018- | | | 16336]; fix over-restrictive fix for | | | CVE-2018-10958 and CVE-2018-10999 | | | | | fex [21] | Security update | | | | | file-roller [22] | Security fix [CVE-2020-11736] | | | | | fwupd [23] | New upstream release; use a CNAME to | | | redirect to the correct CDN for | | | metadata; do not abort startup if the | | | XML metadata file is invalid; add the | | | Linux Foundation public GPG keys for | | | firmware and metadata; raise the | | | metadata limit to 10MB | | | | | glib-networking [24] | Return bad identity error if identity is | | | unset [CVE-2020-13645] | | | | | gnutls28 [25] | Fix memory corruption issue [CVE-2019- | | | 3829]; fix memory leak; add support for | | | zero length session tickets, fix | | | connection errors on TLS1.2 sessions to | | | some hosting providers | | | | | gosa [26] | Tighten check on LDAP success/failure | | | [CVE-2019-11187]; fix compatibility with | | | newer PHP versions; backport several | | | other patches; replace (un)serialize | | | with json_encode/json_decode to mitigate | | | PHP object injection [CVE-2019-14466] | | | | | heartbleeder [27] | Rebuild against recent golang to pick up | | | security fixes | | | | | intel-microcode [28] | Downgrade some microcodes to previously | | | released revisions, working around hangs | | | on boot on Skylake-U/Y and Skylake Xeon | | | E3 | | | | | iptables-persistent [29] | Don't fail if modprobe does | | | | | jackson-databind [30] | Fix multiple security issues affecting | | | BeanDeserializerFactory [CVE-2020-9548 | | | CVE-2020-9547 CVE-2020-9546 CVE-2020- | | | 8840 CVE-2020-14195 CVE-2020-14062 | | | CVE-2020-14061 CVE-2020-14060 CVE-2020- | | | 11620 CVE-2020-11619 CVE-2020-11113 | | | CVE-2020-11112 CVE-2020-11111 CVE-2020- | | | 10969 CVE-2020-10968 CVE-2020-10673 | | | CVE-2020-10672 CVE-2019-20330 CVE-2019- | | | 17531 and CVE-2019-17267] | | | | | libbusiness-hours- | Use explicit 4 digit years, fixing build | | perl [31] | and usage issues | | | | | libclamunrar [32] | New upstream stable release; add an | | | unversioned meta-package | | | | | libdbi [33] | Comment out _error_handler() call again, | | | fixing issues with consumers | | | | | libembperl-perl [34] | Handle error pages from Apache >= 2.4.40 | | | | | libexif [35] | Security fixes [CVE-2016-6328 CVE-2017- | | | 7544 CVE-2018-20030 CVE-2020-12767 | | | CVE-2020-0093]; security fixes | | | [CVE-2020-13112 CVE-2020-13113 CVE-2020- | | | 13114]; fix a buffer read overflow | | | [CVE-2020-0182] and an unsigned integer | | | overflow [CVE-2020-0198] | | | | | libvncserver [36] | Fix heap overflow [CVE-2019-15690] | | | | | linux [37] | New upstream stable release; update ABI | | | to 4.9.0-13 | | | | | linux-latest [38] | Update for 4.9.0-13 kernel ABI | | | | | mariadb-10.1 [39] | New upstream stable release; security | | | fixes [CVE-2020-2752 CVE-2020-2812 | | | CVE-2020-2814] | | | | | megatools [40] | Add support for the new format of | | | mega.nz links | | | | | mod-gnutls [41] | Avoid deprecated ciphersuites in test | | | suite; fix test failures when combined | | | with Apache's fix for CVE-2019-10092 | | | | | mongo-tools [42] | Rebuild against recent golang to pick up | | | security fixes | | | | | neon27 [43] | Treat OpenSSL-related test failures as | | | non-fatal | | | | | nfs-utils [44] | Fix potential file overwrite | | | vulnerability [CVE-2019-3689]; don't | | | make all of /var/lib/nfs owned by the | | | statd user | | | | | nginx [45] | Fix error page request smuggling | | | vulnerability [CVE-2019-20372] | | | | | node-url-parse [46] | Sanitize