Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

Upcoming Debian 9 Update (9.9)

Here you can discuss every aspect of Debian. Note: not for support requests!
Post Reply
Message
Author
User avatar
None1975
df -h | participant
df -h | participant
Posts: 1389
Joined: 2015-11-29 18:23
Location: Russia, Kaliningrad
Has thanked: 45 times
Been thanked: 66 times

Upcoming Debian 9 Update (9.9)

#1 Post by None1975 »

An update to Debian 9 is scheduled for Saturday, April 27th, 2019. As of now it will include the following bug fixes. They can be found in "stretch-proposed-updates", which is carried by all official mirrors.

Please note that packages published through security.debian.org are not listed, but will be included if possible. Some of the updates below are also already available through "stretch-updates".

Testing and feedback would be appreciated. Bugs should be filed in the Debian Bug Tracking System, but please make the Release Team aware of them by copying "debian-release@lists.debian.org" on your mails. The point release will also include a rebuild of debian-installer.

Miscellaneous Bugfixes:
This stable update adds a few important corrections to the following
packages:

Package Reason
------- ------

audiofile Security issues [CVE-2018-13440 CVE-2018-17095]

base-files Update for the point release

bwa Security fix [CVE-2019-10269]

ca-certificates-java Fix bashisms in postinst and jks-keystore

cernlib Apply optimization flag -O to fortran modules
instead of -O2 which generates broken code; fix
FTBFS on arm64 by disabling PIE for Fortran
executables

choose-mirror Update included mirror list

chrony Fix logging of measurements and statistics, and
stopping of chronyd, on some platforms when
seccomp filtering is enabled

ckermit Drop OpenSSL version check

clamav Security updates: out-of-bounds heap read
condition may occur when scanning PDF documents
[CVE-2019-1787]; out-of-bounds heap read
condition may occur when scanning PE files
packed using Aspack [CVE-2019-1789]; out-of-
bounds heap write condition may occur when
scanning OLE2 files [CVE-2019-1788]

dansguardian Add "missingok" to logrotate configuration

debian-security-support Update support statuses

diffoscope Fix tests to work with Ghostscript 9.26

dns-root-data Update root data to 2019031302

dnsruby Add new root key (KSK-2017); ruby 2.3.0
deprecates TimeoutError, use Timeout::Error

dpdk New upstream release

edk2 Fix buffer overflow in BlockIo service
[CVE-2018-12180]; DNS: Check received packet
size before using [CVE-2018-12178]; fix stack
overflow with corrupted BMP [CVE-2018-12181]

firmware-nonfree atheros / iwlwifi: update BT firmware
[CVE-2018-5383]

flatpak Reject all ioctls that the kernel will
interpret as TIOCSTI [CVE-2019-10063]

geant321 Rebuild against cernlib with fixed Fortran
optmisations

gnome-chemistry-utils Drop the obsolete gcu-plugin package

gocode gocode-auto-complete-el: Promote auto-complete-
el to Pre-Depends

gpac Security fixes [CVE-2018-7752 CVE-2018-13005
CVE-2018-13006 CVE-2018-20760 CVE-2018-20761
CVE-2018-20762 CVE-2018-20763]

icedtea-web Stop building the browser plugin, as it no
longer works with Firefox 60

igraph Fix a crash when loading malformed GraphML
files [CVE-2018-20349]

jabref Fix XML External Entity attack
[CVE-2018-1000652]

java-common Remove default-java-plugin as the icedtea-web
Xul plugin is going away

jquery Prevent Object.prototype pollution
[CVE-2019-11358]

kauth Fix insecure handling of arguments in helpers
[CVE-2019-7443]

libdate-holidays-de-perl Add March 8th (from 2019 onwards) and May 8th
(2020 only) as public holidays (Berlin only)

libdatetime-timezone-perl Update included data

libreoffice Introduce next Japanese gengou era 'Reiwa';
make -core conflict against openjdk-8-jre-
headless (= 8u181-b13-2~deb9u1), which had a
broken ClassPathURLCheck

linux New upstream stable version

linux-latest Update for -9 kernel ABI

mariadb-10.1 New upstream release

mclibs Rebuild against cernlib with fixed Fortran
optmisations

ncmpc Fix NULL pointer dereference [CVE-2018-9240]

node-superagent Fix ZIP bomb attacks [CVE-2017-16129]

