|
Package
|
Reason
|
|
accerciser
|
Fix accessing items without a compositor; fix Python console; add missing dependency on python3-xlib
|
|
apache2
|
mod_http2: Fix DoS by worker exhaustion [CVE-2018-1333] and by continuous SETTINGS [CVE-2018-11763]; mod_proxy_fcgi: Fix segfault
|
|
base-files
|
Update /etc/debian_version for the point release
|
|
brltty
|
Fix polkit authentication
|
|
canna
|
Fix file conflict between canna-dbgsym and canna-utils-dbgsym
|
|
cargo
|
New package to support Firefox ESR60 build
|
|
clamav
|
New upstream release; fix HWP integer overflow, infinite loop vulnerability [CVE-2018-0360]; fix PDF object length check issue, unreasonably long time to parse relatively small file [CVE-2018-0361]; new upstream version; fix Denial-of-Service issue [CVE-2018-15378]; fix infinite loop in dpkg-reconfigure
|
|
confuse
|
Fix an out of bound read in trim_whitespace [CVE-2018-14447]
|
|
debian-installer
|
Update for -8 kernel ABI
|
|
debian-installer-netboot-images
|
Rebuild for the point release
|
|
dnsmasq
|
trust-anchors.conf: include latest DNS trust anchor KSK-2017
|
|
dom4j
|
Fix XML injection attack [CVE-2018-1000632]; compile with source/target 1.5 to fix a compilation issue with String.format
|
|
dpdk
|
New upstream stable release
|
|
dropbear
|
Fix user enumeration vulnerability [CVE-2018-15599]
|
|
easytag
|
Fix OGG corruption
|
|
enigmail
|
Add compatibility with newer Thunderbird versions
|
|
espeakup
|
espeakup.service: Automatically load speakup_soft on daemon startup
|
|
fastforward
|
Fix segfaults on 64-bit architectures
|
|
firetray
|
Add compatibility with newer Thunderbird versions
|
|
firmware-nonfree
|
Fix security issues in Broadcom wifi firmware [CVE-2016-0801 CVE-2017-0561 CVE-2017-9417 CVE-2017-13077 CVE-2017-13078 CVE-2017-13079 CVE-2017-13080 CVE-2017-13081]; re-add transitional packages for firmware-{adi,ralink}
|
|
fofix-dfsg
|
Fix error at startup
|
|
fuse
|
Whitelist autofs and FAT as valid mountpoint filesystems
|
|
ganeti
|
Properly verify SSL certificates during VM export; sign generated certificates using SHA256 instead of SHA1; make bash completions autoloadable
|
|
globus-gsi-credential
|
Fix issue with voms proxy and openssl 1.1
|
|
gnupg2
|
Security fixes; backport functionality required for new enigmail
|
|
gnutls28
|
Fix security issues [CVE-2018-10844 CVE-2018-10845]
|
|
gphoto2-cffi
|
Make python3-gphoto2cffi work again
|
|
grub2
|
grub-mknetdir: Add support for ARM64 EFI; change the default TSC calibration method to pmtimer on EFI systems
|
|
hdparm
|
Only enable APM on disks that advertise it
|
|
https-everywhere
|
Backport new upstream version, for compatibility with Firefox ESR 60
|
|
i3-wm
|
Fix crash upon restart when using marks
|
|
iipimage
|
Fix Apache configuration
|
|
jhead
|
Fix security issues [CVE-2018-17088 CVE-2018-16554]
|
|
lastpass-cli
|
Backport hardcoded certificate pins from lastpass-cli 1.3.1 to reflect changes in hosted Lastpass.com service
|
|
ldap2zone
|
Fix endless loop checking zone serial
|
|
libcgroup
|
Fix world-accessible (and writeable) log files [CVE-2018-14348]
|
|
libclamunrar
|
New upstream release
|
|
libdap
|
Fix libdap-doc contents
|
|
libdatetime-timezone-perl
|
Update included data
|
|
libgd2
|
Bmp: check return value in gdImageBmpPtr [CVE-2018-1000222]; fix potential infinite loop in gdImageCreateFromGifCtx [CVE-2018-5711]
|
|
libmail-deliverystatus-bounceparser-perl
|
Remove non-distributable sample spam and viruses
|
|
libmspack
|
Fix out-of-bounds write [CVE-2018-18584] and acceptance of blank filenames [CVE-2018-18585]
|
|
libopenmpt
|
Fix up11: Out-of-bounds read loading IT / MO3 files with many pattern loops [CVE-2018-10017]
|
|
libseccomp
|
Add support for Linux 4.9 syscalls: preadv2, pwritev2, pkey_mprotect, pkey_alloc and pkey_free; add support for statx
|
|
libtirpc
|
rendezvous_request: check the makefd_xprt return value [CVE-2018-14622]
|
|
libx11
|
Fix several security isses [CVE-2018-14598 CVE-2018-14599 CVE-2018-14600]
|
|
libxcursor
|
Fix a denial of service or potentially code execution via a one-byte heap overflow [CVE-2015-9262]
|
|
libxml-stream-perl
|
