[SECURITY] [DLA 2471-1] libxstream-java security update

- Debian LTS Advisory DLA-2471-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Markus Koschany November 30, 2020 https://wiki.debian.org/LTS

[SECURITY] [DLA 2470-1] zsh security update

- Debian LTS Advisory DLA-2470-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Markus Koschany November 30, 2020 https://wiki.debian.org/LTS

Accepted pdfresurrect 0.12-6+deb9u1 (source) into oldstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 30 Nov 2020 20:29:23 -0500 Source: pdfresurrect Binary: pdfresurrect Architecture: source Version: 0.12-6+deb9u1 Distribution: stretch-security Urgency: high Maintainer: Francois Marier Changed-By: Roberto C. Sánchez

Accepted zsh 5.3.1-4+deb9u3 (source) into oldstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Tue, 01 Dec 2020 03:40:24 +0100 Source: zsh Binary: zsh-common zsh zsh-doc zsh-static zsh-dev Architecture: source Version: 5.3.1-4+deb9u3 Distribution: stretch-security Urgency: high Maintainer: Debian Zsh Maintainers Changed-By:

Accepted zsh 5.3.1-4+deb9u2 (source) into oldstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Tue, 01 Dec 2020 02:33:01 +0100 Source: zsh Binary: zsh-common zsh zsh-doc zsh-static zsh-dev Architecture: source Version: 5.3.1-4+deb9u2 Distribution: stretch-security Urgency: high Maintainer: Debian Zsh Maintainers Changed-By:

Accepted libxstream-java 1.4.9-2+deb9u1 (source) into oldstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 30 Nov 2020 00:04:50 +0100 Source: libxstream-java Binary: libxstream-java Architecture: source Version: 1.4.9-2+deb9u1 Distribution: stretch-security Urgency: high Maintainer: Debian Java Maintainers Changed-By: Markus

Accepted zsh 5.3.1-4+deb9u1 (source) into oldstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 29 Nov 2020 21:20:10 +0100 Source: zsh Binary: zsh-common zsh zsh-doc zsh-static zsh-dev Architecture: source Version: 5.3.1-4+deb9u1 Distribution: stretch-security Urgency: high Maintainer: Debian Zsh Maintainers Changed-By:

[SECURITY] [DLA 2474-1] musl security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - --- Debian LTS Advisory DLA-2474-1 debian-...@lists.debian.org https://www.debian.org/lts/security/ Utkarsh Gupta December 01, 2020

[SECURITY] [DLA 2473-1] vips security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-2473-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk November 30, 2020

golang-github-dgrijalva-jwt-go / CVE-2020-26160

I note this package - golang-github-dgrijalva-jwt-go - has been marked as vulnerable to CVE-2020-26160 in both Debian stretch and buster. https://security-tracker.debian.org/tracker/CVE-2020-26160 But I can't find any code in these versions that even mentions the aud/audience fields. So I plan

Accepted vips 8.4.5-1+deb9u2 (source) into oldstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 30 Nov 2020 23:06:39 +0200 Source: vips Binary: libvips42 libvips-dev libvips-tools python-vipscc libvips-doc gir1.2-vips-8.0 Architecture: source Version: 8.4.5-1+deb9u2 Distribution: stretch-security Urgency: medium

[SECURITY] [DLA 2472-1] mutt security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-2472-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk November 30, 2020

Accepted mutt 1.7.2-1+deb9u4 (source) into oldstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 30 Nov 2020 20:43:13 +0200 Source: mutt Binary: mutt Architecture: source Version: 1.7.2-1+deb9u4 Distribution: stretch-security Urgency: medium Maintainer: Mutt maintainers Changed-By: Adrian Bunk Description: mutt -