nvidia-graphics-drivers New upstream release [CVE‑2018‑6260]

nvidia-settings New upstream release

obs-build Do not allow writing to files in the host
system [CVE-2017-14804]

paw Rebuild against cernlib with fixed Fortran
optmisations

perlbrew Allow HTTPS CPAN URLs

postfix New upstream stable release

postgresql-9.6 New upstream version

psk31lx Make version sort correctly to avoid potential
upgrade issues

publicsuffix Update included data

pyca Add "missingok" to logrotate configuration

python-certbot Revert to debhelper compat 9, to ensure systemd
timers are correctly started

python-cryptography Remove BIO_callback_ctrl: The prototype differs
with the OpenSSL's definition of it after it
was changed (fixed) within OpenSSL

python-django-casclient Apply django 1.10 middleware fix;
python(3)-django-casclient: add missing
dependencies on python(3)-django

python-mode Remove support for xemacs21

python-pip Properly catch requests' HTTPError in index.py

python-pykmip Fix potential DoS error [CVE-2018-1000872]

r-cran-igraph Security fix [CVE-2018-20349]

rails Security fixes [CVE-2018-16476 CVE-2019-5418
CVE-2019-5419]

rsync Several security fixes for zlib [CVE-2016-9840
CVE-2016-9841 CVE-2016-9842 CVE-2016-9843]

ruby-i18n Prevent a remote denial-of-service
vulnerability [CVE-2014-10077]

ruby2.3 Fix build failure

runc Security fix [CVE-2019-5736]

systemd journald: fix assertion failure on
journal_file_link_data; tmpfiles: fix "e" to
support shell style globs; mount-util: accept
that name_to_handle_at() might fail with EPERM;
automount: ack automount requests even when
already mounted [CVE-2018-1049]; fix potential
root privilege escalation [CVE-2018-15686]

twitter-bootstrap3 Fix XSS in tooltip or popover [CVE-2019-8331]

tzdata New upstream rleease

unzip Fix buffer overflow in password protected ZIP
archives [CVE-2018-1000035]

vcftools Security fixes [CVE-2018-11099 CVE-2018-11129
CVE-2018-11130]

vips Fix NULL function pointer dereference
[CVE-2018-7998], uninitialised memory access
[CVE-2019-6976]

waagent New upstream release, with many Azure fixes
[CVE-2019-0804]

yorick-av Rescale frame timestamps; set VBV buffer size
for MPEG1/2 files

zziplib Fix invalid memory access in zzip_disk_fread
[CVE-2018-6381], bus error in
zzip_disk_findfirst function in zzip/mmapped.c
[CVE-2018-6540], out of bound read in
mmapped.c:zzip_disk_fread() [CVE-2018-7725],
crash via crafted zip file [CVE-2018-7726],
memory leak triggered in the function
__zzip_parse_root_directory in zip.c
[CVE-2018-16548]; reject ZIP file if the size
of the central directory and/or the offset of
start of central directory point beyond the end
of the ZIP file [CVE-2018-6484, CVE-2018-6541,
CVE-2018-6869]


A complete list of all accepted and rejected packages together with
rationale is on the preparation page for this revision:

<https://release.debian.org/proposed-updates/stable.html>


Removed packages
----------------

The following packages will be removed due to circumstances beyond our
control:

Package Reason
------- ------

gcontactsync Incompatible with newer firefox-esr versions

google-tasks-sync Incompatible with newer firefox-esr versions

mozilla-gnome-kerying Incompatible with newer firefox-esr versions

tbdialout Incompatible with newer thunderbird versions

timeline Incompatible with newer thunderbird versions


If you encounter any issues, please don't hesitate to get in touch with the
Debian Release Team at "debian-release@lists.debian.org".
OS: Debian 12.4 Bookworm / DE: Enlightenment
Debian Wiki | DontBreakDebian, My config files on github

User avatar
None1975
df -h | participant
df -h | participant
Posts: 1389
Joined: 2015-11-29 18:23
Location: Russia, Kaliningrad
Has thanked: 45 times
Been thanked: 66 times

Re: Upcoming Debian 9 Update (9.9)

#2 Post by None1975 »

Trouble free upgrade. As usual
Image
OS: Debian 12.4 Bookworm / DE: Enlightenment
Debian Wiki | DontBreakDebian, My config files on github

L_V
Posts: 1477
Joined: 2007-03-19 09:04
Been thanked: 11 times

Re: Upcoming Debian 9 Update (9.9)

#3 Post by L_V »

What is this blurry picture supposed to show ?