paths and hosts before parsing | | | [CVE-2018-3774] | | | | | nvidia-graphics- | New upstream stable release; new | | drivers [47] | upstream stable release; security fixes | | | [CVE-2020-5963 CVE-2020-5967] | | | | | pcl [48] | Fix missing dependency on libvtk6-qt-dev | | | | | perl [49] | Fix multiple regular expression related | | | security issues [CVE-2020-10543 | | | CVE-2020-10878 CVE-2020-12723] | | | | | php-horde [50] | Fix cross-site scripting vulnerability | | | [CVE-2020-8035] | | | | | php-horde-data [51] | Fix authenticated remote code execution | | | vulnerability [CVE-2020-8518] | | | | | php-horde-form [52] | Fix authenticated remote code execution | | | vulnerability [CVE-2020-8866] | | | | | php-horde-gollem [53] | Fix cross-site scripting vulnerability | | | in breadcrumb output [CVE-2020-8034] | | | | | php-horde-trean [54] | Fix authenticated remote code execution | | | vulnerability [CVE-2020-8865] | | | | | phpmyadmin [55] | Several security fixes [CVE-2018-19968 | | | CVE-2018-19970 CVE-2018-7260 CVE-2019- | | | 11768 CVE-2019-12616 CVE-2019-6798 | | | CVE-2019-6799 CVE-2020-10802 CVE-2020- | | | 10803 CVE-2020-10804 CVE-2020-5504] | | | | | postfix [56] | New upstream stable release | | | | | proftpd-dfsg [57] | Fix handling SSH_MSG_IGNORE packets | | | | | python-icalendar [58] | Fix Python3 dependencies | | | | | rails [59] | Fix possible cross-site scripting via | | | Javascript escape helper [CVE-2020-5267] | | | | | rake [60] | Fix command injection vulnerability | | | [CVE-2020-8130] | | | | | roundcube [61] | Fix cross-site scripting issue via HTML | | | messages with malicious svg/namespace | | | [CVE-2020-15562] | | | | | ruby-json [62] | Fix unsafe object creation vulnerability | | | [CVE-2020-10663] | | | | | ruby2.3 [63] | Fix unsafe object creation vulnerability | | | [CVE-2020-10663] | | | | | sendmail [64] | Fix finding the queue runner control | | | process in "split daemon" mode, | | | "NOQUEUE: connect from (null)" , removal | | | failure when using BTRFS | | | | | sogo-connector [65] | New upstream version, compatible with | | | newer Thunderbird versions | | | | | ssvnc [66] | Fix out-of-bounds write [CVE-2018- | | | 20020], infinite loop [CVE-2018-20021], | | | improper initialisation [CVE-2018- | | | 20022], potential denial-of-service | | | [CVE-2018-20024] | | | | | storebackup [67] | Fix possible privilege escalation | | | vulnerability [CVE-2020-7040] | | | | | swt-gtk [68] | Fix missing dependency on | | | libwebkitgtk-1.0-0 | | | | | tinyproxy [69] | Create PID file before dropping | | | privileges to non-root account | | | [CVE-2017-11747] | | | | | tzdata [70] | New upstream stable release | | | | | websockify [71] | Fix missing dependency on python{3,}- | | | pkg-resources | | | | | wpa [72] | Fix AP mode PMF disconnection protection | | | bypass [CVE-2019-16275]; fix MAC | | | randomisation issues with some cards | | | | | xdg-utils [73] | Sanitise window name before sending it | | | over D-Bus; correctly handle directories | | | with names containing spaces; create the | | | "applications" directory if needed | | | | | xml-security-c [74] | Fix length calculation in the concat | | | method | | | | | xtrlock [75] | Fix blocking of (some) multitouch | | | devices while locked [CVE-2016-10894] | | | | +--------------------------+------------------------------------------+ 1: https://packages.debian.org/src:acmetool 2: https://packages.debian.org/src:atril 3: https://packages.debian.org/src:bacula 4: https://packages.debian.org/src:base-files 5: https://packages.debian.org/src:batik 