Provide a default CA path
|
|
libxml-structured-perl
|
Add missing build and runtime dependency on libxml-parser-perl
|
|
linux
|
Xen: Fix boot regression in PV domains; xen-netfront: Fix regressions; ext4: fix false negatives *and* false positives in ext4_check_descriptors(); udeb: Add virtio_console to virtio-modules; cdc_ncm: avoid padding beyond end of skb; revert sit: reload iphdr in ipip6_rcv ; new upstream release
|
|
lxcfs
|
Revert uptime virtualization, fixing process start times
|
|
magicmaze
|
Depend on fonts-isabella now that ttf-isabella is a virtual package
|
|
mailman
|
Fix arbitrary text injection vulnerability in Mailman CGIs [CVE-2018-13796]
|
|
multipath-tools
|
Avoid deadlock in udev triggers
|
|
nagstamon
|
Address IcingaWeb2 Basic auth issue
|
|
network-manager
|
libnm: Fix accessing enabled and metered properties; fix out-of-bounds heap write in dhcpv6 option handling [CVE-2018-15688] and various other issues in the sd-network based dhcp=internal plugin
|
|
network-manager-applet
|
libnma/pygobject: libnma/NMA must use libnm/NM instead of legacy libraries
|
|
ola
|
Fix typo in /etc/init.d/rdm_test_server; fix filename for jquery in rdm test server static HTML files
|
|
opensc
|
Fix unbounded recursion and several out-of-bounds reads or writes [CVE-2018-16391 CVE-2018-16392 CVE-2018-16393 CVE-2018-16418 CVE-2018-16419 CVE-2018-16420 CVE-2018-16421 CVE-2018-16422 CVE-2018-16423 CVE-2018-16424 CVE-2018-16425 CVE-2018-16426 CVE-2018-16427]
|
|
pkgsel
|
Install new dependencies when safe-upgrade (default) is selected
|
|
publicsuffix
|
Update included data
|
|
python-django
|
Default to supporting Spatialite >= 4.2
|
|
python-imaplib2
|
Install the correct module for Python 3; don't use TIMEOUT_MAX
|
|
rustc
|
Enable building on further architectures: arm64, armel, armhf, i386, ppc64el, s390x
|
|
sddm
|
Honour PAM's ambient supplemental groups; add missing utmp/wtmp/btmp handling
|
|
serf
|
Fix NULL pointer dereference
|
|
soundconverter
|
Fix opus vbr setting
|
|
spamassassin
|
New upstream release; fix denial of service [CVE-2017-15705], remote code execution [CVE-2018-11780], code injection [CVE-2018-11781] and unsafe usage of . in @INC [CVE-2016-1238]; fix spamd service management on package upgrades
|
|
spice-gtk
|
Fix flexible array buffer overflow [CVE-2018-10873]
|
|
sqlcipher
|
Avoid a crash when opening a file
|
|
subversion
|
Fix a regression introduced in the fixes for SHA1 collisions, where commits would incorrectly fail with a Filesystem is corrupt error if the delta length is a multiple of 16K
|
|
systemd
|
networkd: Do not fail manager_connect_bus() if dbus is not active yet; dhcp6: Make sure we have enough space for the DHCP6 option header [CVE-2018-15688]
|
|
systraq
|
Invert logic in order to exit successfully in case /e/s/Makefile is missing
|
|
tomcat-native
|
Fix OSCP responder issue that made it possible for users to authenticate with revoked certificates when using mutual TLS [CVE-2018-8019 CVE-2018-8020]
|
|
tor
|
Directory authority changes: retire Bifroest bridge authority, in favour of Serge ; add an IPv6 address for the dannenberg directory authority
|
|
tzdata
|
New upstream release
|
|
ublock-origin
|
Backport new upstream version, for compatibility with Firefox ESR 60
|
|
unbound
|
Fix vulnerability in the processing of wildcard synthesized NSEC records [CVE-2017-15105]
|
|
vagrant
|
Support VirtualBox 5.2
|
|
vmtk
|
python-vmtk: Add the missing dependency on python-vtk6
|
|
wesnoth-1.12
|
Disallow loading lua bytecode via load/dofile [CVE-2018-1999023]
|
|
wpa
|
Ignore unauthenticated encrypted EAPOL-Key data [CVE-2018-14526]
|
|
x11vnc
|
Fix two buffer overflows
|
|
xapian-core
|
Fix glass backend bug with long-lived cursors on a table in a WritableDatabase which could incorrectly lead to DatabaseCorruptError being thrown when the database was actually OK
|
|
xmotd
|
Avoid crash with hardening flags
|
|
xorg-server
|
GLX: do not pick sRGB config for 32-bit RGBA visual - fixes various blending issues with kwin and Mesa >= 18.0 (i.e. Mesa from stretch-backports)
|
|
zutils
|
Fix a buffer overrun in zcat [CVE-2018-1000637]
|