User avatar
None1975
df -h | participant
df -h | participant
Posts: 1389
Joined: 2015-11-29 18:23
Location: Russia, Kaliningrad
Has thanked: 45 times
Been thanked: 66 times

Re: Upcoming Debian 9 Update (9.9)

#4 Post by None1975 »

L_V wrote:What is this blurry picture supposed to show ?
Don't be so stupid. Click on the image to see the kernel version and the current version of Debian.
OS: Debian 12.4 Bookworm / DE: Enlightenment
Debian Wiki | DontBreakDebian, My config files on github

L_V
Posts: 1477
Joined: 2007-03-19 09:04
Been thanked: 11 times

Re: Upcoming Debian 9 Update (9.9)

#5 Post by L_V »

Thank you for the advice. This is a clever idea.
I will try again later with a different web-browser.

User avatar
None1975
df -h | participant
df -h | participant
Posts: 1389
Joined: 2015-11-29 18:23
Location: Russia, Kaliningrad
Has thanked: 45 times
Been thanked: 66 times

Re: Upcoming Debian 9 Update (9.9)

#6 Post by None1975 »

L_V wrote: I will try again later with a different web-browser.
in my default browser-Firefox, the picture is displayed normally.
OS: Debian 12.4 Bookworm / DE: Enlightenment
Debian Wiki | DontBreakDebian, My config files on github

User avatar
fred44nl
Posts: 215
Joined: 2018-07-14 08:54
Has thanked: 1 time

Re: Upcoming Debian 9 Update (9.9)

#7 Post by fred44nl »

for some reason I have Debian 9.9 but my kernel is stil 4.9.144-3.1
where did I go wrong ??
fred44nl@Debian:~$ lsb_release -a
No LSB modules are available.
Distributor ID: Debian
Description: Debian GNU/Linux 9.9 (stretch)
Release: 9.9
Codename: stretch
fred44nl@Debian:~$
fred44nl@Debian:~$
fred44nl@Debian:~$ uname -a
Linux Debian 4.9.0-8-amd64 #1 SMP Debian 4.9.144-3.1 (2019-02-19) x86_64 GNU/Linux
fred44nl@Debian:~$
fred44nl@Debian:~$
Debian 10 - Buster on Compulab Fitlet2
Debian 12 - Bookworm on Acer Spin 1

User avatar
4D696B65
Site admin
Site admin
Posts: 2696
Joined: 2009-06-28 06:09
Been thanked: 85 times

Re: Upcoming Debian 9 Update (9.9)

#8 Post by 4D696B65 »

fred44nl wrote:for some reason I have Debian 9.9 but my kernel is stil 4.9.144-3.1
where did I go wrong ?
Is the kernel meta package installed?

User avatar
fred44nl
Posts: 215
Joined: 2018-07-14 08:54
Has thanked: 1 time

Re: Upcoming Debian 9 Update (9.9)

#9 Post by fred44nl »

4D696B65 wrote:
fred44nl wrote:for some reason I have Debian 9.9 but my kernel is stil 4.9.144-3.1
where did I go wrong ?
Is the kernel meta package installed?
not sure what you mean by that.
previously, I went to 9.8 correctly
does this help:
fred44nl@Debian:~$ ls -al /boot
totaal 51488
drwxr-xr-x 4 root root 4096 apr 8 23:38 .
drwxr-xr-x 22 root root 4096 mrt 4 16:01 ..
-rw-r--r-- 1 root root 186568 aug 13 2018 config-4.9.0-7-amd64
-rw-r--r-- 1 root root 186589 feb 19 10:05 config-4.9.0-8-amd64
drwx------ 3 root root 4096 jan 1 1970 efi
drwxr-xr-x 5 root root 4096 feb 20 10:21 grub
-rw-r--r-- 1 root root 18410291 aug 15 2018 initrd.img-4.9.0-7-amd64
-rw-r--r-- 1 root root 19044522 apr 8 23:38 initrd.img-4.9.0-8-amd64
-rw-r--r-- 1 root root 3192069 aug 13 2018 System.map-4.9.0-7-amd64
-rw-r--r-- 1 root root 3196808 feb 19 10:05 System.map-4.9.0-8-amd64
-rw-r--r-- 1 root root 4232992 aug 13 2018 vmlinuz-4.9.0-7-amd64
-rw-r--r-- 1 root root 4241184 feb 19 10:05 vmlinuz-4.9.0-8-amd64
fred44nl@Debian:~$
Debian 10 - Buster on Compulab Fitlet2
Debian 12 - Bookworm on Acer Spin 1