6: https://packages.debian.org/src:c-icap-modules 7: https://packages.debian.org/src:ca-certificates 8: https://packages.debian.org/src:chasquid 9: https://packages.debian.org/src:checkstyle 10: https://packages.debian.org/src:clamav 11: https://packages.debian.org/src:compactheader 12: https://packages.debian.org/src:cram 13: https://packages.debian.org/src:csync2 14: https://packages.debian.org/src:cups 15: https://packages.debian.org/src:dbus 16: https://packages.debian.org/src:debian-installer 17: https://packages.debian.org/src:debian-installer-netboot-images 18: https://packages.debian.org/src:debian-security-support 19: https://packages.debian.org/src:erlang 20: https://packages.debian.org/src:exiv2 21: https://packages.debian.org/src:fex 22: https://packages.debian.org/src:file-roller 23: https://packages.debian.org/src:fwupd 24: https://packages.debian.org/src:glib-networking 25: https://packages.debian.org/src:gnutls28 26: https://packages.debian.org/src:gosa 27: https://packages.debian.org/src:heartbleeder 28: https://packages.debian.org/src:intel-microcode 29: https://packages.debian.org/src:iptables-persistent 30: https://packages.debian.org/src:jackson-databind 31: https://packages.debian.org/src:libbusiness-hours-perl 32: https://packages.debian.org/src:libclamunrar 33: https://packages.debian.org/src:libdbi 34: https://packages.debian.org/src:libembperl-perl 35: https://packages.debian.org/src:libexif 36: https://packages.debian.org/src:libvncserver 37: https://packages.debian.org/src:linux 38: https://packages.debian.org/src:linux-latest 39: https://packages.debian.org/src:mariadb-10.1 40: https://packages.debian.org/src:megatools 41: https://packages.debian.org/src:mod-gnutls 42: https://packages.debian.org/src:mongo-tools 43: https://packages.debian.org/src:neon27 44: https://packages.debian.org/src:nfs-utils 45: https://packages.debian.org/src:nginx 46: https://packages.debian.org/src:node-url-parse 47: https://packages.debian.org/src:nvidia-graphics-drivers 48: https://packages.debian.org/src:pcl 49: https://packages.debian.org/src:perl 50: https://packages.debian.org/src:php-horde 51: https://packages.debian.org/src:php-horde-data 52: https://packages.debian.org/src:php-horde-form 53: https://packages.debian.org/src:php-horde-gollem 54: https://packages.debian.org/src:php-horde-trean 55: https://packages.debian.org/src:phpmyadmin 56: https://packages.debian.org/src:postfix 57: https://packages.debian.org/src:proftpd-dfsg 58: https://packages.debian.org/src:python-icalendar 59: https://packages.debian.org/src:rails 60: https://packages.debian.org/src:rake 61: https://packages.debian.org/src:roundcube 62: https://packages.debian.org/src:ruby-json 63: https://packages.debian.org/src:ruby2.3 64: https://packages.debian.org/src:sendmail 65: https://packages.debian.org/src:sogo-connector 66: https://packages.debian.org/src:ssvnc 67: https://packages.debian.org/src:storebackup 68: https://packages.debian.org/src:swt-gtk 69: https://packages.debian.org/src:tinyproxy 70: https://packages.debian.org/src:tzdata 71: https://packages.debian.org/src:websockify 72: https://packages.debian.org/src:wpa 73: https://packages.debian.org/src:xdg-utils 74: https://packages.debian.org/src:xml-security-c 75: https://packages.debian.org/src:xtrlock Security Updates ---------------- This revision adds the following security updates to the oldstable release. The Security Team has already released an advisory for each of these updates: +----------------+----------------------------+ | Advisory ID | Package | +----------------+----------------------------+ | DSA-4005 [76] | openjfx [77] | | | | | DSA-4255 [78] | ant [79] | | | | | DSA-4352 [80] | chromium-browser [81] | | | | | DSA-4379 [82] | golang-1.7 [83] | | | | | DSA-4380 [84] | golang-1.8 [85] | | | | | DSA-4395 [86] | chromium [87] | | | | | DSA-4421 [88] | chromium [89] | | | | | DSA-4616 [90] | qemu [91] | | | | | DSA-4617 [92] | qtbase-opensource-src [93] | | | | | DSA-4618 [94] | libexif [95] | | | | | DSA-4619 [96] | libxmlrpc3-java [97] | | | | | DSA-4620 [98] | firefox-esr [99] | | | | | DSA-4621 [100] | openjdk-8 [101] | | | | | DSA-4622 [102] | postgresql-9.6 [103] | | | | | DSA-4624 [104] | evince [105] | | | | | DSA-4625 [106] | thunderbird [107] | | | | | DSA-4628 [108] | php7.0 [109] | | | | | DSA-4629 [110] | python-django [111] | | | | | DSA-4630 [112] | python-pysaml2 [113] | | | | | DSA-4631 [114] | pillow [115] | | | | | DSA-4632 [116] | ppp [117] | | | | | DSA-4633 [118] | curl [119] | | | | | DSA-4634 [120] | opensmtpd [121] | | | | | DSA-4635 [122] | proftpd-dfsg [123] | | | | | DSA-4637 [124] | network-manager-ssh [125] | | | | | DSA-4639 [126] | firefox-esr [127] | | | | | DSA-4640 [128] | graphicsmagick [129] | | | | | DSA-4642 [130] | thunderbird [131] | | | | | DSA-4646 [132] | icu [133] | | | | | DSA-4647 [134] | bluez [135] | | | | | DSA-4648 [136] | libpam-krb5 [137] | | | | | DSA-4650 [138] | qbittorrent [139] | | | | | DSA-4653 [140] | firefox-esr [141] | | | | | DSA-4655 [142] | firefox-esr [143] | | | | | DSA-4656 [144] | thunderbird [145] | | | | | DSA-4657 [146] | git [147] | | | | | DSA-4659 [148] | git [149] | | | | | DSA-4660 [150] | awl [151] | | | | | DSA-4663 [152] | python-reportlab [153] | | | | | DSA-4664 [154] | mailman [155] | | | | | DSA-4666 [156] | openldap [157] | | | | | DSA-4668 [158] | openjdk-8 [159] | | | | | DSA-4670 [160] | tiff [161] | | | | | DSA-4671 [162] | vlc [163] | | | | | DSA-4673 [164] | tomcat8 [165] | | | | | DSA-4674 [166] | roundcube [167] | | | | | DSA-4675 [168] | graphicsmagick [169] | | | | | DSA-4676 [170] | salt [171] | | | | | DSA-4677 [172] | wordpress [173] | | | | | DSA-4678 [174] | firefox-esr [175] | | | | | DSA-4683 [176] | thunderbird [177] | | | | | DSA-4685 [178] | apt [179] | | | | | DSA-4686 [180] | apache-log4j1.2 [181] | | | | | DSA-4687 [182] | exim4 [183] | | | | | DSA-4688 [184] | dpdk [185] | | | | | DSA-4689 [186] | bind9 [187] | | | | | DSA-4692 [188] | netqmail [189] | | | | | DSA-4693 [190] | drupal7 [191] | | | | | DSA-4695 [192] | firefox-esr [193] | | | | | DSA-4698 [194] | linux [195] | | | | | DSA-4700 [196] | roundcube [197] | | | | | DSA-4701 [198] | intel-microcode [199] | | | | | DSA-4702 [200] | thunderbird [201] | | | | | DSA-4703 [202] | mysql-connector-java [203] | | | | | DSA-4704 [204] | vlc [205] | | | | | DSA-4705 [206] | python-django [207] | | | | | DSA-4706 [208] | drupal7 [209] | | | | | DSA-4707 [210] | mutt [211] | | | | | DSA-4711 [212] | coturn [213] | | | | | DSA-4713 [214] | firefox-esr [215] | | | | | DSA-4715 [216] | imagemagick [217] | | | | | DSA-4717 [218] | php7.0 [219] | | | | | DSA-4718 [220] | thunderbird [221] | | | | +----------------+----------------------------+ 76: https://www.debian.org/security/2017/dsa-4005 77: https://packages.debian.org/src:openjfx 78: https://www.debian.org/security/2018/dsa-4255 79: https://packages.debian.org/src:ant 80: https://www.debian.org/security/2018/dsa-4352 81: https://packages.debian.org/src:chromium-browser 82: https://www.debian.org/security/2019/dsa-4379 83: https://packages.debian.org/src:golang-1.7 84: https://www.debian.org/security/2019/dsa-4380 85: https://packages.debian.org/src:golang-1.8 86: https://www.debian.org/security/2019/dsa-4395 87: https://packages.debian.org/src:chromium 88: https://www.debian.org/security/2019/dsa-4421 89: https://packages.debian.org/src:chromium 90: https://www.debian.org/security/2020/dsa-4616 91: https://packages.debian.org/src:qemu 92: https://www.debian.org/security/2020/dsa-4617 93: https://packages.debian.org/src:qtbase-opensource-src 94: https://www.debian.org/security/2020/dsa-4618 95: https://packages.debian.org/src:libexif 96: https://www.debian.org/security/2020/dsa-4619 97: https://packages.debian.org/src:libxmlrpc3-java 98: https://www.debian.org/security/2020/dsa-4620 99: https://packages.debian.org/src:firefox-esr 100: https://www.debian.org/security/2020/dsa-4621 101: https://packages.debian.org/src:openjdk-8 102: https://www.debian.org/security/2020/dsa-4622 103: https://packages.debian.org/src:postgresql-9.6 104: https://www.debian.org/security/2020/dsa-4624 105: https://packages.debian.org/src:evince 106: https://www.debian.org/security/2020/dsa-4625 107: https://packages.debian.org/src:thunderbird 108: https://www.debian.org/security/2020/dsa-4628 109: https://packages.debian.org/src:php7.0 110: https://www.debian.org/security/2020/dsa-4629 111: https://packages.debian.org/src:python-django 112: https://www.debian.org/security/2020/dsa-4630 113: https://packages.debian.org/src:python-pysaml2 114: https://www.debian.org/security/2020/dsa-4631 115: https://packages.debian.org/src:pillow 116: https://www.debian.org/security/2020/dsa-4632 117: https://packages.debian.org/src:ppp 118: https://www.debian.org/security/2020/dsa-4633 119: https://packages.debian.org/src:curl 120: https://www.debian.org/security/2020/dsa-4634 121: https://packages.debian.org/src:opensmtpd 122: https://www.debian.org/security/2020/dsa-4635 123: https://packages.debian.org/src:proftpd-dfsg 124: https://www.debian.org/security/2020/dsa-4637 125: https://packages.debian.org/src:network-manager-ssh 126: https://www.debian.org/security/2020/dsa-4639 127: https://packages.debian.org/src:firefox-esr 128: https://www.debian.org/security/2020/dsa-4640 129: https://packages.debian.org/src:graphicsmagick 130: https://www.debian.org/security/2020/dsa-4642 131: https://packages.debian.org/src:thunderbird 132: https://www.debian.org/security/2020/dsa-4646 133: https://packages.debian.org/src:icu 134: https://www.debian.org/security/2020/dsa-4647 135: https://packages.debian.org/src:bluez 136: https://www.debian.org/security/2020/dsa-4648 137: https://packages.debian.org/src:libpam-krb5 138: https://www.debian.org/security/2020/dsa-4650 139: https://packages.debian.org/src:qbittorrent 140: https://www.debian.org/security/2020/dsa-4653 141: https://packages.debian.org/src:firefox-esr 142: https://www.debian.org/security/2020/dsa-4655 143: https://packages.debian.org/src:firefox-esr 144: https://www.debian.org/security/2020/dsa-4656 145: https://packages.debian.org/src:thunderbird 146: https://www.debian.org/security/2020/dsa-4657 147: https://packages.debian.org/src:git 148: https://www.debian.org/security/2020/dsa-4659 149: https://packages.debian.org/src:git 150: https://www.debian.org/security/2020/dsa-4660 151: https://packages.debian.org/src:awl 152: https://www.debian.org/security/2020/dsa-4663 153: https://packages.debian.org/src:python-reportlab 154: https://www.debian.org/security/2020/dsa-4664 155: https://packages.debian.org/src:mailman 156: https://www.debian.org/security/2020/dsa-4666 157: https://packages.debian.org/src:openldap 