Upcoming Debian 9 Update (9.8)

Here you can discuss every aspect of Debian. Note: not for support requests!
Post Reply
User avatar
Posts: 1019
Joined: 2015-11-29 18:23
Location: Lithuania, Vilnius

Upcoming Debian 9 Update (9.8)

#1 Post by None1975 »

An update to Debian 9 is scheduled for Saturday, February 16th, 2019. As of now it will include the following bug fixes. They can be found in "stretch-proposed-updates", which is carried by all official mirrors. Please note that packages published through security.debian.org are not listed, but will be included if possible. Some of the updates below are also already available through "stretch-updates". Testing and feedback would be appreciated. Bugs should be filed in the Debian Bug Tracking System, but please make the Release Team aware of them by copying "debian-release@lists.debian.org" on your mails. The point release will also include a rebuild of debian-installer.

Miscellaneous Bugfixes

This stable update adds a few important corrections to the following
Package Reason
------- ------

arc Fix directory traversal bugs [CVE-2015-9275],
arcdie crash when called with more then 1
variable argument and version 1 arc header

astroml-addons Fix Python 3 dependencies

base-files Update for the point release

c3p0 Fix XML External Entity vulnerability

ca-certificates-java Fix temporary jvm-*.cfg generation on armhf

chkrootkit Fix regular expression for filtering out dhcpd
and dhclient as false positives from the packet
sniffer test

compactheader Update to work with newer Thunderbird versions

courier Fix @piddir@ substitution

cups Security fixes [CVE-2017-18248 CVE-2018-4700]

debian-edu-config Fix configuration of personal web pages; re-
enable offline installation of a combi server
including diskless workstation support; enable
Chromium homepage setting at installation time
and via LDAP

debian-installer Rebuild for the point release

debian-security-support Update support status of various packages

dnspython Fix error when parsing nsec3 bitmap from text

egg Skip emacsen-install for unsupported xemacs21

erlang Do not install Erlang mode for XEmacs

espeakup debian/espeakup.service: Fix compatibility with
older versions of systemd

freerdp Fix security issues [CVE-2018-8786
CVE-2018-8787 CVE-2018-8788]; add CredSSP v3
and RDP proto v6 support

ganeti-os-noop Fix size detection for non-block devices
glibc Fix several security isses [CVE-2017-15670
CVE-2017-15671 CVE-2017-15804 CVE-2017-1000408
CVE-2017-1000409 CVE-2017-16997 CVE-2017-18269
CVE-2018-11236 CVE-2018-11237]; avoid
segmentation faults on CPUs with AVX512-F; fix
a use after free in pthread_create(); check for
postgresql in NSS check; fix
pthread_cond_wait() in the pshared case on

glx-alternatives Add diversion and alternative for
libGLX_indirect.so.0; avoid confusing
diagnostic message if no nvidia alternative is

gnulib vasnprintf: Fix heap memory overrun bug

gnupg2 Avoid crash when importing without a TTY

graphite-api Fix RequiresMountsFor spelling in systemd

grokmirror Add missing dependency on python-pkg-resources

gvrng Fix permissions problem that prevented starting
gvrng; generate correct Python dependencies

ibus Fix multi-arch installation by removing the gir
package's Python dependency

icedtea-web Stop building the browser plugin, no longer
works with Firefox 60

icinga2 Fix timestamps being stored as local time in

intel-microcode Add accumulated fixes for Westmere EP
(signature 0x206c2) [Intel SA-00161
CVE-2018-3615 CVE-2018-3620 CVE-2018-3646 Intel
SA-00115 CVE-2018-3639 CVE-2018-3640 Intel
SA-0088 CVE-2017-5753 CVE-2017-5754]

isort Fix Python dependencies

jdupes Fix potential crash on ARM

kmodpy Remove incorrect Multi-Arch: same from python-

libapache2-mod-perl2 Don't allow <Perl> sections in user controlled
configuration [CVE-2011-2767]

libb2 Detect if the system can use AVX before
actually using it

libdatetime-timezone-perl Update included data

libemail-address-list-perl Fix DoS vulnerability [CVE-2018-18898]