User avatar
Head_on_a_Stick
Posts: 14114
Joined: 2014-06-01 17:46
Location: London, England
Has thanked: 81 times
Been thanked: 132 times

Re: Upcoming Debian 9 Update (9.9)

#10 Post by Head_on_a_Stick »

fred44nl wrote:
4D696B65 wrote:Is the kernel meta package installed?
not sure what you mean by that.
Check

Code: Select all

apt policy linux-image-amd64
If the package is not installed then install it.
deadbang

User avatar
fred44nl
Posts: 215
Joined: 2018-07-14 08:54
Has thanked: 1 time

Re: Upcoming Debian 9 Update (9.9)

#11 Post by fred44nl »

Head_on_a_Stick wrote: Check

Code: Select all

apt policy linux-image-amd64
If the package is not installed then install it.
it was not, but now it is
thanks
Debian 10 - Buster on Compulab Fitlet2
Debian 12 - Bookworm on Acer Spin 1

User avatar
4D696B65
Site admin
Site admin
Posts: 2696
Joined: 2009-06-28 06:09
Been thanked: 85 times

Re: Upcoming Debian 9 Update (9.9)

#12 Post by 4D696B65 »

fred44nl wrote:
Head_on_a_Stick wrote: Check

Code: Select all

apt policy linux-image-amd64
If the package is not installed then install it.
it was not, but now it is
thanks
If you build out of tree kernel modules, you might want the headers meta package too
linux-headers-amd64

User avatar
fred44nl
Posts: 215
Joined: 2018-07-14 08:54
Has thanked: 1 time

Re: Upcoming Debian 9 Update (9.9)

#13 Post by fred44nl »

4D696B65 wrote: If you build out of tree kernel modules, you might want the headers meta package too
linux-headers-amd64
is that for building my own kernels ??
I am not doing that :)
Debian 10 - Buster on Compulab Fitlet2
Debian 12 - Bookworm on Acer Spin 1

User avatar
4D696B65
Site admin
Site admin
Posts: 2696
Joined: 2009-06-28 06:09
Been thanked: 85 times

Re: Upcoming Debian 9 Update (9.9)

#14 Post by 4D696B65 »

for building kernel modules like nvidia-driver or broadcom wl wireless driver plus many other possibilities

User avatar
fred44nl
Posts: 215
Joined: 2018-07-14 08:54
Has thanked: 1 time

Re: Upcoming Debian 9 Update (9.9)

#15 Post by fred44nl »

4D696B65 wrote:for building kernel modules like nvidia-driver or broadcom wl wireless driver plus many other possibilities
ok, thanks
Debian 10 - Buster on Compulab Fitlet2
Debian 12 - Bookworm on Acer Spin 1

Wheelerof4te
Posts: 1454
Joined: 2015-08-30 20:14

Re: Upcoming Debian 9 Update (9.9)

#16 Post by Wheelerof4te »

Of course, you need to reboot to actually use the new kernel.

Debian point upgrades never were an issue for me. Now that I think about it, Stretch is getting very old.
Just in time for Buster, I guess.

User avatar
None1975
df -h | participant
df -h | participant
Posts: 1389
Joined: 2015-11-29 18:23
Location: Russia, Kaliningrad
Has thanked: 45 times
Been thanked: 66 times

Re: Upcoming Debian 9 Update (9.9)

#17 Post by None1975 »

Wheelerof4te wrote:Now that I think about it, Stretch is getting very old.
And rock solid. Buddy, don't suffer from Shiny New Stuff Syndrome...
OS: Debian 12.4 Bookworm / DE: Enlightenment
Debian Wiki | DontBreakDebian, My config files on github

Wheelerof4te
Posts: 1454
Joined: 2015-08-30 20:14

Re: Upcoming Debian 9 Update (9.9)

#18 Post by Wheelerof4te »

^If I suffered from that, I would still be running Arch, buddy.

BTW, Buster is frozen since march, so it is even now too old for the bleeding-edge SNS obsessed people.

Post Reply