158: https://www.debian.org/security/2020/dsa-4668 159: https://packages.debian.org/src:openjdk-8 160: https://www.debian.org/security/2020/dsa-4670 161: https://packages.debian.org/src:tiff 162: https://www.debian.org/security/2020/dsa-4671 163: https://packages.debian.org/src:vlc 164: https://www.debian.org/security/2020/dsa-4673 165: https://packages.debian.org/src:tomcat8 166: https://www.debian.org/security/2020/dsa-4674 167: https://packages.debian.org/src:roundcube 168: https://www.debian.org/security/2020/dsa-4675 169: https://packages.debian.org/src:graphicsmagick 170: https://www.debian.org/security/2020/dsa-4676 171: https://packages.debian.org/src:salt 172: https://www.debian.org/security/2020/dsa-4677 173: https://packages.debian.org/src:wordpress 174: https://www.debian.org/security/2020/dsa-4678 175: https://packages.debian.org/src:firefox-esr 176: https://www.debian.org/security/2020/dsa-4683 177: https://packages.debian.org/src:thunderbird 178: https://www.debian.org/security/2020/dsa-4685 179: https://packages.debian.org/src:apt 180: https://www.debian.org/security/2020/dsa-4686 181: https://packages.debian.org/src:apache-log4j1.2 182: https://www.debian.org/security/2020/dsa-4687 183: https://packages.debian.org/src:exim4 184: https://www.debian.org/security/2020/dsa-4688 185: https://packages.debian.org/src:dpdk 186: https://www.debian.org/security/2020/dsa-4689 187: https://packages.debian.org/src:bind9 188: https://www.debian.org/security/2020/dsa-4692 189: https://packages.debian.org/src:netqmail 190: https://www.debian.org/security/2020/dsa-4693 191: https://packages.debian.org/src:drupal7 192: https://www.debian.org/security/2020/dsa-4695 193: https://packages.debian.org/src:firefox-esr 194: https://www.debian.org/security/2020/dsa-4698 195: https://packages.debian.org/src:linux 196: https://www.debian.org/security/2020/dsa-4700 197: https://packages.debian.org/src:roundcube 198: https://www.debian.org/security/2020/dsa-4701 199: https://packages.debian.org/src:intel-microcode 200: https://www.debian.org/security/2020/dsa-4702 201: https://packages.debian.org/src:thunderbird 202: https://www.debian.org/security/2020/dsa-4703 203: https://packages.debian.org/src:mysql-connector-java 204: https://www.debian.org/security/2020/dsa-4704 205: https://packages.debian.org/src:vlc 206: https://www.debian.org/security/2020/dsa-4705 207: https://packages.debian.org/src:python-django 208: https://www.debian.org/security/2020/dsa-4706 209: https://packages.debian.org/src:drupal7 210: https://www.debian.org/security/2020/dsa-4707 211: https://packages.debian.org/src:mutt 212: https://www.debian.org/security/2020/dsa-4711 213: https://packages.debian.org/src:coturn 214: https://www.debian.org/security/2020/dsa-4713 215: https://packages.debian.org/src:firefox-esr 216: https://www.debian.org/security/2020/dsa-4715 217: https://packages.debian.org/src:imagemagick 218: https://www.debian.org/security/2020/dsa-4717 219: https://packages.debian.org/src:php7.0 220: https://www.debian.org/security/2020/dsa-4718 221: https://packages.debian.org/src:thunderbird Removed packages ---------------- The following packages were removed due to circumstances beyond our control: +------------------------------+---------------------------------------+ | Package | Reason | +------------------------------+---------------------------------------+ | certificatepatrol [222] | Incompatible with newer Firefox ESR | | | versions | | | | | colorediffs-extension [223] | Incompatible with newer Thunderbird | | | versions | | | | | dynalogin [224] | Depends on to-be-removed simpleid | | | | | enigmail [225] | Incompatible with newer Thunderbird | | | versions | | | | | firefox-esr [226] | [armel] No longer supported (requires | | | nodejs) | | | | | firefox-esr [226] | [mips mipsel mips64el] No longer | | | supported (needs newer rustc) | | | | | getlive [227] | Broken due to Hotmail changes | | | | | gplaycli [228] | Broken by Google API changes | | | | | kerneloops [229] | Upstream service no longer available | | | | | libmicrodns [230] | Security issues | | | | | libperlspeak-perl [231] | Security issues; unmaintained | | | | | mathematica-fonts [232] | Relies on unavailable download | | | location | | | | | pdns-recursor [233] | Security issues; unsupported | | | | | predictprotein [234] | Depends on to-be-removed profphd | | | | | profphd [235] | Unusable | | | | | quotecolors [236] | Incompatible with newer Thunderbird | | | versions | | | | | selenium-firefoxdriver [237] | Incompatible with newer Firefox ESR | | | versions | | | | | simpleid [238] | Does not work with PHP7 | | | | | simpleid-ldap [239] | Depends on to-be-removed simpleid | | | | | torbirdy [240] | Incompatible with newer Thunderbird | | | versions | | | | | weboob [241] | Unmaintained; already removed from | | | later releases | | | | | yahoo2mbox [242] | Broken for several years | | | | +------------------------------+---------------------------------------+ 222: https://packages.debian.org/src:certificatepatrol 223: https://packages.debian.org/src:colorediffs-extension 224: https://packages.debian.org/src:dynalogin 225: https://packages.debian.org/src:enigmail 226: https://packages.debian.org/src:firefox-esr 227: https://packages.debian.org/src:getlive 228: https://packages.debian.org/src:gplaycli 229: https://packages.debian.org/src:kerneloops 230: https://packages.debian.org/src:libmicrodns 231: https://packages.debian.org/src:libperlspeak-perl 232: https://packages.debian.org/src:mathematica-fonts 233: https://packages.debian.org/src:pdns-recursor 234: https://packages.debian.org/src:predictprotein 235: https://packages.debian.org/src:profphd 236: https://packages.debian.org/src:quotecolors 237: https://packages.debian.org/src:selenium-firefoxdriver 238: https://packages.debian.org/src:simpleid 239: https://packages.debian.org/src:simpleid-ldap 240: https://packages.debian.org/src:torbirdy 241: https://packages.debian.org/src:weboob 242: https://packages.debian.org/src:yahoo2mbox Debian Installer ---------------- The installer has been updated to include the fixes incorporated into oldstable by the point release. URLs ---- The complete lists of packages that have changed with this revision: http://ftp.debian.org/debian/dists/stretch/ChangeLog The current oldstable distribution: http://ftp.debian.org/debian/dists/oldstable/ Proposed updates to the oldstable distribution: http://ftp.debian.org/debian/dists/oldstable-proposed-updates oldstable distribution information (release notes, errata etc.): https://www.debian.org/releases/oldstable/ Security announcements and information: https://www.debian.org/security/ About Debian ------------ The Debian Project is an association of Free Software developers who volunteer their time and effort in order to produce the completely free operating system Debian. Contact Information ------------------- For further information, please visit the Debian web pages at https://www.debian.org/, send mail to <pr...@debian.org>, or contact the stable release team at <debian-rele...@lists.debian.org>.
signature.asc
Description: OpenPGP digital signature