libemail-address-perl Fix DoS vulnerabilities [CVE-2015-7686

libgpod python-gpod: Add missing dependency on python-
libssh Fix broken server-side keyboard-interactive

linux New upstream release

linux-igd Make the init script require $network

lttng-modules Fix build on linux-rt 4.9 kernels and kernels
>= 4.9.0-3

mistral Fix "std.ssh action may disclose presence of
arbitrary files" [CVE-2018-16849]

monkeysign Fix security issue [CVE-2018-12020]; actually
send multiple emails instead of a single one

mpqc Also install sc-libtool

nvidia-graphics-drivers New upstream release

nvidia-modprobe New upstream release

nvidia-persistenced New upstream release

nvidia-settings New upstream release

nvidia-xconfig New upstream release

openni2 Fix armhf baseline violation and armel FTBFS
caused by NEON usage

openvpn Fix NCP behaviour on TLS reconnect, causing
"AEAD Decrypt error: cipher final failed"

parsedatetime Add support for python3

pdns Fix security issues [CVE-2018-1046
CVE-2018-10851]; fix MySQL queries with stored
procedures; fix ldap, lua, opendbx backend not
finding domains

pdns-recursor Fix security issues [CVE-2018-10851
CVE-2018-14626 CVE-2018-14644]

photocollage Add missing dependency on gir1.2-gtk-3.0

postfix New upstream stable release; avoid postconf
failures when postfix-instance-generator runs
during boot; update watch file

postgresql-9.6 New upstream release

postgrey Create /var/run/postgrey if it does not exist;
revert the 1.36-3+deb9u1 change due to
pylint-django Fix Python 3 dependencies

python-acme Backport newer version for tls-sni-01

python-arpy Correct substitution variable for Python 3
interpreter depends

python-certbot Backport newer version for tls-sni-01

python-certbot-apache Update for deprecation of tls-sni-01

python-certbot-nginx Update for deprecation of tls-sni-01

python-hypothesis Fix dependencies of python3-hypothesis
and python-hypothesis-doc

python-josepy New certbot dependency

pyzo Add missing dependency on python3-pkg-resources

r-cran-readxl Fix crash bugs [CVE-2018-20450 CVE-2018-20452]

rtkit Move dbus and polkit from Recommends to Depends

ruby-rack Fix a possible XSS vulnerability

samba New upstream release; s3:ntlm_auth: fix memory
leak in manage_gensec_request(); ignore nmbd
start errors when there is no non-loopback
interface or no local IPv4 non-loopback
interface; fix CVE-2018-14629 regression on a
non-CNAME record

sl-modem Support Linux versions > 3

sogo-connector Update to work with newer Thunderbird versions

sox Really apply fixes for CVE-2014-8145

ssh-agent-filter Fix two-byte out-of-bounds stack write

supercollider Disable support for XEmacs and Emacs <= 23

sympa Remove /etc/sympa/sympa.conf-smime.in from
conffiles; use full path for head command in
Sympa configuration file

twitter-bootstrap3 Fix multiple security vulnerabilities
[CVE-2018-14040 CVE-2018-14041 CVE-2018-14042]

tzdata New upstream release
uglifyjs Fix manpage contents

uriparser Fix multiple security vulnerabilties
[CVE-2018-19198 CVE-2018-19199 CVE-2018-19200]

vm Drop support for xemacs21

vulture Add missing dependency on python3-pkg-resources

wayland Fix possible integer overflow [CVE-2017-16612]

wicd Always depend on net-tools, rather than

wvstreams Work around stack corruption

xapian-core Fix leaks of freelist blocks in corner cases,
which then get reported as
"DatabaseCorruptError" by Database::check()

xkeycaps Prevent segfault in commands.c when more than 8
keysyms per key are present

yosys Fix "ModuleNotFoundError: No module named

z3 Remove incorrect Multi-Arch: same from

A complete list of all accepted and rejected packages together with
rationale is on the preparation page for this revision:
OS: Debian 10.3 Buster / WM: xmonad
Debian Wiki | DontBreakDebian, My config files on github

Post Reply